Changes in 8.9.0 - July 24 2024

Changes:

• curl: add --ip-tos (IP Type of Service / Traffic Class)
• curl: add --mptcp
• curl: add --vlan-priority
• curl: add -w '%{num_retries}'
• gnutls: support CA caching
• mbedtls: support CURLOPT_CERTINFO
• noproxy: patterns need to be comma separated
• socket: support binding to interface *AND* IP
• tcpkeepalive: add CURLOPT_TCP_KEEPCNT and --keepalive-cnt
• urlapi: add CURLU_NO_GUESS_SCHEME
• wolfssl: support CA caching

Bugfixes:

• (lib)curl.rc: set debug flag also for `CURLDEBUG` and `UNITTESTS`
• asyn-thread: avoid using GetAddrInfoExW with impersonation
• aws-sigv4: url encode the canonical path
• BINDINGS: update java link to one that exists
• build: add Debug, TrackMemory, ECH to feature list
• build: add more supported attributes to the IAR compiler
• build: fix llvm 16 or older + Xcode 15 or newer, and gcc
• build: fix llvm 17 and older + macOS SDK 14.4 and newer
• build: sync warning options between autotools, cmake & compilers
• build: tidy up `__builtin_available` feature checks (Apple)
• build: untangle `CURLDEBUG` and `DEBUGBUILD` macros
• build: use `#error` instead of invalid syntax
• cd2nroff: convert two warnings to errors
• cd2nroff: use an empty "##" to signal end of .IP sequence
• cf-socket: improve SO_SNDBUF update for Winsock
• cf-socket: optimize curlx_nonblock() and check its return error
• cf-socket: remove obsolete recvbuf
• cf-socket: remove two "useless" assignments
• cfilters: make Curl_conn_connect always assign 'done'
• cmake: add CURL_USE_GSASL option with detection + CI test
• cmake: allow `ENABLE_CURLDEBUG=OFF` with `ENABLE_DEBUG=ON`
• cmake: allow SOVERSION override with `CURL_LIBCURL_SOVERSION`
• cmake: alpha-sort feature list
• cmake: always build unit tests with the `testdeps` target
• cmake: bring `curl-config.cmake` closer to `FindCURL`
• cmake: create `configurehelp.pm` like autotools does
• cmake: delete unused `HAVE_LIBSSH2`, `HAVE_LIBSOCKET` macros
• cmake: detect `libidn2` also via `pkg-config`
• cmake: enable SOVERSION for Cygwin and `CMAKE_DLL_NAME_WITH_SOVERSION`
• cmake: fix `-Wredundant-decls` in unity/mingw-w64 builds
• cmake: fix brotli lib order
• cmake: fix building `unit1600` due to missing `ssl/openssl.h`
• cmake: fix building in unity mode
• cmake: fix building with both md4 and md5 in unity mode
• cmake: fix builds with detected libidn2 lib but undetected header
• cmake: fix feature and protocol lists for SecureTransport
• cmake: fix quotes when appending multiple options (SecureTransport)
• cmake: fix test 1013 with websockets enabled and no TLS
• cmake: improve wolfSSL detection
• cmake: show protocols, then features
• cmake: stop setting SOVERSION for the static lib target
• cmake: sync CA bundle/path detection with autotools
• cmake: sync protocol/feature list with `curl -V` output
• cmake: use `APPLE` instead of `CMAKE_SYSTEM_NAME` string
• cmake: whitespace, formatting/tidy-up in comments
• cmdline-docs: "added in" cleanups
• cmdline-docs: fix `--proxy-ca-native` example + tidy-ups
• cmdline-opts/_PROTOCOLS.md: mention WS(S)
• cmdline-opts/ech.md: shorten the help text
• cmdline-opts/fail.md: expand and clarify
• cmdline-opts/interface.md: expand the documentation
• cmdline-opts: category cleanup
• cmdline-opts: expand the parallel explanations
• cmdline-opts: shorten six help texts
• cmdline: expand proxy option explanations
• code: language cleanup in comments
• configure: CA bundle/path detection fixes
• configure: fix `SystemConfiguration` detection
• configure: fix pkg-config library name 'libnghttp3'
• configure: fix pkg-config names (zstd, ngtcp2*)
• configure: limit `SystemConfiguration` test to non-c-ares, IPv6 builds
• configure: remove 'deeper' checks for `AC_CHECK_FUNCS`
• configure: require a QUIC library if nghttp3 is used
• configure: sort feature list, lowercase protocols, use backticks
• configure: use `$EGREP` in place of `grep -E`
• configure: use AC_MSG_WARN for TLS/experimental warning texts
• connect-to.md: expand with examples
• connection: shutdown TLS (for FTP) better
• cookie-jar.md: see also --junk-session-cookies
• curl-config: revert to backticks to support old target envs
• curl: allow etag and content-disposition for 3xx reply
• curl: bsearch the --write-out variable name
• curl: check for --disable case *sensitively*
• curl: list categories in --help
• curl: make warnings and other messages aware of terminal width
• curl: output "flying saucers" with leading carriage return
• curl_easy_escape: elaborate a little on encoding a URL
• curl_mprintf.md: add missing comma
• curl_multi_poll.md: expand the example with an custom file descriptor
• curl_str[n]equal.md: tidy up text to make them stand-alone
• curl_url_set.md: libcurl only parses :// URLs
• curl_url_set: elaborate on scheme guessing
• curldown: make 'added-in:' a mandatory header field
• CURLOPT_CONNECTTIMEOUT*: clarify, document the milliseond version
• CURLOPT_ECH.md: remove repeated 'if'
• CURLOPT_NETRC.md: clarify what it does on Windows
• CURLOPT_RESOLVE.md: mention hostname can be wildcard ('*')
• CURLOPT_SSL_VERIFYHOST.md: refresh
• CURLOPT_TLSAUTH_PASSWORD/USERNAME.md: language fixups
• DISTROS: add a link to the list archive
• DISTROS: add AlmaLinux package source link
• DISTROS: add MSYS2 (native) links
• docs/cmdline-opts: fix mail-auth example TLD typo
• docs/cmdline-opts: remove two superfluous "Added in" mentions
• docs/libcurl: polish the single-line descriptions
• docs/Makefile.am: make curl-config.1 install
• docs: reference non deprecated libcurl options
• docs: start markdown headers with capital letter where applicable
• doh-insecure.md: expand
• doh: fix cleanup
• doh: fix leak and zero-length HTTPS RR crash
• dump-header.md: mention minus for stdout
• examples/threaded-ssl: remove locking callback code
• examples: add missing binaries to .gitignore
• examples: delete unused includes
• examples: fix compiling with MSVC
• examples: suppress deprecation warnings locally
• FEATURES.md: refresh
• file: separate fake headers and body with a stand-alone CRLF
• ftp: remove redundant null pointer check in loop condition
• get.d: clarify the explanation
• GHA/windows: add MSVC wolfSSL job with test
• GHA/windows: ignore FTP test results for old-mingw-w64
• GHA: add MSVC UWP job, expand jobs with more options
• GHA: detect and warn for more English contractions
• GHA: disable MQTT and WebSocket tests in Windows jobs
• GHA: disable TFTP tests in Windows jobs
• GHA: enable tests 1139, 1177, 1477 on Windows
• GHA: improve vcpkg cache, add BoringSSL ECH and LibreSSL MSVC jobs
• GHA: unify http3 workflows into one
• GHA: use vcpkg to install packages for MSVC jobs
• GIT-INFO.md: remove version requirements
• gnutls: improve TLS shutdown
• gnutls: pass in SNI name, not hostname when checking cert
• help: add flags to output and ssh categories
• hostip: skip error check for infallible function call
• http/3: add shutdown support
• http/3: resume upload on ack if we have more data to send
• http: remove "struct HTTP"
• http: write last header line late
• idn: fix ß with AppleIDN
• idn: make macidn fail before trying conversion if name too long
• idn: tweak buffer use when converting with macidn
• lib/v*: tidy up types and casts
• lib: add a few DEBUGASSERT(data) to aid code analyzers
• lib: add failure reason on bind errors
• lib: fix gcc warning in certain debug builds
• lib: fix thread entry point to return `DWORD` on WinCE
• lib: graceful connection shutdown
• lib: prefer `var = time(NULL)` over `time(&var)`
• lib: tidy up types and casts
• lib: xfer_setup and non-blocking shutdown
• libcurl-docs: make option lists alpha-sorted
• libcurl-easy.md: now *more* than 300 options
• libcurl.pc: add `Requires.private`, `Requires` for static linking
• libcurl.pc: add more `Requires.private`/`Requires` dependencies
• libssh: remove CURLOPT_SSL_VERIFYHOST check
• macos: add workaround for gcc, non-c-ares, IPv6, compile error
• macos: undo `availability` macro enabled by Homebrew gcc
• managen: "added in" fixes
• managen: cleanups to generate nicer-looking output
• managen: error on trailing blank lines in input files
• managen: fix removing backticks from subtitles
• managen: insert final .fi for files ending with a quote
• managen: introduce "Multi: per-URL"
• managen: only output .RE for manpage output
• managen: output tabs for each 8 leading spaces
• managen: warn on excessively long help texts
• MANUAL.md: wrap two example urls that overrun styling
• mbedtls: check version before getting tls version
• mbedtls: check version for cipher id
• mbedtls: correct the error message for cert blob parsing failure
• mbedtls: send close-notify on close
• mbedtls: v3.6.0 workarounds
• md4: fix compilation with OpenSSL 1.x with md4 disabled
• misc: fix typos
• mk-ca-bundle.pl: delay 'curl -V' execution until it is needed
• multi: add multi->proto_hash, a key-value store for protocol data
• multi: do a final progress update on connect failure
• multi: fix multi_wait() timeout handling
• multi: fix pollset during RESOLVING phase
• multi: multi_getsock(), check correct socket
• ngtcp2+quictls: fix cert-status use
• noproxy: test bad ipv6 net size first
• openssl/gnutls: rectify the TLS version checks for QUIC
• openssl: fix %-specifier in infof() call
• openssl: fix hostname handling when using ECH
• openssl: stop duplicate ssl key logging for legacy OpenSSL
• os400: make it compilable again
• pytest: add ftp upload tests
• pytest: include testenv/vsftpd.py in dist tarball
• quic: enable UDP GRO
• quic: openssl quic, cmake and doc version update to 3.3.0
• quic: require at least OpenSSL 3.3 for QUIC
• quic: update to quiche 0.22.0
• quiche: fix operand of ‘?:’ changes signedness
• request.md: language fix
• request: change the struct field bodywrites to a bool, only for hyper
• reuse: switch to REUSE 3.2 and REUSE.toml
• runtests: show name and keywords for failed tests in summary
• runtests: sort test IDs in summary lines
• runtests: support %DATEfor YYYY-MM-DD of right now
• runtests: support %VERNUM
• runtests: support crlf="yes" for the <stderr> section
• sectransp: fix `HAVE_BUILTIN_AVAILABLE` checks to not emit warnings
• sectransp: fix clang compiler warnings, stop silencing them
• sectransp: remove large cipher table
• sectransp: use common code for cipher suite lookup
• sendf: fix CRLF conversion of input
• smtp: for starttls, do full upgrade
• socket: change TCP keepalive from ms to seconds on DragonFly BSD
• socket: use SOCK_NONBLOCK to eliminate extra system call
• socketpair: add `eventfd` and use `SOCK_NONBLOCK` for `socketpair()`
• src/Makefile.am: remove SUBDIRS assignment
• system_win32: add missing curl.h include
• tcpkeepalive: support TCP keep-alive parameters on Solaris <11.4
• test1119: adapt for `.md` input
• test1139: scan .md files instead of .3 ones
• test1175: scan libcurl-errors.md, not the generated .3 version
• test1486: verify that write-out.md and tool_writeout.c are in sync
• test2600: disable on win32
• test: add test1484, for HEAD with content
• test: add test1546, chunked not last transfer encoding
• tests/scripts: call it 'manpage' (single word)
• tests: add pytest for --ciphers and --tls13-ciphers options
• tests: delete `CharConv` remains
• tests: delete redundant `!MSDOS` guard
• tests: extend user/password parsing test1620
• tests: fix sshd IdentityFile path for MinGW/Cygwin
• tests: fix sshd UserKnownHostsFile path for MinGW/Cygwin
• tests: include current directory when running test Perl commands
• tests: log "Throwing away" messages before throwing away
• tests: run with "--trace-config all" to provide even more info
• tests: sync feature names with `curl -V`
• tests: test_17_ssl_use.py clarify mbedTLS TLSv1.3 support
• tests: use exec when spawning nghttpx
• tidy-up: use consistent casing for Windows directories
• TODO: remove some old, clarify, add something
• tool_cb_hdr: return error for failed header writes
• tool_operate: avoid explicitly setting verifypeer to 1
• tool_operate: simplify return code handling from url_proto()
• tool_writeout: get certinfo only when needing it
• trace-ascii.md: mention "%" for stderr
• transfer: avoid polling socket every transfer loop
• transfer: conn close on paused upload
• transfer: do not use EXPIRE_NOW while blocked
• transfer: remove curl_upload_refill_watermark, no longer used
• transfer: set CSELECT_IN if there is data pending
• unit2604: use 'unitfail' instead of 'error' variable
• url: allow DoH transfers to override max connection limit
• urlapi: remove unused definition of HOST_BAD
• variable.md: make example use expand
• verify-synopsis.pl: work with .md files
• vms: fixed language in comment
• vtls: deprioritize Secure Transport
• vtls: replace addsessionid with set_sessionid
• winbuild: fix PE version info debug flag
• winbuild: MS-DOS batch tidy-ups
• winbuild: remove outdated WIN32 defines
• windows: fix UWP builds, add GHA job
• winsock: move SO_SNDBUF update into cf-socket
• wolfssl: assume key_file equal to clientcert if no key_file
• wolfssl: use larger error buffer when formatting errors
• x509asn1: add some common ECDSA OIDs
• x509asn1: ASN1tostr() should fail when 'constructed' is set
• x509asn1: fallback to dotted OID representation
• x509asn1: make Curl_extract_certinfo store error message
• x509asn1: prevent NULL dereference
• x509asn1: remove superfluous free()
• x509asn1: remove two static variables

Further