delta/curl.git/include, branch bagder/https-proxy-tests github.com: bagder/curl.git RELEASE-NOTES: synced 2020-05-08T14:01:39+00:00 Daniel Stenberg daniel@haxx.se 2020-05-08T14:01:39+00:00 1fa3733997cacc0c265d96783120b4b4be1a65bb And bumped next version to 7.71.0 
And bumped next version to 7.71.0
CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with openssl) 2020-05-08T13:55:04+00:00 Gilles Vollant info@winimage.com 2019-09-13T09:24:00+00:00 148534db57dda611cf8516e92e4d6e35fc1e5074 Closes #4346 
Closes #4346
RELEASE-NOTES: synced 2020-04-29T10:21:09+00:00 Daniel Stenberg daniel@haxx.se 2020-04-29T10:21:09+00:00 b4799e978e34eb7587cc5df521de8f32c7f615d1 ... and bumped curlver.h to 7.70.1 
... and bumped curlver.h to 7.70.1
curl.h: update comment typo 2020-04-22T06:14:35+00:00 Brian Bergeron brian.e.bergeron@gmail.com 2020-04-22T05:08:23+00:00 f807d163c9ed6d5e591a1af8e2a729b6ec4e5462 "routines with be invoked" -> "routines will be invoked" Closes #5279 
"routines with be invoked" -> "routines will be invoked"

Closes #5279
mqtt: add new experimental protocol 2020-04-14T11:03:40+00:00 Bjorn Stenberg bjorn@haxx.se 2020-04-14T09:19:12+00:00 2522903b792ac5a802f780df60dc4647c58e2477 Closes #5173 
Closes #5173
curl.h: remnove CURL_VERSION_ESNI. Never supported nor documented 2020-03-29T21:28:49+00:00 Daniel Stenberg daniel@haxx.se 2020-03-27T23:00:27+00:00 93fafb93dbd3a5c27ef9a497256df86f9a6670f8 Considered experimental and therefore we can do this. Closes #5157 
Considered experimental and therefore we can do this.

Closes #5157
version: add 'cainfo' and 'capath' to version info struct 2020-03-27T08:04:27+00:00 Daniel Stenberg daniel@haxx.se 2020-03-26T12:05:03+00:00 6de756c9b1de34b7a1b1d6cd978ca75f3b1d719b Suggested-by: Timothe Litt URL: https://curl.haxx.se/mail/lib-2020-03/0090.html Reviewed-by: Jay Satiro Closes #5150 
Suggested-by: Timothe Litt
URL: https://curl.haxx.se/mail/lib-2020-03/0090.html
Reviewed-by: Jay Satiro

Closes #5150
copyright: fix out-of-date copyright ranges and missing headers 2020-03-24T14:05:59+00:00 Daniel Stenberg daniel@haxx.se 2020-03-23T13:44:29+00:00 9a8b3b3e131359aea1cac650fb6ac331fbe2047c Reported by the new script 'scripts/copyright.pl'. The script has a regex whitelist for the files that don't need copyright headers. Removed three (mostly usesless) README files from docs/ Closes #5141 
Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.

Removed three (mostly usesless) README files from docs/

Closes #5141
RELEASE-NOTES: synced 2020-03-18T07:48:35+00:00 Daniel Stenberg daniel@haxx.se 2020-03-18T07:47:51+00:00 1a46b218db2bce16246c8c60bcd541366a2e7e8d ... and bumped curlver.h to 7.70.0 
... and bumped curlver.h to 7.70.0
schannel: add "best effort" revocation check option 2020-03-18T07:23:39+00:00 Johannes Schindelin johannes.schindelin@gmx.de 2020-02-26T10:24:26+00:00 54504284918a4ba19bc7b1efb486a64629d376aa - Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and --ssl-revoke-best-effort to allow a "best effort" revocation check. A best effort revocation check ignores errors that the revocation check was unable to take place. The reasoning is described in detail below and discussed further in the PR. --- When running e.g. with Fiddler, the schannel backend fails with an unhelpful error message: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate. Sadly, many enterprise users who are stuck behind MITM proxies suffer the very same problem. This has been discussed in plenty of issues: https://github.com/curl/curl/issues/3727, https://github.com/curl/curl/issues/264, for example. In the latter, a Microsoft Edge developer even made the case that the common behavior is to ignore issues when a certificate has no recorded distribution point for revocation lists, or when the server is offline. This is also known as "best effort" strategy and addresses the Fiddler issue. Unfortunately, this strategy was not chosen as the default for schannel (and is therefore a backend-specific behavior: OpenSSL seems to happily ignore the offline servers and missing distribution points). To maintain backward-compatibility, we therefore add a new flag (`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option (`--ssl-revoke-best-effort`) to select the new behavior. Due to the many related issues Git for Windows and GitHub Desktop, the plan is to make this behavior the default in these software packages. The test 2070 was added to verify this behavior, adapted from 310. Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com> Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes https://github.com/curl/curl/pull/4981 
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
  --ssl-revoke-best-effort to allow a "best effort" revocation check.

A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.

---

When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:

	Unknown error (0x80092012) - The revocation function was unable
	to check revocation for the certificate.

Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.

This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.

In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.

Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).

To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.

Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.

The test 2070 was added to verify this behavior, adapted from 310.

Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes https://github.com/curl/curl/pull/4981