LOCAL_PATH:= $(call my-dir)

CFLAGS := -DHAVE_CONFIG_H -O2 -Dmain=curl_main -DBUILDING_LIBCURL=1 \
	  -DSIZEOF_CURL_OFF_T=SIZEOF_OFF_T

include $(CLEAR_VARS)
include $(LOCAL_PATH)/lib/Makefile.inc
include $(LOCAL_PATH)/src/Makefile.inc

LOCAL_MODULE := curl

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.76.0 (31 Mar 2021)

Daniel Stenberg (31 Mar 2021)
- RELEASE-NOTES: synced
  
  curl 7.76.0 release

- THANKS: added names from 7.76.0

- CURLOPT_AUTOREFERER.3: clarify that it sets the full URL
  
  ... some users may not want that!

- define: remove CURL_DISABLE_NTLM ifdefs
  
  It was never defined anywhere. Fixed disable-scan (test 1165) to also
  scan headers, which found this issue.
  
  Closes #6809

- vtls: fix addsessionid for non-proxy builds
  
  Follow-up to b09c8ee15771c61
  Fixes #6812
  Closes #6811

- [Li Xinwei brought this change]

  cmake: support WinIDN
  
  Closes #6807

- transfer: clear 'referer' in declaration
  
  To silence (false positive) compiler warnings about it.
  
  Follow-up to 7214288898f5625
  
  Reviewed-by: Marcel Raad
  Closes #6810

- [Marc Hoersken brought this change]

  config: fix SSPI enabling NTLM if crypto auth is disabled
  
  Avoid enabling NTLM feature based upon Windows SSPI
  being enabled in case that crypto auth is disabled.
  
  Reported-by: Marcel Raad
  
  Follow-up to #6277
  Fixes #6803
  Closes #6808

- HISTORY: add two 2021 events

- vtls: add 'isproxy' argument to Curl_ssl_get/addsessionid()
  
  To make sure we set and extract the correct session.
  
  Reported-by: Mingtao Yang
  Bug: https://curl.se/docs/CVE-2021-22890.html
  
  CVE-2021-22890

- [Viktor Szakats brought this change]

  transfer: strip credentials from the auto-referer header field
  
  Added test 2081 to verify.
  
  CVE-2021-22876
  
  Bug: https://curl.se/docs/CVE-2021-22876.html

- curl_sasl: fix compiler error with --disable-crypto-auth
  
  ... if libgsasl was found.
  
  Closes #6806

- [Patrick Monnerat brought this change]

  ldap: only set the callback ptr for TLS context when TLS is used
  
  Follow-up to a5eee22e594c2460f
  Fixes #6804
  Closes #6805

- copyright: update copyright year ranges to 2021
  
  Reviewed-by: Emil Engler
  Closes #6802

- send_speed: simplify the checks for if a speed limit is set
  
  ... as we know the value cannot be set to negative: enforced by
  setopt()

- http: cap body data amount during send speed limiting
  
  By making sure never to send off more than the allowed number of bytes
  per second the speed limit logic is given more room to actually work.
  
  Reported-by: Fabian Keil
  Bug: https://curl.se/mail/lib-2021-03/0042.html
  Closes #6797

- urldata: merge "struct DynamicStatic" into "struct UrlState"
  
  Both were used for the same purposes and there was no logical separation
  between them. Combined, this also saves 16 bytes in less holes in my
  test build.
  
  Closes #6798

- tests/README.md: mentioned that en_US.UTF-8 is required
  
  Reported-by: Oumph on github
  Fixes #6768

- HISTORY: fixed the Mac OS X 10.1 release date
  
  Based on what Wikipedia says

Jay Satiro (26 Mar 2021)
- examples: Remove threaded-shared-conn.c due to bug
  
  Known bug 11.11 is the shared object's connection cache is not thread
  safe, so we should not have an example for it.
  
  Ref: https://github.com/curl/curl/issues/4915
  Ref: https://curl.se/docs/knownbugs.html#A_shared_connection_cache_is_not
  
  Closes https://github.com/curl/curl/pull/6795

- KNOWN_BUGS: Update 11.9 - DoH option inheritance
  
  - Add description: Explain that some options aren't inherited because
    they are not relevant for the DoH SSL connections or may result in
    unexpected behavior.
  
  - Remove the reference to #4578 (SSL verify options not inherited) since
    that was fixed by #6597 (separate DoH-specific options for verify).
  
  - Explain that DoH-specific options (those created by #6597) are
    available: CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and
    CURLOPT_DOH_SSL_VERIFYSTATUS.
  
  - Add a reference to #6605 and explain that the user's debug function is
    not inherited because it would be unexpected to pass internal handles
    (ie DoH handles) to the user's callback.
  
  Closes https://github.com/curl/curl/issues/6605

Daniel Stenberg (26 Mar 2021)
- curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO

- [Jean-Philippe Menil brought this change]

  openssl: ensure to check SSL_CTX_set_alpn_protos return values
  
  SSL_CTX_set_alpn_protos() return 0 on success, and non-0 on failure
  
  Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com>
  
  Closes #6794

- multi: close the connection when h2=>h1 downgrading
  
  Otherwise libcurl is likely to reuse the connection again in the next
  attempt since the connection reuse logic doesn't take downgrades into
  account.
  
  Reported-by: Anthony Ramine
  Fixes #6788
  Closes #6793

- openssl: set the transfer pointer for logging early
  
  Otherwise, the transfer will be NULL in the trace function when the
  early handshake details arrive and then curl won't show them.
  
  Regresssion in 7.75.0
  
  Reported-by: David Hu
  Fixes #6783
  Closes #6792

- RELEASE-NOTES: synced

- TODO: Custom progress meter update interval
  
  Ref: https://stackoverflow.com/q/66789977/93747

- docs/ABI: tighten up the language
  
  Make the promises more firm
  
  Closes #6786

- openldap: disconnect better
  
  Instead of clearing the callback argument in disconnect, set it to the
  (new) transfer to make sure the correct data is passed to the callbacks.
  
  Follow-up to e467ea3bd937f38
  Assisted-by: Patrick Monnerat
  Closes #6787

- libssh2: kdb_callback: get the right struct pointer
  
  After the recent conn/data refactor in this source file, this function
  was mistakenly still getting the old struct pointer which would lead to
  crash on servers with keyboard-interactive auth enabled.
  
  Follow-up to a304051620b92e12b (shipped in 7.75.0)
  
  Reported-by: Christian Schmitz
  Fixes #6691
  Closes #6782

- tftp: remove unused struct fields
  
  Follow-up to d3d90ad9c00530d
  
  Closes #6781

- openldap: avoid NULL pointer dereferences
  
  Follow-up to a59c33ceffb8f78
  Reported-by: Patrick Monnerat
  Fixes #6676
  Closes #6780

- http: strip default port from URL sent to proxy
  
  To make sure the Host: header and the URL provide the same authority
  portion when sent to the proxy, strip the default port number from the
  URL if one was provided.
  
  Reported-by: Michael Brown
  Fixes #6769
  Closes #6778

- azure: disable test 433 on azure-ubuntu
  
  Something in that environment sets XDG_CONFIG_HOME for us in a way that
  breaks the test.
  
  Reported-by: Marc Hörsken
  Fixes #6739
  Closes #6777

- tftp: remove the 3600 second default timeout
  
  ... it was never meant to be there.
  
  Reported-by: Tomas Berger
  Fixes #6774
  Closes #6776

- docs: make gen.pl support *italic* and **bold**
  
  Remove some nroffisms from the cmdline doc files to simplify editing,
  and instead support this markdown style.
  
  Closes #6771

- ngtcp2: sync with recent API updates
  
  Closes #6770

- RELEASE-NOTES: synced

- libssh2:ssh_connect: clear session pointer after free
  
  If libssh2_knownhost_init() returns NULL, like in an OOM situation, the
  ssh session was freed but the pointer wasn't cleared which made libcurl
  later call libssh2 to cleanup using the stale pointer.
  
  Fixes #6764
  Closes #6766

- [Jacob Hoffman-Andrews brought this change]

  docs: document version of crustls dependency
  
  This also pins a specific release in the Travis test so future
  API-breaking changins in crustls won't break curl builds.
  
  Add RUSTLS documentation to release tarball.
  
  Enable running tests for rustls, minus FTP tests (require
  connect_blocking, which rustls doesn't implement) and 313 (requires CRL
  handling).
  
  Closes #6763

- [Jacob Hoffman-Andrews brought this change]

  rustls: Handle close_notify.
  
  If we get a close_notify, treat that as EOF. If we get an EOF from the
  TCP stream, treat that as an error (because we should have ended the
  connection earlier, when we got a close_notify).
  
  Closes #6763

- docs: clarify timeouts for queued transfers in multi API
  
  Closes #6758

- ftpserver: only load the preprocessed test file
  
  We always preprocess and tests are no longer sensible to load "raw"
  
  Closes #6738

- tests: use %TESTNUMBER instead of fixed number
  
  This makes the tests easier to copy and relocate to other test numbers
  without having to update content.
  
  Closes #6738

- KNOWN_BUGS: CURLOPT_OPENSOCKETPAIRFUNCTION is missing
  
  Closes #5747

- TODO: provide timing info for each redirect
  
  Closes #6743

Jay Satiro (17 Mar 2021)
- docs: Add SSL backend names to CURL_SSL_BACKEND
  
  - Document the names that can be used with CURL_SSL_BACKEND:
    bearssl, gnutls, gskit, mbedtls, mesalink, nss, openssl, rustls,
    schannel, secure-transport, wolfssl
  
  Ref: https://github.com/curl/curl/issues/2209#issuecomment-360623286
  Ref: https://github.com/curl/curl/issues/6717#issuecomment-800745201
  
  Closes https://github.com/curl/curl/pull/6755

- docs: Explain DOH transfers inherit some SSL settings
  
  - Document in DOH that some SSL settings are inherited but DOH hostname
    and peer verification are not and are controlled separately.
  
  - Document that CURLOPT_SSL_CTX_FUNCTION is inherited by DOH handles but
    we're considering changing behavior to no longer inherit it. Request
    feedback.
  
  Closes https://github.com/curl/curl/pull/6688

Daniel Stenberg (17 Mar 2021)
- http: make 416 not fail with resume + CURLOPT_FAILONERRROR
  
  When asked to resume a download, libcurl will convert that to HTTP logic
  and if then the entire file is already transferred it will result in a
  416 response from the HTTP server. With CURLOPT_FAILONERRROR set in that
  scenario, it should *not* lead to an error return.
  
  Updated test 1156, added test 1273
  
  Reported-by: Jonathan Watt
  Fixes #6740
  Closes #6753

- Curl_timeleft: check both timeouts during connect
  
  The duration of a connect and the total transfer are calculated from two
  different time-stamps. It can end up with the total timeout triggering
  before the connect timeout expires and we should make sure to
  acknowledge whichever timeout that is reached first.
  
  This is especially notable when a transfer first sits in PENDING, as
  that time is counted in the total time but the connect timeout is based
  on the time since the handle changed to the CONNECT state.
  
  The CONNECTTIMEOUT is per connect attempt. The TIMEOUT is for the entire
  operation.
  
  Fixes #6744
  Closes #6745
  Reported-by: Andrei Bica
  Assisted-by: Jay Satiro

- configure: remove use of deprecated macros
  
  AC_HEADER_TIME, AC_HEADER_STDC and AC_TYPE_SIGNAL

- configure: make AC_TRY_* into AC_*_IFELSE
  
  ... as the former versions are deprecated.

- configure: s/AC_HELP_STRING/AS_HELP_STRING
  
  AC_HELP_STRING is deprecated in 2.70+ and I believe AS_HELP_STRING works
  already since 2.59 so bump the minimum required version to that.
  
  Reported-by: Emil Engler
  Fixes #6647
  Closes #6748

- RELEASE-NOTES: synced

- travis: use ubuntu nghttp2 package instead of build our own
  
  Closes #6751

- travis: bump wolfssl to 4.7.0

- travis: only build wolfssl when needed
  
  Closes #6751

- [Jacob Hoffman-Andrews brought this change]

  rustls: allocate a buffer for TLS data.
  
  Previously, rustls was using an on-stack array for TLS data. However,
  crustls has an (unusual) requirement that buffers it deals with are
  initialized before writing to them. By using calloc, we can ensure the
  buffer is initialized once and then reuse it across calls.
  
  Closes #6742

- travis: add a rustls build
  
  ... that doesn't run any tests (yet)
  
  Closes #6750

- HTTP2: remove the outdated remark about multiplexing for the tool

- [Robert Ronto brought this change]

  http2: don't set KEEP_SEND when there's no more data to be sent
  
  this should fix an issue where curl sometimes doesn't send out a request
  with authorization info after a 401 is received over http2
  
  Closes #6747

Marc Hoersken (15 Mar 2021)
- config: fix building SMB with configure using Win32 Crypto
  
  Align conditions for NTLM features between CMake and configure
  builds by differentiating between USE_NTLM and USE_CURL_NTLM_CORE,
  just like curl_setup.h does internally to detect support of:
  
  - USE_NTLM: required for NTLM crypto authentication feature
  - USE_CURL_NTLM_CORE: required for SMB protocol
  
  Implement USE_WIN32_CRYPTO detection by checking for Crypt functions
  in wincrypt.h which are not available in the Windows App environment.
  
  Link advapi32 and crypt32 for Crypto API and Schannel SSL backend.
  Fix condition of Schannel SSL backend in CMake build accordingly.
  
  Reviewed-by: Marcel Raad
  
  Closes #6277

- config: fix detection of restricted Windows App environment
  
  Move the detection of the restricted Windows App environment
  in curl_setup.h before the definition of USE_WIN32_CRYPTO
  via included config-win32.h in case no build system is used.
  
  Reviewed-by: Marcel Raad
  
  Part of #6277

Daniel Stenberg (15 Mar 2021)
- HISTORY: curl 7.7.2 was the first version used in Mac OS X 10.1

- gen.pl: quote "bare" minuses in the nroff curl.1
  
  Reported-by: Alejandro Colomar
  Fixes #6698
  Closes #6722

Daniel Gustafsson (14 Mar 2021)
- hsts: remove unused defines
  
  MAX_HSTS_SUBLEN and MAX_HSTS_SUBLENSTR were unused from the initial commit,
  and mostly likely leftovers from early development.  Remove as they're not
  used for anything.
  
  Closes #6741
  Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Daniel Stenberg (12 Mar 2021)
- github: add torture-ftp for FTP-only torture testing
  
  and at 20% to try to keep the run-time reasonable
  
  Closes #6728

- travis: split "torture" into a separate "events" build as well
  
  Run torture without FTP and reducing coverage to 20%
  
  For some reason the torture tests now run a lot slower on travis and run
  into the 50 minute limit all the time.
  
  Closes #6728

- ftp: fix memory leak in ftp_done
  
  If after a transfer is complete Curl_GetFTPResponse() returns an error,
  curl would not free the ftp->pathalloc block.
  
  Found by torture-testing test 576
  
  Closes #6737

- [oxalica brought this change]

  http2: fail if connection terminated without END_STREAM
  
  Closes #6736

- RELEASE-NOTES: synced

- [Jacob Hoffman-Andrews brought this change]

  rustls: support CURLOPT_SSL_VERIFYPEER
  
  This requires the latest main branch of crustls, which provides
  rustls_client_config_builder_dangerous_set_certificate_verifier and
  rustls_client_config_builder_set_enable_sni.
  
  This refactors the session setup into its own function, and adds a new
  function cr_hostname_is_ip. Because crustls doesn't support verification
  of IP addresses, special handling is needed: We disable SNI and set a
  placeholder hostname (which never actually gets sent on the wire).
  
  Closes #6719

Daniel Gustafsson (12 Mar 2021)
- cookies: Fix potential NULL pointer deref with PSL
  
  Curl_cookie_init can be called with data being NULL, and this can in turn
  be passed to Curl_cookie_add, meaning that both functions must be careful
  to only use data where it's checked for being a NULL pointer.  The libpsl
  support code does however dereference data without checking, so if we are
  indeed having an unset data pointer we cannot PSL check the cookiedomain.
  
  This is currently not a reachable dereference, as the only caller with a
  NULL data isn't passing a file to initialize cookies from, but since the
  API has this contract let's ensure we hold it.
  
  Closes #6731
  Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Daniel Stenberg (12 Mar 2021)
- [Michael Hordijk brought this change]

  configure: only add OpenSSL paths if they are defined
  
  Add paths for OpenSSL compiling and linking only if they have been
  defined.  If they haven't been defined, we'll assume that the paths are
  already available to the toolchain.
  
  Closes #6730

Jay Satiro (12 Mar 2021)
- retry.d: Clarify transient 5xx HTTP response codes
  
  - Clarify the only 5xx response codes that are treated as transient are
    500, 502, 503 and 504.
  
  Prior to this change it said it treated all 5xx as transient, but the
  code says otherwise.
  
  Ref: https://github.com/curl/curl/blob/curl-7_75_0/src/tool_operate.c#L462-L495
  
  Closes https://github.com/curl/curl/pull/6724

- retry-all-errors.d: Explain curl errors versus HTTP response errors
  
  - Add a paragraph explaining that curl does not consider HTTP response
    errors as curl errors, and how that behavior can be modified by using
    --retry and --fail.
  
  The --retry-all-errors doc says "Retry on any error" which some users
  may find misleading without the added explanation.
  
  Ref: https://curl.se/docs/faq.html#Why_do_I_get_downloaded_data_eve
  Ref: https://curl.se/docs/faq.html#curl_doesn_t_return_error_for_HT
  
  Reported-by: Lawrence Gripper
  
  Fixes https://github.com/curl/curl/issues/6712
  Closes https://github.com/curl/curl/pull/6720

Daniel Stenberg (11 Mar 2021)
- travis: switch ngtcp2 build over to quictls
  
  The ngtcp2 project switched over to using the quictls OpenSSL fork
  instead of their own patched OpenSSL. We follow suit.
  
  Closes #6729

- test220/314: adjust to run with Hyper

- c-hyper: support automatic content-encoding
  
  Closes #6727

- http: remove superfluous NULL assign
  
  Closes #6727

- tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error
  
  Closes #6727

- setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper
  
  Not supported.
  
  Closes #6727

- test306: make it not run with Hyper
  
  ... as it tests HTTP/0.9 which Hyper doesn't support.

- test304: header CRLF cleanup to work with Hyper

- FTP: allow SIZE to fail when doing (resumed) upload
  
  Added test 362 to verify.
  
  Reported-by: Jordan Brown
  Regression since 7ea2e1d0c5a7f (7.73.0)
  Fixes #6715
  Closes #6725

- configure: provide Largefile feature for curl-config
  
  ... as cmake now does it correctly, and make test1014 check for it
  
  Closes #6702

- config: remove CURL_SIZEOF_CURL_OFF_T use only SIZEOF_CURL_OFF_T
  
  Make the code consistently use a single name for the size of the
  "curl_off_t" type.
  
  Closes #6702

Jay Satiro (10 Mar 2021)
- [Jun-ya Kato brought this change]

  ngtcp2: Fix build error due to change in ngtcp2_addr_init
  
  ngtcp2/ngtcp2@b8d90a9 changed the function prototype.
  
  Closes https://github.com/curl/curl/pull/6716

Daniel Stenberg (10 Mar 2021)
- [ejanchivdorj brought this change]

  multi: update pending list when removing handle
  
  when removing a handle, most of the lists are updated but pending list
  is not updated. Updating now.
  
  Closes #6713

- [kokke brought this change]

  lib1536: check ptr against NULL before dereferencing it
  
  Closes #6710

- [kokke brought this change]

  lib1537: check ptr against NULL before dereferencing it
  
  Fixes #6707
  Closes #6708

- travis: make torture tests skip TLS-SRP tests
  
  ... as it seems to often hang.
  
  Also: skip the "normal" tests as they're already run by many other
  builds.
  
  Closes #6705

- openssl: adapt to v3's new const for a few API calls
  
  Closes #6703

- quiche: fix crash when failing to connect
  
  Reported-by: ウさん
  Fixes #6664
  Closes #6701

- RELEASE-NOTES: synced
  
  Fixed the release counter and added a missing contributor

- RELEASE-NOTES: synced

- dynbuf: bump the max HTTP request to 1MB
  
  Raised from 128KB to allow longer request headers.
  
  Reported-by: Carl Zogheib
  Fixes #6681
  Closes #6685

Jay Satiro (6 Mar 2021)
- schannel: Evaluate CURLOPT_SSL_OPTIONS via SSL_SET_OPTION macro
  
  - Change use of those options from CURLOPT_SSL_OPTIONS that are not
    already evaluated via SSL_SET_OPTION in schannel and secure transport
    to use that instead of data->set.ssl.optname.
  
  Example:
  
  Evaluate SSL_SET_OPTION(no_revoke) instead of data->set.ssl.no_revoke.
  
  This change is because options set via CURLOPT_SSL_OPTIONS
  (data->set.ssl.optname) are separate from those set for HTTPS proxy via
  CURLOPT_PROXY_SSL_OPTIONS (data->set.proxy_ssl.optname). The
  SSL_SET_OPTION macro determines whether the connection is for HTTPS
  proxy and based on that which option to evaluate.
  
  Since neither Schannel nor Secure Transport backends currently support
  HTTPS proxy in libcurl, this change is for posterity and has no other
  effect.
  
  Closes https://github.com/curl/curl/pull/6690

- [kokke brought this change]

  c-hyper: Remove superfluous pointer check
  
  `n` pointer is never NULL once set. Found by static analysis.
  
  Ref: https://github.com/curl/curl/issues/6696
  
  Closes https://github.com/curl/curl/pull/6697

- version.d: Add missing features to the features list
  
  - Add missing entries for gsasl, Kerberos, NTLM_WB, TrackMemory,
    Unicode and zstd.
  
  - Remove krb4 since it's no longer a feature.
  
  Reported-by: Ádler Jonas Gross
  
  Fixes https://github.com/curl/curl/issues/6677
  Closes https://github.com/curl/curl/pull/6687

- [Vladimir Varlamov brought this change]

  docs: add missing Arg tag to --stderr
  
  Prior to this change the required argument was not shown.
  
  curl.1 before: --stderr
  curl.1 after: --stderr <file>
  
  curl --help before:
       --stderr        Where to redirect stderr
  
  curl --help after:
       --stderr <file>  Where to redirect stderr
  
  Closes https://github.com/curl/curl/pull/6692

- projects: Update VS projects for OpenSSL 1.1.x
  
  - Update VS project templates to use the OpenSSL lib names and include
    directories for OpenSSL 1.1.x.
  
  This change means the VS project files will now build only with OpenSSL
  1.1.x when an OpenSSL configuration is chosen. Prior to this change the
  project files built only with OpenSSL 1.0.x (end-of-life) when an
  OpenSSL configuration was chosen.
  
  The template changes in this commit were made by script:
  
  libeay32.lib => libcrypto.lib
  ssleay32.lib => libssl.lib
  ..\..\..\..\..\openssl\inc32 => ..\..\..\..\..\openssl\include
  
  And since the output directory now contains the includes it's prepended:
  ..\..\..\..\..\openssl\build\Win{32,64}\VC{6..15}\{DLL,LIB}
  {Debug,Release}\include
  
  - Change build-openssl.bat to copy the build's include directory to the
    output directory (as seen above).
  
  Each build has its own opensslconf.h which is different so we can't just
  include the source include directory any longer.
  
  Note the include directory in the output directory is a full copy from
  the build so technically we don't need to include the OpenSSL source
  include directory in the template. However, I left it last in case the
  user made a custom OpenSSL build using the old method which would put
  opensslconf in the OpenSSL source include directory.
  
  - Change build-openssl.bat to use a temporary install directory that is
    different from the temporary build directory.
  
  For OpenSSL 1.1.x the temporary paths must be separate not a descendant
  of the other, otherwise pdb files will be lost between builds.
  
  Ref: https://curl.se/mail/lib-2018-10/0049.html
  Ref: https://gist.github.com/jay/125191c35bbeb894444eff827651f755
  Ref; https://github.com/openssl/openssl/issues/10005
  
  Fixes https://github.com/curl/curl/issues/984
  Closes https://github.com/curl/curl/pull/6675

- doh: Inherit CURLOPT_STDERR from user's easy handle
  
  Prior to this change if the user set their easy handle's error stream
  to something other than stderr it was not inherited by the doh handles,
  which meant that they would still write to the default standard error
  stream (stderr) for verbose output.
  
  Bug: https://github.com/curl/curl/issues/6605
  Reported-by: arvids-kokins-bidstack@users.noreply.github.com
  
  Closes https://github.com/curl/curl/pull/6661

Marc Hoersken (1 Mar 2021)
- CI/azure: replace python-impacket with python3-impacket
  
  As of this month Azure DevOps uses Ubuntu 20.04 LTS which
  no longer supports Python 2 and instead ships Python 3.
  
  Closes #6678

- runtests.pl: kill processes locking test log files
  
  Introduce a new runtests.pl command option: -rm
  
  For now only required and implemented for Windows.
  Ignore stunnel logs due to long running processes.
  
  Requires Sysinternals handle[64].exe to be on PATH.
  
  Reviewed-by: Jay Satiro
  
  Ref: #6058
  Closes #6179

- pathhelp.pm: fix use of pwd -L in Msys environment
  
  While Msys2 has a pwd binary which supports -L,
  Msys1 only has a shell built-in with that feature.
  
  Reviewed-by: Jay Satiro
  
  Part of #6179

Daniel Gustafsson (1 Mar 2021)
- ldap: use correct memory free function
  
  unescaped is coming from Curl_urldecode and not a unicode conversion
  function, so reclaiming its memory should be performed with a normal
  call to free rather than curlx_unicodefree.  In reality, this is the
  same thing as curlx_unicodefree is implemented as a call to free but
  that's not guaranteed to always hold.  Using the curlx macro present
  issues with memory debugging as well.
  
  Closes #6671
  Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
  Reviewed-by: Daniel Stenberg <daniel@haxx.se>

- url: fix typo in comment
  
  Correct a small typo which snuck in with a304051620.

Jay Satiro (28 Feb 2021)
- tool_help: Increase space between option and description
  
  - Increase the minimum number of spaces between the option and the
    description from 1 to 2.
  
  Before:
  ~~~
   -u, --user <user:password> Server user and password
   -A, --user-agent <name> Send User-Agent <name> to server
   -v, --verbose       Make the operation more talkative
   -V, --version       Show version number and quit
   -w, --write-out <format> Use output FORMAT after completion
       --xattr         Store metadata in extended file attributes
  ~~~
  
  After:
  ~~~
   -u, --user <user:password>  Server user and password
   -A, --user-agent <name>  Send User-Agent <name> to server
   -v, --verbose       Make the operation more talkative
   -V, --version       Show version number and quit
   -w, --write-out <format>  Use output FORMAT after completion
       --xattr         Store metadata in extended file attributes
  ~~~
  
  Closes https://github.com/curl/curl/pull/6674

Daniel Stenberg (27 Feb 2021)
- curl: set CURLOPT_NEW_FILE_PERMS if requested
  
  The --create-file-mode code logic accepted the value but never actually
  passed it on to libcurl!
  
  Follow-up to a7696c73436f (shipped in 7.75.0)
  Reported-by: Johannes Lesr
  Fixes #6657
  Closes #6666

- tool_operate: check argc before accessing argv[1]
  
  Follow-up to 09363500b
  Reported-by: Emil Engler
  Reviewed-by: Daniel Gustafsson
  Closes #6668

Daniel Gustafsson (26 Feb 2021)
- [Jean-Philippe Menil brought this change]

  openssl: remove get_ssl_version_txt in favor of SSL_get_version
  
  openssl: use SSL_get_version to get connection protocol
  
  Replace our bespoke get_ssl_version_txt in favor of SSL_get_version.
  We can get rid of few lines of code, since SSL_get_version achieve
  the exact same thing
  
  Closes #6665
  Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
  Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com>

- gnutls: Fix nettle discovery
  
  Commit e06fa7462ac258c removed support for libgcrypt leaving only
  support for nettle which has been the default crypto library in
  GnuTLS for a long time. There were however a few conditionals on
  USE_GNUTLS_NETTLE which cause compilation errors in the metalink
  code (as it used the gcrypt fallback instead as a result). See the
  below autobuild for an example of the error:
  
    https://curl.se/dev/log.cgi?id=20210225123226-30704#prob1
  
  This removes all uses of USE_GNUTLS_NETTLE and also removes the
  gcrypt support from the metalink code while at it.
  
  Closes #6656
  Reviewed-by: Daniel Stenberg <daniel@haxx.se>

- cookies: Support multiple -b parameters
  
  Previously only a single -b cookie parameter was supported with the last
  one winning.  This adds support for supplying multiple -b params to have
  them serialized semicolon separated.  Both cookiefiles and cookies can be
  entered multiple times.
  
  Closes #6649
  Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Daniel Stenberg (25 Feb 2021)
- build: remove all traces of USE_BLOCKING_SOCKETS
  
  libcurl doesn't behave properly with the define set
  
  Closes #6655

- RELEASE-NOTES: synced

Daniel Gustafsson (25 Feb 2021)
- docs: Fix typos
  
  Random typos spotted when skimming docs.

- cookies: Use named parameters in header prototypes
  
  Align header with project style of using named parameters in the
  function prototypes to aid readability and self-documentation.
  
  Closes #6653
  Reviewed-by: Daniel Stenberg <daniel@haxx.se>

Daniel Stenberg (24 Feb 2021)
- urldata: make 'actions[]' use unsigned char instead of int
  
  ... as it only needs a few bits per index anyway.
  
  Reviewed-by: Daniel Gustafsson
  Closes #6648

- configure: fail if --with-quiche is used and quiche isn't found
  
  Closes #6652

- [Gregor Jasny brought this change]

  cmake: use CMAKE_INSTALL_INCLUDEDIR indirection
  
  Reviewed-by: Sergei Nikulov
  Closes #6440

Viktor Szakats (23 Feb 2021)
- mingw: enable using strcasecmp()
  
  This makes the 'Features:' list sorted case-insensitively,
  bringing output in-line with *nix builds.
  
  Reviewed-by: Jay Satiro
  Closes #6644

- build: delete unused feature guards
  
  - `HAVE_STRNCASECMP`
  - `HAVE_TCGETATTR`
  - `HAVE_TCSETATTR`
  
  Reviewed-by: Jay Satiro
  Reviewed-by: Daniel Stenberg
  Closes #6645

Jay Satiro (23 Feb 2021)
- docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions
  
  Closes https://github.com/curl/curl/pull/6639

Daniel Stenberg (23 Feb 2021)
- [Jacob Hoffman-Andrews brought this change]

  configure: make hyper opt-in, and fail if missing
  
  Previously, configure would look for hyper by default, and use it if
  found; otherwise it would not use hyper, and not error.
  
  Now, configure will not look for hyper unless --with-hyper is passed. If
  configure looks for hyper and fails, it will error.
  
  Also, add -ld -lpthread -lm to Hyper's libs. I think they are required.
  
  Closes #6598

- multi: do once-per-transfer inits in before_perform in DID state
  
  ... since the state machine might go to RATELIMITING and then back to
  PERFORMING doing once-per-transfer inits in that function is wrong and
  it caused problems with receiving chunked HTTP and it set the
  PRETRANSFER time much too often...
  
  Regression from b68dc34af341805aeb7b3715 (shipped in 7.75.0)
  
  Reported-by: Amaury Denoyelle
  Fixes #6640
  Closes #6641

- RELEASE-NOTES: synced

- CODE_STYLE.md: fix broken link to INTERNALS
  
  ... the link would only work if browsed on GitHub, while this link now
  takes the user to the website instead and thus should work on either.
  
  Reported-by: David Demelier

- curl_url_set.3: mention CURLU_PATH_AS_IS
  
  ... it has been supported since the URL API was added.
  
  Bug: https://curl.se/mail/lib-2021-02/0046.html
  
  Closes #6638

Viktor Szakats (21 Feb 2021)
- time: enable 64-bit time_t in supported mingw environments
  
  (Unless 32-bit `time_t` is selected manually via the `_USE_32BIT_TIME_T`
  mingw macro.)
  
  Previously, 64-bit `time_t` was enabled on VS2005 and newer only, and
  32-bit `time_t` was used on all other Windows builds.
  
  Assisted-by: Jay Satiro
  Closes #6636

Jay Satiro (20 Feb 2021)
- test1188: Check for --fail HTTP status
  
  - Change the test to check for curl error on HTTP 404 Not Found.
  
  test1188 tests "--write-out with %{onerror} and %{urlnum} to stderr".
  Prior to this change it did that by specifying a non-existent host which
  would cause an error. ISPs may hijack DNS and resolve non-existent hosts
  so the test would not work if that was the case.
  
  Ref: https://en.wikipedia.org/wiki/DNS_hijacking#Manipulation_by_ISPs
  Ref: https://github.com/curl/curl/issues/6621
  Ref: https://github.com/curl/curl/pull/6623
  
  Closes https://github.com/curl/curl/pull/6637

- memdebug: close debug logfile explicitly on exit
  
  - Use atexit to register a dbg cleanup function that closes the logfile.
  
  LeakSantizier (LSAN) calls _exit() instead of exit() when a leak is
  detected on exit so the logfile must be closed explicitly or data could
  be lost. Though _exit() does not call atexit handlers such as this,
  LSAN's call to _exit() comes after the atexit handlers are called.
  
  Prior to this change the logfile was not explicitly closed so it was
  possible that if LSAN detected a leak and called _exit (which does
  not flush or close files like exit) then the logfile could be missing
  data. That could then cause curl's memanalyze to report false leaks
  (eg a malloc was recorded to the logfile but the corresponding free was
  discarded from the buffer instead of written to the logfile, then
  memanalyze reports that as a leak).
  
  Ref: https://github.com/google/sanitizers/issues/1374
  
  Bug: https://github.com/curl/curl/pull/6591#issuecomment-780396541
  
  Closes https://github.com/curl/curl/pull/6620

- curl_multibyte: always return a heap-allocated copy of string
  
  - Change the Windows char <-> UTF-8 conversion functions to return an
    allocated copy of the passed in string instead of the original.
  
  Prior to this change the curlx_convert_ functions would, as what I
  assume was an optimization, not make a copy of the passed in string if
  no conversion was required. No conversion is required in non-UNICODE
  Windows builds since our tchar strings are type char and remain in
  whatever the passed in encoding is, which is assumed to be UTF-8 but may
  be other encoding.
  
  In contrast the UNICODE Windows builds require conversion
  (wchar <-> char) and do return a copy. That inconsistency could lead to
  programming errors where the developer expects a copy, and does not
  realize that won't happen in all cases.
  
  Closes https://github.com/curl/curl/pull/6602

Viktor Szakats (19 Feb 2021)
- http: add new files missed from referrer commit
  
  Ref: 44872aefc2d54f297caf2b0cc887df321bc9d791
  Ref: #6591

- http: add support to read and store the referrer header
  
  - add CURLINFO_REFERER libcurl option
  - add --write-out '%{referer}' command-line option
  - extend --xattr command-line option to fill user.xdg.referrer.url extended
    attribute with the referrer (if there was any)
  
  Closes #6591

Daniel Stenberg (19 Feb 2021)
- urldata: remove the _ORIG suffix from string names
  
  It doesn't provide any useful info but only makes the names longer.
  
  Closes #6624

- url: fix memory leak if OOM in the HSTS handling
  
  Reported-by: Viktor Szakats
  Bug: https://github.com/curl/curl/pull/6627#issuecomment-781626205
  
  Closes #6628

- gnutls: assume nettle crypto support
  
  nettle has been the default crypto library with GnuTLS since 2010. By
  dropping support for the previous libcrypto, we simplify code.
  
  Closes #6625

- asyn-ares: use consistent resolve error message
  
  ... with the help of Curl_resolver_error() which now is moved from
  asyn-thead.c and is provided globally for this purpose.
  
  Follow-up to 35ca04ce1b77636
  
  Makes test 1188 work for c-ares builds
  
  Closes #6626

Viktor Szakats (18 Feb 2021)
- ci: stop building on freebsd-12-1
  
  An updated freebsd-12-2 image was added a few months ago, and this
  older one is consistently failing to go past `pkginstall`:
  ```
  Newer FreeBSD version for package py37-mlt:
  To ignore this error set IGNORE_OSVERSION=yes
  - package: 1202000
  - running kernel: 1201000
  Ignore the mismatch and continue? [Y/n]: pkg: repository FreeBSD contains packages for wrong OS version: FreeBSD:12:amd64
  ```
  
  FreeBSD thread suggests that 12.1 is EOL, and best to avoid.
  
  Ref: https://forums.freebsd.org/threads/78856/
  
  Reviewed-by: Daniel Stenberg
  Closes #6622

Daniel Stenberg (18 Feb 2021)
- test1188: change error from connect to resolve error
  
  Using the %NOLISTENPORT to trigger a connection failure is somewhat
  "risky" (since it isn't guaranteed to not be listened to) and caused
  occasional CI problems. This fix changes the infused error to be a more
  reliable one but still verifies the --write-out functionality properly -
  which is the purpose of this test.
  
  Reported-by: Jay Satiro
  Fixes #6621
  Closes #6623

- url.c: use consistent error message for failed resolve

- BUGS: language polish

- wolfssl: don't store a NULL sessionid
  
  This caused a memory leak as the session id cache entry was still
  erroneously stored with a NULL sessionid and that would later be treated
  as not needed to get freed.
  
  Reported-by: Gisle Vanem
  Fixes #6616
  Closes #6617

- parse_proxy: fix a memory leak in the OOM path
  
  Reported-by: Jay Satiro
  Reviewed-by: Jay Satiro
  Reviewed-by: Emil Engler
  
  Closes #6614
  Bug: https://github.com/curl/curl/pull/6591#issuecomment-780396541

Jay Satiro (17 Feb 2021)
- url: fix possible use-after-free in default protocol
  
  Prior to this change if the user specified a default protocol and a
  separately allocated non-absolute URL was used then it was freed
  prematurely, before it was then used to make the replacement URL.
  
  Bug: https://github.com/curl/curl/issues/6604#issuecomment-780138219
  Reported-by: arvids-kokins-bidstack@users.noreply.github.com
  
  Closes https://github.com/curl/curl/pull/6613

Daniel Stenberg (16 Feb 2021)
- multi: rename the multi transfer states
  
  While working on documenting the states it dawned on me that step one is
  to use more descriptive names on the states. This also changes prefix on
  the states to make them shorter in the source.
  
  State names NOT ending with *ing are transitional ones.
  
  Closes #6612

Viktor Szakats (16 Feb 2021)
- http: do not add a referrer header with empty value
  
  Previously an empty 'Referer:' header was added to the HTTP request when
  passing `--referer ';auto'` or `--referer ''` on the command-line. This
  patch makes `--referer` work like `--header 'Referer:'` and will only add
  the header if it has a non-zero length value.
  
  Reviewed-by: Jay Satiro
  Closes #6610

Daniel Stenberg (16 Feb 2021)
- lib: remove 'conn->data' completely
  
  The Curl_easy pointer struct entry in connectdata is now gone. Just
  before commit 215db086e0 landed on January 8, 2021 there were 919
  references to conn->data.
  
  Closes #6608

- openldap: pass 'data' to the callbacks instead of 'conn'

Jay Satiro (15 Feb 2021)
- doh: Fix sharing user's resolve list with DOH handles
  
  - Share the shared object from the user's easy handle with the DOH
    handles.
  
  Prior to this change if the user had set a shared object with shared
  cached DNS (CURL_LOCK_DATA_DNS) for their easy handle then that wasn't
  used by any associated DOH handles, since they used the multi's default
  hostcache.
  
  This change means all the handles now use the same hostcache, which is
  either the shared hostcache from the user created shared object if it
  exists or if not then the multi's default hostcache.
  
  Reported-by: Manuj Bhatia
  
  Fixes https://github.com/curl/curl/issues/6589
  Closes https://github.com/curl/curl/pull/6607

Daniel Stenberg (15 Feb 2021)
- http2: remove conn->data use
  
  ... but instead use a private alternative that points to the "driving
  transfer" from the connection. We set the "user data" associated with
  the connection to be the connectdata struct, but when we drive transfers
  the code still needs to know the pointer to the transfer. We can change
  the user data to become the Curl_easy handle, but with older nghttp2
  version we cannot dynamically update that pointer properly when
  different transfers are used over the same connection.
  
  Closes #6520

- openssl: remove conn->data use
  
  We still make the trace callback function get the connectdata struct
  passed to it, since the callback is anchored on the connection.
  
  Repeatedly updating the callback pointer to set 'data' with
  SSL_CTX_set_msg_callback_arg() doesn't seem to work, probably because
  there might already be messages in the queue with the old pointer.
  
  This code therefore makes sure to set the "logger" handle before using
  OpenSSL calls so that the right easy handle gets used for tracing.
  
  Closes #6522

- RELEASE-NOTES: synced

Jay Satiro (14 Feb 2021)
- doh: add options to disable ssl verification
  
  - New libcurl options CURLOPT_DOH_SSL_VERIFYHOST,
    CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS do the
    same as their respective counterparts.
  
  - New curl tool options --doh-insecure and --doh-cert-status do the same
    as their respective counterparts.
  
  Prior to this change DOH SSL certificate verification settings for
  verifyhost and verifypeer were supposed to be inherited respectively
  from CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER, but due to a bug
  were not. As a result DOH verification remained at the default, ie
  enabled, and it was not possible to disable. This commit changes
  behavior so that the DOH verification settings are independent and not
  inherited.
  
  Ref: https://github.com/curl/curl/pull/4579#issuecomment-554723676
  
  Fixes https://github.com/curl/curl/issues/4578
  Closes https://github.com/curl/curl/pull/6597

- hostip: fix crash in sync resolver builds that use DOH
  
  - Guard some Curl_async accesses with USE_CURL_ASYNC instead of
    !CURLRES_SYNCH.
  
  This is another follow-up to 8335c64 which moved the async struct from
  the connectdata struct into the Curl_easy struct. A previous follow-up
  6cd167a fixed building for sync resolver by guarding some async struct
  accesses with !CURLRES_SYNCH. The problem is since DOH (DNS-over-HTTPS)
  is available as an asynchronous secondary resolver the async struct may
  be used even when libcurl is built for the sync resolver. That means
  that CURLRES_SYNCH and USE_CURL_ASYNC may be defined at the same time.
  
  Closes https://github.com/curl/curl/pull/6603

Daniel Stenberg (13 Feb 2021)
- KNOWN_BUGS: cannot enable LDAPS on Windows with cmake
  
  Reported-by: Jack Boos Yu
  Closes #6284

- KNOWN_BUGS: Excessive HTTP/2 packets with TCP_NODELAY
  
  Reported-by: Alex Xu
  Closes #6363

- http: use credentials from transfer, not connection
  
  HTTP auth "accidentally" worked before this cleanup since the code would
  always overwrite the connection credentials with the credentials from
  the most recent transfer and since HTTP auth is typically done first
  thing, this has not been an issue. It was still wrong and subject to
  possible race conditions or future breakage if the sequence of functions
  would change.
  
  The data.set.str[] strings MUST remain unmodified exactly as set by the
  user, and the credentials to use internally are instead set/updated in
  state.aptr.*
  
  Added test 675 to verify different credentials used in two requests done
  over a reused HTTP connection, which previously behaved wrongly.
  
  Fixes #6542
  Closes #6545

- test433: clear some home dir env variables
  
  Follow-up to bd6b54ba1f55b5
  
  ... so that XDG_CONFIG_HOME is the only home dir variable set and thus
  used correctly in the test!
  
  Fixes #6599
  Closes #6600

- RELEASE-NOTES: synced
  
  bumped the version to 7.76.0

- travis: install libgsasl-dev to add that to the builds
  
  Closes #6588

- urldata: don't touch data->set.httpversion at run-time
  
  Rename it to 'httpwant' and make a cloned field in the state struct as
  well for run-time updates.
  
  Also: refuse non-supported HTTP versions. Verified with test 129.
  
  Closes #6585

Viktor Szakats (11 Feb 2021)
- tests: disable .curlrc in more environments
  
  by also setting CURL_HOME and XDG_CONFIG_HOME envvars to the local
  directory.
  
  Reviewed-by: Daniel Stenberg
  Fixes #6595
  Closes #6596

- docs/Makefile.inc: format to be update-friendly
  
  - one source file per line
  - convert tabs to spaces
  - do not align line-continuation backslashes
  - sort source files alphabetically
  
  Reviewed-by: Daniel Stenberg
  Closes #6593

Daniel Stenberg (11 Feb 2021)
- curl: provide libgsasl version and feature info in -V output
  
  Closes #6592

- gsasl: provide CURL_VERSION_GSASL if built-in
  
  To let applications know the feature is available.
  
  Closes #6592

- curl: add --fail-with-body
  
  Prevent both --fail and --fail-with-body on the same command line.
  
  Verify with test 349, 360 and 361.
  
  Closes #6449

- TODO: remove HSTS
  
  Provided now since commit 7385610d0c74

Jay Satiro (10 Feb 2021)
- tests: Fix tests failing due to change in curl --help
  
  Follow-up to parent 3183217 which added add missing <mode> argument to
  --create-file-mode <mode>.
  
  Ref: https://github.com/curl/curl/issues/6590

- tool_help: add missing argument for --create-file-mode
  
  Prior to this change the required argument was not shown in curl --help.
  
  before:
       --create-file-mode File mode for created files
  
  after:
       --create-file-mode <mode> File mode (octal) for created files
  
  Reported-by: ZimCodes@users.noreply.github.com
  
  Fixes https://github.com/curl/curl/issues/6590

- create-file-mode.d: add missing Arg tag
  
  Prior to this change the required argument was not shown.
  
  curl.1 before: --create-file-mode
  curl.1 after: --create-file-mode <mode>
  
  Reported-by: ZimCodes@users.noreply.github.com
  
  Fixes https://github.com/curl/curl/issues/6590

Viktor Szakats (10 Feb 2021)
- gsasl: fix errors/warnings building against libgsasl
  
  - also fix an indentation
  - make Curl_auth_gsasl_token() use CURLcode (by Daniel Stenberg)
  
  Ref: https://github.com/curl/curl/pull/6372#issuecomment-776118711
  Ref: https://github.com/curl/curl/pull/6588
  
  Reviewed-by: Jay Satiro
  Assisted-by: Daniel Stenberg
  Reviewed-by: Simon Josefsson
  Closes #6587

- Makefile.m32: add support for libgsasl dependency
  
  Reviewed-by: Marcel Raad
  Closes #6586

Marcel Raad (10 Feb 2021)
- ngtcp2: clarify calculation precedence
  
  As suggested by Codacy/cppcheck.
  
  Closes https://github.com/curl/curl/pull/6576

- server: remove redundant condition
  
  `end` is always non-null here.
  
  Closes https://github.com/curl/curl/pull/6576

- lib: remove redundant code
  
  Closes https://github.com/curl/curl/pull/6576

- mqttd: remove unused variable
  
  Closes https://github.com/curl/curl/pull/6576

- tool_paramhlp: reduce variable scope
  
  Closes https://github.com/curl/curl/pull/6576

- tests: reduce variable scopes
  
  Closes https://github.com/curl/curl/pull/6576

- lib: reduce variable scopes
  
  Closes https://github.com/curl/curl/pull/6576

- ftp: fix Codacy/cppcheck warning about null pointer arithmetic
  
  Increment `bytes` only if it is non-null.
  
  Closes https://github.com/curl/curl/pull/6576

Daniel Stenberg (9 Feb 2021)
- ngtcp2: adapt to the new recv_datagram callback

- quiche: fix build error: use 'int' for port number
  
  Follow-up to cb2dc1ba8

- ftp: add 'list_only' to the transfer state struct
  
  and rename it from 'ftp_list_only' since it is also used for SSH and
  POP3. The state is updated internally for 'type=D' FTP URLs.
  
  Added test case 1570 to verify.
  
  Closes #6578

- ftp: add 'prefer_ascii' to the transfer state struct
  
  ... and make sure the code never updates 'set.prefer_ascii' as it breaks
  handle reuse which should use the setting as the user specified it.
  
  Added test 1569 to verify: it first makes an FTP transfer with ';type=A'
  and then another without type on the same handle and the second should
  then use binary. Previously, curl failed this.
  
  Closes #6578

- RELEASE-NOTES: synced

- [Jacob Hoffman-Andrews brought this change]

  vtls: initial implementation of rustls backend
  
  This adds a new TLS backend, rustls. It uses the C-to-rustls bindings
  from https://github.com/abetterinternet/crustls.
  
  Rustls is at https://github.com/ctz/rustls/.
  
  There is still a fair bit to be done, like sending CloseNotify on
  connection shutdown, respecting CAPATH, and properly indicating features
  like "supports TLS 1.3 ciphersuites." But it works well enough to make
  requests and receive responses.
  
  Blog post for context:
  https://www.abetterinternet.org/post/memory-safe-curl/
  
  Closes #6350

- [Simon Josefsson brought this change]

  sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
  
  Closes #6372

Jay Satiro (9 Feb 2021)
- lib: use int type for more port variables
  
  This is a follow-up to 764c6bd. Prior to that change port variables
  were usually type long.
  
  Closes https://github.com/curl/curl/pull/6553

- tool_writeout: refactor write-out and write-out json
  
  - Deduplicate the logic used by write-out and write-out json.
  
  Rather than have separate writeLong, writeString, etc, logic for
  each of write-out and write-out json instead have respective shared
  functions that can output either format and a 'use_json' parameter to
  indicate whether it is json that is output.
  
  This will make it easier to maintain. Rather than have to go through
  two sets of logic now we only have to go through one.
  
  - Support write-out %{errormsg} and %{exitcode} in json.
  
  - Clarify in the doc that %{exitcode} is the exit code of the transfer.
  
  Prior to this change it just said "The numerical exitcode" which
  implies it's the exit code of the tool, and it's not necessarily that.
  
  Closes https://github.com/curl/curl/pull/6544

- lib: drop USE_SOCKETPAIR in favor of CURL_DISABLE_SOCKETPAIR
  
  .. since the former is undocumented and they both do the same thing.
  
  Closes https://github.com/curl/curl/pull/6517

- curl_multibyte: fall back to local code page stat/access on Windows
  
  If libcurl is built with Unicode support for Windows then it is assumed
  the filename string is Unicode in UTF-8 encoding and it is converted to
  UTF-16 to be passed to the wide character version of the respective
  function (eg wstat). However the filename string may actually be in the
  local encoding so, even if it successfully converted to UTF-16, if it
  could not be stat/accessed then try again using the local code page
  version of the function (eg wstat fails try stat).
  
  We already do this with fopen (ie wfopen fails try fopen), so I think it
  makes sense to extend it to stat and access functions.
  
  Closes https://github.com/curl/curl/pull/6514

- [Stephan Szabo brought this change]

  file: Support unicode urls on windows
  
  Closes https://github.com/curl/curl/pull/6501

- [Vincent Torri brought this change]

  cmake: fix import library name for non-MS compiler on Windows
  
  - Use _imp.lib suffix only for Microsoft's compiler (MSVC).
  
  Prior to this change library suffix _imp.lib was used for the import
  library on Windows regardless of compiler.
  
  With this change the other compilers should now use their default
  suffix which should be .dll.a.
  
  This change is motivated by the usage of pkg-config on MSYS2.
  Indeed, when 'pkg-config --libs libcurl' is used, -lcurl is
  passed to ld. The documentation of ld on Windows :
  
  https://sourceware.org/binutils/docs/ld/WIN32.html
  
  lists, in the 'direct linking to a dll' section, the pattern
  of the searched import library, and libcurl_imp.lib is not there.
  
  Closes https://github.com/curl/curl/pull/6225

Daniel Stenberg (9 Feb 2021)
- urldata: move 'followlocation' to UrlState
  
  As this is a state variable it does not belong in UserDefined which is
  used to store values set by the user.
  
  Closes #6582

- [Ikko Ashimine brought this change]

  http_proxy: fix typo in http_proxy.c
  
  settting -> setting
  
  Closes #6583

- [Fabian Keil brought this change]

  tests/server: Bump MAX_TAG_LEN to 200
  
  This is useful for tests containing HTML inside of <data> sections.
  For <img> tags it's not uncommon to be longer than the previous
  limit of 79 bytes.
  
  An example of a previously problem-causing tag is:
  <img src="http://config.privoxy.org/send-banner?type=auto" border="0" title="Killed-http://www.privoxy.org/images/privoxy.png-by-size" width="88" height="31">
  which is needed for a Privoxy test for the banners-by-size filter.
  
  Previously it caused server failures like:
  12:29:05.786961 ====> Client connect
  12:29:05.787116 accept_connection 3 returned 4
  12:29:05.787194 accept_connection 3 returned 0
  12:29:05.787285 Read 119 bytes
  12:29:05.787345 Process 119 bytes request
  12:29:05.787407 Got request: GET /banners-by-size/9 HTTP/1.1
  12:29:05.787464 Requested test number 9 part 0
  12:29:05.787686 getpart() failed with error: -2
  12:29:05.787744 - request found to be complete (9)
  12:29:05.787912 getpart() failed with error: -2
  12:29:05.788048 Wrote request (119 bytes) input to log/server.input
  12:29:05.788157 Send response test9 section <data>
  12:29:05.788443 getpart() failed with error: -2
  12:29:05.788498 instructed to close connection after server-reply
  12:29:05.788550 ====> Client disconnect 0
  12:29:05.871448 exit_signal_handler: 15
  12:29:05.871714 signalled to die
  12:29:05.872040 ========> IPv4 sws (port 21108 pid: 51758) exits with signal (15)

- [Fabian Keil brought this change]

  tests/badsymbols.pl: when opening '$incdir' fails include it in the error message

- [Fabian Keil brought this change]

  runtests.1: document -o, -P, -L, and -E

- [Fabian Keil brought this change]

  runtests.pl: add %TESTNUMBER variable to make copying tests more convenient

- [Fabian Keil brought this change]

  runtests.pl: add an -o option to change internal variables
  
  runtests.pl has lots of internal variables one might want to
  change in certain situations, but adding a dedicated option
  for every single one of them isn't practical.
  
  Usage:
  ./runtests.pl -o TESTDIR=$privoxy_curl_test_dir -o HOSTIP=10.0.0.1 ...

- [Fabian Keil brought this change]

  runtests.pl: cleanups
  
  - show the summarized test result in the last line of the report
  - do not use $_ after mapping it to a named variable
    Doing that makes the code harder to follow.
  - log the restraints sorted by the number of their occurrences
  - fix language when logging restraints that only occured once
  - let runhttpserver() use $TESTDIR instead of $srcdir
    ... so it works if a non-default $TESTDIR is being used.

- [Fabian Keil brought this change]

  runtests.pl: add an -E option to specify an exclude file
  
  It can contain additional restraints for test numbers,
  keywords and tools.
  
  The idea is to let third parties like the Privoxy project
  distribute an exclude file with their tarballs that specifies
  which curl tests are not expected to work when using Privoxy
  as a proxy, without having to fork the whole curl test suite.
  
  The syntax could be changed to be extendable and maybe
  more closely reflect the "curl test" syntax. Currently
  it's a bunch of lines like these:
  
  test:$TESTNUMBER:Reason why this test with number $TESTNUMBER should be skipped
  keyword:$KEYWORD:Reason why tests whose keywords contain the $KEYWORD should be skipped
  tool:$TOOL:Reason why tests with tools that contain $TOOL should be skipped
  
  To specify multiple $TESTNUMBERs, $KEYWORDs and $TOOLs
  on a single line, split them with commas.

- [Fabian Keil brought this change]

  runtests.pl: add -L parameter to require additional perl libraries
  
  This is useful to change the behaviour of the script without
  having to modify the file itself, for example to use a custom
  compareparts() function that ignores header differences that
  are expected to occur when an external proxy is being used.
  
  Such differences are proxy-specific and thus the modifications
  should be maintained together with the proxy.

- [Fabian Keil brought this change]

  runtests.pl: add a -P option to specify an external proxy
  
  ... that should be used when executing the tests.
  
  The assumption is that the proxy is an HTTP proxy.
  
  This option should be used together with -L to provide
  a customized compareparts() version that knows which
  proxy-specific header differences should be ignored.
  
  This option doesn't work for all test types yet.

- [Fabian Keil brought this change]

  tests: fixup several tests
  
  missing CRs and modified %hostip
  
  lib556/test556: use a real HTTP version to make test reuse more convenient
  
  make sure the weekday in Date headers matches the date
  
  test61: replace stray "^M" (5e 4d) at the end of a cookie with a '^M' (0d)
  
  Gets the test working with external proxies like Privoxy again.
  
  Closes #6463

- ftp: never set data->set.ftp_append outside setopt
  
  Since the set value then risks getting used like that when the easy
  handle is reused by the application.
  
  Also: renamed the struct field from 'ftp_append' to 'remote_append'
  since it is also used for SSH protocols.
  
  Closes #6579

- urldata: remove the 'rtspversion' field
  
  from struct connectdata and the corresponding code in http.c that set
  it. It was never used for anything!
  
  Closes #6581

- CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent
  
  ... so passed in commands may confuse libcurl's knowledge of state.
  
  Reported-by: Bodo Bergmann
  Fixes #6577
  Closes #6580

- [Jacob Hoffman-Andrews brought this change]

  vtls: factor out Curl_ssl_getsock to field of Curl_ssl
  
  Closes #6558

- RELEASE-PROCEDURE: remove old release dates, add new

- docs/SSL-PROBLEMS: enhanced
  
  Elaborate on the intermediate cert issue, and mention that anything
  below TLS 1.2 is generally considered insecure these days.
  
  Closes #6572

- THANKS: remove a Jon Rumsey dupe

Daniel Gustafsson (5 Feb 2021)
- [nimaje brought this change]

  docs: fix FILE example url in --metalink documentation
  
  In a url after <scheme>:// follows the possibly empty authority part
  till the next /, so that url missed a /.
  
  Closes #6573
  Reviewed-by: Daniel Stenberg <daniel@haxx.se>
  Reviewed-by: Daniel Gustafsson <daniel@yesql.se>

Daniel Stenberg (5 Feb 2021)
- hostip: fix build with sync resolver
  
  Reported-by: David Goerger
  Follow-up from 8335c6417
  Fixes #6566
  Closes #6568

- mailmap: Jon Rumsey

- [Jon Rumsey brought this change]

  gskit: correct the gskit_send() prototype
  
  gskit_send() first paramater is a pointer to Curl_easy not connectdata
  struct.
  
  Closes #6570
  Fixes #6569

- urldata: fix build without HTTP and MQTT
  
  Reported-by: Joseph Chen
  Fixes #6562
  Closes #6563

- ftp: avoid SIZE when asking for a TYPE A file
  
  ... as we ignore it anyway because servers don't report the correct size
  and proftpd even blatantly returns a 550.
  
  Updates a set of tests accordingly.
  
  Reported-by: awesomenode on github
  Fixes #6564
  Closes #6565

- pingpong: rename the curl_pp_transfer enum to use PP prefix
  
  Using an FTP prefix for PP provided functionality was misleading.

- RELEASE-NOTES: synced
  
  ... and bump pending version to 7.75.1 (for now)

Jay Satiro (4 Feb 2021)
- build: fix --disable-http-auth
  
  Broken since 215db08 (precedes 7.75.0).
  
  Reported-by: Benbuck Nason
  
  Fixes https://github.com/curl/curl/issues/6567

- build: fix --disable-dateparse
  
  Broken since 215db08 (precedes 7.75.0).
  
  Bug: https://curl.se/mail/lib-2021-02/0008.html
  Reported-by: Firefox OS

Daniel Stenberg (4 Feb 2021)
- [Jon Rumsey brought this change]

  OS400: update for CURLOPT_AWS_SIGV4
  
  chkstrings fails because a new string option that could require codepage
  conversion has been added.
  
  Closes #6561
  Fixes #6560

- BUG-BOUNTY: removed the cooperation mention

Version 7.75.0 (3 Feb 2021)

Daniel Stenberg (3 Feb 2021)
- RELEASE-NOTES: synced

- THANKS: added contributors from 7.75.0

  
  Closes https://github.com/curl/curl/pull/5689

Daniel Stenberg (16 Jul 2020)
- ngtcp2: adjust to recent sockaddr updates
  
  Closes #5690

#***************************************************************************
#                                  _   _ ____  _
#  Project                     ___| | | |  _ \| |
#                             / __| | | | |_) | |
#                            | (__| |_| |  _ <| |___
#                             \___|\___/|_| \_\_____|
#
# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms
# are also available at https://curl.se/docs/copyright.html.
#
# You may opt to use, copy, modify, merge, publish, distribute and/or sell
# copies of the Software, and permit persons to whom the Software is

    set(HAVE_STRICMP 1)
    set(HAVE_STRCMPI 1)
    set(HAVE_GETHOSTBYADDR 1)
    set(HAVE_GETTIMEOFDAY 0)
    set(HAVE_INET_ADDR 1)
    set(HAVE_INET_NTOA 1)
    set(HAVE_INET_NTOA_R 0)


    set(HAVE_PERROR 1)
    set(HAVE_CLOSESOCKET 1)
    set(HAVE_SETVBUF 0)
    set(HAVE_SIGSETJMP 0)
    set(HAVE_GETPASS_R 0)
    set(HAVE_STRLCAT 0)
    set(HAVE_GETPWUID 0)

endif()

check_function_exists(gethostname HAVE_GETHOSTNAME)

if(WIN32)
  check_library_exists_concat("ws2_32" getch        HAVE_LIBWS2_32)
  check_library_exists_concat("winmm"  getch        HAVE_LIBWINMM)

endif()

# check SSL libraries
# TODO support GnuTLS
if(CMAKE_USE_WINSSL)
  message(FATAL_ERROR "The cmake option CMAKE_USE_WINSSL was renamed to CMAKE_USE_SCHANNEL.")
endif()

  set(CURL_WITH_MULTI_SSL ON)
endif()

if(CMAKE_USE_SCHANNEL)
  set(SSL_ENABLED ON)
  set(USE_SCHANNEL ON) # Windows native SSL/TLS support
  set(USE_WINDOWS_SSPI ON) # CMAKE_USE_SCHANNEL implies CURL_WINDOWS_SSPI

endif()
if(CURL_WINDOWS_SSPI)
  set(USE_WINDOWS_SSPI ON)
  set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DSECURITY_WIN32")
endif()

if(CMAKE_USE_DARWINSSL)

  cmake_push_check_state()
  set(CMAKE_REQUIRED_INCLUDES   "${QUICHE_INCLUDE_DIRS}")
  set(CMAKE_REQUIRED_LIBRARIES  "${QUICHE_LIBRARIES}")
  check_symbol_exists(quiche_conn_set_qlog_fd "quiche.h" HAVE_QUICHE_CONN_SET_QLOG_FD)
  cmake_pop_check_state()
endif()





if(NOT CURL_DISABLE_LDAP)
  if(WIN32)
    option(USE_WIN32_LDAP "Use Windows LDAP implementation" ON)
    if(USE_WIN32_LDAP)
      check_library_exists_concat("wldap32" cldap_open HAVE_WLDAP32)
      if(NOT HAVE_WLDAP32)
        set(USE_WIN32_LDAP OFF)

# Check for idn
option(USE_LIBIDN2 "Use libidn2 for IDN support" ON)
set(HAVE_LIBIDN2 OFF)
if(USE_LIBIDN2)
  check_library_exists_concat("idn2" idn2_lookup_ul HAVE_LIBIDN2)
endif()

if(WIN32)
  option(USE_WIN32_IDN "Use WinIDN for IDN support" OFF)
  if(USE_WIN32_IDN)
    list(APPEND CURL_LIBS "Normaliz")
    set(WANT_IDN_PROTOTYPES ON)
  endif()
endif()

# Check for symbol dlopen (same as HAVE_LIBDL)
check_library_exists("${CURL_LIBS}" dlopen "" HAVE_DLOPEN)

set(HAVE_LIBZ OFF)
set(HAVE_ZLIB_H OFF)
set(USE_ZLIB OFF)

# Check for header files
if(NOT UNIX)
  check_include_file_concat("windows.h"      HAVE_WINDOWS_H)
  check_include_file_concat("winsock.h"      HAVE_WINSOCK_H)
  check_include_file_concat("ws2tcpip.h"     HAVE_WS2TCPIP_H)
  check_include_file_concat("winsock2.h"     HAVE_WINSOCK2_H)
  check_include_file_concat("wincrypt.h"     HAVE_WINCRYPT_H)


endif()

check_include_file_concat("stdio.h"          HAVE_STDIO_H)
check_include_file_concat("inttypes.h"       HAVE_INTTYPES_H)
check_include_file_concat("sys/filio.h"      HAVE_SYS_FILIO_H)
check_include_file_concat("sys/ioctl.h"      HAVE_SYS_IOCTL_H)
check_include_file_concat("sys/param.h"      HAVE_SYS_PARAM_H)

endif()
check_symbol_exists(gethostbyaddr "${CURL_INCLUDES}" HAVE_GETHOSTBYADDR)
check_symbol_exists(gethostbyaddr_r "${CURL_INCLUDES}" HAVE_GETHOSTBYADDR_R)
check_symbol_exists(gettimeofday  "${CURL_INCLUDES}" HAVE_GETTIMEOFDAY)
check_symbol_exists(inet_addr     "${CURL_INCLUDES}" HAVE_INET_ADDR)
check_symbol_exists(inet_ntoa     "${CURL_INCLUDES}" HAVE_INET_NTOA)
check_symbol_exists(inet_ntoa_r   "${CURL_INCLUDES}" HAVE_INET_NTOA_R)


check_symbol_exists(perror        "${CURL_INCLUDES}" HAVE_PERROR)
check_symbol_exists(closesocket   "${CURL_INCLUDES}" HAVE_CLOSESOCKET)
check_symbol_exists(setvbuf       "${CURL_INCLUDES}" HAVE_SETVBUF)
check_symbol_exists(sigsetjmp     "${CURL_INCLUDES}" HAVE_SIGSETJMP)
check_symbol_exists(getpass_r     "${CURL_INCLUDES}" HAVE_GETPASS_R)
check_symbol_exists(strlcat       "${CURL_INCLUDES}" HAVE_STRLCAT)
check_symbol_exists(getpwuid      "${CURL_INCLUDES}" HAVE_GETPWUID)

# For Windows, all compilers used by CMake should support large files
if(WIN32)
  set(USE_WIN32_LARGE_FILES ON)

  # Use the manifest embedded in the Windows Resource
  set(CMAKE_RC_FLAGS "${CMAKE_RC_FLAGS} -DCURL_EMBED_MANIFEST")

  # Check if crypto functions in wincrypt.h are actually available
  if(HAVE_WINCRYPT_H)
    check_symbol_exists(CryptAcquireContext "${CURL_INCLUDES}" USE_WINCRYPT)
  endif()
  if(USE_WINCRYPT)
    set(USE_WIN32_CRYPTO ON)
  endif()

  # Link required libraries for USE_WIN32_CRYPTO or USE_SCHANNEL
  if(USE_WIN32_CRYPTO OR USE_SCHANNEL)
    list(APPEND CURL_LIBS "advapi32" "crypt32")
  endif()
endif()

if(MSVC)
  # Disable default manifest added by CMake
  set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /MANIFEST:NO")

  add_definitions(-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE)

cmake_dependent_option(BUILD_TESTING "Build tests"
  ON "PERL_FOUND;NOT CURL_DISABLE_TESTS"
  OFF)
if(BUILD_TESTING)
  add_subdirectory(tests)
endif()









# Helper to populate a list (_items) with a label when conditions (the remaining
# args) are satisfied
macro(_add_if label)
  # needs to be a macro to allow this indirection
  if(${ARGN})
    set(_items ${_items} "${label}")
  endif()
endmacro()

# NTLM support requires crypto function adaptions from various SSL libs
# TODO alternative SSL libs tests for SSP1, GNUTLS, NSS
if(NOT CURL_DISABLE_CRYPTO_AUTH AND (USE_OPENSSL OR USE_MBEDTLS OR
                                     USE_DARWINSSL OR USE_WIN32_CRYPTO))
  set(use_curl_ntlm_core ON)
endif()

# Clear list and try to detect available features
set(_items)
_add_if("SSL"           SSL_ENABLED)
_add_if("IPv6"          ENABLE_IPV6)
_add_if("unixsockets"   USE_UNIX_SOCKETS)
_add_if("libz"          HAVE_LIBZ)
_add_if("brotli"        HAVE_BROTLI)
_add_if("zstd"          HAVE_ZSTD)
_add_if("AsynchDNS"     USE_ARES OR USE_THREADS_POSIX OR USE_THREADS_WIN32)
_add_if("IDN"           HAVE_LIBIDN2 OR USE_WIN32_IDN)
_add_if("Largefile"     (SIZEOF_CURL_OFF_T GREATER 4) AND
                        ((SIZEOF_OFF_T GREATER 4) OR USE_WIN32_LARGE_FILES))
# TODO SSP1 (Schannel) check is missing
_add_if("SSPI"          USE_WINDOWS_SSPI)
_add_if("GSS-API"       HAVE_GSSAPI)
_add_if("alt-svc"       NOT CURL_DISABLE_ALTSVC)
# TODO SSP1 missing for SPNEGO
_add_if("SPNEGO"        NOT CURL_DISABLE_CRYPTO_AUTH AND
                        (HAVE_GSSAPI OR USE_WINDOWS_SSPI))
_add_if("Kerberos"      NOT CURL_DISABLE_CRYPTO_AUTH AND
                        (HAVE_GSSAPI OR USE_WINDOWS_SSPI))
# NTLM support requires crypto function adaptions from various SSL libs
# TODO alternative SSL libs tests for SSP1, GNUTLS, NSS
_add_if("NTLM"          NOT CURL_DISABLE_CRYPTO_AUTH AND
                        (use_curl_ntlm_core OR USE_WINDOWS_SSPI))
# TODO missing option (autoconf: --enable-ntlm-wb)
_add_if("NTLM_WB"       NOT CURL_DISABLE_CRYPTO_AUTH AND
                        (use_curl_ntlm_core OR USE_WINDOWS_SSPI) AND
                        NOT CURL_DISABLE_HTTP AND NTLM_WB_ENABLED)
# TODO missing option (--enable-tls-srp), depends on GNUTLS_SRP/OPENSSL_SRP
_add_if("TLS-SRP"       USE_TLS_SRP)
# TODO option --with-nghttp2 tests for nghttp2 lib and nghttp2/nghttp2.h header
_add_if("HTTP2"         USE_NGHTTP2)
_add_if("HTTP3"         USE_NGTCP2 OR USE_QUICHE)
_add_if("MultiSSL"      CURL_WITH_MULTI_SSL)
_add_if("HTTPS-proxy"   SSL_ENABLED AND (USE_OPENSSL OR USE_GNUTLS OR USE_NSS))

_add_if("TFTP"          NOT CURL_DISABLE_TFTP)
_add_if("GOPHER"        NOT CURL_DISABLE_GOPHER)
_add_if("GOPHERS"       NOT CURL_DISABLE_GOPHER AND SSL_ENABLED)
_add_if("POP3"          NOT CURL_DISABLE_POP3)
_add_if("POP3S"         NOT CURL_DISABLE_POP3 AND SSL_ENABLED)
_add_if("IMAP"          NOT CURL_DISABLE_IMAP)
_add_if("IMAPS"         NOT CURL_DISABLE_IMAP AND SSL_ENABLED)
_add_if("SMB"           NOT CURL_DISABLE_SMB AND
                        use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4))
_add_if("SMBS"          NOT CURL_DISABLE_SMB AND SSL_ENABLED AND
                        use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4))
_add_if("SMTP"          NOT CURL_DISABLE_SMTP)
_add_if("SMTPS"         NOT CURL_DISABLE_SMTP AND SSL_ENABLED)
_add_if("SCP"           USE_LIBSSH2 OR USE_LIBSSH)
_add_if("SFTP"          USE_LIBSSH2 OR USE_LIBSSH)
_add_if("RTSP"          NOT CURL_DISABLE_RTSP)
_add_if("RTMP"          USE_LIBRTMP)
_add_if("MQTT"          NOT CURL_DISABLE_MQTT)
if(_items)
  list(SORT _items)
endif()
string(REPLACE ";" " " SUPPORT_PROTOCOLS "${_items}")
message(STATUS "Enabled protocols: ${SUPPORT_PROTOCOLS}")

# Clear list and collect SSL backends
set(_items)
_add_if("Schannel"         SSL_ENABLED AND USE_SCHANNEL)
_add_if("OpenSSL"          SSL_ENABLED AND USE_OPENSSL)
_add_if("Secure Transport" SSL_ENABLED AND USE_SECTRANSP)
_add_if("mbedTLS"          SSL_ENABLED AND USE_MBEDTLS)
_add_if("BearSSL"          SSL_ENABLED AND USE_BEARSSL)
_add_if("NSS"              SSL_ENABLED AND USE_NSS)
_add_if("wolfSSL"          SSL_ENABLED AND USE_WOLFSSL)
if(_items)

SSL_LIBS = @SSL_LIBS@
STRIP = @STRIP@
SUPPORT_FEATURES = @SUPPORT_FEATURES@
SUPPORT_PROTOCOLS = @SUPPORT_PROTOCOLS@
USE_ARES = @USE_ARES@
USE_BEARSSL = @USE_BEARSSL@
USE_GNUTLS = @USE_GNUTLS@

USE_HYPER = @USE_HYPER@
USE_LIBRTMP = @USE_LIBRTMP@
USE_LIBSSH = @USE_LIBSSH@
USE_LIBSSH2 = @USE_LIBSSH2@
USE_MBEDTLS = @USE_MBEDTLS@
USE_MESALINK = @USE_MESALINK@
USE_NGHTTP2 = @USE_NGHTTP2@
USE_NGHTTP3 = @USE_NGHTTP3@
USE_NGTCP2 = @USE_NGTCP2@
USE_NGTCP2_CRYPTO_GNUTLS = @USE_NGTCP2_CRYPTO_GNUTLS@
USE_NGTCP2_CRYPTO_OPENSSL = @USE_NGTCP2_CRYPTO_OPENSSL@
USE_NSS = @USE_NSS@
USE_OPENLDAP = @USE_OPENLDAP@
USE_QUICHE = @USE_QUICHE@
USE_RUSTLS = @USE_RUSTLS@
USE_SCHANNEL = @USE_SCHANNEL@
USE_SECTRANSP = @USE_SECTRANSP@
USE_UNIX_SOCKETS = @USE_UNIX_SOCKETS@
USE_WIN32_CRYPTO = @USE_WIN32_CRYPTO@
USE_WIN32_LARGE_FILES = @USE_WIN32_LARGE_FILES@
USE_WIN32_SMALL_FILES = @USE_WIN32_SMALL_FILES@
USE_WINDOWS_SSPI = @USE_WINDOWS_SSPI@
USE_WOLFSSH = @USE_WOLFSSH@
USE_WOLFSSL = @USE_WOLFSSL@
VERSION = @VERSION@
VERSIONNUM = @VERSIONNUM@
ZLIB_LIBS = @ZLIB_LIBS@
ZSH_FUNCTIONS_DIR = @ZSH_FUNCTIONS_DIR@

pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libcurl.pc
LIB_VAUTH_CFILES = \
  vauth/cleartext.c     \
  vauth/cram.c          \
  vauth/digest.c        \
  vauth/digest_sspi.c   \
  vauth/gsasl.c         \
  vauth/krb5_gssapi.c   \
  vauth/krb5_sspi.c     \
  vauth/ntlm.c          \
  vauth/ntlm_sspi.c     \
  vauth/oauth2.c        \
  vauth/spnego_gssapi.c \
  vauth/spnego_sspi.c   \

  vtls/gtls.c               \
  vtls/keylog.c             \
  vtls/mbedtls.c            \
  vtls/mbedtls_threadlock.c \
  vtls/mesalink.c           \
  vtls/nss.c                \
  vtls/openssl.c            \
  vtls/rustls.c             \
  vtls/schannel.c           \
  vtls/schannel_verify.c    \
  vtls/sectransp.c          \
  vtls/vtls.c               \
  vtls/wolfssl.c

LIB_VTLS_HFILES = \
  vtls/bearssl.h            \
  vtls/gskit.h              \
  vtls/gtls.h               \
  vtls/keylog.h             \
  vtls/mbedtls.h            \
  vtls/mbedtls_threadlock.h \
  vtls/mesalink.h           \
  vtls/nssg.h               \
  vtls/openssl.h            \
  vtls/rustls.h             \
  vtls/schannel.h           \
  vtls/sectransp.h          \
  vtls/vtls.h               \
  vtls/wolfssl.h

LIB_VQUIC_CFILES = \
  vquic/ngtcp2.c   \

curl and libcurl 7.76.0

 Public curl releases:         198
 Command line options:         240
 curl_easy_setopt() options:   288
 Public functions in libcurl:  85
 Contributors:                 2356

This release includes the following changes:

 o cookies: Support multiple -b parameters [69]
 o curl: add --fail-with-body [17]
 o doh: add options to disable ssl verification [5]


 o http: add support to read and store the referrer header [30]
 o sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl [4]
 o vtls: initial implementation of rustls backend [3]

This release includes the following bugfixes:

 o CVE-2021-22876: strip credentials from the auto-referer header field [88]
 o CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid() [55]

 o asyn-ares: use consistent resolve error message [37]
 o BUG-BOUNTY: removed the cooperation mention
 o build: delete unused feature guards [51]
 o build: fix --disable-dateparse [1]
 o build: fix --disable-http-auth
 o build: remove all traces of USE_BLOCKING_SOCKETS [70]
 o c-hyper: Remove superfluous pointer check [56]
 o c-hyper: support automatic content-encoding [74]
 o CI/azure: disable test 433 on azure-ubuntu [105]
 o CI/azure: replace python-impacket with python3-impacket [61]
 o ci: stop building on freebsd-12-1 [38]
 o cmake: fix import library name for non-MS compiler on Windows [10]
 o cmake: use CMAKE_INSTALL_INCLUDEDIR indirection [49]
 o cmake: support WinIDN [100]

 o config: fix building SMB with configure using Win32 Crypto [91]
 o config: fix detection of restricted Windows App environment
 o configure: fail if --with-quiche is used and quiche isn't found [48]
 o configure: make AC_TRY_* into AC_*_IFELSE
 o configure: make hyper opt-in, and fail if missing [53]
 o configure: only add OpenSSL paths if they are defined [68]
 o configure: provide Largefile feature for curl-config [79]
 o configure: remove use of deprecated macros



 o configure: s/AC_HELP_STRING/AS_HELP_STRING [110]
 o cookies: Fix potential NULL pointer deref with PSL [66]
 o curl: set CURLOPT_NEW_FILE_PERMS if requested [65]
 o curl_easy_setopt.3: add curl_easy_option* functions to SEE ALSO

 o curl_multibyte: always return a heap-allocated copy of string [29]
 o curl_multibyte: fall back to local code page stat/access on Windows [8]
 o Curl_timeleft: check both timeouts during connect [109]
 o curl_url_set.3: mention CURLU_PATH_AS_IS [13]
 o CURLOPT_QUOTE.3: clarify that libcurl doesn't parse what's sent [16]
 o docs/HTTP2: remove the outdated remark about multiplexing for the tool
 o docs/Makefile.inc: format to be update-friendly [11]
 o docs: add CURLOPT_CURLU to 'See also' in curl_url_ functions [52]
 o docs: add missing Arg tag to --stderr [58]
 o docs: Add SSL backend names to CURL_SSL_BACKEND [106]
 o docs: clarify timeouts for queued transfers in multi API [101]
 o docs: Explain DOH transfers inherit some SSL settings [107]
 o docs: fix FILE example url in --metalink documentation [19]
 o docs: make gen.pl support *italic* and **bold** [112]
 o doh: Fix sharing user's resolve list with DOH handles [46]
 o doh: Inherit CURLOPT_STDERR from user's easy handle [60]
 o dynbuf: bump the max HTTP request to 1MB [39]
 o examples: Remove threaded-shared-conn.c due to bug [119]

 o file: Support unicode urls on windows [9]


 o ftp: add 'list_only' to the transfer state struct [35]
 o ftp: add 'prefer_ascii' to the transfer state struct [36]
 o FTP: allow SIZE to fail when doing (resumed) upload [78]
 o ftp: avoid SIZE when asking for a TYPE A file [23]
 o ftp: fix Codacy/cppcheck warning about null pointer arithmetic [34]
 o ftp: fix memory leak in ftp_done [96]
 o ftp: never set data->set.ftp_append outside setopt [14]
 o gen.pl: quote "bare" minuses in the nroff curl.1 [92]
 o github: add torture-ftp for FTP-only torture testing [94]
 o gnutls: assume nettle crypto support [33]
 o gskit: correct the gskit_send() prototype [21]

 o hostip: fix build with sync resolver [20]
 o hostip: fix crash in sync resolver builds that use DOH [12]

 o hsts: remove unused defines [93]
 o http2: don't set KEEP_SEND when there's no more data to be sent [90]
 o http2: fail if connection terminated without END_STREAM [97]
 o http: cap body data amount during send speed limiting [116]
 o http: do not add a referrer header with empty value [44]
 o http: make 416 not fail with resume + CURLOPT_FAILONERRROR [108]
 o http: remove superfluous NULL assign [75]
 o http: strip default port from URL sent to proxy [104]
 o http: use credentials from transfer, not connection [25]
 o ldap: use correct memory free function [63]
 o lib1536: check ptr against NULL before dereferencing it [83]
 o lib1537: check ptr against NULL before dereferencing it [84]
 o lib: remove 'conn->data' completely [45]
 o libssh2: kdb_callback: get the right struct pointer [99]
 o libssh2:ssh_connect: clear session pointer after free [98]



 o memdebug: close debug logfile explicitly on exit [28]
 o mingw: enable using strcasecmp() [50]



 o multi: close the connection when h2=>h1 downgrading [122]
 o multi: do once-per-transfer inits in before_perform in DID state [54]
 o multi: rename the multi transfer states [43]
 o multi: update pending list when removing handle [82]
 o ngtcp2: adapt to the new recv_datagram callback
 o ngtcp2: clarify calculation precedence [27]
 o ngtcp2: Fix build error due to change in ngtcp2_addr_init [81]
 o ngtcp2: sync with recent API updates [113]

 o openldap: avoid NULL pointer dereferences [102]
 o openssl: adapt to v3's new const for a few API calls [86]
 o openssl: ensure to check SSL_CTX_set_alpn_protos return values [121]
 o openssl: remove get_ssl_version_txt in favor of SSL_get_version [67]
 o openssl: set the transfer pointer for logging early [123]
 o OS400: update for CURLOPT_AWS_SIGV4 [2]

 o parse_proxy: fix a memory leak in the OOM path [41]
 o pathhelp.pm: fix use of pwd -L in Msys environment
 o projects: Update VS projects for OpenSSL 1.1.x [59]
 o quiche: fix build error: use 'int' for port number
 o quiche: fix crash when failing to connect [87]





 o retry-all-errors.d: Explain curl errors versus HTTP response errors [72]
 o retry.d: Clarify transient 5xx HTTP response codes [71]
 o runtests.pl: add %TESTNUMBER variable to make copying tests more convenient
 o runtests.pl: add a -P option to specify an external proxy
 o runtests.pl: kill processes locking test log files [62]
 o setopt: error on CURLOPT_HTTP09_ALLOWED set true with Hyper [77]
 o test1188: change error to check for: --fail HTTP status [26]
 o test220/314: adjust to run with Hyper
 o test304: header CRLF cleanup to work with Hyper
 o test306: make it not run with Hyper
 o tests: disable .curlrc in more environments [7]
 o tests: use %TESTNUMBER instead of fixed number [103]
 o tftp: remove the 3600 second default timeout [111]
 o time: enable 64-bit time_t in supported mingw environments [24]
 o tool_help: add missing argument for --create-file-mode [18]
 o tool_help: Increase space between option and description [64]
 o tool_operate: bail if set CURLOPT_HTTP09_ALLOWED returns error [76]

 o travis: add a rustls build [89]
 o travis: bump wolfssl to 4.7.0
 o travis: only build wolfssl when needed [85]
 o travis: split "torture" into a separate "events" build [95]
 o travis: switch ngtcp2 build over to quictls [73]
 o travis: use ubuntu nghttp2 package instead of build our own [80]
 o url.c: use consistent error message for failed resolve
 o url: fix memory leak if OOM in the HSTS handling [32]
 o url: fix possible use-after-free in default protocol [42]
 o urldata: don't touch data->set.httpversion at run-time [6]
 o urldata: fix build without HTTP and MQTT [22]
 o urldata: make 'actions[]' use unsigned char instead of int [47]
 o urldata: merge "struct DynamicStatic" into "struct UrlState" [117]
 o urldata: remove the 'rtspversion' field [15]
 o urldata: remove the _ORIG suffix from string names [31]
 o version.d: Add missing features to the features list [57]


 o wolfssl: don't store a NULL sessionid [40]


This release includes the following known bugs:

 o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html)

This release would not have looked like this without help, code, reports and
advice from friends like these:

  Ádler Jonas Gross, Alejandro Colomar, Alex Xu, Amaury Denoyelle, Andrei Bica,
  Anthony Ramine, arvids-kokins-bidstack on github, awesomenode on github,
  Benbuck Nason, Bodo Bergmann, Carl Zogheib, Christian Schmitz, Dan Fandrich,
  Daniel Gustafsson, Daniel Stenberg, David Demelier, David Goerger, David Hu,
  ebejan on github, Emil Engler, Fabian Keil, Firefox OS, Gisle Vanem,


  Gregor Jasny, Ikko Ashimine, Jack Boos Yu, Jacob Hoffman-Andrews,
  Jean-Philippe Menil, Joel Teichroeb, Johannes Lesr, Jonathan Watt,
  Jon Rumsey, Jordan Brown, Joseph Chen, Jun-ya Kato, kokke on github,
  Lawrence Gripper, Li Xinwei, Manuj Bhatia, Marcel Raad, Marc Hörsken,
  Michael Brown, Michael Hordijk, Mingtao Yang, Oumph on github,
  Patrick Monnerat, Per Jensen, Ray Satiro, Robert Ronto, Sergei Nikulov,

  Simon Josefsson, Stephan Szabo, Tomas Berger, Viktor Szakats, Vincent Torri,
  Vladimir Varlamov, ZimCodes on github, ウさん
  (58 contributors)



References to bug reports and discussions on issues:

 [1] = https://curl.se/mail/lib-2021-02/0008.html
 [2] = https://curl.se/bug/?i=6560
 [3] = https://curl.se/bug/?i=6350
 [4] = https://curl.se/bug/?i=6372
 [5] = https://curl.se/bug/?i=4578
 [6] = https://curl.se/bug/?i=6585
 [7] = https://curl.se/bug/?i=6595
 [8] = https://curl.se/bug/?i=6514
 [9] = https://curl.se/bug/?i=6501
 [10] = https://curl.se/bug/?i=6225
 [11] = https://curl.se/bug/?i=6593
 [12] = https://curl.se/bug/?i=6603
 [13] = https://curl.se/mail/lib-2021-02/0046.html
 [14] = https://curl.se/bug/?i=6579
 [15] = https://curl.se/bug/?i=6581
 [16] = https://curl.se/bug/?i=6577
 [17] = https://curl.se/bug/?i=6449
 [18] = https://curl.se/bug/?i=6590
 [19] = https://curl.se/bug/?i=6573
 [20] = https://curl.se/bug/?i=6566
 [21] = https://curl.se/bug/?i=6569
 [22] = https://curl.se/bug/?i=6562
 [23] = https://curl.se/bug/?i=6564
 [24] = https://curl.se/bug/?i=6636
 [25] = https://curl.se/bug/?i=6542
 [26] = https://curl.se/bug/?i=6637
 [27] = https://curl.se/bug/?i=6576
 [28] = https://github.com/curl/curl/pull/6591#issuecomment-780396541
 [29] = https://curl.se/bug/?i=6602

 [30] = https://curl.se/bug/?i=6591
 [31] = https://curl.se/bug/?i=6624
 [32] = https://github.com/curl/curl/pull/6627#issuecomment-781626205
 [33] = https://curl.se/bug/?i=6625
 [34] = https://curl.se/bug/?i=6576
 [35] = https://curl.se/bug/?i=6578
 [36] = https://curl.se/bug/?i=6578
 [37] = https://curl.se/bug/?i=6626
 [38] = https://curl.se/bug/?i=6622
 [39] = https://curl.se/bug/?i=6681
 [40] = https://curl.se/bug/?i=6616
 [41] = https://github.com/curl/curl/pull/6591#issuecomment-780396541
 [42] = https://github.com/curl/curl/issues/6604#issuecomment-780138219
 [43] = https://curl.se/bug/?i=6612
 [44] = https://curl.se/bug/?i=6610
 [45] = https://curl.se/bug/?i=6608
 [46] = https://curl.se/bug/?i=6589
 [47] = https://curl.se/bug/?i=6648
 [48] = https://curl.se/bug/?i=6652
 [49] = https://curl.se/bug/?i=6440
 [50] = https://curl.se/bug/?i=6644
 [51] = https://curl.se/bug/?i=6645
 [52] = https://curl.se/bug/?i=6639
 [53] = https://curl.se/bug/?i=6598
 [54] = https://curl.se/bug/?i=6640
 [55] = https://curl.se/docs/CVE-2021-22890.html
 [56] = https://curl.se/bug/?i=6697
 [57] = https://curl.se/bug/?i=6677
 [58] = https://curl.se/bug/?i=6692
 [59] = https://curl.se/bug/?i=984





 [60] = https://github.com/curl/curl/issues/6605
 [61] = https://curl.se/bug/?i=6678
 [62] = https://curl.se/bug/?i=6179
 [63] = https://curl.se/bug/?i=6671
 [64] = https://curl.se/bug/?i=6674
 [65] = https://curl.se/bug/?i=6657
 [66] = https://curl.se/bug/?i=6731
 [67] = https://curl.se/bug/?i=6665
 [68] = https://curl.se/bug/?i=6730
 [69] = https://curl.se/bug/?i=6649
 [70] = https://curl.se/bug/?i=6655
 [71] = https://curl.se/bug/?i=6724
 [72] = https://curl.se/bug/?i=6712
 [73] = https://curl.se/bug/?i=6729
 [74] = https://curl.se/bug/?i=6727
 [75] = https://curl.se/bug/?i=6727
 [76] = https://curl.se/bug/?i=6727
 [77] = https://curl.se/bug/?i=6727
 [78] = https://curl.se/bug/?i=6715
 [79] = https://curl.se/bug/?i=6702
 [80] = https://curl.se/bug/?i=6751
 [81] = https://curl.se/bug/?i=6716
 [82] = https://curl.se/bug/?i=6713
 [83] = https://curl.se/bug/?i=6710
 [84] = https://curl.se/bug/?i=6707
 [85] = https://curl.se/bug/?i=6751
 [86] = https://curl.se/bug/?i=6703
 [87] = https://curl.se/bug/?i=6664
 [88] = https://curl.se/docs/CVE-2021-22876.html
 [89] = https://curl.se/bug/?i=6750
 [90] = https://curl.se/bug/?i=6747
 [91] = https://curl.se/bug/?i=6277
 [92] = https://curl.se/bug/?i=6698
 [93] = https://curl.se/bug/?i=6741
 [94] = https://curl.se/bug/?i=6728
 [95] = https://curl.se/bug/?i=6728
 [96] = https://curl.se/bug/?i=6737
 [97] = https://curl.se/bug/?i=6736
 [98] = https://curl.se/bug/?i=6764
 [99] = https://curl.se/bug/?i=6691
 [100] = https://curl.se/bug/?i=6807
 [101] = https://curl.se/bug/?i=6758
 [102] = https://curl.se/bug/?i=6676
 [103] = https://curl.se/bug/?i=6738
 [104] = https://curl.se/bug/?i=6769
 [105] = https://curl.se/bug/?i=6739
 [106] = https://curl.se/bug/?i=6755
 [107] = https://curl.se/bug/?i=6688
 [108] = https://curl.se/bug/?i=6740
 [109] = https://curl.se/bug/?i=6744
 [110] = https://curl.se/bug/?i=6647
 [111] = https://curl.se/bug/?i=6774
 [112] = https://curl.se/bug/?i=6771
 [113] = https://curl.se/bug/?i=6770
 [116] = https://curl.se/mail/lib-2021-03/0042.html
 [117] = https://curl.se/bug/?i=6798
 [119] = https://curl.se/bug/?i=6795
 [121] = https://curl.se/bug/?i=6794
 [122] = https://curl.se/bug/?i=6788
 [123] = https://curl.se/bug/?i=6783

    yes)
      AC_DEFINE_UNQUOTED(HAVE_WS2TCPIP_H, 1,
        [Define to 1 if you have the ws2tcpip.h header file.])
      ;;
  esac
])


dnl CURL_CHECK_HEADER_WINCRYPT
dnl -------------------------------------------------
dnl Check for compilable and valid wincrypt.h header

AC_DEFUN([CURL_CHECK_HEADER_WINCRYPT], [
  AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl
  AC_CACHE_CHECK([for wincrypt.h], [curl_cv_header_wincrypt_h], [
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([[
#undef inline
#ifndef WIN32_LEAN_AND_MEAN
#define WIN32_LEAN_AND_MEAN
#endif
#include <windows.h>
#include <wincrypt.h>
      ]],[[
        int dummy=2*PROV_RSA_FULL;
      ]])
    ],[
      curl_cv_header_wincrypt_h="yes"
    ],[
      curl_cv_header_wincrypt_h="no"
    ])
  ])
  case "$curl_cv_header_wincrypt_h" in
    yes)
      AC_DEFINE_UNQUOTED(HAVE_WINCRYPT_H, 1,
        [Define to 1 if you have the wincrypt.h header file.])
      ;;
  esac
])


dnl CURL_CHECK_HEADER_WINLDAP
dnl -------------------------------------------------
dnl Check for compilable and valid winldap.h header

AC_DEFUN([CURL_CHECK_HEADER_WINLDAP], [
  AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl

dnl CURL_CHECK_STRUCT_TIMEVAL
dnl -------------------------------------------------
dnl Check for timeval struct

AC_DEFUN([CURL_CHECK_STRUCT_TIMEVAL], [

  AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK])dnl
  AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl
  AC_CHECK_HEADERS(sys/types.h sys/time.h time.h sys/socket.h)
  AC_CACHE_CHECK([for struct timeval], [curl_cv_struct_timeval], [
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([[
#undef inline

dnl CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC
dnl -------------------------------------------------
dnl Check if monotonic clock_gettime is available.

AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC], [

  AC_CHECK_HEADERS(sys/types.h sys/time.h time.h)
  AC_MSG_CHECKING([for monotonic clock_gettime])
  #
  if test "x$dontwant_rt" = "xno" ; then
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([[
#ifdef HAVE_SYS_TYPES_H

dnl /etc/ssl/certs/ (ca path) SUSE

AC_DEFUN([CURL_CHECK_CA_BUNDLE], [

  AC_MSG_CHECKING([default CA cert bundle/path])

  AC_ARG_WITH(ca-bundle,
AS_HELP_STRING([--with-ca-bundle=FILE],
[Path to a file containing CA certificates (example: /etc/ca-bundle.crt)])
AS_HELP_STRING([--without-ca-bundle], [Don't use a default CA bundle]),
  [
    want_ca="$withval"
    if test "x$want_ca" = "xyes"; then
      AC_MSG_ERROR([--with-ca-bundle=FILE requires a path to the CA bundle])
    fi
  ],
  [ want_ca="unset" ])
  AC_ARG_WITH(ca-path,
AS_HELP_STRING([--with-ca-path=DIRECTORY],
[Path to a directory containing CA certificates stored individually, with \
their filenames in a hash format. This option can be used with the OpenSSL, \
GnuTLS and mbedTLS backends. Refer to OpenSSL c_rehash for details. \
(example: /etc/certificates)])
AS_HELP_STRING([--without-ca-path], [Don't use a default CA path]),
  [
    want_capath="$withval"
    if test "x$want_capath" = "xyes"; then
      AC_MSG_ERROR([--with-ca-path=DIRECTORY requires a path to the CA path directory])
    fi
  ],
  [ want_capath="unset"])

  fi
  if test "x$ca" = "xno" && test "x$capath" = "xno"; then
    AC_MSG_RESULT([no])
  fi

  AC_MSG_CHECKING([whether to use builtin CA store of SSL library])
  AC_ARG_WITH(ca-fallback,
AS_HELP_STRING([--with-ca-fallback], [Use the built in CA store of the SSL library])
AS_HELP_STRING([--without-ca-fallback], [Don't use the built in CA store of the SSL library]),
  [
    if test "x$with_ca_fallback" != "xyes" -a "x$with_ca_fallback" != "xno"; then
      AC_MSG_ERROR([--with-ca-fallback only allows yes or no as parameter])
    fi
  ],
  [ with_ca_fallback="no"])
  AC_MSG_RESULT([$with_ca_fallback])

    fi
  fi
  case "$curl_win32_file_api" in
    win32_large_files)
      AC_MSG_RESULT([yes (large file enabled)])
      AC_DEFINE_UNQUOTED(USE_WIN32_LARGE_FILES, 1,
        [Define to 1 if you are building a Windows target with large file support.])
      AC_SUBST(USE_WIN32_LARGE_FILES, [1])
      ;;
    win32_small_files)
      AC_MSG_RESULT([yes (large file disabled)])
      AC_DEFINE_UNQUOTED(USE_WIN32_SMALL_FILES, 1,
        [Define to 1 if you are building a Windows target without large file support.])
      AC_SUBST(USE_WIN32_SMALL_FILES, [1])
      ;;
    *)
      AC_MSG_RESULT([no])
      ;;
  esac
])

dnl CURL_CHECK_WIN32_CRYPTO
dnl -------------------------------------------------
dnl Check if curl's WIN32 crypto lib can be used

AC_DEFUN([CURL_CHECK_WIN32_CRYPTO], [
  AC_REQUIRE([CURL_CHECK_HEADER_WINCRYPT])dnl
  AC_MSG_CHECKING([whether build target supports WIN32 crypto API])
  curl_win32_crypto_api="no"
  if test "$curl_cv_header_wincrypt_h" = "yes"; then
    AC_COMPILE_IFELSE([
      AC_LANG_PROGRAM([[
#undef inline
#ifndef WIN32_LEAN_AND_MEAN
#define WIN32_LEAN_AND_MEAN
#endif
#include <windows.h>
#include <wincrypt.h>
      ]],[[
        HCRYPTPROV hCryptProv;
        if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL,
                               CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
          CryptReleaseContext(hCryptProv, 0);
        }
      ]])
    ],[
      curl_win32_crypto_api="yes"
    ])
  fi
  case "$curl_win32_crypto_api" in
    yes)
      AC_MSG_RESULT([yes])
      AC_DEFINE_UNQUOTED(USE_WIN32_CRYPTO, 1,
        [Define to 1 if you are building a Windows target with crypto API support.])
      AC_SUBST(USE_WIN32_CRYPTO, [1])
      ;;
    *)
      AC_MSG_RESULT([no])
      ;;
  esac
])

USE_LIBRTMP
USE_WOLFSSH
USE_LIBSSH
USE_LIBSSH2
LIBMETALINK_CPPFLAGS
LIBMETALINK_LDFLAGS
LIBMETALINK_LIBS
USE_GSASL_FALSE
USE_GSASL_TRUE
USE_LIBPSL_FALSE
USE_LIBPSL_TRUE
CURL_CA_BUNDLE
CURL_WITH_MULTI_SSL
SSL_ENABLED
NSS_LIBS
USE_NSS
USE_RUSTLS
USE_BEARSSL
USE_MESALINK
USE_WOLFSSL
USE_MBEDTLS
HAVE_GNUTLS_SRP

USE_GNUTLS
HAVE_OPENSSL_SRP
RANDOM_FILE
SSL_LIBS
USE_SECTRANSP
USE_WINDOWS_SSPI
USE_SCHANNEL

HAVE_LDAP_SSL
CURL_DISABLE_LDAPS
CURL_DISABLE_LDAP
CURL_DISABLE_FILE
CURL_DISABLE_FTP
CURL_DISABLE_RTSP
CURL_DISABLE_HTTP
USE_WIN32_CRYPTO
USE_WIN32_SMALL_FILES
USE_WIN32_LARGE_FILES
DOING_NATIVE_WINDOWS_FALSE
DOING_NATIVE_WINDOWS_TRUE
BUILD_UNITTESTS_FALSE
BUILD_UNITTESTS_TRUE
CURLDEBUG_FALSE
CURLDEBUG_TRUE
CURL_CFLAG_EXTRAS

with_random
enable_openssl_auto_load_config
with_gnutls
with_mbedtls
with_wolfssl
with_mesalink
with_bearssl
with_rustls
with_nss
with_ca_bundle
with_ca_path
with_ca_fallback
with_libpsl
with_libgsasl
with_libmetalink
with_libssh2
with_libssh
with_wolfssh
with_librtmp
enable_versioned_symbols
with_winidn

  --without-wolfssl       disable WolfSSL detection
  --with-mesalink=PATH    where to look for MesaLink, PATH points to the
                          installation root
  --without-mesalink      disable MesaLink detection
  --with-bearssl=PATH     where to look for BearSSL, PATH points to the
                          installation root
  --without-bearssl       disable BearSSL detection
  --with-rustls=PATH      where to look for rustls, PATH points to the
                          installation root
  --without-rustls        disable rustls detection
  --with-nss=PATH         where to look for NSS, PATH points to the
                          installation root
  --without-nss           disable NSS detection
  --with-ca-bundle=FILE   Path to a file containing CA certificates (example:
                          /etc/ca-bundle.crt)
  --without-ca-bundle     Don't use a default CA bundle
  --with-ca-path=DIRECTORY
                          Path to a directory containing CA certificates
                          stored individually, with their filenames in a hash
                          format. This option can be used with the OpenSSL,
                          GnuTLS and mbedTLS backends. Refer to OpenSSL
                          c_rehash for details. (example: /etc/certificates)
  --without-ca-path       Don't use a default CA path
  --with-ca-fallback      Use the built in CA store of the SSL library
  --without-ca-fallback   Don't use the built in CA store of the SSL library
  --without-libpsl        disable support for libpsl cookie checking
  --without-libgsasl      disable libgsasl support for SCRAM
  --with-libmetalink=PATH where to look for libmetalink, PATH points to the
                          installation root
  --without-libmetalink   disable libmetalink detection
  --with-libssh2=PATH     Where to look for libssh2, PATH points to the
                          libssh2 installation; when possible, set the
                          PKG_CONFIG_PATH environment variable instead of
                          using this option

PKGADD_PKG="HAXXcurl"
PKGADD_NAME="curl - a client that groks URLs"
PKGADD_VENDOR="curl.se"




    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,mbedtls,wolfssl,schannel,secure-transport,mesalink,amissl,bearssl,rustls} )"
    curl_ssh_msg="no      (--with-{libssh,libssh2})"
   curl_zlib_msg="no      (--with-zlib)"
 curl_brotli_msg="no      (--with-brotli)"
   curl_zstd_msg="no      (--with-zstd)"
    curl_gss_msg="no      (--with-gssapi)"
  curl_gsasl_msg="no      (--with-gsasl)"
curl_tls_srp_msg="no      (--enable-tls-srp)"
    curl_res_msg="default (--enable-ares / --enable-threaded-resolver)"
   curl_ipv6_msg="no      (--enable-ipv6)"
curl_unix_sockets_msg="no      (--enable-unix-sockets)"
    curl_idn_msg="no      (--with-{libidn2,winidn})"
 curl_manual_msg="no      (--enable-manual)"
curl_libcurl_msg="enabled (--disable-libcurl-option)"
curl_verbose_msg="enabled (--disable-verbose)"
   curl_sspi_msg="no      (--enable-sspi)"
   curl_ldap_msg="no      (--enable-ldap / --with-ldap-lib / --with-lber-lib)"
  curl_ldaps_msg="no      (--enable-ldaps)"
   curl_rtsp_msg="no      (--enable-rtsp)"
   curl_rtmp_msg="no      (--with-librtmp)"
  curl_mtlnk_msg="no      (--with-libmetalink)"
    curl_psl_msg="no      (--with-libpsl)"
 curl_altsvc_msg="enabled";
    ssl_backends=
     curl_h1_msg="enabled (internal)"
     curl_h2_msg="no      (--with-nghttp2, --with-hyper)"
     curl_h3_msg="no      (--with-ngtcp2, --with-quiche)"

enable_altsvc="yes"

INITIAL_LDFLAGS=$LDFLAGS
INITIAL_LIBS=$LIBS

cat >>confdefs.h <<_ACEOF
#define HAVE_WS2TCPIP_H 1
_ACEOF

      ;;
  esac


    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for wincrypt.h" >&5
$as_echo_n "checking for wincrypt.h... " >&6; }
if ${curl_cv_header_wincrypt_h+:} false; then :
  $as_echo_n "(cached) " >&6
else

    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


#undef inline
#ifndef WIN32_LEAN_AND_MEAN
#define WIN32_LEAN_AND_MEAN
#endif
#include <windows.h>
#include <wincrypt.h>

int main (void)
{

        int dummy=2*PROV_RSA_FULL;

 ;
 return 0;
}

_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :

      curl_cv_header_wincrypt_h="yes"

else

      curl_cv_header_wincrypt_h="no"

fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext

fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_wincrypt_h" >&5
$as_echo "$curl_cv_header_wincrypt_h" >&6; }
  case "$curl_cv_header_wincrypt_h" in
    yes)

cat >>confdefs.h <<_ACEOF
#define HAVE_WINCRYPT_H 1
_ACEOF

      ;;
  esac


    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for winldap.h" >&5
$as_echo_n "checking for winldap.h... " >&6; }
if ${curl_cv_header_winldap_h+:} false; then :
  $as_echo_n "(cached) " >&6
else

  esac

    ;;
  *)
    curl_cv_header_winsock_h="no"
    curl_cv_header_winsock2_h="no"
    curl_cv_header_ws2tcpip_h="no"
    curl_cv_header_wincrypt_h="no"
    curl_cv_header_winldap_h="no"
    curl_cv_header_winber_h="no"
    ;;
esac

    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build target supports WIN32 file API" >&5
$as_echo_n "checking whether build target supports WIN32 file API... " >&6; }

      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (large file enabled)" >&5
$as_echo "yes (large file enabled)" >&6; }

cat >>confdefs.h <<_ACEOF
#define USE_WIN32_LARGE_FILES 1
_ACEOF

      USE_WIN32_LARGE_FILES=1

      ;;
    win32_small_files)
      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (large file disabled)" >&5
$as_echo "yes (large file disabled)" >&6; }

cat >>confdefs.h <<_ACEOF
#define USE_WIN32_SMALL_FILES 1
_ACEOF

      USE_WIN32_SMALL_FILES=1

      ;;
    *)
      { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
      ;;
  esac


    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build target supports WIN32 crypto API" >&5
$as_echo_n "checking whether build target supports WIN32 crypto API... " >&6; }
  curl_win32_crypto_api="no"
  if test "$curl_cv_header_wincrypt_h" = "yes"; then
    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


#undef inline
#ifndef WIN32_LEAN_AND_MEAN
#define WIN32_LEAN_AND_MEAN
#endif
#include <windows.h>
#include <wincrypt.h>

int main (void)
{

        HCRYPTPROV hCryptProv;
        if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL,
                               CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) {
          CryptReleaseContext(hCryptProv, 0);
        }

 ;
 return 0;
}

_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :

      curl_win32_crypto_api="yes"

fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
  fi
  case "$curl_win32_crypto_api" in
    yes)
      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }

cat >>confdefs.h <<_ACEOF
#define USE_WIN32_CRYPTO 1
_ACEOF

      USE_WIN32_CRYPTO=1

      ;;
    *)
      { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
      ;;
  esac

      LIBS="$tst_connect_need_LIBS $tst_connect_save_LIBS"
      ;;
  esac


CURL_NETWORK_LIBS=$LIBS




































  for ac_header in sys/types.h sys/time.h time.h
do :
  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
  cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF

  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
  ipv6=yes

else
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */

/* are AF_INET6 and sockaddr_in6 available? */
#include <sys/types.h>
#ifdef HAVE_WINSOCK2_H
#include <winsock2.h>
#include <ws2tcpip.h>
#else
#include <sys/socket.h>
#include <netinet/in.h>

 struct sockaddr_in6 s;
 (void)s;
 if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
   exit(1);
 else
   exit(0);
}


_ACEOF
if ac_fn_c_try_run "$LINENO"; then :
  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
  ipv6=yes
else

#include <ws2tcpip.h>
#else
#include <netinet/in.h>
#if defined (__TANDEM)
# include <netinet/in6.h>
#endif
#endif

int main (void)
{

  struct sockaddr_in6 s;
  s.sin6_scope_id = 0;

 ;
 return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :




  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }

$as_echo "#define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1" >>confdefs.h


else

    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }

fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi


{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if argv can be written to" >&5
$as_echo_n "checking if argv can be written to... " >&6; }

   old=$LD_LIBRARY_PATH

    # --with-schannel implies --enable-sspi

$as_echo "#define USE_WINDOWS_SSPI 1" >>confdefs.h

    USE_WINDOWS_SSPI=1

    curl_sspi_msg="enabled"

  else
    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
  fi
  test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
else
  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi

if test "x$USE_WIN32_CRYPTO" = "x1" -o "x$USE_SCHANNEL" = "x1"; then
  LIBS="-ladvapi32 -lcrypt32 $LIBS"
fi

OPT_SECURETRANSPORT=no

# Check whether --with-darwinssl was given.
if test "${with_darwinssl+set}" = set; then :
  withval=$with_darwinssl; OPT_SECURETRANSPORT=$withval
fi

    *-*-msys* | *-*-mingw*)
      { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gdi32" >&5
$as_echo_n "checking for gdi32... " >&6; }
      my_ac_save_LIBS=$LIBS
      LIBS="-lgdi32 $LIBS"
      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */

        #include <windef.h>
        #include <wingdi.h>

int main (void)
{

          GdiFlush();

 ;
 return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
           { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
else
           LIBS=$my_ac_save_LIBS
        { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }

fi
rm -f core conftest.err conftest.$ac_objext \
    conftest$ac_exeext conftest.$ac_ext
      ;;
  esac

if test "x$ac_cv_lib_crypto_HMAC_Update" = xyes; then :

     HAVECRYPTO="yes"
     LIBS="-lcrypto $LIBS"

else

     if test -n "$LIB_OPENSSL" ; then
       LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL"
     fi
     if test "$PKGCONFIG" = "no" -a -n "$PREFIX_OPENSSL" ; then
       # only set this if pkg-config wasn't used
       CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include"
     fi
     # Linking previously failed, try extra paths from --with-ssl or pkg-config.
     # Use a different function name to avoid reusing the earlier cached result.
     { $as_echo "$as_me:${as_lineno-$LINENO}: checking for HMAC_Init_ex in -lcrypto" >&5
$as_echo_n "checking for HMAC_Init_ex in -lcrypto... " >&6; }

$as_echo "no" >&6; }

         { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL linking with -ldl and -lpthread" >&5
$as_echo_n "checking OpenSSL linking with -ldl and -lpthread... " >&6; }
         LIBS="$CLEANLIBS -lcrypto -ldl -lpthread"
         cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


           #include <openssl/err.h>

int main (void)
{

           ERR_clear_error();

fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gnutls_nettle_MD5Init" >&5
$as_echo "$ac_cv_lib_gnutls_nettle_MD5Init" >&6; }
if test "x$ac_cv_lib_gnutls_nettle_MD5Init" = xyes; then :
   USE_GNUTLS_NETTLE=1
fi








































  # If not, try linking directly to both of them to see if they are available
  if test "$USE_GNUTLS_NETTLE" = ""; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nettle_MD5Init in -lnettle" >&5
$as_echo_n "checking for nettle_MD5Init in -lnettle... " >&6; }
if ${ac_cv_lib_nettle_nettle_MD5Init+:} false; then :
  $as_echo_n "(cached) " >&6
else

$as_echo "$ac_cv_lib_nettle_nettle_MD5Init" >&6; }
if test "x$ac_cv_lib_nettle_nettle_MD5Init" = xyes; then :
   USE_GNUTLS_NETTLE=1
fi

  fi
  if test "$USE_GNUTLS_NETTLE" = ""; then







































    as_fn_error $? "GnuTLS found, but nettle was not found" "$LINENO" 5
  fi






  LIBS="-lnettle $LIBS"



fi

if test "$GNUTLS_ENABLED" = "1"; then
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gnutls_srp_verifier in -lgnutls" >&5
$as_echo_n "checking for gnutls_srp_verifier in -lgnutls... " >&6; }
if ${ac_cv_lib_gnutls_gnutls_srp_verifier+:} false; then :
  $as_echo_n "(cached) " >&6

      fi
    fi

  fi
  test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi


OPT_RUSTLS=no

_cppflags=$CPPFLAGS
_ldflags=$LDFLAGS

# Check whether --with-rustls was given.
if test "${with_rustls+set}" = set; then :
  withval=$with_rustls; OPT_RUSTLS=$withval
fi


if test -z "$ssl_backends" -o "x$OPT_RUSTLS" != xno; then
  ssl_msg=

  if test X"$OPT_RUSTLS" != Xno; then

    if test "$OPT_RUSTLS" = "yes"; then
      OPT_RUSTLS=""
    fi

    if test -z "$OPT_RUSTLS" ; then

      { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rustls_client_session_read in -lcrustls" >&5
$as_echo_n "checking for rustls_client_session_read in -lcrustls... " >&6; }
if ${ac_cv_lib_crustls_rustls_client_session_read+:} false; then :
  $as_echo_n "(cached) " >&6
else
  ac_check_lib_save_LIBS=$LIBS
LIBS="-lcrustls -lpthread -ldl $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


#ifdef __cplusplus
extern "C"
#endif
char rustls_client_session_read ();
int main (void)
{
return rustls_client_session_read ();
 ;
 return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
  ac_cv_lib_crustls_rustls_client_session_read=yes
else
  ac_cv_lib_crustls_rustls_client_session_read=no
fi
rm -f core conftest.err conftest.$ac_objext \
    conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crustls_rustls_client_session_read" >&5
$as_echo "$ac_cv_lib_crustls_rustls_client_session_read" >&6; }
if test "x$ac_cv_lib_crustls_rustls_client_session_read" = xyes; then :


$as_echo "#define USE_RUSTLS 1" >>confdefs.h

         USE_RUSTLS=1

         RUSTLS_ENABLED=1
         USE_RUSTLS="yes"
         ssl_msg="rustls"
	 test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes

fi

    fi

    addld=""
    addlib="-lpthread"
    addcflags=""
    bearssllib=""

    if test "x$USE_RUSTLS" != "xyes"; then
            addld=-L$OPT_RUSTLS/lib$libsuff
      addcflags=-I$OPT_RUSTLS/include
      rustlslib=$OPT_RUSTLS/lib$libsuff

      LDFLAGS="$LDFLAGS $addld"
      if test "$addcflags" != "-I/usr/include"; then
         CPPFLAGS="$CPPFLAGS $addcflags"
      fi

      { $as_echo "$as_me:${as_lineno-$LINENO}: checking for rustls_client_session_read in -lcrustls" >&5
$as_echo_n "checking for rustls_client_session_read in -lcrustls... " >&6; }
if ${ac_cv_lib_crustls_rustls_client_session_read+:} false; then :
  $as_echo_n "(cached) " >&6
else
  ac_check_lib_save_LIBS=$LIBS
LIBS="-lcrustls -lpthread -ldl $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


#ifdef __cplusplus
extern "C"
#endif
char rustls_client_session_read ();
int main (void)
{
return rustls_client_session_read ();
 ;
 return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
  ac_cv_lib_crustls_rustls_client_session_read=yes
else
  ac_cv_lib_crustls_rustls_client_session_read=no
fi
rm -f core conftest.err conftest.$ac_objext \
    conftest$ac_exeext conftest.$ac_ext
LIBS=$ac_check_lib_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crustls_rustls_client_session_read" >&5
$as_echo "$ac_cv_lib_crustls_rustls_client_session_read" >&6; }
if test "x$ac_cv_lib_crustls_rustls_client_session_read" = xyes; then :


$as_echo "#define USE_RUSTLS 1" >>confdefs.h

       USE_RUSTLS=1

       RUSTLS_ENABLED=1
       USE_RUSTLS="yes"
       ssl_msg="rustls"
       test rustls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes

else
  as_fn_error $? "--with-rustls was specified but could not find rustls." "$LINENO" 5
fi

    fi

    if test "x$USE_RUSTLS" = "xyes"; then
      { $as_echo "$as_me:${as_lineno-$LINENO}: detected rustls" >&5
$as_echo "$as_me: detected rustls" >&6;}
      check_for_ca_bundle=1

      LIBS="-lcrustls -lpthread -ldl $LIBS"

      if test -n "$rustlslib"; then
                                        if test "x$cross_compiling" != "xyes"; then
          CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$rustlslib"
          export CURL_LIBRARY_PATH
          { $as_echo "$as_me:${as_lineno-$LINENO}: Added $rustlslib to CURL_LIBRARY_PATH" >&5
$as_echo "$as_me: Added $rustlslib to CURL_LIBRARY_PATH" >&6;}
        fi
      fi
    fi

  fi
  test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi


OPT_NSS=no


# Check whether --with-nss was given.
if test "${with_nss+set}" = set; then :
  withval=$with_nss; OPT_NSS=$withval

      fi

    fi
  fi
  test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi

case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$SCHANNEL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$BEARSSL_ENABLED$AMISSL_ENABLED$RUSTLS_ENABLED"
in
x)
  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more." >&5
$as_echo "$as_me: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more." >&2;}
  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Use --with-ssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink, --with-amissl or --with-bearssl to address this." >&5
$as_echo "$as_me: WARNING: Use --with-ssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink, --with-amissl or --with-bearssl to address this." >&2;}
  ;;
x1)

  USE_LIBPSL_TRUE=
  USE_LIBPSL_FALSE='#'
else
  USE_LIBPSL_TRUE='#'
  USE_LIBPSL_FALSE=
fi





# Check whether --with-libgsasl was given.
if test "${with_libgsasl+set}" = set; then :
  withval=$with_libgsasl; with_libgsasl=$withval
else
  with_libgsasl=yes
fi

if test $with_libgsasl != "no"; then
  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gsasl_init" >&5
$as_echo_n "checking for library containing gsasl_init... " >&6; }
if ${ac_cv_search_gsasl_init+:} false; then :
  $as_echo_n "(cached) " >&6
else
  ac_func_search_save_LIBS=$LIBS
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */


#ifdef __cplusplus
extern "C"
#endif
char gsasl_init ();
int main (void)
{
return gsasl_init ();
 ;
 return 0;
}
_ACEOF
for ac_lib in '' gsasl; do
  if test -z "$ac_lib"; then
    ac_res="none required"
  else
    ac_res=-l$ac_lib
    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
  fi
  if ac_fn_c_try_link "$LINENO"; then :
  ac_cv_search_gsasl_init=$ac_res
fi
rm -f core conftest.err conftest.$ac_objext \
    conftest$ac_exeext
  if ${ac_cv_search_gsasl_init+:} false; then :
  break
fi
done
if ${ac_cv_search_gsasl_init+:} false; then :

else
  ac_cv_search_gsasl_init=no
fi
rm conftest.$ac_ext
LIBS=$ac_func_search_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gsasl_init" >&5
$as_echo "$ac_cv_search_gsasl_init" >&6; }
ac_res=$ac_cv_search_gsasl_init
if test "$ac_res" != no; then :
  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
  curl_gsasl_msg="enabled";

$as_echo "#define USE_GSASL 1" >>confdefs.h


else
  curl_gsasl_msg="no      (libgsasl not found)";
     { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libgsasl was not found" >&5
$as_echo "$as_me: WARNING: libgsasl was not found" >&2;}


fi

fi
 if test "$curl_gsasl_msg" = "enabled"; then
  USE_GSASL_TRUE=
  USE_GSASL_FALSE='#'
else
  USE_GSASL_TRUE='#'
  USE_GSASL_FALSE=
fi



OPT_LIBMETALINK=no


# Check whether --with-libmetalink was given.
if test "${with_libmetalink+set}" = set; then :

                  as_fn_error $? "--with-nghttp3 was specified but could not find nghttp3 pkg-config file." "$LINENO" 5
    fi
  fi

fi


OPT_QUICHE="no"

if test "x$disable_http" = "xyes" -o "x$USE_NGTCP" = "x1"; then
  # without HTTP or with ngtcp2, quiche is no use
  OPT_QUICHE="no"
fi

$as_echo "$as_me: Added $DIR_QUICHE to CURL_LIBRARY_PATH" >&6;}
fi

done


else
          as_fn_error $? "couldn't use quiche" "$LINENO" 5



fi

  else
        if test X"$want_quiche" != Xdefault; then
                  as_fn_error $? "--with-quiche was specified but could not find quiche pkg-config file." "$LINENO" 5
    fi
  fi
fi






OPT_HYPER="no"



# Check whether --with-hyper was given.
if test "${with_hyper+set}" = set; then :
  withval=$with_hyper; OPT_HYPER=$withval
fi

  *)
        want_hyper="yes"
    want_hyper_path="$withval"
    ;;
esac

if test X"$want_hyper" != Xno; then
  if test "x$disable_http" = "xyes"; then
    as_fn_error $? "--with-hyper is not compatible with --disable-http" "$LINENO" 5
  fi

    CLEANLDFLAGS="$LDFLAGS"
  CLEANCPPFLAGS="$CPPFLAGS"
  CLEANLIBS="$LIBS"


    if test -n "$PKG_CONFIG"; then
      PKGCONFIG="$PKG_CONFIG"

    if test -n "$want_hyper_path"; then
      PKG_CONFIG_LIBDIR="$want_hyper_path"
      export PKG_CONFIG_LIBDIR
    fi

      $PKGCONFIG --libs-only-L hyper`
  else
        LIB_HYPER="-lhyper -ldl -lpthread -lm"
    if test X"$want_hyper" != Xdefault; then
      CPP_HYPER=-I"$want_hyper_path/capi/include"
      LD_HYPER="-L$want_hyper_path/target/debug"
    fi
  fi
  if test -n "$LIB_HYPER"; then
    { $as_echo "$as_me:${as_lineno-$LINENO}: -l is $LIB_HYPER" >&5

$as_echo "$as_me: Added $DIR_HYPER to CURL_LIBRARY_PATH" >&6;}
fi

done


else
  as_fn_error $? "--with-hyper but hyper was not found. See docs/HYPER.md." "$LINENO" 5



fi

  fi
fi

    ;;
  *)
        FISH_FUNCTIONS_DIR="$withval"

    ;;
esac



















































































































  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for malloc.h" >&5
$as_echo_n "checking for malloc.h... " >&6; }
if ${curl_cv_header_malloc_h+:} false; then :
  $as_echo_n "(cached) " >&6
else

cat >>confdefs.h <<_ACEOF
#define size_t unsigned int
_ACEOF

fi




































      for ac_header in sys/types.h sys/time.h time.h sys/socket.h
do :
  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
  cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF

      if test "$curl_cv_sig_atomic_t_volatile" = "yes"; then

$as_echo "#define HAVE_SIG_ATOMIC_T_VOLATILE 1" >>confdefs.h

      fi
      ;;
  esac




































    for ac_header in sys/select.h sys/socket.h
do :
  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"

    curl_cv_func_stricmp="yes"
  else
    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
    curl_cv_func_stricmp="no"
  fi























































































































































    #
  tst_links_strncmpi="unknown"
  tst_proto_strncmpi="unknown"
  tst_compi_strncmpi="unknown"
  tst_allow_strncmpi="unknown"
  #

if test "x$HAVE_GSSAPI" = "x1"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES GSS-API"
fi

if test "x$curl_psl_msg" = "xenabled"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES PSL"
fi

if test "x$curl_gsasl_msg" = "xenabled"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES GSASL"
fi

if test "x$enable_altsvc" = "xyes"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES alt-svc"
fi
if test "x$enable_hsts" = "xyes"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES HSTS"
fi

if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
    \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then
  SUPPORT_FEATURES="$SUPPORT_FEATURES SPNEGO"
fi

if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
    \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then
  SUPPORT_FEATURES="$SUPPORT_FEATURES Kerberos"
fi

use_curl_ntlm_core=no

if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then
  if test "x$OPENSSL_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \
      -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
      -o "x$SECURETRANSPORT_ENABLED" = "x1" \
      -o "x$USE_WIN32_CRYPTO" = "x1" \
      -o "x$WOLFSSL_NTLM" = "x1"; then
    use_curl_ntlm_core=yes
  fi

  if test "x$use_curl_ntlm_core" = "xyes" \
      -o "x$USE_WINDOWS_SSPI" = "x1"; then
    SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"

    if test "x$CURL_DISABLE_HTTP" != "x1" -a \
        "x$NTLM_WB_ENABLED" = "x1"; then
      SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB"
    fi
  fi

    SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy"
  fi
fi

if test "x$ECH_ENABLED" = "x1"; then
  SUPPORT_FEATURES="$SUPPORT_FEATURES ECH"
fi

if test ${ac_cv_sizeof_curl_off_t} -gt 4; then
  if test ${ac_cv_sizeof_off_t} -gt 4 -o \
     "$curl_win32_file_api" = "win32_large_files"; then
    SUPPORT_FEATURES="$SUPPORT_FEATURES Largefile"
  fi
fi

SUPPORT_FEATURES=`echo $SUPPORT_FEATURES | tr ' ' '\012' | sort | tr '\012' ' '`


if test "x$CURL_DISABLE_HTTP" != "x1"; then
  SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS HTTP"
  if test "x$SSL_ENABLED" = "x1"; then

if test "x$CURL_DISABLE_IMAP" != "x1"; then
  SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS IMAP"
  if test "x$SSL_ENABLED" = "x1"; then
    SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS IMAPS"
  fi
fi
if test "x$CURL_DISABLE_SMB" != "x1" \




    -a "x$use_curl_ntlm_core" = "xyes"; then
  SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB"
  if test "x$SSL_ENABLED" = "x1"; then
    SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS"
  fi
fi
if test "x$CURL_DISABLE_SMTP" != "x1"; then
  SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMTP"

  as_fn_error $? "conditional \"BUILD_STUB_GSS\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${USE_LIBPSL_TRUE}" && test -z "${USE_LIBPSL_FALSE}"; then
  as_fn_error $? "conditional \"USE_LIBPSL\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${USE_GSASL_TRUE}" && test -z "${USE_GSASL_FALSE}"; then
  as_fn_error $? "conditional \"USE_GSASL\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS_TRUE}" && test -z "${CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS_FALSE}"; then
  as_fn_error $? "conditional \"CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
if test -z "${USE_MANUAL_TRUE}" && test -z "${USE_MANUAL_FALSE}"; then
  as_fn_error $? "conditional \"USE_MANUAL\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5

  curl version:     ${CURLVERSION}
  SSL:              ${curl_ssl_msg}
  SSH:              ${curl_ssh_msg}
  zlib:             ${curl_zlib_msg}
  brotli:           ${curl_brotli_msg}
  zstd:             ${curl_zstd_msg}
  GSS-API:          ${curl_gss_msg}
  GSASL:            ${curl_gsasl_msg}
  TLS-SRP:          ${curl_tls_srp_msg}
  resolver:         ${curl_res_msg}
  IPv6:             ${curl_ipv6_msg}
  Unix sockets:     ${curl_unix_sockets_msg}
  IDN:              ${curl_idn_msg}
  Build libcurl:    Shared=${enable_shared}, Static=${enable_static}
  Built-in manual:  ${curl_manual_msg}

  curl version:     ${CURLVERSION}
  SSL:              ${curl_ssl_msg}
  SSH:              ${curl_ssh_msg}
  zlib:             ${curl_zlib_msg}
  brotli:           ${curl_brotli_msg}
  zstd:             ${curl_zstd_msg}
  GSS-API:          ${curl_gss_msg}
  GSASL:            ${curl_gsasl_msg}
  TLS-SRP:          ${curl_tls_srp_msg}
  resolver:         ${curl_res_msg}
  IPv6:             ${curl_ipv6_msg}
  Unix sockets:     ${curl_unix_sockets_msg}
  IDN:              ${curl_idn_msg}
  Build libcurl:    Shared=${enable_shared}, Static=${enable_static}
  Built-in manual:  ${curl_manual_msg}

#
# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
# KIND, either express or implied.
#
#***************************************************************************
dnl Process this file with autoconf to produce a configure script.

AC_PREREQ(2.59)

dnl We don't know the version number "statically" so we use a dash here
AC_INIT([curl], [-], [a suitable curl mailing list: https://curl.se/mail/])

XC_OVR_ZZ50
XC_OVR_ZZ60
CURL_OVERRIDE_AUTOCONF

PKGADD_VENDOR="curl.se"
AC_SUBST(PKGADD_PKG)
AC_SUBST(PKGADD_NAME)
AC_SUBST(PKGADD_VENDOR)

dnl
dnl initialize all the info variables
    curl_ssl_msg="no      (--with-{ssl,gnutls,nss,mbedtls,wolfssl,schannel,secure-transport,mesalink,amissl,bearssl,rustls} )"
    curl_ssh_msg="no      (--with-{libssh,libssh2})"
   curl_zlib_msg="no      (--with-zlib)"
 curl_brotli_msg="no      (--with-brotli)"
   curl_zstd_msg="no      (--with-zstd)"
    curl_gss_msg="no      (--with-gssapi)"
  curl_gsasl_msg="no      (--with-gsasl)"
curl_tls_srp_msg="no      (--enable-tls-srp)"
    curl_res_msg="default (--enable-ares / --enable-threaded-resolver)"
   curl_ipv6_msg="no      (--enable-ipv6)"
curl_unix_sockets_msg="no      (--enable-unix-sockets)"
    curl_idn_msg="no      (--with-{libidn2,winidn})"
 curl_manual_msg="no      (--enable-manual)"
curl_libcurl_msg="enabled (--disable-libcurl-option)"
curl_verbose_msg="enabled (--disable-verbose)"
   curl_sspi_msg="no      (--enable-sspi)"
   curl_ldap_msg="no      (--enable-ldap / --with-ldap-lib / --with-lber-lib)"
  curl_ldaps_msg="no      (--enable-ldaps)"
   curl_rtsp_msg="no      (--enable-rtsp)"
   curl_rtmp_msg="no      (--with-librtmp)"
  curl_mtlnk_msg="no      (--with-libmetalink)"
    curl_psl_msg="no      (--with-libpsl)"
 curl_altsvc_msg="enabled";
    ssl_backends=
     curl_h1_msg="enabled (internal)"
     curl_h2_msg="no      (--with-nghttp2, --with-hyper)"
     curl_h3_msg="no      (--with-ngtcp2, --with-quiche)"

enable_altsvc="yes"

dnl
dnl Save some initial values the user might have provided
dnl

CURL_CHECK_HEADER_WINDOWS
CURL_CHECK_NATIVE_WINDOWS
case X-"$curl_cv_native_windows" in
  X-yes)
    CURL_CHECK_HEADER_WINSOCK
    CURL_CHECK_HEADER_WINSOCK2
    CURL_CHECK_HEADER_WS2TCPIP
    CURL_CHECK_HEADER_WINCRYPT
    CURL_CHECK_HEADER_WINLDAP
    CURL_CHECK_HEADER_WINBER
    ;;
  *)
    curl_cv_header_winsock_h="no"
    curl_cv_header_winsock2_h="no"
    curl_cv_header_ws2tcpip_h="no"
    curl_cv_header_wincrypt_h="no"
    curl_cv_header_winldap_h="no"
    curl_cv_header_winber_h="no"
    ;;
esac
CURL_CHECK_WIN32_LARGEFILE
CURL_CHECK_WIN32_CRYPTO

CURL_MAC_CFLAGS
CURL_SUPPORTS_BUILTIN_AVAILABLE


dnl ************************************************************
dnl switch off particular protocols
dnl
AC_MSG_CHECKING([whether to support http])
AC_ARG_ENABLE(http,
AS_HELP_STRING([--enable-http],[Enable HTTP support])
AS_HELP_STRING([--disable-http],[Disable HTTP support]),
[ case "$enableval" in
  no)
       AC_MSG_RESULT(no)
       AC_DEFINE(CURL_DISABLE_HTTP, 1, [to disable HTTP])
       disable_http="yes"
       AC_MSG_WARN([disable HTTP disables FTP over proxy and RTSP])
       AC_SUBST(CURL_DISABLE_HTTP, [1])

  *)   AC_MSG_RESULT(yes)
       ;;
  esac ],
       AC_MSG_RESULT(yes)
)
AC_MSG_CHECKING([whether to support ftp])
AC_ARG_ENABLE(ftp,
AS_HELP_STRING([--enable-ftp],[Enable FTP support])
AS_HELP_STRING([--disable-ftp],[Disable FTP support]),
[ case "$enableval" in
  no)
       AC_MSG_RESULT(no)
       AC_DEFINE(CURL_DISABLE_FTP, 1, [to disable FTP])
       AC_SUBST(CURL_DISABLE_FTP, [1])
       ;;
  *)   AC_MSG_RESULT(yes)
       ;;
  esac ],
       AC_MSG_RESULT(yes)
)
AC_MSG_CHECKING([whether to support file])
AC_ARG_ENABLE(file,
AS_HELP_STRING([--enable-file],[Enable FILE support])
AS_HELP_STRING([--disable-file],[Disable FILE support]),
[ case "$enableval" in
  no)
       AC_MSG_RESULT(no)
       AC_DEFINE(CURL_DISABLE_FILE, 1, [to disable FILE])
       AC_SUBST(CURL_DISABLE_FILE, [1])
       ;;
  *)   AC_MSG_RESULT(yes)
       ;;
  esac ],
       AC_MSG_RESULT(yes)
)
AC_MSG_CHECKING([whether to support ldap])
AC_ARG_ENABLE(ldap,
AS_HELP_STRING([--enable-ldap],[Enable LDAP support])
AS_HELP_STRING([--disable-ldap],[Disable LDAP support]),
[ case "$enableval" in
  no)
       AC_MSG_RESULT(no)
       AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP])
       AC_SUBST(CURL_DISABLE_LDAP, [1])
       ;;
  *)
       AC_MSG_RESULT(yes)
       ;;
  esac ],[
       AC_MSG_RESULT(yes) ]
)
AC_MSG_CHECKING([whether to support ldaps])
AC_ARG_ENABLE(ldaps,
AS_HELP_STRING([--enable-ldaps],[Enable LDAPS support])
AS_HELP_STRING([--disable-ldaps],[Disable LDAPS support]),
[ case "$enableval" in
  no)
       AC_MSG_RESULT(no)
       AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS])
       AC_SUBST(CURL_DISABLE_LDAPS, [1])
       ;;
  *)   if test "x$CURL_DISABLE_LDAP" = "x1" ; then

         AC_DEFINE(HAVE_LDAP_SSL, 1, [Use LDAPS implementation])
         AC_SUBST(HAVE_LDAP_SSL, [1])
       fi ]
)

AC_MSG_CHECKING([whether to support rtsp])
AC_ARG_ENABLE(rtsp,
AS_HELP_STRING([--enable-rtsp],[Enable RTSP support])
AS_HELP_STRING([--disable-rtsp],[Disable RTSP support]),
[ case "$enableval" in
  no)
       AC_MSG_RESULT(no)
       AC_DEFINE(CURL_DISABLE_RTSP, 1, [to disable RTSP])
       AC_SUBST(CURL_DISABLE_RTSP, [1])
       ;;
  *)   if test x$CURL_DISABLE_HTTP = x1 ; then