                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.69.1 (11 Mar 2020)

Daniel Stenberg (11 Mar 2020)
- RELEASE-NOTES: 7.69.1

- THANKS: from the 7.69.1 release

- [Marc Hoersken brought this change]

  test1129: fix invalid case of closing XML-tag and Content-Length
  
  Fixes #5070
  Closes #5072

Marc Hoersken (10 Mar 2020)
- tests/data: fix static ip instead of dynamic value being used
  
  Follow up to 94ced8e

- tests/data: fix static ip:port instead of dynamic values being used
  
  Closes #5065

- tests/server: fix missing use of exe_ext helper function
  
  Follow up to 9819984 and 3dce984
  Reviewed-By: Daniel Stenberg
  Closes #5064

- runtests: log minimal and maximal used port numbers

Daniel Stenberg (9 Mar 2020)
- [Jim Fuller brought this change]

  sftp: fix segfault regression introduced by #4747
  
  This fix adds a defensive check for the case where the char *name in
  struct libssh2_knownhost is NULL
  
  Fixes #5041
  Closes #5062

- RELEASE-NOTES: synced

- socks4: fix host resolve regression
  
  1. The socks4 state machine was broken in the host resolving phase
  
  2. The code now insists on IPv4-only when using SOCKS4 as the protocol
  only supports that.
  
  Regression from #4907 and 4a4b63d, shipped in 7.69.0
  
  Reported-by: amishmm on github
  Bug: https://github.com/curl/curl/issues/5053#issuecomment-596191594
  Closes #5061

- [Patrick Monnerat brought this change]

  silly web server: silent a compilation warning
  
  Recent gcc warns when byte count of strncpy() equals the destination
  buffer size. Since the destination buffer is previously cleared and
  the source string is always shorter, reducing the byte count by one
  silents the warning without affecting the result.
  
  Closes #5059

- [Patrick Monnerat brought this change]

  cookie: get_top_domain() sets zero length for null domains
  
  This silents a compilation warning with gcc -O3.

- [Patrick Monnerat brought this change]

  test 1560: avoid valgrind false positives
  
  When using maximum code optimization level (-O3), valgrind wrongly
  detects uses of uninitialized values in strcmp().
  
  Preset buffers with all zeroes to avoid that.

Steve Holme (8 Mar 2020)
- sha256: Added WinCrypt implementation
  
  Closed #5030

- sha256: Added SecureTransport implementation

Daniel Stenberg (7 Mar 2020)
- lib1564: reduce number of mid-wait wakeup calls
  
  This test does A LOT of *wakeup() calls and then calls curl_multi_poll()
  twice. The first *poll() is then expected to return early and the second
  not - as the first is supposed to drain the socketpair pipe.
  
  It turns out however that when given "excessive" amounts of writes to
  the pipe, some operating systems (the Solaris based are known) will
  return EAGAIN before the pipe is drained, which in our test case causes
  the second *poll() call to also abort early.
  
  This change attempts to avoid the OS-specific behaviors in the test by
  reducing the amount of wakeup calls from 1234567 to 10.
  
  Reported-by: Andy Fiddaman
  Fixes #5037
  Closes #5058

- [Patrick Monnerat brought this change]

  mime: fix the binary encoder to handle large data properly
  
  New test 666 checks this is effective.
  As upload buffer size is significant in this kind of tests, shorten it
  in similar test 652.
  
  Fixes #4860
  Closes #4833
  Reported-by: RuurdBeerstra on github

- [Patrick Monnerat brought this change]

  mime: do not perform more than one read in a row
  
  Input buffer filling may delay the data sending if data reads are slow.
  To overcome this problem, file and callback data reads do not accumulate
  in buffer anymore. All other data (memory data and mime framing) are
  considered as fast and still concatenated in buffer.
  As this may highly impact performance in terms of data overhead, an early
  end of part data check is added to spare a read call.
  When encoding a part's data, an encoder may require more bytes than made
  available by a single read. In this case, the above rule does not apply
  and reads are performed until the encoder is able to deliver some data.
  
  Tests 643, 644, 645, 650 and 654 have been adapted to the output data
  changes, with test data size reduced to avoid the boredom of long lists of
  1-byte chunks in verification data.
  New test 667 checks mimepost using single-byte read callback with encoder.
  New test 668 checks the end of part data early detection.
  
  Fixes #4826
  Reported-by: MrdUkk on github

- [Patrick Monnerat brought this change]

  mime: latch last read callback status.
  
  In case a read callback returns a status (pause, abort, eof,
  error) instead of a byte count, drain the bytes read so far but
  remember this status for further processing.
  Takes care of not losing data when pausing, and properly resume a
  paused mime structure when requested.
  New tests 670-673 check unpausing cases, with easy or multi
  interface and mime or form api.
  
  Fixes #4813
  Reported-by: MrdUkk on github

Marc Hoersken (7 Mar 2020)
- runtests: fix missing use of exe_ext helper function

Daniel Stenberg (7 Mar 2020)
- [Ernst Sjöstrand brought this change]

  ares: store dns parameters for duphandle
  
  With c-ares the dns parameters lives in ares_channel. Store them in the
  curl handle and set them again in easy_duphandle.
  
  Regression introduced in #3228 (6765e6d), shipped in curl 7.63.0.
  
  Fixes #4893
  Closes #5020
  Signed-off-by: Ernst Sjöstrand <ernst.sjostrand@verisure.com>

- version: make curl_version* thread-safe without using global context
  
  Closes #5010

- RELEASE-NOTES: synced

Marc Hoersken (7 Mar 2020)
- tests: use native Sleep function as fallback on Windows
  
  Reviewed-By: Daniel Stenberg
  Closes #5054

- perl: align order and completeness of Windows OS checks

Daniel Stenberg (7 Mar 2020)
- tool_cb_see: set correct copyright year range
  
  Follow-up to a39e5bfb9

Marc Hoersken (7 Mar 2020)
- seek: fix fallback for missing ftruncate on Windows
  
  This fixes test 198 on versions of MinGW-w64 without ftruncate
  
  Reviewed-By: Daniel Stenberg
  Reviewed-By: Marcel Raad
  Closes #5055

- config-win32: Windows does not have ftruncate

Daniel Stenberg (7 Mar 2020)
- pause: force a connection (re-)check after unpausing
  
  There might be data available that was already read off the socket, for
  example in the TLS layer.
  
  Reported-by: Anders Berg
  Fixes #4966
  Closes #5049

- socks5: switch state properly when the resolve is done
  
  Regression from 4a4b63d (and #4907)
  Reported-by: vitaha85 on github
  Fixes #5053
  Closes #5056

Jay Satiro (7 Mar 2020)
- libssh: Fix matching user-specified MD5 hex key
  
  Prior to this change a match would never be successful because it
  was mistakenly coded to compare binary data from libssh to a
  user-specified hex string (ie CURLOPT_SSH_HOST_PUBLIC_KEY_MD5).
  
  Reported-by: fds242@users.noreply.github.com
  
  Fixes https://github.com/curl/curl/issues/4971
  Closes https://github.com/curl/curl/pull/4974

Daniel Stenberg (6 Mar 2020)
- pause: bail out on bad input
  
  A NULL easy handle or an easy handle without an associated connection
  cannot be paused or unpaused.
  
  Closes #5050

Steve Holme (6 Mar 2020)
- unit1612: fixed the inclusion and compilation of the HMAC unit test
  
  Follow up to 3f74e5e6 to fix:
  
  - A typo in Makefile.inc where unit1611 was used instead
  - Some compilation issues in unit1612.c
  
  Closes #5024

Daniel Stenberg (6 Mar 2020)
- pause: return early for calls that don't change pause state
  
  Reviewed-by: Patrick Monnerat
  Ref: #4833
  Closes #5026

Jay Satiro (6 Mar 2020)
- curl_share_setopt.3: Note sharing cookies doesn't enable the engine
  
  Follow-up to d0a7ee3 which fixed a bug in 7.66.0 that caused
  CURL_LOCK_DATA_COOKIE to enable the easy handle's cookie engine.
  
  Bug: https://curl.haxx.se/mail/lib-2020-03/0019.html
  Reported-by: Felipe Gasper
  
  Closes https://github.com/curl/curl/pull/5048

- multi: skip EINTR check on wakeup socket if it was closed
  
  - Don't check errno on wakeup socket if sread returned 0 since sread
    doesn't set errno in that case.
  
  This is a follow-up to cf7760a from several days ago which fixed
  Curl_multi_wait to stop busy looping sread on the non-blocking wakeup
  socket if it was closed (ie sread returns 0). Due to a logic error it
  was still possible to busy loop in that case if errno == EINTR.
  
  Closes https://github.com/curl/curl/pull/5047

Daniel Stenberg (6 Mar 2020)
- transfer: set correct copyright year range

- urldata: remove the 'stream_was_rewound' connectdata struct member
  
  ... as it is never set anywhere.
  
  Follow-up to 2f44e94ef
  Closes #5046

- Revert "pause: force-drain the transfer on unpause"
  
  This reverts commit fa0216b294af4c7113a9040ca65eefc7fc18ac1c (from #5000)
  
  Clearly that didn't solve the problem correctly.
  
  Reported-by: Christopher Reid
  Reopens #4966
  Fixes #5044

- RELEASE-NOTES: synced
  
  and bumped curlver.h

- MANUAL: update a dict-using command line
  
  The 'web1913' database is now invalid, use 'gcide' instead.

- KNOWN_BUGS: configure --with-gssapi with Heimdal is ignored on macOS
  
  Closes #3841

- polarssl: remove more references and mentions
  
  Assisted-by: Jay Satiro
  Follow-up to 6357a19ff29dac04
  Closes #5036

Marc Hoersken (4 Mar 2020)
- tests: wrap ignored test failures in braces

- tests: align some Windows sleep defines with each other

- tests: try to make sleeping portable by avoiding select
  
  select does not support just waiting on Windows:
  https://perldoc.perl.org/perlport.html#select
  
  Reviewed-By: Daniel Stenberg
  Closes #5035

Daniel Stenberg (4 Mar 2020)
- runtests.1: rephrase how to specify what tests to run
  
  Also mention the new tilde-prefixed way to ignore test results.
  
  Reviewed-By: Marc Hoersken
  Closes #5033

- cirrus-ci: disable the FreeBSD 13 builds
  
  FreeBSD 13.0 is apparently close to a year away from a stable release
  and has proven to cause intermittent builds failures recently.
  
  Assisted-by: Dan Fandrich
  Assisted-by: Fedor Korotkov
  Fixes #5028
  Closes #5029

Version 7.69.0 (4 Mar 2020)

Daniel Stenberg (4 Mar 2020)
- RELEASE-NOTES: 7.69.0

- THANKS: from 7.69.0
  
  Now sorted case insensitive

Marc Hoersken (3 Mar 2020)
- ci/tests: fix escaping of testnames and disable proxy for CI APIs
  
  Follow up to ada581f and c0d8b96
  Closes #5031

Jay Satiro (3 Mar 2020)
- cmake: Show HTTPS-proxy in the features output
  
  - Show HTTPS-proxy in the features output for those backends that
    support it: OpenSSL, GnuTLS and NSS.
  
  Prior to this change HTTPS-proxy was missing from the cmake features
  output even if curl was built with it. Only cmake output was affected.
  Both the library and tool correctly reported the feature.
  
  Bug: https://curl.haxx.se/mail/lib-2020-03/0008.html
  Reported-by: David Lopes
  
  Closes https://github.com/curl/curl/pull/5025

Marc Hoersken (3 Mar 2020)
- ci/tests: Make it possible to still run but ignore failing tests
  
  This enables the development of a solution for the failing tests by
  running them on CI while ignoring their result for the overall status.
  
  Closes #4994

- README.md: add Azure DevOps Pipelines build status badge

- ci/tests: Move CI test result creation above environment setup
  
  This avoids using our test servers as proxy to the AppVeyor API.
  
  Closes #5022

- ci/tests: Send test results to AppVeyor for status overview
  
  Closes #5021

Daniel Stenberg (3 Mar 2020)
- Revert "sha256: Added SecureTransport implementation"
  
  This reverts commit 4feb38deed33fed14ff7c370a6a9153c661dbb9c (from #4956)
  
  That commit broke test 1610 on macos builds without TLS.
  
  Closes #5027

- dist: include tests/azure.pm in the tarball
  
  Bug: https://github.com/curl/curl/commit/ada581f2cc32f48c1629b729707ac19208435b27#commitcomment-37601589
  Reported-by: Marcel Raad

Steve Holme (3 Mar 2020)
- configure.ac: Disable metalink if mbedTLS is specified
  
  Follow up to cdcc9df1 and #5006. Even though I mentioned mbedTLS as
  being one of the backends that metalink needs to be disabled for, I
  seem to have included it in the list of allowed SSL/TLS backends in
  comnfigure.ac :(
  
  Closes #5013

- sha256: Tidy up following recent changes
  
  Reviewed-by: Daniel Stenberg
  Closes #4956

- sha256: Added WinCrypt implementation

- sha256: Added SecureTransport implementation

- sha256: Added mbedtls implementation

- sha256: Added GNU TLS gcrypt implementation

- sha256: Added GNU TLS Nettle implementation

Jay Satiro (2 Mar 2020)
- curl_escape.3: Add a link to curl_free
  
  Ref: https://github.com/curl/curl/pull/5016#issuecomment-593628582

- curl_getenv.3: Fix the memory handling description
  
  - Tell the user to call curl_free() to free the pointer returned by
    curl_getenv().
  
  Prior to this change the user was directed to call free(), but that
  would not work in cases where the library and application use separate C
  runtimes and therefore have separate heap memory management.
  
  Closes https://github.com/curl/curl/pull/5016

Daniel Stenberg (2 Mar 2020)
- [Nick Zitzmann brought this change]

  md4: use init/update/final functions in Secure Transport
  
  We can use CC_MD4_Init/Update/Final without having to allocate memory
  directly.
  
  Closes #4979

Marc Hoersken (2 Mar 2020)
- ci/tests: some MacOS builds randomly take longer than 20min

Daniel Stenberg (2 Mar 2020)
- multi_wait: stop loop when sread() returns zero
  
  It's unclear why it would ever return zero here, but this change fixes
  Robert's problem and it shouldn't loop forever...
  
  Reported-by: Robert Dunaj
  Bug: https://curl.haxx.se/mail/archive-2020-02/0011.html
  Closes #5019

- http: mark POSTs with no body as "upload done" from the start
  
  As we have logic that checks if we get a >= 400 reponse code back before
  the upload is done, which then got confused since it wasn't "done" but
  yet there was no data to send!
  
  Reported-by: IvanoG on github
  Fixes #4996
  Closes #5002

- tests: disable 962, 963 and 964 on Windows
  
  These tests are also doing UTF-8 SMTP.
  
  Follow-up to df207d2dd93b9e73

Marc Hoersken (2 Mar 2020)
- ci/tests: fine-tune Azure Pipeline timeouts with a small puffer

Daniel Stenberg (2 Mar 2020)
- configure: bump the AC_COPYRIGHT year range

- [Steve Holme brought this change]

  tests: disable SMTP UTF-8 tests on Windows
  
  Fixes #4988
  Closes #4992

- formdata/mime: copyright year range update
  
  Due to the merge/revert cycle

- Revert "mime: latch last read callback status."
  
  This reverts commit 87869e38d7afdec3ef1bb4965711458b088e254f.
  
  Fixes #5014
  Closes #5015
  Reopens #4833

- Revert "mime: do not perform more than one read in a row"
  
  This reverts commit ed0f357f7d25566110d4302f33759f4ffb5a6f83.

- Revert "mime: fix the binary encoder to handle large data properly"
  
  This reverts commit b2caaa0681f329eed317ffb6ae6927f4a539f0c1.

- altsvc: both h3 backends now speak h3-27
  
  ... also updated the HTTP3 build description for ngtcp2 accordingly.

- [Patrick Monnerat brought this change]

  mime: fix the binary encoder to handle large data properly
  
  New test 666 checks this is effective.
  As upload buffer size is significant in this kind of tests, shorten it
  in similar test 652.
  
  Fixes #4860
  Reported-by: RuurdBeerstra on github

- [Patrick Monnerat brought this change]

  mime: do not perform more than one read in a row
  
  Input buffer filling may delay the data sending if data reads are slow.
  To overcome this problem, file and callback data reads do not accumulate
  in buffer anymore. All other data (memory data and mime framing) are
  considered as fast and still concatenated in buffer.
  As this may highly impact performance in terms of data overhead, an early
  end of part data check is added to spare a read call.
  When encoding a part's data, an encoder may require more bytes than made
  available by a single read. In this case, the above rule does not apply
  and reads are performed until the encoder is able to deliver some data.
  
  Tests 643, 644, 645, 650 and 654 have been adapted to the output data
  changes, with test data size reduced to avoid the boredom of long lists of
  1-byte chunks in verification data.
  New test 664 checks mimepost using single-byte read callback with encoder.
  New test 665 checks the end of part data early detection.
  
  Fixes #4826
  Reported-by: MrdUkk on github

- [Patrick Monnerat brought this change]

  mime: latch last read callback status.
  
  In case a read callback returns a status (pause, abort, eof,
  error) instead of a byte count, drain the bytes read so far but
  remember this status for further processing.
  Takes care of not losing data when pausing, and properly resume a
  paused mime structure when requested.
  New tests 670-673 check unpausing cases, with easy or multi
  interface and mime or form api.
  
  Fixes #4813
  Reported-by: MrdUkk on github
  Closes #4833

Steve Holme (1 Mar 2020)
- unit1651: Fixed conversion compilation warning
  
  371:17: warning: conversion to 'unsigned char' from 'int' may alter its
          value [-Wconversion]
  
  Closes #5008

- configure.ac: Disable metalink support if an incompatible SSL/TLS specified
  
  tool_metalink only supports cryptography from OpenSSL, GnuTLS, NSS,
  The Win32 Crypto library and Apple's Common Crypto library.
  
  If an TLS backend such as mbedTLS or WolfSSL is specified then the
  following error is given during compilation along, with a load of
  unresolved extern errors:
  
  Can't compile METALINK support without a crypto library.
  
  Reviewed-by: Daniel Stenberg
  Closes #5006

Marc Hoersken (1 Mar 2020)
- ci/tests: Update Azure DevOps pipeline job display names
  
  Make the configure step more descriptive and align others.

- ci/tests: Fix typo in previous commit 597cf2

- ci/tests: Make sure that the AZURE_ACCESS_TOKEN is available
  
  For security reasons the access token is not available to PR builds.
  Therefore we should not try to use the DevOps API with an empty token.

Daniel Stenberg (1 Mar 2020)
- build: remove all HAVE_OPENSSL_ENGINE_H defines
  
  ... as there's nothing in the code that actually uses the define! The
  last reference was removed in 38203f158.
  
  Closes #5007

Jay Satiro (29 Feb 2020)
- [Rolf Eike Beer brought this change]

  CMake: clean up and improve build procedures
  
  - remove check for unsupported old CMake versions
  
  - do not link to c-ares library twice
  
  - modernize custom Find modules
  
      - FindLibSSH2:
          - pass version to FPHSA to show it in the output
          - use LIBSSH2_VERSION define to extract the version number in
            one shot. This variable exists in the header for 10 years.
          - remove unneeded code
  
      - FindNGHTTP2.cmake:
          - drop needless FPHSA argument
          - mark found variables as advanced
  
      - FindNSS.cmake:
          - show version number
  
      - FindCARES.cmake:
          - drop default paths
          - use FPHSA instead of checking things by hand
  
  - remove needless explict variable dereference
  
  - simplify count_true()
  
  - allow all policies up to version 3.16 to be set to NEW
  
  - do not rerun check for -Wstrict-aliasing=3 every time
  
  In contrast to every other compiler flag this has a = in it, which CMake
  can't have in a variable name.
  
  - only read the interesting strings from curlver.h
  
  Reviewed-by: Peter Wu
  
  Closes https://github.com/curl/curl/pull/4975

- runtests: fix output to command log
  
  - Record only the command of the most recently ran test in the command
    log.
  
  This is a follow-up to 02988b7 from several weeks ago which fixed
  writing to the command log, however it saved all commands for all tests
  instead of just the most recently ran test as we would now expect.
  
  Fixes https://github.com/curl/curl/commit/02988b7#commitcomment-37546876
  Closes https://github.com/curl/curl/pull/5001

Steve Holme (1 Mar 2020)
- polarssl: Additional removal
  
  Follow up to 6357a19f.
  
  Reviewed-by: Daniel Stenberg
  Closes #5004

- [Jonathan Cardoso Machado brought this change]

  docs: fix typo on CURLINFO_RETRY_AFTER - alwaus -> always
  
  Reviewed-by: Steve Holme
  Closes #5005

- md5: Added implementation for mbedTLS
  
  Reviewed-by: Jay Satiro
  Closes #4980

- md5: Use pointer notation for array parameters in GnuTLS implementation

- md4: Use non-deprecated functions in mbedTLS >= 2.7.0
  
  Closes #4983

Marc Hoersken (29 Feb 2020)
- ci/tests: Send test results to Azure DevOps for reporting

Daniel Stenberg (29 Feb 2020)
- pause: force-drain the transfer on unpause
  
  ... since the socket might not actually be readable anymore when for
  example the data is already buffered in the TLS layer.
  
  Fixes #4966
  Reported-by: Anders Berg
  Closes #5000

- TODO: curl --proxycommand
  
  Suggested-by: Kristian Mide
  Closes #4941

- smtp: overwriting 'from' leaks memory
  
  Detected by Coverity. CID 1418139.
  
  Also, make sure to return error if the new 'from' allocation fails.
  
  Closes #4997

- CIfuzz: switch off 'dry_run' mode
  
  Follow-up from #4960: now make it fail if it detects problems.
  
  Closes #4998

Marc Hoersken (28 Feb 2020)
- ci/tests: Increase timeouts of Windows builds due to new tests
  
  Recently added tests increased their runtime above the limit of 60min.

- ci/tests: align Azure Pipeline job names with each other

- ci/tests: Add Windows builds via Azure Pipelines using Docker

- tests: fix Python 3 compatibility of smbserver.py

Daniel Stenberg (27 Feb 2020)
- runtests: restore the command log
  
  The log file with all command lines for the invoked command lines is now
  called logs/commands.log
  
  Fixes #4911
  Closes #4989

- smtp: fix memory leak on exit path
  
  Detected by Coverity. CID 1418139. "leaked_storage: Variable 'from'
  going out of scope leaks the storage it points to"
  
  Closes #4990

Steve Holme (27 Feb 2020)
- gtls: Fixed compilation when using GnuTLS < 3.5.0
  
  Reverts the functionality from 41fcb4f when compiling with GnuTLS older
  than 3.5.0.
  
  Reviewed-by: Daniel Stenberg
  Closes #4984

- RELEASE-NOTES: Corrected the link to issue #4892

Daniel Stenberg (27 Feb 2020)
- Curl_is_ASCII_name: handle a NULL argument
  
  Make the function tolerate a NULL pointer input to avoid dereferencing
  that pointer.
  
  Follow-up to efce3ea5a85126d
  Detected by OSS-Fuzz
  Reviewed-By: Steve Holme
  Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20907
  Fixes #4985
  Closes #4986

- RELEASE-NOTES: synced

- http2: make pausing/unpausing set/clear local stream window
  
  This reduces the HTTP/2 window size to 32 MB since libcurl might have to
  buffer up to this amount of data in memory and yet we don't want it set
  lower to potentially impact tranfer performance on high speed networks.
  
  Requires nghttp2 commit b3f85e2daa629
  (https://github.com/nghttp2/nghttp2/pull/1444) to work properly, to end
  up in the next release after 1.40.0.
  
  Fixes #4939
  Closes #4940

- [Anderson Toshiyuki Sasaki brought this change]

  libssh: improve known hosts handling
  
  Previously, it was not possible to get a known hosts file entry due to
  the lack of an API.  ssh_session_get_known_hosts_entry(), introduced in
  libssh-0.9.0, allows libcurl to obtain such information and behave the
  same as when compiled with libssh2.
  
  This also tries to avoid the usage of deprecated functions when the
  replacements are available.  The behaviour will not change if versions
  older than libssh-0.8.0 are used.
  
  Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
  
  Fixes #4953
  Closes #4962

Steve Holme (27 Feb 2020)
- tests: Automatically deduce the tool name from the test case for unit tests
  
  It is still possible to override the executable to run during the test,
  using the <tool> tag, but this patch removes the requirement that the
  tag must be present for unit tests.
  
  It also removes the possibility of human error when existing test cases
  are used as the basis for new tests, as recently witnessed in 81c37124.
  
  Reviewed-by: Daniel Stenberg
  Closes #4976

- test1323: Added the missing 'unit test' feature requirement in the test case

Daniel Stenberg (26 Feb 2020)
- cookie: remove unnecessary check for 'out != 0'
  
  ... as it will always be non-NULL at this point.
  
  Detected by Coverity: CID 1459009

- http: added 417 response treatment
  
  When doing a request with a body + Expect: 100-continue and the server
  responds with a 417, the same request will be retried immediately
  without the Expect: header.
  
  Added test 357 to verify.
  
  Also added a control instruction to tell the sws test server to not read
  the request body if Expect: is present, which the new test 357 uses.
  
  Reported-by: bramus on github
  Fixes #4949
  Closes #4964

Steve Holme (26 Feb 2020)
- smtp: Tidy up, following recent changes, to maintain the coding style
  
  Closes #4892

- smtp: Support the SMTPUTF8 extension for the EXPN command
  
  Simply notify the server we support the SMTPUTF8 extension if it does.

- smtp: Support the SMTPUTF8 extension in the VRFY command

- smtp: Support the SMTPUTF8 extension in the RCPT TO command
  
  Note: The RCPT TO command isn't required to advertise to the server that
  it contains UTF-8 characters, instead the server is told that a mail may
  contain UTF-8 in any envelope command via the MAIL command.

- smtp: Support the SMTPUTF8 extension in the MAIL command
  
  Support the SMTPUTF8 extension when sending mailbox information in the
  MAIL command (FROM and AUTH parameters). Non-ASCII domain names will
  be ACE encoded, if IDN is supported, whilst non-ASCII characters in
  the local address part are passed to the server.
  
  Reported-by: ygthien on github
  Fixes #4828

- smtp: Detect server support for the UTF-8 extension as defined in RFC-6531

- smtp: Support UTF-8 based host names in the VRFY command

- smtp: Support UTF-8 based host names in the RCPT TO command

- smtp: Support UTF-8 based host names in the MAIL command
  
  Non-ASCII host names will be ACE encoded if IDN is supported.

- url: Make the IDN conversion functions available to others

- smtp: Added UTF-8 mailbox tests to verify existing behaviour

- ftpserver: Updated VRFY_smtp() so the response isn't necessary in the test case

- ftpserver: Corrected the e-mail address regex in MAIL_smtp() and RCTP_smtp()
  
  The dot character between the host and the tld was not being escaped,
  which meant it specified a match of 'any' character rather than an
  explicit dot separator.
  
  Additionally removed the dot character from the host name as it allowed
  the following to be specified as a valid address in our test cases:
  
  <bad@example......com>
  
  Both are typos from 98f7ca7 and 8880f84 :(
  
  I can't remember whether my intention was to allow sub-domains to be
  specified in the host or not with these additional dots, but by placing
  it outside of the host means it can only be specified once per domain
  and by placing a + after the new grouping support for sub-domains is
  kept.
  
  Closes #4912

- hmac: Added a unit test for the HMAC hash generation
  
  Closes #4973

- ntlm: Moved the HMAC MD5 function into the HMAC module as a generic function

- tests: Added a unit test for MD4 digest generation
  
  Closes #4970

- md4: Use const for the length input parameter
  
  This keeps the interface the same as md5 and sha256.

- test1610: Fixed the link to the unit test
  
  Typo from 81c37124.

- ntlm: Removed the dependency on the TLS libaries when using MD5
  
  As we have our own MD5 implementation use the MD5 wrapper to remove the
  TLS dependency.
  
  Closes #4967

- md5/sha256: Updated the functions to allow non-string data to be hashed

- digest: Corrected the name of the local HTTP digest function
  
  Follow up to 2b5b37cb. Local static functions do not require the Curl
  prefix.

- tests: Added a unit test for SHA256 digest generation
  
  Follow up to 2b5b37c.
  
  Closes #4968

- md4: Fixed compilation issues when using GNU TLS gcrypt
  
  * Don't include 'struct' in the gcrypt MD4_CTX typedef
  * The call to gcry_md_read() should use a dereferenced ctx
  * The call to gcry_md_close() should use a dereferenced ctx
  
  Additional minor whitespace issue in the USE_WIN32_CRYPTO code.
  
  Closes #4959

Daniel Stenberg (21 Feb 2020)
- RELEASE-NOTES: synced

- http2: now require nghttp2 >= 1.12.0
  
  To simplify our code and since earlier versions lack important function
  calls libcurl needs to function correctly.
  
  nghttp2 1.12.0 was relased on June 26, 2016.
  
  Closes #4961

- gtls: fix the copyright year
  
  Follow-up from 41fcb4f609

- [jethrogb brought this change]

  GnuTLS: Always send client cert
