                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

                                  Changelog

Version 7.81.0 (5 Jan 2022)

Daniel Stenberg (5 Jan 2022)
- RELEASE-NOTES: synced
  
  curl 7.81.0 release

- THANKS: add names from 7.81.0 release

- curl_multi_init.3: fix the copyright year range

- test719-721: require "proxy" feature present to run
  
  Bug: https://github.com/curl/curl/pull/8223#issuecomment-1005188696
  Reported-by: Marc Hörsken
  
  Closes #8226

- test719: require ipv6 support to run
  
  Follow-up to effd2bd7ba2a5fd244
  Reported-by: Marc Hörsken
  Bug: https://github.com/curl/curl/pull/8217#issuecomment-1004681145
  
  Closes #8223

- test719-721: verify SOCKS details
  
  Using the new verify/socks details

- runtests: add verify/socks check
  
  If used, this data is compared with the data in log/socksd-request.log
  which the socksd server logs.
  
  Added to FILEFORMAT.md

- server/socksd: log atyp + address in a separate log
  
  To allow the test suite to verify that the right data arrived

- socks5: use appropriate ATYP for numerical IP address host names
  
  When not resolving the address locallly (known as socks5h).
  
  Add test 719 and 720 to verify.
  
  Reported-by: Peter Piekarski
  Fixes #8216
  Closes #8217

Jay Satiro (3 Jan 2022)
- curl_multi_init.3: fix EXAMPLE formatting

Daniel Stenberg (3 Jan 2022)
- RELEASE-NOTES: synced

- libtest: avoid "assignment within conditional expression"
  
  In lib530, lib540 and lib582
  
  Closes #8218

- ftp: disable warning 4706 in MSVC
  
  Follow-up to 21248e052d
  
  Disabling "assignment within conditional expression" for MSVC needs to
  be done before the function starts, for it to take effect.
  
  Closes #8218

- tool_operate: warn if too many output arguments were found
  
  More output instructions than URLs is likely a user error.
  
  Add test case 371 to verify
  
  Closes #8210

- .github/workflows/mbedtls.yml: bump to mbedtls 3.1.0
  
  Closes #8215

- zuul: remove the mbedtls jobs
  
  Now running as github workflows
  
  Closes #8215

- github/workflows: add mbedtls and mbedtls-clang
  
  Closes #8215

- [Valentin Richter brought this change]

  mbedtls: fix private member designations for v3.1.0
  
  "As a last resort, you can access the field foo of a structure bar by
  writing bar.MBEDTLS_PRIVATE(foo). Note that you do so at your own risk,
  since such code is likely to break in a future minor version of Mbed
  TLS." -
  https://github.com/ARMmbed/mbedtls/blob/f2d1199edc5834df4297f247f213e614f7782d1d/docs/3.0-migration-guide.md
  
  That future minor version is v3.1.0. I set the >= to == for the version
  checks because v3.1.0 is a release, and I am not sure when the private
  designation was reverted after v3.0.0.
  
  Closes #8214

- [Valentin Richter brought this change]

  cmake: prevent dev warning due to mismatched arg
  
  -- curl version=[7.81.0-DEV]
  CMake Warning (dev) at /usr/share/cmake-3.22.1/Modules/FindPackageHandleStandardArgs.cmake:438 (message):
    The package name passed to `find_package_handle_standard_args` (MBEDTLS)
    does not match the name of the calling package (MbedTLS).  This can lead to
    problems in calling code that expects `find_package` result variables
    (e.g., `_FOUND`) to follow a certain pattern.
  Call Stack (most recent call first):
    deps/curl/CMake/FindMbedTLS.cmake:31 (find_package_handle_standard_args)
    deps/curl/CMakeLists.txt:473 (find_package)
  This warning is for project developers.  Use -Wno-dev to suppress it.
  
  Closes #8207

- urlapi: if possible, shorten given numerical IPv6 addresses
  
  Extended test 1560 to verify
  
  Closes #8206

- [Michał Antoniak brought this change]

  url: reduce ssl backend count for CURL_DISABLE_PROXY builds
  
  Closes #8212

- KNOWN_BUGS: "Trying local ports fails on Windows"
  
  Reported-by: gclinch on github
  Closes #8112

- misc: update copyright year range

- zuul: remove the wolfssl even more
  
  Follow-up to 1914465cf180d32b3d

- examples/multi-single.c: remove WAITMS()
  
  As it isn't used.
  
  Reported-by: Melroy van den Berg
  Fixes #8200
  Closes #8201

- gtls: add gnutls include for the session type
  
  Follow-up to 8fbd6feddfa5 to make it build more universally

- m4/curl-compilers: tell clang -Wno-pointer-bool-conversion
  
  To hush compiler warnings we don't care for: error: address of function
  'X' will always evaluate to 'true'
  
  Fixes #8197
  Closes #8198

- http_proxy: don't close the socket (too early)
  
  ... and double-check in the OpenSSL shutdown that the socket is actually
  still there before it is used.
  
  Fixes #8193
  Closes #8195
  
  Reported-by: Leszek Kubik

- ngtcp2: verify the server certificate for the gnutls case
  
  Closes #8178

- ngtcp2: verify the server cert on connect (quictls)
  
  Make ngtcp2+quictls correctly acknowledge `CURLOPT_SSL_VERIFYPEER` and
  `CURLOPT_SSL_VERIFYHOST`.
  
  The name check now uses a function from lib/vtls/openssl.c which will
  need attention for when TLS is not done by OpenSSL or is disabled while
  QUIC is enabled.
  
  Possibly the servercert() function in openssl.c should be adjusted to be
  able to use for both regular TLS and QUIC.
  
  Ref: #8173
  Closes #8178

- zuul: remove the wolfssl build

- github workflow: add wolfssl
  
  Closes #8196

- [Nicolas Sterchele brought this change]

  zuul: fix quiche build pointing to wrong Cargo
  
  Fixes #8184
  Closes #8189

- checksrc: detect more kinds of NULL comparisons we avoid
  
  Co-authored-by: Jay Satiro
  Closes #8180

- RELEASE-NOTES: synced

- mesalink: remove the BACKEND define kludge
  
  Closes #8183

- schannel: remove the BACKEND define kludge
  
  Closes #8182

- gtls: check return code for gnutls_alpn_set_protocols
  
  Closes #8181

- [Stefan Huber brought this change]

  README: label the link to the support document
  
  Closes #8185

- docs/HTTP3: describe how to setup a h3 reverse-proxy for testing
  
  Assisted-by: Matt Holt
  
  Closes #8177

- libcurl-multi.3: "SOCKS proxy handshakes" are not blocking
  
  Since 4a4b63daaa0

- [Vladimir Panteleev brought this change]

  tests: Add test for CURLOPT_HTTP200ALIASES

- [Vladimir Panteleev brought this change]

  http: Fix CURLOPT_HTTP200ALIASES
  
  The httpcode < 100 check was also triggered when none of the fields were
  parsed, thus making the if(!nc) block unreachable.
  
  Closes #8171

- RELEASE-NOTES: synced

- language: "email"
  
  Missed three occurrences.
  
  Follow-up to 7a92f86

- nss:set_cipher don't clobber the cipher list
  
  The string is set by the user and needs to remain intact for proper
  connection reuse etc.
  
  Reported-by: Eric Musser
  Fixes #8160
  Closes #8161

- misc: s/e-mail/email
  
  Consistency is king. Following the lead in everything curl.
  
  Closes #8159

- [Tobias Nießen brought this change]

  docs: fix typo in OpenSSL 3 build instructions
  
  Closes #8162

- linkcheck.yml: add CI job that checks markdown links
  
  Closes #8158

- RELEASE-PROCEDURE.md: remove ICAL link and old release dates

- BINDINGS.md: "markdown-link-check-disable"
  
  It feels a bit unfortunate to litter an ugly tag for this functionality,
  but if we get link scans of all markdown files, this might be worth the
  price.

- docs: fix dead links, remove ECH.md

Jay Satiro (16 Dec 2021)
- openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
  
  Prior to this change OpenSSL_version was only detected in configure
  builds. For other builds the old version parsing code was used which
  would result in incorrect versioning for OpenSSL 3:
  
  Before:
  
  curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.0a zlib/1.2.11
  WinIDN libssh2/1.9.0
  
  After:
  
  curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.1 zlib/1.2.11
  WinIDN libssh2/1.9.0
  
  Reported-by: lllaffer@users.noreply.github.com
  
  Fixes https://github.com/curl/curl/issues/8154
  Closes https://github.com/curl/curl/pull/8155

Daniel Stenberg (16 Dec 2021)
- [James Fuller brought this change]

  docs: add known bugs list to HTTP3.md
  
  Closes #8156

Dan Fandrich (15 Dec 2021)
- BINDINGS: add one from Everything curl and update a link

- libcurl-security.3: mention address and URL mitigations
  
  The new CURLOPT_PREREQFUNCTION callback is another way to sanitize
  addresses.
  Using the curl_url API is a way to mitigate against attacks relying on
  URL parsing differences.

Daniel Stenberg (15 Dec 2021)
- RELEASE-NOTES: synced

- x509asn1: return early on errors
  
  Overhaul to make sure functions that detect errors bail out early with
  error rather than trying to continue and risk hiding the problem.
  
  Closes #8147

- [Patrick Monnerat brought this change]

  openldap: several minor improvements
  
  - Early check proper LDAP URL syntax. Reject URLs with a userinfo part.
  - Use dynamic memory for ldap_init_fd() URL rather than a
    stack-allocated buffer.
  - Never chase referrals: supporting it would require additional parallel
    connections and alternate authentication credentials.
  - Do not wait 1 microsecond while polling/reading query response data.
  - Store last received server code for retrieval with CURLINFO_RESPONSE_CODE.
  
  Closes #8140

- [Michał Antoniak brought this change]

  misc: remove unused doh flags when CURL_DISABLE_DOH is defined
  
  Closes #8148

- mbedtls: fix CURLOPT_SSLCERT_BLOB
  
  The memory passed to mbedTLS for this needs to be null terminated.
  
  Reported-by: Florian Van Heghe
  Closes #8146

- asyn-ares: ares_getaddrinfo needs no happy eyeballs timer
  
  Closes #8142

- mailmap: add Yongkang Huang
  
  From #8141

- [Yongkang Huang brought this change]

  check ssl_config when re-use proxy connection

- mbedtls: do a separate malloc for ca_info_blob
  
  Since the mbedTLS API requires the data to the null terminated.
  
  Follow-up to 456c53730d21b1fad0c7f72c1817
  
  Fixes #8139
  Closes #8145

Marc Hoersken (14 Dec 2021)
- CI: build examples for additional code verification
  
  Some CIs already build them, let's do it on more of them.
  
  Reviewed-by: Daniel Stenberg
  
  Follow up to #7690 and 77311f420a541a0de5b3014e0e40ff8b4205d4af
  Replaces #7591
  Closes #7922

- docs/examples: workaround broken -Wno-pedantic-ms-format
  
  Avoid CURL_FORMAT_CURL_OFF_T by using unsigned long instead.
  Improve size_t to long conversion in imap-append.c example.
  
  Ref: https://github.com/curl/curl/issues/6079
  Ref: https://github.com/curl/curl/pull/6082
  Assisted-by: Jay Satiro
  Reviewed-by: Daniel Stenberg
  
  Preparation of #7922

- tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256
  
  Ref: https://www.msys2.org/wiki/Porting/#filesystem-namespaces
  
  Reviewed-by: Marcel Raad
  Reviewed-by: Jay Satiro
  
  Fixes #8084
  Closes #8138

Daniel Stenberg (13 Dec 2021)
- [Patrick Monnerat brought this change]

  openldap: simplify ldif generation code
  
  and take care of zero-length values, avoiding conversion to base64
  and/or trailing spaces.
  
  Closes #8136

- example/progressfunc: remove code for old libcurls
  
  7.61.0 is over three years old now, remove all #ifdefs for handling
  ancient libcurl versions so that the example gets easier to read and
  understand
  
  Closes #8137

- [x2018 brought this change]

  sha256/md5: return errors when init fails
  
  Closes #8133

- TODO: 13.3 Defeat TLS fingerprinting
  
  Closes #8119

- RELEASE-NOTES: synced

- [Patrick Monnerat brought this change]

  openldap: process search query response messages one by one
  
  Upon receiving large result sets, this reduces memory consumption and
  allows starting to output results while the transfer is still in
  progress.
  
  Closes #8101

- hash: lazy-alloc the table in Curl_hash_add()
  
  This makes Curl_hash_init() infallible which saves error paths.
  
  Closes #8132

- multi: cleanup the socket hash when destroying it
  
  Since each socket hash entry may themselves have a hash table in them,
  the destroying of the socket hash needs to make sure all the subhashes
  are also correctly destroyed to avoid leaking memory.
  
  Fixes #8129
  Closes #8131

- test1156: fixup the stdout check for Windows
  
  It is not text mode.
  
  Follow-up to 6f73e68d182
  
  Closes #8134

- test1528: enable for hyper
  
  Closes #8128

- test1527: enable for hyper
  
  Closes #8128

- test1526: enable for hyper
  
  Closes #8128

- test1525: slightly tweaked for hyper
  
  Closes #8128

- test1156: enable for hyper
  
  Minor reorg of the lib1156 code and it works fine for hyper.
  
  Closes #8127

- test661: enable for hyper
  
  Closes #8126

- docs: fix proselint nits
  
  - remove a lot of exclamation marks
  - use consistent spaces (1, not 2)
  - use better words at some places
  
  Closes #8123

- [RekGRpth brought this change]

  BINDINGS.md: add cURL client for PostgreSQL
  
  Closes #8125

- [RekGRpth brought this change]

  CURLSHOPT_USERDATA.3: fix copy-paste mistake
  
  Closes #8124

- docs: fix minor nroff format nits
  
  Repairs test 1140
  
  Follow-up to 436cdf82041

- docs/URL-SYNTAX.md: space is not fine in a given URL

- curl_multi_perform/socket_action.3: clarify what errors mean
  
  An error returned from one of these funtions mean that ALL still ongoing
  transfers are to be considered failed.
  
  Ref: #8114
  Closes #8120

- libcurl-errors.3: add CURLM_ABORTED_BY_CALLBACK
  
  Follow-up to #8089 (2b3dd01)
  
  Closes #8116

- hash: add asserts to help detect bad usage
  
  For example trying to add entries after the hash has been "cleaned up"
  
  Closes #8115

- lib530: abort on curl_multi errors
  
  This makes torture tests run more proper.
  
  Also add an assert to trap situations where it would end up with no
  sockets to wait for.
  
  Closes #8121

- FAQ: we never pronounced it "see URL", we say "kurl"

- RELEASE-NOTES: synced

- CURLOPT_RESOLVE.3: minor polish
  
  Minor rephrasing for some explanations.
  
  Put the format strings in stand-alone lines with .nf/.fi to be easier to spot.
  
  Move "added in" to AVAILABILITY
  
  Closed #8110

- test1556: adjust for hyper
  
  Closes #8105

- test1554: adjust for hyper
  
  Closes #8104

- retry-all-errors.d: make the example complete
  
  ... as it needs --retry too to work

- TODO: 5.7 Require HTTP version X or higher
  
  Closes #7980

- CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL
  
  This is the exact same limitation already documented for
  CURLOPT_WRITEDATA but should be clarified here. It also has a different
  work-around.
  
  Reported-by: Stephane Pellegrino
  Bug: https://github.com/curl/curl/issues/8102
  Closes #8103

- multi: handle errors returned from socket/timer callbacks
  
  The callbacks were partially documented to support this. Now the
  behavior is documented and returning error from either of these
  callbacks will effectively kill all currently ongoing transfers.
  
  Added test 530 to verify
  
  Reported-by: Marcelo Juchem
  Fixes #8083
  Closes #8089

- http2:set_transfer_url() return early on OOM
  
  If curl_url() returns NULL this should return early to avoid mistakes -
  even if right now the subsequent function invokes are all OK.
  
  Coverity (wrongly) pointed out this as a NULL deref.
  
  Closes #8100

- tool_parsecfg: use correct free() call to free memory
  
  Detected by Coverity. CID 1494642.
  Follow-up from 2be1aa619bca
  
  Closes #8099

- tool_operate: fix potential memory-leak
  
  A 'CURLU *' would leak if url_proto() is called with no URL.
  
  Detected by Coverity. CID 1494643.
  Follow-up to 18270893abdb19
  Closes #8098

- [Patrick Monnerat brought this change]

  openldap: implement STARTTLS
  
  As this introduces use of CURLOPT_USE_SSL option for LDAP, also check
  this option in ldap.c as it is not supported by this backend.
  
  Closes #8065

- [Jun Tseng brought this change]

  curl_easy_unescape.3: call curl_easy_cleanup in example
  
  Closes #8097

- [Jun Tseng brought this change]

  curl_easy_escape.3: call curl_easy_cleanup in example
  
  Closes #8097

- tool_listhelp: sync
  
  Follow-up to 172068b76f

- [Damien Walsh brought this change]

  request.d: refer to 'method' rather than 'command'
  
  Closes #8094

- RELEASE-NOTES: synced

- writeout: fix %{http_version} for HTTP/3
  
  Output "3" properly when HTTP/3 was used.
  
  Reported-by: Bernat Mut
  Fixes #8072
  Closes #8092

- urlapi: accept port number zero
  
  This is a regression since 7.62.0 (fb30ac5a2d).
  
  Updated test 1560 accordingly
  
  Reported-by: Brad Fitzpatrick
  Fixes #8090
  Closes #8091

- [Mark Dodgson brought this change]

  lift: ignore is a deprecated config option, use ignoreRules
  
  Closes #8082

- [Alessandro Ghedini brought this change]

  HTTP3: update quiche build instructions
  
  The repo repo was re-organized a bit, so the build instructions need to
  be updated.
  
  Closes #8076

- CURLMOPT_TIMERFUNCTION.3: call it expire time, not interval
  
  Since we say it is a non-repating timer

- [Florian Van Heghe brought this change]

  mbedTLS: include NULL byte in blob data length for CURLOPT_CAINFO_BLOB
  
  Fixes #8079
  Closes #8081

Jay Satiro (2 Dec 2021)
- [Wyatt O'Day brought this change]

  version_win32: Check build number and platform id
  
  Prior to this change the build number was not checked during version
  comparison, and the platform id was supposed to be checked but wasn't.
  
  Checking the build number is required for enabling "evergreen"
  Windows 10/11 features (like TLS 1.3).
  
  Ref: https://github.com/curl/curl/pull/7784
  
  Closes https://github.com/curl/curl/pull/7824
  Closes https://github.com/curl/curl/pull/7867

- libssh2: fix error message for sha256 mismatch
  
  - On mismatch error show sha256 fingerprint in base64 format.
  
  Prior to this change the fingerprint was mistakenly printed in binary.

Daniel Stenberg (1 Dec 2021)
- [x2018 brought this change]

  openssl: check the return value of BIO_new()
  
  Closes #8078

Dan Fandrich (30 Nov 2021)
- docs: Update the Reducing Size section
  
  Add many more options that can reduce the size of the binary that were
  added since the last update. Update the sample minimal binary size for
  version 7.80.0.

- tests: Add some missing keywords to tests
  
  These are needed to skip some tests when configure options have disabled
  certain features.

Daniel Stenberg (30 Nov 2021)
- [Florian Van Heghe brought this change]

  mbedTLS: add support for CURLOPT_CAINFO_BLOB
  
  Closes #8071

- [Glenn Strauss brought this change]

  digest: compute user:realm:pass digest w/o userhash
  
  https://datatracker.ietf.org/doc/html/rfc7616#section-3.4.4
    ... the client MUST calculate a hash of the username after
        any other hash calculation ...
  
  Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
  Closes #8066

- config.d: update documentation to match the path search
  
  Assisted-by: Jay Satiro

- tool_findfile: search for a file in the homedir
  
  The homedir() function is now renamed into findfile() and iterates over
  all the environment variables trying to access the file in question
  until it finds it. Last resort is then getpwuid() if
  available. Previously it would first try to find a home directory and if
  that was set, insist on checking only that directory for the file. This
  now returns the full file name it finds.
  
  The Windows specific checks are now done differently too and in this
  order:
  
  1 - %USERPROFILE%
  2 - %APPDATA%
  3 - %USERPROFILE%\\Application Data
  
  The windows order is modified to match how the Windows 10 ssh tool works
  when it searches for .ssh/known_hosts.
  
  Reported-by: jeffrson on github
  Co-authored-by: Jay Satiro
  Fixes #8033
  Closes #8035

- docs: consistent manpage SYNOPSIS
  
  Make all libcurl related options use .nf (no fill) for the SYNOPSIS
  section - for consistent look. roffit then renders that section using
  <pre> (monospace font) in html for the website.
  
  Extended manpage-syntax (test 1173) with a basic check for it.
  
  Closes #8062

- RELEASE-NOTES: synced

- [Patrick Monnerat brought this change]

  openldap: handle connect phase with a state machine
  
  Closes #8054

- docs: address proselint nits
  
  - avoid exclamation marks
  - use consistent number of spaces after periods: one
  - avoid clichés
  - avoid using 'very'
  
  Closes #8060

- [Bruno Baguette brought this change]

  FAQ: typo fix : "yout" ➤ "your"
  
  Closes #8059

- [Bruno Baguette brought this change]

  docs/INSTALL.md: typo fix : added missing "get" verb
  
  Closes #8058

- insecure.d: detail its use for SFTP and SCP as well
  
  Closes #8056

Viktor Szakats (25 Nov 2021)
- Makefile.m32: rename -winssl option to -schannel and tidy up
  
  - accept `-schannel` as an alternative to `CFG` option `-winssl`
    (latter still accepted, but deprecated)
  - rename internal variable `WINSSL` to `SCHANNEL`
  - make the `CFG` option evaluation shorter, without repeating the option
    name
  
  Reviewed-by: Marcel Raad
  Reviewed-by: Daniel Stenberg
  Closes #8053

Daniel Stenberg (25 Nov 2021)
- KNOWN_BUGS: 5.6 make distclean loops forever
  
  Reported-by: David Bohman
  Closes #7716

- KNOWN_BUGS: add one, remove one
  
  - 5.10 SMB tests fail with Python 2
  
  Just use python 3.
  
  + 5.10 curl hangs on SMB upload over stdin
  
  Closes #7896

- urlapi: provide more detailed return codes
  
  Previously, the return code CURLUE_MALFORMED_INPUT was used for almost
  30 different URL format violations. This made it hard for users to
  understand why a particular URL was not acceptable. Since the API cannot
  point out a specific position within the URL for the problem, this now
  instead introduces a number of additional and more fine-grained error
  codes to allow the API to return more exactly in what "part" or section
  of the URL a problem was detected.
  
  Also bug-fixes curl_url_get() with CURLUPART_ZONEID, which previously
  returned CURLUE_OK even if no zoneid existed.
  
  Test cases in 1560 have been adjusted and extended. Tests 1538 and 1559
  have been updated.
  
  Updated libcurl-errors.3 and curl_url_strerror() accordingly.
  
  Closes #8049

- urlapi: make Curl_is_absolute_url always use MAX_SCHEME_LEN
  
  Instad of having all callers pass in the maximum length, always use
  it. The passed in length is instead used only as the length of the
  target buffer for to storing the scheme name in, if used.
  
  Added the scheme max length restriction to the curl_url_set.3 man page.
  
  Follow-up to 45bcb2eaa78c79
  
  Closes #8047

- [Jay Satiro brought this change]

  cmake: warn on use of the now deprecated symbols
  
  Follow-up to 9108da2c26d
  
  Closes #8052

- [Kevin Burke brought this change]

  tests/CI.md: add more information on CI environments
  
  Fixes #8012
  Closes #8022

- cmake: private identifiers use CURL_ instead of CMAKE_ prefix
  
  Since the 'CMAKE_' prefix is reserved for cmake's own private use.
  Ref: https://cmake.org/cmake/help/latest/manual/cmake-variables.7.html
  
  Reported-by: Boris Rasin
  Fixes #7988
  Closes #8044

- urlapi: reject short file URLs
  
  file URLs that are 6 bytes or shorter are not complete. Return
  CURLUE_MALFORMED_INPUT for those. Extended test 1560 to verify.
  
  Triggered by #8041
  Closes #8042

- curl: improve error message for --head with -J
  
  ... it now focuses on the "output of headers" combined with the
  --remote-header-name option, as that is actually the problem. Both
  --head and --include can output headers.
  
  Reported-by: nimaje on github
  Fixes #7987
  Closes #8045

- RELEASE-NOTES: synced

- [Stefan Eissing brought this change]

  urlapi: cleanup scheme parsing
  
  Makea Curl_is_absolute_url() always leave a defined 'buf' and avoids
  copying on urls that do not start with a scheme.
  
  Closes #8043

- tool_operate: only set SSH related libcurl options for SSH URLs
  
  For example, this avoids trying to find and set the known_hosts file (or
  warn for its absence) if SFTP or SCP are not used.
  
  Closes #8040

- [Jacob Hoffman-Andrews brought this change]

  rustls: remove comment about checking handshaking
  
  The comment is incorrect in two ways:
   - It says the check needs to be last, but the check is actually first.
   - is_handshaking actually starts out true.
  
  Closes #8038
