1
/***************************************************************************
2
 *                                  _   _ ____  _
3
 *  Project                     ___| | | |  _ \| |
4
 *                             / __| | | | |_) | |
5
 *                            | (__| |_| |  _ <| |___
6
 *                             \___|\___/|_| \_\_____|
7
 *
8
 * Copyright (C) Daniel Stenberg, <[email protected]>, et al.
9
 *
10
 * This software is licensed as described in the file COPYING, which
11
 * you should have received as part of this distribution. The terms
12
 * are also available at https://curl.se/docs/copyright.html.
13
 *
14
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15
 * copies of the Software, and permit persons to whom the Software is
16
 * furnished to do so, under the terms of the COPYING file.
17
 *
18
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19
 * KIND, either express or implied.
20
 *
21
 * SPDX-License-Identifier: curl
22
 *
23
 ***************************************************************************/
24
#include "tool_setup.h"
25

26
#include "tool_cfgable.h"
27
#include "tool_setopt.h"
28
#include "tool_findfile.h"
29
#include "tool_msgs.h"
30
#include "tool_libinfo.h"
31
#include "tool_cb_soc.h"
32
#include "tool_operate.h"
33
#include "config2setopts.h"
34
#include "tool_ipfs.h"
35
#include "tool_cb_wrt.h"
36
#include "tool_cb_rea.h"
37
#include "tool_cb_see.h"
38
#include "tool_cb_dbg.h"
39
#include "tool_helpers.h"
40

41
#define BUFFER_SIZE 102400L
42

43
/* When doing serial transfers, we use a single fixed error area */
44
static char global_errorbuffer[CURL_ERROR_SIZE];
45

46
#ifdef IP_TOS
47
static int get_address_family(curl_socket_t sockfd)
48
{
49
  struct sockaddr addr;
50
  curl_socklen_t addrlen = sizeof(addr);
51
  memset(&addr, 0, sizeof(addr));
52
  if(getsockname(sockfd, (struct sockaddr *)&addr, &addrlen) == 0)
53
    return addr.sa_family;
54
  return AF_UNSPEC;
55
}
56
#endif
57

58
#ifndef SOL_IP
59
#  define SOL_IP IPPROTO_IP
60
#endif
61

62
#if defined(IP_TOS) || defined(IPV6_TCLASS) || defined(SO_PRIORITY)
63
static int sockopt_callback(void *clientp, curl_socket_t curlfd,
64
                            curlsocktype purpose)
65
{
66
  struct OperationConfig *config = (struct OperationConfig *)clientp;
67
  if(purpose != CURLSOCKTYPE_IPCXN)
68
    return CURL_SOCKOPT_OK;
69
  (void)config;
70
  (void)curlfd;
71
#if defined(IP_TOS) || defined(IPV6_TCLASS)
72
  if(config->ip_tos > 0) {
73
    int tos = (int)config->ip_tos;
74
    int result = 0;
75
    switch(get_address_family(curlfd)) {
76
    case AF_INET:
77
#ifdef IP_TOS
78
      result = setsockopt(curlfd, SOL_IP, IP_TOS, (void *)&tos, sizeof(tos));
79
#endif
80
      break;
81
#if defined(IPV6_TCLASS) && defined(AF_INET6)
82
    case AF_INET6:
83
      result = setsockopt(curlfd, IPPROTO_IPV6, IPV6_TCLASS,
84
                          (void *)&tos, sizeof(tos));
85
      break;
86
#endif
87
    }
88
    if(result < 0) {
89
      int error = errno;
90
      warnf(config->global,
91
            "Setting type of service to %d failed with errno %d: %s;\n",
92
            tos, error, strerror(error));
93
    }
94
  }
95
#endif
96
#ifdef SO_PRIORITY
97
  if(config->vlan_priority > 0) {
98
    int priority = (int)config->vlan_priority;
99
    if(setsockopt(curlfd, SOL_SOCKET, SO_PRIORITY,
100
      (void *)&priority, sizeof(priority)) != 0) {
101
      int error = errno;
102
      warnf(config->global, "VLAN priority %d failed with errno %d: %s;\n",
103
            priority, error, strerror(error));
104
    }
105
  }
106
#endif
107
  return CURL_SOCKOPT_OK;
108
}
109
#endif /* IP_TOD || IPV6_TCLASS || SO_PRIORITY */
110

111
/* return current SSL backend name, chop off multissl */
112
static char *ssl_backend(void)
113
{
114
  static char ssl_ver[80] = "no ssl";
115
  static bool already = FALSE;
116
  if(!already) { /* if there is no existing version */
117
    const char *v = curl_version_info(CURLVERSION_NOW)->ssl_version;
118
    if(v)
119
      msnprintf(ssl_ver, sizeof(ssl_ver), "%.*s", (int) strcspn(v, " "), v);
120
    already = TRUE;
121
  }
122
  return ssl_ver;
123
}
124

125
/*
126
 * Possibly rewrite the URL for IPFS and return the protocol token for the
127
 * scheme used in the given URL.
128
 */
129
static CURLcode url_proto_and_rewrite(char **url,
130
                                      struct OperationConfig *config,
131
                                      const char **scheme)
132
{
133
  CURLcode result = CURLE_OK;
134
  CURLU *uh = curl_url();
135
  const char *proto = NULL;
136
  *scheme = NULL;
137

138
  DEBUGASSERT(url && *url);
139
  if(uh) {
140
    char *schemep = NULL;
141
    if(!curl_url_set(uh, CURLUPART_URL, *url,
142
                     CURLU_GUESS_SCHEME | CURLU_NON_SUPPORT_SCHEME) &&
143
       !curl_url_get(uh, CURLUPART_SCHEME, &schemep,
144
                     CURLU_DEFAULT_SCHEME)) {
145
#ifdef CURL_DISABLE_IPFS
146
      (void)config;
147
#else
148
      if(curl_strequal(schemep, proto_ipfs) ||
149
         curl_strequal(schemep, proto_ipns)) {
150
        result = ipfs_url_rewrite(uh, schemep, url, config);
151
        /* short-circuit proto_token, we know it is ipfs or ipns */
152
        if(curl_strequal(schemep, proto_ipfs))
153
          proto = proto_ipfs;
154
        else if(curl_strequal(schemep, proto_ipns))
155
          proto = proto_ipns;
156
        if(result)
157
          config->synthetic_error = TRUE;
158
      }
159
      else
160
#endif /* !CURL_DISABLE_IPFS */
161
        proto = proto_token(schemep);
162

163
      curl_free(schemep);
164
    }
165
    curl_url_cleanup(uh);
166
  }
167
  else
168
    result = CURLE_OUT_OF_MEMORY;
169

170
  *scheme = proto ? proto : "?"; /* Never match if not found. */
171
  return result;
172
}
173

174
static CURLcode ssh_setopts(struct GlobalConfig *global,
175
                            struct OperationConfig *config,
176
                            CURL *curl)
177
{
178
  CURLcode result;
179

180
  /* SSH and SSL private key uses same command-line option */
181
  /* new in libcurl 7.16.1 */
182
  my_setopt_str(curl, CURLOPT_SSH_PRIVATE_KEYFILE, config->key);
183
  /* new in libcurl 7.16.1 */
184
  my_setopt_str(curl, CURLOPT_SSH_PUBLIC_KEYFILE, config->pubkey);
185

186
  /* new in libcurl 7.17.1: SSH host key md5 checking allows us
187
     to fail if we are not talking to who we think we should */
188
  my_setopt_str(curl, CURLOPT_SSH_HOST_PUBLIC_KEY_MD5,
189
                config->hostpubmd5);
190

191
  /* new in libcurl 7.80.0: SSH host key sha256 checking allows us
192
     to fail if we are not talking to who we think we should */
193
  my_setopt_str(curl, CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256,
194
                config->hostpubsha256);
195

196
  /* new in libcurl 7.56.0 */
197
  if(config->ssh_compression)
198
    my_setopt_long(curl, CURLOPT_SSH_COMPRESSION, 1);
199

200
  if(!config->insecure_ok) {
201
    char *known = global->knownhosts;
202

203
    if(!known)
204
      known = findfile(".ssh/known_hosts", FALSE);
205
    if(known) {
206
      /* new in curl 7.19.6 */
207
      result = my_setopt_str(curl, CURLOPT_SSH_KNOWNHOSTS, known);
208
      if(result) {
209
        global->knownhosts = NULL;
210
        curl_free(known);
211
        return result;
212
      }
213
      /* store it in global to avoid repeated checks */
214
      global->knownhosts = known;
215
    }
216
    else if(!config->hostpubmd5 && !config->hostpubsha256) {
217
      errorf(global, "Couldn't find a known_hosts file");
218
      return CURLE_FAILED_INIT;
219
    }
220
    else
221
      warnf(global, "Couldn't find a known_hosts file");
222
  }
223
  return CURLE_OK; /* ignore if SHA256 did not work */
224
}
225

226
#ifdef CURL_CA_EMBED
227
#ifndef CURL_DECLARED_CURL_CA_EMBED
228
#define CURL_DECLARED_CURL_CA_EMBED
229
extern const unsigned char curl_ca_embed[];
230
#endif
231
#endif
232

233
/* only called if libcurl supports TLS */
234
static CURLcode ssl_setopts(struct GlobalConfig *global,
235
                            struct OperationConfig *config,
236
                            CURL *curl)
237
{
238
  CURLcode result = CURLE_OK;
239

240
  if(config->cacert)
241
    my_setopt_str(curl, CURLOPT_CAINFO, config->cacert);
242
  if(config->proxy_cacert)
243
    my_setopt_str(curl, CURLOPT_PROXY_CAINFO, config->proxy_cacert);
244

245
  if(config->capath) {
246
    result = my_setopt_str(curl, CURLOPT_CAPATH, config->capath);
247
    if(result)
248
      return result;
249
  }
250
  /* For the time being if --proxy-capath is not set then we use the
251
     --capath value for it, if any. See #1257 */
252
  if(config->proxy_capath || config->capath) {
253
    result = my_setopt_str(curl, CURLOPT_PROXY_CAPATH,
254
                           (config->proxy_capath ? config->proxy_capath :
255
                            config->capath));
256
    if((result == CURLE_NOT_BUILT_IN) ||
257
       (result == CURLE_UNKNOWN_OPTION)) {
258
      if(config->proxy_capath) {
259
        warnf(global, "ignoring %s, not supported by libcurl with %s",
260
              config->proxy_capath ? "--proxy-capath" : "--capath",
261
              ssl_backend());
262
      }
263
    }
264
    else if(result)
265
      return result;
266
  }
267

268
#ifdef CURL_CA_EMBED
269
  if(!config->cacert && !config->capath) {
270
    struct curl_blob blob;
271
    blob.data = CURL_UNCONST(curl_ca_embed);
272
    blob.len = strlen((const char *)curl_ca_embed);
273
    blob.flags = CURL_BLOB_NOCOPY;
274
    notef(config->global,
275
          "Using embedded CA bundle (%zu bytes)",
276
          blob.len);
277
    result = curl_easy_setopt(curl, CURLOPT_CAINFO_BLOB, &blob);
278
    if(result == CURLE_NOT_BUILT_IN) {
279
      warnf(global, "ignoring %s, not supported by libcurl with %s",
280
            "embedded CA bundle", ssl_backend());
281
    }
282
  }
283
  if(!config->proxy_cacert && !config->proxy_capath) {
284
    struct curl_blob blob;
285
    blob.data = CURL_UNCONST(curl_ca_embed);
286
    blob.len = strlen((const char *)curl_ca_embed);
287
    blob.flags = CURL_BLOB_NOCOPY;
288
    notef(config->global,
289
          "Using embedded CA bundle, for proxies (%zu bytes)",
290
          blob.len);
291
    result = curl_easy_setopt(curl, CURLOPT_PROXY_CAINFO_BLOB, &blob);
292
    if(result == CURLE_NOT_BUILT_IN) {
293
      warnf(global, "ignoring %s, not supported by libcurl with %s",
294
            "embedded CA bundle", ssl_backend());
295
    }
296
  }
297
#endif
298

299
  if(config->crlfile)
300
    my_setopt_str(curl, CURLOPT_CRLFILE, config->crlfile);
301
  if(config->proxy_crlfile)
302
    my_setopt_str(curl, CURLOPT_PROXY_CRLFILE, config->proxy_crlfile);
303
  else if(config->crlfile) /* CURLOPT_PROXY_CRLFILE default is crlfile */
304
    my_setopt_str(curl, CURLOPT_PROXY_CRLFILE, config->crlfile);
305

306
  if(config->pinnedpubkey) {
307
    result = my_setopt_str(curl, CURLOPT_PINNEDPUBLICKEY,
308
                           config->pinnedpubkey);
309
    if(result == CURLE_NOT_BUILT_IN)
310
      warnf(global, "ignoring %s, not supported by libcurl with %s",
311
            "--pinnedpubkey", ssl_backend());
312
  }
313
  if(config->proxy_pinnedpubkey) {
314
    result = my_setopt_str(curl, CURLOPT_PROXY_PINNEDPUBLICKEY,
315
                           config->proxy_pinnedpubkey);
316
    if(result == CURLE_NOT_BUILT_IN)
317
      warnf(global, "ignoring %s, not supported by libcurl with %s",
318
            "--proxy-pinnedpubkey", ssl_backend());
319
  }
320

321
  if(config->ssl_ec_curves)
322
    my_setopt_str(curl, CURLOPT_SSL_EC_CURVES, config->ssl_ec_curves);
323

324
  if(config->ssl_signature_algorithms)
325
    my_setopt_str(curl, CURLOPT_SSL_SIGNATURE_ALGORITHMS,
326
                  config->ssl_signature_algorithms);
327

328
  if(config->writeout)
329
    my_setopt_long(curl, CURLOPT_CERTINFO, 1);
330

331
  my_setopt_str(curl, CURLOPT_SSLCERT, config->cert);
332
  my_setopt_str(curl, CURLOPT_PROXY_SSLCERT, config->proxy_cert);
333
  my_setopt_str(curl, CURLOPT_SSLCERTTYPE, config->cert_type);
334
  my_setopt_str(curl, CURLOPT_PROXY_SSLCERTTYPE,
335
                config->proxy_cert_type);
336
  my_setopt_str(curl, CURLOPT_SSLKEY, config->key);
337
  my_setopt_str(curl, CURLOPT_PROXY_SSLKEY, config->proxy_key);
338
  my_setopt_str(curl, CURLOPT_SSLKEYTYPE, config->key_type);
339
  my_setopt_str(curl, CURLOPT_PROXY_SSLKEYTYPE,
340
                config->proxy_key_type);
341

342
  /* libcurl default is strict verifyhost -> 1L, verifypeer -> 1L */
343
  if(config->insecure_ok) {
344
    my_setopt_long(curl, CURLOPT_SSL_VERIFYPEER, 0);
345
    my_setopt_long(curl, CURLOPT_SSL_VERIFYHOST, 0);
346
  }
347

348
  if(config->doh_insecure_ok) {
349
    my_setopt_long(curl, CURLOPT_DOH_SSL_VERIFYPEER, 0);
350
    my_setopt_long(curl, CURLOPT_DOH_SSL_VERIFYHOST, 0);
351
  }
352

353
  if(config->proxy_insecure_ok) {
354
    my_setopt_long(curl, CURLOPT_PROXY_SSL_VERIFYPEER, 0);
355
    my_setopt_long(curl, CURLOPT_PROXY_SSL_VERIFYHOST, 0);
356
  }
357

358
  if(config->verifystatus)
359
    my_setopt_long(curl, CURLOPT_SSL_VERIFYSTATUS, 1);
360

361
  if(config->doh_verifystatus)
362
    my_setopt_long(curl, CURLOPT_DOH_SSL_VERIFYSTATUS, 1);
363

364
  if(config->falsestart)
365
    my_setopt_long(curl, CURLOPT_SSL_FALSESTART, 1);
366

367
  my_setopt_SSLVERSION(curl, CURLOPT_SSLVERSION,
368
                       config->ssl_version | config->ssl_version_max);
369
  if(config->proxy)
370
    my_setopt_SSLVERSION(curl, CURLOPT_PROXY_SSLVERSION,
371
                         config->proxy_ssl_version);
372

373
  {
374
    long mask =
375
      (config->ssl_allow_beast ? CURLSSLOPT_ALLOW_BEAST : 0) |
376
      (config->ssl_allow_earlydata ? CURLSSLOPT_EARLYDATA : 0) |
377
      (config->ssl_no_revoke ? CURLSSLOPT_NO_REVOKE : 0) |
378
      (config->ssl_revoke_best_effort ? CURLSSLOPT_REVOKE_BEST_EFFORT : 0) |
379
      (config->native_ca_store ? CURLSSLOPT_NATIVE_CA : 0) |
380
      (config->ssl_auto_client_cert ? CURLSSLOPT_AUTO_CLIENT_CERT : 0);
381

382
    if(mask)
383
      my_setopt_bitmask(curl, CURLOPT_SSL_OPTIONS, mask);
384
  }
385

386
  {
387
    long mask =
388
      (config->proxy_ssl_allow_beast ? CURLSSLOPT_ALLOW_BEAST : 0) |
389
      (config->proxy_ssl_auto_client_cert ?
390
       CURLSSLOPT_AUTO_CLIENT_CERT : 0) |
391
      (config->proxy_native_ca_store ? CURLSSLOPT_NATIVE_CA : 0);
392

393
    if(mask)
394
      my_setopt_bitmask(curl, CURLOPT_PROXY_SSL_OPTIONS, mask);
395
  }
396

397
  if(config->cipher_list) {
398
    result = my_setopt_str(curl, CURLOPT_SSL_CIPHER_LIST,
399
                           config->cipher_list);
400
    if(result == CURLE_NOT_BUILT_IN)
401
      warnf(global, "ignoring %s, not supported by libcurl with %s",
402
            "--ciphers", ssl_backend());
403
  }
404
  if(config->proxy_cipher_list) {
405
    result = my_setopt_str(curl, CURLOPT_PROXY_SSL_CIPHER_LIST,
406
                           config->proxy_cipher_list);
407
    if(result == CURLE_NOT_BUILT_IN)
408
      warnf(global, "ignoring %s, not supported by libcurl with %s",
409
            "--proxy-ciphers", ssl_backend());
410
  }
411
  if(config->cipher13_list) {
412
    result = my_setopt_str(curl, CURLOPT_TLS13_CIPHERS,
413
                           config->cipher13_list);
414
    if(result == CURLE_NOT_BUILT_IN)
415
      warnf(global, "ignoring %s, not supported by libcurl with %s",
416
            "--tls13-ciphers", ssl_backend());
417
  }
418
  if(config->proxy_cipher13_list) {
419
    result = my_setopt_str(curl, CURLOPT_PROXY_TLS13_CIPHERS,
420
                           config->proxy_cipher13_list);
421
    if(result == CURLE_NOT_BUILT_IN)
422
      warnf(global, "ignoring %s, not supported by libcurl with %s",
423
            "--proxy-tls13-ciphers", ssl_backend());
424
  }
425

426
  /* curl 7.16.0 */
427
  if(config->disable_sessionid)
428
    /* disable it */
429
    my_setopt_long(curl, CURLOPT_SSL_SESSIONID_CACHE, 0);
430

431
  if(feature_ech) {
432
    /* only if enabled in libcurl */
433
    if(config->ech) /* only if set (optional) */
434
      my_setopt_str(curl, CURLOPT_ECH, config->ech);
435
    if(config->ech_public) /* only if set (optional) */
436
      my_setopt_str(curl, CURLOPT_ECH, config->ech_public);
437
    if(config->ech_config) /* only if set (optional) */
438
      my_setopt_str(curl, CURLOPT_ECH, config->ech_config);
439
  }
440

441
  /* new in curl 7.9.3 */
442
  if(config->engine) {
443
    result = my_setopt_str(curl, CURLOPT_SSLENGINE, config->engine);
444
    if(result)
445
      return result;
446
  }
447

448
  /* new in curl 7.15.5 */
449
  if(config->ftp_ssl_reqd)
450
    my_setopt_enum(curl, CURLOPT_USE_SSL, CURLUSESSL_ALL);
451

452
  /* new in curl 7.11.0 */
453
  else if(config->ftp_ssl)
454
    my_setopt_enum(curl, CURLOPT_USE_SSL, CURLUSESSL_TRY);
455

456
  /* new in curl 7.16.0 */
457
  else if(config->ftp_ssl_control)
458
    my_setopt_enum(curl, CURLOPT_USE_SSL, CURLUSESSL_CONTROL);
459

460
  if(config->noalpn)
461
    my_setopt_long(curl, CURLOPT_SSL_ENABLE_ALPN, 0);
462

463
  return CURLE_OK;
464
}
465

466
/* only called for HTTP transfers */
467
static CURLcode http_setopts(struct GlobalConfig *global,
468
                             struct OperationConfig *config,
469
                             CURL *curl)
470
{
471
  long postRedir = 0;
472
  (void) global; /* for builds without --libcurl */
473

474
  my_setopt_long(curl, CURLOPT_FOLLOWLOCATION,
475
                 config->followlocation);
476
  my_setopt_long(curl, CURLOPT_UNRESTRICTED_AUTH,
477
                 config->unrestricted_auth);
478
  my_setopt_str(curl, CURLOPT_AWS_SIGV4, config->aws_sigv4);
479
  my_setopt_long(curl, CURLOPT_AUTOREFERER, config->autoreferer);
480

481
  /* new in libcurl 7.36.0 */
482
  if(config->proxyheaders) {
483
    my_setopt_slist(curl, CURLOPT_PROXYHEADER, config->proxyheaders);
484
    my_setopt_long(curl, CURLOPT_HEADEROPT, CURLHEADER_SEPARATE);
485
  }
486

487
  /* new in libcurl 7.5 */
488
  my_setopt_long(curl, CURLOPT_MAXREDIRS, config->maxredirs);
489

490
  if(config->httpversion)
491
    my_setopt_enum(curl, CURLOPT_HTTP_VERSION, config->httpversion);
492

493
  /* curl 7.19.1 (the 301 version existed in 7.18.2),
494
     303 was added in 7.26.0 */
495
  if(config->post301)
496
    postRedir |= CURL_REDIR_POST_301;
497
  if(config->post302)
498
    postRedir |= CURL_REDIR_POST_302;
499
  if(config->post303)
500
    postRedir |= CURL_REDIR_POST_303;
501
  my_setopt_long(curl, CURLOPT_POSTREDIR, postRedir);
502

503
  /* new in libcurl 7.21.6 */
504
  if(config->encoding)
505
    my_setopt_str(curl, CURLOPT_ACCEPT_ENCODING, "");
506

507
  /* new in libcurl 7.21.6 */
508
  if(config->tr_encoding)
509
    my_setopt_long(curl, CURLOPT_TRANSFER_ENCODING, 1);
510
  /* new in libcurl 7.64.0 */
511
  my_setopt_long(curl, CURLOPT_HTTP09_ALLOWED, config->http09_allowed);
512

513
  if(config->altsvc)
514
    my_setopt_str(curl, CURLOPT_ALTSVC, config->altsvc);
515

516
  if(config->hsts)
517
    my_setopt_str(curl, CURLOPT_HSTS, config->hsts);
518

519
  /* new in 7.47.0 */
520
  if(config->expect100timeout_ms > 0)
521
    my_setopt_long(curl, CURLOPT_EXPECT_100_TIMEOUT_MS,
522
                   config->expect100timeout_ms);
523

524
  return CURLE_OK;
525
}
526

527
static CURLcode cookie_setopts(struct GlobalConfig *global,
528
                               struct OperationConfig *config,
529
                               CURL *curl)
530
{
531
  CURLcode result = CURLE_OK;
532
  if(config->cookies) {
533
    struct dynbuf cookies;
534
    struct curl_slist *cl;
535

536
    /* The maximum size needs to match MAX_NAME in cookie.h */
537
#define MAX_COOKIE_LINE 8200
538
    curlx_dyn_init(&cookies, MAX_COOKIE_LINE);
539
    for(cl = config->cookies; cl; cl = cl->next) {
540
      if(cl == config->cookies)
541
        result = curlx_dyn_addf(&cookies, "%s", cl->data);
542
      else
543
        result = curlx_dyn_addf(&cookies, ";%s", cl->data);
544

545
      if(result) {
546
        warnf(global,
547
              "skipped provided cookie, the cookie header "
548
              "would go over %u bytes", MAX_COOKIE_LINE);
549
        return result;
550
      }
551
    }
552

553
    my_setopt_str(curl, CURLOPT_COOKIE, curlx_dyn_ptr(&cookies));
554
    curlx_dyn_free(&cookies);
555
  }
556

557
  if(config->cookiefiles) {
558
    struct curl_slist *cfl;
559

560
    for(cfl = config->cookiefiles; cfl; cfl = cfl->next)
561
      my_setopt_str(curl, CURLOPT_COOKIEFILE, cfl->data);
562
  }
563

564
  /* new in libcurl 7.9 */
565
  if(config->cookiejar)
566
    my_setopt_str(curl, CURLOPT_COOKIEJAR, config->cookiejar);
567

568
  /* new in libcurl 7.9.7 */
569
  my_setopt_long(curl, CURLOPT_COOKIESESSION, config->cookiesession);
570

571
  return result;
572
}
573

574
static CURLcode tcp_setopts(struct GlobalConfig *global,
575
                            struct OperationConfig *config,
576
                            CURL *curl)
577
{
578
  (void) global; /* for builds without --libcurl */
579
  if(!config->tcp_nodelay)
580
    my_setopt_long(curl, CURLOPT_TCP_NODELAY, 0);
581

582
  if(config->tcp_fastopen)
583
    my_setopt_long(curl, CURLOPT_TCP_FASTOPEN, 1);
584

585
  if(config->mptcp)
586
    my_setopt(curl, CURLOPT_OPENSOCKETFUNCTION, tool_socket_open_mptcp_cb);
587

588
  /* curl 7.17.1 */
589
  if(!config->nokeepalive) {
590
    my_setopt_long(curl, CURLOPT_TCP_KEEPALIVE, 1);
591
    if(config->alivetime) {
592
      my_setopt_long(curl, CURLOPT_TCP_KEEPIDLE, config->alivetime);
593
      my_setopt_long(curl, CURLOPT_TCP_KEEPINTVL, config->alivetime);
594
    }
595
    if(config->alivecnt)
596
      my_setopt_long(curl, CURLOPT_TCP_KEEPCNT, config->alivecnt);
597
  }
598
  else
599
    my_setopt_long(curl, CURLOPT_TCP_KEEPALIVE, 0);
600
  return CURLE_OK;
601
}
602

603
static CURLcode ftp_setopts(struct GlobalConfig *global,
604
                            struct OperationConfig *config,
605
                            CURL *curl)
606
{
607
  (void) global; /* for builds without --libcurl */
608
  my_setopt_str(curl, CURLOPT_FTPPORT, config->ftpport);
609

610
  /* new in libcurl 7.9.2: */
611
  if(config->disable_epsv)
612
    /* disable it */
613
    my_setopt_long(curl, CURLOPT_FTP_USE_EPSV, 0);
614

615
  /* new in libcurl 7.10.5 */
616
  if(config->disable_eprt)
617
    /* disable it */
618
    my_setopt_long(curl, CURLOPT_FTP_USE_EPRT, 0);
619

620
  /* new in curl 7.16.1 */
621
  if(config->ftp_ssl_ccc)
622
    my_setopt_enum(curl, CURLOPT_FTP_SSL_CCC, (long)config->ftp_ssl_ccc_mode);
623

624
  my_setopt_str(curl, CURLOPT_FTP_ACCOUNT, config->ftp_account);
625

626
  /* curl 7.14.2 */
627
  my_setopt_long(curl, CURLOPT_FTP_SKIP_PASV_IP, config->ftp_skip_ip);
628

629
  /* curl 7.15.1 */
630
  my_setopt_long(curl, CURLOPT_FTP_FILEMETHOD, config->ftp_filemethod);
631

632
    /* curl 7.15.5 */
633
  my_setopt_str(curl, CURLOPT_FTP_ALTERNATIVE_TO_USER,
634
                config->ftp_alternative_to_user);
635

636
  /* curl 7.20.x */
637
  if(config->ftp_pret)
638
    my_setopt_long(curl, CURLOPT_FTP_USE_PRET, 1);
639

640
  return CURLE_OK;
641
}
642

643
static void gen_trace_setopts(struct GlobalConfig *global,
644
                              struct OperationConfig *config,
645
                              CURL *curl)
646
{
647
  if(global->tracetype != TRACE_NONE) {
648
    my_setopt(curl, CURLOPT_DEBUGFUNCTION, tool_debug_cb);
649
    my_setopt(curl, CURLOPT_DEBUGDATA, config);
650
    my_setopt_long(curl, CURLOPT_VERBOSE, 1L);
651
  }
652
}
653

654
static void gen_cb_setopts(struct GlobalConfig *global,
655
                           struct OperationConfig *config,
656
                           struct per_transfer *per,
657
                           CURL *curl)
658
{
659
  (void) global; /* for builds without --libcurl */
660
  (void) config;
661
  /* where to store */
662
  my_setopt(curl, CURLOPT_WRITEDATA, per);
663
  my_setopt(curl, CURLOPT_INTERLEAVEDATA, per);
664

665
  /* what call to write */
666
  my_setopt(curl, CURLOPT_WRITEFUNCTION, tool_write_cb);
667

668
  /* what to read */
669
  my_setopt(curl, CURLOPT_READDATA, per);
670
  my_setopt(curl, CURLOPT_READFUNCTION, tool_read_cb);
671

672
  /* in 7.18.0, the CURLOPT_SEEKFUNCTION/DATA pair is taking over what
673
     CURLOPT_IOCTLFUNCTION/DATA pair previously provided for seeking */
674
  my_setopt(curl, CURLOPT_SEEKDATA, per);
675
  my_setopt(curl, CURLOPT_SEEKFUNCTION, tool_seek_cb);
676

677
  if((global->progressmode == CURL_PROGRESS_BAR) &&
678
     !global->noprogress && !global->silent) {
679
    /* we want the alternative style, then we have to implement it
680
       ourselves! */
681
    my_setopt(curl, CURLOPT_XFERINFOFUNCTION, tool_progress_cb);
682
    my_setopt(curl, CURLOPT_XFERINFODATA, per);
683
  }
684
  else if(per->uploadfile && !strcmp(per->uploadfile, ".")) {
685
    /* when reading from stdin in non-blocking mode, we use the progress
686
       function to unpause a busy read */
687
    my_setopt_long(curl, CURLOPT_NOPROGRESS, 0);
688
    my_setopt(curl, CURLOPT_XFERINFOFUNCTION, tool_readbusy_cb);
689
    my_setopt(curl, CURLOPT_XFERINFODATA, per);
690
  }
691

692
  my_setopt(curl, CURLOPT_HEADERFUNCTION, tool_header_cb);
693
  my_setopt(curl, CURLOPT_HEADERDATA, per);
694
}
695

696
static CURLcode proxy_setopts(struct GlobalConfig *global,
697
                              struct OperationConfig *config,
698
                              CURL *curl)
699
{
700
  (void) global; /* for builds without --libcurl */
701

702
  if(config->proxy) {
703
    CURLcode result = my_setopt_str(curl, CURLOPT_PROXY, config->proxy);
704

705
    if(result) {
706
      errorf(global, "proxy support is disabled in this libcurl");
707
      config->synthetic_error = TRUE;
708
      return CURLE_NOT_BUILT_IN;
709
    }
710
  }
711

712
  /* new in libcurl 7.5 */
713
  if(config->proxy)
714
    my_setopt_enum(curl, CURLOPT_PROXYTYPE, config->proxyver);
715

716
  my_setopt_str(curl, CURLOPT_PROXYUSERPWD, config->proxyuserpwd);
717

718
  /* new in libcurl 7.3 */
719
  my_setopt_long(curl, CURLOPT_HTTPPROXYTUNNEL, config->proxytunnel);
720

721
  /* new in libcurl 7.52.0 */
722
  if(config->preproxy)
723
    my_setopt_str(curl, CURLOPT_PRE_PROXY, config->preproxy);
724

725
  /* new in libcurl 7.10.6 */
726
  if(config->proxyanyauth)
727
    my_setopt_bitmask(curl, CURLOPT_PROXYAUTH, (long)CURLAUTH_ANY);
728
  else if(config->proxynegotiate)
729
    my_setopt_bitmask(curl, CURLOPT_PROXYAUTH, CURLAUTH_GSSNEGOTIATE);
730
  else if(config->proxyntlm)
731
    my_setopt_bitmask(curl, CURLOPT_PROXYAUTH, CURLAUTH_NTLM);
732
  else if(config->proxydigest)
733
    my_setopt_bitmask(curl, CURLOPT_PROXYAUTH, CURLAUTH_DIGEST);
734
  else if(config->proxybasic)
735
    my_setopt_bitmask(curl, CURLOPT_PROXYAUTH, CURLAUTH_BASIC);
736

737
  /* new in libcurl 7.19.4 */
738
  my_setopt_str(curl, CURLOPT_NOPROXY, config->noproxy);
739

740
  my_setopt_long(curl, CURLOPT_SUPPRESS_CONNECT_HEADERS,
741
                 config->suppress_connect_headers);
742

743
  /* new in curl 7.43.0 */
744
  if(config->proxy_service_name)
745
    my_setopt_str(curl, CURLOPT_PROXY_SERVICE_NAME,
746
                  config->proxy_service_name);
747

748
  /* new in 7.60.0 */
749
  if(config->haproxy_protocol)
750
    my_setopt_long(curl, CURLOPT_HAPROXYPROTOCOL, 1);
751

752
  /* new in 8.2.0 */
753
  if(config->haproxy_clientip)
754
    my_setopt_str(curl, CURLOPT_HAPROXY_CLIENT_IP, config->haproxy_clientip);
755

756
  return CURLE_OK;
757
}
758

759
static void tls_srp_setopts(struct GlobalConfig *global,
760
                            struct OperationConfig *config,
761
                            CURL *curl)
762
{
763
  (void) global; /* for builds without --libcurl */
764
  if(config->tls_username)
765
    my_setopt_str(curl, CURLOPT_TLSAUTH_USERNAME, config->tls_username);
766
  if(config->tls_password)
767
    my_setopt_str(curl, CURLOPT_TLSAUTH_PASSWORD, config->tls_password);
768
  if(config->tls_authtype)
769
    my_setopt_str(curl, CURLOPT_TLSAUTH_TYPE, config->tls_authtype);
770
  if(config->proxy_tls_username)
771
    my_setopt_str(curl, CURLOPT_PROXY_TLSAUTH_USERNAME,
772
                  config->proxy_tls_username);
773
  if(config->proxy_tls_password)
774
    my_setopt_str(curl, CURLOPT_PROXY_TLSAUTH_PASSWORD,
775
                  config->proxy_tls_password);
776
  if(config->proxy_tls_authtype)
777
    my_setopt_str(curl, CURLOPT_PROXY_TLSAUTH_TYPE,
778
                  config->proxy_tls_authtype);
779
}
780

781
CURLcode config2setopts(struct GlobalConfig *global,
782
                        struct OperationConfig *config,
783
                        struct per_transfer *per,
784
                        CURL *curl,
785
                        CURLSH *share)
786
{
787
  const char *use_proto;
788
  CURLcode result = url_proto_and_rewrite(&per->url, config, &use_proto);
789

790
  /* Avoid having this setopt added to the --libcurl source output. */
791
  if(!result)
792
    result = curl_easy_setopt(curl, CURLOPT_SHARE, share);
793
  if(result)
794
    return result;
795

796
#ifndef DEBUGBUILD
797
  /* On most modern OSes, exiting works thoroughly,
798
     we will clean everything up via exit(), so do not bother with
799
     slow cleanups. Crappy ones might need to skip this.
800
     Note: avoid having this setopt added to the --libcurl source
801
     output. */
802
  result = curl_easy_setopt(curl, CURLOPT_QUICK_EXIT, 1L);
803
  if(result)
804
    return result;
805
#endif
806

807
  gen_trace_setopts(global, config, curl);
808

809
  {
810
#ifdef DEBUGBUILD
811
    char *env = getenv("CURL_BUFFERSIZE");
812
    if(env) {
813
      curl_off_t num;
814
      const char *p = env;
815
      if(!curlx_str_number(&p, &num, LONG_MAX))
816
        my_setopt_long(curl, CURLOPT_BUFFERSIZE, (long)num);
817
    }
818
    else
819
#endif
820
      if(config->recvpersecond && (config->recvpersecond < BUFFER_SIZE))
821
        /* use a smaller sized buffer for better sleeps */
822
        my_setopt_long(curl, CURLOPT_BUFFERSIZE, (long)config->recvpersecond);
823
      else
824
        my_setopt_long(curl, CURLOPT_BUFFERSIZE, BUFFER_SIZE);
825
  }
826

827
  my_setopt_str(curl, CURLOPT_URL, per->url);
828
  my_setopt_long(curl, CURLOPT_NOPROGRESS,
829
                 global->noprogress || global->silent);
830
  /* call after the line above. It may override CURLOPT_NOPROGRESS */
831
  gen_cb_setopts(global, config, per, curl);
832

833
  if(config->no_body)
834
    my_setopt_long(curl, CURLOPT_NOBODY, 1);
835

836
  if(config->oauth_bearer)
837
    my_setopt_str(curl, CURLOPT_XOAUTH2_BEARER, config->oauth_bearer);
838

839
  result = proxy_setopts(global, config, curl);
840
  if(result)
841
    return result;
842

843
  my_setopt_long(curl, CURLOPT_FAILONERROR, config->failonerror);
844
  my_setopt_str(curl, CURLOPT_REQUEST_TARGET, config->request_target);
845
  my_setopt_long(curl, CURLOPT_UPLOAD, !!per->uploadfile);
846
  my_setopt_long(curl, CURLOPT_DIRLISTONLY, config->dirlistonly);
847
  my_setopt_long(curl, CURLOPT_APPEND, config->ftp_append);
848

849
  if(config->netrc_opt)
850
    my_setopt_enum(curl, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
851
  else if(config->netrc || config->netrc_file)
852
    my_setopt_enum(curl, CURLOPT_NETRC, CURL_NETRC_REQUIRED);
853
  else
854
    my_setopt_enum(curl, CURLOPT_NETRC, CURL_NETRC_IGNORED);
855

856
  if(config->netrc_file)
857
    my_setopt_str(curl, CURLOPT_NETRC_FILE, config->netrc_file);
858

859
  my_setopt_long(curl, CURLOPT_TRANSFERTEXT, config->use_ascii);
860
  if(config->login_options)
861
    my_setopt_str(curl, CURLOPT_LOGIN_OPTIONS, config->login_options);
862
  my_setopt_str(curl, CURLOPT_USERPWD, config->userpwd);
863
  my_setopt_str(curl, CURLOPT_RANGE, config->range);
864
  if(!global->parallel) {
865
    per->errorbuffer = global_errorbuffer;
866
    my_setopt(curl, CURLOPT_ERRORBUFFER, global_errorbuffer);
867
  }
868
  my_setopt_long(curl, CURLOPT_TIMEOUT_MS, config->timeout_ms);
869

870
  switch(config->httpreq) {
871
  case TOOL_HTTPREQ_SIMPLEPOST:
872
    if(config->resume_from) {
873
      errorf(global, "cannot mix --continue-at with --data");
874
      result = CURLE_FAILED_INIT;
875
    }
876
    else {
877
      my_setopt_str(curl, CURLOPT_POSTFIELDS,
878
                    curlx_dyn_ptr(&config->postdata));
879
      my_setopt_offt(curl, CURLOPT_POSTFIELDSIZE_LARGE,
880
                     curlx_dyn_len(&config->postdata));
881
    }
882
    break;
883
  case TOOL_HTTPREQ_MIMEPOST:
884
    /* free previous remainders */
885
    curl_mime_free(config->mimepost);
886
    config->mimepost = NULL;
887
    if(config->resume_from) {
888
      errorf(global, "cannot mix --continue-at with --form");
889
      result = CURLE_FAILED_INIT;
890
    }
891
    else {
892
      result = tool2curlmime(curl, config->mimeroot, &config->mimepost);
893
      if(!result)
894
        my_setopt_mimepost(curl, CURLOPT_MIMEPOST, config->mimepost);
895
    }
896
    break;
897
  default:
898
    break;
899
  }
900
  if(result)
901
    return result;
902

903
  /* new in libcurl 7.81.0 */
904
  if(config->mime_options)
905
    my_setopt_long(curl, CURLOPT_MIME_OPTIONS, config->mime_options);
906

907
  /* new in libcurl 7.10.6 (default is Basic) */
908
  if(config->authtype)
909
    my_setopt_bitmask(curl, CURLOPT_HTTPAUTH, config->authtype);
910

911
  my_setopt_slist(curl, CURLOPT_HTTPHEADER, config->headers);
912

913
  if(proto_http || proto_rtsp) {
914
    my_setopt_str(curl, CURLOPT_REFERER, config->referer);
915
    my_setopt_str(curl, CURLOPT_USERAGENT, config->useragent);
916
  }
917

918
  if(use_proto == proto_http || use_proto == proto_https) {
919
    result = http_setopts(global, config, curl);
920
    if(!result)
921
      result = cookie_setopts(global, config, curl);
922
    if(result)
923
      return result;
924
  }
925

926
  if(use_proto == proto_ftp || use_proto == proto_ftps) {
927
    result = ftp_setopts(global, config, curl);
928
    if(result)
929
      return result;
930
  }
931

932
  my_setopt_long(curl, CURLOPT_LOW_SPEED_LIMIT, config->low_speed_limit);
933
  my_setopt_long(curl, CURLOPT_LOW_SPEED_TIME, config->low_speed_time);
934
  my_setopt_offt(curl, CURLOPT_MAX_SEND_SPEED_LARGE, config->sendpersecond);
935
  my_setopt_offt(curl, CURLOPT_MAX_RECV_SPEED_LARGE, config->recvpersecond);
936

937
  if(config->use_resume)
938
    my_setopt_offt(curl, CURLOPT_RESUME_FROM_LARGE, config->resume_from);
939
  else
940
    my_setopt_offt(curl, CURLOPT_RESUME_FROM_LARGE, CURL_OFF_T_C(0));
941

942
  my_setopt_str(curl, CURLOPT_KEYPASSWD, config->key_passwd);
943
  my_setopt_str(curl, CURLOPT_PROXY_KEYPASSWD, config->proxy_key_passwd);
944

945
  if(use_proto == proto_scp || use_proto == proto_sftp) {
946
    result = ssh_setopts(global, config, curl);
947
    if(result)
948
      return result;
949
  }
950

951
  if(feature_ssl) {
952
    result = ssl_setopts(global, config, curl);
953
    if(result)
954
      return result;
955
  }
956

957
  if(config->path_as_is)
958
    my_setopt_long(curl, CURLOPT_PATH_AS_IS, 1);
959

960
  if(config->no_body || config->remote_time) {
961
    /* no body or use remote time */
962
    my_setopt_long(curl, CURLOPT_FILETIME, 1);
963
  }
964

965
  my_setopt_long(curl, CURLOPT_CRLF, config->crlf);
966
  my_setopt_slist(curl, CURLOPT_QUOTE, config->quote);
967
  my_setopt_slist(curl, CURLOPT_POSTQUOTE, config->postquote);
968
  my_setopt_slist(curl, CURLOPT_PREQUOTE, config->prequote);
969

970
  my_setopt_enum(curl, CURLOPT_TIMECONDITION, config->timecond);
971
  my_setopt_offt(curl, CURLOPT_TIMEVALUE_LARGE, config->condtime);
972
  my_setopt_str(curl, CURLOPT_CUSTOMREQUEST, config->customrequest);
973
  customrequest_helper(config, config->httpreq, config->customrequest);
974
  my_setopt(curl, CURLOPT_STDERR, tool_stderr);
975

976
  /* three new ones in libcurl 7.3: */
977
  my_setopt_str(curl, CURLOPT_INTERFACE, config->iface);
978
  my_setopt_str(curl, CURLOPT_KRBLEVEL, config->krblevel);
979
  progressbarinit(&per->progressbar, config);
980

981
  /* new in libcurl 7.24.0: */
982
  if(config->dns_servers)
983
    my_setopt_str(curl, CURLOPT_DNS_SERVERS, config->dns_servers);
984

985
  /* new in libcurl 7.33.0: */
986
  if(config->dns_interface)
987
    my_setopt_str(curl, CURLOPT_DNS_INTERFACE, config->dns_interface);
988
  if(config->dns_ipv4_addr)
989
    my_setopt_str(curl, CURLOPT_DNS_LOCAL_IP4, config->dns_ipv4_addr);
990
  if(config->dns_ipv6_addr)
991
    my_setopt_str(curl, CURLOPT_DNS_LOCAL_IP6, config->dns_ipv6_addr);
992

993
  /* new in libcurl 7.6.2: */
994
  my_setopt_slist(curl, CURLOPT_TELNETOPTIONS, config->telnet_options);
995

996
  /* new in libcurl 7.7: */
997
  my_setopt_long(curl, CURLOPT_CONNECTTIMEOUT_MS, config->connecttimeout_ms);
998

999
  if(config->doh_url)
1000
    my_setopt_str(curl, CURLOPT_DOH_URL, config->doh_url);
1001

1002
  /* new in curl 7.10.7, extended in 7.19.4. Modified to use
1003
     CREATE_DIR_RETRY in 7.49.0 */
1004
  my_setopt_long(curl, CURLOPT_FTP_CREATE_MISSING_DIRS,
1005
                 (config->ftp_create_dirs ?
1006
                  CURLFTP_CREATE_DIR_RETRY : CURLFTP_CREATE_DIR_NONE));
1007

1008
  /* new in curl 7.10.8 */
1009
  if(config->max_filesize)
1010
    my_setopt_offt(curl, CURLOPT_MAXFILESIZE_LARGE,
1011
                   config->max_filesize);
1012

1013
  my_setopt_long(curl, CURLOPT_IPRESOLVE, config->ip_version);
1014

1015
  /* new in curl 7.19.4 */
1016
  if(config->socks5_gssapi_nec)
1017
    my_setopt_long(curl, CURLOPT_SOCKS5_GSSAPI_NEC, 1);
1018

1019
  /* new in curl 7.55.0 */
1020
  if(config->socks5_auth)
1021
    my_setopt_bitmask(curl, CURLOPT_SOCKS5_AUTH, config->socks5_auth);
1022

1023
  /* new in curl 7.43.0 */
1024
  if(config->service_name)
1025
    my_setopt_str(curl, CURLOPT_SERVICE_NAME, config->service_name);
1026

1027
  /* curl 7.13.0 */
1028
  my_setopt_long(curl, CURLOPT_IGNORE_CONTENT_LENGTH, config->ignorecl);
1029

1030
  /* curl 7.15.2 */
1031
  if(config->localport) {
1032
    my_setopt_long(curl, CURLOPT_LOCALPORT, config->localport);
1033
    my_setopt_long(curl, CURLOPT_LOCALPORTRANGE, config->localportrange);
1034
  }
1035

1036
  /* curl 7.16.2 */
1037
  if(config->raw) {
1038
    my_setopt_long(curl, CURLOPT_HTTP_CONTENT_DECODING, 0);
1039
    my_setopt_long(curl, CURLOPT_HTTP_TRANSFER_DECODING, 0);
1040
  }
1041

1042
  result = tcp_setopts(global, config, curl);
1043
  if(result)
1044
    return result;
1045

1046
  /* curl 7.20.0 */
1047
  if(config->tftp_blksize && proto_tftp)
1048
    my_setopt_long(curl, CURLOPT_TFTP_BLKSIZE, config->tftp_blksize);
1049

1050
  if(config->mail_from)
1051
    my_setopt_str(curl, CURLOPT_MAIL_FROM, config->mail_from);
1052

1053
  if(config->mail_rcpt)
1054
    my_setopt_slist(curl, CURLOPT_MAIL_RCPT, config->mail_rcpt);
1055

1056
  /* curl 7.69.x */
1057
  my_setopt_long(curl, CURLOPT_MAIL_RCPT_ALLOWFAILS,
1058
                 config->mail_rcpt_allowfails);
1059

1060
  if(config->create_file_mode)
1061
    my_setopt_long(curl, CURLOPT_NEW_FILE_PERMS, config->create_file_mode);
1062

1063
  if(config->proto_present)
1064
    my_setopt_str(curl, CURLOPT_PROTOCOLS_STR, config->proto_str);
1065
  if(config->proto_redir_present)
1066
    my_setopt_str(curl, CURLOPT_REDIR_PROTOCOLS_STR, config->proto_redir_str);
1067

1068
  if(config->resolve)
1069
    /* new in 7.21.3 */
1070
    my_setopt_slist(curl, CURLOPT_RESOLVE, config->resolve);
1071

1072
  if(config->connect_to)
1073
    /* new in 7.49.0 */
1074
    my_setopt_slist(curl, CURLOPT_CONNECT_TO, config->connect_to);
1075

1076
  /* new in 7.21.4 */
1077
  if(feature_tls_srp)
1078
    tls_srp_setopts(global, config, curl);
1079

1080
  /* new in 7.22.0 */
1081
  if(config->gssapi_delegation)
1082
    my_setopt_long(curl, CURLOPT_GSSAPI_DELEGATION, config->gssapi_delegation);
1083

1084
  if(config->mail_auth)
1085
    my_setopt_str(curl, CURLOPT_MAIL_AUTH, config->mail_auth);
1086

1087
  /* new in 7.66.0 */
1088
  if(config->sasl_authzid)
1089
    my_setopt_str(curl, CURLOPT_SASL_AUTHZID, config->sasl_authzid);
1090

1091
  /* new in 7.31.0 */
1092
  if(config->sasl_ir)
1093
    my_setopt_long(curl, CURLOPT_SASL_IR, 1);
1094

1095
  /* new in 7.40.0, abstract support added in 7.53.0 */
1096
  if(config->unix_socket_path) {
1097
    if(config->abstract_unix_socket) {
1098
      my_setopt_str(curl, CURLOPT_ABSTRACT_UNIX_SOCKET,
1099
                    config->unix_socket_path);
1100
    }
1101
    else {
1102
      my_setopt_str(curl, CURLOPT_UNIX_SOCKET_PATH,
1103
                    config->unix_socket_path);
1104
    }
1105
  }
1106

1107
  /* new in 7.45.0 */
1108
  if(config->proto_default)
1109
    my_setopt_str(curl, CURLOPT_DEFAULT_PROTOCOL, config->proto_default);
1110

1111
  /* new in 7.48.0 */
1112
  if(config->tftp_no_options && proto_tftp)
1113
    my_setopt_long(curl, CURLOPT_TFTP_NO_OPTIONS, 1);
1114

1115
  /* new in 7.59.0 */
1116
  if(config->happy_eyeballs_timeout_ms != CURL_HET_DEFAULT)
1117
    my_setopt_long(curl, CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS,
1118
                   config->happy_eyeballs_timeout_ms);
1119

1120
  if(config->disallow_username_in_url)
1121
    my_setopt_long(curl, CURLOPT_DISALLOW_USERNAME_IN_URL, 1);
1122

1123
  /* new in 8.9.0 */
1124
  if(config->ip_tos > 0 || config->vlan_priority > 0) {
1125
#if defined(IP_TOS) || defined(IPV6_TCLASS) || defined(SO_PRIORITY)
1126
    my_setopt(curl, CURLOPT_SOCKOPTFUNCTION, sockopt_callback);
1127
    my_setopt(curl, CURLOPT_SOCKOPTDATA, config);
1128
#else
1129
    if(config->ip_tos > 0) {
1130
      errorf(config->global,
1131
             "Type of service is not supported in this build.");
1132
      result = CURLE_NOT_BUILT_IN;
1133
    }
1134
    if(config->vlan_priority > 0) {
1135
      errorf(config->global,
1136
             "VLAN priority is not supported in this build.");
1137
      result = CURLE_NOT_BUILT_IN;
1138
    }
1139
#endif
1140
  }
1141
  /* new in 8.13.0 */
1142
  if(config->upload_flags)
1143
    my_setopt_long(curl, CURLOPT_UPLOAD_FLAGS, config->upload_flags);
1144
  return result;
1145
}
1146

1147