- Adjust pollset during connection shutdown.
- Separate the FIRSTSOCKET and SECONDSOCKET check so that one being in
connect or shutdown no longer adds poll events for the other.
- Fix shutdown state evaluation (as detailed below).
- Add a unit test for Curl_conn_adjust_pollset.
- Add a client for event testing.
- Test that shutdown sockets stay with the socket callback until done.
The pollset predicate now reads the connection's own shutdown state
rather than going through data->conn, and the EXPIRE_SHUTDOWN arming in
cshutdn_perform() works again: next_expire_ms started at 0 and could
never be set, so a peer that never sends a close_notify would still park
its connection forever, timeout or not.
Reported-by: pszemus@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/22282
Closes https://github.com/curl/curl/pull/22304
`test798` is the only test fetching `http://localhost:%HTTPPORT` without
`-4`, since it needs the hostname for its folded `domain=localhost`
cookie. curl tries `::1` first, but the test HTTP server is IPv4-only.
On the BSDs, IPv4 and IPv6 have separate ephemeral port namespaces, so
with every test server binding port 0, another parallel runner's
IPv6-bound server can hold the same numeric port. curl then connects to
the wrong runner's server, which cannot open its own `log/N/test798` and
closes without a response, giving exit 52 and an empty `server.input`.
This PR fixes this flake by adding `-4` matches what tests 389 and 392
already do. Linux is immune because wildcard IPv6 binds occupy the IPv4
port too. Seen in
https://github.com/curl/curl/actions/runs/29229170329/job/86749470571.
Closes#22318
A flaky CI failure of `test_17_05_bad_ip_addr[h3]` (GnuTLS, event-based)
had curl detect the certificate name mismatch yet exit with
`CURLE_RECV_ERROR` (56) instead of `CURLE_PEER_FAILED_VERIFICATION`
(60). `Curl_cf_ngtcp2_cmn_connect` calls `Curl_cf_ngtcp2_cmn_set_expiry`
after its `ctx->tls_vrfy_result` override and returns the error
unfiltered, so when the server's final handshake flight happens to be
processed by the ingress inside set_expiry, the verify failure surfaces
as a generic receive error.
This PR makes set_expiry prefer `ctx->tls_vrfy_result` over generic
progress errors, as the recv and send paths already do after calling it,
and also covers the `cf-ngtcp2-proxy.c` call sites that lack the
override. Completes #21712. Seen in
https://github.com/curl/curl/actions/runs/29243256619/job/86794119412.
Closes#22317
quiche 0.29.3 started enforcing a default
`SETTINGS_MAX_FIELD_SECTION_SIZE` of 32 KiB, so larger response headers
now shut down the whole connection with `CURLE_HTTP3`. curl accepts up
to 300 KiB of response headers with every other backend and HTTP
version. Tell quiche to allow what curl itself allows. This keeps
test_01_11 passing with quiche 0.29.3 and it also advertises our real
limit to servers, which the RFC encourages.
Ref: 899e2edec9#22333
Ref: #22329
Ref: #22325
Ref: 9be0e4fa18
Ref: https://github.com/cloudflare/quiche/releases/tag/0.29.3Closes#22331
Use `_TEXT()` when interacting with CRT functions (also prefer over
synonym `_T()`), `TEXT()` for Win32 functions.
Within curl, they mean the same because CRT/Win32 Unicode mode are
always enabled in sync.
Ref: https://devblogs.microsoft.com/oldnewthing/20040212-00/?p=40643/Closes#22334
E.g. on CHERI pointers are 128 bits [1]. This causes the unit3214 test
to fail, which was written with more traditional platforms in mind. Here
is the output of log/stderr3214:
```
URL: -
BAD: struct Curl_easy is 7984 bytes, allowed to be 5370: 2614 bytes too big
BAD: struct connectdata is 1408 bytes, allowed to be 1300: 108 bytes too big
BAD: struct Curl_multi is 1248 bytes, allowed to be 850: 398 bytes too big
BAD: struct curl_httppost is 224 bytes, allowed to be 112: 112 bytes too big
BAD: struct curl_slist is 32 bytes, allowed to be 16: 16 bytes too big
BAD: struct curl_khkey is 32 bytes, allowed to be 24: 8 bytes too big
BAD: struct curl_hstsentry is 48 bytes, allowed to be 40: 8 bytes too big
BAD: struct curl_mime is 144 bytes, allowed to be 96: 48 bytes too big
BAD: struct curl_mimepart is 592 bytes, allowed to be 440: 152 bytes too big
BAD: struct curl_certinfo is 32 bytes, allowed to be 16: 16 bytes too big
BAD: struct curl_tlssessioninfo is 32 bytes, allowed to be 16: 16 bytes too big
BAD: struct curl_blob is 32 bytes, allowed to be 24: 8 bytes too big
BAD: struct CURLMsg is 48 bytes, allowed to be 24: 24 bytes too big
BAD: struct curl_header is 80 bytes, allowed to be 48: 32 bytes too big
Test ended with result 14
```
Multiply the allowed size on systems with larger than 64-bit pointers.
[1] https://www.cl.cam.ac.uk/research/security/ctsrd/pdfs/20171017a-cheri-poster.pdfCloses#22299
Remove the timestamp passed for ratelimit checks. Let the limit
calculation obtain a timestamp when it needs it. Most transfers run
without active ratelimits and getting a fresh timestamp is unnecessary.
Closes#22292
`ldap_lib_ok` is never actually set at the start, so a prior cached
autoconf result could lead to an incorrect value.
Pointed out by the GitHub AI
Closes#22308
`GNUTLS_ENABLED` was checked twice in the HTTPS-proxy support block,
making the second check redundant.
- also fix the "or upper" phrasing which is hard to understand
Pointed out by the GitHub AI thing
Closes#22307
A CR or LF in the CURLOPT_FTP_ACCOUNT or CURLOPT_FTP_ALTERNATIVE_TO_USER
string split the control-channel command line and smuggled a second FTP
command. Reject a byte below 0x20 in both values before the command is
built.
Closes#22301
- Determine max host and total connection limits from the transfer's own
multi handle and test that it works for shared connections.
Prior to this change, since df67269 (precedes 8.13.0),
Curl_cpool_check_limits() took the limits from the multi handle that
owns the pool. A share-owned pool is not owned by any multi, so the
limit check always passed.
Prior to df67269 the limits came from the transfer's own multi handle.
Fixes https://github.com/curl/curl/issues/22265
Closes https://github.com/curl/curl/pull/22266
Websocket frames need to be written individualy, so that applications
can access the frame meta data correctly. This worked until the write
function triggered a pause. Remaining frames accumulated in the "out"
writer's buffer and on unpaused were written in one chunk.
ws decode writer will now stop writing frames when the client writer
is paused. To handle the writing of buffered raw data after an unpause,
client writers have gotten a new "flush" method.
Add pytest test_20_12 with a new client to check handling of pauses
and websocket frames.
Reported-by: Hendrik Hübner
Fixes#22273Closes#22283
Test 1701 did a HTTP/2 Upgrade in a HTTP/1.1 POST request. This will no
longer be supported in the upcoming nghttp2 release for security reasons
(Upgrade requests with body a re messy, error prone and can easily lead
to connection confusion).
As no other server we have supports this, remove the test.
Reported-by: firexinghe on github
Fixes#22280Closes#22291
The curl tool was creating a new transfer every time it checked if
it needed to add one to reach max parallelism. This led to eventually
all configured transfers to have easy handles created.
Limit the creation again to the ones needed for max parallelism.
scorecard.py: set --out-null only for curl versions that support it
Closes#22277
Homebrew is distributing v5.9.2 at the time of this commit, which
contains known regression failing to parse the server certificate.
The fix has been merged upstream. Till it makes it into a release
and Homebrew, ignore test results for 311.
Refs:
https://github.com/wolfSSL/wolfssl/pull/107937dd269fc52
Follow-up to 03f9751585#22204#22175#22160Closes#22269
Note: Renovate strips pre-existing quotes from the YAML version value.
This breaks the bump next time its version is ending with zero(s).
Ref: 78267398e5#22143#22142Closes#22267
The test provides an invalid username, but no ':' with password, so that
the curl tool tries to read the password from stdin. That makes the test
hang, also in CI.
The check for invalid characters is happening when the CURLOPT_USERPWD
is applied to the URL, so when the transfer is started. Maybe the check
should happen also in setopt already.
The test hangs because tool_paramhlp.c:548 `checkpasswd()` does not see
a ':' and tries to read the password from stdin.
Fix: add a ':' in the tests invalid user setting, so that the read does
not happen.
Follow-up to ecaa344a7aCloses#22264
Add support for the native GSS Framework on Apple targets, which is
Apple's fork of Heimdal. This option allows to drop Apple's deprecated
MIT Kerberos compatibility shim "mit-krb5/1.7-prerelease".
Source code uses different headers, other than that no source changes
are necessary.
You can enable by configuring with:
autotools: `--enable-gssapi-apple`
CMake: `-DCURL_USE_GSSAPI=ON -DCURL_GSS_FLAVOR=Apple`
These options are experimental, and may receive breaking updates till
the GSS backend selection logic settles, for Apple and also for the GNU
and MIT implementation.
Version string:
```
curl 8.21.0-DEV (aarch64-apple-darwin25.4.0) libcurl/8.21.0-DEV
OpenSSL/3.6.2 zlib/1.2.12 AppleIDN AppleGSS OpenLDAP/2.4.28/Apple
```
Also:
- drop in-source deprecation warning suppressions when using AppleGSS.
- GHA/macos: enable Apple GSS in CI jobs.
Supported by:
iOS 5.0+, iPadOS 5.0+, Mac Catalyst 13.0+, macOS 10.14+, visionOS 1.0+
Ref: https://developer.apple.com/documentation/gss
Ref: #19109Closes#22052
The nroff (man page) version of the markdown docs could get asterisks
mistreated as emphasis - seen in the CURLOPT_WRITEDATA manpage. The
regex now more stricter requires a word character to follow an italics
starting asterisk and there needs to be a word character or a closing
parenthesis before the italics ending asterisk.
Also: fix CURLINFO_CERTINFO.md which used wrong italics - it was not
rendered correctly on GitHub and with other generic markdown parsers.
Reported-by: Christian Ullrich
Fixes#22257Closes#22260