- test2088 verifies that mutual tls works
This adds a new certificate to generate which has the clientAuth key
usage enabled, and uses it to connect to a https-mtls server.
Closes#16923
1. 'make clean' in the root dir now also invokes 'make clean' in the
tests subdir so that it cleans up better recursively. The Makefile.am
does not list 'tests' as a normal subdir to avoid building that
directory for a normal make invoke.
2. 'make clean' in the tests/libtest and tests/unit directories now
*explicitly* remove the unity build executables even if this is not a
unit build. This, because those files may be leftovers from previous
builds and such leftovers can otherwise linger around and since
'runtests.pl' dynamically acts differently based on the mere *presence*
of those files, they can keep you fooled for a while until you
realize...
Closes#16986
The fix in b8bd019c6a (#16959) broke the
CURLOPT_HTTP_TRANSFER_DECODING handling, shown in test 319 and curl's
--raw option.
This is a follow-up that restores the functionality.
Enable test 319 again.
Fixes#16974Closes#16984
Made the HTTPS-RR parser a little stricter while at it.
Drop the ALPN escape handling, that was not needed.
Make the hode handle (and ignore) duplicate ALPN entries.
Closes#16972
- allow and ignore "identity" as an encoding
- fail if any other encoder than chunked follows after chunked
- fail on unsolicited encodings - when the server encodes but curl did
not ask for it
Add test 1493 to 1496 to verify.
Disable test 319 as that is now broken: issue #16974
Reported-by: Jonathan Rosa
Fixes#16956Closes#16959
It causes problems in unity builds, in particular when this file is used
for unit tests.
Bonus: switch to plain getenv() instead of curl_getenv() to avoid extra
malloc/free rounds.
Closes#16978
When pausing a HTTP/2 transfer, the stream's local window size
is reduced to 0 to prevent the server from sending further data
which curl cannot write out to the application.
When unpausing again, the stream's window size was not correctly
increased again. The attempt to trigger a window update was
ignored by nghttp2, the server never received it and the transfer
stalled.
Add a debug feature to allow use of small window sizes which
reproduces this bug in test_02_21.
Fixes#16955Closes#16960
Unify the case, punctuation and name of test case keywords so they can
be more easily selected or skipped when desired. Add a few keywords that
were missing. Fix a couple of typos in test names.
To make it uniform in all tests, and greppability.
Also:
- replace `-k` flag with `-q` in test 1268. (the actual flag doesn't
matter in this test)
- keep `-k` in test 300 to test its short form.
(also verified to fail without a working `-k`)
Closes#16878
Allocate the data shared between a transfer and an aync resolver thread
separately and use a reference counter to determine its release.
Change `Curl_thread_destroy()` to clear the thread handle, so that the
thread is considered "gone" and we do not try to join (and fail to)
afterwards.
Retake of the revert in fb15a986c0Closes#16916
Slight refactoring around dnscache, e.g. hostcache
- eliminate `data->state.hostcache`. Always look up
relevant dnscache at share/multi.
- unify naming to "dnscache", replacing "hostcache"
- use `struct Curl_dnscache`, even though it just
contains a `Curl_hash` for now.
- add `Curl_dnscache_destroy()` for cleanup in
share/multi.
Closes#16941
This document now lists all previous releases.
This allows us to verify that documentation refers to actual release
versions.
Test 971 now verifies options-in-versions and all command line options
documentation individually. Fixed a few discrepancies.
Test 1488 verifies libcurl options "Added-in" to exist. Fixed a few
discrepancies there as well.
Closes#16907
`pidwait()` is a function to wait for a PID to disappear from the list
of processes. On Windows change this function to:
- reduce the frequency of calling the external command `tasklist` to
query the list of processes, including Windows-native ones, to 0.2s
(from 0.01s).
- print a message when the wait exceeds 5 second marks.
- give up after 20 seconds of total wait, and print a message.
Also log `taskkill` commands to stdout instead of the log.
To potentially avoid hangs seen in CI, and make these spots more
transparent through the log.
Ref: #16840
Ref: #14854Closes#16908
Fixes:
```
$ ./runtests.pl -g 1940
./libtest/libtests lib1940: No such file or directory.
Argument list to give program being debugged when it is started is "http://127.0.0.1:44547/1940".
```
Reported-by: Daniel Stenberg
Fixes#16893Closes#16898
Treat %2e and %2E to be "dot equivalents" in the function and remove
such sequences as well, according to RFC 3986 section 5.2.4. That is
also what the browsers do.
This DOES NOT consider %2f sequences in the path to be actual slashes,
so there is no removal of dots for those.
This function does not decode nor encode any percent sequences.
Also switched the code to use dynbuf.
Extends test 1395 and 1560 to verify.
Assisted-by: Demi Marie Obenour
Fixes#16869Closes#16870
When multiple headers share the same name, AWS SigV4 expects them to be
merged into a single header line, with values comma-delimited in the
order they appeared.
Add libtest 1978 to verify.
Closes#16743
Before this patch the script relied on Perl `system()` finding `openssl`
in `PATH`, plus tried to display the full path of `openssl` by using
`command -v` (or `which` on Windows). `command -v` did not work in CI
for unknown reasons. To resolve it, this patch detects `openssl` in
`PATH` manually, displays the detected full path and calls `openssl`
with the detected full path, and stops relying on `system` for this.
It also follows how `sshhelp.pm` is detecting executables. Though this
patch uses Perl `-f` instead of `-e && -d` used there .
Silencing this in CI logs:
```
Can't exec "command": No such file or directory at ../../../tests/certs/genserv.pl line 51.
```
Ref: https://github.com/curl/curl/actions/runs/14145795884/job/39632942668?pr=16865#step:39:108Closes#16868
To support running tests directly via `runtests.pl` after building
the test targets. Also to sync with the same update for autotools.
Follow-up to 0c1ad21f97#16845Closes#16866
Instead of via `tests/data/DISABLED` file.
They are all missing CRL feature support, as opposed to being broken.
Follow-up to 8adee8824c#16862
Follow-up to 8b1b5cd4d2#16660Closes#16865
To remove POSIX shell as an extra dependency for runtests.
Also fix to `chmod 0600` the `.pem` file (was: `.prm`), and apply it
_before_ writing the keys.
Follow-up to 44341e736a#16824Closes#16858
Before this patch the signal handler called `logmsg()` which in turn
called `printf()` variants (internal implementations), and `FILE *`
functions, `localtime()`. Some of these called `malloc`/`free`, which
isn't supported in s signal handler. Replace them with `write` calls,
losing some logging functionality.
Also:
- De-dupe and move `STD*_FILENO` macros to `lib/curl_setup.h`. Revert
the `src` definition to point to `stderr`, instead of `tool_stderr`.
Follow-up to e5bb88b8f8#11958
POSIX specs with list of functions allowed in a signal handler:
2004: https://pubs.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html#tag_02_04_03
2017: https://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_04_03
2024: https://pubs.opengroup.org/onlinepubs/9799919799/functions/V2_chap02.html#tag_16_04_03
Linux CI run with the thread sanitizer going crazy when
hitting the signal handler in test 1238 and 1242 (TFTP):
```
WARNING: ThreadSanitizer: signal-unsafe call inside of a signal (pid=12582)
#0 malloc <null> (servers+0x5ed70)
#1 _IO_file_doallocate <null> (libc.so.6+0x851b4)
#2 formatf /home/runner/work/curl/curl/bld/tests/server/../../lib/../../lib/mprintf.c:886:9 (servers+0xdff77)
[...]
WARNING: ThreadSanitizer: signal-unsafe call inside of a signal (pid=12582)
#0 free <null> (servers+0x5f453)
#1 fclose <null> (libc.so.6+0x8532f)
#2 logmsg /home/runner/work/curl/curl/bld/tests/server/../../../tests/server/util.c:134:5 (servers+0xe684d)
```
Ref: https://github.com/curl/curl/actions/runs/14118903372/job/39555309490?pr=16851Closes#16852
Before this patch the curl repository and source tarball distribution
contained test certificates as binary blobs. Used by runtests.
Drop these certificates in favor of generating them dynamically as
part of the build process. Both via autotools and CMake.
As part of this, improve certificates, the generator script and process,
file layout, and fix any issue to make it work fast and smooth both in
CI and local builds.
Note, cert generator scripts require OpenSSL >=1.0.2
(or LibreSSL >=3.1.0). Generation requires POSIX shell, also with CMake.
Without a POSIX shell tests relying on TLS (and stunnel) will fail.
Details:
- build: generate certs as part of the test run process.
- build, tests: generate certs in the build directory.
- binarycheck: drop concept of known binary files with hashes.
- binarycheck: move binary check logic into spacecheck and drop this
separate checker tool.
- build: fix to clean all cert files.
- autotools: fix to not run leaf cert generators in parallel. To avoid
confusion when updating the revocation database and counter.
- scripts: drop `scripts` subdir, merge two scripts into one,
auto-generate root cert, allow generating multiple leafs at once.
- scripts: switch to EC-256 keys (was: RSA-2048). For key size and perf.
- scripts: drop `-x` echo, text dumps, most other output. To avoid log
noise and make it quicker in CI.
- scripts: make it non-RSA-specific.
- scripts: delete unused code.
- scripts: use POSIX shell shebang. Some envs don't have bash (Alpine).
- scripts: pass test pseudo-secrets via the command-line. To avoid:
```
+ openssl genrsa -out test-ca.key -passout fd:0 2048
Invalid password argument, starting with "fd:"
```
- cmake: fix to launch generator scripts via the detected POSIX shell.
- cmake: fix `build-certs` rule to not depend on `SRPFILES`
(`srp-verifier-*`).
- cmake: drop `EXCLUDE_FROM_ALL` for the cert subdir. It makes
the Visual Studio generator miss to create the `clean-certs`,
`build-certs` targets. No target depend on them, so they don't execute
implicitly anyway. Fixes:
```
MSBUILD : error MSB1009: Project file does not exist.
Switch: clean-certs.vcxproj
```
- cmake: add `VERBATIM USES_TERMINAL` to `build-certs` target.
- GHA/linux: install openssl on Alpine, for the cert generator scripts.
Follow-up to 556f722fe3#16593
Follow-up to fa461b4eff#14486Closes#16824
The base64 sections were added in a time when there was no other way to
do these tests. Now we remove them again to make less "hidden" data in
the test suite.
For several test cases we instead then provide a sequence of binary
octets which is not really better, but I have tried to minimize them.
Closes#16816
The callback, provided from url.c did the work that the cshutdn
functionality also implemented. Remove it.
Change some DEBUGF(infof()) to CURL_TRC_M().
Closes#16810
Setting a server-side file read-only by `chmod 0444` has does not
prevent overwriting it via SFTP upload (as tested in CI).
Fix it by setting its MS-DOS read-only attribute in addition. It
requires the Cygwin tool `chattr`.
Also unignore in CI.
Fixes:
```
test 0615...[SFTP put remote failure]
curl returned 0, when expecting 9
615: exit FAILED
=== Start of file stderr615
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 30 0 0 100 30 0 93 --:--:-- --:--:-- --:--:-- 95
100 30 0 0 100 30 0 92 --:--:-- --:--:-- --:--:-- 92
=== End of file stderr615
```
Ref: https://github.com/curl/curl/actions/runs/14037991918/job/39300723214#step:12:1269Closes#16818
