The code actual init code remains identical after this patch. To make it
clearer where this initialization is called from, and to dedupe code.
Follow-up to b17ef873ae#18009Closes#20852
The 'id' struct field in 'struct h3_stream_ctx' is a uint64_t type so
should be output with PRIu64 - and it makes sense to be consistent.
Note that the field with the same name in the ngtcp2 version of this
struct is a *signed* 64-bit variable.
Reported by Codex Security
Closes#20849
As the SOCK_CLOEXEC and SOCK_NONBLOCK get ORed to the socktype, this
introduces the cf_socktype() function to use when checking for the
specific socket type: DGRAM or STREAM. The function filters off the
non-type related bits to enable the comparison.
Follow-up to 05367694ecCloses#20808
During conversion of `docs/FAQ` into Markdown, 'man ld' has incorrectly
kept one of its quotes when it was surrounded by backticks for inline
code formatting. A space on the left of it was lost as well.
Fix the formatting in the new `docs/FAQ.md`.
Closes#20812
If the first write was interrupted by a signal and a subsequent write
succeeds, the function would still erroneously return EINTR.
Found by Codex Security
Closes#20809
This fixes a regression and accidental changed behavior shipped in
8.18.0 (via 6b9c75e219).
When the setopt is set to "" and curl is built without support for a
single compression algorithm, it used to use "identity" but recently did
not.
Spotted by Codex Security
Closes#20805
OpenSSL 4.0.0-dev supports ECH with one flaw. If peer verification
is not enabled, it will report SSL_ECH_STATUS_BAD_NAME on the ECH
status.
Provide a workaround in libcurl that checks the inner name used in
ECH was the peer's hostname, both verify peer and host are disabled
and then accept the BAD_NAME without failing the connect.
Fixes#20655
Reported-by: Dexter Gerig
Closes#20821
Perform the actual timeout calculation in the blocking resolv
loop each time in the same way, keeping the logic simpler.
The previous version calculated the timeout once, and then
reduced it by the elapsed time spent in polling/processing.
This is unnecessarily complicated.
Closes#20819
The strdup() of the hostname to resolve is unnecessary as the sync
resolve code does not keep the string and the async code makes copies
already.
Remove the member from `connectdata`.
Closes#20833
- also query `INTERFACE_COMPILE_DEFINITIONS` and
`INTERFACE_COMPILE_OPTIONS`.
To further sync clang-tidy manual command-lines with the C compiler
command-lines generated by CMake. In practice this adds `-I` options
(via `INTERFACE_COMPILE_OPTIONS`) to the end of the command-line for
dependency header directories. It does not change the outcome of
clang-tidy runs.
- limit querying `COMPILE_DEFINITIONS` and `COMPILE_OPTIONS` to the top
target, the test itself. To not include options such as
`-DCURL_HIDDEN_SYMBOLS` and `-fvisibility=hidden` (when set) via
the libcurl shared lib.
To sync with the actual C compiler command-line.
- drop redundant `unset()`.
- rename local function to be more specific.
Follow-up to d9386a2f8e#20759Closes#20829
Exclude reading certain props for certain target types to avoid these errors:
```
CMake Error at CMake/Utilities.cmake:71 (get_property):
The LOCATION property may not be read from target "...". Use the target
name directly with add_custom_command, or use the generator expression
$<TARGET_FILE>, as appropriate.
```
(and the same in line 78.)
Follow-up to 855acb3bb0#17701Closes#20828
- add/fix/synchronize error messages and comments.
- consistently return error from the callback on failure.
- fix potential leaks on OpenSSL API failures.
- fix to not pass the nul-terminator to BIO read.
- scope a variable.
- sync code/formatting between the two examples.
Closes#20807
PEM_read_bio_PrivateKey() is called with the wrong BIO, so the private
key is not loaded.
Follow-up to 8494012196
Pointed out by Codex Security
Closes#20800
- the value collided with the internal one used for WebSocket
- we add all new ones as internal bits
- bump to 64-bit internal type
- introduce new define for setting all protocols (CURLPROTO_64ALL)
Reported by Codex Security
Closes#20798
This CMake global custom option tells it to find dependencies as cmake
Configs first, and only then look for `Find*` modules. This may result
in `find_package()` succeeding, but without actually creating `CURL::*`
imported targets the curl build scripts are expecting.
For dependencies with curl-specific, local, `Find*` modules, we always
want to use them, via the module detection method, and never a
Config-based detection. Ensure this by passing the `MODULE` option to
`find_package()` and `find_dependency()` to make them use `Find*`
modules unconditionally, making them work as expected with the
`CMAKE_FIND_PACKAGE_PREFER_CONFIG=ON` option set.
curl uses local Find modules for all dependencies except OpenSSL and
ZLIB. The latter two keep using either CMake's built-in Find modules or
Config method as before this patch.
Also:
- apply the same change to `curl-config.cmake`. To fix consuming curl
with this option set.
Authored-by: Valerie Snyder
Ref: #20764
Follow-up to 16f073ef49#16973
- GHA/distcheck: add a job testing both building and consuming curl with
this option set. (takes 15 seconds)
Use custom NGHTTP2 configuration for an extra twist (not required
to trigger this issue.)
Follow-up to fcde8d7e37#20773
Reported-by: Valerie Snyder
Fixes#20729Closes#20784
In this use case 'unsigned value &= ~DEFINE;
As otherwise the right side is treated as signed, which annoyingly
triggers UBSan. The U_* defines are local versions of the public define,
only typecast to unsigned.
Reported-by: xmoezzz on github
Fixes#20753Closes#20769
If TLS 1.3 is not supported, the call to
`mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets()` fails
during compilation:
```
curl-8.18.0/lib/vtls/mbedtls.c: In function 'mbed_connect_step1':
curl-8.18.0/lib/vtls/mbedtls.c:809:3: error: implicit declaration of function 'mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets' [-Werror=implicit-function-declaration]
mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets(&backend->config,
^
curl-8.18.0/lib/vtls/mbedtls.c:809:3: warning: nested extern declaration of 'mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets' [-Wnested-externs]
```
Protect this call inside the `#ifdef` block by making sure that support
for TLS 1.3 is defined.
Closes#20789
```
lib/multi.c:305:5: error: code will never be executed [clang-diagnostic-unreachable-code]
305 | goto error;
| ^~~~~~~~~~
```
Cherry-picked from #20774Closes#20788
- add support for separate provider / consumer cmake options in
`find_package` tests. To help test more integration scenarios.
Refs: #20784#20729#20764
- dump generated curl config files in `find_package` tests.
(cmake CONFIG source, `libcurl.pc`, `curl-config`.
- test.sh: use `sha256sum` (was: `openssl`).
Closes#20773
