- replace `sendf.h` with `curl_trc.h` where it was included just for it.
- drop unused `curl_trc.h` includes.
- easy: delete obsolete comment about `send.h` include reason.
Also:
- move out `curl_trc.h` include from `sendf.h` and include it directly
in users, where not done already. To flatten the include tree and
to less rely on indirect includes.
- stop including `sendf.h` from other headers, replace it with forward
declaration of `Curl_easy`, as done already elsewhere.
Verified with an all non-unity CI run.
Closes#20061
In unity builds the source filename (via `__FILE__`) has no path (or
uses slashes?), while in non-unity ones it does contain backslashes
on Windows, with MSVC. Fix the test to recognize backslashes in the
`stripfile` regexp.
Seen in MSVC jobs in CI:
```diff
-MEM tool_cfgable.c[LF]
-MEM tool_paramhlp.c[LF]
-MEM tool_cfgable.c[LF]
-MEM tool_cfgable.c[LF]
-MEM tool_cfgable.c[LF]
-MEM tool_cfgable.c[LF]
+MEM D:\a\curl\curl\src\tool_cfgable.c[LF]
+MEM D:\a\curl\curl\src\tool_paramhlp.c[LF]
+MEM D:\a\curl\curl\src\tool_cfgable.c[LF]
+MEM D:\a\curl\curl\src\tool_cfgable.c[LF]
+MEM D:\a\curl\curl\src\tool_cfgable.c[LF]
+MEM D:\a\curl\curl\src\tool_cfgable.c[LF]
```
Ref: https://github.com/curl/curl/actions/runs/20408366058/job/58641468316?pr=20061#step:13:303
Ref: https://github.com/curl/curl/actions/runs/20408522070/job/58641826216?pr=20064#step:13:298Closes#20064
To make it available for all files. Drop includes from individual
sources. This header was already included from most sources and not
specific to any internal subsystem.
Also to ensure that two system symbol redefines on Windows (`read()` and
`write()`) get applied to all sources. Move them to `curl_setup.h`.
Closes#20056
Delete where unused, include where to used to avoid relying on
side-effect of other headers.
Also: delete "for curlx_nonblock" comments. That's the only symbol
offered by this header.
Closes#20055
1. With `MBEDTLS_SSL_PROTO_TLS1_2` not enabled, the mbedTLS code was not
able to connect to any server due to broken logic in curl's
`mbed_set_ssl_version_min_max()`. Now it correctly sets the minimum
supported TLS version based on what is compiled in the library.
2. If debugging is enabled, move the debugging enabling earlier in the
`mbed_connect_step1()` so that verbose errors are actually displayed if
failures happen (see the previous point -- it would've made debugging
that issue easier).
3. Remove the constant `mbedtls_x509_crt_profile_fr` and instead use
mbedTLS-included profile `mbedtls_x509_crt_profile_next` with
`mbedtls_ssl_conf_cert_profile()`. This will follow the latest standards
as new mbedTLS versions are released (rather than being stuck-in-time
until someone comes along to fix what was hard-coded here). This has the
immediate benefit of no longer supporting SHA1 certs and insecure RSA
key-lengths (1024). This fix immediately prevents previously possible
MITM attacks (SHA1 hashes and RSA-1024 keys can be forged relatively
easily by nation-state actors and criminal organizations with
deep-pockets).
4. Added [predictive
resistance](https://mbed-tls.readthedocs.io/en/latest/kb/how-to/add-a-random-generator/#enabling-prediction-resistance)
to the random number generator (adding more entropy to the RNG).
5. Split the random number generator into initialization, the actual
random generation, and the "freeing" of the resources. This
significantly reduces the overhead of using the RNG.
6. Removed the separate RNG function in the TLS connect stage (instead
use the "main" one) and remove the ad-hoc threading support. Instead
properly document how to enable threading in mbedTLS. As it was, other
internals of mbedTLS could have race conditions (in the RSA module in
particular) if `MBEDTLS_THREADING_C` was *not* enabled. And if it is
enabled, then these race-conditions cannot happen. And also, if
MBEDTLS_THREADING_C is enabled then the RNG functions [are fully
thread-safe](https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading/).
So, the previous ad-hoc threading support was both partial and broken.
7. Enable support for disabling `MBEDTLS_PEM_PARSE_C`.
8. Add support for `CURLOPT_SSLCERTTYPE` so user can specify `PEM` or
`DER` and get faster execution.
Closes#19983
Since Curl_mntfy_dispatch_all() is called with high frequency and
mostly unnecessary, add a check macro to avoid the call when not
needed.
Closes#20034
Move existing `Curl_rename()` `rename()` wrapper from lib to
curlx/fopen, and make it a curlx macro/function. To allow using
the local worker function to fixup long filenames on Windows.
Then fix the Windows-specific rename implementation to support long
filenames. This operation may happen when using a cookie jar, HSTS cache
or alt-svc cache, via libcurl or the curl tool.
Before this patch, when passing a long filename to the above options,
a `<random>.tmp` file was left on the disk without renaming it to the
filename passed to curl. There was also 1 second delay for each
attempted rename operation.
Also:
- checksrc: ban raw `rename()` and `MoveFileEx*()` functions.
- Note: `Curl_rename()` returned 1 on failure before this patch, while
`curlx_rename()` returns -1 after, to match POSIX `rename()`.
Refs:
https://learn.microsoft.com/windows/win32/api/winbase/nf-winbase-movefileexahttps://learn.microsoft.com/windows/win32/fileio/maximum-file-path-limitation
Ref: #20040Closes#20042
Tailored for each job with a relatively tight limits. Also with no
tolerance in valgrind tests: 4 of the 4 has to be run.
Based on Test Clutch feature matrix which displays the minimum and
actual number of tests:
https://testclutch.curl.se/static/reports/feature-matrix.html
Also:
- runtests.pl: include total number of tests in the error message shown
when the limit was not met.
Assisted-by: Dan Fandrich
Follow-up to 3f1cd809ee#19942Closes#20050
It makes them work in Schannel's CA bundle loader, and curl tool's
set/get file timestamp operations (e.g. in `-R`/`--remote-time`). Also
to match file open operations, that already support long filenames.
E.g. when using `--remote-time`, fixing:
```
Warning: Failed to set filetime 1741363917 on outfile: CreateFile failed:
Warning: GetLastError 0x00000003
```
The special long filename logic is necessary to support Windows releases
prior to Windows 10 v1607. With the latter, it's possible to opt-in to
this behavior via a manifest setting. Note that Windows itself also needs
to opt-in to support this. Finally note that curl itself needs passing
`--globoff` to let long filenames through, pending #20044 and #20046.
Refs:
https://learn.microsoft.com/windows/win32/api/fileapi/nf-fileapi-createfileahttps://learn.microsoft.com/windows/win32/fileio/maximum-file-path-limitation
Ref: #8361
Inspired by: #19286
Inspired-by: Mathesh V
Closes#19286Closes#20040
Also:
- vquic-tls.h: do not include unused headers for non-H3 builds.
- autotools: stop looking for `openssl/x509.h` header.
- cmp-config.pl: delete exception for `openssl/x509.h`.
- examples: format/comment sync between the two touched files.
- openssl: drop unused `curlx/wait.h` include.
Closes#20049
With 24b36fd stream flow control window sizes have been set too
restrictive, crippling transfer rates when no rate limit is in effect.
Disable ngtcp3 stream window auto-tuning and extend the stream window
from the small initial size to the effective rate limit. If no rate
limit is configured, extend stream window to maximum value right away.
This cannot shrink the stream window later, however. But growing the
limit or removing it, will work mid download.
Fixes#20030
Reported-by: koujaz on github
Closes#20033
`io.h` already included via `curl_setup.h`, the other headers are
already guarded off for Windows. `INADDR_LOOPBACK` fallback remains
a no-op on Windows.
Closes#20032
- curl_range: replace `sendf.h` with direct header dependency
`curl_trc.h`.
- drop `curl/curl.h` includes from internal sourcees in favor of the
include made from `curl_setup.h`. Replace it with the latter where
it's the only include.
- include `curl_setup.h` before using macros, where missing.
- drop redundant `stdlib.h`, `string.h` includes, in favor of
`curl_setup_once.h` including them.
- drop redundant `limits.h` in favor of `curl_setup.h` including it.
- fake_addrinfo.h: fix typo in comment.
- curl_setup_once.h: drop `stdio.h` in favor of earlier include in
`curl_setup.h`.
- drop stray, unused, `stddef.h` includes.
- memdebug.h: add missing `stddef.h` include. (relying on accidental
includes via other headers before this patch.)
- stddef.h: document why it's included.
- strerr: drop `curl/mprintf.h` in favor of `curl/curl.h` including it
via `curl_setup.h`.
Closes#20027
It should still insert a (single) space when unfolding
Follow-up to 9941e7c95b following up to 67ae101666.
Updated test 1274 and 1940 accordingly.
Closes#20029
