- `NOT` + `VERSION_LESS` -> `VERSION_GREATER_EQUAL`
Available since 3.7, which is the minimum required for curl:
https://cmake.org/cmake/help/latest/command/if.html#version-greater-equal
- make `CMAKE_REQUIRED_*` argument quotes consistent.
- make `CMAKE_REQUIRED_*` space alignment consistent.
- drop quote from version value for consistency with other cases.
- formatting
Closes#17002
by including headers using "../[header]" when done from C files in
subdirectories, we do not need to specify the lib source dir as an
include path and we reduce the risk of header name collisions with
headers in the SDK using the same file names.
Idea-by: Kai Pastor
Ref: #16949Closes#16991
Also adjust `()` around low-level calls preventing macro overrides via
e.g. `memdebug.h`:
- add for `malloc` and `free`.
- drop for `_open`. (We do not override `_open` in curl.)
Tidy-up: also sync libcurlu custom macro order in cmake with autotools.
Follow-up to f42a279ee3#11928Closes#16742
The fix in b8bd019c6a (#16959) broke the
CURLOPT_HTTP_TRANSFER_DECODING handling, shown in test 319 and curl's
--raw option.
This is a follow-up that restores the functionality.
Enable test 319 again.
Fixes#16974Closes#16984
Made the HTTPS-RR parser a little stricter while at it.
Drop the ALPN escape handling, that was not needed.
Make the hode handle (and ignore) duplicate ALPN entries.
Closes#16972
- allow and ignore "identity" as an encoding
- fail if any other encoder than chunked follows after chunked
- fail on unsolicited encodings - when the server encodes but curl did
not ask for it
Add test 1493 to 1496 to verify.
Disable test 319 as that is now broken: issue #16974
Reported-by: Jonathan Rosa
Fixes#16956Closes#16959
When pausing a HTTP/2 transfer, the stream's local window size
is reduced to 0 to prevent the server from sending further data
which curl cannot write out to the application.
When unpausing again, the stream's window size was not correctly
increased again. The attempt to trigger a window update was
ignored by nghttp2, the server never received it and the transfer
stalled.
Add a debug feature to allow use of small window sizes which
reproduces this bug in test_02_21.
Fixes#16955Closes#16960
From what I understand both rustls and mbedTLS expose a strong random
function, so as long as you have a TLS library random will be strong.
Followup 8972845123 "vtls/rustls: support strong CSRNG data"
Followup a90a5bccd4 "mbedtls: implement CTR-DRBG and HAVEGE random generators"
Closes#16965
The HTTPSRR check on the record's target was not working as it used the
wrong index on the NUL byte if the target was not NULL.
Fixes#16966
Reported-by: Pavel Kropachev
Closes#16968
To use curl as a tool for troubleshooting SigV4 signing, it is useful to
have the 'Canonical Request', 'String To Sign' and 'Signature'
calculations output.
Closes#16952
Allocate the data shared between a transfer and an aync resolver thread
separately and use a reference counter to determine its release.
Change `Curl_thread_destroy()` to clear the thread handle, so that the
thread is considered "gone" and we do not try to join (and fail to)
afterwards.
Retake of the revert in fb15a986c0Closes#16916
Slight refactoring around dnscache, e.g. hostcache
- eliminate `data->state.hostcache`. Always look up
relevant dnscache at share/multi.
- unify naming to "dnscache", replacing "hostcache"
- use `struct Curl_dnscache`, even though it just
contains a `Curl_hash` for now.
- add `Curl_dnscache_destroy()` for cleanup in
share/multi.
Closes#16941
Previously it was not compiled if CURL_DISABLE_BINDLOCAL is set, but the
FTP code is also using this function.
Easily found by using configure --disable-bindlocal without disabling
FTP.
Closes#16933
Enable eventfd code consistently when both `HAVE_EVENTFD` and
`HAVE_SYS_EVENTFD_H` macros are defined.
Before this patch `HAVE_EVENTFD` guarded it alone, though the code
also required the header, which was guarded by `HAVE_SYS_EVENTFD_H`.
These should normally be detected in pairs. When they aren't, omit using
`eventfd()` to avoid calling it without a known matching header.
If this disables valid cases (e.g. some system declares this function
via a different header), feature detection and the code may be extended
for those cases. If these are known to come in pairs, always, another
option is detect them both at build stage, and forward a single macro
to C.
Reported-by: Abhinav Singhal
Bug: https://curl.se/mail/lib-2025-04/0000.htmlCloses#16909
Curl_hexbyte - output a byte as a two-digit ASCII hex number
Curl_hexval - convert an ASCII hex digit to its binary value
... instead of duplicating similar code and hexdigit strings in numerous
places.
Closes#16888
The condition required to reach this call could not happen, because
cf_ssl_scache_get() already checks the same condition and returns NULL
for 'scache' prior to this.
Found by CodeSonar
Closes#16896
When a PUSH_PROMISE was received, the h2_stream object was assigned
to the wrong `newhandle->mid` and was thereafter not found. This led
to internal confusion, because the nghttp2 stream user_data was not
cleared and an invalid easy handle was use for trace messages,
resulting in a crash.
Reported-by: Viktor Szakats
Fixes#16881Closes#16905
With libssh2 1.11.0 or newer.
Different crypto backends may offer different features, e.g. in the keys
and algos they support.
Examples:
```
* Trying 127.0.0.1:22...
* Connected to localhost (127.0.0.1) port 22
* libssh2 crypto backend: openssl compatible
[or]
* libssh2 crypto backend: WinCNG
```
Also fix indentation and drop redundant curly braces.
Closes#16790
Treat %2e and %2E to be "dot equivalents" in the function and remove
such sequences as well, according to RFC 3986 section 5.2.4. That is
also what the browsers do.
This DOES NOT consider %2f sequences in the path to be actual slashes,
so there is no removal of dots for those.
This function does not decode nor encode any percent sequences.
Also switched the code to use dynbuf.
Extends test 1395 and 1560 to verify.
Assisted-by: Demi Marie Obenour
Fixes#16869Closes#16870
When multiple headers share the same name, AWS SigV4 expects them to be
merged into a single header line, with values comma-delimited in the
order they appeared.
Add libtest 1978 to verify.
Closes#16743
Before this patch the signal handler called `logmsg()` which in turn
called `printf()` variants (internal implementations), and `FILE *`
functions, `localtime()`. Some of these called `malloc`/`free`, which
isn't supported in s signal handler. Replace them with `write` calls,
losing some logging functionality.
Also:
- De-dupe and move `STD*_FILENO` macros to `lib/curl_setup.h`. Revert
the `src` definition to point to `stderr`, instead of `tool_stderr`.
Follow-up to e5bb88b8f8#11958
POSIX specs with list of functions allowed in a signal handler:
2004: https://pubs.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html#tag_02_04_03
2017: https://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_04_03
2024: https://pubs.opengroup.org/onlinepubs/9799919799/functions/V2_chap02.html#tag_16_04_03
Linux CI run with the thread sanitizer going crazy when
hitting the signal handler in test 1238 and 1242 (TFTP):
```
WARNING: ThreadSanitizer: signal-unsafe call inside of a signal (pid=12582)
#0 malloc <null> (servers+0x5ed70)
#1 _IO_file_doallocate <null> (libc.so.6+0x851b4)
#2 formatf /home/runner/work/curl/curl/bld/tests/server/../../lib/../../lib/mprintf.c:886:9 (servers+0xdff77)
[...]
WARNING: ThreadSanitizer: signal-unsafe call inside of a signal (pid=12582)
#0 free <null> (servers+0x5f453)
#1 fclose <null> (libc.so.6+0x8532f)
#2 logmsg /home/runner/work/curl/curl/bld/tests/server/../../../tests/server/util.c:134:5 (servers+0xe684d)
```
Ref: https://github.com/curl/curl/actions/runs/14118903372/job/39555309490?pr=16851Closes#16852
With rustls-ffi 0.15+ we can set up a callback for writing TLS secrets
hooked up to call Curl_tls_keylog_write. To make sure the associated
file is cleaned up we update the Curl_ssl struct for the rustls-ffi vtls
backend to have a cleanup callback.
Closes#16828
