Commit graph

311 commits

Author SHA1 Message Date
Stefan Eissing
39036c9021
async-thrdd: use thread queue for resolving
Use a thread queue and pool for asnyc threaded DNS resolves.
Add pytest test_21_* for verification.

Add `CURLMOPT_RESOLVE_THREADS_MAX` to allow applications to
resize the thread pool used.

Add `CURLMOPT_QUICK_EXIT` to allow applications to skip thread
joins when cleaning up a multi handle. Multi handles in
`curl_easy_perform()` inherit this from `CURLOPT_QUICK_EXIT`.

Add several debug environment variables for testing.

Closes #20936
2026-03-25 12:14:21 +01:00
Daniel Stenberg
57a94fec47
multi.h: add CURLMNWC_CLEAR_ALL
The two bitmask constants for *CLEAR_DNS and *CLEAR_CONNS were
duplicates (both set to 1), so they cannot be distinguished and both
actions fire.

This shipped in public releases since 8.16.0 to and include 8.19.0.

This fix adds CURLMNWC_CLEAR_ALL to be the new 1, and it now implies all
bits. The DNS and CONNS defines get two new bits (2, 4).

Follow-up to 55c045c863

Found by Codex Security
Closes #20968
2026-03-22 18:06:32 +01:00
Daniel Stenberg
77ed315096
progress: count amount of data "delivered" to application
... and apply the CURLOPT_MAXFILESIZE limit (if set) on that as well.
This effectively protects the user against "zip bombs".

Test case 1618 verifies using a 14 byte brotli payload that otherwise
explodes to 102400 zero bytes.

Closes #20787
2026-03-21 23:21:55 +01:00
Daniel Stenberg
ceae02db04
rtmp: drop support
- librtmp has no test cases, makes no proper releases and has not had a
  single commit within the last year

- librtmp parses the URL itself and requires non-compliant URLs for this

- we have no RTMP tests

- RTMP was used by 2.2% of curl users (self-identified in the 2025
  survey)

Closes #20673
2026-03-21 14:56:06 +01:00
Daniel Stenberg
ad58e07b54
curl.h: remove CURLPROTO_MQTTS from the public header
- the value collided with the internal one used for WebSocket
- we add all new ones as internal bits
- bump to 64-bit internal type
- introduce new define for setting all protocols (CURLPROTO_64ALL)

Reported by Codex Security

Closes #20798
2026-03-03 23:14:34 +01:00
Viktor Szakats
2d5a063121
build: merge TrackMemory (CURLDEBUG) into debug-enabled option
Drop separate `TrackMemory` (aka `CURLDEBUG`) debug feature.

After recent changes (thread-safety,
193cb00ce9, and updates leading up to
it), `TrackMemory` is unlikely to cause build or runtime issues.

To simplify builds and debug options, enable `TrackMemory`
unconditionally for debug-enabled (aka `DEBUGBUILD`) builds. Before
this patch, this was already the default, with an option to disable
it, or enable it in non-debug-enabled builds.

Note, in practice these two debug options already went hand in hand. It
was not possible to toggle them separately for a long time due to bugs,
before 59dc9f7e69 (2024-05-28) fixed it.

This patch also removes/deprecates separate knobs and feature flags for
`TrackMemory`:
- autotools: `--enable-curldebug`/`--disable-curldebug`
- cmake: `-DENABLE_CURLDEBUG=ON`/`OFF`
- C macro: `CURLDEBUG`
- libcurl: `CURL_VERSION_CURLDEBUG` symbol deprecated in favor
  of `CURL_VERSION_DEBUG`. They always return the same value after this
  patch.

Also:
- drop `TrackMemory` from `curl -V` output.
- rename internal `CURLDEBUG` macro to `CURL_MEMDEBUG` internally.
  To avoid confusion with `DEBUGBUILD`, but to keep guarding
  `TrackMemory`-related internals for readability.
- runtests: bind `TrackMemory` to debug feature. Keep it a separate
  test feature requirement, for clarity.
- CI: drop test builds for combinations of the two options.
- GHA/linux: no longer disable TrackMemory in the TSAN job.

Ref: https://github.com/curl/curl/pull/20328#issuecomment-3754528407

Closes #20331
2026-01-19 18:43:17 +01:00
Daniel Stenberg
6c31df453b
mqtt: initial support for MQTTS
Closes #19418
2026-01-17 22:43:36 +01:00
Daniel Stenberg
496802fdcf
multi: use CURLMNOTIFY_ as notification id prefix
Since CURLM_ is already used as prefix for multi error codes, it makes
it easier to detect and understand the difference between identifiers -
and allows for scripts on the website and elsewhere to separate them
properly.

Follow-up to 53be8166b2
Closes #18912
2025-10-07 17:18:05 +02:00
Stefan Eissing
53be8166b2
multi: notify rename, remove the last stragglers
in the public API.

Follow-up to 357808f4ad

Closes #18910
2025-10-07 14:54:49 +02:00
Stefan Eissing
357808f4ad
multi: add notifications API
Add infrastructure to colled and dispatch notifications for transfers
and the multi handle in general. Applications can register a callback
and en-/disable notification type the are interested in.

Without a callback installed, notifications are not collected. Same when
a notification type has not been enabled.

Memory allocation failures on adding notifications lead to a general
multi failure state and result in CURLM_OUT_OF_MEMORY returned from
curl_multi_perform() and curl_multi_socket*() invocations.

Closes #18432
2025-10-07 10:55:31 +02:00
Daniel Stenberg
5ab120bc4e
krb5: drop support for Kerberos FTP
It was accidentally broken in commit 0f4c439fc7, shipped since
8.8.0 (May 2024) and yet not a single person has noticed or reported,
indicating that we might as well drop support for FTP Kerberos.

Krb5 support was added in 54967d2a3a (July 2007), and we have
been carrying the extra license information around since then for this
code. This commit removes the last traces of that code and thus we can
remove the extra copyright notices along with it.

Reported-by: Joshua Rogers
Closes #18577
2025-09-20 23:58:28 +02:00
Daniel Stenberg
3689ef21bd
multi: change prefix for the network change bits to CURLMNWC_
Because "CURLM_" is used for curl multi error codes and it is convenient
to use the prefix to identify the number family.

Closes #18176
2025-08-05 13:05:59 +02:00
Stefan Eissing
1ad2009ad6
multi: add new information extraction method
Adds `curl_off_t curl_multi_get_offt(CURLM *multi_handle, CURLMinfo_offt
info)` to the multi interface with enums:

* CURLMINFO_XFERS_CURRENT: current number of transfers
* CURLMINFO_XFERS_RUNNING: number of running transfers
* CURLMINFO_XFERS_PENDING: number of pending transfers
* CURLMINFO_XFERS_DONE: number of finished transfers to read
* CURLMINFO_XFERS_ADDED: total number of transfers added, ever

Add documentation for functions and info enums.

Add use in the curl command line tool to replace two static
variables counting the same "from the outside".

refs #17870
Closes #17992
2025-08-04 23:48:57 +02:00
Stefan Eissing
55c045c863
multi: add CURLMOPT_NETWORK_CHANGED to signal network changed
New multi option CURLMOPT_NETWORK_CHANGED with a long bitmask value:

- CURLM_NWCOPT_CLEAR_CONNS: do not reuse existing connections, close all
  idle connections.

- CURLM_NWCOPT_CLEAR_DNS: clear the multi's DNS cache.

All other bits reserved for future extensions.

Fixes #17225
Reported-by: ウさん
Closes #17613
2025-07-29 11:18:26 +02:00
Viktor Szakats
8eab2b7086
tidy-up: whitespace
Cherry-picked from #17877
Cherry-picked from #17876

Closes #17896
2025-07-11 13:32:54 +02:00
Viktor Szakats
55509b045b
test1175: fix to run, and fix documentation issues detected
Fix test 1175 by passing the source root directory (was: tests).

Before this patch this caused silent Perl warnings and returning success
without executing the tests, due to:
```
readline() on closed filehandle $f at ../../tests/test1175.pl line 55.
readline() on closed filehandle $f at ../../tests/test1175.pl line 39.
```

Running the test revealed these issues:
```
CURLE_FUNCTION_NOT_FOUND is not in libcurl-errors.md
CURLE_HTTP_POST_ERROR is not in libcurl-errors.md
CURLE_TELNET_OPTION_SYNTAX is not in libcurl-errors.md
CURLM_CALL_MULTI_SOCKET is not in libcurl-errors.md
```

Apply fixes:
- mark `CURLE_FUNCTION_NOT_FOUND` deprecated by 7.53.0
- mark `CURLE_HTTP_POST_ERROR` deprecated by 7.56.0
- mark `CURLE_TELNET_OPTION_SYNTAX` deprecated by 7.78.0
- document `CURLM_CALL_MULTI_SOCKET` as a synonym for
  `CURLM_CALL_MULTI_PERFORM`
- test1477: exclude `CURLM_CALL_MULTI_SOCKET`.

But, these weren't officially deprecated. It may need more updates
to reflect that in other places, or fix the issues differently.

Follow-up to 66ec950004 #12424
Follow-up to 74f441c6d3 #4628

Cherry-picked from #17877
Closes #17880
2025-07-11 12:28:46 +02:00
Viktor Szakats
924c7e15dc
tidy-up: update deprecated status of some symbols/options
`CURLOPT_SSL_FALSESTART` / `--false-start`, Secure Transport, BearSSL,
GSKit, MesaLink, NSS.

Follow-up to 1e2e808def #17595
Follow-up to 08a3e8e19a #16677

Closes #17605
2025-06-15 01:38:26 +02:00
Daniel Stenberg
614313f12f
system.h: remove some macros
Since curl_off_t is always 64 bit these days, we can simplify and avoid
using some macros.

Closes #17498
2025-06-05 10:56:31 +02:00
Andrei Florea
a638828c88
TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs
Fixes #12982
Closes #16964
2025-04-30 17:47:22 +02:00
Brian Chrzanowski
c0df01fd94
websocket: add option to disable auto-pong reply
This adds another bitflag on CURLOPT_WS_OPTIONS (CURLWS_NOAUTOPONG) that
disables the default and automatic PONG reply in the WebSocket layer.

Assisted-by: Calvin Ruocco

Closes #16744
2025-04-19 00:01:28 +02:00
Daniel Stenberg
daa8693619
VERSIONS: list all past releases
This document now lists all previous releases.

This allows us to verify that documentation refers to actual release
versions.

Test 971 now verifies options-in-versions and all command line options
documentation individually. Fixed a few discrepancies.

Test 1488 verifies libcurl options "Added-in" to exist. Fixed a few
discrepancies there as well.

Closes #16907
2025-04-03 08:26:33 +02:00
tiymat
6758aa722d
IMAP: add CURLOPT_UPLOAD_FLAGS and --upload-flags
Set properties on the uploaded resource.

Test 3209 and 3210 verify.

Closes #15970
2025-03-04 15:21:16 +01:00
Daniel Stenberg
fb13923dd6
lib: add CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY
With this change, the argument passed to the CURLOPT_FOLLOWLOCATION
option is now instead a "mode" instead of just a boolean. Documentation
is extended to describe the two new modes.

Test 1571 to 1581 verify.

Closes #16473
2025-03-03 11:35:48 +01:00
Viktor Szakats
dbbbf717f3
curl.h: stop defining non-curl __has_declspec_attribute
Public curl headers are best not to define 3rd-party or system macros.
Introduce `CURL_HAS_DECLSPEC_ATTRIBUTE` to cover this system macro and
use it.

Detected by test1167 after dropping the indentation:
```
test 1167...[Verify curl prefix of public symbols in header files]

/usr/bin/perl -I. -I.  returned 1, when expecting 0
 1167: exit FAILED
== Contents of files in the log/10/ dir after test 1167
=== Start of file server.cmd
 Testnum 1167
=== End of file server.cmd
=== Start of file stdout1167
 Bad symbols in public header files:
   __has_declspec_attribute(x)
=== End of file stdout1167
```
Ref: https://github.com/curl/curl/actions/runs/13533200900/job/37819784405?pr=16490#step:42:2087

Ref: https://clang.llvm.org/docs/LanguageExtensions.html#has-declspec-attribute
Follow-up to 50482b8c0a #3616
Ref: #16496 (fixing test1167)
Closes #16491
2025-02-26 13:10:31 +01:00
Edoardo Lolletti
e0225f261e
symbols-in-versions: update version for LIBCURL_VERSION and LIBCURL_VERSION_NUM
Those 2 symbols were available since the first 7.1.1 release

Closes #16141
2025-02-03 20:20:49 +01:00
Daniel Stenberg
9d5ecc9613
getinfo: provide info which auth was used for HTTP and proxy
CURLINFO_HTTPAUTH_USED and CURLINFO_PROXYAUTH_USED

Tested in 590 and 694

Ref: #12668
Idea-by: Ganesh Viswanathan
Closes #15450
2024-12-23 23:03:54 +01:00
Stefan Eissing
962097b8dd
TLS: TLSv1.3 earlydata support for curl
Based on #14135, implement TLSv1.3 earlydata support for the curl
command line, libcurl and its implementation in GnuTLS.

If a known TLS session announces early data support, and the feature is
enabled *and* it is not a "connect-only" transfer, delay the TLS
handshake until the first request is being sent.

- Add --tls-earldata as new boolean command line option for curl.
- Add CURLSSLOPT_EARLYDATA to libcurl to enable use of the feature.
- Add CURLINFO_EARLYDATA_SENT_T to libcurl, reporting the amount of
  bytes sent and accepted/rejected by the server.

Implementation details:
- store the ALPN protocol selected at the SSL session.
- When reusing the session and enabling earlydata, use exactly
  that ALPN protocol for negoptiation with the server. When the
  sessions ALPN does not match the connections ALPN, earlydata
  will not be enabled.
- Check that the server selected the correct ALPN protocol for
  an earlydata connect. If the server does not confirm or reports
  something different, the connect fails.
- HTTP/2: delay sending the initial SETTINGS frames during connect,
  if not connect-only.

Verification:
- add test_02_32 to verify earlydata GET with nghttpx.
- add test_07_70 to verify earlydata PUT with nghttpx.
- add support in 'hx-download', 'hx-upload' clients for the feature

Assisted-by: ad-chaos on github
Closes #15211
2024-10-11 12:28:22 +02:00
Viktor Szakats
805bbf7c55
NTLM_WB: delete remains in tests, docs updates
Also update more docs to reflect the removal of NTLM_WB.

Follow-up to 50def7c881 #13249
Closes #14832
2024-09-10 14:13:36 +02:00
Alex Snast
136504195a
getinfo: add CURLINFO_POSTTRANSFER_TIME_T
Returns the time, in microseconds, from the start until the last byte is
sent by libcurl (i.e. the request is sent off).

Closes #14189
2024-08-15 09:02:58 +02:00
Andy Pan
b77d627d24
tcpkeepalive: add CURLOPT_TCP_KEEPCNT and --keepalive-cnt
Closes #13885
2024-06-12 09:31:17 +02:00
Daniel Stenberg
655d44d139
urlapi: add CURLU_NO_GUESS_SCHEME
Used for extracting:

- when used asking for a scheme, it will return CURLUE_NO_SCHEME if the
  stored information was a guess

- when used asking for a URL, the URL is returned without a scheme, like
  when previously given to the URL parser when it was asked to guess

- as soon as the scheme is set explicitly, it is no longer internally
  marked as guessed

The idea being:

1. allow a user to figure out if a URL's scheme was set as a result of
  guessing

2. extract the URL without a guessed scheme

3. this makes it work similar to how we already deal with port numbers

Extend test 1560 to verify.

Closes #13616
2024-06-01 23:51:42 +02:00
Daniel Stenberg
3eac21d86b
urlapi: add CURLU_GET_EMPTY for empty queries and fragments
By default the API inhibits empty queries and fragments extracted.
Unless this new flag is set.

This also makes the behavior more consistent: without it set, zero
length queries and fragments are considered not present in the URL. With
the flag set, they are returned as a zero length strings if they were in
fact present in the URL.

This applies when extracting the individual query and fragment
components and for the full URL.

Closes #13396
2024-04-18 10:37:28 +02:00
Stephen Farrell
a362962b72
TLS: add support for ECH (Encrypted Client Hello)
An EXPERIMENTAL feature used with CURLOPT_ECH and --ech.

Closes #11922
2024-04-16 08:10:53 +02:00
Daniel Stenberg
dde4b3855e
curl_version_info: provide librtmp version
Ref: https://github.com/curl/curl/pull/13364#issuecomment-2054151942
Reported-by: talregev on github
Closes #13368
2024-04-15 16:48:34 +02:00
Daniel Stenberg
cc04c73677
CURLINFO_USED_PROXY: return bool whether the proxy was used
Adds test536 to verify

Closes #12719
2024-02-22 08:38:53 +01:00
Daniel Stenberg
68f96fc9bf
getinfo: CURLINFO_QUEUE_TIME_T
Returns the time, in microseconds, during which this transfer was held
in a waiting queue before it started "for real". A transfer might be put
in a queue if after getting started, it cannot create a new connection
etc due to set conditions and limits imposed by the application.

Ref: #12293
Closes #12368
2023-12-27 09:28:48 +01:00
Daniel Stenberg
dd29622f32
CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add
Proposed-by: Yifei Kong
Ref: https://curl.se/mail/lib-2023-11/0023.html
Closes #12369
2023-12-18 23:09:30 +01:00
Daniel Stenberg
f58e493e44
curl.h: add CURLE_TOO_LARGE
A new error code to be used when an internal field grows too large, like
when a dynbuf reaches its maximum. Previously it would return
CURLE_OUT_OF_MEMORY for this, which is highly misleading.

Ref: #12268
Closes #12269
2023-12-18 10:34:22 +01:00
Daniel Stenberg
018f9cb480
symbols-in-versions: the CLOSEPOLICY options are deprecated
The were used with the CURLOPT_CLOSEPOLICY option, which *never* worked.
2023-12-02 17:07:34 +01:00
Viktor Szakats
e9a7d4a1c8
windows: use built-in _WIN32 macro to detect Windows
Windows compilers define `_WIN32` automatically. Windows SDK headers
or build env defines `WIN32`, or we have to take care of it. The
agreement seems to be that `_WIN32` is the preferred practice here.
Make the source code rely on that to detect we're building for Windows.

Public `curl.h` was using `WIN32`, `__WIN32__` and `CURL_WIN32` for
Windows detection, next to the official `_WIN32`. After this patch it
only uses `_WIN32` for this. Also, make it stop defining `CURL_WIN32`.

There is a slight chance these break compatibility with Windows
compilers that fail to define `_WIN32`. I'm not aware of any obsolete
or modern compiler affected, but in case there is one, one possible
solution is to define this macro manually.

grepping for `WIN32` remains useful to discover Windows-specific code.

Also:

- extend `checksrc` to ensure we're not using `WIN32` anymore.

- apply minor formatting here and there.

- delete unnecessary checks for `!MSDOS` when `_WIN32` is present.

Co-authored-by: Jay Satiro
Reviewed-by: Daniel Stenberg

Closes #12376
2023-11-22 15:42:25 +00:00
Viktor Szakats
a8c773845f
tidy-up: whitespace fixes
Closes #11972
2023-09-28 12:03:28 +00:00
Daniel Stenberg
c350069f64
urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name
Asssisted-by: Jay Satiro
Closes #11655
2023-08-13 15:34:38 +02:00
Stefan Eissing
e024d5665d
lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID
- add an `id` long to Curl_easy, -1 on init
- once added to a multi (or its own multi), it gets
  a non-negative number assigned by the connection cache
- `id` is unique among all transfers using the same
  cache until reaching LONG_MAX where it will wrap
  around. So, not unique eternally.
- CURLINFO_CONN_ID returns the connection id attached to
  data or, if none present, data->state.lastconnect_id
- variables and type declared in tool for write out

Closes #11185
2023-06-12 23:53:00 +02:00
Raito Bezarius
0a75964d0d
haproxy: add --haproxy-clientip flag to spoof client IPs
CURLOPT_HAPROXY_CLIENT_IP in the library

Closes #10779
2023-06-05 20:08:37 +02:00
Daniel Stenberg
fff65550bc
CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS
Deprecate the name using three Ls and prefer the name with two.

Replaces #10047
Closes #11218
2023-06-03 23:29:04 +02:00
Daniel Stenberg
712e5f1e7f
CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2
Setting this proxy type allows curl to negotiate and use HTTP/2 with
HTTPS proxies.

Closes #10900
2023-04-08 00:27:53 +02:00
Jim King
34ef4fab22
openssl: interop with AWS-LC
* Configure changes to detect AWS-LC
* CMakeLists.txt changes to detect AWS-LC
* Compile-time branches needed to support AWS-LC
* Correctly set OSSL_VERSION and report AWS-LC release number
* GitHub Actions script to build with autoconf and cmake against AWS-LC

AWS-LC is a BoringSSL/OpenSSL derivative
For more information see https://github.com/awslabs/aws-lc/

Closes #10320
2023-03-30 10:56:14 +02:00
Daniel Stenberg
a56d2b0b94
curl.h: add CURL_HTTP_VERSION_3ONLY
As the previous CURL_HTTP_VERSION_3 option gets a slightly altered meaning.

Closes #10264
2023-01-12 16:17:55 +01:00
Daniel Stenberg
076a2f6291
share: add sharing of HSTS cache among handles
Closes #10138
2022-12-27 15:22:01 +01:00
Daniel Stenberg
901392cbb7
urlapi: add CURLU_PUNYCODE
Allows curl_url_get() get the punycode version of host names for the
host name and URL parts.

Extend test 1560 to verify.

Closes #10109
2022-12-26 23:29:23 +01:00