- autotools: stop checking for `WINVER` to detect thread-safety.
To sync with implementation in `easy_lock.h` and with cmake.
- replace numeric version with `_WIN32_WINNT_VISTA`.
- `_WIN32_WINNT_VISTA` is always defined via `setup-win32.h`,
don't check for it.
Closes#17981
- vtls: fix unused variable and symbols.
- ftp: fix unused variable.
- http: fix unused variables.
- smtp: fix unsued variable.
- wolfssl: fix unused variable with !proxy.
- libssh: fix unused argument.
- curl_trc: sync guards between declaration and definition.
- curl_trc: add missing guard for `Curl_trc_ssls` when !verbose.
- curl_trc: fix errors with !http + http3.
- curl_trc: fix missing function with !http + nghttp2.
- cf-h2-proxy: disable when !http + nghttp2, to avoid calling undeclared
functions.
- sha256: fix missing declaration in rare configs.
- md4: fix symbol conflict when building GnuTLS together with AWS-LC or
wolfSSL. By prioritizing the latter two. AWS-LC has no option
to disable the clashing symbol. wolfSSL does, but the most seamless is
to skip including GnuTLS's standalone `md4.h` to avoid the clash.
- build: fix errors with !http + nghttp2.
- build: catch !ssl + ssls-export combination in source. Convert
build-level errors to warnings.
- build: fix errors with !http + http3.
- build: fix building curl tool and unit1302 in rare combinations.
By always compiling base64 curlx functions.
- cmake: add `_CURL_SKIP_BUILD_CERTS` internal option.
To disable automatically building certs with the testdeps target.
To improve performance when testing builds.
(used locally to find the failing builds fixed in this PR.)
Closes#17962
Configure curl with `--with-test-sockd=<path to sockd>` for a locally
installed dante sockd server and new `test_40_*` will verify that
down- and uploads work via SOCKS.
Invoke scorecard.py with `--socks4` or `--socks5` to run performance
tests with SOCKS. Note that SOCKS is not supported for HTTP/3.
Ref: #17969Closes#17986
Replace repeat `#ifdef` code with a macro for the return type of
the thread function.
Also:
- always define `CURL_STDCALL`, allowing to use it without guards.
- lib1307: drop single-use macro `CAINFO`.
Closes#17889
- codespell: break logic out into its own runnable script. Allowing
to run it on local machines.
- codespell: install via `pip`, bump to latest version.
- codespell: show version number in CI log.
- codespell: drop no longer needed word exception: `msdos`.
- codespell: include all curl source tree, except `packages` and
`winbuild`. Drop an obsolete file exclusion.
- add new spellchecker job using the `typos` tool. It includes
the codespell dictionary and a couple more. Use linuxbrew to install
it. This takes 10 seconds, while installing via `cargo` from source
would take over a minute.
- codespell: introduce an inline ignore filter compatible with `cspell`
Make `typos` recognize it, too. Move single exceptions inline.
Fix new typos found. Also rename variables and words to keep
spellchecking exceptions at minumum. This involves touching some tests.
Also switch base64 strings to `%b64[]` to avoid false positives.
Ref: https://github.com/crate-ci/typos/blob/master/docs/reference.md
Ref: https://github.com/codespell-project/codespell?tab=readme-ov-file#inline-ignore
Ref: https://github.com/codespell-project/codespell/issues/1212#issuecomment-1721152455
Ref: https://cspell.org/docs/Configuration/document-settingsCloses#17905
When a socket is closed, only inform the application
socket callback about it if the socket had been announced
before to the callback.
Reported-by: yaoy6 on github
Fixes#17949Closes#17950
To fix test 1308 in MultiSSL builds.
Failure was caused by the random number generator virtual function being
NULL, instead of pointing to the implementation in the runtime-selected
TLS backend. This could happen in MultiSSL builds when a functionality
was asking for a random number without triggering a VTLS function table
initialization first. Such functionality is MIME, or form data via MIME.
The reason CI did not catch it in an earlier MultiSSL GHA/windows job,
is that it was a debug-enabled one. In debug-enabled builds the test
runner was overriding the random number generator for all tests.
Fixed this by moving the override to the tests requiring it, via
1fcf22585f#17971, enabling debug builds
to catch this issue.
Enable MultiSSL in two CI jobs, to verify this patch.
Fixing:
```
test 1308...[formpost tests]
libtests returned 44, when expecting 0
1308: exit FAILED
[...]
=== Start of file stderr1308
URL: log/3/test-1308
tests/libtest/lib1308.c:70 Assertion 'res == 0' FAILED: curl_formget returned error
tests/libtest/lib1308.c:72 Assertion 'total_size == 518' FAILED: curl_formget got wrong size back
tests/libtest/lib1308.c:88 Assertion 'res == 0' FAILED: curl_formget returned error
tests/libtest/lib1308.c:89 Assertion 'total_size == 899' FAILED: curl_formget got wrong size back
```
Ref: https://github.com/curl/curl/actions/runs/16387693424/job/46309536359?pr=17963#step:16:2515
Bug: https://github.com/curl/curl/pull/17963#issuecomment-3092282057Closes#17970
- de-complex Curl_gtls_verifyserver() by splitting of static
functions for parts of it.
- follow the `goto out` style with common deallocation code
Closes#17941
- rename Curl_oss_check_peer_cert() to Curl_ossl_check_peer_cert()
- leave altname match loop after the first success when the match
was an ip address
- remove static subj_alt_hostcheck() since it did not really do much
- use length based infof() output of altname, even though it does
seem always to be nul terminated
Closes#17940
Ahmad Gani intercepts the sendto syscall to simulate short send, but
curl incorrectly handles it. It keeps resending the version:
sendto(4, "\x05", 1, MSG_NOSIGNAL, NULL, 0) = 1
sendto(4, "\x05", 1, MSG_NOSIGNAL, NULL, 0) = 1
Don't restart the buffer in the `CONNECT_SOCKS_INIT` case if
`sx->outstanding` is not zero. It should continue sending the
advanced buffer.
Fixes#17942
Reported-by: Ahmad Gani <reyuki@gnuweeb.org>
Signed-off-by: Ammar Faizi <ammarfaizi2@gnuweeb.org>
Closes#17943
To set it before checking for it while enabling `HAVE_INET_NTOP` and
`HAVE_INET_PTON` for Vista (and up) targets.
May have affected winbuild or Visual Studio IDE Project Files.
Follow-up to 68fa9bf3f5#9712Closes#17928
The `transport` to use for a transfer, e.g. TCP/QUIC/UNIX/UDP, is
initially selected by options and protocol used. This is set at the
`struct connectdata` as `transport` member.
During connection establishment, this transport may change due to
Alt-Svc or Happy-Eyeballing. Most common is the switch from TCP to QUIC.
Rename the connection member to `transport_wanted` and add a way to
query the connection for the transport in use via a new connection
filter query.
The filter query can also be used in the happy eyeballing attempts when
code needs to know which transport is used by the "filter below". This
happens in wolfssl initialization, as one example.
Closes#17923
When using winbuild or Visual Studio IDE Project Files.
To simplify and prepare for dropping support for VS2008.
Details:
- fix VS2012 default target to be Windows 8 (was Vista).
Confirmed by CI:
```
-- The C compiler identification is MSVC 17.0.61030.0
-- Found _WIN32_WINNT=0x0602
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/51594696/job/elbl0w5n7fmoos2f#L45
It also aligns with the default being Windows 7 for VS2010,
and Windows Vista for VS2008.
- bump minimum target to XP (was Windows 2000) when using VS2008.
curl requires XP.
- add Windows release names to comments for clarity.
- add hex Windows version to a comment for clarity.
- merge VS2008/VS2012 minimum/default logic and comments.
- reduce scope of local minimum/default macros.
- shorten comments to fit within line limit.
Closes#17916
In gtls.c there was a typo'd comment that I think was missing the word
"no" to indicate there's "no GnuTLS way to signal no EarlyData".
This commit fixes that typo, and also updates a copy-pasted instance
that made it into wolfssl.c where it should refer to the WolfSSL API
missing the capability, not GnuTLS.
Closes#17907
To avoid applying it to all other sources in unity mode.
This may have affected tests setting a custom time via `CURL_TIME`,
in unity builds: 446, 780, 781, 782, 783, 970, 972, 1654, 1660
Closes#17897
This callback was permanently mapped to libcurl's internal
`Curl_wcsdup()`, which always uses the customizable malloc for
allocation, thus making a custom mapping redundant anyway.
To simplify, drop the callback and map `_tcsdup()` in Unicode mode
directly to `Curl_wcsdup()`.
Also fixes:
- `curl_global_init()` which, before this patch, (re)initialized its
mapping to `_wcsdup()`, returning buffers potentially incompatible
with a custom allocator.
Bug: https://github.com/curl/curl/pull/17840#issuecomment-3044361245
Bug: https://github.com/curl/curl/pull/7540#issuecomment-2380995349
Co-reported-by: Luca Kellermann
Follow-up to 76e047fc27#7540
Assisted-by: Jay Satiro
Closes#17843
It could previously cause a memory-leak when the cleanup was not
performed because it was not set.
Reported-by: albrechtd on github
Fixes#17819Closes#17837
Replace the old Curl_ssl_get_internals() with a new connection filter
query to retrieve the information. Implement that filter query for TCP
and QUIC TLS filter types.
Add tests in client tls_session_reuse to use the info option and check
that pointers are returned.
Reported-by: Larry Campbell
Fixes#17801Closes#17809
Fixing:
- a raw `free()` in ECH code that's malloced in lib code, causing
an invalid free, also reported by valgrind (in non-unity builds).
And in unity builds adjusted to behave like non-unity via #17827:
Ref: https://github.com/curl/curl/actions/runs/16093372427/job/45421778472?pr=17827#step:39:3321
- a local pair of `malloc()`/`free()` to use curl's memory allocators,
and participate in memory tracking when enabled.
Cherry-picked from #17827Closes#17830
- hostip: fix unused variable with `CURL_DISABLE_SHUFFLE_DNS`
```
lib/hostip.c: In function 'Curl_dnscache_mk_entry':
lib/hostip.c:490:42: warning: unused parameter 'data' [-Wunused-parameter]
490 | Curl_dnscache_mk_entry(struct Curl_easy *data,
| ~~~~~~~~~~~~~~~~~~^~~~
```
- setopt: fix unused function with `CURL_DISABLE_HTTP`
```
lib/setopt.c:214:17: warning: 'httpauth' defined but not used [-Wunused-function]
214 | static CURLcode httpauth(struct Curl_easy *data, bool proxy,
| ^~~~~~~~
```
- url: fix unused function with `CURL_DISABLE_NETRC`
```
lib/url.c:2760:13: warning: 'str_has_ctrl' defined but not used [-Wunused-function]
2760 | static bool str_has_ctrl(const char *input)
| ^~~~~~~~~~~~
```
Seen with a minimal curl-for-win build:
```
CW_CONFIG=dev-x64-zero-osnotls-osnoidn-nohttp-nocurltool-linux-unity
```
Closes#17818
