Commit graph

505 commits

Author SHA1 Message Date
Viktor Szakats
e5d9c871f0
tidy-up: assortment of small fixes
- examples/headerapi: fix wrong cast.
- curl_ngtcp2: delete stray character from error message.
- rustls: fix inline variable declaration.
- sendf: drop redundant `int` cast.
- libtest/cli_ws_data: drop cast with mismatched signedness.

Cherry-picked from #18343

Closes #18664
2025-09-21 16:50:14 +02:00
Viktor Szakats
bf7375ecc5
build: avoid overriding system symbols for socket functions
Before this patch `accept4()`, `socket()`, `socketpair()`, `send()` and
`recv()` system symbols were remapped via macros, using the same name,
to local curl debug wrappers. This patch replaces these overrides by
introducing curl-namespaced macros that map either to the system symbols
or to their curl debug wrappers in `CURLDEBUG` (TrackMemory) builds.

This follows a patch that implemented the same for `accept()`.

The old method required tricks to make these redefines work in unity
builds, and avoid them interfering with system headers. These tricks
did not work for system symbols implemented as macros.

The new method allows to setup these mappings once, without interfering
with system headers, upstream macros, or unity builds. It makes builds
more robust.

Also:
- checksrc: ban all mapped functions.
- docs/examples: tidy up checksrc rules.

Follow-up to 9863599d69 #18502
Follow-up to 3bb5e58c10 #17827

Closes #18503
2025-09-20 13:44:59 +02:00
Viktor Szakats
92f215fea1
build: address some -Weverything warnings, update picky warnings
`-Weverything` is not enabled by curl, and not recommended by LLVM,
because it may enable experimental options, and will result in new
fallouts after toolchain upgrades. This patch aims to fix/silence as much
as possible as found with llvm/clang 21.1.0. It also permanently enables
warnings that were fixed in source and deemed manageable in the future.
`-Wformat` warnings are addressed separately via #18343.

Fix/silence warnings in the source:
- typecheck-gcc.h: fix `-Wreserved-identifier`.
- lib: silence `-Wcast-function-type-strict`.
  For llvm 16+ or Apple clang 16+.
- asyn-ares: limit `HAPPY_EYEBALLS_DNS_TIMEOUT` to old c-ares versions.
- curl_trc: fix `-Wc++-hidden-decl`.
- doh: fix `-Wc++-keyword`.
- ftp: fix `-Wreserved-identifier`.
- ldap: fix `-Wreserved-identifier`.
- mqtt: comment unused macro to avoid warning.
- multi_ev: drop unused macros to avoid warnings.
- setopt: fix useless `break;` after `return;`.
- gtls, mbedtls, rustls: silence `-Wconditional-uninitialized`.
- socks_sspi, schannel, x509asn1: fix `-Wimplicit-int-enum-cast`.
- x509asn1: fix `-Wc++-keyword`.
- openssl: scope `OSSL_UI_METHOD_CAST` to avoid unused macro warning.
- libssh2, wolfssl: drop unused macros.
- curl_ngtcp2, curl_quiche, httpsrr, urlapi: drop/limit unused macros.
- tool_getparam: fix useless `break;` after `return;` or `break;`.
  Not normally enabled because it doesn't work with unity.
  https://github.com/llvm/llvm-project/issues/71046
- tool_operate: fix `-Wc++-keyword`.
- curlinfo: fix a `-Wunsafe-buffer-usage`.
- tests: silence `-Wformat-non-iso`.
- lib557: fix `-Wreserved-identifier`.
- lib1565: silence `-Wconditional-uninitialized`.

Enable the above clang warnings permanently in picky mode:
- `-Wc++-hidden-decl`
- `-Wc++-keyword` (except for Windows, where it collides with `wchar_t`)
- `-Wcast-function-type-strict`
- `-Wcast-function-type`
- `-Wconditional-uninitialized`
- `-Wformat-non-iso` (except for clang-cl)
- `-Wreserved-identifier`
- `-Wtentative-definition-compat`

Silence problematic `-Weverything` warnings globally (in picky mode):
- `-Wused-but-marked-unused` (88000+ hits) and
  `-Wdisabled-macro-expansion` (2600+ hits).
  Triggered by `typecheck-gcc.h` when building with clang 14+.
  Maybe there exists a way to fix within that header?
  Ref: https://discourse.llvm.org/t/removing-wused-but-marked-unused/55310
- `-Wunsafe-buffer-usage`. clang 16+. 7000+ hits.
  May be useful in theory, but such high volume of hits makes it
  impractical to review and possibly address. Meant for C++.
  Ref: https://clang.llvm.org/docs/SafeBuffers.html
  Ref: https://stackoverflow.com/questions/77017567/how-to-fix-code-to-avoid-warning-wunsafe-buffer-usage
  Ref: https://discourse.llvm.org/t/rfc-c-buffer-hardening/65734
  Ref: https://github.com/llvm/llvm-project/pull/111624
- `-Wimplicit-void-ptr-cast`. clang 21+. 1700+ hits.
  C++ warning, deemed pure noise.
  Ref: https://github.com/curl/curl/issues/18470#issuecomment-3253506266
- `-Wswitch-default` (180+ hits), `-Wswitch-enum` (190+ hits),
  `-Wcovered-switch-default` (20+ hits).
  Next to impossible to fix cleanly, esp. when the covered `case`
  branches depend on compile-time options.
- `-Wdocumentation-unknown-command` (8+ hits).
  Triggered in a few sources. Seems arbitrary and bogus.
- `-Wpadded` (550+ hits).
- `-Wc++-keyword` on Windows, where it collides with `wchar_t`.
  (100+ hits)
  Ref: https://github.com/llvm/llvm-project/issues/155988
- `-Wreserved-macro-identifier`. clang 13+. 5+ hits.
  Sometimes it's necessary to set external macros that use
  the reserved namespace. E.g. `_CRT_NONSTDC_NO_DEPRECATE`,
  `__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__`, `__NO_NET_API`,
  possibly `_REENTRANT`, and more.
  It's not worth trying to silence them individually.
- `-Wnonportable-system-include-path` with `clang-cl`.
  It'd be broken by doing what the warning suggests.
- `-Wformat-non-iso` for clang-cl.

CMake `PICKY_COMPILER=ON` (the default) or `./configure`
`--enable-warnings` (not the default) is required to enable these
silencing rules.

Also:
- autotools, cmake: fix Apple clang and mainline llvm version translations.
  Ref: https://en.wikipedia.org/wiki/Xcode#Toolchain_versions
- autotools, cmake: enable `-Warray-compare` for clang 20+.
  Follow-up to 4b7accda5a #17196
- cmake: fix to enable `-Wmissing-variable-declarations` at an earlier
  clang version.
- cmake: update internal logic to handle warning options with `+` in
  them.
- cmake: fix internal logic to match the whole option when looking
  into `CMAKE_C_FLAGS` for custom-disabled warnings.

Follow-up to b85cb8cb4e #18485

Closes #18477
2025-09-20 10:16:15 +02:00
Stefan Eissing
0f08211330
cfilter: unlink and discard
Rewrite the code that removes a filter from the connection and discards
it. Always look at the connection, otherwise it will not work of the
filter is at the top of the chain.

Change QUIC filter setup code to always tear down the chain in
construction when an error occured.

HTTP proxy, do not remove the h1/h2 sub filter on close. Leave it to be
discarded with the connection. Avoids keeping an additional pointer that
might become dangling.

Triggered by a reported on a code bug in discard method.

Reported-by: Joshua Rogers
Closes #18596
2025-09-18 12:20:26 +02:00
Viktor Szakats
a4196e2249
tidy-up: whitespace
Closes #18553
2025-09-15 15:00:11 +02:00
Stefan Eissing
115fe808f2
ngtcp2: check error code on connect failure
Access the error codes of ngtcp2 when a connect attempt failes. Trace
the information for analysis. Treat errors as permanent failure by
default, trigger retrying only when the server refused without
indicating an error.

Closes #18521
2025-09-11 16:00:58 +02:00
Ethan Everett
f4758cd524
quic: ignore EMSGSIZE on receive
Some OSes (Linux, macOS, more?) will generate an EMSGSIZE socket error
on the next recv all after receiving an ICMP Packet Too Big on an
unconnected UDP socket.

These can be safely ignored as QUIC's DPLPMTUD uses MTU probes that do
not rely on receiving ICMP packets.

Closes #18505
2025-09-10 11:51:25 +02:00
Stefan Eissing
e3c06ccc66
vquic: replace assert
Replace the hard assert in case not all data is send on UDP
(which should never happen), with an error return.

Closes #18495
2025-09-08 16:05:27 +02:00
XCas13
21c288902d
ngtcp2: handshake timeout should be equal to --connect-timeout
Default timeout is hardcoded (10 seconds) and doesn't respect
--connect-timeout parameter. In some cases 10 seconds can be not enough
or too long to "establish a connection". Moreover the non-working
--connect-timeout parameter for http3 is confusing. This change makes
the handshake timeout equal to --connect-timeout, if it's set.
Discussion is here https://github.com/curl/curl/discussions/18427

Closes #18431
2025-08-29 15:59:06 +02:00
Viktor Szakats
80c10c5d5d
openssl: remove legacy cruft, document macro guards
- assume:
  - `BIO_CTRL_EOF`
  - `SSL_CTRL_SET_MSG_CALLBACK`
  - `SSL_CTRL_SET_MSG_CALLBACK`
  - `SSL_CTRL_SET_TLSEXT_HOSTNAME`
  - `SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER`
  - `SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS`
  - `SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG`
  - `SSL_OP_NO_COMPRESSION`
  - `SSL_OP_NO_TICKET`
  - `X509_V_FLAG_PARTIAL_CHAIN`
  - `X509_V_FLAG_TRUSTED_FIRST`
  They are present in all supported OpenSSL (and fork) versions.

- replace `SSL_ERROR_WANT_EARLY` with `SSL_ERROR_WANT_CLIENT_HELLO_CB`.
  The former appeared in OpenSSL 1.1.1-dev, but renamed before
  the stable release.

- document support for macros:
  - `ENGINE_CTRL_GET_CMD_FROM_NAME`
  - `SSL_ERROR_WANT_ASYNC_JOB`
  - `SSL_ERROR_WANT_ASYNC`
  - `SSL2_VERSION_MAJOR`
  - `TLS1_3_VERSION`

- drop legacy fallback for `CONF_MFLAGS_DEFAULT_SECTION`.
  It was there for OpenSSL 0.9.8 support.

- fix `SSL_CTRL_SET_MSG_CALLBACK` accidentally serving as a guard for
  OpenSSL (and forks) as a whole.

Tested OK with OpenSSL 1.0.2 and 1.1.0 in CI.

Closes #18351
2025-08-22 15:53:45 +02:00
Karthik Das
8cef6b5e6e
vquic: add header for native-QUIC OpenSSL, non-unity builds
Follow-up to 7dafe10db2 #18196
Fixes #18320
Closes #18321
2025-08-20 11:31:04 +02:00
Daniel Stenberg
27e61f9767
vquic: change some curl_ prefixes
curl_ and Curl_ are reserved prefixes with special meaning so avoid
using them for file private symbols.

Follow-up to 7dafe10
Closes #18324
2025-08-20 11:01:21 +02:00
David Zhuang
7dafe10db2
ngtcp2: use custom mem funcs
Pass curl's memory functions to the nghttp3 and ngtcp2 functions that
allow them. This allows custom memory functions passed by the curl user
to be used in nghttp3 and ngtcp2.

Closes #18196
2025-08-18 13:25:52 +02:00
Karthik Das
d79269166e
curl_quiche.c: add include
Fixes #18211
Closes #18212
2025-08-07 09:54:09 +02:00
Stefan Eissing
41fe621ae1
vtls: set seen http version on successful ALPN
When a HTTP version has been negotiated via ALPN, set the member
`conn->httpversion_seen` accordingly. This allows pending transfers to
reuse multiplexed http connections before the response to the first
transfer has arrived.

Fixes #18177
Reported-by: IoannisGS on github
Closes #18181
2025-08-05 16:01:39 +02:00
David Zhuang
60587049f7
vquic: use curl_getenv
getenv isn't defined on all platforms, which prevents vquic from
building. I specifically ran into this issue building on PlayStation.

Closes #18170
2025-08-05 13:12:00 +02:00
Stefan Eissing
5b80b4c012
lib: replace getsock() logic with pollsets
`getsock()` calls operated on a global limit that could
not be configure beyond 16 sockets. This is no longer adequate
with the new happy eyeballing strategy.

Instead, do the following:
- make `struct easy_pollset` dynamic. Starting with
  a minimal room for two sockets, the very common case,
  allow it to grow on demand.
- replace all protocol handler getsock() calls with pollsets
  and a CURLcode to return failures
- add CURLcode return for all connection filter `adjust_pollset()`
  callbacks, since they too can now fail.
- use appropriately in multi.c and multi_ev.c
- fix unit2600 to trigger pollset growth

Closes #18164
2025-08-04 23:43:13 +02:00
Stefan Eissing
7f5ad2028d
pytest: test very long urls
test_02_36 tests h1/h2/h3 with urls longer than 1/16/32/64K.

Protocols behave the same until the size exceed 64k when h2 frame limits
bite and h3 exhibits a different http status.

Failed attempt to reproduce #18121
Closes #18129
2025-08-01 14:35:37 +02:00
Stefan Eissing
ba9ddb9357
tls: CURLINFO_TLS_SSL_PTR testing
Add tests of CURLINFO_TLS_SSL_PTR and its returned value in test client
'hx-download'. Use obtained pointer to look up the negotiated TLS
version.

Update manpage of CURLINFO_TLS_SSL_PTR to also describe the behaviour of
wolfSSL similar to OpenSSL. Fix the wolfSSl implementation for TCP to
behave like that. Update the QUIC queries.

Fix rustls `get_internals()` to return the rustls_connection* and not
the address of the pointer.

Assisted-by: Viktor Szakats
Closes #18066
2025-08-01 09:37:36 +02:00
Viktor Szakats
58e0ff809f
tidy-up: whitespace, indent, #if 0
Closes #18090
2025-07-30 03:46:21 +02:00
Stefan Eissing
21e885eb39
alpn: query filter
Add a connection filter query to obtained the negotiated ALPN
protocol to check in setup/protocols how the connection needs
to behave.

Remove the members `alpn` and `proxy_alpn` from `connectdata`.

Closes #17947
2025-07-28 14:04:31 +02:00
Viktor Szakats
89771d19d5
tidy-up: prefer ifdef/ifndef for single checks
Closes #18018
2025-07-27 22:35:17 +02:00
Daniel Stenberg
91138b014d
vquic: drop msh3
It has never been properly functional in curl while there are several
alternatives that are.

Closes #17729
2025-07-27 17:57:17 +02:00
Viktor Szakats
cb9b1a4c4e
curl_ossl: extend callback table for nghttp3 1.11.0
```
../../lib/vquic/curl_osslq.c:1091:1: error: missing initializer for field 'recv_origin' of 'nghttp3_callbacks' [-Werror=missing-field-initializers]
 1091 | };
      | ^
In file included from ../../lib/vquic/curl_osslq.c:33:
/home/runner/nghttp3/build/include/nghttp3/nghttp3.h:2082:23: note: 'recv_origin' declared here
 2082 |   nghttp3_recv_origin recv_origin;
      |                       ^~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/16527325587/job/46743893924?pr=18021#step:18:35

Follow-up to 1055144063 #18019

Closes #18026
2025-07-25 20:15:04 +02:00
Viktor Szakats
1055144063
curl_ngtcp2: extend callback tables for nghttp3 1.11.0 and ngtcp2 1.14.0
An emergency update to initialize callbacks to NULL.

May need further updates, e.g. to provide the recommended random
generator callback for nghttp3.

Fixing potential crashes at runtime in curl-for-win 8.15.0_3, and these
build warnings:
```
/home/appveyor/projects/curl-for-win/curl/lib/vquic/curl_ngtcp2.c:836:1:
warning: missing field 'begin_path_validation' initializer [-Wmissing-field-initializers]
  836 | };
      | ^
/home/appveyor/projects/curl-for-win/curl/lib/vquic/curl_ngtcp2.c:1186:1:
warning: missing field 'recv_origin' initializer [-Wmissing-field-initializers]
 1186 | };
      | ^
2 warnings generated.
```
Ref: https://ci.appveyor.com/project/curlorg/curl-for-win/builds/52462852#L14821

Also causing all `GHA/curl-for-win` jobs to fail:
https://github.com/curl/curl/actions/runs/16523625082?pr=18010

Ref: https://github.com/ngtcp2/nghttp3/releases/tag/v1.11.0
Ref: https://github.com/ngtcp2/ngtcp2/releases/tag/v1.14.0
Ref: ff788c81e4

Closes #18019
2025-07-25 17:39:58 +02:00
Viktor Szakats
c37e06c642
build: fix build errors/warnings in rare configurations
- vtls: fix unused variable and symbols.
- ftp: fix unused variable.
- http: fix unused variables.
- smtp: fix unsued variable.
- wolfssl: fix unused variable with !proxy.
- libssh: fix unused argument.
- curl_trc: sync guards between declaration and definition.
- curl_trc: add missing guard for `Curl_trc_ssls` when !verbose.
- curl_trc: fix errors with !http + http3.
- curl_trc: fix missing function with !http + nghttp2.
- cf-h2-proxy: disable when !http + nghttp2, to avoid calling undeclared
  functions.
- sha256: fix missing declaration in rare configs.
- md4: fix symbol conflict when building GnuTLS together with AWS-LC or
  wolfSSL. By prioritizing the latter two. AWS-LC has no option
  to disable the clashing symbol. wolfSSL does, but the most seamless is
  to skip including GnuTLS's standalone `md4.h` to avoid the clash.
- build: fix errors with !http + nghttp2.
- build: catch !ssl + ssls-export combination in source. Convert
  build-level errors to warnings.
- build: fix errors with !http + http3.
- build: fix building curl tool and unit1302 in rare combinations.
  By always compiling base64 curlx functions.

- cmake: add `_CURL_SKIP_BUILD_CERTS` internal option.
  To disable automatically building certs with the testdeps target.
  To improve performance when testing builds.
  (used locally to find the failing builds fixed in this PR.)

Closes #17962
2025-07-23 22:17:03 +02:00
Viktor Szakats
0260e8465a
GHA/checksrc: expand spellcheck, fix issues found
- codespell: break logic out into its own runnable script. Allowing
  to run it on local machines.
- codespell: install via `pip`, bump to latest version.
- codespell: show version number in CI log.
- codespell: drop no longer needed word exception: `msdos`.
- codespell: include all curl source tree, except `packages` and
  `winbuild`. Drop an obsolete file exclusion.
- add new spellchecker job using the `typos` tool. It includes
  the codespell dictionary and a couple more. Use linuxbrew to install
  it. This takes 10 seconds, while installing via `cargo` from source
  would take over a minute.
- codespell: introduce an inline ignore filter compatible with `cspell`
  Make `typos` recognize it, too. Move single exceptions inline.

Fix new typos found. Also rename variables and words to keep
spellchecking exceptions at minumum. This involves touching some tests.
Also switch base64 strings to `%b64[]` to avoid false positives.

Ref: https://github.com/crate-ci/typos/blob/master/docs/reference.md
Ref: https://github.com/codespell-project/codespell?tab=readme-ov-file#inline-ignore
Ref: https://github.com/codespell-project/codespell/issues/1212#issuecomment-1721152455
Ref: https://cspell.org/docs/Configuration/document-settings

Closes #17905
2025-07-21 16:09:01 +02:00
Stefan Eissing
a15a5f4d29
vquic-tls: fix SSL backend type for QUIC connections using gnutls
Fix the copy&paste error when querying ssl info for gnutls
on QUIC connections.

Reported-by: Harry Sintonen
Closes #17976
2025-07-20 23:10:15 +02:00
Stefan Eissing
3ad4b44073
openssl: some small cleanups
- rename Curl_oss_check_peer_cert() to Curl_ossl_check_peer_cert()
- leave altname match loop after the first success when the match
  was an ip address
- remove static subj_alt_hostcheck() since it did not really do much
- use length based infof() output of altname, even though it does
  seem always to be nul terminated

Closes #17940
2025-07-18 00:40:26 +02:00
Stefan Eissing
e9ae1bd404
connection: clarify transport
The `transport` to use for a transfer, e.g. TCP/QUIC/UNIX/UDP, is
initially selected by options and protocol used. This is set at the
`struct connectdata` as `transport` member.

During connection establishment, this transport may change due to
Alt-Svc or Happy-Eyeballing. Most common is the switch from TCP to QUIC.

Rename the connection member to `transport_wanted` and add a way to
query the connection for the transport in use via a new connection
filter query.

The filter query can also be used in the happy eyeballing attempts when
code needs to know which transport is used by the "filter below". This
happens in wolfssl initialization, as one example.

Closes #17923
2025-07-14 14:33:18 +02:00
Stefan Eissing
674ad27f77
http/3: report handshake with version and cipher as for TCP connections
Make reporting into separate functions, to be called from QUIC handshakes
as well.

Closes #17922
2025-07-14 14:08:32 +02:00
Patrick Stoeckle
86f43af951
misc: fix typos
Just fixing some typos using: https://github.com/crate-ci/typos

Closes #17904
2025-07-12 08:59:44 +02:00
Viktor Szakats
8eab2b7086
tidy-up: whitespace
Cherry-picked from #17877
Cherry-picked from #17876

Closes #17896
2025-07-11 13:32:54 +02:00
Stefan Eissing
695eee432f
h3: fix query of concurrent streams
Queries gave wrong value or ran into NULL pointers when called at
times when connection filter was not fully initialized.

Closes #17886
2025-07-10 17:29:54 +02:00
Karthik Dasari
454395ba1e
curl_osslq: fix missing include of url.h
Follow-up to 4ccf3a31f5 #17783
Follow-up to b270fec68d #17858
Ref: #17857
Closes #17864
2025-07-08 19:58:21 +02:00
Stefan Eissing
b270fec68d
quiche: fix missing include of url.h
Reported-by: Karthik Dasari
Fixes #17857
Closes #17858
2025-07-08 11:07:39 +02:00
Stefan Eissing
4ccf3a31f5
ngtcp2: fix coverity warning about result handling
Closes #17783
2025-07-07 08:58:46 +02:00
Stefan Eissing
2db8ae480f
quic: implement CURLINFO_TLS_SSL_PTR
Replace the old Curl_ssl_get_internals() with a new connection filter
query to retrieve the information. Implement that filter query for TCP
and QUIC TLS filter types.

Add tests in client tls_session_reuse to use the info option and check
that pointers are returned.

Reported-by: Larry Campbell
Fixes #17801
Closes #17809
2025-07-06 20:29:54 +02:00
Viktor Szakats
a3787f98ac
lib: drop two interim macros in favor of native libcurl API calls
Drop `strcasecompare` and `strncasecompare` in favor of libcurl API
calls `curl_strequal` and `curl_strnequal` respectively.

Also drop unnecessary `strcase.h` includes. Include `curl/curl.h`
instead where it wasn't included before.

Closes #17772
2025-06-30 18:38:56 +02:00
Stefan Eissing
21ecc7e376
cf-socket: make socket data_pending a nop
Eliminating the socket readability check in the socket connection
filters for the 'data_pending' callback. Improves performance of
handling of transfers, up to ~30%, depending on parallelism and response
size.

Whatever `data_pending()` once was, its semantics are now:
"Is there anything buffered in the connection filters that needs
 receive?"
Any checks of the socket's readability are done via `multi_wait()`
and friends.

Fix the one place in HTTP/1 proxy code that checked `data_pending()` and
did an early return if false. Remove that check and actually try to
receive data every time.

Closes #17785
2025-06-30 13:44:24 +02:00
Viktor Szakats
f9656445ba
checksrc: reduce exceptions, apply again to curlx
- tests/libtest: move exception to `stub_gssapi.h`.
- tests/libtest: move remaining exception to `testtrace.c`.
- tests/server: drop obsolete exception.
- docs/examples: move `BANNEDFUNC` exceptions to local files (3 lines).
- docs/examples: move `ERRNOVAR` exception to `ephiperfifo.c`.
- docs/examples: drop `typedef struct` (8 files).
- lib/curlx: add `.checksrc` with banned funcs copied from lib.
- checksrc: ban `strncpy`, `strtok_r`, `strtoul` by default.
  Drop local bans. Add exception for `strtoul` to `tests/server'.
- lib, src: sync banned funcs.

Also:
- REUSE: drop `stunnel.pem`, it no longer exists.
- docs/examples: formatting.
- docs/examples: simplify some `sizeof()`s.

Closes #17764
2025-06-27 17:33:35 +02:00
Stefan Eissing
d4983ffc13
bufq: change read/write signatures
Change the signature of `bufq` functions from

* `ssize_t Curl_bufq_*(..., CURLcode *err)` to
* `CURLcode Curl_bufq_*(..., size_t *pn)`

This allows us to write slightly less code and avoids the ssize_t/size_t
conversions in many cases. Also, it gets the function in line with all
the other send/recv signatures.

Added helper functions in `cfilters.h` for sending from/receving into
a bufq.

Fuzzer now fails to build due to these changes and its testing of
the bufq API.

Closes #17396
2025-06-27 14:16:21 +02:00
Stefan Eissing
70779199f3
cf: replace the method get_host with query
Connection filters had a method `get_host()` which had not really been
documented. Since then, the cf had the `query()` method added. Replace
the separate get_host with query.

Add `CF_QUERY_HOST_PORT` as query to connection filters to retrieve
which remote hostname and port the filter (or its sub-filter) is talking
to. The query is implemented by HTTP and SOCKS filters, all others pass
it through.

Add `Curl_conn_get_current_host()` to retrieve the remote host and port
for a connection. During connect, this will return the host the
connection is talking to right now. Before/After connect, this will
return `conn->host.name`.

This is used by SASL authentication.

Closes #17419
2025-06-21 17:20:44 +02:00
Stefan Eissing
779937f840
multi: add dirty bitset
Add a bitset `dirty` to the multi handle. The presence of a transfer int
he "dirty" set means: this transfer has something to do ASAP.

"dirty" is set by multiplexing protocols like HTTP/2 and 3 when
encountering response data for another transfer than the current one.
"dirty" is set by protocols that want to be called.

Implementation:

* just an additional `uint_bset` in the multi handle
* `Curl_multi_mark_dirty()` to add a transfer to the dirty set.
* `multi_runsingle()` clears the dirty bit of the transfer at
   start. Without new dirty marks, this empties the set after
   al dirty transfers have been run.
* `multi_timeout()` immediately gives the current time and
   timeout_ms == 0 when dirty transfers are present.
* multi_event: marks all transfers tracked for a socket as dirty.
  Then marks all expired transfers as dirty. Then it runs
  all dirty transfers.

With this mechanism:

* Most uses of `EXPIRE_RUN_NOW` are replaced by `Curl_multi_mark_dirty()`
* `Curl_multi_mark_dirty()` is cheaper than querying if a transfer is
  already dirty or set for timeout. There is no need to check, just do it.
* `data->state.select_bits` is eliminated. We need no longer to
  simulate a poll event to make a transfer run.

Closes #17662
2025-06-21 17:19:11 +02:00
Stefan Eissing
63381421f5
connection: eliminate member remote_addr
Used to be a pointer set (and cleared) by the socket connection filters
to a struct in their contexts. Instead, add a filter query method to
obtain the pointer when needed.

Closes #17385
2025-06-20 12:54:36 +02:00
Stefan Eissing
20c90ba298
lib: unify recv/send function signatures
cfilter/conn: change send/recv function signatures. Unify the
calling/return conventions in our send/receive handling.

Curl_conn_recv(), adjust pnread type

Parameter `pnread` was a `ssize_t *`, but `size_t *` is better since the
function returns any error in its `CURLcode` return value.

Closes #17546
2025-06-11 11:21:10 +02:00
John Bampton
217fd5b424
misc: fix spelling
Closes #17479
2025-05-29 10:21:05 +02:00
Stefan Eissing
e1f65937a9
pytest: add pinnedpubkey test cases
Add positive/negative test cases in pytest for pinned public keys.

Closes #17412
2025-05-21 22:45:42 +02:00
Stefan Eissing
a85f1df480
pytest tls: extend coverage
Add possibility to reload QUIC test server with another certificate. Add
tests for more coverage of handshakes.

Closes #17382
2025-05-19 13:30:02 +02:00
Stefan Eissing
d59d8530c6
ngtcp2: clarify ignoring of result
In shutdown, the result of a bufq_write() is intentionally ignored, but
it was not obvious why. Add a (void) cast to declare intent and a
comment explaining why.

Closes #17354
2025-05-15 11:10:02 +02:00