- Treat HTTP response codes 522 and 524 as a transient error since
Cloudflare may use them instead of 504 to signal timeout.
For example here is a 522 error message from Cloudflare:
"The initial connection between Cloudflare's network and the origin web
server timed out. As a result, the web page can not be displayed."
Prior to this change the curl tool did not retry on HTTP response codes
522 and 524 when --retry was used.
Fixes https://github.com/curl/curl/discussions/16143
Closes https://github.com/curl/curl/pull/19011
When calling scorecard with --flame to produce a flamegraph, use
"perf" on linux platforms to do the measurements. Update the scorecard
documentation about it.
Closes#19058
- add `curl_global_init()` and `curl_global_cleanup()` where missing.
- check the result of `curl_global_init()` where missing.
- return the last curl error from `main()`.
- drop Win32-specific socket initialization in favor of `curl_global_init()`.
- rename some outliers to `res` for curl result code.
- fix cleanup in some error cases.
Inspired by Joshua's report on examples.
Closes#19053
To make it simpler to move them around, create and delete them without
syncing with `REUSE.toml`.
Also:
- checksrc: allow empty lines in `.checksrc`.
- comment on why curl printfs are disallowed in examples.
Closes#19024
In pop3_perform(), pop3->transfer was derived from the old
data->req.no_body. Then, pop3_perform_command() re-computed
data->req.no_body.
Now we instead call pop3_perform_command() first.
Reported-by: Joshua Rogers
Closes#19039
This allows users to put one of them in their .curlrc and still easily
use the other one at will in command lines.
The --no-* versions disable both of them.
Reported-by: Mitchell Blank Jr
Fixes#19029Closes#19034
The function service_connection() now passes in a reference to the
socket instead of by value since the sub function http_connect() might
close it and set *infdp = CURL_SOCKET_BAD. This would previously not be
detected when service_connection() returned and potentially cause a
double close of the socket.
Reported-by: Joshua Rogers
Closes#19031
If there is lingering letters left on the right side after the paths
have been parsed, they are syntactically incorrect so returning error is
the safe thing to do.
Reported-by: Harry Sintonen
Closes#19030
Protocol handlers not flagging PROTOPT_SSL that allow reuse of existing
SSL connections now need to carry the flag PROTOPT_SSL_REUSE.
Add PROTOPT_SSL_REUSE to imap, ldap, pop3, smtp and ftp.
Add tests the http: urls do not reuse https: connections and vice versa.
Reported-by: Sakthi SK
Fixes#19006Closes#19007
Although the protocol should only run on index 0, there was a mix of
looked up sockindex and using constant 0 in tls send/recv.
Reported-by: Joshua Rogers
Closes#19004
Both the c-ares documentation and the c-ares source code contradict the
previous comment (and mentions/contains no such restriction).
Ref: #19001Closes#19014
As this is in the tool shutdown the impact of it was nothing.
Also, move two global variables to local.
Follow-up to 9a2663322c
Reported-by: Joshua Rogers
Closes#18996
- include `windows.h` after `winsock2.h` via `curl/curl.h`.
- avoid `errno` for WinCE.
- avoid `_vscprintf` for WinCE.
Ref: 4535532ed3#18843
Follow-up to 0780de2625#18668Closes#19016
Use `CMAKE_SIZEOF_VOID_P` to fill the size of three types that differ
on 32 and 64-bit Windows: `curl_socket_t`, `size_t`, and on mingw-w64:
`ssize_t`.
`time_t` remains the only type needing detection at configuration time,
with MSVC or mingw-w64.
Ref: https://cmake.org/cmake/help/v4.1/variable/CMAKE_SIZEOF_VOID_P.htmlCloses#19013
Repeated calls to `Curl_async_is_resolved()` after a failure
returned OK and not the error that was the result of the resolve
fail.
Reported-by: Joshua Rogers
Closes#18999
When thread creation fails, the code uses `errno` to remember the cause.
But pthread_create() never sets errno and gives the error as return value.
Fix that by setting the return value into errno on failure.
Windows: I think the ifdef was the wrong way around. Also set a generic
Windows Error code on CE systems.
Reported-by: Joshua Rogers
Closes#18998
When reusing a connection, the `host` and `conn_to_host` hostname
structs are moved from the template connection onto the existing one.
There was a NULLing of a tempplate member missing in `conn_to_host`
which could then lead to a double free.
Make this struct move into a static function, doing the correct
thing for both `struct hostname` in a connection.
Reported-by: Joshua Rogers
Closes#18995
Fix edge cases around handling of pending send frames and encoding
frames with size_t/curl_off_t possible flowy things.
Reported-by: Joshua Rogers
Closes#18965
Check the result when converting the peer certificate chain
into gnutls internal x590 data structure for errors.
Reported-by: Joshua Rogers
Closes#18964
During the SOCKS connect phase, the `iobuf` is used to receive repsonses
from the server. If the server sends more bytes than expected, the code
discarded them silently.
Fix this by advancing the iobuf only with the length consumed.
Reported-by: Joshua Rogers
Closes#18938
GNU GSS offers `gss.h`; do not check for `gssapi.h`. `gssapi.h`
was originally published by Heimdal, and later MIT Kerberos also added it
for Heimdal compatibility.
Closes#18993
Previous minimum was: 1.2.4 (2002-02-28)
- assume `gssapi/gssapi.h` header for MIT Kerberos.
Drop logic detecting this header, and drop alternate logic including
a bare "gssapi.h". Bare `gssapi.h` is Heimdal-specific. MIT Kerberos
added support for it for Heimdal compatibility on 2006-11-09,
redirecting to `gssapi/gssapi.h`. MIT Kerberos supported the latter
header in the 1990s already.
Ref: 40e1a016f9 (2008-03-06)
Ref: d119352001 (2006-11-09)
- configure.ac: stop using `HAVE_GSSAPI_GSSAPI_H`.
Added in 2010 to support "ancient distros such as RHEL-3" where
`gssapi/gssapi_krb5.h` did not include `gssapi/gssapi.h`.
MIT Kerberos includes it since commit:
d9e959edfa (2003-03-06)
Released in 1.3 (2003-07-08).
Bump minimum required version to avoid this issue.
Reverts cca192e58f (2010-04-16)
Ref: https://web.mit.edu/kerberos/dist/historic.html
Ref: https://sources.debian.org/src/krb5/Closes#18992
The cmake build is running runtests with valgrind. The autotools one is
running scan-build.
Also:
- ignore two memleaks with GNU GSS detected by valgrind.
- add comment on support status of `GSS_C_DELEG_POLICY_FLAG`.
Closes#19008
It's a legacy MIT Kerberos header that's no longer used by curl since:
355bf01c82 (2015-01-09)
There were still mentions of it after this patch, when using versions
<1.2.3, but those versions aren't supported since:
9918541795 (2008-06-12)
This header remains in use by autotools and cmake to detect MIT Kerberos
(vs. Heimdal, which doesn't have it.)
Ref: https://github.com/curl/curl/pull/18978#issuecomment-3387414995Closes#18990
