The short descriptions describe the data each info retrieves. The info
itself does not 'get' the data.
This simplifies and shortens the descriptions and make them more
consistent.
Closes#19406
A regression in curl 8.17.0 led to a customer CAPATH set by the
application (or the curl command) to be ignored unless licurl was built
with a default CAPATH.
Add test cases using `--capath` on the custom pytest CA, generated with
the help of the openssl command when available.
Fixes#19401
Reported-by: Brad King
Closes#19308
Requirements for Fil-C:
- not to accidentally pick up system headers. E.g. from `/usr/include`
on Linux. It can happen when any dependency is auto-detected on this
header path. This makes Fil-C find the wrong system headers, which
in turn breaks the configuration step in subtle ways (with CMake) and
less subtle ways (autotools). Then CMake ends up running into an error
while compiling.
- build all dependencies with Fil-C too.
(this patch doesn't build any dependencies yet.)
- "unity" mode disabled. It should work, but needs a lot of memory and
slower than a standard compiler, or a Fil-C non-unity build.
- x86_64 Linux host platform when using the pre-built toolchain.
Observations on a minimal, static build made with no dependencies and
Fil-C 0.674 (based on clang 20.1.8).
- curl tool sizes:
- cmake, default, w/o -O: 30 MB (gcc 14.2.0: 1.7 MB)
- cmake, default, w/o -O, stripped: 29.6 MB (gcc: 1.4 MB)
- cmake, Release, -O3: 7.2 MB (gcc: 1 MB)
- cmake, Release, -O3, stripped: 6.8 MB (gcc: 0.93 MB)
- autotools, default, -O2: 7 MB
- libcurl.a size is 32 MB (cmake, default, w/o -O) (gcc: 2.7 MB)
- build times 3-3.5x longer (compared to system gcc 14.2.0):
- all runtests available pass OK.
- all pytests skipped due to missing features/dependencies.
- shared libcurl builds also work (cmake, default: 25 MB libcurl.so and
5.75 MB (5.6 stripped) curl tool)
- autotools works fine too, with dependencies disabled or set to avoid
`/usr/include`.
Closes#19391
On some platforms, socket descriptors may use types larger than int.
When these values exceed INT_MAX, conversion to int can truncate to
negative values causing RTMP connection failures, and even accidentally
affect other socket when high-value descriptors map to existing
lower-value sockets after integer conversion. This check ensures socket
values are within the safe range before passing them to the RTMP
library.
Closes#19399
Resumed TLS sessions skip OCSP stapled-response verification. Force a
full handshake so verifystatus() runs.
Follow-up to 4bfd7a9615
Pointed out by ZeroPath
Some internal functions always return CURLE_OK.
- Curl_http_proxy_get_destination() does that from bb4032a, (2 years
ago) And the original inline code does not need to check the status.
- Curl_wildcard_init() does that from e60fe20. (8 years ago)
- Curl_initinfo() does that from a very beginning.
- Curl_pgrsSetDownloadCounter() did not have a return before 914e49b,
ad051e1 recovered its content (2 years ago) but did not completely
recovered the changes related to it.
- auth_digest_get_qop_values() does that from 676de7f.
This directly changes their type to void and cleaned the remaining
checks for their return value.
Closes#19386
Instead of happily ignoring return codes.
Calls that allocate data, like duplicating strings, can fail because of
lack of memory which could then leave the option unset and curl would
unknowingly continue (if the memory shortage was momentary).
Closes#19385
When Curl_conn_cf_recv() returns error, the variable might not be
assigned and the tracing output may (harmlessly) use it uninitialized.
Also add a comment about the typecast from size_t to int being fine.
Pointed out by ZeroPath
Closes#19393
Both CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR would
previously return error on bad input but would wrongly still store and
keep the partial (unacceptable) result in the handle.
Closes#19389
curl is for transfers so disabling all protocols has to be a mistake.
Previously it would allow this to get set (even if curl_easy_setopt()
returns an error for it) and then let libcurl return error instead.
Updated 1474 accordingly.
Closes#19388
There is no more mixed-newline file in the repository after this patch.
Except for`.bat` and `.sln` files (4 in total), all files use LF
newlines.
Also:
- `spacecheck.pl`: drop mixed-EOL exception for test data.
- runtests: add option `-w` to check if test data has stray CR bytes in
them.
- build: enable the option above in test targets, except the CI-specific
one where `spacecheck.pl` does this job already.
- tested OK (with expected failures) in CI with stray CRs added.
- cmake: enable option `-a` for the `tests` target. To continue testing
after a failed test.
Follow-up to 63e9721b63#19313
Follow-up to 6cf3d7b1b1#19318
Follow-up to 4d2a05d3fe#19284Closes#19347
With `check_finished()` triggered by notifications now, the
`progress_meter()` was no longer called at regular intervals.
Move `progress_meter()` out of `check_finished()` into the perform loop
and event callbacks.
Closes#19383
Syncing behavior with `CURL_CA_BUNDLE` and autotools.
`/etc/ssl/certs` is empty by default on macOS systems, thus no likely
auto-detection finds something there.
Follow-up to eefd03c572#18703Closes#19380
With GnuTLS 3.8.0+ the build-time SRP feature detection always succeeds.
It's also disabled by default in these GnuTLS versions.
When using TLS-SRP without it being available in GnuTLS, report
the correct error code `CURLE_NOT_BUILT_IN`, replacing the out of memory
error reported before this patch.
Also add comments to autotools and cmake scripts about this feature
detection property.
Detecting it at build-time would need to run code which doesn't work
in cross-builds. Once curl requires 3.8.0 as minimum, the build-time
checks can be deleted.
```
# before:
curl: (27) gnutls_srp_allocate_client_cred() failed: An unimplemented or disabled feature has been requested.
# after:
curl: (4) GnuTLS: TLS-SRP support not built in: An unimplemented or disabled feature has been requested.
```
Ref: dab063fca2
Ref: a21e89edacCloses#19365
```
docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.md:86:16
docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.md:139:16
```
Also sync `CURL *` and result variable names with rest of docs.
Follow-up to 6d7e924e80#19375Closes#19379
It also does shellcheck on `run:` elements, overlapping with
the homegrown `shellcheck-ci.sh` with the same purpose. But it also does
more and perhaps could replace the script too, especially in curl
sub-repos.
Also:
- GHA/macos: delete potentially useful, but commented, and ultimately
unused, non-default Xcode-testing logic. It's causing unused matrix
exceptions, upsetting actionlint.
Ref: https://github.com/rhysd/actionlintCloses#19373
This commit does the following things:
1. Update the description of gtls_init()
2. In gtls_client_init(), check the invaild SSLVERSION at first. Note
that this part refactors the duplicate/incompatible checks and removes
the useless local variable `sni`.
3. Check the return value of gnutls_ocsp_resp_init(). Although the
original code is safe because gnutls_ocsp_resp_import() will check
the validity of `ocsp_resp`, it is better to catch the error in time
and record the proper message to output log.
Closes#19366
To add another, so far untested standalone toolchain variant to the mix.
This distro is a fairly compact, GCC mingw-w64.
Replacing an existing 15.0.1 snapshot toolchain build job.
Ref: https://github.com/skeeto/w64devkit/releasesCloses#19369
When GnuTLS is detected via pkg-config on a non-default path, e.g. with
Homebrew arm64 (`/opt/homebrew/`).
This was a regression from a commit made in this release cycle.
The Find module doesn't return an absolute path to the detected library
(as the former solution did), but a bare libname and a libpath. We thus
need to explicitly use the libpath while detecting a feature in GnuTLS
found this way. Syncing this with other dependencies.
Follow-up to 1966c86d71#19163Closes#19360
