Give peers and `exportable` flag, set TRUE when sessions for this peer
should not be exported. This evalualtes if the peer uses confidential
information (like srp username/password), a client certificate OR if the
"ssl_peer_key" contains relative paths.
When SSL is configured with paths for relevant components, like CA trust
anchors, an attempt is made to make this path absolute. When that does
not work or the infrstructure is not available, the peer key is marked
as *local*.
Exporting sessions based on relative paths may lead to confusion when
later imported in another execution context.
Closes#16322
Curl's double linked list is proven code, but it comes with some
additional memory overhead. Since hash's internal list of elements needs
only forward traversals, it seems worthwhile to use a single linked list
internally.
This saves 3 pointers per entry plus 3 pointers per slot.
Closes#16351
Since the ISBLANK() and ISSPACE() macros check for specific matches,
there is no point in using while(*ptr && ISSPACE(*ptr)) etc, as the
'*ptr' check is then superfluous.
Closes#16363
- replace `add_compile_options()`, `add_definitions()` with directory
properties. To harmonize this across all scripts. The new commands are
verbose, but describe better how they work. The syntax is also closer
to setting target properties, helps grepping.
- prefer `CMAKE_INSTALL_PREFIX` over `--prefix` (in tests, CI).
- tidy up cmake invocations.
- formatting.
Closes#16238
Allow overriding the `IMPORT_LIB_SUFFIX` default with an empty value.
Also:
- add a fatal error if the implib and static lib filename are identical.
- clarify `IMPORT_LIB_SUFFIX` default value in the documentation.
Reported-by: RubisetCie on Github
Fixes#16324
Ref: 1199308dbc#11505Closes#16332
- Remove the workaround that disabled peer verification in DEBUGBUILDs
when CA certs were provided.
The workaround was part of a TODO that disabled verification in
DEBUGBUILDs with a CAfile/path because apparently there's no way to set
those options in msh3 and that caused some tests to fail. Instead the
tests should fail and this problem should not be covered up.
Ref: https://github.com/curl/curl/pull/16327#issuecomment-2661039423
Closes https://github.com/curl/curl/pull/16342
- add hex and octal parsers to the Curl_str_* family
- make curlx_strtoofft use these parsers
- remove all use of strtol() and strtoul() in library code
- generally use Curl_str_* more than strtoofft, for stricter parsing
- supports 64-bit universally, instead of 'long' which differs in size
between platforms
Extended the unit test 1664 to verify hex and octal parsing.
Closes#16336
Instead of strtoul() and strtol() calls.
Easier API with better integer overflow detection and built-in max check
that now comes automatic everywhere this is used.
Closes#16319
To reduce the number `-Wunused-macro` compiler warnings:
- delete unused macros.
- comment out unused macro that are part of a set.
- move macros into the scope they are used.
This may be useful to enable by default, but there are tricky cases that
I didn't manage to fix and paused the effort. E.g. internal features
checks in `openssl.c`. There is more, once those are fixed.
Closes#16279
Before this patch curl code was redefining `getaddrinfo` and
`freeaddrinfo` system symbols to plug in its debug wrappers. This was
causing pains to avoid applying the redefinitions to system headers
defining these functions, and to the local debug wrappers. Especially
in unity builds. It also required workarounds for systems where these
symbols are already macros.
Introduce curl-namespaced macros for these functions and use them.
This allows to drop all workarounds and makes it work in all envs,
local targets and unity/bundle combinations.
Also drop GHA/windows workaround and use the same unity batch across
all jobs. Follow-up to 29e4eda631#16272
Ref: #16272
Ref: 71cf0d1fca#14772
Ref: 3efba94f77#14765
Ref: f7d5f47059#14399Closes#16274
Seen in curl-for-win daily, building against libssh2 1.11.2_DEV:
```
curl-for-win/curl/lib/vssh/libssh2.c:2644:9: warning: 'libssh2_scp_send_ex' is deprecated:
since libssh2 1.2.6. Use libssh2_scp_send64() [-Wdeprecated-declarations]
2644 | SCP_SEND(sshc->ssh_session, sshp->path, data->set.new_file_perms,
```
Ref: https://github.com/curl/curl-for-win/actions/runs/13229370277/job/36924363438#step:3:5805
Follow-up to 553248f501#16199Closes#16291
Default curl unity builds make a single unit for each target. It means
all target sources are batched together and built in a single compiler
invocation. With multi-core CPUs this doesn't always result in the best
possible performance. This patch enables smaller batches for jobs where
this resulted in shorter build times. These jobs are Cygwin, MSYS2,
MinGW, running on the Windows runners.
Use batch of 30 (meaning 30 sources batched into units), and 32 for
Cygwin/MSYS2 to avoid a unity fallout that's subject to a different PR.
(CMake allows to set the number of sources per unit, not the number
of units, though the latter may be more practical to max out CPU cores.)
Also override to not batch the `curlu` target because batching lost
a little bit of time there, due to the already existing parallelism when
building the `testdeps` targets.
For jobs on the macOS and Linux runners jobs were already mostly single
digit or below teen seconds, and batching didn't improve on them
noticeably. On VM jobs, the virtual CPUs are limited, so I didn't
make a try. In AppVeyor and GHA vcpkg jobs (using msbuild), batching
didn't result in conclusive or any gains.
Build times in seconds (curl + testdeps):
Job | Before | After w curlu=0 | Gain
:--------------------| :-------------- | :-------------- | :---
cygwin, CM | 19 + 32 = 51 | 12 + 32 = 44 | 7
msys2, CM | 7 + 15 = 22 | 5 + 14 = 19 | 3
mingw gcc U, CM | 19 + 30 = 49 | 13 + 32 = 45 | 4
mingw ucrt, CM | 32 + 42 = 74 | 15 + 43 = 58 | 16
mingw clang, CM | 15 + 21 = 36 | 8 + 21 = 29 | 7
mingw uwp, CM | 30 + 40 = 70 | 14 + 40 = 54 | 16
mingw gcc, CM | 20 + 31 = 51 | 12 + 31 = 43 | 8
mingw x86, CM | 35 + 40 = 75 | 15 + 38 = 53 | 22
dl-mingw, CM 9.5.0 | 88 + 99 = 187 | 42 + 101 = 143 | 44
dl-mingw, CM 7.3.0 U | 24 + 32 = 56 | 17 + 35 = 52 | 4
Total | | | 131
Total gain per GHA/windows workflow runs: 2m11s
Runs:
Before: https://github.com/curl/curl/actions/runs/13220256084/job/36904342259
After: https://github.com/curl/curl/actions/runs/13220383702/job/36904602981https://github.com/curl/curl/actions/runs/13220613141/job/36905170104https://github.com/curl/curl/actions/runs/13222019443/job/36908358550
With curlu tweak: https://github.com/curl/curl/actions/runs/13222239255/job/36908782462
Ref: 116950a250#16265Closes#16272
LibreSSL headers emit this warning because we included `wincrypt.h`
before them. We have to include `wincrypt.h` before OpenSSL headers
to avoid symbol collisions when using other forks. LibreSSL 3.8.2+
offers a macro to silence its warnings to avoid this issue. This patch
sets it.
This allows to stop setting this macro in curl-for-win builds.
Warnings seen with MinGW with cmake non-unity (also unity batch=30):
```
[156/219] Building C object lib/CMakeFiles/libcurl_object.dir/vtls/openssl.c.obj
In file included from lib/vtls/openssl.h:35,
from lib/vtls/openssl.c:53:
dep/libressl-win-x64/include/openssl/ossl_typ.h:90:2: warning: #warning overriding WinCrypt defines [-Wcpp]
90 | #warning overriding WinCrypt defines
| ^~~~~~~
In file included from dep/libressl-win-x64/include/openssl/pem.h:71,
from dep/libressl-win-x64/include/openssl/ssl.h:151,
from lib/vtls/openssl.h:36:
dep/libressl-win-x64/include/openssl/x509.h:108:2: warning: #warning overriding WinCrypt defines [-Wcpp]
108 | #warning overriding WinCrypt defines
| ^~~~~~~
In file included from dep/libressl-win-x64/include/openssl/x509.h:319:
dep/libressl-win-x64/include/openssl/pkcs7.h:77:2: warning: #warning overriding WinCrypt defines [-Wcpp]
77 | #warning overriding WinCrypt defines
| ^~~~~~~
```
Ref: https://github.com/libressl/portable/issues/910
Ref: https://github.com/libressl/portable/pull/924
Ref: e7fe6caab2
Ref: 760ccfcc91Closes#16273
When the c-ares setup fails and we get a NULL channel, the resolve still
continues and we just need to survive it and just not get any HTTPS RR.
Reported-by: nono303 on github
Fixes#16216Closes#16244
Keeping the relevant 'ssl_scache' in 'data->state' leads to problems
when the owner of the cache is cleaned up and this reference is left
dangling.
Remove the ref entirely and always find the ssl_scache at the current
share or multi.
Folded in #16260 (test 3208) to verify this fixes the bug with a
dangling reference when an easy handle is used with easy_perform first
and in a multi_perform after.
Ref: #16236Closes#16261
Some of the 'goto fail' situations could happen without having
initialized the local variables referenced in the error code flow.
Reported-by: Marcel Raad
Fixes#16246Closes#16251
The eventfd manpage says:
A write(2) fails with the error EINVAL if the size of the supplied
buffer is less than 8 bytes
When doing x32 on a 64-bit system, pointers are still four bytes so this
code must not use the size of a pointer but the size of a 64-bit type.
Fixes#16237
Reported-by: Jan Engelhardt
Closes#16239
