For general readability. Also to match the rest of the source code.
- `SOCKADDR` -> `struct sockaddr`
- `SOCKADDR_IN` -> `struct sockaddr_in`
- `== SOCKET_ERROR` -> `== -1` or silent `!= 0`
Follow-up to 9a2663322c#17572Closes#20452
OpenSSL records its peer verification status inside its SSL_SESSION
objects. When a session is later reused, the SSL connection inherits
this verify status.
Session keys prevent reuse of sessions between connections that verify
the peer and those who do not. However, when Apple SecTrust is used
to verify a connection, this does not update the Sessions verify
status (and there is no setter). On session reuse, OpenSSL fails
the verification and Apple SecTrust cannot verify either since the
certificate peer chain is not available.
Fix this by checking the verification status on session reuse and
remove the session again if the peer needs to be verified, but the
session is not.
Reported-by: Christian Schmitza
Fixes#20435Closes#20446
... between curl_multi_perform and curl_multi_wait/poll documentation
The `curl_multi_perform` documentation uses integer contextual
conversion to `bool` to test the resulting `CURLMcode`, while other
functions like `curl_multi_wait` and `curl_multi_poll` test against
`CURLM_OK`. (I was initially confused by this as it looked like some
docs call curl_multi_wait/poll on error, while some called only on
success. But that was my misread, not a docs problem.)
Also fixed the example to print which function call failed; previously
an error reported by `curl_multi_perform` was printed as a failure of
`curl_multi_wait`.
Closes#20444
To avoid noise due to local C files when using automatic local checksrc
checks (e.g. via CMake `-DCURL_LINT=ON` option, or `curl-lint` target).
Also replace single-quote with double-quote in external git command, for
portability.
Follow-up to 88ff396549#17882
Follow-up to e785e898a6#17376Closes#20439
GCC 15.2 warns when assigning computed "all" bitmask macros to 32-bit
flag types because negated masks expand to the full width of unsigned
long/long on 64-bit platforms.
Mask these macros to a 32-bit domain so they do not set high bits and
avoid -Woverflow/-Wconversion warnings in callers.
Reported-by: Patrick Monnerat
Fixes#20242Closes#20416
The -J / --remote-header-name logic now records the file name part used
in the redirects so that it can use the last one as a name if no
Content-Disposition header arrives.
Add tests to verify:
1641: -J with a redirect and extract the CD contents in the second
response
1642: -J with a redirect but no Content-Disposition, use the name from
the Location: header
1643: -J with two redirects, using the last file name and also use
queries and fragments to verify them stripped off
Closes#20430
For consistency.
Also:
- one remaining in `src/tool_writeout.c`.
- replace casting an `int` to `CURLcode`.
- lib758: rename `CURLMcode` `result` to `mresult`.
- move literals to the right side of if expressions.
Follow-up to d0dc6e2ec0#20426
Follow-up to 56f600ec23Closes#20432
Via options:
- `BROTLI_USE_STATIC_LIBS`
- `CARES_USE_STATIC_LIBS`
- `LIBSSH_USE_STATIC_LIBS`
- `LIBSSH2_USE_STATIC_LIBS`
- `MBEDTLS_USE_STATIC_LIBS`
- `NGHTTP2_USE_STATIC_LIBS`
- `NGHTTP3_USE_STATIC_LIBS`
- `NGTCP2_USE_STATIC_LIBS`
- `ZSTD_USE_STATIC_LIBS`
When enabled, make a "best effort" finding static libs first and set
the "build static" macro (on Windows) as required by the dependency.
When doing `pkg-config`-based detections, make curl select the static
configuration, which shall set the "build static" macro also.
These options resemble CMake's `OPENSSL_USE_STATIC_LIBS` and
`ZLIB_USE_STATIC_LIBS` (the latter does not support `pkg-config` as of
CMake v4.2.2).
Shared/static library selection based on loose filename conventions is
fragile and prone to break if the non-static-suffixed library is found
and happens to be a shared library, or, if the linker decides to pick up
a shared copy (e.g. `.a.dll`) that shadows the static one. It may help
to provide either static or shared, but not both, on the disk, and match
that with this setting.
Experimental.
Ref: #20013Closes#20015
To build all targets in a single go, meaning curl and libcurl as normal,
and tests and examples in addition. To build-test everything without
running multiple cmake commands.
Enable with:
- `-DCURL_BUILD_EVERYTHING=ON`
Special values: `QUICK` to build examples quickly for build test,
`NOEXAMPLES` to not build examples.
A well-equipped build takes 2.8s of configure time, and 1.7s to build
everything (shared, unity, ninja, prefill), 1.4s with `QUICK`. Without
this option it takes <1s to build curl/libcurl.
Also: streamline `CURL_LINT` internal logic.
Closes#20429
While working #16973, the binutils ld lib order workaround logic
regressed so that it modified the wrong target, writing into the system
`ZLIB::ZLIB` and `OpenSSL::Crypto` ones a `INTERFACE_LINK_LIBRARIES`
property, instead of creating CURL-namespaced targets. Oddly enough,
this also fixed the binutils ld lib ordering issue. It seems this
property makes CMake insert each referenced library in two more
positions (not at the very end though), which allows ld to resolve all
symbols in the cases tested in CI.
Fix by creating the indented namespaced targets, and also creating
these in `curl-config.cmake` to be available when consuming libcurl.
Note that the logic continues doing `get_target_property()` on the two
system targets above. If these targets are defined manually and miss
the `LOCATION` propery, or are defined as aliases, this command may
fail. curl expects these targets be created by CMake's `FindZLIB` and
`FindOpenSSL` built-in Find modules (or ones compatible). Ref: #20419
The binutils ld issue is reproduced by these CI jobs:
- Linux gcc glibc (amd64, arm64)
- Windows gcc zlib-classic (x64)
Currently using this curl-for-win revision:
7d12669daf
Examples:
https://github.com/curl/curl/actions/runs/21332437230/job/61399234023?pr=20427https://github.com/curl/curl/actions/runs/21332437230/job/61399234033?pr=20427
Comparison of lib orders, as passed by CMake to the linker:
without workaround (possibly breaking binutils `ld`):
```diff
-framework [...]
libssl.dylib
libcrypto.dylib
libz.tbd
-lssh2 -lidn2
libldap.tbd
liblber.tbd
-lbrotlidec -lbrotlicommon -lzstd -lnghttp2 -lpsl -lrtmp
-lz
-lssl
-lcrypto
```
before this patch:
```diff
-framework [...]
libssl.dylib
libcrypto.dylib
libz.tbd
+libcrypto.dylib <== inserted via `INTERFACE_LINK_LIBRARIES`
+libz.tbd <== inserted via `INTERFACE_LINK_LIBRARIES`
-lssh2 -lidn2
libldap.tbd
liblber.tbd
+libcrypto.dylib <== inserted via `INTERFACE_LINK_LIBRARIES`
+ibz.tbd <== inserted via `INTERFACE_LINK_LIBRARIES`
-lbrotlidec -lbrotlicommon -lzstd -lnghttp2 -lpsl -lrtmp
-lz
-lssl
-lcrypto
```
after this patch:
```diff
-framework [...]
libssl.dylib
libcrypto.dylib
libz.tbd
-lssh2 -lidn2
libldap.tbd
liblber.tbd
-lbrotlidec -lbrotlicommon -lzstd -lnghttp2 -lpsl -lrtmp
-lz
-lssl
-lcrypto
+libcrypto.dylib <== inserted via `CURL::OpenSSL_Crypto`
+libz.tbd <== inserted via `CURL::ZLIB`
```
Bug: https://github.com/curl/curl/pull/20382#discussion_r2716660108
Reverts: 615c43eae8
Follow-up to 16f073ef49#16973Closes#20427
And a few variables around.
There remain cases where the accepted pointer is const, yet the returned
pointer is written to.
Partly addressing (glibc 2.43):
```
* For ISO C23, the functions bsearch, memchr, strchr, strpbrk, strrchr,
strstr, wcschr, wcspbrk, wcsrchr, wcsstr and wmemchr that return
pointers into their input arrays now have definitions as macros that
return a pointer to a const-qualified type when the input argument is
a pointer to a const-qualified type.
```
Ref: https://lists.gnu.org/archive/html/info-gnu/2026-01/msg00005.html
Reported-by: Rudi Heitbaum
Ref: #20420Closes#20421
- set `CURL_DROP_UNUSED=ON` for Windows (MSVC) to make the analysis step
faster: 1m30s -> 1m15s
- enable `CURL_WERROR=ON` in all builds, to catch potential build issues
in addition to running CodeQL. To make these builds useful as regular
build tests too.
- add links to CodeQL Actions documentation.
- delete test data C files after checkout in an attempt to remove them
from CodeQL code coverage stats.
Closes#20418
- Use upper limit INT_MAX instead of UINT_MAX.
UINT_MAX doesn't work as the max value for the variable since it is
passed as a long and becomes -1 on platforms that have same sized
int and long, like Windows.
Closes https://github.com/curl/curl/pull/20414
Replace Chocolatey install with direct download and unpack. To reduce
CI dependencies (Chocolatey, NuGet), improve install performance
(10s -> 1s) and hopefully reliability. Last but not least to enable it
for the Cygwin CI job.
Caveats:
- Need to bump stunnel versions manually (2-3 times a year).
Renovate could likely do it, but I failed to understand its
documentation and miss tooling/interface to make tests.
- FIPS not enabled. (can be done if necessary)
- Possibly losing checksum verification (not sure if Chocolatey did it
automatically for this package.)
Also:
- Increase minimum tests by 100 for the Cygwin job.
Ref: #16819 (earlier attempt)
Ref: https://www.stunnel.org/archive/
Ref: https://www.githubstatus.com/incidents/cqb5hcy0gx18
Follow-up to d176f58a20#20413
Follow-up to 19b1e44660#20409Closes#20410
Fixing (Seen when enabling stunnel for Cygwin in CI):
```
=== Start of file https_stunnel.log
[ ] Initializing inetd mode configuration
[ ] Running on Windows 6.2
[...]
[.] Reading configuration from file /cygdrive/d/a/curl/curl/bld/tests/log/6/server/https_stunnel.conf
[!] Cannot open configuration file
```
Ref: https://github.com/curl/curl/actions/runs/21289677523/job/61279662459?pr=20410
Cherry-picked from #20410Closes#20413
Bump CMake version in CMake integration tests for better performance
(8x on macOS, 2-3x on Windows) and native arm64 binaries.
- bump old CMake in integration tests to v3.19.8 (was: v3.11.4)
- switch to native arm64 CMake binaries on macOS.
- switch Linux CMake integration job to arm64.
Speed gains:
- Linux: 2m -> 1m30s
- macOS: 9-10m -> 1m15s
- Windows: 6-7m -> 2m43s
Before:
https://github.com/curl/curl/actions/runs/21255697172https://github.com/curl/curl/actions/runs/21255020621
After:
https://github.com/curl/curl/actions/runs/21272021446
With this, CI is:
- no longer testing deprecated CMake versions.
Follow-up to a7c974e038#19902
- not testing the next (from 2026 April) minimum 3.18, but going for
3.19 instead. For arm64 binaries on both macOS and Linux. There is
no 3.18-specific CMake code in curl.
Cherry-picked from #20407Closes#20408
- drop leading indent from Markdown.
- switch to Markdown section markers where missing.
- move `&&` and `||` to the end of the line (C, Perl).
- openssl: add parenthesis to an if sub-expression.
- misc clang-format nits.
- unfold Markdown links.
- SSL-PROBLEMS.md: drop stray half code-fence.
Closes#20402
To avoid unnecessarily installing Intel C for any `<pkg>-intel` locally
built dependency.
Follow-up to ab8ccaed24#20392
Follow-up to d9fe60d457#20248Closes#20400
The CMake config can be consumed by project which enable only language
`CXX`. `CMAKE_C_COMPILER_ID` isn't defined in this case, and the target
definition would be missing. But the check for compiler id isn't really
needed: The target is namespaced and valid, regardless of actual
compiler.
Noticed in https://github.com/microsoft/vcpkg/issues/49518, building cpr.
Follow-up to 16f073ef49#16973Closes#20382
To enable known linker options dropping unused, dead, code and data from
the executables built.
Useful to reduce binary sizes for curl, libcurl shared lib and apps
linking static libcurl. It's effective on both "unity" and non-unity
builds. Aligning "unity" build sizes with default, non-unity ones.
Supported platforms: Apple, MSVC, llvm/clang and GCC on all tested
platforms: Linux, BSDs, Windows, MSYS2/Cygwin, Android, MS-DOS.
Notes:
- Static libraries grow 20-30% with non-Apple toolchains.
This effect is controlled by separate, optional compiler flags on
non-Apple. This patch enables them automatically for public binaries
(libcurl and curl tool), and leaves them off for internal/test ones.
- MSVC enables this option by default for 'Release' configurations.
The curl build option has no effect on it.
- Observed effect on VS2010 is negligible. VS2012+ is recommended.
- Works with LTO, Fil-C.
- No observed/conclusive effect on build speed.
- On Windows with clang/gcc (mingw-w64/MSYS2/Cygwin) it also enables
`-fno-asynchronous-unwind-tables` as a workaround to make
the toolchain options actually work.
Ref: https://sourceware.org/bugzilla/show_bug.cgi?id=11539
Thanks-to: Andarwinux
Also:
- GHA: enable in Linux and MinGW jobs to test it. Size changes:
- linux aws-lc H3:
curl: 2000000 -> 1937152, libcurl.a: 2065724 -> 2716532 bytes
- macos clang HTTP-only:
curl: 1364376 -> 128799 bytes, libcurl.a: unchanged
- macos llvm MultiSSL:
curl: 410056 -> 405720, libcurl.dylib: 1350336 -> 1348480 bytes
- mingw schannel c-ares U:
curl: 1588736 -> 1507328, libcurl-d.a: 3322040 -> 3884746 bytes
bld: 34 -> 35MB
- GHA: enable in MSVC and Apple jobs to reduce disk footprint, with no
obvious downside. Size changes:
- AppVeyor CI VS2019:
curl: 2339840 -> 1295872, libcurl-d.dll: 3155968 -> 1900544 bytes
bld: 161 -> 97MB
- AppVeyor CI VS2022 clang-cl:
curl: 2933248 -> 2332160, libcurl-d.lib: 4762688 -> 5511330 bytes
bld: 133 -> 121MB
- AppVeyor CI VS2022 HTTP-only:
curl: 3514368 -> 2177024, libcurl-d.lib: 2538420 -> 3151740 bytes
bld: 137 -> 83MB
- GHA intel:
curl: 2629120 -> 2023424, libcurl-d.lib: 4366652 -> 5350670 bytes
bld: 86 -> 69MB
- GHA arm64:
curl: 2832896 -> 2063872, libcurl-d.lib: 4690616 -> 5597250 bytes
bld: 82 -> 66MB
Refs:
https://maskray.me/blog/2021-02-28-linker-garbage-collectionhttps://web.archive.org/web/20110811230637/msdn.microsoft.com/en-us/library/bxwfs976.aspx (VS2010)
https://learn.microsoft.com/cpp/build/reference/opt-optimizationshttps://learn.microsoft.com/cpp/build/reference/gy-enable-function-level-linkingCloses#20357
When using a proxy, --header specified headers were leaking into CONNECT
requests. This could break corporate proxies that reject custom
User-Agent headers in CONNECT.
Enable CURLHEADER_SEPARATE only for HTTPS through proxy or when
--proxytunnel is used, ensuring:
- --header affects only HTTP requests (not CONNECT)
- --proxy-header affects only CONNECT requests
- --user-agent affects both consistently
Fixes the redirect + proxy + custom UA issue while maintaining
compatibility with HTTP proxy scenarios.
Closes#20398
MSVC does not advertise itself as C99 via `__STDC_VERSION__`, but
supports variadic macros in all curl-supported versions. Fix by
explicitly enabling C99 verbose string logic for MSVC.
With verbose logging enabled (default), this makes logging perform
better, on par with clang/gcc (and other C99) builds. (With the cost
of extra binary size.) With verbose logging disabled, it excludes all
verbose logging related strings and code from the binary. Before this
patch, MSVC used the C89 fallback code in both configs, which used
a fixed function call, with the called function deciding to actually
log or not, while also retaining the verbose log string in both configs.
Size comparison (bytes), schannel, static, debug, VS2022, local build:
curl-before-verbose.exe 4,024,832
curl-before-noverbose.exe 4,013,056
curl-after-verbose.exe 4,117,504
curl-after-noverbose.exe 3,928,064
In CI with non-verbose:
Before:
```
3274240 bytes: ./_bld/lib/Debug/libcurl-d.dll
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/53408629/job/htj7ps88q83ew9ww#L224
After:
```
3155968 bytes: ./_bld/lib/Debug/libcurl-d.dll
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/53408771/job/tp9epgjpef098vsr#L224
Idea-by: Arnav Purushotam
Ref: #20367
Ref: #20341
Follow-up to 61093e2a81#20353Closes#20387
Replace interim knobs with cmake options.
Also:
- use CMake env `CMAKE_GENERATOR` to select the generator.
(with workaround to make it work with CMake <3.15.)
- deduct some configuration from the job name.
- drop unused test runner logic.
- drop obsolete `BUILD_OPT` use.
- tidy-up job names and sync them with GHA ones.
- add newline between job configurations for readability.
Closes#20390
