Commit graph

80 commits

Author SHA1 Message Date
Viktor Szakats
8145476d5d
pytest: close file handles after use, and two minor tidy-ups
Also:
- drop two unreachable return statements.
- test_17_ssl_use: avoid implicit string concatenations in lists.

Reported by GitHub CodeQL

Closes #21916
2026-06-09 02:05:21 +02:00
Viktor Szakats
d229055549
tidy-up: miscellaneous
- drop more uses of the word "just". (not enforced here)
- drop some uses of the "will" word.
- "then" -> "than".
- tests/http/testenv/curl.py: fix copy-paste typo in error message.
- pytest: replace `shutdownh` with `shutdown` in test names.
  Spotted by GitHub Code Quality.
- comment typos.
- whitespace and newlines fixes.

Closes #21830
2026-06-01 22:33:57 +02:00
Viktor Szakats
9591ff123d
tidy-up: add space around operators, where missing
Closes #21793
2026-05-28 10:12:00 +02:00
Dan Fandrich
98e470b3a8 tests: alphabetize and group Python imports & add check
- De-duplicates, groups, and sorts imports based on the provided `isort` settings.
2026-04-08 10:28:05 -07:00
Stefan Eissing
065b149df0
OpenSSL: check reuse of sessions for verify status
OpenSSL records its peer verification status inside its SSL_SESSION
objects. When a session is later reused, the SSL connection inherits
this verify status.

Session keys prevent reuse of sessions between connections that verify
the peer and those who do not. However, when Apple SecTrust is used
to verify a connection, this does not update the Sessions verify
status (and there is no setter). On session reuse, OpenSSL fails
the verification and Apple SecTrust cannot verify either since the
certificate peer chain is not available.

Fix this by checking the verification status on session reuse and
remove the session again if the peer needs to be verified, but the
session is not.

Reported-by: Christian Schmitza
Fixes #20435
Closes #20446
2026-01-27 14:03:47 +01:00
Daniel Stenberg
6aaac9dd38
vquic: drop support for OpenSSL-QUIC
- It is slower and uses more memory than the alternatives and is only
  experimental in curl.
- We disable a few tests for OpenSSL-QUIC because of flakiness
- It gets little attention from OpenSSL and we have no expectation of the
  major flaws getting corrected anytime soon.
- No one has spoken up for keeping it
- curl users building with vanilla OpenSSL can still use QUIC through the
  means of ngtcp2

Closes #20226
2026-01-17 22:49:34 +01:00
Stefan Eissing
1a57302d1a
ratelimit: download finetune
When a download size is known and rate limiting is in effect, adjust the
duration of each measurement step and its rate for maximum precision.

Since it is unpredictable how long the last bytes of a download will
take, download speed can be thrown off if the "last bytes" are a
significant amount of the total download. Make the "last bytes" small in
comparision to the rest and "stretch" the rate limit intervals to
accommodate the difference.

Fix ngtcp2 receive data acknowldgements to be based on a local window
size tracking. This allows window updates controlled by rate limits.

Fix ratelimit wait time calculation to accomodate negative tokens.

h3 rate limit, update timeers

Make download rate limits work correctly in ngtcp2. Fix multi handling
of rate limits to set a timer for when limits will update again.

Without running the transfer on limit updates, protocols like h2/h3 may
stall if the server does not send due to stream windows being too small.

scorecard: measure download speedlimits

When running scorecard with --limit-rate=n, show the reported download
speed averages plus percentage deviation from the limit.

Closes #20228
2026-01-16 16:42:31 +01:00
Stefan Eissing
9cf4a400d2
pytest: improve stragglers
A fix for the tests that took the longest:
- test_05: make the server close the HTTP/1.1 connection when
  simulating an error during a download. This eliminates waiting
  for a keepalive timeout
- test_02: pause tests with slightly smaller documents, eliminate
  special setup for HTTP/2. We test stream window handling now
  elsewhere already
- cli_hx_download: run look in 500ms steps instead of 1sec, resuming
  paused tranfers earlier.

Closes #19809
2025-12-02 17:04:20 +01:00
Viktor Szakats
0081c5b126
pytest: disable two H3 earlydata tests for all platforms (was: macOS)
Follow-up to 692c7f133e #19252
Follow-up to eefd03c572 #18703

Ref: #19719
Ref: #19723

Fixes #19724
Closes #19730
2025-11-27 15:51:47 +01:00
Stefan Eissing
208a6aebf2
lib: timer stats improvements
* move the TIMER_POSTQUEUE to the time a connection is chosen,
  so that TIMER_NAMELOOKUP always happens afterwards
* client writer: do not trigger TIMER_STARTTRANSFER on CLIENTWRITE_INFO
  as ftp and other pingpong protocols write that before starting anything
  that is the tranfer itself
* Elimnating debug trancing of "closed stream/connection - bailing"
  as confusing, as connection is not really closed on most cases.
* Setting 'data->req.upload_done` correctly, so that no "abort upload"
  is happening at the end of a perfectly fine download.
* Adding test cases with up-/download of 0-length files.
* pytest: add a "timeline" of timer value checks to Resulst in curl.py,
  so that this can be used in several test cases, replacing the local
  stuff in test_16
* add timeline checks to ftp test cases

Closes #19269
2025-11-25 16:18:59 +01:00
Stefan Eissing
24b36fdd15
ratelimit: redesign
Description of how this works in `docs/internal/RATELIMITS.ms`.

Notable implementation changes:
- KEEP_SEND_PAUSE/KEEP_SEND_HOLD and KEEP_RECV_PAUSE/KEEP_RECV_HOLD
  no longer exist. Pausing is down via blocked the new rlimits.
- KEEP_SEND_TIMED no longer exists. Pausing "100-continue" transfers
  is done in the new `Curl_http_perform_pollset()` method.
- HTTP/2 rate limiting implemented via window updates. When
  transfer initiaiting connection has a ratelimit, adjust the
  initial window size
- HTTP/3 ngtcp2 rate limitin implemnented via ack updates
- HTTP/3 quiche does not seem to support this via its API
- the default progress-meter has been improved for accuracy
  in "current speed" results.

pytest speed tests have been improved.

Closes #19384
2025-11-24 23:34:05 +01:00
Viktor Szakats
a87383828e
badwords: fix issues found in tests
There remain some false positives, hits in test data, and `dir` use,
around 100 issues in total.

There is no plan to enforce badwords on tests.

Also:
- badwords.txt: let a few `manpage[s]` occurrences through
  (in Perl code).

Closes #19541
2025-11-17 13:30:35 +01:00
Stefan Eissing
217f0e4d59
pytest fixes and improvements
- fix test_17_20 flakiness: the test case did not have `nghttpx` in
  its parameters, causing it to no check if a reload was necessary.
  When that test ran behind one that gave nghttpx another certificate,
  eg. in parallel mode, it used the wrong pinned pubkey.
- Have `env` provide lists of HTTP protocol versions available for
  testing. Replace parameterized tests on a fixed protocol list with
  the dynamic one from env. This makes checks for protocol availability
  in the test function bodies superfluous.

refs #19489
Closes #19540
2025-11-17 08:02:52 +01:00
Viktor Szakats
b81d30ade3
pytest: fix conditions for test_02_28
- allow 02_28 to run in HTTP/1.1 without H2 support again.
  Follow-up to 3752de465d #19412

- fix to skip 02_28 for all protocols for curl without compression
  support (either zlib, brotli or ztsd).

Closes #19458
2025-11-10 23:30:20 +01:00
Viktor Szakats
3752de465d
pytest: skip H2 tests if feature missing from curl
To allow running pytests on more curl configurations.

Also delete a redundant H3 feature check from test_17_14_expired_cert.

Cherry-picked from #19407
Closes #19412
2025-11-08 22:40:24 +01:00
Stefan Eissing
692c7f133e
TLS: IP address verification, extend test
Change the test certificate to carry a altname 'dns:127.0.0.1' which
should *not* match in test_17_05_bad_ip_addr.

wolfSSL: since `wolfSSL_check_domain_name()` does not differentiate
between DNS and IP names, use if only for DNS names. For IP addresses,
get the peer certificate after the handshake and check that using
wolfSSL_X509_check_ip_asc().

Unfortunately, this succeeds where it should not, as wolfSSL internally
used the same check code for both cases. So, skip the test case until
wolfSSL fixes that.

Reported-by: Joshua Rogers
Closes #19252
2025-10-27 17:22:17 +01:00
Stefan Eissing
eefd03c572
ssl: support Apple SecTrust configurations
- configure/cmake support for enabling the option
- supported in OpenSSL and GnuTLS backends
- when configured, Apple SecTrust is the default trust store
  for peer verification. When one of the CURLOPT_* for adding
  certificates is used, that default does not apply.
- add documentation of build options and SSL use

Closes #18703
2025-10-03 12:02:23 +02:00
Viktor Szakats
34dc762cef
pytest: skip specific tests for no-verbose builds
Detect via curlinfo if curl has verbose strings disabled, and skip
tests that require it.

Also:
- cmake: make pytests depend on curlinfo.

Cherry-picked from #18797
Closes #18801
2025-10-02 10:41:46 +02:00
Stefan Eissing
ec4c559104
openssl: check SSL_write() length on retries
When an SSL_write() blocks we need to retry it with the
same length as before or stupid OpenSSL freaks out. Remember
it, limit any longer sends and fail shorter ones.

Fixes #18121
Reported-by: adamse on github
Closes #18132
2025-08-01 17:54:05 +02:00
Stefan Eissing
7f5ad2028d
pytest: test very long urls
test_02_36 tests h1/h2/h3 with urls longer than 1/16/32/64K.

Protocols behave the same until the size exceed 64k when h2 frame limits
bite and h3 exhibits a different http status.

Failed attempt to reproduce #18121
Closes #18129
2025-08-01 14:35:37 +02:00
Viktor Szakats
00887aee8c
tests: merge clients into libtests, drop duplicate code
libtests and clients were built the same way after recent overhauls.
libtests are used by runtests, clients by pytests.

Merge clients into libtests, aligning their entry function signature,
dropping common utility functions, and simplifying the build.

Note: After this patch `CURLDEBUG` applies to cli tests, when enabled.

Also:
- lib552: drop local copy-paste debug callback in favor of testtrace.
- lib552: drop local copy-paste dump function in favor of testtrace.
- clients: use `long` for HTTP version, drop casts.
- clients: replace local dump function in favor of testrace clone.
- sync cli test entry function prototype with libtests'.
- h2_serverpush: replace local trace callback with testtrace.
- de-duplicate 3 websocket close, ping, ping, functions. Kept the pong
  iteration from `ws_pingpong`. Note: the pong clone in `lib2304` was
  returning an error when `curl_ws_recv()` returned non-zero and
  the payload matched the expected one anyway. After this patch, this
  case returns success, as it does in `ws_pingpong`.
  `lib2304` keeps passing, but I'm not sure if the previous behavior
  was intentional.
- display full value in websocket close, ping, pong, drop casts.

Closes #18079
2025-07-30 02:38:13 +02:00
Stefan Eissing
8e1d817cb3
build: fix disable-verbose
Fix compile error when building with `--disable-verbose`.

Adjust pytest to skip when curl is not a debug build but needs
traces.

Follow-up to b453a447ce

Closes #18053
2025-07-28 11:18:07 +02:00
Daniel Stenberg
91138b014d
vquic: drop msh3
It has never been properly functional in curl while there are several
alternatives that are.

Closes #17729
2025-07-27 17:57:17 +02:00
Viktor Szakats
7c23e88d17
GHA/macos: enable QUIC API with OpenSSL
In one autotools and one cmake job.

Also:
- enable OpenSSL QUIC in two more jobs.
- pytest: add checks to skip h3 tests when there is no h3 server to
  tests 26, 27a, 27b, 27c, 29 in test_02_download. Fixing:
  ```
  FAILED tests/http/test_02_download.py::TestDownload::test_02_26_session_shared_reuse[h3] - AssertionError: expected exit code 0, got 1
  [...]
  ```
  Ref: https://github.com/curl/curl/actions/runs/16392680316/job/46320739635?pr=17973

Ref: https://github.com/Homebrew/homebrew-core/pull/230515
Ref: 6c8e3eed12

Closes #17973
2025-07-20 00:02:19 +02:00
Viktor Szakats
739c09c8a4
tests: bundle http clients, de-dupe, enable for MSVC
To make building the http client tests faster, with no duplication, by
using the build method that other test binaries already use.

The difference compared to other tests is that these don't use internal
libcurl headers or code. With the exception of `curl_config.h`, for
a feature macro.

Before this patch, these tests were built like examples.

Also:
- de-duplicate code and give unique names to colliding symbols.
- add local getopt implementation and enable all code for MSVC.
  Adapted for curl via Public Domain source:
  4e618ef782/getopt.h
  Credits-to: Christopher Wellons
  Thanks!

Closes #17627
2025-06-16 12:29:05 +02:00
Stefan Eissing
d9bebede59
pytest: adapt for runs with openssl-1.1.1
Fix use of nghttpx fixture to be present even when h3 is not
available in curl. Fix TLS protocol versions expectations for
older openssl versions.

Closes #17538
2025-06-05 13:52:29 +02:00
Viktor Szakats
42331cb48a
pytest: enable in 5 GHA jobs, fix fallouts
They take about 4.5 minutes of CI time in GHA/macos.

Also:
- autotools: improve `caddy`, `vsftpd` detection.
  Bringing it closer to cmake.
- autotools: fix `--with-test-caddy=no`, `--with-test-vsftps=no`,
  `--with-test-nghttpx=no` options.
- cmake: sync `nghttpx` default with autotools.
- pytest: disable failing mbedTLS tests on macOS CI.
- pytest: disable failing earlydata tests on macOS CI.
- GHA/macos: keep vsftpd pytests disabled due to lengthy run times.
- pytest: fix test_05_04 for LibreSSL. Ref: #17367
  Authored-by: Stefan Eissing

Remaining issues:
- some unidentified tests taking a long time with mbedTLS:
  `================= 462 passed, 278 skipped in 347.93s (0:05:47) =================`
  Ref: https://github.com/curl/curl/actions/runs/15073354301/job/42374999041#step:17:1536
  Workaround: not enabling pytest for mbedTLS jobs
- 17 FTP tests taking a long time (affecting all TLS backends):
  without vsftpd:
  `====================== 496 passed, 244 skipped in 56.15s =======================`
  Ref: https://github.com/curl/curl/actions/runs/15073354301/job/42374998230#step:17:1536
  with vsftpd:
  `================= 513 passed, 227 skipped in 409.37s (0:06:49) =================`
  Ref: https://github.com/curl/curl/actions/runs/15073678568/job/42376039672?pr=17362#step:17:1537
  Workaround: force-disable vsftpd.
- 100 tests failing with SecureTransport. Let's ignore that due to imminent deprecation.
  Ref: https://github.com/curl/curl/actions/runs/15055652333/job/42320873732#step:17:15362

Follow-up to 30ef79ed93 #17295
Follow-up to 9147903366 #16518

Closes #17362
2025-05-19 15:38:05 +02:00
Stefan Eissing
30ef79ed93
pytest-xdist: pytest in parallel
Require now pytest-xdist from tests/http/requirements.txt and
run pytest in 'auto' parallel mode (counts cpu cores).

For CI runs, set the worker count to 4, overriding the
core count of 2 exposed in the images.

- use Filelock to generate allocated ports at start for all
  workers and have subsequent workers just read the file and
  take the ports for their slot
- make httpd config clearing a function fixture so every test
  starts with a clean httpd config
- have fixture `configures_httpd` as parameter of test cases
  that configure httpd anyway, saving one reload
- add pytest-xdist and filelock to required pyhton modules
- add installs to ruff CI
- give live checks waiting for a server to start up longer time
- add fixtures to tests that rely on a server
- do not stop servers unnecessarily. failures may not start them
  properly again, leading to unexpected fails in whatever follows
- add a https: port to httpd that is *not* back by QUIC to allow
  failover tests without stopping the QUIC server

Closes #17295
2025-05-15 21:44:31 +02:00
Stefan Eissing
5fbd78eb2d
http2: fix stream window size after unpausing
When pausing a HTTP/2 transfer, the stream's local window size
is reduced to 0 to prevent the server from sending further data
which curl cannot write out to the application.

When unpausing again, the stream's window size was not correctly
increased again. The attempt to trigger a window update was
ignored by nghttp2, the server never received it and the transfer
stalled.

Add a debug feature to allow use of small window sizes which
reproduces this bug in test_02_21.

Fixes #16955
Closes #16960
2025-04-05 14:54:40 +02:00
Stefan Eissing
a95b291ec0
conncache: eliminate cpool's diconnect callback
The callback, provided from url.c did the work that the cshutdn
functionality also implemented. Remove it.

Change some DEBUGF(infof()) to CURL_TRC_M().

Closes #16810
2025-03-24 22:41:53 +01:00
Stefan Eissing
0d3b5937b3
OpenSSL/quictls: add support for TLSv1.3 early data
based on #16450

Adds support for TLSv1.3 early data for TCP and QUIC via ngtcp2.

Closes #16477
2025-03-03 09:27:04 +01:00
Stefan Eissing
edd573d980
wolfssl: tls early data support
Enable TLS Early Data for wolfSSL:

- merge WOLFSSL_CTX and WOLFSSL setup from ngtcp2 with the general
  implemenation in wolfssl.c
- enable for QUIC via ngtcp2
- give Curl_vquic_tls_init() a `struct alpn_spec` like used for the TCP
  case. Adapt gnutls and other users.
- enable pytest test cases for early data with wolfSSL

and while this messes up wolfssl.c anyway, do

- rename all struct/functions with prefix 'wolfssl_' to 'wssl_' to not
  pollute that name prefix
- rename `ctx/handle` to `ssl_ctx/ssl`, as used in openssl case

Closes #16167
2025-02-24 10:01:51 +01:00
Stefan Eissing
f78700814d
client writer: handle pause before deocding
Adds a "cw-pause" client writer in the PROTOCOL phase that buffers
output when the client paused the transfer. This prevents content
decoding from blowing the buffer in the "cw-out" writer.

Added test_02_35 that downloads 2 100MB gzip bombs in parallel and
pauses after 1MB of decoded 0's.

This is a solution to issue #16280, with some limitations:
- cw-out still needs buffering of its own, since it can be paused
  "in the middle" of a write that started with some KB of gzipped
  zeros and exploded into several MB of calls to cw-out.
- cw-pause will then start buffering on its own *after* the write
  that caused the pause. cw-pause has no buffer limits, but the
  data it buffers is still content-encoded.
  Protocols like http/1.1 stop receiving, h2/h3 have window sizes,
  so the cw-pause buffer should not grow out of control, at least
  for these protocols.
- the current limit on cw-out's buffer is ~75MB (for whatever
  historical reason). A potential content-encoding that blows 16KB
  (the common h2 chunk size) into > 75MB would still blow the buffer,
  making the transfer fail. A gzip of 0's makes 16KB into ~16MB, so
  that still works.

A better solution would be to allow CURLE_AGAIN handling in the client
writer chain and make all content encoders handle that. This would stop
explosion of encoding on a pause right away. But this is a large change
of the deocoder operations.

Reported-by: lf- on github
Fixes #16280
Closes #16296
2025-02-20 15:53:18 +01:00
Stefan Eissing
ef3d7877d5
pytest: remove 'repeat' parameter
With the use of the pytest-repeat plugin, this parameter is no
longer necessary.

Closes #16033
2025-01-17 14:03:30 +01:00
Stefan Eissing
bd3c027ac9
conncache: count shutdowns against host and max limits
Count connections to a host against a possibly configured destination
limit. Trigger multi `connchange` when a connection has been shutdown,
so pending transfers can try to get a connection once again.

Reported-by: baranyaib90 on github
Fixes #15857
Closes #15879
2025-01-06 23:10:23 +01:00
Stefan Eissing
68bd759c2b
QUIC: 0RTT for gnutls via CURLSSLOPT_EARLYDATA
When a QUIC TLS session announced early data support and
'CURLSSLOPT_EARLYDATA' is set for the transfer, send initial request and
body (up to the 128k we buffer) as 0RTT when curl is built with
ngtcp2+gnutls.

QUIC 0RTT needs not only the TLS session but the QUIC transport
paramters as well. Store those and the earlydata max value together with
the session in the cache.

Add test case for h3 use of this. Enable quic early data in nghttpx for
testing.

Closes #15667
2024-12-23 17:07:15 +01:00
Stefan Eissing
fa0ccd9f1f
lib: TLS session ticket caching reworked
Described in detail in internal doc TLS-SESSIONS.md

Main points:
- use a new `ssl_peer_key` for cache lookups by connection filters
- recognize differences between TLSv1.3 and other tickets
  * TLSv1.3 tickets are single-use, cache can hold several of them for a peer
  * TLSv1.2 are reused, keep only a single one per peer
- differentiate between ticket BLOB to store (that could be persisted) and object instances
- use put/take/return pattern for cache access
- remember TLS version, ALPN protocol, time received and lifetime of ticket
- auto-expire tickets after their lifetime

Closes #15774
2024-12-20 14:59:23 +01:00
Stefan Eissing
55968fd14b
pytest: add test for use of CURLMOPT_MAX_HOST_CONNECTIONS
Add test_02_33 to run with various values for the multi option
CURLMOPT_MAX_HOST_CONNECTIONS and CURLOPT_FRESH_CONNECT to trigger
connection pool limit handling code.

Closes #15494
2024-12-02 21:16:10 +01:00
Stefan Eissing
0d475da1c4
pytest: fix run against multissl curl
Changes to make a curl built with OpenSSL + GnuTLS to run successfully
in our pytests. Run

CURL_SSL_BACKEND=openssl pytest

to test a TLS backend other than the default.

Closes #15443
2024-10-29 11:13:56 +01:00
Stefan Eissing
8cb2d5f48a
quic: use the session cache with wolfSSL as well
Use session cache for QUIC when built with quictls or wolfSSL.

Add test_017_10 for verifying QUIC TLS session reuse when built with
quictls, gnutls or wolfssl.

Closes #15358
2024-10-24 14:55:23 +02:00
Stefan Eissing
358eae42a4
bearssl: improved session handling, test exceptions
Add length to session saves, making it clear that we are storing a byte
blob and allowing memcmp() on sameness check.

Remove some pytest skips for bearssl to see if they now work properly in
CI.

Closes #15395
2024-10-24 14:40:01 +02:00
Stefan Eissing
943df95ae7
CI: run with standard mod_http2
We used to include a special mod_h2 in our CI that supports the
directive H2MaxDataFrameLen for test_02_20. Since then, ubuntu-lastest
includes a more recent apache httpd. Let's see if we can live without
the special.

Closes #15353
2024-10-22 15:31:46 +02:00
Stefan Eissing
fe8399f066
gnutls: use session cache for QUIC
Add session reuse for QUIC transfers using GnuTLS. This does not include
support for TLS early data, yet.

Fix check of early data support in common GnuTLS init code to not access
the filter context, as the struct varies between TCP and QUIC
connections.

Closes #15265
2024-10-11 23:37:47 +02:00
Stefan Eissing
962097b8dd
TLS: TLSv1.3 earlydata support for curl
Based on #14135, implement TLSv1.3 earlydata support for the curl
command line, libcurl and its implementation in GnuTLS.

If a known TLS session announces early data support, and the feature is
enabled *and* it is not a "connect-only" transfer, delay the TLS
handshake until the first request is being sent.

- Add --tls-earldata as new boolean command line option for curl.
- Add CURLSSLOPT_EARLYDATA to libcurl to enable use of the feature.
- Add CURLINFO_EARLYDATA_SENT_T to libcurl, reporting the amount of
  bytes sent and accepted/rejected by the server.

Implementation details:
- store the ALPN protocol selected at the SSL session.
- When reusing the session and enabling earlydata, use exactly
  that ALPN protocol for negoptiation with the server. When the
  sessions ALPN does not match the connections ALPN, earlydata
  will not be enabled.
- Check that the server selected the correct ALPN protocol for
  an earlydata connect. If the server does not confirm or reports
  something different, the connect fails.
- HTTP/2: delay sending the initial SETTINGS frames during connect,
  if not connect-only.

Verification:
- add test_02_32 to verify earlydata GET with nghttpx.
- add test_07_70 to verify earlydata PUT with nghttpx.
- add support in 'hx-download', 'hx-upload' clients for the feature

Assisted-by: ad-chaos on github
Closes #15211
2024-10-11 12:28:22 +02:00
Dan Fandrich
0f7ba5c5bf tests: change Python code style to pass ruff checks
Most of the changes consisted of removing unused imports and unnecessary
f-strings.
2024-10-04 14:02:05 -07:00
Stefan Eissing
bef0acaf21
request: correctly reset the eos_sent flag
Add test cases

Bug: https://marc.info/?l=git&m=172620452502747&w=2
Reported-by: Patrick Steinhardt
Closes #14895
2024-09-13 13:28:10 +02:00
Stefan Eissing
4c744c3ee2
tests/http: add HTTP/2 Upgrade and prior knowledge tests
Adds test cases to check that plain http: with HTTP/2 works
via 'Upgrade: h2c' or --http2-prior-knowledge'.

Also added tests to check connection reused in these situations.

Closes #14694
2024-08-28 14:04:11 +02:00
Stefan Eissing
ea6f5c9f0f
connect: limit update IP info
Update IP related information at the connection and the transfer in two
places only: once the filter chain connects and when a transfer is added
to a connection. The latter only updates on reuse when the filters
already are connected.

The only user of that information before a full connect is the HAProxy
filter. Add cfilter CF_QUERY_IP_INFO query to let it find the
information from the filters "below".

This solves two issues with the previous version:
- updates where often done twice with the same info
- happy eyeballing filter "forks" could overwrite each others
  updates before the full winner was determined.

Closes #14699
2024-08-28 13:58:10 +02:00
Stefan Eissing
0ae3fadb7c
pytest: tweak counts
Lower some iteration counts for tests where they do not seem to add
value. Raise speed limits somewhat to shave off a second or two.

Closes #14689
2024-08-28 13:55:23 +02:00
Stefan Eissing
b102763c19
curl: fix --test-event --parallel
(in debug-builds)

Fix implementation in curl using libuv to process parallel transfers.
Add pytest capabilities to run test cases with --test-event.

- fix uv_timer handling to carry correct 'data' pointing to uv context.
- fix uv_loop handling to reap and add transfers when possible
- fix return code when a transfer errored

Closes #14413
2024-08-07 08:57:05 +02:00