Required for mingw-w64 5.x (and older) builds targeting a Windows 7+.
mingw-w64 6+ fixed `mprapi.h` (included indirectly via `iphlpapi.h`)
to include `wincrypt.h` for the missing types.
MSVC is not affected because SDK 7.1a (the oldest MS SDK curl supports),
`mprapi.h` does include `wincrypt.h`.
Make sure to include `wincrypt.h` before including `iphlpapi.h` as
a workaround. `wincrypt.h` is used unconditionally even though it's
not available in UWP. This is safe in this context, because we use
`iphlpapi.h` for `if_nametoindex`, which is not supported and used
in UWP builds.
This fixes auto-detection that missed detecting `if_nametoindex` in
the affected combination, and this build error in non-unity builds:
```
In file included from D:/my-cache/mingw32/i686-w64-mingw32/include/iprtrmib.h:9:0,
from D:/my-cache/mingw32/i686-w64-mingw32/include/iphlpapi.h:17,
from D:/a/curl/curl/lib/url.c:63:
D:/my-cache/mingw32/i686-w64-mingw32/include/mprapi.h:865:3: error: unknown type name 'CERT_NAME_BLOB'
CERT_NAME_BLOB *certificateNames;
^~~~~~~~~~~~~~
D:/my-cache/mingw32/i686-w64-mingw32/include/mprapi.h:887:3: error: unknown type name 'CRYPT_HASH_BLOB'
CRYPT_HASH_BLOB certBlob;
^~~~~~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/16497057672/job/46645264552?pr=18012#step:10:140
This combination is not normally tested in CI. It was caught in
the `dl-mingw, CM 6.4.0-i686 schannel !unity Win7` job while working
on another PR.
Follow-up to 0d71b18153#17413
Ref: #18009Closes#18012
- vtls: fix unused variable and symbols.
- ftp: fix unused variable.
- http: fix unused variables.
- smtp: fix unsued variable.
- wolfssl: fix unused variable with !proxy.
- libssh: fix unused argument.
- curl_trc: sync guards between declaration and definition.
- curl_trc: add missing guard for `Curl_trc_ssls` when !verbose.
- curl_trc: fix errors with !http + http3.
- curl_trc: fix missing function with !http + nghttp2.
- cf-h2-proxy: disable when !http + nghttp2, to avoid calling undeclared
functions.
- sha256: fix missing declaration in rare configs.
- md4: fix symbol conflict when building GnuTLS together with AWS-LC or
wolfSSL. By prioritizing the latter two. AWS-LC has no option
to disable the clashing symbol. wolfSSL does, but the most seamless is
to skip including GnuTLS's standalone `md4.h` to avoid the clash.
- build: fix errors with !http + nghttp2.
- build: catch !ssl + ssls-export combination in source. Convert
build-level errors to warnings.
- build: fix errors with !http + http3.
- build: fix building curl tool and unit1302 in rare combinations.
By always compiling base64 curlx functions.
- cmake: add `_CURL_SKIP_BUILD_CERTS` internal option.
To disable automatically building certs with the testdeps target.
To improve performance when testing builds.
(used locally to find the failing builds fixed in this PR.)
Closes#17962
Fixing:
```
In file included from lib/vtls/vtls.c:50:
In file included from lib/vtls/../urldata.h:314:
lib/vtls/../curl_sspi.h:41:10: fatal error: 'security.h' file not found
41 | #include <security.h>
| ^~~~~~~~~~~~
1 error generated.
lib/curl_sspi.h:41:10: fatal error: 'security.h' file not found
41 | #include <security.h>
| ^~~~~~~~~~~~
1 error generated.
```
Cherry-picked from #17988
- autotools: fix auto-detection on the Windows platform.
It was mis-detected when targeting Windows XP/2003 64-bit.
It was permanently undetected when building for Windows 32-bit.
```
lib/url.c: In function 'zonefrom_url':
lib/url.c:1802:18: error: implicit declaration of function 'if_nametoindex' [-Wimplicit-function-declaration]
1802 | scopeidx = if_nametoindex(zoneid);
| ^~~~~~~~~~~~~~
lib/url.c:1802:18: error: nested extern declaration of 'if_nametoindex' [-Werror=nested-externs]
```
Ref: https://github.com/curl/curl/actions/runs/16405598782/job/46351023138?pr=17982#step:10:29
Reported-by: LoRd_MuldeR
Fixes#17979
Without this patch the workaround for the 8.15.0 release is:
`export ac_cv_func_if_nametoindex=0` for Windows XP/2003 64-bit.
Background: Checking for the `if_nametoindex()` function via
`AC_CHECK_FUNCS()` (autotools) or `check_function_exists()` (cmake) do
not work on Windows, for two reasons:
- the function may be disabled at compile-time in Windows headers
when targeting old Windows versions (XP or WS2003 in curl context)
via `_WIN32_WINNT`. But it's always present in the system implib
`iphlpapi` where these checks are looking.
- for 32-bit Windows the function signature in the implib requires
a 4-byte argument, while these checks always use no arguments,
making them always fail.
- cmake: call `if_nametoindex` dynamically with mingw-w64 v1.0.
This mingw-w64 version lacks prototype and implib entry for it.
- cmake: add auto-detection for Windows and use as a fallback for
non-pre-fill cases.
- cmake: disable pre-fill with `_CURL_PREFILL=OFF`. (for testing)
- cmake: disable pre-fill for untested compilers. (i.e. non-MSVC,
non-mingw64)
- GHA/windows: make an autotools job build for Windows XP.
Follow-up to 0d71b18153#17413Closes#17982
Unconditionally enable _GNU_SOURCE when building on GNU/Hurd; this way
it is possible to properly use/rely on GNU extensions e.g. accept4(),
memrchr(), and the GNU strerror_r().
Closes#17975
Instead of CURL_WINDOWS_SSPI.
When running CMake on Windows with no additional parameters (ie default
build configuration), the generated project files do not include the
`secur32.lib` library in the linker settings. This is because
the relevant check was looking at `CURL_WINDOWS_SSPI` instead of
`USE_WINDOWS_SSPI`.
`USE_WINDOWS_SSPI` is enabled when building with SChannel (the default
on Windows), or if `CURL_WINDOWS_SSPI` is specified on the command line.
Follow-up to 0d71b18153#17413Closes#17728
Replace existing `mk-unity.pl` `--embed` workaround with running
`clang-tidy` manually on individual test source instead. This aligns
with how clang-tidy works and removes `mk-unity.pl` from the solution.
Also:
- mqttd: fix potentially uninitialized buffer by zero filling it.
```
tests/server/mqttd.c:484:41: error: The left operand of '<<' is a garbage value
[clang-analyzer-core.UndefinedBinaryOperatorResult,-warnings-as-errors]
484 | payload_len = (size_t)(buffer[10] << 8) | buffer[11];
| ^
[...]
tests/server/mqttd.c:606:45: error: The left operand of '<<' is a garbage value
[clang-analyzer-core.UndefinedBinaryOperatorResult,-warnings-as-errors]
606 | topiclen = (size_t)(buffer[1 + bytes] << 8) | buffer[2 + bytes];
| ^
```
- sockfilt: fix potential out-of-bound pointer:
```
tests/server/sockfilt.c:1128:33: error: The 2nd argument to 'send' is a buffer
with size 17010 but should be a buffer with size equal to or greater than
the value of the 3rd argument (which is 18446744073709551615)
[clang-analyzer-unix.StdCLibraryFunctions,-warnings-as-errors]
1128 | ssize_t bytes_written = swrite(sockfd, buffer, buffer_len);
| ^
```
- clang-tidy: suppress bogus `bzero()` warnings that happens
inside the notorious `FD_ZERO()` macros, on macOS.
Ref: https://github.com/curl/curl/pull/17680#issuecomment-2991730158Closes#17705
The c-ares header directory was added to the header path within `lib`,
as opposed to every other dependency which added them in the root
`CMakeLists.txt`. Such exception is no longer necessary. This patch
aligns c-ares header setup with the rest of dependencies. And also with
autotools, which also makes no exception here.
Cherry-picked from #17705
Cherry-picked from #16973Closes#17707
I added it just in case when removing enabled-by-default memdebug
from test servers. Apparently it broke after recent changes. It's
probably not a widely used feature and does not seem to be worth fixing.
It creates odd dependencies as the error message indicates:
```
[28/54] Building C object tests/server/CMakeFiles/servers.dir/__/__/lib/memdebug.c.obj
FAILED: tests/server/CMakeFiles/servers.dir/__/__/lib/memdebug.c.obj
[...]
lib/memdebug.c: In function 'curl_dbg_log':
lib/memdebug.c:465:12: error: implicit declaration of function 'mvsnprintf'; did you mean 'vsnprintf'? [-Wimplicit-function-declaration]
465 | nchars = mvsnprintf(buf, sizeof(buf), format, ap);
| ^~~~~~~~~~
| vsnprintf
lib/memdebug.c:465:12: warning: nested extern declaration of 'mvsnprintf' [-Wnested-externs]
```
This patch is dropping these build options:
- cmake: `ENABLE_SERVER_DEBUG`
- autotools: `--enable-server-debug` / `--disable-server-debug`
Follow-up to a16485a42e#16705Closes#17629
Both are available with well-known conditions, under non-Windows, and
`curl/curl.h` already uses them. `sys/time.h` is also necessary for
mingw-w64 for `gettimeofday()`.
Follow-up to 56d5982312#17522Closes#17581
Make test bundles the default. Drop non-bundle build mode.
Also do all the optimizations and tidy-ups this allows, simpler builds,
less bundle exceptions, streamlined build mechanics.
Also rework the init/deinit macro magic for unit tests. The new method
allows using unique init/deinit function names, and calling them with
arguments. This is in turn makes it possible to reduce the use of global
variables.
Note this drop existing build options `-DCURL_TEST_BUNDLES=` from cmake
and `--enable-test-bundles` / `--disable-test-bundles` from autotools.
Also:
- rename test entry functions to have unique names: `test_<testname>`
This removes the last exception that was handled in the generator.
- fix `make dist` to not miss test sources with test bundles enabled.
- sync and merge `tests/mk-bundle.pl` into `scripts/mk-unity.pl`.
- mk-unity.pl: add `--embed` option and use it when `CURL_CLANG_TIDY=ON`
to ensure that `clang-tidy` does not miss external test C sources.
(because `clang-tidy` ignores code that's #included.)
- tests/unit: drop no-op setup/stop functions.
- tests: reduce symbol scopes, global macros, other fixes and tidy-ups.
- tool1621: fix to run, also fix it to pass.
- sockfilt: fix Windows compiler warning in certain unity include order,
by explicitly including `warnless.h`.
Follow-up to 6897aeb105#17468Closes#17590
These libraries do not support TLS 1.3 and have been marked for removal
for over a year. We want to help users select a TLS dependency that is
future-proof and reliable, and not supporting TLS 1.3 in 2025 does not
infer confidence. Users who build libcurl are likely to be served better
and get something more future-proof with a TLS library that supports
1.3.
Closes#16677
Public `curl/curl.h` includes these headers for non-Windows platforms
without further conditions. This makes it safe to assume these headers
do exist, allowing to save two feature checks for non-Windows targets.
`sys/time.h` is also assumed on Windows with mingw-w64, for declaring
`gettimeofday()`.
Closes#17522
- replace dynamic `InitSecurityInterface()` call with early binding and
link `secur32` system DLL.
The library and function are available in all supported curl Windows
targets, meaning WinXP or newer. Add small hack for mingw32ce to
make it build.
- detect and use `if_nametoindex()` on Windows when available. Link
`iphlpapi` system DLL. Requires targeting Vista or newer.
Replacing the dynamic call and the pre-load optimization for lib3026.
Suggested-by: Jay Satiro
Closes#17413
Sync them with the function name they detect, and sync them between
cmake and autotools.
- rename `HAVE_WOLFSSL_BIO` to `HAVE_WOLFSSL_BIO_NEW`.
- rename `HAVE_WOLFSSL_FULL_BIO` to `HAVE_WOLFSSL_BIO_SET_SHUTDOWN`.
- autotools: rename `WOLFSSL_NTLM` to `HAVE_WOLFSSL_DES_ECB_ENCRYPT`
(to sync with cmake).
- autotools: rename `WOLFSSL_BIO` to `HAVE_WOLFSSL_BIO_NEW`
(to sync with cmake).
- autotools: simplify `HAVE_WOLFSSL_DES_ECB_ENCRYPT` detection.
Cherry-picked from #17082Closes#17175
- update text on dependency feature detection variables, and move it
to its own section in `docs/INSTALL-CMAKE.md`.
Ref: #17032 (Discussion)
- tidy up descriptions/comments, alpha-sort.
- move comment to its own section in `docs/INSTALL-CMAKE.md`.
- split `HAVE_SSL_SET_QUIC_USE_LEGACY_CODEPOINT` to distinct names for
each TLS backend API. To make the names more stable and to sync them
with autotools.
Follow-up to 07cc50f8eb#17018
Follow-up to 342a654ef3#15873
- drop redundant condition while detecting QUICTLS API.
Follow-up to 07cc50f8eb#17018
- add config-comparison exception for `HAVE_SSL_SET_QUIC_TLS_CBS`.
Follow-up to 5eefdd71a3#17027
- detect `wolfSSL_get_peer_certificate` like autotools does.
- detect `wolfSSL_UseALPN` like autotools does.
Closes#17082
Build/install the man page. Install the script.
This an "import" rather than just adding the script into the release tarball
with maketgz to make sure the tarball build is completely reproducible.
wcurl development, issues etc is still to be done at
https://github.com/curl/wcurl
Assisted-by: Viktor Szakats
Assisted-by: Samuel Henrique
Closes#17035
Safe to do this now, as the code no longer relies on setting these
options after feature detection.
Also: Tidy up the way we handle options not to be passed to feature
checks, and make sure to show them in the configure log.
Follow-up to e86542038d#17047Closes#17062
Also:
- pass `-D_GNU_SOURCE` via `COMPILE_DEFINITIONS`.
- make it explicit to pass these C flags to feature checks.
- update `_GNU_SOURCE` comment with `pipe2()`.
- enable `-pedantic-errors` picky option for GCC with CMake <3.23.
- drop redundant condition when stripping existing MSVC `/Wn` options.
CMake passes `CMAKE_C_FLAGS` to targets, feature checks and raw
`try_compile()` calls. With `COMPILE_OPTIONS`, this is limited to
targets, and we must explicitly pass them to feature checks. This
makes the build logic clearer, and offers more control. It also
reduces log noise by omitting these options from linker commands,
and from `CMAKE_C_FLAGS` dumps in feature checks.
Closes#17047
- `NOT` + `VERSION_LESS` -> `VERSION_GREATER_EQUAL`
Available since 3.7, which is the minimum required for curl:
https://cmake.org/cmake/help/latest/command/if.html#version-greater-equal
- make `CMAKE_REQUIRED_*` argument quotes consistent.
- make `CMAKE_REQUIRED_*` space alignment consistent.
- drop quote from version value for consistency with other cases.
- formatting
Closes#17002
Try to enforce that the Rustls vTLS backend is only used with
rustls-ffi 0.15 - the documentation already describes this as
the required version.
Follow-up from https://github.com/curl/curl/issues/16890Closes#16922
Add the last (*) missing bit for feature parity with autotools.
Also test in CI. Add a new `cmake install` step to GHA/macos.
(*) AFAIK. Let us know if there's something else missing.
Closes#16833
- cmake: disable test bundles for clang-tidy builds.
clang-tidy ignores #included .c sources, and incompatible with unity
and bundles. It caused clang-tidy ignoring all test sources. It also
means this is the first time tests sources are checked with
clang-tidy. (autotools doesn't run it on tests.)
- cmake: update description for `CURL_TEST_BUNDLES` option.
- fix tests using special `CURLE_*` enums that were missing from
`curl/curl.h`. Add them as reserved codes.
- fix about ~50 other issues detected by clang-tidy: unchecked results,
NULL derefs, memory leaks, casts to enums, unused assigments,
uninitialized `errno` uses, unchecked `open`, indent, and more.
- drop unnecessary casts (lib1533, lib3207).
- suppress a few impossible cases with detailed `NOLINT`s.
- lib/escape.c: drop `NOLINT` no longer necessary.
Follow-up to 72abf7c13a#13862 (possibly)
- extend two existing `NOLINT` comments with details.
Follow-up to fabfa8e402#15825Closes#16756
It seems unnecessary and possibly unexpected to build test servers with
debug-enabled features and memory tracking whenever the tested curl is
built like that (which is a requirement for some tests, so curl is
mostly built like that when running tests.) It also makes building
servers a little bit faster with cmake for the most common cases.
You can apply debug options to `tests/server` with these new options:
- `./configure`: `--enable-server-debug`.
- cmake: `-DENABLE_SERVER_DEBUG`.
Also sync the way we pass these macros in autotools, with CMake builds.
Before this patch, autotools passed them via `curl_config.h`. After this
patch it passes them on the command-line, like cmake builds do.
This patch also make these option no longer passed to examples and
`http/client` in cmake builds, where they were no-ops anyway.
Ref: #15000Closes#16705
Apply downstream patches from the vcpkg project:
- cmake: remove duplicates from `CURL_LIBDIRS`.
- cmake: set `CURL_LIBDIRS` as `INTERFACE_LINK_DIRECTORIES` for static
libcurl.
To support CMake <3.13, change downstream patch from:
```cmake
target_link_directories(${LIB_STATIC} INTERFACE ${CURL_LIBDIRS})
```
to:
```cmake
set_target_properties(${LIB_STATIC} PROPERTIES [...] INTERFACE_LINK_DIRECTORIES "${CURL_LIBDIRS}")
```
Co-authored-by: Kai Pastor
Ref: https://github.com/microsoft/vcpkg/pull/43819Closes#16610
Disable these winsock2 functions on Windows to use the curl wrappers
and preserve `WSAGetLastError()` aka `SOCKERRNO` error codes.
curl sources uses `inet_pton()` and `inet_ntop()` via its own `Curl_`
prefixed wrappers. These wrappers promise to not overwrite
`WSAGetLastError()` aka `SOCKERRNO` error codes when calling them.
But, for Windows builds with these built-in winsock2 functions detected
(meaning all supported Windows versions, except Windows CE),
the wrappers were 1-to-1 mapped to the winsock2 functions, which broke
this promise.
b06c12b724/lib/inet_ntop.c (L188-L190)b06c12b724/lib/inet_pton.c (L66-L70)
These promises are old (a1d5983991) and
may not be valid anymore. In this case, the callers would have to be
updated to use `SOCKERRNO` to retrieve any error, instead of using
`errno` as they do now.
https://learn.microsoft.com/windows/win32/api/ws2tcpip/nf-ws2tcpip-inet_ntophttps://learn.microsoft.com/windows/win32/api/ws2tcpip/nf-ws2tcpip-inet_ptonCloses#16577
