Fixes:
```
$ ./runtests.pl -g 1940
./libtest/libtests lib1940: No such file or directory.
Argument list to give program being debugged when it is started is "http://127.0.0.1:44547/1940".
```
Reported-by: Daniel Stenberg
Fixes#16893Closes#16898
Treat %2e and %2E to be "dot equivalents" in the function and remove
such sequences as well, according to RFC 3986 section 5.2.4. That is
also what the browsers do.
This DOES NOT consider %2f sequences in the path to be actual slashes,
so there is no removal of dots for those.
This function does not decode nor encode any percent sequences.
Also switched the code to use dynbuf.
Extends test 1395 and 1560 to verify.
Assisted-by: Demi Marie Obenour
Fixes#16869Closes#16870
When multiple headers share the same name, AWS SigV4 expects them to be
merged into a single header line, with values comma-delimited in the
order they appeared.
Add libtest 1978 to verify.
Closes#16743
Before this patch the script relied on Perl `system()` finding `openssl`
in `PATH`, plus tried to display the full path of `openssl` by using
`command -v` (or `which` on Windows). `command -v` did not work in CI
for unknown reasons. To resolve it, this patch detects `openssl` in
`PATH` manually, displays the detected full path and calls `openssl`
with the detected full path, and stops relying on `system` for this.
It also follows how `sshhelp.pm` is detecting executables. Though this
patch uses Perl `-f` instead of `-e && -d` used there .
Silencing this in CI logs:
```
Can't exec "command": No such file or directory at ../../../tests/certs/genserv.pl line 51.
```
Ref: https://github.com/curl/curl/actions/runs/14145795884/job/39632942668?pr=16865#step:39:108Closes#16868
To support running tests directly via `runtests.pl` after building
the test targets. Also to sync with the same update for autotools.
Follow-up to 0c1ad21f97#16845Closes#16866
Instead of via `tests/data/DISABLED` file.
They are all missing CRL feature support, as opposed to being broken.
Follow-up to 8adee8824c#16862
Follow-up to 8b1b5cd4d2#16660Closes#16865
To remove POSIX shell as an extra dependency for runtests.
Also fix to `chmod 0600` the `.pem` file (was: `.prm`), and apply it
_before_ writing the keys.
Follow-up to 44341e736a#16824Closes#16858
Before this patch the signal handler called `logmsg()` which in turn
called `printf()` variants (internal implementations), and `FILE *`
functions, `localtime()`. Some of these called `malloc`/`free`, which
isn't supported in s signal handler. Replace them with `write` calls,
losing some logging functionality.
Also:
- De-dupe and move `STD*_FILENO` macros to `lib/curl_setup.h`. Revert
the `src` definition to point to `stderr`, instead of `tool_stderr`.
Follow-up to e5bb88b8f8#11958
POSIX specs with list of functions allowed in a signal handler:
2004: https://pubs.opengroup.org/onlinepubs/009695399/functions/xsh_chap02_04.html#tag_02_04_03
2017: https://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html#tag_15_04_03
2024: https://pubs.opengroup.org/onlinepubs/9799919799/functions/V2_chap02.html#tag_16_04_03
Linux CI run with the thread sanitizer going crazy when
hitting the signal handler in test 1238 and 1242 (TFTP):
```
WARNING: ThreadSanitizer: signal-unsafe call inside of a signal (pid=12582)
#0 malloc <null> (servers+0x5ed70)
#1 _IO_file_doallocate <null> (libc.so.6+0x851b4)
#2 formatf /home/runner/work/curl/curl/bld/tests/server/../../lib/../../lib/mprintf.c:886:9 (servers+0xdff77)
[...]
WARNING: ThreadSanitizer: signal-unsafe call inside of a signal (pid=12582)
#0 free <null> (servers+0x5f453)
#1 fclose <null> (libc.so.6+0x8532f)
#2 logmsg /home/runner/work/curl/curl/bld/tests/server/../../../tests/server/util.c:134:5 (servers+0xe684d)
```
Ref: https://github.com/curl/curl/actions/runs/14118903372/job/39555309490?pr=16851Closes#16852
Before this patch the curl repository and source tarball distribution
contained test certificates as binary blobs. Used by runtests.
Drop these certificates in favor of generating them dynamically as
part of the build process. Both via autotools and CMake.
As part of this, improve certificates, the generator script and process,
file layout, and fix any issue to make it work fast and smooth both in
CI and local builds.
Note, cert generator scripts require OpenSSL >=1.0.2
(or LibreSSL >=3.1.0). Generation requires POSIX shell, also with CMake.
Without a POSIX shell tests relying on TLS (and stunnel) will fail.
Details:
- build: generate certs as part of the test run process.
- build, tests: generate certs in the build directory.
- binarycheck: drop concept of known binary files with hashes.
- binarycheck: move binary check logic into spacecheck and drop this
separate checker tool.
- build: fix to clean all cert files.
- autotools: fix to not run leaf cert generators in parallel. To avoid
confusion when updating the revocation database and counter.
- scripts: drop `scripts` subdir, merge two scripts into one,
auto-generate root cert, allow generating multiple leafs at once.
- scripts: switch to EC-256 keys (was: RSA-2048). For key size and perf.
- scripts: drop `-x` echo, text dumps, most other output. To avoid log
noise and make it quicker in CI.
- scripts: make it non-RSA-specific.
- scripts: delete unused code.
- scripts: use POSIX shell shebang. Some envs don't have bash (Alpine).
- scripts: pass test pseudo-secrets via the command-line. To avoid:
```
+ openssl genrsa -out test-ca.key -passout fd:0 2048
Invalid password argument, starting with "fd:"
```
- cmake: fix to launch generator scripts via the detected POSIX shell.
- cmake: fix `build-certs` rule to not depend on `SRPFILES`
(`srp-verifier-*`).
- cmake: drop `EXCLUDE_FROM_ALL` for the cert subdir. It makes
the Visual Studio generator miss to create the `clean-certs`,
`build-certs` targets. No target depend on them, so they don't execute
implicitly anyway. Fixes:
```
MSBUILD : error MSB1009: Project file does not exist.
Switch: clean-certs.vcxproj
```
- cmake: add `VERBATIM USES_TERMINAL` to `build-certs` target.
- GHA/linux: install openssl on Alpine, for the cert generator scripts.
Follow-up to 556f722fe3#16593
Follow-up to fa461b4eff#14486Closes#16824
The base64 sections were added in a time when there was no other way to
do these tests. Now we remove them again to make less "hidden" data in
the test suite.
For several test cases we instead then provide a sequence of binary
octets which is not really better, but I have tried to minimize them.
Closes#16816
The callback, provided from url.c did the work that the cshutdn
functionality also implemented. Remove it.
Change some DEBUGF(infof()) to CURL_TRC_M().
Closes#16810
Setting a server-side file read-only by `chmod 0444` has does not
prevent overwriting it via SFTP upload (as tested in CI).
Fix it by setting its MS-DOS read-only attribute in addition. It
requires the Cygwin tool `chattr`.
Also unignore in CI.
Fixes:
```
test 0615...[SFTP put remote failure]
curl returned 0, when expecting 9
615: exit FAILED
=== Start of file stderr615
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 30 0 0 100 30 0 93 --:--:-- --:--:-- --:--:-- 95
100 30 0 0 100 30 0 92 --:--:-- --:--:-- --:--:-- 92
=== End of file stderr615
```
Ref: https://github.com/curl/curl/actions/runs/14037991918/job/39300723214#step:12:1269Closes#16818
Before this patch, autotools disabled building unit tests for
non-debug-enabled (`DEBUGBUILD`) builds. runtests skipped running this
combination, though they were built in cmake builds. There seems to be
no technical reason anymore for these restrictions. This patch removes
them, allowing to build and run unit tests for non-debug-enabled builds.
To improve unit test build and run coverage.
- autotools: do not disable building unit tests for non-debug-enabled
build. Bringing behavior closer to cmake builds. (There are still
exceptions in autotools, something for another PR)
- runtests: run unit tests for non-debug-enabled builds.
It extends coverage by 50 tests.
- `lib/altsvc.c`: fix to include `CURL_TIME` support in libcurlu, for
unit tests. It fixes test 1654, and syncs `CURL_TIME` behavior with
test 1660 and `lib/hsts.c`.
Ref: 10a7d05be3
Ref: fc8e0dee30#13694
Ref: 99f78cbf6e#16770Closes#16771
- cmake: disable test bundles for clang-tidy builds.
clang-tidy ignores #included .c sources, and incompatible with unity
and bundles. It caused clang-tidy ignoring all test sources. It also
means this is the first time tests sources are checked with
clang-tidy. (autotools doesn't run it on tests.)
- cmake: update description for `CURL_TEST_BUNDLES` option.
- fix tests using special `CURLE_*` enums that were missing from
`curl/curl.h`. Add them as reserved codes.
- fix about ~50 other issues detected by clang-tidy: unchecked results,
NULL derefs, memory leaks, casts to enums, unused assigments,
uninitialized `errno` uses, unchecked `open`, indent, and more.
- drop unnecessary casts (lib1533, lib3207).
- suppress a few impossible cases with detailed `NOLINT`s.
- lib/escape.c: drop `NOLINT` no longer necessary.
Follow-up to 72abf7c13a#13862 (possibly)
- extend two existing `NOLINT` comments with details.
Follow-up to fabfa8e402#15825Closes#16756
- on native Windows (also when using MSYS2 openssh), the group and other
permissions do not end up as requested by Perl's chmod:
```diff
--- log/8/check-expected
+++ log/8/check-generated
@@ -1,3 +1,3 @@
d????????? N U U N ??? N NN:NN asubdir[LF]
--rw?rw?rw? 1 U U 37 Jan 1 2000 plainfile.txt[LF]
+-rw?r-?r-? 1 U U 37 Jan 1 2000 plainfile.txt[LF]
-r-?r-?r-? 1 U U 47 Dec 31 2000 rofile.txt[LF]
```
Ref: https://github.com/curl/curl/actions/runs/14004029192/job/39215359241?pr=16781#step:15:1596
Fix it by ignoring group and other attributes.
- fix failing postprocess cleanup by making the read-only test file
writeable again before deleting it. Fixing:
```
Directory not empty at ../../tests/libtest/test613.pl line 83.
```
(seen on Windows with Git for Windows `perl.exe`)
- unignore in GHA/windows.
Closes#16791
To use a native Cygwin tool instead of the Windows `icacls`. It allows
running under Cygwin/MSYS without Windows system folders in the `PATH`.
Also: fix indentation and tidy up syntax of the `icacls` branch.
Note: As of this commit, these `setfacl` and `icacls` calls are not
necessary for a successful CI run. This includes OpenSSH for Windows
tests, that aren't run by default. Keep them anyway, because locally
they may be necessary depending on environment.
Reported-by: Brian Inglis
Fixes#16437
Ref: #16803Closes#16465
It accidentally worked on all CI-tested operating systems, except on
native Windows.
Fixing:
```
=== Start of file stderr612
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
[...]
curl: (21) rm command failed: Operation failed
```
Ref: https://github.com/curl/curl/actions/runs/14004029192/job/39215359241?pr=16781#step:15:1424
Also remove this test from the ignore list in GHA/windows.
Closes#16801
To run curl, tests and servers via `wine`:
```shell
export CURL_TEST_EXE_RUNNER=wine
```
runtests prefixes commands with the specified runner. For systems where
this isn't automatic or supported, e.g. macOS.
Closes#16785
It was already excluded for OpenSSH-Windows. Extend it to all OpenSSH
above v7.3. Syncing up this logic with the sshd server config.
Fixing, in `sftp_server.log`:
```
log/server/curl_sftp_config line 33: Unsupported option "rhostsrsaauthentication"
log/server/curl_sftp_config line 34: Unsupported option "rsaauthentication"
```
`no` has been the default for these since OpenSSH 3.3 (2002-06-21).
Closes#16784
stunnel: print configuration actually in file
Instead of duplicating all the logic of writing the stunnel
configuration, and having to keep it up to date, when running in verbose
mode print the actual contents of the file after writing it.
certs/genserv.sh: Fix typo in error message
Closes#16783
SFTP/SCP tests were failing in CI with WinCNG libssh2 since we first
added such job. With `curl: (67) Authentication failure`.
The reason is that the default `ssh-keygen` RSA private key format
changed to OpenSSH (RFC4716) in 2018. libssh2 does not support this
format with some of its crypto backends.
Fix it by generating keys explicitly in PEM format as necessary via
the `-m` option. This format is universally recognized for RSA keys.
2018-08-24: https://www.openssh.com/txt/release-7.8: OpenSSH format becomes default
2010-08-23: https://www.openssh.com/txt/release-5.6: `-m` option first supported
This fixed the auth issue, just to reveal a known flakiness issue in
libssh2 + WinCNG, causing:
```
curl: (2) Failure establishing ssh session: -8, Unable to exchange encryption keys
```
Ref: https://github.com/curl/curl/actions/runs/14000494428/job/39205633258?pr=16781#step:15:1796
Tracked here: https://github.com/libssh2/libssh2/issues/804
Mitigated in libssh2 tests by retrying them.
Due to this, keep ignoring these test results.
Also:
- add an env to customize key format: `CURL_TEST_SSH_KEY_FORMAT`
- display the generated format in the log.
- GHA/linux: document the wolfSSH error code causing it to fail tests:
```
curl: (79) wolfssh SFTP connect error -1051 / WS_MATCH_KEY_ALGO_E / cannot match key algo with peer
```
Follow-up to 4911e7af11#16735
Follow-up to 0ec72c1ef8#16672
Follow-up to e53523fef0#14859
Follow-up to e26cbe20cb#13979Closes#16781
In the cases observed throughout the last year, `handle64` run once per
test run, but with no action (match or task kill). It did not help with
flakiness and seems redundant.
runtests launched it (if present) in Cygwin/MSYS jobs too, where it
probably shouldn't have, because we have seen no flakiness there. In CI
the tool was present and launched in MSYS2 jobs, but not in Cygwin.
After this patch the "clearlocks" warning remain in the log. They are
consistently appearing once in every MSVC CI log, early in the tests:
```
test 3207 SKIPPED: curl lacks OpenSSL support
[...START-OF-TESTS...]
test 0003...[HTTP POST with auth and contents but with content-length set to 0]
--pd---e--- OK (3 out of 1596, remaining: 17:50, took 1.423s, duration: 00:02)
test 0007...[HTTP with cookie parser and header recording]
--pd--oe--- OK (7 out of 1596, remaining: 07:51, took 1.485s, duration: 00:02)
test 0006...[HTTP with simple cookie send]
--pd---e--- OK (6 out of 1596, remaining: 09:11, took 1.488s, duration: 00:02)
test 0005...[HTTP over proxy]
--pd---e--- OK (5 out of 1596, remaining: 11:03, took 1.491s, duration: 00:02)
CUSTOMBUILD : error : 169: cleardir(log/8/lock) failed [D:\a\curl\curl\bld\tests\test-ci.vcxproj]
test 0001...[HTTP GET]
--pd---e--- OK (1 out of 1596, remaining: 55:34, took 1.466s, duration: 00:02)
test 0004...[Replaced internal and added custom HTTP headers]
```
Ref: https://github.com/curl/curl/actions/runs/13546192228/job/37858323380?pr=16484#step:14:167
Ref: e53523fef0#14859
Ref: 311c31ec8e#6179
Follow-up to 3a8920e5ed#16600Closes#16484
If libtests, units and servers binaries are all present, auto-enable
bundle mode.
Drop manual runtests option.
Note: Make sure to "make clean" before changing the test bundle build
setting.
Also fix to append executable extension to all libtest and unit test
executables when launching them. This should make it a tiny bit faster
on Windows.
Follow-up to f4f25505df#15000
Follow-up to 71cf0d1fca#14772Closes#16750
This commit introduces support for features in the test selection
process by adding them to the keywords list with the `feat:` prefix. It
allows users to specify features to run only tests with them, or exclude
tests using `!feat:<feature>`, similar to how keywords are handled.
Fixes#16533Closes#16619
Signed-off-by: Aquila Macedo <aquilamacedo@riseup.net>
It was introduced in 294136b754, but not shipped in a release. It
has caused problems and after checking, the browsers don't insist on it
even if RFC 9112 says it is mandatory.
Adjust test 2 to do a response without the space.
Closes#16728
It seems unnecessary and possibly unexpected to build test servers with
debug-enabled features and memory tracking whenever the tested curl is
built like that (which is a requirement for some tests, so curl is
mostly built like that when running tests.) It also makes building
servers a little bit faster with cmake for the most common cases.
You can apply debug options to `tests/server` with these new options:
- `./configure`: `--enable-server-debug`.
- cmake: `-DENABLE_SERVER_DEBUG`.
Also sync the way we pass these macros in autotools, with CMake builds.
Before this patch, autotools passed them via `curl_config.h`. After this
patch it passes them on the command-line, like cmake builds do.
This patch also make these option no longer passed to examples and
`http/client` in cmake builds, where they were no-ops anyway.
Ref: #15000Closes#16705
Use a more descriptive global variable name in server code, also
to avoid colliding with this name used elsewhere in libcurl.
This isn't causing an issue at this time, but makes the code prone
to `-Wshadow` warnings in unity mode, if the global variable is
compiled first. This specific variable could collide with the `path`
argument of the `curlx_win32_stat()` function.
Closes#16719
