- rename version env to stay compatible with Renovate `matchStrings`.
- also switch to manual bumps.
Bump rule was wrong, and deemed not worthy the complexity to fix.
Closes#21319
To make it scoped for the single request appropriately.
Reported-by: Muhamad Arga Reksapati
Verify with libtest 2504: a custom Host *disabled* on reused handle
Closes#21312
Add "Delay-A: ms", "Delay-AAAA: ms" and "Delay-HTTPS: ms" to the test
dnsd config and implement delayed response handling.
Add test_21_09 and test_21_10 to check that delayed responses connect
using the undelayed address family.
Closes#21299
Use a dns connection filter to resolve hostnames where their addresses
are locally resolved and forwarded to the SOCKS proxy.
This makes all improvements, like in #21295 for example, also apply
to socks connections. Curl_resolv() is now only called from a DNS
filter.
(ftp still calls Curl_resolv_blocking() in two places, one of which
may be replaceable with a DNS filter as well to remove the block, tbd)
Closes#21297
There is no reason we should treat this part different on Windows. Noe
anything except blank, localhost or 127.0.0.1 cause error there as well.
Also: fix query handling in urlencode_str
Closes#21296
- enable three checks:
- bugprone-invalid-enum-default-initialization
- bugprone-sizeof-expression
- readability-inconsistent-declaration-parameter-name (strict)
- fix remaining discrepancies with arg names in prototypes
and implementation, in strict mode.
- document reason for some checks tested but not enabled.
Closes#20794
- examples: sync debug output printf masks.
- INSTALL-CMAKE.md: tidy up section for some options.
- curl_sha512_256: delete comment suggesting an optimization.
- vtls/keylog: scope a variable.
- vtls/openssl: make a source code URL a permalink.
- vtls/schannel: drop redundant parentheses.
- test1119.pl: robustify `$1` -> `$s`.
- sync arg names in comments to match the code.
- tidy up and minor fixes to comments.
- fix formatting/indenting/comment/newline/include nits.
- move `UNITTEST` protos next to definitions, sync their argument names.
- make variables static.
- add parentheses to Perl `open()` calls.
- drop unnecessary double quotes in Perl.
- clang-format.
Closes#21000
When a user supplied an ip address in a URL as hostname, use that even
when address family restrictions like -4 or -6 are set.
Add test_10_15/16 to verify with a local proxy server.
Fixes#21146
Reported-by: Terrance Wong
How:
- cf-dns: on see the hostname is an ip(v6) address, add the respective
A/AAAA to the dns query bits
- cf-dns/hostip: only hand out addrinfos for a family if that family
is part of the DNS queries. That prevents for example ipv6 addresses
to show up from dns cache entries
- change cf-ip-happy to no longer check for "ip_version" and instead
use all addresses that cf-dns hands out
Closes#21295
Fix http auth to set the `picked` auth when sending the corresponding
headers. Fix reporting Digest as avail.
Fixes#21274
Reported-by: sergio-nsk on github
Closes#21284
Add `resolv-threaded` to curlinfo to detect use of the threaded resolver
correctly even with c-ares linked to https-rr.
Run test_21_05 exactly when threaded resolver is built.
Closes#21287
This should return a SSL_CTX pointer but it was accidentally broken.
Verify with test 1587
Follow-up to 2db8ae480f
Spotted by Codex Security
Closes#21290
- convert `#` comments to `dnl`, except copyright headers, and inline
comments in `curl-complilers.m4`.
- drop empty comments.
- drop line-ending `dnl` markers. (except `zz40-xc-ovr.m4` where it's
used to produce a comment in `configure`.)
- replace `dnl` line with C comment in `AC_CHECK_HEADERS()`.
Verified to produce the same `configure` script except empty lines,
`#` comments, and C comments, with autoreconf 2.72.
Cherry-picked from #21000Closes#21246
Run test_07_22 only on http/1.1 and h2. For h3, we get unreliable tests
results in CI due to (probably) nghttpx not always reporting the RESET
from the backend and the test timing out.
Closes#21286
... unless it is a POST and the user explicitly asked to keep doing
POST.
Add test1983/1984: verify --follow with 303 and PUT + custom GET
Fixes#20715
Reported-by: Dan Arnfield
Closes#21280
- By making retry_sleep() a separate funtion that determines how long to
wait until the next retry.
- switch the retry timer to uint32 to make it uniform across platforms
Closes#21279
Connection filters can now carry the flag CF_TYPE_SETUP, indicating that
they are only needed during connection setup, e.g. connect.
Once the connection is fully established, those filter are removed
again. This frees resources and also makes the filter (call) chains
shorter.
Closes#21269
When HTTPS-RR is needed for the HTTP/3 handshake, delay the connect
until it arrives. Relevant only for TLS backends that support ECH, for
now.
Closes#21253
To avoid (mis-)detecting it via the internal Apple library
`/usr/lib/system/libsystem_sim_kernel.dylib` when targeting iPhone
Simulator (seen with iPhoneSimulator26.4.sdk).
Reported-by: Ian Spence
Fixes#21236Closes#21271
Make cf-https-connect work async correctly:
- only start first baller when at least one A/AAAA address
is available
- select first connect attempt after that with HTTPS-RR info
there or not.
- select second connect attempt only when HTTPS-RR is resolved
(may have resolved to "not known") and select possible ALPN
from things known by then. May not select any second attempt
when first already covers everything.
This means when the HTTPS-RR is known at/before the first address
is resolved, everything behaves as before. When the HTTPS-RR is
late, a first connection attempt will have been started. Any
ALPN preference from the HTTPS-RR that is not already ongoing will
then start the second attempt.
For HTTPS-RRs that recommend 2 or more ALPNs, the first will always
be attempted: either it is already ongong or it will be the ALPN
for the second attempt. The 2nd ALPN recommendation from HTTPS-RR
*may* be honored or not, depending on what is already selected.
The difference in behaviour between early/late HTTPS-RR resolve
cannot be helped - unless we do not perform any attempts before
it arrives. Trade offs.
Closes#21267
Mostly, this means two blank lines between classes and functions and one
line between methods. Since these checks are currently in preview, they
are done in a separate ruff invocation to avoid turning ALL the preview
checks on at the same time.
- Checks for missing explicit `return` statements at the end of functions
that can return non-`None` values.
- Checks for classes that inherit from `object`.
- Checks for useless expressions.
- Within an `except*` clause, raise exceptions with `raise ... from err`
or `raise ... from None` to distinguish them from errors in exception
handling
- Checks for variable assignments that immediately precede a `return` of the
assigned variable.
- Checks for `else` statements with a `return` statement in the preceding
`if` block.
- Checks for unnecessary parentheses on raised exceptions.
Closes: #21258
The making of the TLS session cache key should use the cert blob
independently of verifypeer on/off.
Follow-up to fa0ccd9f1f
Spotted by Codex Security
Closes#21222
There are 69 entries, bsearch is faster than linear search for random
access.
This now also makes the matching case sensitive (zone names always in
uppercase). No docs said otherwise and all tests assumed uppercase.
Extended test 517
Closes#21266
It did not require a full-length match, so empty or prefix tokens map to
ECJPAKE would silently add that cipher to the configured list.
Follow-up to fba9afebba
Reported by Codex Security
Closes#21264
Polish the time2epoch function to become a little more readable.
Corrected the military time zones: they were going in the wrong
direction.
Add more curl_getdate() input varations to test 517
Closes#21251
Introduce a limit on the concurrent connect attempts of 6:
- document this in CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS
- close the oldest attempt before opening a new one that would
exceed the limit
- closing failed attempts early to avoid sockets use beyong their
usefulness
- add tests for limits in unit2600
These changes are externally visible as file descriptors will be
reassigned where we previously kept the old one around and started a
new socket, allocating always a new descriptor.
Closes#21252
Follow-up to bd3b2a626a
- rename it to myssh_statemachine
- remove the use of ternary operators in the switch
- fix the error handling for if 'sshp' actually ever is NULL
Closes#21250
The pieces of the state machine that were not separate functions before, now
are.
Also removed the use of ternary operators in the function calls.
Follow-up to f0bf43e209Closes#21249
Connections should only be reused when using the same "share" (and
perhaps some additional conditions), but instead of fixing this flaw,
this change completely disables connection reuse for SMB. This protocol
is about to get dropped soon anyway.
Reported-by: Osama Hamad
Closes#21238
For DragonFlyBSD and SunOS.
Also opt-in `BSD`, which is covering those listed explicitly, when using
CMake 3.25+.
Follow-up to 131a2fd5aa#16987Closes#21243
Curl_conn_cf_poll did not map adjust_pollset failures to poll-style
errors properly, so error codes were treated as ready events.
Found by Codex Security
Closes#21231
`certdata` dependency requires accessing api.github.com for
a reproducible timestamp, which in turn requires a GitHub token to avoid
errors due to rate limiting. Avoid all this by omitting this dependency,
which isn't necessary for these build tests anyway.
The `zero` job already did not use `certdata`, but disable explicitly
anyway just in case.
Reported-by: James Fuller
Follow-up to 9514184977
Follow-up to 128c252975#21105Closes#21241
Fixing (dl-mingw, CM 6.4.0-i686 (mingw-w64 5.0.0) schannel !unity):
```
lib/vssh/libssh.c: In function 'myssh_in_SFTP_QUOTE_STATVFS':
lib/vssh/libssh.c:573:31: error: ISO C does not support the 'I' printf flag [-Werror=format=]
char *tmp = curl_maprintf("statvfs:\n"
^~~~~~~~~~~~
lib/vssh/libssh.c:573:31: error: format '%u' expects argument of type 'unsigned int', but argument 2 has type 'uint64_t {aka long long unsigned int}' [-Werror=format=]
lib/vssh/libssh.c:573:31: error: ISO C does not support the 'I' printf flag [-Werror=format=]
[...]
```
Ref: https://github.com/curl/curl/actions/runs/24002480364/job/70000685821
mingw-w64 <=6.0.0 define `PRIu64` like this:
```
./inttypes.h:#define PRIu64 "I64u"
```
Follow-up to 413a0fedd0#12346
Cherry-picked from #21227Closes#21229
via env `CURL_TEST_SSH_KEYALGO`, `rsa` (default), `ecdsa`, `ed25519`.
To ease debugging and testing and to make these code paths more
universal.
Closes#21223
When doing line ending conversions, and a chunk contains no '\n', the
function returned early without updating prev_cr to reflect the last
byte. It could then lead to CRLFs sequences not get converted when
occuring right on the boundary border.
Found by Codex Security
Closes#21221
libssh 0.12.0 on Windows 64-bit Intel fails to connect to sshd (with SSH
state 30) when using the mlkem768x25519-sha256 KEX. (32-bit Intel, ARM64
and tested non-Windows platforms work fine.) Fix by disabling this KEX
for the libssh job.
I do not recommend libssh on Windows due to bugs an insecure behavior.
Also:
- fix libssh TFLAGS condition for mingw-w64.
Follow-up to e127f8ce84#21204
Follow-up to fcf946e846#21195Closes#21199
- use it in a mingw-w64 job.
- add support for native ARM64 binaries.
- add ability to use built-in OpenSSH server in mingw-w64 jobs.
Cherry-picked from #21199Closes#21219
Seen with mingw-w64 i686 gcc 15.2.0 (mingw32):
```
D:/a/curl/curl/lib/vssh/libssh.c: In function 'myssh_in_SFTP_QUOTE_STAT':
D:/a/curl/curl/lib/vssh/libssh.c:1664:13: error: comparison of integer expressions
of different signedness: 'time_t' {aka 'long int'} and 'unsigned int' [-Werror=sign-compare]
1664 | if(date > UINT_MAX)
| ^
cc1.exe: all warnings being treated as errors
```
Ref: https://github.com/curl/curl/actions/runs/23966805891/job/69908216152
Cherry-picked from #21199Closes#21214
Verify that curl's --retry behaviour works
- test 502 in serial, works
- test 502 in parallel, hangs forver, test skipped by default
- test 401, no retries done
Fixes#20669
Reported-by: BlackFuffey on github
Closes#21206
Now the logic for handling name duplicates and picking the longest
expiry and strictest subdomain is the same for the callback as for when
reading from file.
Also strip trailing dots from the hostname added by the callback.
A minor side-effect is that the hostname provided by the callback can
now enable subdomains by starting the name with a dot, but we discourage
using such hostnames in documentation.
Amended test 1915 to verify.
Closes#21201
Bumping `msys2/setup-msys2` from 2.30.0 to 2.31.0 also brought libssh
0.12.0 (after 0.11.3). libssh has been long known for loading OpenSSH
configuration from disk insecurely on Windows. 0.12.0 brings some fixes
to this (CVE-2025-14821), which in turn may be changing its behavior on
the default GH Windows runner to fail all curl SCP/SFTP tests.
Detecting what is the exact root cause, then defining exact runtime
conditions for it is difficult and fragile. Same for changing these
libssh defaults (if at all possible.)
But, since configuration loading remains insecure and broken on Windows
even after the mitigations made by 0.12.0 [0], this patch removes libssh
from the Windows CI job using it previously.
If someone figures out how to run in CI, it can be readded, though in
general, using libssh on Windows seems to be less than ideal.
[0] 0e4bd38a5b/libssh.sh (L11-L94)
Refs:
https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/91382507d5#21199 (unsuccessful fix attempts)
Bug: https://github.com/curl/curl/pull/21195#issuecomment-4173085194
Follow-up to fcf946e846#21195Closes#21204
Now that we support multiple async operations at the same transfer,
fix the thread queue cleanup to match not only the mid but also the
resolv_id.
Found by Codex Security
Closes#21202
req.no_body was only initialized in Curl_connect, while HTTP/2 server
push adds a duplicated handle via Curl_multi_add_perform and calls
Curl_init_do with conn==NULL, never invoking Curl_connect.
Verify it by amending test 1620
Found by Codex Security
Closes#21194
Up from 1K.
Reduces the risk that someone could flush the list by tricking a user to
do many transfers to new hostnames.
Document the limit.
Follow-up to 03a792b186Closes#21200
Make sure the string is non-zero before indexing it -1. Right now, the
path is always non-zero length so this is more for (future) safety
reasons.
Closes#21193
- update `actions/cache` from 5.0.3 to 5.0.4
- update `actions/download-artifact` from 7.0.0 to 8.0.1
- update `actions/upload-artifact` from 6.0.0 to 7.0.0
- update `msys2/setup-msys2` from 2.30.0 to 2.31.0
- update pip `ruff` from 0.15.7 to 0.15.8
Closes#21195Closes#21197
To sync names for the same macro logic between lib and src, and to move
it to the curlx namespace, to match `curlx_free()` that it's calling.
Closes#21151
- allow to specify when they are wanted on starting a resolve
- match dns cache entries accordingly. An entry which never
tried to get HTTPS-RRs is no answer for a resolve that wants
it.
- fix late arrivals of resolve answers to match the "async"
records that started them - if it still exists.
- provide for multiple "async" resolves in a transfer at the
same time. We may need to resolve an IP interface while the
main connection resolve has not finished yet.
- allow lookup of HTTPS-RR information as soon as it is
available, even if A/AAAA queries are still ongoing.
For this, the "async" infrastructure is changed:
- Defined bits for DNS queries `CURL_DNSQ_A`, `CURL_DNSQ_AAAA`
and `CURL_DNSQ_HTTPS`. These replace `ip_version` which says
nothing about HTTPS.
Use them in dns cache entries for matching.
- enhance the `async->id` to be a unique `uint32_t` for
resolves inside one multi. This is weak, as the id may
wrap around. However it is combined with the `mid` of
the easy handle, making collisions highly unlikely.
`data->state.async` is only accessed in few places where
the mid/async-id match is performed.
- vtls: for ECH supporting TLS backends (openssl, rustls, wolfssl),
retrieve the HTTPS-RR information from the dns connection filter.
Delay the connect if the HTTPS-RR is needed, but has not
been resolved yet.
The implementation of all this is complete for the threaded
resolver. c-ares resolver and DoH do not take advantage of
all new async features yet. To be done in separate PRs.
Details:
c-ares: cleanup settings and initialisation. Any ares channel
is only being created on starting a resolve and propagating
operations in setopt.c to the channel are not helpful.
Changed threaded+ares pollset handling so that they do not
overwrite each others `ASYNC_NAME` timeouts.
Add trace name 'threads' for tracing thread queue and
pool used by threaded resolver.
Closes#21175
Avoid never-ending growth.
When adding more entries, it now deletes the first entry in the list,
which is the oldest added entry still held in memory. I decided to avoid
a Least Recently Used concept as I suspect with a list with this many
entries most entries have not been used, and we don't save the timestamp
of recent use anyway.
The net effect might (no matter what) be that the removed entry might
feel a bit "random" in the eyes of the user.
Verify with test 1674
Ref #21183Closes#21190
Avoid never-ending growth.
When adding more entries, it now deletes the first entry in the list,
which is the oldest added entry still held in memory. I decided to avoid
a Least Recently Used concept as I suspect with a list with this many
entries most entries have not been used, and we don't save the timestamp
of recent use anyway.
The net effect might (no matter what) be that the removed entry might
feel a bit "random" in the eyes of the user.
Verify with test 1669.
Reported-by: Geeknik Labs
Fixes#21183Closes#21189
A previous refactor changed the TAB check so that the octet could be
accepted in the 'path', which would cause an invalid line in the saved
cookie file so not possible to read the cookie back. Not terrible
because the path cannot contain a raw tab anyway so it would never match
anyway.
Add test 1685 to verify
Reported-by: Izan on hackerone
Closes#21185
- fail if all retries failed.
- run `dpkg --configure -a` after an aborted slow attempt.
```
Selecting previously unselected package libsys-hostname-long-perl.
Error: slow server, retry
E: dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem.
[...]
```
Bug: https://github.com/curl/curl/pull/21107#issuecomment-4163506100
Follow-up to 5172ba5475#21107Closes#21181
Pass build options directly via `COMPILE_DEFINTIONS` and
`LINK_LIBRARIES`, instead of "tunneling" them through `CMAKE_FLAGS`.
The latter method breaks when passing `Threads::Threads` as library via
`CMAKE_REQUIRED_LIBRARIES`, while also being complex and fragile.
Example:
```
-- Performing Test HAVE_FSETXATTR_5
CMake Error at bld/CMakeFiles/CMakeTmp/CMakeLists.txt:27 (target_link_libraries):
Target "cmTC_3386e" links to:
Threads::Threads
but the target was not found. Possible reasons include:
* There is a typo in the target name.
* A find_package call is missing for an IMPORTED target.
* An ALIAS target is missing.
CMake Error at CMake/Macros.cmake:51 (try_compile):
Failed to generate test project build system.
Call Stack (most recent call first):
CMakeLists.txt:1684 (curl_internal_test)
```
Ref: https://github.com/curl/curl/actions/runs/23792043930/job/69329796592?pr=21168#step:38:318
Note: a side-effect is no longer passing C compiler flags (e.g.
`CMAKE_REQUIRED_FLAGS`) to the _linker_. This should not be an issue,
though CMake is passing them during its built-in detections.
Ref: https://cmake.org/cmake/help/v3.18/command/try_compile.htmlCloses#21176
If there is no trailing file name for -O or --remote-name-all, continue
searching until there is no more to search. A URL ending with multiple
slashes would previously make it do wrong.
Add test 1639 and 1644 to verify.
Follow-up to e26eefd9ce
Reported-by: James Fuller
Closes#21165
Seen on macOS:
```
CMake Warning at CMakeLists.txt:2158 (message):
Bad lib in library list: Threads::Threads
```
Follow-up to 2d546d239e#21163Closes#21170
- use `Threads::Threads` imported target, replacing
`CMAKE_THREAD_LIBS_INIT`. To use the modern form and to allow using
`THREADS_PREFER_PTHREAD_FLAG` option.
- only add Threads library/options if POSIX Threads was detected (not
any other threading backend FindThreads may detect, e.g. the HP one.)
- curl-config.in.cmake: detect and define `Threads::Threads`.
Refs:
https://cmake.org/cmake/help/v3.18/module/FindThreads.htmlhttps://cmake.org/cmake/help/v4.3/module/FindThreads.htmlCloses#21163
Prior to this patch code used either `HAVE_PTHREAD_H`, or
`HAVE_THREADS_POSIX`, or both, to decide if POSIX Threads support is
present. In effect requiring both to be defined for a consistent build.
Drop detecting and guarding for `pthread.h`, and assume it present when
`HAVE_THREADS_POSIX` is set.
OS/400 had `HAVE_PTHREAD_H` set, but not `HAVE_THREADS_POSIX`, which
possibly left threading disabled in most sources.
Ref: https://pubs.opengroup.org/onlinepubs/009695399/basedefs/pthread.h.html
Ref: 930f2e8227#21144Closes#21158
When creating a temp file in order to later replace an original, copying
over the existing permissions can not be considered safe when the user
running libcurl is not the owner of the existing file.
Closes#21092
memory allocated by libcurl (curl_maprintf) must be freed with
curl_free(), and memory allocated by the tool (curlx_strdup via
findfile) must be freed with curlx_free().
- tool_cfgable: ech_config is allocated with curl_maprintf, free it
with curl_free() instead of tool_safefree()
- config2setopts: known hosts from findfile() is allocated with
curlx_strdup, free it with curlx_free() instead of curl_free()
Follow-up to b71973c115Closes#21150
socks5_req0_init() rejects hostnames longer than 255 bytes, but the
later cast to unsigned char in socks5_req1_init() has no local
indication that it is safe. Add a DEBUGASSERT and comment to document
the invariant and guard against future refactoring.
Closes#21157
A "broken" SOCKS5 proxy can send an invalid length of the encryption
token, which could cause malloc(0) to be called, which is a "platform
can do what it wants" potential problem.
Resolve this by explicitly checking the length and rejecting the invalid
token before ever attempting to allocate any memory.
Closes#21159
When used together with `USE_OPENSSL`. `USE_QUICHE` always implies
`USE_OPENSSL`.
Also: merge two (now identical) `#if` blocks in `openssl.c`.
Closes#21135
Introduce `toolx_ftruncate()` macro and map it to existing replacements
for non-mingw-w64 Windows and DJGPP, or to `ftruncate` otherwise.
Follow-up to 6041b9b11b#21109Closes#21130
New connection filter `cf-dns` that manages DNS queries. If hands
out addresses and HTTPS-RR records to anyone interested. Used by
HTTPS and IP happy eyeballing.
Information may become available *before* the libcurl "dns entry"
is complete, e.g. all queries have been answered. The cf-ip-happy
filter uses this information to start connection attempts as soon
as the first address is available.
The multi MSTATE_RESOLVING was removed. A new connection always
goes to MSTATE_CONNECTING. The connectdata bit `dns_resolved`
indicates when DNS information is complete. This is used for
error reporting and starting the progress meter.
Removed dns entries `data->state.dns[i]`, as the `cf-dns` filter
now keeps the reference now.
Many minor tweaks for making this work and pass address information
around safely.
Closes#21027
It was wrongly previously only used in debug code for event based
transfer and not in the "normal" parallel transfer case.
Follow-up to 4654493fedCloses#21147
This warning was created at a time when all backends for HTTP/3 were
experimental. Since there are now non-experimental backends this warning
is incorrect in some cases and was already handled by backends that were
added to the experimental list.
Follow-up to 0535f6ec71Closes#21139
By moving the coexist workaround from vtls/openssl.c to vtls/openssl.h.
This way it also applies to vtls.c (and possibly other sources including
`vtls/openssl.h`), which may need it in unity builds before BoringSSL
header `openssl/ssl.h` pulling in the conflicting symbols and causing
conflicts otherwise.
Seen with build config:
```
-DCURL_USE_SCHANNEL=ON -DCURL_USE_OPENSSL=ON
-DCMAKE_UNITY_BUILD=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=30
```
Fixing:
```
In file included from _cm-win-boringssl/lib/CMakeFiles/libcurl_object.dir/Unity/unity_5_c.c:7:
In file included from lib/vtls/vtls.c:54:
In file included from lib/vtls/openssl.h:33:
In file included from /path/to/boringssl/_x64-win-ucrt/usr/include/openssl/opensslv.h:18:
In file included from /path/to/boringssl/_x64-win-ucrt/usr/include/openssl/crypto.h:18:
/path/to/boringssl/_x64-win-ucrt/usr/include/openssl/base.h:293:29: error: expected ')'
293 | typedef struct X509_name_st X509_NAME;
| ^
/path/to/llvm-mingw/x86_64-w64-mingw32/include/wincrypt.h:1515:29: note: expanded from macro 'X509_NAME'
1515 | #define X509_NAME ((LPCSTR) 7)
| ^
[...]
```
Ref: 2a92c39a21#20567Closes#21136
- update `filelock` from 3.24.3 to 3.25.2
- update `ruff` from 0.15.2 to 0.15.7
- update `cryptography` from 46.0.5 to 46.0.6 (CVE-2026-34073)
Closes#21138
The myssh_in_SFTP_READDIR_BOTTOM() function would not store the error
code correctly thus it could be ignored and missed when an error was
returned at that particular moment.
Follow-up to 3c26e6a896
Found by Codex Security
Closes#21122
non-HTTP protocols no longer retry after connection reuse failures
because multi_follow() now requires a handler->follow callback that is
NULL for those protocols. Provide a fallback for plain retries.
Follow-up to 1213c31272
Spotted by Codex Security
Closes#21121
When assembling the URL of a pushed resource over a not-secured
connection, require the scheme to be known and not secure.
Reported-by: xkilua on hackerone
Closes#21113
```
lib/vtls/openssl.c:4238:22: error: ‘SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED’ undeclared (first use in this function); did you mean ‘SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED’?
4238 | (reason == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED))) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED
lib/vtls/openssl.c:4238:22: note: each undeclared identifier is reported only once for each function it appears in
```
Ref: https://github.com/curl/curl/actions/runs/23641366299/job/68863072427#step:24:189
Cherry-picked from #21118Closes#21119
memory allocated by libcurl must be freed with curl_free() and vice versa,
memory allocated by the tool itself must be freed with curlx_free().
- dynbuf: free libcurl data with curl_free()
- tool_operate: make sure we get URL using the right memory
- tool_operhlp: free libcurl memory with curl_free()
- tool_operate: free curl_maprintf() pointer with curl_free
- var: data from curlx_base64_decode needs curlx_free
- tool_operate: fix memory juggling in etag handling
- tool_cb_hdr: fix memory area mixups
- tool_operate: another mixup in etag management
- tool_cb_hdr: more memory mixup fixes
- tool_cfgable.c: document some details
- tool_help: show global-mem-debug in -V output
Closes#21099
Build with "configure --enable-init-mem-debug" to make the tool use
curl_global_init_mem() and a set of private memory funtion callbacks for
libcurl's memory management.
Using this setup, memory mixups in tool code is more likely to cause
crashes and thus get discovered while running tests.
This curl_global_init_mem debug mode can only be done when building
libcurl shared (not static) and without debugging enabled - since it
needs to use the custom memory funtion callbacks.
Closes#21099
Systems without it need to provide a custom alternative just like we
have have for Windows. This adds an MSDOS version that fails if trying
to truncate a too large file.
Closes#21109
It's been going on for almost a year, chances seem slim to have this
fixed upstream.
The observed issue is that on GitHub-supplied CI runner images,
sometimes, `apt-get install` using the stock distro server
`http://azure.archive.ubuntu.com/ubuntu` sees extreme slowness while
downloading data, then reaching the job timeout and aborting, making CI
red and necessitating a manual restart of the failed job(s).
In majority of cases the install step takes no longer than 8-40 seconds
(download + install), while in the failing case it takes 10-20+ minutes
just to download.
Earlier I slimmed down installs to avoid unnecessary packages, which
mitigated, but did not completely fix the issue.
Example:
https://github.com/curl/curl/actions/runs/23599596928/job/68725576899?pr=21105
Follow-up to 0455d8772a#18509Closes#21107
To avoid rate limits when accessing GH APIs during the build.
Aiming to avoid (while trying to retrieve a file timestamp):
```
++ [[ 2026-02-11-1a84aee6387d2f9c9531c655edeea4a80aa0fcfa =~ (.+)-([a-f0-9]{40,}) ]]
++ ver=2026-02-11
++ commit=1a84aee6387d2f9c9531c655edeea4a80aa0fcfa
++ set +x
curl: (22) The requested URL returned error: 403
curl: (22) The requested URL returned error: 403
curl: (22) The requested URL returned error: 403
curl: (22) The requested URL returned error: 403
[...]
```
Ref: https://github.com/curl/curl/actions/runs/23598912140/job/68723120977?pr=21104
Follow-up to:
a26898fe4817f2fb3ead6dd6e47e98b461404b5aCloses#21105
Replacing the OpenSSL-like compatibility interface, and syncing with other
hashes, when building with wolfSSL.
Also: stop stomping on OpenSSL public MD4 symbols. This makes the wolfSSL
coexist workaround unnecessary, while also syncing up with MD5 sources.
After this patch the only remaining reference to wolfSSL's OpenSSL
compatibility layer is in `lib/curl_ntlm_core.c`.
Closes#21093
Maximum filename length 64, of which 48 maximum for the filename part.
Allowed characters: `A-Za-z0-9/._-`.
Also:
- rename a file to pass the check.
- init max constants outside the loop.
- minor fix to an error message.
Follow-up to 62d77b12fc#21087Closes#21095
The refactoring in #20832 introduced some inconsistencies between
windows and posix handling, pointed out by reviews. Fix them:
- rename `wait_on_nop` back to `extrawait` as it was called before
- use multi_timeout() to shorten the user supplied timeout for
both windows/posix in the same way
- remove the extra multi_timeout() check in the posix function
- Add the multi's wakeup socket for monitoring only when there
are other sockets to poll on or when the caller wants the
extra waiting time.
Closes#21072
Add test1715 to check proper handling of chunked transfer
encoding in CONNECT responses. Change proxy error code from
56 (RECV_ERROR) for everything to 7 (COULDNT_CONNECT) when
the server response could be read successfully, but establishing
the connection is not possible (http status code wrong).
Adapt several test expectations from 56 to 7.
Closes#21084
Use a thread queue and pool for asnyc threaded DNS resolves.
Add pytest test_21_* for verification.
Add `CURLMOPT_RESOLVE_THREADS_MAX` to allow applications to
resize the thread pool used.
Add `CURLMOPT_QUICK_EXIT` to allow applications to skip thread
joins when cleaning up a multi handle. Multi handles in
`curl_easy_perform()` inherit this from `CURLOPT_QUICK_EXIT`.
Add several debug environment variables for testing.
Closes#20936
Verify if lines are not longer than 192 characters. Also verify if lines
have less than 79 repeat spaces (and fix one fallout).
To improve readability by avoiding long lines and to prevent adding
overly long lines with text that may go unnoticed in an editor or diff
viewer.
In addition to pre-existing line length limits: 79 for C, 132 for CMake
sources.
Also:
- spacecheck: fix/harden allowlist regexes.
- spacecheck: tidy-up quotes and simplify escaping.
- spacecheck: allow folding strings with repeat spaces.
- GHA: fix a suppressed shellcheck warning.
- GHA/macos: simplify by dropping brew bundle.
- test1119.pl: precompile a regex.
- FAQ.md: delete very long link to a Windows 7/2008 support article
that's lost it relevance.
Closes#21087
On any `Curl_rlimit_start()` the rate limit needs to reset its
values before calculating the effective step duration and adjust
the tokens/burst per step.
Add two fields to the struct to remember the original values.
Closes#21086
The previously documented version was based on version checks made in
the source. In practice though, curl doesn't build with <5.0.0.
Also:
- bump main internal version check.
- drop superfluous internal version checks.
Closes#21080
Memory returned from curl_easy_escape() should be fred with curl_free()
to avoid surprises.
Follow-up to f37840a46e
Spotted by Codex Security
Closes#21075
By passing command-line as separate arguments instead of using a single
string. This needs skipping the shell, so rework redirections to use
Perl `open3()`.
Also explored to use `-out` to avoid redirections, but it makes the
command-line incompatible with some OpenSSL implementations/versions
(e.g. on default macOS), and would still need a solution for
`2>/dev/null`.
Ref: https://perldoc.perl.org/IPC::Open3Closes#20971
Add test case 1673 to do repeated upload failures and verify there is no
leak. This proved a previous leak and now it verifies the fix.
Reported-by: James Fuller
Closes#21062
with `-DCURL_DISABLE_SOCKETPAIR=ON`.
```
lib/asyn-thrdd.c:227:5: error: Value stored to 'do_abort' is never read [clang-analyzer-deadcode.DeadStores,-warnings-as-errors]
227 | do_abort = addr_ctx->do_abort;
| ^ ~~~~~~~~~~~~~~~~~~
```
Closes#21061
with
`-DCURL_DISABLE_VERBOSE_STRINGS=ON -DCURL_USE_GNUTLS=ON -DCURL_CLANG_TIDY=ON`.
```
lib/vtls/gtls.c:268:7: error: Value stored to 'strerr' is never read [clang-analyzer-deadcode.DeadStores,-warnings-as-errors]
268 | strerr = gnutls_strerror(rc);
| ^ ~~~~~~~~~~~~~~~~~~~
```
Closes#21060
The two bitmask constants for *CLEAR_DNS and *CLEAR_CONNS were
duplicates (both set to 1), so they cannot be distinguished and both
actions fire.
This shipped in public releases since 8.16.0 to and include 8.19.0.
This fix adds CURLMNWC_CLEAR_ALL to be the new 1, and it now implies all
bits. The DNS and CONNS defines get two new bits (2, 4).
Follow-up to 55c045c863
Found by Codex Security
Closes#20968
This reverts commit 21fc17b265.
That was not properly thought through. PowerPC can run in either endian
and the preprocessor does not know which.
Ref: #20985Closes#21058
c-ares builds have been sped up within curl-for-win using, pre-fills. It
allows building it with acceptable performance, making it practical to
use it, alongside HTTPS-RR, in curl CI and possibly in curl-for-win. It
has been enabled in its dev branch for a while.
Ref: 61a7354120Closes#21032
Fixing (seen in curl-for-win dev branch):
```
In file included from _a64-linux-gnu-bld/lib/CMakeFiles/libcurl_object.dir/Unity/unity_0_c.c:34:
lib/cf-https-connect.c:681:28: error: implicit conversion from 'unsigned char' to enumeration type 'enum alpnid' is invalid in C++ [-Werror,-Wimplicit-int-enum-cast]
681 | enum alpnid alpn = rr->alpns[i];
| ~~~~ ^~~~~~~~~~~~e
```
Ref: #21032Closes#21057
PowerPC64 (both big-endian and little-endian) supports efficient
unaligned memory access, similar to x86. This extends the existing
fast path that avoids byte-by-byte loads in the MD5 and MD4 SET/GET
macros.
On POWER8 ppc64le, this eliminates 3 shifts + 3 ORs per 32-bit word
load, replacing them with a single lwz (or lwbrx on big-endian).
Co Authored By Claude Opus 4.6 (1M context)
Closes#20985
... and apply the CURLOPT_MAXFILESIZE limit (if set) on that as well.
This effectively protects the user against "zip bombs".
Test case 1618 verifies using a 14 byte brotli payload that otherwise
explodes to 102400 zero bytes.
Closes#20787
When skipping macdef lines inside netrc files, ignore it completely and
do not tokenize or bail out on bad quotes.
Verify in test 1672
Follow-up to 3b43a05e00
Spotted by Codex Security
Closes#21049
The code runs under different rules than documentation and these checks
cause too much friction with too little gain.
Leave checking of the public include files since they are almost
documentation.
Closes#21048
The code failed to check for the version, and could thus read memory
past the existing curl_version_info_data structure. This could lead to a
crash.
Closes#21050
After limiting `find_package()`/`find_dependency()` calls to curl local
Find modules via the `MODULES` keyword, it became possible to detect
dependencies via CMake Configs from within those local Find modules, by
calling `find_package()` again with the `CONFIG` keyword. This patch
implements this. Then maps detection results to the result variables and
curl-specific imported targets the rest of the build expects.
Also honor recently introduced `*_USE_STATIC_LIBS` (experimental) flags
to map to the static target when requested.
This adds CMake Configs as an alternative to the existing `pkg-config`
and `find_path()`/`find_library()` auto-detection methods.
Enabled by default for MSVC, outside vcpkg and when not cross-building.
To enable for other cases, or override the default, you can use
`-DCURL_USE_CMAKECONFIG=ON` or `OFF`.
When enabled, Config detection happens after `pkg-config` and before
`find_path()`/`find_library()`. Using CMake's built-in options, you may
also manually point to the absolute directory holding Config files:
`Libssh2_DIR`, `MbedTLS_DIR`, `NGHTTP2_DIR`, `NGHTTP3_DIR`,
`NGTCP2_DIR` v1.19.0+ (with non-fork OpenSSL only), `Zstd_DIR` v1.4.5+
E.g. `-DMbedTLS_DIR=/path/to/mbedtls/lib/cmake/MbedTLS`
These dependencies typically need to be built with CMake to support
this.
Tagged as experimental.
Refs:
#20013#19156#19117https://github.com/curl/curl/pull/20784#issuecomment-3984318492
Depends-on: fad1ebaecc#20840
Follow-up to 91e06fde1b#20784
Follow-up to 26c39d8df1#20015Closes#20814
- librtmp has no test cases, makes no proper releases and has not had a
single commit within the last year
- librtmp parses the URL itself and requires non-compliant URLs for this
- we have no RTMP tests
- RTMP was used by 2.2% of curl users (self-identified in the 2025
survey)
Closes#20673
As code checks `curltime` values for zero and interprets this
as not-initialized or "forever" in several places, make sure
`curlx_now()` never returns a zero timestamp.
Closes#21034
Replace the `volatile int dirty` with a reference counter
protected by a mutex when available.
Solve the problem of when to call application's lock function
by adding a volatile flag that indicates a share has been added
to easy handles in its lifetime. That flag ever goes from
FALSE to TRUE, so volatile might work (in the absence of a mutex).
(The problem is that the lock/unlock functions need 2-3
`curl_share_setopt()` invocations to become usable and there
is no way of telling if the third will ever happen. Calling
the lock function before the 3rd setopt may crash the
application.)
When removing a share from an easy handle (or replacing it with
another share), detach the easy connection on a share with a
connection pool.
When cleaning up a share, allow this even if it is still used in
easy handles. It will be destroyed when the reference count
drops to 0.
Closes#20870
When extracting the resolve case using alarm timers, the check for "we
are not allowed to use signals" was refactored wrong.
Follow-up to 96d5b5c688Closes#21047
- it was already required for `curl_*printf()` float/double support.
- some curl tests always fail without it.
- it was already assumed to be present to build test servers.
Source code did not check for `HAVE_SNPRINTF` detection variable.
- it was already required to build examples.
Windows builds stopped using this detection and the function via earlier
commits.
Follow-up to 64f28b8f88#20765
Follow-up to 935b1bd454#9570#9569Closes#20763
Require CMake 3.18 (2020-07-15) or newer, up from 3.7 (2016-11-11)
prior to this patch.
This requirement also applies to the distributed `curl-config.cmake`.
To allow dropping compatibility code maintained for old versions, and to
use features which were unpractical in separate code paths. Also to make
testing, documentation and development easier, CI builds faster due to
CMake performance improvements over time. (e.g. integration tests on
macOS run 8x faster (10 minutes is now under 1.5m) in CI, 2.5x faster on
Windows.)
CMake offers pre-built binaries for major platforms. They work without
an install step, just by unpacking and pointing the cmake command to
them. Making upgrades easy in many cases:
https://cmake.org/download/https://cmake.org/files/https://github.com/Kitware/CMake/releases
CMake 3.18 brings these feature as generally available when building or
consuming curl/libcurl:
LTO support, improved performance, `pkg-config` and interface target
support, `OBJECT` target (for faster libcurl builds), modern invocation
with `-S`/`-B` options, better support for custom linker options,
FetchContent, `GnuTLS::GnuTLS` target, `--verbose` and `--install`
options, `CMAKE_GENERATOR` env, last but not least unity mode and Ninja
generator.
For maximum build speed, use:
`-DCMAKE_UNITY_BUILD=ON -DCURL_DROP_UNUSED=ON`
As for deprecations, C++11 is required to build CMake itself, which may
be a limit on some platforms. autotools continues to cover them.
Follow-up to 9bcdfb3809#20408
Follow-up to a7c974e038#19902
Follow-up to dfbe035c8b#10161
Discussion: https://github.com/curl/curl/discussions/18704Closes#20407
A previous refactor made the parser more lenient and this takes it back
to making sure only ascii digits are accepted.
Added test 1684 to verify
Follow-up to 304b5183fd
Pointed out by Codex Security
Closes#21041
- Rename `Curl_resolv_unlink()` to `Curl_dns_entry_unlink()`.
- Change `Curl_dnscache_get()` to return CURLcode result. Returns
now `CURLE_COULDNT_RESOLVE_HOST` for "negative" cache entries.
- Add `Curl_dnscache_add_negative()` to put a "negative" entry
into the cache.
Closes#20864
Use an alternate OpenSSL API to get the digest algorithm tied
to a certificate signature to compute the channel binding.
Fixes#20590
Reported-by: Rob Crittenden
Closes#20734
- Split WINSOCK and POSIX code in `multi_wait()` as the ifdef'ery
was becoming unreadable
- define `ENABLE_WAKEUP` to mean the wakeup socketpair is enabled,
no additional USE_WINSOCK check needed. Under WINSOCK
`ENABLE_WAKEUP` is not defined, so it's availability is as before
under the double defined() checks
- When the multi handle has "alive" transfers, the admin handle's
pollset include the wakeup receive socket. This results in the
admin handle running when someone uses `curl_multi_wakeup()`.
- Without any "alive" transfers, the wakeup socket is removed from
the pollset. Otherwise, event based processing would never finish,
eg. leave the event loop.
- The wakeup socket was never registered for event processing before,
e.g. `curl_multi_wakeup()` never worked in that mode.
- Adjust test exepectations on socket callback invocations and
number of sockets appearing in waitfds sets.
Closes#20832
A closed connection without TLS notify shutdowns, has been reported as a
correct EOF instead of an error. Fix the error handling in wolfSSL
backend receive handling.
Spotted by Codex Security
Closes#21002
`http_ignorecustom` is set on redirect handling but was not reset
between transfers, so once a redirect occurs in the new follow modes,
custom request methods were ignored for later transfers on the same
handle.
Follow-up to fb13923dd6
Detected by Codex Security
Closes#21037
It had an 'f' too few. Also provide CURLPROTO_WS* unconditionally
internally, so that code can depend on them in all builds.
Follow-up to cd5ca80f00
Spotted by Codex Security
Test case 3219 added to catch this next time.
Closes#21031
Return `CURLE_OUT_OF_MEMORY` instead of `CURLE_URL_MALFORMAT` when
`curl_url()`, `curl_easy_escape()`, or `curl_maprintf()` calls failed.
Found by Codex Security
Also reuse deinit code from a success branch.
Closes#21011
When composing the <scheme>_proxy environment variable, we assume the
handler->scheme name is already lowercase.
This makes unit test 1627 verify that is the case.
Follow-up to c294f9cb56
Spotted by Codex Security
Closes#21033
- move defines to header file
- make bit2str require < 8 unused bits
- make bool strings stricter
- make UTime2str show + or - for custom time zones
- removed unused 'type' argument to ASN1tostr() function
- fix int2str for negative values. All values below 10000 are now shown
in decimal properly, also possibly negative values.
Add unit test 1667 to verify ASN1tostr
Closes#21013
Prior to this, -G would override the scheme set with --proto-default and
revert back to guessing the scheme based on the hostname.
Add test 2008 to verify the fix
Spotted by Codex Security
Closes#20992
- make extract-unit-protos handle multi-line prototypes - but they need
to be above the implementation
- Prototypes for static functions we use in unit tests should not be in
header files. We generate lib/unitprotos.h for this purpose
- Removed some function wrappers written for unit tests and make them
use UNITTEST function directly.
- Renamed time2str() in the tool to timebuf() since we have the same
name in lib/ and in unit tests they can both be used non-static in a
build.
This reverts commit f95fadd116.
Follow-up to #21010Closes#21014
By generalizing Homebrew prefix in shared code paths, where missing.
No strong reason, sometimes it's useful for tests.
Follow-up to e5316069f1#18818Closes#21019
Silencing these warnings (seen on Solaris 11 SPARC GCC 4.9.2 + OpenCSW):
```
lib1521.c: In function 'test_lib1521':
/include/curl/typecheck-gcc.h:93:13: warning: call to 'Wcurl_easy_setopt_err_conv_cb' declared with attribute warning: curl_easy_setopt expects a curl_conv_callback argument
curl_easy_setopt(curl, CURLOPT_CONV_FROM_NETWORK_FUNCTION,
curl_easy_setopt(curl, CURLOPT_CONV_TO_NETWORK_FUNCTION,
curl_easy_setopt(curl, CURLOPT_CONV_FROM_UTF8_FUNCTION,
/include/curl/typecheck-gcc.h:123:13: warning: call to 'Wcurl_easy_setopt_err_interleave_cb' declared with attribute warning: curl_easy_setopt expects a curl_interleave_callback argument
curl_easy_setopt(curl, CURLOPT_INTERLEAVEFUNCTION,
```
Ref: https://curl.se/dev/log.cgi?id=20260319160651-1785427#prob2
Follow-up to de0adda78cCloses#21017
- return error on zero length input
- return error on OOM or doing too large output
- fix full 32-bit number support
- fix the broken handling of the first and second numbers
- support up to 32-bit minus 80 for the second number
- a field with a leading 0x80 is now considered an error, since it only
works as padding and is then no longer the shortest possible version
Add unit tests in 1666
Bonus: removed the last argument to OID2str() as it was always set TRUE.
Closes#21003
It was incorrecly loaded with env `CURL_CA_BUNDLE` unset +
`SSL_CERT_DIR` set + `SSL_CERT_FILE` unset.
Found by Codex Security
Follow-up to 29bce9857a#11325#11531Closes#20989
Curl_1st_err() does not return the second error if the first result is
CURLE_AGAIN. This may cause errors to not become noticeable when they
should be.
Replace all use of Curl_1st_err() with Curl_1st_fatal(), which handles
CURLE_AGAIN as a not-a-real-error case.
Closes#20980
Extend `#pragma diagnostic push`/`pop` guards to the whole codebase
(from tests and examples only) to disable it for GCC <4.6. Rename guard
to `CURL_HAVE_DIAG` and make it include llvm/clang to be interchangeable
with `__GNUC__ || __clang__` in this context.
The above means no longer disabling certain warnings locally, so pair
this with disabling all picky warnings for GCC <4.6.
Also:
- drop global workarounds for misbehaving GCC <4.6 compiler warnings.
Not needed with picky warnings disabled.
Reported-by: fds242 on github
Reported-by: Sergey Fedorov
Thanks-to: Orgad Shaneh
Follow-up to f07a98ae11#20366Fixes#20892Fixes#20924Closes#20902Closes#20907
A malicious or compromised FTP server could include control characters
(e.g. bare \r, or bytes 0x01-0x1f/0x7f) inside the quoted directory path
of its 257 PWD response. That string is stored verbatim as
ftpc->entrypath and later sent unescaped in a CWD command on connection
reuse via Curl_pp_sendf(), which performs no sanitization before
appending \r\n.
Reject the entire path if any control character is encountered during
extraction so that tainted data never reaches a subsequent FTP command.
Add test case 3217 and 3218 to verify. Adjusted test 1152 accordingly.
Closes#20949
Paths starting with one or two leading dots but without a following
slash were not handled correctly.
Follow-up to c31dd6631f
Extended test 1395 accordingly with a set of new test string.
Reported by Codex Security
Closes#20974
When errorf()/warnf() is used early on, before the global pointer is
setup, curl would previosly deref the null pointer.
Follow-up to 3b40128b0f
Found by Codex Security
Closes#20967
The read_field_headers() function would return "ok" even if the
underlying file read returned error, thus would the parent not become
aware of the problem.
Follow-up to f847d2ed02
Found by Codex Security
Closes#20963
The extra % translates to nothing, so this did not break anything they
are just superfluous.
Follow-up to 57d349fe0e
Assisted-by: Viktor Szakats
Found by Codex Security
uidvalidity_set and mb_uidvalidity_set flags were never reset, leaving a
risk for stale UIDVALIDITY state across transfers and mailbox switches.
Follow-up to fb6a4802d7
Spotted by Codex Security
Closes#20962
Missing ferror handling in Curl_get_line causes infinite loops on I/O
errors, leading to denial-of-service hangs for config/cache file loads.
Follow-up to 769ccb4d42
Pointed out by Codex Security
Closes#20958
Introduce `Curl_xfer_is_secure(data)` that returns TRUE for transfers
that happen(ed) over a end-to-end secured connection, e.g. SSL.
Add test1586 to verify behaviour for http: transfers via a https: proxy.
Reported-by: lg_oled77c5pua on hackerone
Closes#20951
When .curlrc is parsed successfully but the tool exits early before
parse_args() executes; the allocated path was not freed.
Spotted by Codex Security
Closes#20954
In curlx_strerror on Windows, the condition checks `!strerror_s(...)`
(true on success) and therefore always evaluates the fallback block.
Even when strerror_s successfully produced a valid errno message.
Follow-up to 1eca08a541
Pointed out by Codex Security
Closes#20955
ngtcp2 1.14.0 added module dependencies to `ngtcp2_crypto_*.pc` files.
This broke certain build cases in curl, because configure was is
querying pkg-config modules by setting `PKG_CONFIG_LIBDIR` to the
directory specified via `--with-*=` options, including `--with-ngtcp2=`.
Setting `PKG_CONFIG_LIBDIR` tells pkg-config (and pkgconf) to ignore
system locations. This caused that `ngtcp2_crypto_gnutls.pc` could no
longer find its indirect dependencies, if those were present at system
locations (where they typically are). Another fallout was BoringSSL,
because it does not provide `openssl.pc` on its own, and successful
detection relied on finding a non-BoringSSL copy, typically at a system
location (also fixed in ngtcp2 main branch).
Fix `ngtcp2_crypto_*` detections to not touch `PKG_CONFIG_LIBDIR` and
instead prepend `<path>` set via `--with-ngtcp2=` to `PKG_CONFIG_PATH`.
This ensures to pick up any dependent modules from system locations.
Note the side-effect is that potentially undesired modules may be
detected this way from system locations, i.e. it makes this particular
detection less "hermetic" than the rest used in curl configure.
(Configurations using a bare `--with-ngtcp2` with no path were not
affected, and served as a workaround before this patch. It remains a
valid way of configuration after.)
Both `pkgconf` and `pkg-config` use this logic to calculate their search
directory list:
```pseudo
search = {}
if PKG_CONFIG_PATH is set
search += PKG_CONFIG_PATH
endif
if PKG_CONFIG_LIBDIR is set (even if empty)
search += PKG_CONFIG_LIBDIR
else
search += built-in-pkg-config-dirs
endif
```
Refs:
https://github.com/curl/curl/pull/18028/commits (earlier attempt. Failed due to using `PKG_CONFIG_DIR` instead of the correct `PKG_CONFIG_PATH`)
https://github.com/curl/curl/pull/18028/commits/c0874ce8242d42a1ae1d570d6b70b8360da56482https://man.archlinux.org/man/pkgconf.1.enhttps://manpages.debian.org/unstable/pkgconf/pkgconf.1.en.htmlhttps://manpages.debian.org/unstable/pkg-config/pkg-config.1.en.html10e27fd63c
Bug: https://github.com/curl/curl/pull/18022#issuecomment-3120587041
Bug: https://github.com/ngtcp2/ngtcp2/pull/1689#issuecomment-3120593664
Follow-up to 04d90b5deb#20931
Follow-up to 3c64ffaff4#18415#18188
Follow-up to 99500660af#18028#18022Closes#20920
The `ISLOWHEXALHA` and `ISUPHEXALHA` macros were introduced in commit
f65f750 and seem to be only referenced locally by the `ISXDIGIT` macro.
Judging by the `ISALPHA` macro defined in the same file, it seems like
the intention was to spell them as `IS.*HEXALPHA`.
I noticed this while reading through the code and decided to open a PR,
even if it is only a tiny change, just because I was already looking at
it and it might be useful. If there is any reason not to merge this,
please do close the PR.
Closes#20810
- document building curl with CMake.
- mention all supported forks in the OpenSSL section. Delete dedicated
quictls section.
- add TLS-backend pkgconfig dir to `PKG_CONFIG_PATH` for correctness.
OpenSSL-based ones often work without this, by finding system
`openssl.pc`. For GnuTLS and wolfSSL this has a lesser chance. Best to
point to them explicitly. (configure may technically be able to do
this automatically, but it isn't implemented.)
- use `--with-ngtcp2=<path>` again, where possible.
GnuTLS is the exception, pending fix in #20910.
Same for BoringSSL, but not documented in `HTTP3.md`.
- replace `<somewhereN>` with `/path/to/depname` for clarity.
- move `LDFLAGS` after `./configure` for curl, to match dep builds.
- move `--with-ngtcp2` next to the TLS-backend option.
Follow-up to 1e3c2bec7e#20926
Follow-up to 3c64ffaff4#18415#18188
Cherry-picked from #20920Closes#20947
Configure LibreSSL autotools job with `--with-ngtcp=<path>` instead of
adding ngtcp2 to `PKG_CONFIG_PATH`. To test this way of configuration in
CI and test for the regression reported in #20889.
Turns out this way of configuration isn't affected by the detection
issue in this particular case.
It also works for other backends except for these two, subject to
separate fixes:
- BoringSSL fix: https://github.com/ngtcp2/ngtcp2/pull/2070
- GnuTLS fix and BoringSSL workaround: #20920
Follow-up to 666db80196#20891
Follow-up to 8db0e286b3#18189
Follow-up to 99500660af#18028#18022Closes#20926
For cases where the user puts a double quote or backspace in the user
name.
Adjusted test 907 to verify
Reported-by: am-perip on hackerone
Closes#20940
Before this patch the `$withval` variable may have contained `yes` or
other unrelated values, instead of the wolfSSL directory configured via
`--with-wolfssl=`.
Fixing:
```
checking for wolfssl options with pkg-config... found
configure: pkg-config --exists wolfssl trace:
---- begin
PKG_CONFIG_PATH: |/home/runner/wolfssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig|
PKG_CONFIG_LIBDIR: |yes/lib/pkgconfig| <=============== 'yes' used as base directory
trying path: /home/runner/wolfssl/build/lib/pkgconfig for wolfssl
---- end
```
Ref: https://github.com/curl/curl/actions/runs/23146424326/job/67235762794?pr=20920#step:18:245
Cherry-picked from #20920Closes#20943
`PKG_CONFIG_LIBDIR` and `PKG_CONFIG_PATH`.
To help debugging dependency issues. Example:
```
configure: pkg-config --exists openssl trace:
---- begin
PKG_CONFIG_LIBDIR: '/home/runner/libressl/build/lib/pkgconfig'
PKG_CONFIG_PATH: '/home/runner/libressl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig'
trying path: /home/runner/libressl/build/lib/pkgconfig for openssl
trying path: /home/runner/libressl/build/lib/pkgconfig for libssl
trying path: /home/runner/libressl/build/lib/pkgconfig for libcrypto
---- end
```
Cherry-picked from #20920
Follow-up to 04d90b5deb#20931Closes#20942
When saving a file with --no-clobber, make sure the existing file name
remains set when creating the name fails. In a retry scenario, it comes
back and uses that variable again.
Add test 3036 to verify.
Reported-by: James Fuller
Closes#20939
Instead hook up the upstream target name as-is to the local wrapper
target.
To:
- make the hack work regardless of how the upstream target was created.
- make it work the same way in `curl-config.cmake`.
Before this patch it had no guard for `IMPORTED` targets even though
`find_dependencies()` is not guaranteed to create the target expected
if it already existed and was potentially created differently.
Depends-on: #20840
Follow-up to 4f1646ef8a#20486#20419Closes#20839
Already set after `ldap_sslinit()`/`ldap_init()` and before
`ldap_ssl`-specific initialization.
Follow-up to 39d1976b7f#19830
Follow-up to b41e65a8e3
Follow-up to b91421b107Closes#20930
To include what's actually used.
Also:
- drop unused includes.
- scope includes where possible.
- drop `curlx/curlx.h` umbrella header.
- config2setopts: include `netinet/in.h` for Cygwin/MSYS2.
Previously included by chance via an unused curlx include.
Closes#20776
With default invocation, make generated file timestamps deterministic
by looking up (via the GitHub API) the last commit that modified
`certdata.txt`, along with its commit timestamp.
Also:
- show the URL used to download `certdata.txt` from.
- make `ca-bundle.crt` timestamp match `certdata.txt`'s.
Closes#20528
To allow simplifying the binutils ld hack, by chaining the original
imported target to curl's local duplicate target. Also to allow linking
to dependencies' native imported targets via their CMake Configs, which
will always be hooked up to a `CURL::` interface, and may also be
chained upstream.
Fixing (seen on Linux with simplified binutils hack via #20839):
```
Requires:
Requires.private: libzstd openssl zlib
Libs: -L${libdir} -lcurl
-Libs.private: -lcrypto -lssl -lz -lzstd
+Libs.private: -lOpenSSL::Crypto -lZLIB::ZLIB -lcrypto -lssl -lz -lzstd
Cflags: -I${includedir}
Cflags.private: -DCURL_STATICLIB
Error: Process completed with exit code
```
Ref: https://github.com/curl/curl/actions/runs/22768301699/job/66041980258?pr=20839
Note this makes it possible to run into an infinite loop because CMake
allows cyclic dependencies. It isn't added by curl's CMake script nor by
any dependencies as defined by default, but may happen in theory with
custom-created targets. In such case CMake automatically stops with
an error at 1000 iterations. I find it overkill to add custom protection
for it.
Cherry-picked from #20814
Cherry-picked from #20839Closes#20840
Fix potential inifinite loop reading file content with `Curl_get_line()`
when a filename passed via these options are pointing to a directory
entry (on non-Windows):
- `--alt-svc` / `CURLOPT_ALTSVC`
- `-b` / `--cookie` / `CURLOPT_COOKIEFILE`
- `--hsts` / `CURLOPT_HSTS`
- `--netrc-file` / `CURLOPT_NETRC_FILE`
Fix by checking for this condition and silently skipping such filename
without attempting to read content. Add test 1713 to verify.
Mention in cookie documentation as an accepted case, also show a verbose
message when a directory is detected. Extend test 46 to verify if such
failure lets the logic continue to the next cookie file.
Reported-and-based-on-patch-by: Richard Tollerton
Fixes#20823Closes#20826 (originally-based-on)
Follow-up to 769ccb4d42#19140Closes#20873
To aid debugging cases when dependency detection acts unexpectedly.
Sprung from spending days trying to figure out behavior of ngtcp2 crypto
modules and their dependencies.
You can enable by setting env `CURL_TRACE_PKG_CONFIG` to a non-empty
value. When enabled, details are logged for both successful and
unsuccessful detections. Logging of unsuccessful ones is automatically
enabled when `CURL_CI` env is set, which is the case for all CI jobs.
It works by asking for `--debug` output and grepping for lines that seem
useful for this purpose. Output is different for classic pkg-config and
pkgconf, and may depending on tool version. Also append `--print-errors`
output if any.
Examples (with pkgconf):
Fail, before:
```
checking for libngtcp2_crypto_boringssl options with pkg-config... no
configure: error: --with-ngtcp2 was specified but could not find ngtcp2_crypto_boringssl pkg-config file.
```
Fail, after:
```
checking for libngtcp2_crypto_boringssl options with pkg-config... no
configure: pkg-config --exists libngtcp2_crypto_boringssl trace:
---- begin
trying path: /home/runner/nghttp3/build/lib/pkgconfig for libngtcp2_crypto_boringssl
trying path: /home/runner/ngtcp2-boringssl/build/lib/pkgconfig for libngtcp2_crypto_boringssl
trying path: /home/runner/nghttp3/build/lib/pkgconfig for libngtcp2
trying path: /home/runner/ngtcp2-boringssl/build/lib/pkgconfig for libngtcp2
trying path: /home/runner/nghttp3/build/lib/pkgconfig for openssl
trying path: /home/runner/ngtcp2-boringssl/build/lib/pkgconfig for openssl
trying path: /home/runner/nghttp2/build/lib/pkgconfig for openssl
==== error:
Package openssl was not found in the pkg-config search path.
Perhaps you should add the directory containing `openssl.pc'
to the PKG_CONFIG_PATH environment variable
Package 'openssl', required by 'libngtcp2_crypto_boringssl', not found
---- end
configure: error: --with-ngtcp2 was specified but could not find ngtcp2_crypto_boringssl pkg-config file.
```
Success, after:
```
checking for libngtcp2_crypto_boringssl options with pkg-config... found
configure: pkg-config --exists libngtcp2_crypto_boringssl trace:
---- begin
trying path: /home/runner/awslc/build/lib/pkgconfig for libngtcp2_crypto_boringssl
trying path: /home/runner/nghttp3/build/lib/pkgconfig for libngtcp2_crypto_boringssl
trying path: /home/runner/nghttp2/build/lib/pkgconfig for libngtcp2_crypto_boringssl
trying path: /home/runner/ngtcp2/build/lib/pkgconfig for libngtcp2_crypto_boringssl
trying path: /home/runner/awslc/build/lib/pkgconfig for libngtcp2
trying path: /home/runner/nghttp3/build/lib/pkgconfig for libngtcp2
trying path: /home/runner/nghttp2/build/lib/pkgconfig for libngtcp2
trying path: /home/runner/ngtcp2/build/lib/pkgconfig for libngtcp2
trying path: /home/runner/awslc/build/lib/pkgconfig for openssl
trying path: /home/runner/awslc/build/lib/pkgconfig for libssl
trying path: /home/runner/awslc/build/lib/pkgconfig for libcrypto
---- end
```
More examples:
https://github.com/curl/curl/pull/20926#issuecomment-4064259935
If there is an externally enablable, built-in feature like this in
classic pkg-config or pkgconf, I could not find it.
Also:
- GHA/http3-linux: set `CURL_TRACE_PKG_CONFIG` to log detection details.
H3 builds are prone to hard-to-debug dependency issues.
Ref: #20920
Follow-up to 3c64ffaff4#18415#18188
Follow-up to 99500660af#18028#18022
Cherry-picked from #20926Closes#20931
Add protocol.h and protocol.c containing all about libcurl's
known URI schemes and their protocol handlers (so they exist).
Moves the scheme definitions from the various sources files into
protocol.c. Schemes are known and used, even of the protocol
handler is not build or just not implemented at all.
Closes#20906
Improve the name, type and handling of `data->req.keepon`:
- Rename `keepon` to `io_flags`
- make `io_flags` and `uint8_t` and reposition in struct
- Rename `KEEP_*` defines to `REQ_IO_*`, move to request.h
- Replace all direct bit tests to `CURL_REQ_WANT_*` use
- Replace all direct bit manipulations with new macros
Closes#20905
Convert more `int port` to `uint16_t` port types. Reshuffle ports in
connectdata to save some bytes. Change `conn->destination` format to
- make it more readable and thus usable in tracing
- add the IPv6 scope_id only when not default (global)
and make it resemble more the textual format for IPv6
(e.g. suffix '%<scope_id>')
Closes#20918
Eliminate `conn->bits.ipv6_ip`
The bit was only correct for the first transfer using a connection. Use
`data->state.up.hostname` instead in places that need the URL hostname
in its original form.
Fix parseurlandfillconn() to not modify `data->state.up.hostname` before
copying the connection's hostname, but modify the copy instead, leaving
the URL hostname intact.
Closes#20919
The file is almost entirely made up by first-lines of previous git
commits, and we usually push it without a PR cycle, making it annoying
to trigger on typos later as they then show in independent PRs by other
people.
Closes#20917
- when scanning source code, this now only checks source code comments
and double-quote strings. No more finding bad words as part of code
- this allows the full scan to be done in a single invocation
- detects source code or markdown by file name extension
- moved the whitelist words config into the single `badwords.txt` file,
no more having them separately (see top of file for syntax)
- all whitelisted words are checked case insensitively now
- removed support for whitelisting words on a specific line number. We
did not use it and it is too fragile
Removing the actual code from getting scanned made the script take an
additional 0.5 seconds on my machine.
Scanning 1525 files now takes a little under 1.7 seconds for me.
Closes#20909
- tool_getparam: revert an unnecessary/no-op C89 warning silencer.
Follow-up to 09c9afdd71#20363
- tool_writeout: add comment saying silencing is a no-op for llvm/clang.
For `strftime()` it is a GCC-specific, as of llvm/clang v22.1.0.
Follow-up to f07a98ae11#20366
- unit1652: drop always-false `!defined(__clang__)` guard.
Pointed-out-by: Orgad Shaneh
Ref: #20902
Follow-up to 7e814c8717#16062
- unit1652: document that `-Wformat` is necessary for GCC v5 to v8.
Follow-up to 71cf0d1fca#14772Closes#20908
In a -j192 build, this output used a three-digit number for the output,
thus wrapping differently and causing it to error.
Reported-by: Carlos Henrique Lima Melara
Closes#20910
To help understanding what's happening on systems where native CA misses
to verify legitimate public websites.
Also:
- drop a superfluous, hanging, `else`.
Ref: #20897Closes#20899
As the struct is now always unconditionally memset with zeros, we
can remove two zero assigns.
Follow-up to 015f1c7de4
Pointed out by CodeSonar
Closes#20900
Follow-up to 04289c62de. Regression shipped in 8.13.0.
- a logic error made it not loop and thus only match if the searched string
was first
- it no longer matches a substring
Adjusted test 1 to use multiple values in the Connection: response
header. Adjusted test 1542 to have a "Connection: close-not" which
should not match.
Reported-by: Henrique Pereira
Closes#20894
Also:
- support per-directory and per-upper-directory whitelist entries.
- convert badlist input grep tweak into the above format.
(except for 'And' which had just a few hits.)
- fix many code exceptions, but do not enforce.
(there also remain about 350 'will' uses in lib)
- fix badwords in example code, drop exceptions.
- badwords-all: convert to Perl.
To make it usable from CMake.
- FAQ: reword to not use 'will'. Drop exception.
Closes#20886
A logic error made the function not check the last character, which thus
could make it accept invalid schemes.
Added test 1965 to verify
Reported-by: Otis Cui Lei
Closes#20893
- Move `RESP_TIMEOUT` from urldata.h to pingpong.h as
`PINGPONG_TIMEOUT_MS`.
- Rename `Curl_pp_state_timeout()` to `Curl_pp_state_timeleft_ms()` as
the function returns the time left, not the timout..
- Update implementation comments and variable names
Closes#20888
The protocol handler method `connection_check` allowed to variable
operations to trigger with variable result bits. Only the `CONNCHECK_ISDEAD`
and `CONNRESULT_DEAD` were in use. Transform the function into
`connection_is_dead` without extra parameter and a bool result.
- Remove defines for `CONNCHECK_*` and `CONNRESULT_*`
- Rename protocol function in handler comments
- Change RTSP implementation (only protocol that uses this)
Closes#20890
On Solaris this was causing intermittent issues when the private
structure member __sin6_src_id had unexpectedly some value. connect(2)
would then fail with EADDRNOTAVAIL.
Closes#20885
Previously it lacked the actual return. libssh.c uses the same function
name.
Verified by test 2007.
Reported-by: m777m0 on hackerone
Follow-up to 578706addeCloses#20883
It's mostly a filler word. I've read through each use of it in the code
base and did minor rephrasings when "simply" carried some meaning. The
overwhelming majority of cases, removing it improved the text
significantly. Inspired by #20793.
Closes#20822
- 'badwords' is now a target in Makefile.am
- change badwords.txt to specify plain "words" instead of regexes so the
script can build single regexes when scanning, which makes the script
perform much faster (~6 times faster)
Closes#20869
scan-build has been dropped in favor of clang-tidy and this false
positive no longer triggers with it.
Follow-up to ce4db9c2ef#20751
Follow-up to 02f207a76bCloses#20860
After targeting Vista as minimum, the non-bcrypt fallback code was
impossible to reach, because on UWP wincrypt is never available.
After this patch it's more obvious that no-SSL UWP builds only support
weak random source.
Follow-up to b17ef873ae#18009Closes#20859
To avoid potential warning with autotools when using `CFLAGS`. Existing
jobs are not affected.
Also:
- drop a redundant `export`.
- ensure not to overwrite per-job options with UWP ones.
Closes#20857
Instead of the first internal call to `curlx_verify_windows_version()`.
To avoid the chance of a race, potentially resulting in initializing
this address twice. AFAICT it could not cause an issue before this
patch.
Reported by Codex Security
Follow-up to b17ef873ae#18009Closes#20853
The code actual init code remains identical after this patch. To make it
clearer where this initialization is called from, and to dedupe code.
Follow-up to b17ef873ae#18009Closes#20852
The 'id' struct field in 'struct h3_stream_ctx' is a uint64_t type so
should be output with PRIu64 - and it makes sense to be consistent.
Note that the field with the same name in the ngtcp2 version of this
struct is a *signed* 64-bit variable.
Reported by Codex Security
Closes#20849
As the SOCK_CLOEXEC and SOCK_NONBLOCK get ORed to the socktype, this
introduces the cf_socktype() function to use when checking for the
specific socket type: DGRAM or STREAM. The function filters off the
non-type related bits to enable the comparison.
Follow-up to 05367694ecCloses#20808
During conversion of `docs/FAQ` into Markdown, 'man ld' has incorrectly
kept one of its quotes when it was surrounded by backticks for inline
code formatting. A space on the left of it was lost as well.
Fix the formatting in the new `docs/FAQ.md`.
Closes#20812
If the first write was interrupted by a signal and a subsequent write
succeeds, the function would still erroneously return EINTR.
Found by Codex Security
Closes#20809
This fixes a regression and accidental changed behavior shipped in
8.18.0 (via 6b9c75e219).
When the setopt is set to "" and curl is built without support for a
single compression algorithm, it used to use "identity" but recently did
not.
Spotted by Codex Security
Closes#20805
OpenSSL 4.0.0-dev supports ECH with one flaw. If peer verification
is not enabled, it will report SSL_ECH_STATUS_BAD_NAME on the ECH
status.
Provide a workaround in libcurl that checks the inner name used in
ECH was the peer's hostname, both verify peer and host are disabled
and then accept the BAD_NAME without failing the connect.
Fixes#20655
Reported-by: Dexter Gerig
Closes#20821
Perform the actual timeout calculation in the blocking resolv
loop each time in the same way, keeping the logic simpler.
The previous version calculated the timeout once, and then
reduced it by the elapsed time spent in polling/processing.
This is unnecessarily complicated.
Closes#20819
The strdup() of the hostname to resolve is unnecessary as the sync
resolve code does not keep the string and the async code makes copies
already.
Remove the member from `connectdata`.
Closes#20833
- also query `INTERFACE_COMPILE_DEFINITIONS` and
`INTERFACE_COMPILE_OPTIONS`.
To further sync clang-tidy manual command-lines with the C compiler
command-lines generated by CMake. In practice this adds `-I` options
(via `INTERFACE_COMPILE_OPTIONS`) to the end of the command-line for
dependency header directories. It does not change the outcome of
clang-tidy runs.
- limit querying `COMPILE_DEFINITIONS` and `COMPILE_OPTIONS` to the top
target, the test itself. To not include options such as
`-DCURL_HIDDEN_SYMBOLS` and `-fvisibility=hidden` (when set) via
the libcurl shared lib.
To sync with the actual C compiler command-line.
- drop redundant `unset()`.
- rename local function to be more specific.
Follow-up to d9386a2f8e#20759Closes#20829
Exclude reading certain props for certain target types to avoid these errors:
```
CMake Error at CMake/Utilities.cmake:71 (get_property):
The LOCATION property may not be read from target "...". Use the target
name directly with add_custom_command, or use the generator expression
$<TARGET_FILE>, as appropriate.
```
(and the same in line 78.)
Follow-up to 855acb3bb0#17701Closes#20828
- add/fix/synchronize error messages and comments.
- consistently return error from the callback on failure.
- fix potential leaks on OpenSSL API failures.
- fix to not pass the nul-terminator to BIO read.
- scope a variable.
- sync code/formatting between the two examples.
Closes#20807
PEM_read_bio_PrivateKey() is called with the wrong BIO, so the private
key is not loaded.
Follow-up to 8494012196
Pointed out by Codex Security
Closes#20800
- the value collided with the internal one used for WebSocket
- we add all new ones as internal bits
- bump to 64-bit internal type
- introduce new define for setting all protocols (CURLPROTO_64ALL)
Reported by Codex Security
Closes#20798
This CMake global custom option tells it to find dependencies as cmake
Configs first, and only then look for `Find*` modules. This may result
in `find_package()` succeeding, but without actually creating `CURL::*`
imported targets the curl build scripts are expecting.
For dependencies with curl-specific, local, `Find*` modules, we always
want to use them, via the module detection method, and never a
Config-based detection. Ensure this by passing the `MODULE` option to
`find_package()` and `find_dependency()` to make them use `Find*`
modules unconditionally, making them work as expected with the
`CMAKE_FIND_PACKAGE_PREFER_CONFIG=ON` option set.
curl uses local Find modules for all dependencies except OpenSSL and
ZLIB. The latter two keep using either CMake's built-in Find modules or
Config method as before this patch.
Also:
- apply the same change to `curl-config.cmake`. To fix consuming curl
with this option set.
Authored-by: Valerie Snyder
Ref: #20764
Follow-up to 16f073ef49#16973
- GHA/distcheck: add a job testing both building and consuming curl with
this option set. (takes 15 seconds)
Use custom NGHTTP2 configuration for an extra twist (not required
to trigger this issue.)
Follow-up to fcde8d7e37#20773
Reported-by: Valerie Snyder
Fixes#20729Closes#20784
In this use case 'unsigned value &= ~DEFINE;
As otherwise the right side is treated as signed, which annoyingly
triggers UBSan. The U_* defines are local versions of the public define,
only typecast to unsigned.
Reported-by: xmoezzz on github
Fixes#20753Closes#20769
If TLS 1.3 is not supported, the call to
`mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets()` fails
during compilation:
```
curl-8.18.0/lib/vtls/mbedtls.c: In function 'mbed_connect_step1':
curl-8.18.0/lib/vtls/mbedtls.c:809:3: error: implicit declaration of function 'mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets' [-Werror=implicit-function-declaration]
mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets(&backend->config,
^
curl-8.18.0/lib/vtls/mbedtls.c:809:3: warning: nested extern declaration of 'mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets' [-Wnested-externs]
```
Protect this call inside the `#ifdef` block by making sure that support
for TLS 1.3 is defined.
Closes#20789
```
lib/multi.c:305:5: error: code will never be executed [clang-diagnostic-unreachable-code]
305 | goto error;
| ^~~~~~~~~~
```
Cherry-picked from #20774Closes#20788
- add support for separate provider / consumer cmake options in
`find_package` tests. To help test more integration scenarios.
Refs: #20784#20729#20764
- dump generated curl config files in `find_package` tests.
(cmake CONFIG source, `libcurl.pc`, `curl-config`.
- test.sh: use `sha256sum` (was: `openssl`).
Closes#20773
- update action `actions/cache` from 5.0.1 to 5.0.3
- update action `github/codeql-action` from 4.31.9 to 4.32.4
- update pip `filelock` from 3.20.3 to 3.24.3
- update pip `ruff` from 0.14.14 to 0.15.2
Closes#20782Closes#20783
Adds 50 seconds to the 5m long build step. Also more prerequisites to
install, with no apparent effect on step time.
Follow-up to 9b52d516bb#20732Closes#20775
- replaced double spaces with single space where applicable
- replaced "favourite" with "favorite"
- added language identifiers to code blocks in markdown files
- added extra line after code blocks and after headings in markdown
files
Cloes #20748
To support floats and doubles when using these old compilers.
Before this patch, these tests most likely failed with them:
```
FAIL 557: 'curl_mprintf() testing' printf, unittest
FAIL 566: 'HTTP GET with CURLINFO_CONTENT_LENGTH_DOWNLOAD and 0 bytes transfer' HTTP, HTTP GET
FAIL 599: 'HTTP GET with progress callback and redirects changing content sizes' HTTP, HTTP POST, chunked Transfer-Encoding
FAIL 1148: 'progress-bar' HTTP, progressbar
```
Also:
- mention `_snprintf()` in the `_CRT_SECURE_NO_WARNINGS` comment.
Follow-up to 7de35515d9#20218Closes#20761
I thought a macro is necessary to have `get_directory_property()` and
`CMAKE_CURRENT_SOURCE_DIR` work on the correct directory, but it turns
out they do work the same when used in a function.
Closes#20760
`scan-build` is a (Perl) wrapper around clang's built-in `--analyze`
option. Which look similar or identical to clang-tidy checkers under
the `clang-analyzer-*` namespace:
https://clang.llvm.org/docs/ClangStaticAnalyzer.html
Unless somebody has other information, it appears redundant to run
scan-build in parallel with clang-tidy in CI, now that the latter is
working reliably and with good performance for all curl components.
Another scan-build issue is the lack of a markup to suppress false
positives. It ignores `NOLINT`, yet finds the same false positives as
clang-tidy. This happens with scan-build v20+. v18 is silent, but it's
a blocker to upgrade to a newer version.
scan-build may still be a useful when combined with autotools, where
clang-tidy support is incomplete, slow (no parallelism), and uses
a distinct make target, which does not build binaries in the same pass.
But, scan-build also lacks extra checkers that are now enabled for
clang-tidy.
The clang-tidy job is also 30-40s faster than the one it replaced.
Also:
- drop scan-build job configured the same way as a clang-tidy one.
CI time saved: 6m30s
- bump to clang-20 (from 18) in the replacement job.
- build tests in the replacement job.
To verify a cmake command-line reconstruction issue only hit in this
job in CI.
CI time cost: 1m40s
- replacement job caught a minor, new, issue.
Ref: b2076d3c2f#20752
- drop unused scan-build logic.
Bug: https://github.com/curl/curl/pull/20732#issuecomment-3963873838
Ref: https://github.com/curl/curl/pull/20732#issuecomment-3967479228Closes#20751
To avoid a system include masking a custom directory, and e.g. picking
up system OpenSSL headers from `/usr/include` on Linux, instead of the
correct ones from a custom header directory, move system include
directories to the back of the header path list. Also to match what
CMake seems to be doing for the C compiler command-lines it generates.
CMake seems to use `-I`, while for these invocations we stick with
`-isystem` just in case.
This area remains fragile and likely not the final issue.
Fixing (seen in GHA/linux H3 c-ares):
```
Error while processing bld/tests/libtest/lib1521.c.
/usr/include/openssl/macros.h:147:4: error: "OPENSSL_API_COMPAT expresses an impossible API compatibility level" [clang-diagnostic-error]
Found compiler error(s).
147 | # error "OPENSSL_API_COMPAT expresses an impossible API compatibility level"
| ^
FAILED: [code=1] tests/libtest/CMakeFiles/libtests-clang-tidy
```
Ref: https://github.com/curl/curl/actions/runs/22468472670/job/65079885471?pr=20751
Bug: https://github.com/curl/curl/pull/20751#issuecomment-3970180687
Cherry-picked from #20751Closes#20759
Fixing:
```
CMake Error at /path/to/CURL/CURLConfig.cmake:190 (get_target_property):
get_target_property() called with non-existent target "CURL::libssh2".
```
and replacing it with the clearer message:
```
CMake Error at /path/to/CURL/CURLTargets.cmake:61 (set_target_properties):
The link interface of target "CURL::libcurl_static" contains:
CURL::libssh2
but the target was not found. Possible reasons include:
[...]
```
Reported-by: Val S.
Ref: #20729
Follow-up to 16f073ef49#16973Closes#20737
Checking lib and src under 3m15s versus 7m15s.
Downside: autotools clang-tidy support is no longer CI-tested.
The reason for the slowness is invoking a single clang-tidy command with
all source files, and clang-tidy checking them in a single thread,
sequentially. clang-tidy offers a `run-clang-tidy` Python script for
parallel processing, which may help with this. However at this point
it's more practical to use cmake, which also supports verifying the
whole codebase, not only lib and src.
Also:
- bump clang-tidy to the latest available, v20 (from v18).
- enable running clang-tidy on tests. Takes under 2 minutes.
Also tried `_CURL_TESTS_CONCAT=ON`, it brings down the build tests step
from 1m47s to 54s, saving 1 minute. Skipped using it for now.
Closes#20725
Reported by clang-tidy (seen on Linux with v18, v19, v20, not on macOS):
```
tests/server/dnsd.c:552:14: error: 1st function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
tests/server/dnsd.c:556:14: error: 1st function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
tests/server/rtspd.c:1183:14: error: 1st function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
tests/server/rtspd.c:1187:14: error: 1st function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
tests/server/sws.c:2235:14: error: 1st function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
tests/server/sws.c:2239:14: error: 1st function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
tests/server/tftpd.c:1188:14: error: 1st function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
tests/server/tftpd.c:1192:14: error: 1st function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
tests/server/util.c:860:21: error: 1st function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
tests/server/util.c:864:21: error: 1st function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
```
Ref: https://github.com/curl/curl/actions/runs/22424827575/job/64930560425?pr=20725
Cherry-picked from #20725Closes#20730
- run tests-clang-tidy when building testbins.
- drop redundant build-certs dependency for test targets.
Already present via testdeps.
Follow-up to aae361242f#20708Closes#20727
To fix building tests/server with cmake and both wolfSSL and OpenSSL
enabled (MultiSSL).
tests/server do not have libcurl dependency header paths setup because
it does not use libcurl. The code however includes `curl_setup.h`, which
tried including `wolfssl/version.h` before this patch to verify if the
wolfSSL coexist feature is available. Without a header path, it failed:
```
In file included from bld/tests/server/servers.c:3:
In file included from tests/server/first.h:40:
lib/curl_setup.h:737:12: fatal error: 'wolfssl/version.h' file not found
737 | # include <wolfssl/version.h>
| ^~~~~~~~~~~~~~~~~~~
1 error generated.
```
Ref: https://github.com/curl/curl/actions/runs/22410066319/job/64880787424#step:46:76
Fix by moving the include and version check to `vtls/wolfssl.c`.
Also: add an early version check to cmake.
Follow-up to 16f073ef49#16973
Cherry-picked from #20720Closes#20726
To allow building test binaries without test certs, replacing
`_CURL_SKIP_BUILD_CERTS` internal option with a build target that is
similar to `testdeps`, but without building the test certificates.
To make building test binaries a little bit faster, with less noisy
output, and without having to reconfigure the build.
Closes#20708
Pass system directories with `-isystem` to avoid clang-tidy parsing
3rd-party and system headers with `HeaderFilterRegex: '.*' enabled.
Also:
- drop rule exception no longer necessary.
- sync normal vs. system header path order with compiler invocation.
- tidy up `set()` syntax.
- clear a temporary variable.
Bug: https://github.com/curl/curl/pull/20670#issuecomment-3940840176
Follow-up to e088e10454#17705
Cherry-picked from: #20720Closes#20724
Prefer `sizeof()` over `strlen()`, static const variables over macros.
Add a couple of `NOLINT`s to silence false positives.
Also sync similar code patterns between libtests.
Cherry-picked from #20720Closes#20723
Tests are build in "unity"-style, by including sources into an umbrella
C files (similar to how CMake unity works). This does not play well with
clang-tidy, which seems to unconditionally ignore C sources included
like this. To fix it, curl's CMake implements a manual clang-tidy
support for tests, which compiles sources one-by-one, while also making
sure sources compile cleanly standalone (e.g. all sources need to
include `first.h`). The manual clang-tidy implementation is fragile, and
performance, in particular when targeting Windows, is abysmal.
This patch introduces an alternate solution, enabled by the
`_CURL_TESTS_CONCAT=ON` option. In this mode, umbrella sources include
the actual sources instead of `#including` them. Allowing to use CMake's
built-in clang-tidy support to compile them, with clang-tidy actually
checking the sources. Making the manual clang-tidy support unnecessary.
In the Windows CI job it results in a 4x performance improvement (4m ->
1m), making it practical to run clang-tidy on tests on Windows, in CI.
The main downside is that clang-tidy doesn't understand the `#line`
directive. Meaning issues found show the wrong filename and line number
next to them. It's not impossible to locate errors this way, but also
not convenient.
Minor/potential downside is that the concatenated source needs to be
reassembled each time an original source is updated. This may result in
more copying on the disk when used in local development. The largest
source is 1.4MB, so probably not a show-stopper on most machines.
Another is the complexity of maintaining two methods in parallel, which
may be necessary till clang-tidy understands `#line`:
https://github.com/llvm/llvm-project/issues/62405
This solution may in theory also enable adding clang-tidy support for
tests in autotools, though I haven't tried.
Targeted for curl CI for now, and used in a GHA/windows job. 100%
experimental, not recommended outside these.
Closes#20667
Reported when running `HeaderFilterRegex: '.*'` in CI.
Also replace an underscored symbol with a regular one in macro
definition.
Cherry-picked from #20720Closes#20721
- vms/curlmsg_vms.h: delete unused/commented code.
- vtls/schannel_verify: sort includes.
- typecheck-gcc.h: fix indent and alignment.
- lib/config-win32.h: drop idle `#undef`.
- spacecheck: check for stray empty lines before after curly braces.
- make literals more readable: 1048576 -> 1024 * 1024
- scope variables.
- use ISO date in a comment.
- drop redundant parentheses.
- drop empty comments.
- unfold lines.
- duplicate/stray spaces in comments.
- fix indent, whitespace, minor typos.
Closes#20690
Examples:
```
lib/vtls/openssl.c:2585:18: warning: 'signed char' to 'int' conversion; consider casting to 'unsigned char' first. [bugprone-signed-char-misuse]
2585 | msg_type = *(const char *)buf;
lib/vtls/openssl.c:2593:18: warning: 'signed char' to 'int' conversion; consider casting to 'unsigned char' first. [bugprone-signed-char-misuse]
2593 | msg_type = *(const char *)buf;
tests/server/mqttd.c:514:10: warning: comparison between 'signed char' and 'unsigned char' [bugprone-signed-char-misuse]
514 | if(passwd_flag == (char)(conn_flags & passwd_flag)) {
tests/server/tftpd.c:362:13: warning: 'signed char' to 'int' conversion; consider casting to 'unsigned char' first. [bugprone-signed-char-misuse]
362 | c = test->rptr[0];
tests/server/tftpd.c:454:9: warning: 'signed char' to 'int' conversion; consider casting to 'unsigned char' first. [bugprone-signed-char-misuse]
454 | c = *p++; /* pick up a character */
src/tool_urlglob.c:272:46: warning: 'signed char' to 'int' conversion; consider casting to 'unsigned char' first. [bugprone-signed-char-misuse]
272 | pat->c.ascii.letter = pat->c.ascii.min = min_c;
src/tool_urlglob.c:273:24: warning: 'signed char' to 'int' conversion; consider casting to 'unsigned char' first. [bugprone-signed-char-misuse]
273 | pat->c.ascii.max = max_c;
tests/libtest/cli_h2_pausing.c:164:23: warning: suspicious usage of 'sizeof()' on an expression of pointer type [bugprone-sizeof-expression]
164 | memset(&resolve, 0, sizeof(resolve));
tests/libtest/cli_upload_pausing.c:158:23: warning: suspicious usage of 'sizeof()' on an expression of pointer type [bugprone-sizeof-expression]
158 | memset(&resolve, 0, sizeof(resolve));
tests/libtest/first.c:86:15: warning: 'signed char' to 'int' conversion; consider casting to 'unsigned char' first. [bugprone-signed-char-misuse]
86 | coptopt = arg[optpos];
```
Also:
- tests/server/mqttd: drop a redundant and a wrongly signed cast.
Ref: https://clang.llvm.org/extra/clang-tidy/checks/bugprone/signed-char-misuse.htmlCloses#20654
Detected by `readability-named-parameter` with `HeaderFilterRegex: '.*'`,
or `CURL_CLANG_TIDYFLAGS='--header-filter=.*'`. Seen on Windows.
Follow-up to e8415ad3c7#20657
Follow-up to c878160e9c#20624Closes#20693
Backtrack on previous change that aimed to solve the wrong `share.h`
being included. It turns out it did not fix this issue. At the same time
it introduced relative header filenames and the need to include the same
headers differently depending on the source files' location, reducing
readability and editability.
Replace this method by re-adding curl's lib source directory to the
header path and addressing headers by the their full, relative name to
that base directory. Aligning with this method already used in src and
tests.
With these advantages:
- makes includes easier to read, recognize, grep, sort, write, and copy
between sources,
- syncs the way these headers are included across curl components,
- avoids the ambiguity between system `schannel.h`, `rustls.h` vs.
local headers using the same names in `lib/vtls`,
- silences clang-tidy `readability-duplicate-include` checker, which
detects the above issue,
Ref: https://clang.llvm.org/extra/clang-tidy/checks/readability/duplicate-include.html
- possibly silences TIOBE coding standard warnings:
`6.10.2.a: Don't use relative paths in #include statements.`
- long shot: it works well with concatenated test sources, for
clang-tidy-friendly custom unity builds. Ref: #20667
Slight downside: it's not enforced.
If there happens to be a collision between a local `lib/*.h` header and
a system one, the solution is to rename (possibly with its `.c`
counterpart) into the `curl_` namespace. This is also the method used by
curl in the past.
Also:
- curlx/inet_pton: reduce scope of an include.
- toolx/tool_time: apply this to an include, and update VS project
files accordingly. Also dropping unnecessary lib/curlx header path.
- clang-tidy: enable `readability-duplicate-include`.
Follow-up to 3887069c66#19676
Follow-up to 625f2c1644#16991#16949Closes#20623
Also:
- include code to verify a C++-specific public header regression
reported in 8.19.0-rc2.
- curl/curl.h: mention C++ global namespace in comment.
- GHA/dist: add CI job for C++. Runtime: 15 seconds.
Follow-up to ee9b000438#20686
Ref: #20682Closes#20687
To avoid breaking 3rd-party code reusing these symbols as C++ methods,
e.g. in CMake sources:
```
cmake/src/v4.0.0-b30653ae0c.clean/Source/cmCurl.cxx:119:24: error: expected unqualified-id
119 | ::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cafile.c_str());
| ^
```
Also expand comment to highlight the case.
Reported-by: Kai Pastor
Bug: daa6b27b4d (r177869049)
Reported-by: Marcel Raad
Bug: https://curl.se/mail/lib-2026-02/0020.htmlFixes#20682
Follow-up to daa6b27b4d#20597Closes#20686
vtls/openssl.c:469:15: error: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
X509_get_X509_PUBKEY() now returns a const pointer - but only on OpenSSL
3, we must keep the non-const version for all forks.
Closes#20681
Detected by `readability-named-parameter` with `HeaderFilterRegex: '.*'`,
or `CURL_CLANG_TIDYFLAGS='--header-filter=.*'`.
Follow-up to c878160e9c#20624Closes#20657
It looks like a case that can never happen in practice.
Seen on mingw-w64 with experimental concatenated (vs. #included) test
sources:
```
tests/server/util.c:662:16: error: Null pointer passed as 1st
argument to string length function [clang-analyzer-unix.cstring.NullArg]
662 | size_t len = strlen(unix_socket);
| ^
```
Ref: https://github.com/curl/curl/actions/runs/22267482855/job/64416261156#step:10:273Closes#20668
Instead of globally disabling unity for all targets when clang-tidy is
enabled.
After this patch `CMAKE_UNITY_BUILD=ON` is honored for:
- static libcurl when building both static and shared separately.
- libcurlu and libcurltool internal libraries when building the test
target.
While keeping unity disabled for the libcurl build pass running
clang-tidy, and the curl tool, also running clang-tidy.
To make clang-tidy-enabled builds finish faster when unity mode is
enabled, yet performs the same clang-tidy checks as before this patch.
Effect on:
- GHA/macos: core build: same, buils tests 5-12 seconds faster,
with steps going down from 259 to 25.
52s: https://github.com/curl/curl/actions/runs/22279958340/job/64448913325 ->
47s: https://github.com/curl/curl/actions/runs/22279873606/job/64448710743
- GHA/windows (not enabled): it'd save about 1 minute, bringing total
time barely below 10m, still one of the slowest jobs overall.
(#20667 is trying a way for 4x speed-up (with a drawback)).
5m21s: https://github.com/curl/curl/actions/runs/22222907068/job/64284556852 ->
4m26s: https://github.com/curl/curl/actions/runs/22281033369/job/64451601548Closes#20670
On platforms that require building static and shared libcurl separately,
after this change clang-tidy is only run on one of them, to reduce build
time by avoiding the double-work. From a clang-tidy standpoint, static
and shared libs are identical.
Except `dllmain.c` on Windows, which is only present in shared. To keep
running it through clang-tidy, prefer the shared library for clang-tidy.
Closes#20675
- make sure that errors for specific options in config files identify
the file, line number and shows the error about the correct option
- improve some error message wording
- add warning for leading single quote of arguments in config files
(verified in test 1712)
- adjust test error outputs accordingly
test1712 introduces mode=warn
Use the mode="warn" attribute if the output curl warning output, as it
then makes the check without newlines and the prefix to better handle
that the lines may wrap at different points depending on the lengths of
the lines and terminal width.
Fixes#20598Closes#20666
Reported by clang-tidy `bugprone-sizeof-expression`.
Silencing:
```
tests/libtest/cli_h2_pausing.c:164:23: warning: suspicious usage of 'sizeof()' on an expression of pointer type [bugprone-sizeof-expression]
164 | memset(&resolve, 0, sizeof(resolve));
| ^
tests/libtest/cli_upload_pausing.c:158:23: warning: suspicious usage of 'sizeof()' on an expression of pointer type [bugprone-sizeof-expression]
158 | memset(&resolve, 0, sizeof(resolve));
| ^
```
Ref: https://clang.llvm.org/extra/clang-tidy/checks/bugprone/sizeof-expression.htmlCloses#20649
Try to make the wording more clear. It is the addresses in the resolver
result that are affected, not anything regarding *how* resolving is
done.
Closes#20585
Simplify the language expaining the --variable option, reducing
repetition. Also fix some minor grammar issues and makes language for
examples more consistent.
Closes#20636
A NULL dereference cannot happen with existing use of this code.
linux-mingw, CM clang-tidy:
```
/home/runner/work/curl/curl/tests/server/sockfilt.c:720:24: error: Access
to field 'tv_sec' results in a dereference of a null pointer (loaded from
variable 'tv') [clang-analyzer-core.NullDereference,-warnings-as-errors]
720 | tv->tv_sec = 0;
| ~~ ^
```
Ref: https://github.com/curl/curl/actions/runs/22191200093/job/64179197235?pr=20631#step:10:283
Cherry-picked from #20631Closes#20639
clang-tidy <= v20 (as seen between 18.1.3 and 20.1.2) report
`readability-uppercase-literal-suffix` originating from mingw-w64 system
header `_mingw_mac.h` via `define __MSABI_LONG(x) x ## l`
Triggered by `SOCKENOMEM` (e.g. in tests/server/sockfilt.c):
```
warning: integer literal has suffix 'l', which is not uppercase [readability-uppercase-literal-suffix]
```
Work around by replacing Windows macro `WSA_NOT_ENOUGH_MEMORY`
with its literal value.
Bug: https://github.com/curl/curl/pull/20631#issuecomment-3930619868
Follow-up to c07c3cac74#20629
Cherry-picked from #20631Closes#20638
By passing to clang-tidy the C compiler with `--target` and sysroot
options, if any.
Fixing (GHA/windows, linux-mingw, CM clang-tidy):
```
lib/curl_setup.h:841:10: error: 'io.h' file not found [clang-diagnostic-error]
841 | #include <io.h>
| ^~~~~~
Found compiler error(s).
FAILED: [code=1] tests/server/CMakeFiles/servers-clang-tidy bld/tests/server/CMakeFiles/servers-clang-tidy
cd tests/server && /usr/bin/clang-tidy --config-file=.clang-tidy.yml
--warnings-as-errors=* --checks=-clang-diagnostic-unused-function first.c getpart.c util.c dnsd.c [...]
-- <-D-options> <-I-options> <cflags>
```
For reference, this is CMake's built-in clang-tidy invocation:
```
/usr/local/bin/cmake -E __run_co_compile --tidy="/usr/bin/clang-tidy;--config-file=.clang-tidy.yml;
--warnings-as-errors=*;--extra-arg-before=--driver-mode=gcc" --source=lib/curl_fopen.c
-- /usr/bin/clang --target=x86_64-w64-mingw32 <-D-options> <-I-options> <cflags>
```
Also:
- bump cmakelint `--max-statements`. Needs 59 after this patch.
- use undocumented CMake variables:
- `CMAKE_C_COMPILE_OPTIONS_TARGET` for `--target=`
- `CMAKE_C_COMPILE_OPTIONS_SYSROOT` for `--sysroot=`
Cherry-picked from #20631Closes#20640
Also enable `bugprone-suspicious-realloc-usage` clang-tidy option
to verify.
Fixing:
```
tests/server/rtspd.c:328:37: error: 'req->rtp_buffer' may be set to null if 'realloc' fails,
which may result in a leak of the original buffer
[bugprone-suspicious-realloc-usage,-warnings-as-errors]
328 | req->rtp_buffer = realloc(req->rtp_buffer,
| ~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~
```
Ref: https://clang.llvm.org/extra/clang-tidy/checks/bugprone/suspicious-realloc-usage.htmlCloses#20621
Seen with mbedTLS 4.0.0. mbedTLS 4.0.0 renamed `mbedcrypto` lib to
`tfpsacrypto`, while also keeping a copy under the old name to aid
transition. However, this compatibility logic is broken for MSVC static
builds, and the old name missing.
Work around by looking for the new name in the raw detection codepath.
Note that using `pkg-config`-based detection also works as a workaround.
Reported-by: tawmoto on github
Fixes#20616
Ref: https://github.com/Mbed-TLS/mbedtls/blob/v4.0.0/library/CMakeLists.txt#L275-L282
Ref: https://github.com/Mbed-TLS/mbedtls/issues/10605Closes#20617
Fix bigger and smaller kinks in how clang-tidy is configured and used.
Sync behavior more between autotools and cmake, lib/src and tests. Bump
clang-tidy minimum version and prepare logic to allow using clang-tidy
to a fuller extent.
- move clang-tidy settings from builds to a new `.clang-tidy.yml`.
To make it easy to see and edit checks at one place. Also to allow
using the `--checks=` option internally to silence tests-specific
checks. (clang-tidy does not support multiple `--check=` options via
the command-line.)
Use explicit `--config-file=` option to point to the configuration.
- .clang-tidy.yml: link to documentation.
- suppress `clang-diagnostic-nullability-extension` due to a false
positive in libtests with `CURL_WERROR=ON` and `PICKY_COMPILER=OFF`.
- .clang-tidy.yml: enable `portability-*`, `misc-const-correctness`.
- drop `--quiet` clang-tidy option by default to make its working a bit
more transparent. The extra output is minimial.
- consistently use double-dashes in clang-tidy command-line options.
Supported by clang-tidy 9.0.0+ (2019-09-19). Before this patch single
and double were used arbitrarily.
- src/tool_parsecfg: silence false positive `clang-analyzer-unix.Stream`.
Seen with clang 18 + clang-tidy 19 and 20 (only with autotools.)
- INTERNALS: require clang-tidy 14.0.0+. For the `--config-file` option.
- INTERNALS: recommend clang-tidy 19.1.0+, to avoid bogus
`clang-analyzer-valist.Uninitialized` warnings. (bug details below)
autotools:
- allow configuring the clang-tidy tool via `CLANG_TIDY` env.
Also to use in GHA to point to a suffixed clang-tody tool.
- fix to pass CFLAGS to lib, src sources.
(keep omitting them when using a non-clang compiler.)
- fix to pass `--warnings-as-errors=*` in quotes to avoid globbing.
cmake:
- fix to not pass an empty `-I` to clang-tidy.
- fix to pass CFLAGS (picky warnings) to clang-tidy for test sources.
(keep omitting them when using a non-clang compiler.)
- fix to disable `clang-diagnostic-unused-function` for test sources.
(tests have static entry points, which trigger this check when
checking them as individidual sources.)
- fix forwarding `CURL_CLANG_TIDYFLAGS` to clang-tidy.
- force disable picky warnings when running clang-tidy with a non-clang
compiler. To not pass these flags when checking lib and src.
CI:
- GHA/linux: avoid clang-tidy bug by upgrading to v19, and drop the
workaround.
- GHA/linux: switch to clang from gcc in the clang-tidy job. Using gcc
doesn't allow passing CFLAGS to clang-tidy, making it less effective.
(My guess this was one factor contributing to this job often missing
to find certain issues compared to GHA/macos.)
I recomment using clang-tidy with a clang compiler, preferably the same
version or one that's compatible. Other cases are best effort, and may
fail if a C flag is passed to clang-tidy that it does not understand.
Picky warnings are mostly omitted when using a non-clang compiler,
reducing its usefulness.
Details and reproducer for the v18 (and earlier) clang-tidy bug,
previously affecting the GHA/linux job:
clang-tidy <=18 emits false warnings way when passing multiple C sources
at once (as done with autotools):
```sh
cat > src1.c <<EOF
#include <string.h>
static void dummy(void *p) { memcmp(p, p, 0); }
EOF
cat > src2.c <<EOF
#include <stdarg.h>
void vafunc(int option, ...)
{
va_list param;
va_start(param, option);
if(option)
(void)va_arg(param, int);
va_end(param);
}
EOF
/opt/homebrew/opt/llvm@18/bin/clang-tidy --checks=clang-analyzer-valist.Uninitialized src1.c src2.c
# src2.c:7:11: warning: va_arg() is called on an uninitialized va_list [clang-analyzer-valist.Uninitialized]
```
Follow-up to e86542038d#17047Closes#20605
- fix internal macro `AN_APPLE_OS` reused between sources without
resetting it. It may potentially have left the system sha256
function unused.
- fix to define `WOLFSSL_OPTIONS_IGNORE_SYS` so that it always applies
to wolfSSL headers, also during feature detection.
- md4, md5, sha256: simplify fallback logic.
- delete 20+ unused macros.
- scope or move macros to avoid `-Wunused-macros` warnings.
- examples: delete unused code.
The warning detects macros defined but not used within the same C
source. It does not warn for macros defined in headers. It also works
with unity builds, but to a lesser extent.
Closes#20593
Any failf() that fill the errorbuf need to be forgotten once happy
eyeballing finds a succssful winner. Because the errorbuf, once set, is
not overwritten with future error information.
Adds test_05_05 to verify.
Reported-by: Tim Friedrich Brüggemann
Fixes#20608Closes#20613
To fix potential `-Wdisabled-macro-expansion` warnings when using these
macros within other macros. Fixing for example:
```
lib/doh.c:328:3: error: disabled expansion of recursive macro [clang-diagnostic-disabled-macro-expansion,-warnings-as-errors]
328 | ERROR_CHECK_SETOPT(CURLOPT_URL, url);
| ^
lib/doh.c:271:14: note: expanded from macro 'ERROR_CHECK_SETOPT'
271 | result = curl_easy_setopt((CURL *)doh, x, y); \
| ^
include/curl/curl.h:3332:44: note: expanded from macro 'curl_easy_setopt'
3332 | #define curl_easy_setopt(handle,opt,param) curl_easy_setopt(handle,opt,param)
| ^
[...]
```
Also update comments on why curl continues to disable
`-Wdisabled-macro-expansion` and `-Wused-but-marked-unused` warnings.
Follow-up to 92f215fea1#18477Closes#20597
The change was valid, but caused an annoying warning with perfectly
working non-binutils ld linkers:
```
ld: warning: ignoring duplicate libraries: 'my/path/usr/local/lib/libcrypto.a'
```
(seen with Apple clang, when using static `libcrypto.a`)
It means that for the binutil ld hack to work at consumption-time, curl
must be built with the same picky binutils (gcc) toolchain.
Reverts 795433b923#20434Closes#20594
Replacing API calls deprecated by OpenSSL 3, and also missing
from OpenSSL 3 no-deprecated builds, fixing builds with the latter:
`PEM_read_bio_RSAPrivateKey()`, `RSA_free()`,
`SSL_CTX_use_RSAPrivateKey()`
Also: rename callback to match its `cacertinmem.c` sibling.
Fixes#20595Closes#20596
Previous tag v6 changed upstream and points to a different commit. This
made zizmor unhappy. Previous commit is now tagged v6.0 in case we need
it.
Closes#20591
Refactor and simplify the Schannel code, primarily by reducing
duplicated buffer-management and credential-setup logic.
- split client certificate selection into get_client_cert() and SSPI
credential acquisition into acquire_sspi_handle()
- introduce a struct sbuffer for encrypted/decrypted buffering
- Add ensure_encoding_size() and ensure_decoding_size() helpers to
centralize buffer growth/realloc decisions
- Tighten variable scopes and tidy indentation/logging in the handshake
and receive/decrypt loops.
- Update comments and adjusts some receive error-condition handling to
better preserve buffered-data behavior.
Closes#20569
To reduce complexity.
- is_finished() checks if the individual transfer is done
- handle_completed() is the logic that runs for a completed
transfer
Closes#20573
Upgrade a GHA/windows job to VS2026 (from VS2022), using a runner image
released a week ago. It also comes with the same Windows SDK as VS2022:
v10.0.26100.0.
The runner image uses Windows 2025 unfortunately, which makes the job
run significantly slower than before this patch:
- configure: 49s -> 1m10s
- build: 3s -> 5s
- install test prereqs: 23s -> 27s
- run tests: 3m18s -> 4m11s
- build examples: 15s -> 25s
It's a shame.
Also:
- cmake: enable picky warnings for VS2026 internal version 19.50.
Build is clean with existing options.
- GHA/windows: make the built-in OpenSSH intall path recognize
the windows-2025-vs2026 image as windows-2025.
- windows-2025-vs2026 is able to load the cached stunnel made on
the windows-2022 runner.
- disk use of the build is almost identical to VS2022.
Before: https://github.com/curl/curl/actions/runs/21955482367/job/63418133880
After: https://github.com/curl/curl/actions/runs/21957589847/job/63426546943
Ref: 71f0157880/images/windows/Windows2025-VS2026-Readme.md
Ref: #20575Closes#20577
To simplify setting BoringSSL version, using:
`-DBORINGSSL_VERSION=0.20260211.0`
or
`-DBORINGSSL_VERSION=${boringssl_version}`
Previously it could be set via C flags, using complicated shell quotes:
`-DCMAKE_C_FLAGS="-DCURL_BORINGSSL_VERSION=\\\"${boringssl_version}\\\""`
(the C flags method remains, also for autotools)
It'd be nice if BoringSSL published its version not just via
`MODULE.bazel` in its source tree, but from its public headers, to make
these workarounds unnecessary.
Also:
- GHA/http3-linux: test both options.
Closes#20571
- openssl: move and expand explanatory comment.
- openssl: drop duplicate workaround.
- schannel: drop workaround. Unnecessary, because OpenSSL headers are
not included in or after schannel code.
- schannel: drop explicit `wincrypt.h` include. It's indirectly
included by system `<schannel.h>`.
- ldap: drop explicit `wincrypt.h` include.
It isn't used there, and also not required for the workaround.
`winldap.h` keeps including it indirectly.
Tested with BoringSSL and AWS-LC (MultiSSL with Schannel), also LDAP
enabled, and H3, unity and non-unity, and all tested cases build fine.
In lib in general, the point is to have the `#undef`s between the first
`wincrypt.h` include [1] and the first OpenSSL include [2], within a
single compilation unit. For non-unity builds the only such source is
`openssl.c`. For unity ones, depending on batch size, in theory we
should `#undef` after each `wincrypt.h` include. In practice this is
overkill and most cases are covered by `#undef`-fing _first_ in
`vtls/openssl.c`, and `#undef` in `ldap.c`. It's not impossible that we
need to add more undefs after further `wincrypt.h` includes to cover so
far undiscovered build cases [3]. Though I could not find more with the
current sources and source order.
It's also an option to include OpenSSL first, then `wincrypt.h`, as
done in libtests, but for lib and `vtls/openssl.c` it's more practical
to do the opposite.
[1] can be indirect, e.g. via `iphlpapi.h`, `schannel.h`, `winldap.h`.
[2] in
- BoringSSL/AWS-LC: any include (due to `openssl/base.h`).
Original fix removed by BoringSSL in year
[2014](ded93581f1 (diff-878093ea6426091505b4c49c59b78924f42859af0eb4ce39b8089bda9577e013)).
- OpenSSL: `openssl/ssl.h`, `openssl/x509v3.h`, and some more affected,
and including `openssl/ossl_typ.h` does the `#undef` automatically.
Since [3.1.0+](fbb9a1f997)
each inclusion does the `#undef`, in 3.0.x (and earlier) only
the first inclusion did. Initially fixed in
[0.9.6d](1955b87423)
- LibreSSL [2.3.0+](0fa826d34f):
not affected, though to suppress another warning 3.8.2+ and
a [define](e7fe6caab2)
is necessary.
[3] `lib/Makefile.inc` defines the order of unity sources.
For libtests, the case is simpler: There is always one compilation unit,
with a fixed order, and at the moment `cli_hx_download.c` is including
OpenSSL first, then wincrypt, and in this order they don't bother each
other. Also, at the moment `lib758.c` is the only other OpenSSL header
user, but it's compiled after `cli_hx_download.c` so the include is
skipped there. We may need to revisit this if either header gets
included before it.
All this said it'd be nice if BoringSSL/AWS-LC restored the built-in
workaround to behave like LibreSSL and OpenSSL and not require local
workarounds like these.
Ref: https://github.com/curl/curl/pull/20556#issuecomment-3888425644
Follow-up to 4c46c829f5#9110
Follow-up to fbe07c6829#5669#5857Closes#20567
- define `SECURITY_WIN32` globally in `curl_setup.h`.
To make sure it applies to all includes.
- document which Windows headers require `SECURITY_WIN32`.
- stop suppressing MSVC warning:
`C4201 is: nonstandard extension used : nameless struct/union`
The warning is no longer seen in supported build envs with the current
codebase.
Follow-up to 8beff43559#8419
- document why `SCHANNEL_USE_BLACKLISTS` is needed.
- just define `SCHANNEL_USE_BLACKLISTS`, drop the unnecessary value `1`.
- stop defining unused `SCH_CRED_MAX_SUPPORTED*` fallback macros.
Follow-up to 8beff43559#8419
- document why `subauth.h` is included (where missing).
- move and de-dupe `subauth.h` include into `curl_setup.h`, limit to
Schannel builds.
- stop include `schnlsp.h`. It is a 1-to-1 compatibility wrapper for
`schannel.h`.
- curl_sspi.h: clarify comment about `SP_NAME_` macros.
They are local macros, their SDK names are different and curl does not
use them.
- curl_sspi.h: drop superfluous includes `security.h` and `rpc.h`.
Cherry-picked from #20556Closes#20564
Drop detecting it at configure time, along with the interim macro
`HAVE_MSG_NOSIGNAL`. There is no longer a reason for this workaround,
and allows to save the work at configure time and simplify.
Also say in a comment that `sys/socket.h` is defining this macro.
Follow-up to 77b3bc239dCloses#20559
Originally split in 2006, but the issues cited are no longer present in
current code. As of now both `curl_setup.h` and `curl_setup_once.h` are
included once per compiler invocation, without recursion. The latter is
a sub-header of the former with no clear distinction in their contents.
Merge them to avoid having to decide where to put new global PP logic.
Also to make it easier to overview what gets defined/included globally
and in what order. (Perhaps even allowing some tidying up here.)
Follow-up to 77b3bc239dCloses#20555
- For compatibility reasons send both ALPN ids http/1.0 and http/1.1 for
HTTP/1.0 requests.
Prior to this change for compatibility reasons curl would send ALPN
http/1.1 for HTTP/1.0 requests, since some servers do not recognize
ALPN http/1.0. However some servers may recognize only ALPN http/1.0 for
HTTP/1.0 requests. Therefore curl now sends both.
Reported-by: programmerlexi@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/20487
Closes https://github.com/curl/curl/pull/20533
- move macro to `curl_setup.h` (from curlx), and rename.
It's required by src, test servers, libtests. Also used by unit/tunit,
(which is fixable but this patch doesn't touch it.)
- special-case it for Windows/Cygwin/MS-DOS.
- build: drop `setmode()`/`_setmode()` detection.
This also avoids detecting the different `setmode()` on BSDs,
and a lot of complexity and overhead.
- use `CURL_O_BINARY`.
Follow-up to 250d613763#15787
Follow-up to 5e70566094#15169Closes#20539
The included local header starts with this same guard. The original
commit added it for fixing VMS builds along with many other changes, but
without mention of this specific one in the commit message.
`curl_setup.h` is included once, which includes `curl_setup_once.h`
once, even if the latter wouldn't have it's own guard.
Ref: 25f351424bCloses#20544
Several comments were outdated and parameters to create_conn() and
ConnectionExists() were not needed. Give functions better names and
consistently use terms `needle` and `conn`.
No functional change.
Closes#20464
This package is automatically bumped, but needs manual intervention
anyway, to update gcc version number in the filename.
Follow-up to 4ad0a022e1#20517Closes#20523
To comply with official documentation. Also to make code compile with
`NO_OLDNAMES` (mingw-w64) or `_CRT_DECLARE_NONSTDC_NAMES=0` (MSVC) set.
Ref: #15652Closes#20516
When removing an easy handle from a multi, there was an optimization
to update the timer only when the removed handle had any timers.
With the introduction of the "dirty" bitset, easy handles can now cause
a timeout of 0 to be set without having anything in their timer list.
Removing such a handle needs to update the timer now always, so that
it may get cleared when there is nothing more to wait for.
The previous "not clearing a 0 timer" should not have any effect on
application's logic. Without clearing, the timer will fire and then
adjust itself to the proper value. But it would cause one more timer
fire than necessary.
Reported-by: Jan Macku
Fixes https://github.com/curl/curl/issues/20498
Closes https://github.com/curl/curl/pull/20502
Stop detecting this function and drop the local fallback.
Let us know if this update is causing an issue.
Notes:
- on Windows `_strdup()` is required instead.
- `strdup()/_strdup()` were required before this patch to build one of
the examples: `block_ip`.
- `strdup()/_strdup()` were required in 8.18.0 and earlier to build
tests.
Closes#20505
- de-dupe lib/src strdup/memdup functions into curlx.
- introduce `CURLX_STRDUP_LOW()` for mapping `strdup()`, and to do it at
one place within the code, in `curl_setup.h`.
- tests/server: use `curlx_strdup()`. (Also to fix building without
a system `strdup()`.)
- curlx/curlx.h: shorten and tidy up.
- adjust Windows build path to not need `HAVE_STRDUP`.
- build: stop detecting `HAVE_STRDUP` on Windows.
Closes#20497
When creating a dns entry, the addrinfo is passed into the entry on
success and needed deallocation by the caller on failure.
Change the signature to have Curl_dnscache_mk_entry() *always* take
ownership of the addrinfo, even on failure. Change parameter to address
of pointer so that call always clears it.
This makes the handling of failures to Curl_dnscache_mk_entry() simpler.
Fixes#20465Closes#20468
To avoid redefining the `fstat` system symbol, and to clarify
`struct_stat` is a curl symbol.
- introduce `curlx_fstat()` macro and use it.
- rename `struct_stat` to `curl_struct_stat`.
Also:
- tests: replace direct `curlx_win32_stat()` call with `curlx_stat()`.
- checksrc: disallow direct `_fstati64` and `fstat()` calls, except in
examples.
Closes#20496
The binutils ld hack requires reading the targets' `LOCATION` property.
This property exists in `IMPORTED` targets. `ZLIB::ZLIB` and
`OpenSSL::Crypto` are normally `IMPORTED` targets defined by CMake's
built-in Find modules. However, in some cases (e.g. in "superbuilds"),
they may be regular targets, defined manually, without a `LOCATION`
property. To avoid a CMake warning in such case, verify if the target is
`IMPORTED` before reading this property.
This also mean that in such case the binutils/ld/gcc hack is not
enabled, and libcurl may fail linking in static mode.
https://cmake.org/cmake/help/v4.2/prop_tgt/IMPORTED.htmlhttps://cmake.org/cmake/help/v4.2/prop_tgt/LOCATION.html
Reported-by: Tomáš Malý
Fixes#20419
Follow-up to 3e841630ec#20427
Follow-up to 16f073ef49#16973Closes#20486
- stop redefining system symbol `lseek`, by introducing `curl_lseek()`.
- handle AmigaOS quirk within the macro mapping.
- add missing parenthesis to `LSEEK_ERROR` values.
- tool_util: use curl `lseek` macros in `tool_ftruncate64()`.
- move `LSEEK_ERROR` to right-hand side of if expressions.
- checksrc: disallow direct uses of `_lseeki64`, `llseek`, `lseek`.
Closes#20488
- update `actions/checkout` from 6.0.1 to 6.0.2
- update `ruff` from 0.14.11 to 0.14.14
- update `cryptography` from 46.0.3 to 46.0.4
- update `psutil` from 7.2.1 to 7.2.2
- update `websockets` from 15.0.1 to 16.0
Closes#20490Closes#20491
Seen to happen when run under WINE v10.0 on macOS.
```
$ CURL_TEST_EXE_EXT_SRV=.exe CURL_TEST_EXE_EXT_TOOL=.exe \
CURL_TEST_EXE_RUNNER=wine TFLAGS='951 -t' ninja tests
[...]
16:02:18.607002 [select_ws_wait_thread] PeekNamedPipe error: (0x00000032) - Request not supported.
[...endless repeat...]
```
Closes#20478
- show error description on `PeekNamedPipe()` error.
- show `GetLastError()` instead of socket error on non-socket failures
in the window handler.
- include full hex `GetLastError()` numbers in error messages, syncing
with Schannel code.
- drop internal `win32_perror()` function, in favor of direct
`curlx_*strerror()` calls.
Closes#20477
Keep it on platforms requiring a non-const buffer. These are AmigaOS and
OS400.
Also:
- replace `SEND_QUAL_ARG2` with boolean macro `SEND_NONCONST_ARG2`.
Closes#20463
Merging the two macOS jobs saves 4-5 minutes. The dropped iOS Ninja job
saves 0.5-1 minute. (Keep the two slow iOS jobs to maintain variation.)
Number of Apple jobs is 32 after this patch.
Also:
- skip building tests and example in iOS autotools to save 30-40s.
Closes#20467
It has been happening for a long time.
Example:
```
test 3001...[HTTPS localhost, last subject alt name matches, CN does not match]
3001: protocol FAILED!
There was no content at all in the file log/7/server.input.
Server glitch? Total curl failure? Returned: 56
== Contents of files in the log/7/ directory after test 3001
=== Start of file commands.log
../src/curl.exe -q --output log/7/curl3001.out --include --trace-ascii log/7/trace3001 --trace-time -4 --cacert ./certs/test-ca.crt https://localhost:64259/3001 > log/7/stdout3001 2> log/7/stderr3001
=== End of file commands.log
=== Start of file http_server.log
13:57:47.951283 Running HTTP IPv4 version on port 64256
=== End of file http_server.log
=== Start of file https_stunnel.log
2026.01.28 13:57:48 LOG5[ui]: stunnel 5.76 on x64-pc-mingw32-gnu platform
2026.01.28 13:57:48 LOG5[ui]: Compiled/running with OpenSSL 3.5.4 30 Sep 2025
[...]
2026.01.28 13:57:49 LOG5[0]: Service [curltest] accepted connection from 127.0.0.1:64281
2026.01.28 13:57:51 LOG3[0]: s_connect: connect 127.0.0.1:64256: Connection refused (WSAECONNREFUSED) (10061)
2026.01.28 13:57:51 LOG3[0]: No more addresses to connect
2026.01.28 13:57:51 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
=== End of file https_stunnel.log
=== Start of file server.cmd
Testnum 3001
=== End of file server.cmd
=== Start of file stderr3001
curl: (56) Recv failure: Connection was reset
=== End of file stderr3001
[...]
RUN: Unknown server on our https port: 64259 (56)
```
Ref: https://github.com/curl/curl/actions/runs/21440845836/job/61743268798?pr=20461Closes#20462
curl requires `stdint.h` from C99, and no longer builds without it since
v8.18.0 (after dropping VS2008 support). Assume it's available, drop
feature checks.
Also:
- drop duplicate `stdint.h` includes.
- introduce internal `HAVE_UINTPTR_T`, enabled by default.
- OS400: disable `HAVE_UINTPTR_T`.
- build: keep cmake pre-fill and `cmp-config.pl` exception because cmake
and autotools both detect `stdint.h` implicitly.
Co-authored-by: Dan Fandrich
Ref: #20405
Ref: #20384
Follow-up to 2e1a045d89#17931Closes#20406
The test for restarting the server during ongoing transfers does not
work reliably for HTTP/3. This seems due to the nature of UDP/QUIC where
the client may learn about a closed connection at any time, not only
when starting a new request.
Remove the test.
Closes#20458
Report UDP packets with SOCKEMSGSIZE as being "sent" to progress
the send buffer properly on PMTUD probes.
Reported-by: Daniil Gentili
Fixes#20440Closes#20448
For HTTP/2, add error code description to close failures.
For HTTP/3, add special handling like in HTTP/2 when streams
have been rejected or an error comes during the response body
and we are not interested in the body.
Closes#20207
Replacing `_WIN32`.
Also:
- tool_doswin: guard possibly non-portable socket code with
`USE_WINSOCK`. The socket is cast to `HANDLE` and passed to
win32 API `SetStdHandle(STD_INPUT_HANDLE, ...)`.
- lib/setup-win32.h: move `#undef`s before their `#define` pair.
Closes#20455
For general readability. Also to match the rest of the source code.
- bump `send()` result type from `int` to `ssize_t`.
- fix an `int` to be `curl_socklen_t`.
- `.S_un.S_addr` -> `.s_addr`.
- `SD_RECEIVE` -> `SHUT_RD`.
- `SD_SEND` -> `SHUT_WR`.
Follow-up to a81ab3e6db#20452
Follow-up to 9a2663322c#17572Closes#20457
A cache entry created by windows-2022 is not picked up by
windows-11-arm. Also a cache created by windows-11-arm is not picked up
by windows-2022. Possibly related to this filed in 2025 June:
https://github.com/actions/cache/issues/1622. Also tried
`enableCrossOsArchive` to no avail. Unclear if these two runners count
as distinct operating systems, I'd guess not. Cache entries are
identical on the web UI. Via GH API they show up with the same cache key
bot different "version" (hash) and different sizes, possibly due to the
zstd vs. gzip bug above.
Fixing (identical error text on either runner):
```
Error: Failed to restore cache entry. Exiting as fail-on-cache-miss is set. Input key: Windows-stunnel-5.76-amd64
```
Also fix a silly typo in the shell value.
Follow-up to 0f54ca6150#20454Closes#20456
Since 9d8998c994, the setopt code changes input DEFAULT to an
actual more specific TLS version (1.2) for the backends to use and check
for.
This means that the default value (0L) cannot and should not actually be
used when the TLS backends run. This change adds asserts to verify that
and removes code that accepts the DEFAULT value as a valid version with
the TLS version functions' logic.
Applications can still set a specific lower version if they want (1, 1.0
or 1.1).
Closes#20453
For general readability. Also to match the rest of the source code.
- `SOCKADDR` -> `struct sockaddr`
- `SOCKADDR_IN` -> `struct sockaddr_in`
- `== SOCKET_ERROR` -> `== -1` or silent `!= 0`
Follow-up to 9a2663322c#17572Closes#20452
OpenSSL records its peer verification status inside its SSL_SESSION
objects. When a session is later reused, the SSL connection inherits
this verify status.
Session keys prevent reuse of sessions between connections that verify
the peer and those who do not. However, when Apple SecTrust is used
to verify a connection, this does not update the Sessions verify
status (and there is no setter). On session reuse, OpenSSL fails
the verification and Apple SecTrust cannot verify either since the
certificate peer chain is not available.
Fix this by checking the verification status on session reuse and
remove the session again if the peer needs to be verified, but the
session is not.
Reported-by: Christian Schmitza
Fixes#20435Closes#20446
... between curl_multi_perform and curl_multi_wait/poll documentation
The `curl_multi_perform` documentation uses integer contextual
conversion to `bool` to test the resulting `CURLMcode`, while other
functions like `curl_multi_wait` and `curl_multi_poll` test against
`CURLM_OK`. (I was initially confused by this as it looked like some
docs call curl_multi_wait/poll on error, while some called only on
success. But that was my misread, not a docs problem.)
Also fixed the example to print which function call failed; previously
an error reported by `curl_multi_perform` was printed as a failure of
`curl_multi_wait`.
Closes#20444
To avoid noise due to local C files when using automatic local checksrc
checks (e.g. via CMake `-DCURL_LINT=ON` option, or `curl-lint` target).
Also replace single-quote with double-quote in external git command, for
portability.
Follow-up to 88ff396549#17882
Follow-up to e785e898a6#17376Closes#20439
GCC 15.2 warns when assigning computed "all" bitmask macros to 32-bit
flag types because negated masks expand to the full width of unsigned
long/long on 64-bit platforms.
Mask these macros to a 32-bit domain so they do not set high bits and
avoid -Woverflow/-Wconversion warnings in callers.
Reported-by: Patrick Monnerat
Fixes#20242Closes#20416
The -J / --remote-header-name logic now records the file name part used
in the redirects so that it can use the last one as a name if no
Content-Disposition header arrives.
Add tests to verify:
1641: -J with a redirect and extract the CD contents in the second
response
1642: -J with a redirect but no Content-Disposition, use the name from
the Location: header
1643: -J with two redirects, using the last file name and also use
queries and fragments to verify them stripped off
Closes#20430
For consistency.
Also:
- one remaining in `src/tool_writeout.c`.
- replace casting an `int` to `CURLcode`.
- lib758: rename `CURLMcode` `result` to `mresult`.
- move literals to the right side of if expressions.
Follow-up to d0dc6e2ec0#20426
Follow-up to 56f600ec23Closes#20432
Via options:
- `BROTLI_USE_STATIC_LIBS`
- `CARES_USE_STATIC_LIBS`
- `LIBSSH_USE_STATIC_LIBS`
- `LIBSSH2_USE_STATIC_LIBS`
- `MBEDTLS_USE_STATIC_LIBS`
- `NGHTTP2_USE_STATIC_LIBS`
- `NGHTTP3_USE_STATIC_LIBS`
- `NGTCP2_USE_STATIC_LIBS`
- `ZSTD_USE_STATIC_LIBS`
When enabled, make a "best effort" finding static libs first and set
the "build static" macro (on Windows) as required by the dependency.
When doing `pkg-config`-based detections, make curl select the static
configuration, which shall set the "build static" macro also.
These options resemble CMake's `OPENSSL_USE_STATIC_LIBS` and
`ZLIB_USE_STATIC_LIBS` (the latter does not support `pkg-config` as of
CMake v4.2.2).
Shared/static library selection based on loose filename conventions is
fragile and prone to break if the non-static-suffixed library is found
and happens to be a shared library, or, if the linker decides to pick up
a shared copy (e.g. `.a.dll`) that shadows the static one. It may help
to provide either static or shared, but not both, on the disk, and match
that with this setting.
Experimental.
Ref: #20013Closes#20015
To build all targets in a single go, meaning curl and libcurl as normal,
and tests and examples in addition. To build-test everything without
running multiple cmake commands.
Enable with:
- `-DCURL_BUILD_EVERYTHING=ON`
Special values: `QUICK` to build examples quickly for build test,
`NOEXAMPLES` to not build examples.
A well-equipped build takes 2.8s of configure time, and 1.7s to build
everything (shared, unity, ninja, prefill), 1.4s with `QUICK`. Without
this option it takes <1s to build curl/libcurl.
Also: streamline `CURL_LINT` internal logic.
Closes#20429
While working #16973, the binutils ld lib order workaround logic
regressed so that it modified the wrong target, writing into the system
`ZLIB::ZLIB` and `OpenSSL::Crypto` ones a `INTERFACE_LINK_LIBRARIES`
property, instead of creating CURL-namespaced targets. Oddly enough,
this also fixed the binutils ld lib ordering issue. It seems this
property makes CMake insert each referenced library in two more
positions (not at the very end though), which allows ld to resolve all
symbols in the cases tested in CI.
Fix by creating the indented namespaced targets, and also creating
these in `curl-config.cmake` to be available when consuming libcurl.
Note that the logic continues doing `get_target_property()` on the two
system targets above. If these targets are defined manually and miss
the `LOCATION` propery, or are defined as aliases, this command may
fail. curl expects these targets be created by CMake's `FindZLIB` and
`FindOpenSSL` built-in Find modules (or ones compatible). Ref: #20419
The binutils ld issue is reproduced by these CI jobs:
- Linux gcc glibc (amd64, arm64)
- Windows gcc zlib-classic (x64)
Currently using this curl-for-win revision:
7d12669daf
Examples:
https://github.com/curl/curl/actions/runs/21332437230/job/61399234023?pr=20427https://github.com/curl/curl/actions/runs/21332437230/job/61399234033?pr=20427
Comparison of lib orders, as passed by CMake to the linker:
without workaround (possibly breaking binutils `ld`):
```diff
-framework [...]
libssl.dylib
libcrypto.dylib
libz.tbd
-lssh2 -lidn2
libldap.tbd
liblber.tbd
-lbrotlidec -lbrotlicommon -lzstd -lnghttp2 -lpsl -lrtmp
-lz
-lssl
-lcrypto
```
before this patch:
```diff
-framework [...]
libssl.dylib
libcrypto.dylib
libz.tbd
+libcrypto.dylib <== inserted via `INTERFACE_LINK_LIBRARIES`
+libz.tbd <== inserted via `INTERFACE_LINK_LIBRARIES`
-lssh2 -lidn2
libldap.tbd
liblber.tbd
+libcrypto.dylib <== inserted via `INTERFACE_LINK_LIBRARIES`
+ibz.tbd <== inserted via `INTERFACE_LINK_LIBRARIES`
-lbrotlidec -lbrotlicommon -lzstd -lnghttp2 -lpsl -lrtmp
-lz
-lssl
-lcrypto
```
after this patch:
```diff
-framework [...]
libssl.dylib
libcrypto.dylib
libz.tbd
-lssh2 -lidn2
libldap.tbd
liblber.tbd
-lbrotlidec -lbrotlicommon -lzstd -lnghttp2 -lpsl -lrtmp
-lz
-lssl
-lcrypto
+libcrypto.dylib <== inserted via `CURL::OpenSSL_Crypto`
+libz.tbd <== inserted via `CURL::ZLIB`
```
Bug: https://github.com/curl/curl/pull/20382#discussion_r2716660108
Reverts: 615c43eae8
Follow-up to 16f073ef49#16973Closes#20427
And a few variables around.
There remain cases where the accepted pointer is const, yet the returned
pointer is written to.
Partly addressing (glibc 2.43):
```
* For ISO C23, the functions bsearch, memchr, strchr, strpbrk, strrchr,
strstr, wcschr, wcspbrk, wcsrchr, wcsstr and wmemchr that return
pointers into their input arrays now have definitions as macros that
return a pointer to a const-qualified type when the input argument is
a pointer to a const-qualified type.
```
Ref: https://lists.gnu.org/archive/html/info-gnu/2026-01/msg00005.html
Reported-by: Rudi Heitbaum
Ref: #20420Closes#20421
- set `CURL_DROP_UNUSED=ON` for Windows (MSVC) to make the analysis step
faster: 1m30s -> 1m15s
- enable `CURL_WERROR=ON` in all builds, to catch potential build issues
in addition to running CodeQL. To make these builds useful as regular
build tests too.
- add links to CodeQL Actions documentation.
- delete test data C files after checkout in an attempt to remove them
from CodeQL code coverage stats.
Closes#20418
- Use upper limit INT_MAX instead of UINT_MAX.
UINT_MAX doesn't work as the max value for the variable since it is
passed as a long and becomes -1 on platforms that have same sized
int and long, like Windows.
Closes https://github.com/curl/curl/pull/20414
Replace Chocolatey install with direct download and unpack. To reduce
CI dependencies (Chocolatey, NuGet), improve install performance
(10s -> 1s) and hopefully reliability. Last but not least to enable it
for the Cygwin CI job.
Caveats:
- Need to bump stunnel versions manually (2-3 times a year).
Renovate could likely do it, but I failed to understand its
documentation and miss tooling/interface to make tests.
- FIPS not enabled. (can be done if necessary)
- Possibly losing checksum verification (not sure if Chocolatey did it
automatically for this package.)
Also:
- Increase minimum tests by 100 for the Cygwin job.
Ref: #16819 (earlier attempt)
Ref: https://www.stunnel.org/archive/
Ref: https://www.githubstatus.com/incidents/cqb5hcy0gx18
Follow-up to d176f58a20#20413
Follow-up to 19b1e44660#20409Closes#20410
Fixing (Seen when enabling stunnel for Cygwin in CI):
```
=== Start of file https_stunnel.log
[ ] Initializing inetd mode configuration
[ ] Running on Windows 6.2
[...]
[.] Reading configuration from file /cygdrive/d/a/curl/curl/bld/tests/log/6/server/https_stunnel.conf
[!] Cannot open configuration file
```
Ref: https://github.com/curl/curl/actions/runs/21289677523/job/61279662459?pr=20410
Cherry-picked from #20410Closes#20413
Bump CMake version in CMake integration tests for better performance
(8x on macOS, 2-3x on Windows) and native arm64 binaries.
- bump old CMake in integration tests to v3.19.8 (was: v3.11.4)
- switch to native arm64 CMake binaries on macOS.
- switch Linux CMake integration job to arm64.
Speed gains:
- Linux: 2m -> 1m30s
- macOS: 9-10m -> 1m15s
- Windows: 6-7m -> 2m43s
Before:
https://github.com/curl/curl/actions/runs/21255697172https://github.com/curl/curl/actions/runs/21255020621
After:
https://github.com/curl/curl/actions/runs/21272021446
With this, CI is:
- no longer testing deprecated CMake versions.
Follow-up to a7c974e038#19902
- not testing the next (from 2026 April) minimum 3.18, but going for
3.19 instead. For arm64 binaries on both macOS and Linux. There is
no 3.18-specific CMake code in curl.
Cherry-picked from #20407Closes#20408
- drop leading indent from Markdown.
- switch to Markdown section markers where missing.
- move `&&` and `||` to the end of the line (C, Perl).
- openssl: add parenthesis to an if sub-expression.
- misc clang-format nits.
- unfold Markdown links.
- SSL-PROBLEMS.md: drop stray half code-fence.
Closes#20402
To avoid unnecessarily installing Intel C for any `<pkg>-intel` locally
built dependency.
Follow-up to ab8ccaed24#20392
Follow-up to d9fe60d457#20248Closes#20400
The CMake config can be consumed by project which enable only language
`CXX`. `CMAKE_C_COMPILER_ID` isn't defined in this case, and the target
definition would be missing. But the check for compiler id isn't really
needed: The target is namespaced and valid, regardless of actual
compiler.
Noticed in https://github.com/microsoft/vcpkg/issues/49518, building cpr.
Follow-up to 16f073ef49#16973Closes#20382
To enable known linker options dropping unused, dead, code and data from
the executables built.
Useful to reduce binary sizes for curl, libcurl shared lib and apps
linking static libcurl. It's effective on both "unity" and non-unity
builds. Aligning "unity" build sizes with default, non-unity ones.
Supported platforms: Apple, MSVC, llvm/clang and GCC on all tested
platforms: Linux, BSDs, Windows, MSYS2/Cygwin, Android, MS-DOS.
Notes:
- Static libraries grow 20-30% with non-Apple toolchains.
This effect is controlled by separate, optional compiler flags on
non-Apple. This patch enables them automatically for public binaries
(libcurl and curl tool), and leaves them off for internal/test ones.
- MSVC enables this option by default for 'Release' configurations.
The curl build option has no effect on it.
- Observed effect on VS2010 is negligible. VS2012+ is recommended.
- Works with LTO, Fil-C.
- No observed/conclusive effect on build speed.
- On Windows with clang/gcc (mingw-w64/MSYS2/Cygwin) it also enables
`-fno-asynchronous-unwind-tables` as a workaround to make
the toolchain options actually work.
Ref: https://sourceware.org/bugzilla/show_bug.cgi?id=11539
Thanks-to: Andarwinux
Also:
- GHA: enable in Linux and MinGW jobs to test it. Size changes:
- linux aws-lc H3:
curl: 2000000 -> 1937152, libcurl.a: 2065724 -> 2716532 bytes
- macos clang HTTP-only:
curl: 1364376 -> 128799 bytes, libcurl.a: unchanged
- macos llvm MultiSSL:
curl: 410056 -> 405720, libcurl.dylib: 1350336 -> 1348480 bytes
- mingw schannel c-ares U:
curl: 1588736 -> 1507328, libcurl-d.a: 3322040 -> 3884746 bytes
bld: 34 -> 35MB
- GHA: enable in MSVC and Apple jobs to reduce disk footprint, with no
obvious downside. Size changes:
- AppVeyor CI VS2019:
curl: 2339840 -> 1295872, libcurl-d.dll: 3155968 -> 1900544 bytes
bld: 161 -> 97MB
- AppVeyor CI VS2022 clang-cl:
curl: 2933248 -> 2332160, libcurl-d.lib: 4762688 -> 5511330 bytes
bld: 133 -> 121MB
- AppVeyor CI VS2022 HTTP-only:
curl: 3514368 -> 2177024, libcurl-d.lib: 2538420 -> 3151740 bytes
bld: 137 -> 83MB
- GHA intel:
curl: 2629120 -> 2023424, libcurl-d.lib: 4366652 -> 5350670 bytes
bld: 86 -> 69MB
- GHA arm64:
curl: 2832896 -> 2063872, libcurl-d.lib: 4690616 -> 5597250 bytes
bld: 82 -> 66MB
Refs:
https://maskray.me/blog/2021-02-28-linker-garbage-collectionhttps://web.archive.org/web/20110811230637/msdn.microsoft.com/en-us/library/bxwfs976.aspx (VS2010)
https://learn.microsoft.com/cpp/build/reference/opt-optimizationshttps://learn.microsoft.com/cpp/build/reference/gy-enable-function-level-linkingCloses#20357
When using a proxy, --header specified headers were leaking into CONNECT
requests. This could break corporate proxies that reject custom
User-Agent headers in CONNECT.
Enable CURLHEADER_SEPARATE only for HTTPS through proxy or when
--proxytunnel is used, ensuring:
- --header affects only HTTP requests (not CONNECT)
- --proxy-header affects only CONNECT requests
- --user-agent affects both consistently
Fixes the redirect + proxy + custom UA issue while maintaining
compatibility with HTTP proxy scenarios.
Closes#20398
MSVC does not advertise itself as C99 via `__STDC_VERSION__`, but
supports variadic macros in all curl-supported versions. Fix by
explicitly enabling C99 verbose string logic for MSVC.
With verbose logging enabled (default), this makes logging perform
better, on par with clang/gcc (and other C99) builds. (With the cost
of extra binary size.) With verbose logging disabled, it excludes all
verbose logging related strings and code from the binary. Before this
patch, MSVC used the C89 fallback code in both configs, which used
a fixed function call, with the called function deciding to actually
log or not, while also retaining the verbose log string in both configs.
Size comparison (bytes), schannel, static, debug, VS2022, local build:
curl-before-verbose.exe 4,024,832
curl-before-noverbose.exe 4,013,056
curl-after-verbose.exe 4,117,504
curl-after-noverbose.exe 3,928,064
In CI with non-verbose:
Before:
```
3274240 bytes: ./_bld/lib/Debug/libcurl-d.dll
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/53408629/job/htj7ps88q83ew9ww#L224
After:
```
3155968 bytes: ./_bld/lib/Debug/libcurl-d.dll
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/53408771/job/tp9epgjpef098vsr#L224
Idea-by: Arnav Purushotam
Ref: #20367
Ref: #20341
Follow-up to 61093e2a81#20353Closes#20387
Replace interim knobs with cmake options.
Also:
- use CMake env `CMAKE_GENERATOR` to select the generator.
(with workaround to make it work with CMake <3.15.)
- deduct some configuration from the job name.
- drop unused test runner logic.
- drop obsolete `BUILD_OPT` use.
- tidy-up job names and sync them with GHA ones.
- add newline between job configurations for readability.
Closes#20390
Unstripped size hides effective binary sizes due to the added debug
information. E.g. `--gc-sections` may inflate unstripped binaries, while
their unstripped size decreases. To see if binary size optimization
options work, it's more useful to observe unstripped size.
Ref: #20357
Follow-up to 4cf43508e8#20355Closes#20359
- schannel: fix mixed-up declaration. (originally fenced infof for
verbose, then changed to failf with the fence kept, then fence
removed and variable marked as verbose, when in fact it's not, but
not tested and caught in CI.
- fix two other fallouts.
- GHA/windows: disable verbose strings in a mingw job.
- appveyor: disable verbose strings in an MSVC job.
- appveyor: add way to pass any CMake option per-job.
Cherry-picked from #20387
Follow-up to 61093e2a81#20353Closes#20388
When the compiler supports C99.
- map logging functions to macro stubs when verbose logging is disabled
and the compiler is C99. Make sure these stubs silence unused variable
warnings for non-variadic arguments.
Before this patch they mapped to function stubs, the same codepath
used for C89 compiler in this configuration.
- introduce new macros to tell the compiler which code to include
when verbose code is active, or inactive:
- `CURLVERBOSE`: defined when verbose code is active.
To enclose blocks of code only used for verbose logging.
- `VERBOSE(statement);`:
compile statement when verbose code is active.
To mark code lines only used for verbose logging.
- `NOVERBOSE(statement);`:
compile statement when verbose code is inactive.
To suppress warnings for arguments passed to logging functions via
printf masks, e.g. `NOVERBOSE((void)ipaddress);`, yet keeping
the warning in verbose builds.
Note these macros are not the same as `CURL_DISABLE_VERBOSE_STRINGS`.
Verbose code is always active in C89 mode (without variadic macro
support).
- drop existing uses of `CURL_DISABLE_VERBOSE_STRINGS` where redundant,
or replace with the above macros. Ending up reducing the number of
`#ifdef`s, and also the number of lines.
Assisted-by: Daniel Stenberg
Assisted-by: Jay Satiro
Reported-by: Dan Fandrich
Fixes#20341
Refs: #12105#12167Closes#20353
In some legacy systems IPv6 might dynamically work/not work and thus
curl needs to check/probe to see if it should indeed be used.
This change moves the probe that checks for working IPv6 to the multi
handle setup function instead of delaying it to when the first name
resolve is performed. This avoids a later tricky error path if the
socket cannot be created due to OOM.
Closes#20383
Use FormatMessageA() to get the error message as multibyte-character
string (local codepage) directly, instead of using FormatMessageW()
and then convert the string from Unicode (UTF-16) to multi-byte (local
codepage) manually.
Prior to this change we used FormatMessageW + conversion because some
Windows CE did not have FormatMessageA. Since curl no longer supports
Windows CE, FormatMessageA can be used.
Closes https://github.com/curl/curl/pull/20261
Use non-deprecated CRT function variants on Windows.
- introduce `curlx_fdopen()`, `curlx_close()` and use them. Map them to
non-deprecated, underscored, CRT functions on Windows.
- replace `close()` uses with either `sclose()` (for sockets) or
`curlx_close()` (for files).
- map `fileno`, `unlink`, `isatty` to their non-deprecated, underscored,
versions on Windows.
- tool_dirhie: map `mkdir` to `_mkdir` on Windows.
- easy: use `_strdup()` on Windows, regardless of how `HAVE_STRDUP` is
set.
- cmake: assume `HAVE_STRDUP` on Windows. To allow dropping a detection
hack using `_CRT_NONSTDC_NO_DEPRECATE` with MSVC. Windows always has
`_strdup()` which the code uses, but also needs `HAVE_STRDUP` defined
to disable curl's own `strdup()` implementation.
- curl_setup.h: drop `_CRT_NONSTDC_NO_DEPRECATE` as no longer necessary.
Closes#20212
When checking a transfer for being expired via `Curl_timeleft_ms()`,
eleminate the `bool connecting` parameter and have the function check
the `mstate` of the transfer instead.
Advantages:
* eleminate the caller needing awareness if the transfer is
connecting or in a later state
* fix pingpong timeout handling to check the correct timeout
during "proto_connect" phases
* avoid using "connecting" timeouts during establishing a secondary
connection (e.g. FTP) since this would use the timestamp from
the original, primary connect and thus be wrong
Reported-by: Wyuer on github
Fixes#20347Closes#20354
New define USE_SO_NOSIGPIPE in curl_setup.h, for now set whenever
SO_NOSIGPIPE is defined. Maybe overridden in the future on systems where
this does not work.
With USE_SO_NOSIGPIPE defined, set SO_NOSIGPIPE on all sockets created
by libcurl and fail the creation when setsockopt() fails.
Closes#20370
- `stdbool.h` is also included via system headers. Disabling it from curl
does not fix it. Silencing lots of these:
```
curl/lib/curlx/warnless.h:64:1: warning: '_Bool' is a C99 extension [-Wc99-extensions]
64 | bool curlx_sztouz(ssize_t sznum, size_t *puznum);
| ^
/Library/Developer/CommandLineTools/usr/lib/clang/17/include/stdbool.h:24:14: note: expanded from macro 'bool'
24 | #define bool _Bool
| ^
```
- silence `-Wcomma` warnings.
in favor of the global silencing approach, since a couple of more of
these were hit (in vquic, tool1622, unit1309, unit1636), and it seems
silly to update them all.
Revert e8189c4420#20362
Also:
- cmake: include C standard in 'platform flags' log line.
- GHA/macos: switch a job to C89 to verify.
- GHA/linux: show 'C89' in job names.
Ref: https://cmake.org/cmake/help/v3.7/variable/CMAKE_C_STANDARD.htmlCloses#20363
Extend two existing local suppressions to GCC, and add another
GCC-specific one as a replacement.
Before this patch suppressing this warning was odd with clang, because
after this option, `-Wformat=2` is used, which re-enables it.
Also:
- mprintf: minimize scope of a warning suppression.
- tests/server: suppress this warning for a system `vsnprintf()` call
where it could trigger in C89 builds or with
`CFLAGS=-DCURL_NO_FMT_CHECKS` set. Seen with Apple clang 17:
```
curl/tests/server/util.c:114:37: warning: format string is not a string literal [-Wformat-nonliteral]
114 | vsnprintf(buffer, sizeof(buffer), msg, ap);
| ^~~
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_stdio.h:124:69: note: expanded from macro 'vsnprintf'
124 | #define vsnprintf(str, len, ...) __vsnprintf_chk_func (str, len, 0, __VA_ARGS__)
| ^~~~~~~~~~~
/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/secure/_stdio.h:81:65: note: expanded from macro '__vsnprintf_chk_func'
81 | __builtin___vsnprintf_chk (str, len, flag, __darwin_obsz(str), format, ap)
| ^~~~~~
```
Ref: #20363Closes#20366
```
lib/rtsp.c:1073:26: error: no previous extern declaration for non-static variable 'Curl_scheme_rtsp' [-Werror,-Wmissing-variable-declarations]
1073 | const struct Curl_scheme Curl_scheme_rtsp = {
| ^
lib/rtsp.c:1073:7: note: declare 'static' if the variable is not intended to be used outside of this translation unit
1073 | const struct Curl_scheme Curl_scheme_rtsp = {
| ^
```
Ref: https://github.com/curl/trurl/actions/runs/21157411659/job/60844860592?pr=425#step:3:3036
Follow-up to 8edc0338f3#20351Closes#20365
Reduce mentions of libcurl versions like "since 7.xx ..." in option
descriptions to reduce clutter and make the texts easier to read. Keep
them in, or move them to, the HISTORY or DEPRECATED sections
The last version 7 release (7.88.1) shipped on Februrary 20, 2023.
Closes#20369
This allows builds know about all schemes - but only have the protocol
implementations for those actually built-in.
It further allows multiple protocols to reuse the same protocol setup
and functions for both TLS and non-TLS implementations instead of
needing two (or more) structs.
The scheme information is now in 'struct Curl_scheme' and all the
function pointers for each scheme/protocol implementation are in struct
Curl_protocol.
The URL API now always work with all known protocols.
Closes#20351
Drop separate `TrackMemory` (aka `CURLDEBUG`) debug feature.
After recent changes (thread-safety,
193cb00ce9, and updates leading up to
it), `TrackMemory` is unlikely to cause build or runtime issues.
To simplify builds and debug options, enable `TrackMemory`
unconditionally for debug-enabled (aka `DEBUGBUILD`) builds. Before
this patch, this was already the default, with an option to disable
it, or enable it in non-debug-enabled builds.
Note, in practice these two debug options already went hand in hand. It
was not possible to toggle them separately for a long time due to bugs,
before 59dc9f7e69 (2024-05-28) fixed it.
This patch also removes/deprecates separate knobs and feature flags for
`TrackMemory`:
- autotools: `--enable-curldebug`/`--disable-curldebug`
- cmake: `-DENABLE_CURLDEBUG=ON`/`OFF`
- C macro: `CURLDEBUG`
- libcurl: `CURL_VERSION_CURLDEBUG` symbol deprecated in favor
of `CURL_VERSION_DEBUG`. They always return the same value after this
patch.
Also:
- drop `TrackMemory` from `curl -V` output.
- rename internal `CURLDEBUG` macro to `CURL_MEMDEBUG` internally.
To avoid confusion with `DEBUGBUILD`, but to keep guarding
`TrackMemory`-related internals for readability.
- runtests: bind `TrackMemory` to debug feature. Keep it a separate
test feature requirement, for clarity.
- CI: drop test builds for combinations of the two options.
- GHA/linux: no longer disable TrackMemory in the TSAN job.
Ref: https://github.com/curl/curl/pull/20328#issuecomment-3754528407Closes#20331
Define `struct Curl_sigpipe_ctx` that can be passed as argunent
to "lower" functions so that applying a transfers 'no_signal'
setting can be delayed as much as possible and sometimes avoided
alltogether.
Fixes#20326Closes#20329
Reported-by: Dag Haavi Finstad
For reducing binary size. Also to remove (or greatly mitigate)
the side-effect of using "unity" builds. Similar to `-Wl,--gc-sections`
on non-Apple platforms.
For example with curl-for-win builds, macOS arm+intel:
curl (unity): 7.7MB -> 6.8MB
libcurl.dylib (unity): 7.2MB -> 6.4MB
trurl /w static libcurl (!unity): 535KB -> 251KB (same size with unity)
Ref: c4008d658aCloses#20346
By using weird indentation in the autoconf source.
Fixing:
```
--enable-sspi Enable SSPI
--disable-sspi Disable SSPI
[...]
--enable-websockets Enable WebSockets support
--disable-websockets Disable WebSockets support
```
Follow-up to 923db3515d#18116
Follow-up to d78e129d50#14936Closes#20342
- It is slower and uses more memory than the alternatives and is only
experimental in curl.
- We disable a few tests for OpenSSL-QUIC because of flakiness
- It gets little attention from OpenSSL and we have no expectation of the
major flaws getting corrected anytime soon.
- No one has spoken up for keeping it
- curl users building with vanilla OpenSSL can still use QUIC through the
means of ngtcp2
Closes#20226
With the same semantics as Apple SecTrust, in both libcurl and the curl
tool, when using non-Schannel TLS backends. In practice it means that
it makes TLS work without manually or implicitly configuring a CA bundle
`.crt` file, such as `curl-ca-bundle.crt`.
To enable:
- autotools: `--enable-ca-native`
- cmake: `-DCURL_CA_NATIVE=ON`
- CPPFLAGS: `-DCURL_CA_NATIVE`
When enabled:
- enables `CURLSSLOPT_NATIVE_CA` (libcurl) / `--ca-native`
and `--proxy-ca-native` (curl tool) options by default.
- unsafe search for an on-disk CA bundle gets disabled by default.
Equivalent to `--disable-ca-search` with autotools,
`-DCURL_DISABLE_CA_SEARCH=ON` with CMake.
- build-time detection of CA bundle and CA path gets disabled. As with
Apple SecTrust. This was already the default for Windows.
- native CA can be disabled at run-time with the `--no-ca-native`
and/or `--no-proxy-ca-native` command-line options.
Rationale: This build option:
- has a repeat and active interest from packagers and users.
- helps integrating curl with Windows for those who need this.
- it also applies to macOS: #17525
Shipped in curl 8.17.0.
- makes it trivial to use custom certs configured on the OS.
- frees applications/packagers/users from the task of securely
distributing, and keeping up-to-date, a CA bundle.
- frees potentially many curl tool from configuring a CA bundle manually
to access HTTPS (and other TLS) URLs. This is traditionally difficult
on Windows because there is no concept of a universal, protected,
non-world-writable, location on the file system to securely store
a CA bundle.
- allows using modern features regardless of Windows version. Some of
these features are not supported with Schannel (e.g. HTTP/3, ECH) on
any Windows version.
- is necessary for HTTP/3 builds, where bootstrapping a CA bundle is not
possible with Schannel, because MultiSSL is not an option, and HTTP/3
is not supported with Schannel.
Ref: #16181 (previous attempt)
Ref: https://github.com/curl/curl/discussions/9348
Ref: https://github.com/curl/curl/issues/9350
Ref: https://github.com/curl/curl/pull/13111
Ref: https://github.com/microsoft/vcpkg/pull/46459#issuecomment-3162068701
Ref: 22652a5a4c#14582
Ref: eefd03c572#18703Closes#18279
Add casts to `bool`, or use `bit` type in local variables, where
neccessary to avoid MSVC compiler warnings C4242.
Note: There may remain places needing the above updates, where not
tested in CI, and missed in manual review.
Also:
- urldata: convert struct field `connect_only` to bitfield to match its
counterpart in another struct.
- rename curl-specific `bit` type to `curl_bit`.
Closes#20142
After this patch curl requires targeting Vista or newer, and a toolchain
with Vista support.
Supported MSVC compilers (VS2010+) all support Vista:
- VS2012+ target Win8 (or later) by default.
- VS2010 targets Win7 by default.
Supported mingw-w64 versions (v3+) all support Vista:
- mingw-w64 v9+ target Win10 by default.
- mingw-w64 v8 and older target Server 2003 (~XP) by default.
After this patch it may be necessary to override the default Windows
target version to Vista (or newer) via:
autotools: `CPPFLAGS=-D_WIN32_WINNT=0x0600`
cmake: `-DCURL_TARGET_WINDOWS_VERSION=0x0600`
- mingw-w64 v6+ allow changing the default at toolchain build-time.
Notes:
- For non-MSVC, non-mingw-w64 toolchains, `if_nametoindex` needs to be
allowlisted in `curl_setup.h`, if they do support it.
Fixes#17985 (discussion)
Closes#18009
Declutter the ifdefs in socketpair.h. Introduce Curl_wakeup_*()
function that encapsulate the details about how the socketpair
is implemented.
This moves the EVENTFD specials from the using code into socketpair
implemenatation, avoiding duplications in three places.
Closes#20340
When a download size is known and rate limiting is in effect, adjust the
duration of each measurement step and its rate for maximum precision.
Since it is unpredictable how long the last bytes of a download will
take, download speed can be thrown off if the "last bytes" are a
significant amount of the total download. Make the "last bytes" small in
comparision to the rest and "stretch" the rate limit intervals to
accommodate the difference.
Fix ngtcp2 receive data acknowldgements to be based on a local window
size tracking. This allows window updates controlled by rate limits.
Fix ratelimit wait time calculation to accomodate negative tokens.
h3 rate limit, update timeers
Make download rate limits work correctly in ngtcp2. Fix multi handling
of rate limits to set a timer for when limits will update again.
Without running the transfer on limit updates, protocols like h2/h3 may
stall if the server does not send due to stream windows being too small.
scorecard: measure download speedlimits
When running scorecard with --limit-rate=n, show the reported download
speed averages plus percentage deviation from the limit.
Closes#20228
- MSYS2/Cygwin bash shells are now tagged "misfeature".
It is not something we can fix. We need these shells, and using
documented/necessary settings to use these environments should be
allowed without workarounds.
- untagged actions within curl's own organization are now also flagged
as "action is not pinned to a hash (required by blanket policy)". This
seems overkill. Making internal releases would not be helpful or
practical. Also considering that the referred internal action uses an
unpinned external action anyway (google/oss-fuzz/infra/cifuzz), with
near-zero chance to fix.
Ref: https://github.com/zizmorcore/zizmor/pull/1517#issuecomment-3759740853Closes#20339
Most by moving functions around. Also delete unused ones.
Reducing their number from 83 to 33.
Remaining ones due to:
- circular dependencies.
- H3 code, that I did not attempt to update and likely the above applies.
- static declarations with attributes (`CURL_PRINTF`, `WARN_UNUSED_RESULT`).
- OS400 code.
Closes#20321
In some cases `ZLIB::ZLIB` and/or `OpenSSL::SSL` may be aliases, which
prevents setting a curl-specific property (.pc module name) in them:
```
CMake Error at [...]/curl/CMakeLists.txt:910 (set_target_properties):
set_target_properties can not be used on an ALIAS target.
```
Fix by special-casing these built-in targets and manually converting
them to .pc module names, without using the targets themselves
to carry this information throughout curl's internal build logic.
Reported-by: Tomáš Malý
Fixes#20313
Follow-up to 16f073ef49#16973Closes#20316
- The 'uri' component needs to be escaped as well
- Rewrote the quote function to use dynbuf
- Build the digest at least partly with dynbuf
- Use goto as a general error mechanism
- Make test 64 use a double quote in the URL
Closes#20295
- `stdlib.h` and `string.h` is included via `curl_setup_once.h`,
allowing to drop from `tests/server` sources and `tool_doswin.c`.
- `stdlib.h` is also included via `setup-vms.h` (earlier than above),
allowing to drop it from `curl_addrinfo.h` on VMS.
Closes#20303
- update `ruff` from 0.14.10 to 0.14.11
- update `filelock` from 3.20.1 to 3.20.3 (CVE-2026-22701) (used in pytests)
- update `psutil` from 7.2.0 to 7.2.1
Closes#20300
- reorder functions to not need forward declarations.
- sync `ephiperfifo.c` and `evhiperfifo.c`.
- drop redundant casts for `calloc()` return value.
- ephiperfifo: silence unused variable warning.
- fix indent and apply clang-format more.
Closes#20296
Seen when testing `-Weverything`:
```
lib/url.h:84:11: warning: parameter 'nowp' not found in the function declaration [-Wdocumentation]
84 | * @param nowp NULL or pointer to time being checked against.
| ^~~~
```
Follow-up to 2de22a00c7#19961Closes#20294
For protocols: ldap, openldap, rtmp, rtsp, telnet
Move protocol handler table to the end of sources, rearrange static
functions in reverse dependency order as necessary.
Closes#20289
- Split setopt_long() into multiple functions
(setopt_long_bool/net/http/proxy/ssl/proto/misc) and dispatch them
using a small function table
- Extract proxy string option handling into setopt_cptr_proxy() and call
it early from setopt_cptr()
- Reorder options to simplify #ifdef blocks and reduce per-function size
- Updates code paths to return CURLE_UNKNOWN_OPTION from helper defaults
so dispatching can continue cleanly
Closes#20280
Accept argument as a custom amount. Previously it showed all functions
with a complexity score above 57. This way it adapts better as we
gradually decrease complexity in functions.
Closes#20273
There remains 4 forward declarations.
Move protocol hander table to the end of sources, rearrange static
functions is reverse dependency order as possible.
Closes#20276
For protocols: imap, pop3, smtp.
Move protocol hander table to the end of sources, rearrange static
functions is reverse dependency order as necessary.
Closes#20275
For protocols: dict, file, gopher, tftp, http, mqtt, smb.
Move protocol hander table to the end of sources, rearrange static
functions is reverse dependency order as necessary.
Closes#20274
To simplify the directory layout.
- OS400 and vms support move from `packages` to `projects`.
- Windows README and `generate.bat` files move from `projects`
to `projects/Windows`.
Closes#20271
To run checksrc and spacecheck on the source tree. Also for cmake
to sync up with autotools' `checksrc` target.
- cmake: `curl-lint`
With `-DCURL_LINT=ON`, checks run automatically for all targets.
- autotools: `lint`
Closes#20175
This makes the easy handle 432 bytes smaller (totally 5352 bytes on my
rather maximized Linux 64 bit build). The 440 byte mimepost struct is
now allocated only when needed.
Closes#20260
Since the date format is fixed there is no need to accept more data.
Update test355 to verify reject of too long date in alt-svc file
This test case was originally supposed to verify alt-svc loading from a
file but never did because it was done incorrectly.
Now it verifies that a too long date in the input file makes curl
disregard the entry.
Closes#20259
Turns out in practice the internal cache name contains the arch where it
matters (arm or dual-arch local builds), which is part of the cache key
string. Drop `runner.arch` to avoid two arch strings in the key.
Cache keys without an explicit arch designator mean intel.
Revert ff78af5752#20234Closes#20249
`mbedtls-arm` and `mbedtls-prev` were matching `contains()` expressions
looking for `mbedtls`. It caused an unnecessary cache restore and an
redundant mbedtls build on bumps, and made the build flavors require
different local directory names to avoid this accidental collision.
Also drop `-threadsafe` from internal names. All local builds are.
Follow-up to 8806035344#20240
Follow-up to 3a305831d1#19077Closes#20248
All libresll jobs, wolfssl-all, and one mbedtls job.
As noted earlier, arm jobs run faster than intel ones, especially
valgrind steps that run almost twice as fast. Package install runs
slower, but this is offset by faster build and test steps, even in
non-valgrind jobs.
Follow-up to ff78af5752#20234
Follow-up to 2b0d8dcc16#20231Closes#20246
On MS-DOS (OOM and bad filename) and Windows (OOM only).
Given the rarity of both platform and error, we make a compromise and
return an unrelated libcurl error (43) in case of a bad output filename
on MS-DOS.
After:
```
$ CURL_FN_SANITIZE_OOM=1 wine curl.exe https://curl.se/ --output out.txt
curl: (27) Out of memory
$ CURL_FN_SANITIZE_BAD=1 wine curl.exe https://curl.se/ --output out.txt
Warning: bad output filename
curl: (43) A libcurl function was given a bad argument
$ CURL_FN_SANITIZE_OOM=1 wine curl.exe https://curl.se/index.html --globoff -O
curl: (27) Out of memory
$ CURL_FN_SANITIZE_BAD=1 wine curl.exe https://curl.se/index.html --globoff -O
curl: bad output filename
curl: (43) A libcurl function was given a bad argument
```
Before:
```
$ CURL_FN_SANITIZE_OOM=1 wine curl.exe https://curl.se/ --output out.txt
Warning: bad output glob
curl: (27) Out of memory
$ CURL_FN_SANITIZE_BAD=1 wine curl.exe https://curl.se/ --output out.txt
Warning: bad output glob
curl: (3) URL using bad/illegal format or missing URL
$ CURL_FN_SANITIZE_OOM=1 wine curl.exe https://curl.se/index.html --globoff -O
curl: Failed to extract a filename from the URL to use for storage
curl: (27) Out of memory
$ CURL_FN_SANITIZE_BAD=1 wine curl.exe https://curl.se/index.html --globoff -O
curl: Failed to extract a filename from the URL to use for storage
curl: (3) URL using bad/illegal format or missing URL
```
Ref: #20116 (simpler reboot of)
Ref: #20113#20121
Ref: 40c1748af5#20198
Ref: eb7f5b71e5#20143
Ref: 8c02407bef#20125Fixes#20044Closes#20199
`libressl-filc` was matching `contains()` expressions looking for
`libressl`, causing build confusion and failure in specific cases.
Rename `libressl` to `libressl-c` to avoid this. Also rename the cache
id for consistency, though not necessary for the fix.
Bug: https://github.com/curl/curl/actions/runs/20860412340/job/59938315276
Follow-up to c262481873#19407
Cherry-picked from #20234Closes#20240
This otherwise broke building on a parent with a static library which is
available but disabled (e.g. CURL_ZLIB is set to OFF but ZLIB::ZLIB
exists)
Closes#20217
More cost-effective and seems as fast or faster than Intel.
In particular, valgrind seems to be almost 2x fast. So fast the job pair
could fit under 10 minutes if merged again (but would be the longest in
GHA/Linux.)
Installing packages is slightly slower. The package repo is Ubuntu's
which is slower than the Azure mirror used on Intel (unless Azure is
broken, which happened a lot last year).
To add to more jobs, the locally built deps also need to be migrated.
Also:
- add workaround for failing sshd server on Linux arm runners, caused by
world-writable `HOME` directory.
Closes#20231
Silencing all of these:
```
11>/tmp/_fbuild.tmp/0x0752c383/core_2/70816E19/krb5_sspi.c:1:5: error: this style of line directive is a GNU extension [-Werror,-Wgnu-line-marker]
1 | # 1 "<built-in>"
| ^
/path/to/curl/lib/vauth/krb5_sspi.c:29:6: error: this style of line directive is a GNU extension [-Werror,-Wgnu-line-marker]
29 | # 26 "/path/to/curl/lib/vauth/krb5_sspi.c"
| ^
[...]
```
FASTBuild is slightly faster than Ninja in basic (single-machine, build
from scratch) cases (and can be more faster in other build cases). It
doesn't support unity builds. Maybe it can bring slightly better
performance to non-unity cmake CI jobs, in jobs having an 'install
prereq' phase already, and installing the fastbuild package being faster
than this gain. It overall seems marginal if any in curl CI. At least
for now. But it doesn't hurt if it works, and may be useful for some.
Requires CMake 4.2+.
That said this workaround may have a better place within CMake.
Refs:
https://www.kitware.com/cmake-fastbuild-distributed-cached-and-fast/https://cmake.org/cmake/help/latest/generator/FASTBuild.htmlhttps://github.com/fastbuild/fastbuildhttps://fastbuild.org/docs/home.htmlCloses#20230
Since the Lazy Lucas did not manage to get the fix merged in 0.24.7,
increase the pytest version check number in the hope that it will happen
in the next release.
Closes#20229
Makes sure they work identically cross-platform, as long varies in size
between Windows vs non-Windows. Makes Curl_easy 16 bytes smaller on 64
bit Linux.
This reduces support for the RTSP cseq counters to 32 bit (down from 63
bit previously on 64 bit non-Windows), but it is probably safe.
Implementations probably rarely support anything above 32 bits anyway
and this is how curl has worked on Windows since always.
There is now only one 'long' left in urldata.h (in the ssl_config_data
struct). That field, certverifyresult, is used to store the response
code from TLS backend code and in the OpenSSL case that function returns
an actual 'long'.
Closes#20227
Prior to this patch, some Windows logic, including a Windows-specific
warning message was compiled in for all platforms.
Also:
- fix double space in warning message on UWP.
- formatting.
Follow-up to 9a2663322c#17572Closes#20213
When receiving on a stream that already failed or has already been closed,
return the matching error code without touching the connection. In case
the connection shows errors, e.g. the server closed, those errors should
not have impact on an already failed/closed stream.
This might mitigate flakiness in pytest 07_13 where unexpected errors
occur after a successful upload.
Closes#20220
In particular, it turns 'unsigned long' into 'uint32_t' since the code
needs to build and run just as fine on Windows which has 32 bit longs,
so we know the code works with 32 bit field versions.
This makes Curl_easy 56 bytes smaller on my 64 bit Linux (maximized
build).
Closes#20209
It seems malplaced as it then avoids the following logic when invoked
from a VMS shell and that seems unlikely to be desired.
Based on code review. I have no system to try this on.
Follow-up to f1261bcdd7Closes#20221
Avoid using PRIu32 and PRId32 in product source code. We don't need it.
It reduces readability. It is also inconsistent since unsigned int has
the same size and does not require the define.
DJGPP warns about using %u for uint32_t by default because it seems to
typedef it to unsigned long instead of unsigned int. Which even that is
annoying since long and int are both 32 bit on this platform.
We use our own *printf() implementation and we know this is safe.
This work-around defines uint32_t for DJGPP into unsigned int to avoid
the warnings and thus the need to use PRIu32 and PRId32.
Closes#20215
To:
- see if build tool makes a difference for flaky 8x pytest slowdowns.
- to make this job finished faster.
`curl -V`, number of runtests (1793) and pytests (568/159) verified
to remain the same.
Closes#20211
Also adjust a printf mask for signedness.
Fixing with MS-DOS DJGPP gcc 12.2.0:
```
lib/conncache.c:612:22: error: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi.c:394:22: error: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi.c:520:20: error: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi.c:520:20: error: format '%u' expects argument of type 'unsigned int', but argument 5 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi.c:611:20: error: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi.c:614:22: error: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi.c:887:20: error: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi.c:887:20: error: format '%u' expects argument of type 'unsigned int', but argument 5 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi.c:2719:26: error: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi.c:2725:30: error: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi.c:2729:28: error: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi.c:3126:34: error: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi.c:3348:34: error: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi.c:3991:28: error: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi_ev.c:343:24: error: format '%u' expects argument of type 'unsigned int', but argument 6 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi_ev.c:413:24: error: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi_ev.c:584:36: error: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi_ntfy.c:113:34: error: format '%d' expects argument of type 'int', but argument 3 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi_ntfy.c:113:34: error: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'uint32_t' {aka 'long unsigned int'}
lib/multi_ntfy.c:171:22: error: format '%u' expects argument of type 'unsigned int', but argument 4 has type 'uint32_t' {aka 'long unsigned int'}
lib/url.c:883:22: error: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'uint32_t' {aka 'long unsigned int'}
lib/url.c:889:22: error: format '%u' expects argument of type 'unsigned int', but argument 3 has type 'uint32_t' {aka 'long unsigned int'}
```
Bug: https://github.com/curl/curl/pull/20199#discussion_r2666363334
Follow-up to 4c9e4e99c1#20208Closes#20200
For `PRI*` printf masks for fixed-size C99 types.
Also:
- add simple fallback for `PRIu32`, `PRIx32`, if `inttypes.h` is
missing.
Cherry-picked from #20200
Ref: #20207
Follow-up to 4701a6d2ae#19695
Ref: 60359ad504#12275Closes#20208
Number of jobs down to 34 (from 56 at end of last year.)
Out of them 7 autotools (was 24 at end of last year.)
Also:
- stop install brew packages preinstalled.
- make some dependency options explicit.
Closes#20203
Make sure to convert a low-level OOM error code a libcurl one, to make
the curl tool to display an accurate error code and messages. On Windows
and MS-DOS.
Improving:
```
$ CURL_FN_SANITIZE_OOM=1 wine curl.exe https://curl.se/ --output out.txt
[...]
curl: (3) URL using bad/illegal format or missing URL
```
to:
```
[...]
curl: (27) Out of memory
```
Cherry-picked from #20116Closes#20198
Replacing `fopen_s()`/`_wfopen_s()`, to allow customizing share mode,
and keep the sharing mode as was with `fopen()`/`_wopen()` earlier and
as used in `_sopen_s()`/`_wsopen_s()`.
The replaced functions used `_SH_SECURE` internally. Otherwise they are
identical to the replacements.
Ref: https://learn.microsoft.com/cpp/c-runtime-library/reference/fsopen-wfsopen
Reported-by: Jay Satiro
Fixes#20155
Ref: #20156
Follow-up to 1e7d0bafc6#19643Closes#20186
To save 0.5 to 3 minutes per job.
There remain 7 main autotools jobs, plus 1 in combinations and 1 more
for iOS.
Also:
- fix to disable MQTT, WebSockets, IPFS in HTTP-only job.
Closes#20193
- `LDAP_OPT_SUCCESS` (== 0) is missing from some LDAP implementations
and documented to use `LDAP_SUCCESS` (== 0) instead. Use literal zero
to avoid macro name differences.
- fix freeing `LDAP_OPT_API_INFO` buffers:
- docs suggest `ldapai_vendor_name` on IBMi is `const char *`.
Nothing in docs says it need to be freed.
- `ldapai_extensions` need to be freed, according to docs.
However, on IBMi there is `ldap_value_free()` function for it.
Ref: https://www.ibm.com/docs/en/svd/10.0.3?topic=settings-ldap-opt-api-info
Fixing, on OS400 (V7R4M0):
```
CZM1003: LDAP__819.c, 1028.56: CZM0045(30) Undeclared identifier LDAP_OPT_SUCCESS.
CZM1003: LDAP__819.c, 1036.21: CZM0280(30) Function argument assignment between types "char*" and "const char*" is not allowed.
CZM1001: LDAP__819.c, 1037.5: CZM0304(10) No function prototype given for "ber_memvfree".
...
CZS0601: Module LDAP is not created because statement errors occurred.
```
Follow-up to 859ce48de1#19832Fixes#20188Closes#20189
To reduce the number of jobs, and the time spent running macos runners.
The curl codebase has just a few Apple-specific parts, and they remain
well-covered after this patch.
Makes the number of jobs 24, down from 32.
Perhaps more jobs could be merged or dropped, and CPU use reduced by
moving some to cmake. Unique, but not Apple-specific jobs may also be
moved to Linux.
Follow-up to b869932392#20178Closes#20187
In an attempt to make sure that setting it again does not leak memory.
The second string is set to `""`, which is done so that this now finds
the problem reported in #20179.
Ref: #20179Closes#20181
- Each time field is now 7 characters wide, so that the total width
never exceeds 79 columns so that it works correctly also in Windows
terminals. The title lines are adjusted accordingly.
This is accomplished by using h:mm:ss style up to 10 hours, and for
longer periods switch to "nnX nnY" style output. For hours, days,
months and years.
For less than one hour, the hour field is now dropped.
When no time info is provided, the field is now space-only. No more
`-:--:--`.
Also fixed the output for really long times which previously was
completely broken. The largest time now shows as ">99999y". (Becase
I can't figure out a better way).
- For sizes, the widths are now properly fixed to 6 characters. When
displaying a unit with less than 3 digits, it shows two decimal
precision like "16777215 => 15.99M" and one decmal otherwise: "262143
=> 255.9k"
Also fixes the decimal math. 131071 is 127.9k, which it previously did
not show.
- The time and size field outputs are now properly verified in test
1636.
Fixes#20122Closes#20173
fixup use only space when no time exists
Drop the hour from the display when zero
A too long name is likely to cause a problem later anyway and get
reported there. We don't enforce file name lengths for any other
systems.
Assisted-by: Jay Satiro
Assisted-by: Viktor Szakats
Closes#20143
- drop autotools (except one) from combination jobs.
They seem to add little value over cmake ones, yet take a lot of time
even after restricting them to shared libs.
20-25s to install autotools via Homebrew, for each 11 jobs. autoreconf
taking 10s, configure 25s, build 30-35s. A total of 1m30s to 1m45s per
job. Sometimes jumping up to 2-4 minutes.
Compare this to 20-25s total job times with cmake.
Keep one job with an indentical cmake pair to help detecting
build-tool-specific fallouts.
- drop more combination jobs.
To avoid overlap with main build jobs.
Reducing number of jobs to 9, from 22 (-13),
total job time to 5.5 minutes, from 25 (-20m).
Before: https://github.com/curl/curl/actions/runs/20637652089
After: https://github.com/curl/curl/actions/runs/20686390641?pr=20178
Considering the small amount of Apple-specific code in curl since
dropping Secure Transport, and that most combination issue were in
the toolchains, not curl, there is likely more room to avoid wasting
cycles (at 41 macOS + 3 iOS jobs after this patch).
Follow-up to d057b705fd#20167Closes#20178
Time output:
- was broken for really large times
- now uses spaces instead of --:--:--
- >99999y is now the largest shown time
- show HH:MM:SS as long as hours are fewer than 100
Size:
- made the decimal output always only use a single decimal
Test:
- Add test 1622 to verify these functions
Closes#20177
When checking the reported times of a transfer, do not exptect
the 'queue' time to be in any relation to others. 'queue' uses its own
start timestamp and the reported duration is thereofore independant.
Ref: #20112Closes#20163
It also means that now all torture test-pairs use the same shallowness,
while earlier FTP used 20.
Also:
- This made macOS torture jobs slow enough to split them into 3 jobs.
Follow-up to 2cbcde90e7#20153Closes#20172
Do not generate a 400 response code, but use a 200 one. The upload needs
to fail on sending, not on seeing a 400 response. Seeing a 400 before
the sending fails (when CI timings shift) will expose the wrong error
code.
Ref: #20112Closes#20164
We recently allowed a larger send buffer in ngtcp2 streams. This allowed
curl to send more early data then previously when the server was slow in
performing the handshake. This led to flaky test failures when the
amount of early data was larger than expected.
Change test expectations to allow for varying amount of early data.
Ref: #20112Closes#20161
The special handling for draining server connections during a connect
attempt was only done on CURLE_RECV_ERROR. But it may also happen when
ngtcp2 errors on writing data. Check for CURLE_SEND_ERROR also.
Ref: #20112Closes#20162
The 'ma' and 'persist' keywords should be considered per list entry, not
once per header.
Expand test 1654 to verify such headers
Reported-by: Hunt Darlener
Closes#20160
From 15 to 10 minutes.
To reduce the idle wait for hung jobs from 20 to 15 minutes (hopefully),
so that the failed just can be restarted manually eariler. It appears
that GitHub Actions notices a hung job 5 minutes past the workflow
timeout (reason undiscovered).
Also: Leave extra time for torture and arm64 jobs.
Closes#20170
To avoid building libcurl in both static and shared flavor by default.
It results in 1.5-2.x speed-up for the curl build step in most jobs.
Saving a total of 6-7 minutes. In the Cygwin job alone it saves 1-1.5m.
Also:
- enable static + shared in a Windows job to keep testing this combo.
Follow-up to ff958fc4b2#20159Closes#20167
To make CI turnaround time shorter, by cutting the longest running jobs.
After this patch all jobs should finish around 10-11 minutes. Down from
15-16 minutes before this patch.
Suggested-by: Stefan Eissing
The fuzzing workflow is now the slowest (with a 7-minute startup time
needed to build deps from source on each run), followed by macOS
and Windows torture tests (both split in two now). Without fuzzing, it's
under 10 minutes.
Notes:
- an extra cost with job-pairs is installing prereqs,
configuring/building curl and tests twice. GitHub doesn't support
making a matrix job a prereq for another workflow that may fix this:
https://github.com/orgs/community/discussions/42335
This overhead is significant on Windows: 11m20 -> 9m20 + 8m40
- job-pairs are annoying to maintain and keep in sync.
- splitting tests into halves is a manual process and needs to be
revisited from time to time. Possibly something to automate with
a runtests option, e.g. with `1 of 50%` and `2 of 50%`?
Also:
- split torture tests in two equal pieces, replacing the `FTP` + `!FTP`
split used earlier.
Related perf improvements from today:
- make scan-build 2x fast:
ff958fc4b2#20159
- drop build-only Testi386 fuzz workflow (from curl), saving 9m per run:
0106023c1fhttps://github.com/curl/curl-fuzzer/pull/236Closes#20153
It's defined in `lib/curl_setup_once.h` which is always included before
the duplicate definition in `src/tool_cfgable.h`. Delete the latter.
Follow-up to 06bb158737#16211Closes#20152
This fixes curl using libraries if `CURL_{BROTLI|ZLIB|ZSTD}` is set to
`OFF` but the library was found in a parent project that includes curl.
Closes#20147
Add a `cert-status` feature flag to `curlinfo`, based on the conditions
used in `lib/vtls` sources.
To:
- fix disabling this test when using OpenSSL (or fork) built with
the `no-ocsp` option.
- enable this test for AWS-LC in CI.
Note:
- BoringSSL (and quiche) has OSCP disabled by default.
- MultiSSL dynamic selection continues to confuse this test.
(To fix it, support would need to be detected by querying libcurl
via curl. Probably overkill given that OCSP is on its way out.)
Follow-up to f2c765028f#20149Closes#20133
To make the longest running FreeBSD job finish 1.5 minutes faster
(9.5m -> 8m).
Examples are still built with both autotools and cmake, one on Intel and
one on ARM.
Closes#20146
- update `github/codeql-action` from 4.31.8 to 4.31.9
- update `cross-platform-actions/action` from 0.30.0 to 0.32.0
- support for OmniOS and FreeBSD 15.0
- releases are now immutable
Closes#20140
Already included directly via `hostip.c`, and other header users do not
use it.
Also add comment about why `setjmp.h` is used.
Cherry-picked from #20106Closes#20132
Macros have been deleted upstream and never defined in OpenSSL 1.1.0+:
474e469bbd
BoringSSL deleted the last internals uses in 2014:
457112e197
LibreSSL refers to them internally and in two public headers, but never
set them via `openssl/opensslfeatures.h` / `openssl/opensslconf.h`.
Follow-up to 69c89bf3d3#18330Closes#20130
The macro has been deleted upstream and never defined in OpenSSL 1.1.0+:
e481f9b90b
BoringSSL and LibreSSL deleted the last uses in 2014:
6dbd73db5d7b2f3298f7
Also:
- drop internal guard `HAS_ALPN_OPENSSL`. It's always set.
Follow-up to 69c89bf3d3#18330Closes#20129
Note: This patch doesn't aim to add `timeval.h` includes missing from
local headers using `curltime` type. They remain relying on `urldata.h`
being included first. This patch also doesn't delete existing, used
includes already present in local headers (as internal users may rely
on them).
Ref: #20106Closes#20126
(Not tested in CI. Regression in 8.17.0.)
Fixing:
```
lib/vtls/openssl.c:4750:8: error: variable 'sectrust_verified' set but not used [-Werror,-Wunused-but-set-variable]
4750 | bool sectrust_verified = FALSE;
| ^
1 error generated.
```
Follow-up to b4630ed8fa#19308Closes#20128
- `CURL_FN_SANITIZE_BAD=<any-value>` to simulate
`SANITIZE_ERR_INVALID_PATH`.
- `CURL_FN_SANITIZE_OOM=<any-value>` to simulate
`SANITIZE_ERR_OUT_OF_MEMORY`.
Both are Windows/MS-DOS-specific and require debug-enabled curl build.
Cherry-picked from #20116Closes#20125
The migration to the strparse API introduced regressions in Digest
authentication parsing where Optional Whitespace (OWS) after commas was
not skipped, and escaped quotes in values were not correctly parsed.
This change ensures whitespace is skipped before key lookups and escaped
characters are properly handled and unescaped in quoted values.
Reported-by: herdiyanitdev on hackerone
Closes#20102
- Use 32767-1 instead of PATH_MAX-1 (260-1) as the maximum allowable
length of a path in Windows.
Prior to this change the path sanitizer in Windows used 32767-1 as the
maximum length only for paths that had the "\\" prefix like
"\\?\longpath". Since then we added some workarounds to open longer
paths without "\\?\" prefix by normalizing the path and adding that
prefix, and the sanitizer is called before the prefix is added.
Bug: https://github.com/curl/curl/issues/20044
Reported-by: Viktor Szakats
Closes https://github.com/curl/curl/pull/20046
Fix the pollset in perform state to not add sockets for directions
that are blocked. This otherwise will lead to busy loops for a
transfer that cannot be progressed.
Reported-by: Fizn-Ahmd on github
Fixes#20091Closes#20109
- asyn-thrdd.c: scope an include.
- apply more clang-format suggestions.
- tidy-up PP guard comments.
- delete empty line from the top of headers.
- add empty line after `curl_setup.h` include where missing.
- fix indent.
- CODE_STYLE.md: add `strcpy`.
Follow-up to 8636ad55df#20088
- lib1901.c: drop unnecessary line.
Follow-up to 436e67f65b#20076Closes#20070
- they rarely catch any problems
- we have other ways to test different send/recv problems
- the number of such calls vary much more per invoke than others, making
memdebugging harder
- reducing the total number of fallible functions per test is good
- they were not used as intended anyway
Closes#20097
The cookie flushing (saving to a cookie jar) should only be done if a
transfer has been started. This is now done by checking the
cookies->running field, which is not reset in curl_easy_reset() so the
saving works correctly even after a call to that.
Follow-up to fd6eb8d6e7
Verified by test 1920
Reported-by: Alexander Batischev
Fixes#20090Closes#20094
- drop unused `http.h` includes.
- drop unused `http1.h` include.
- drop unused `http2.h` includes.
- vssh/ssh.h: drop unused `vssh.h` include.
- urldata.h: drop unused protocol includes.
- url: include `smtp.h` directly.
- rtsp.h: include directly where used.
- imap, smtp: drop redundant include, move another from .h to .c.
Verified with an all non-unity CI run.
Closes#20093
Also:
- examples/hsts-preload: apply the same change as it's based on lib1915
in tests. Make a local clone of `curlx_strcopy()`. Then drop the
`_CRT_SECURE_NO_WARNINGS` hack, that's no longer necessary.
- curl_setup.h: delete `strcpy()` from the `_CRT_SECURE_NO_WARNINGS`
list.
Closes#20076
`strcpy()` wrote an unnecessary null-terminator past the available read
buffer.
test551 was also affected because it reuses lib547.
Cherry-picked from #20076Closes#20082
Update test 1941 to verify this
Remove unused code from dynhds for handling folded headers, and the
associated unit tests of those functions in test 2602 and 2603.
Closes#20080
This function REQUIRES the size of the target buffer as well as the
length of the source string. Meant to make it harder to do a bad
strcpy().
Removes 23 calls to strcpy().
Closes#20067
On versions before macOS 10.14, ios 12 and watchos 5, check the
evaluation code to return the error from evaluation.
Reported-by: Stanislav Fort
Closes#20074
- replace `sendf.h` with `curl_trc.h` where it was included just for it.
- drop unused `curl_trc.h` includes.
- easy: delete obsolete comment about `send.h` include reason.
Also:
- move out `curl_trc.h` include from `sendf.h` and include it directly
in users, where not done already. To flatten the include tree and
to less rely on indirect includes.
- stop including `sendf.h` from other headers, replace it with forward
declaration of `Curl_easy`, as done already elsewhere.
Verified with an all non-unity CI run.
Closes#20061
In unity builds the source filename (via `__FILE__`) has no path (or
uses slashes?), while in non-unity ones it does contain backslashes
on Windows, with MSVC. Fix the test to recognize backslashes in the
`stripfile` regexp.
Seen in MSVC jobs in CI:
```diff
-MEM tool_cfgable.c[LF]
-MEM tool_paramhlp.c[LF]
-MEM tool_cfgable.c[LF]
-MEM tool_cfgable.c[LF]
-MEM tool_cfgable.c[LF]
-MEM tool_cfgable.c[LF]
+MEM D:\a\curl\curl\src\tool_cfgable.c[LF]
+MEM D:\a\curl\curl\src\tool_paramhlp.c[LF]
+MEM D:\a\curl\curl\src\tool_cfgable.c[LF]
+MEM D:\a\curl\curl\src\tool_cfgable.c[LF]
+MEM D:\a\curl\curl\src\tool_cfgable.c[LF]
+MEM D:\a\curl\curl\src\tool_cfgable.c[LF]
```
Ref: https://github.com/curl/curl/actions/runs/20408366058/job/58641468316?pr=20061#step:13:303
Ref: https://github.com/curl/curl/actions/runs/20408522070/job/58641826216?pr=20064#step:13:298Closes#20064
To make it available for all files. Drop includes from individual
sources. This header was already included from most sources and not
specific to any internal subsystem.
Also to ensure that two system symbol redefines on Windows (`read()` and
`write()`) get applied to all sources. Move them to `curl_setup.h`.
Closes#20056
Delete where unused, include where to used to avoid relying on
side-effect of other headers.
Also: delete "for curlx_nonblock" comments. That's the only symbol
offered by this header.
Closes#20055
1. With `MBEDTLS_SSL_PROTO_TLS1_2` not enabled, the mbedTLS code was not
able to connect to any server due to broken logic in curl's
`mbed_set_ssl_version_min_max()`. Now it correctly sets the minimum
supported TLS version based on what is compiled in the library.
2. If debugging is enabled, move the debugging enabling earlier in the
`mbed_connect_step1()` so that verbose errors are actually displayed if
failures happen (see the previous point -- it would've made debugging
that issue easier).
3. Remove the constant `mbedtls_x509_crt_profile_fr` and instead use
mbedTLS-included profile `mbedtls_x509_crt_profile_next` with
`mbedtls_ssl_conf_cert_profile()`. This will follow the latest standards
as new mbedTLS versions are released (rather than being stuck-in-time
until someone comes along to fix what was hard-coded here). This has the
immediate benefit of no longer supporting SHA1 certs and insecure RSA
key-lengths (1024). This fix immediately prevents previously possible
MITM attacks (SHA1 hashes and RSA-1024 keys can be forged relatively
easily by nation-state actors and criminal organizations with
deep-pockets).
4. Added [predictive
resistance](https://mbed-tls.readthedocs.io/en/latest/kb/how-to/add-a-random-generator/#enabling-prediction-resistance)
to the random number generator (adding more entropy to the RNG).
5. Split the random number generator into initialization, the actual
random generation, and the "freeing" of the resources. This
significantly reduces the overhead of using the RNG.
6. Removed the separate RNG function in the TLS connect stage (instead
use the "main" one) and remove the ad-hoc threading support. Instead
properly document how to enable threading in mbedTLS. As it was, other
internals of mbedTLS could have race conditions (in the RSA module in
particular) if `MBEDTLS_THREADING_C` was *not* enabled. And if it is
enabled, then these race-conditions cannot happen. And also, if
MBEDTLS_THREADING_C is enabled then the RNG functions [are fully
thread-safe](https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading/).
So, the previous ad-hoc threading support was both partial and broken.
7. Enable support for disabling `MBEDTLS_PEM_PARSE_C`.
8. Add support for `CURLOPT_SSLCERTTYPE` so user can specify `PEM` or
`DER` and get faster execution.
Closes#19983
Since Curl_mntfy_dispatch_all() is called with high frequency and
mostly unnecessary, add a check macro to avoid the call when not
needed.
Closes#20034
Move existing `Curl_rename()` `rename()` wrapper from lib to
curlx/fopen, and make it a curlx macro/function. To allow using
the local worker function to fixup long filenames on Windows.
Then fix the Windows-specific rename implementation to support long
filenames. This operation may happen when using a cookie jar, HSTS cache
or alt-svc cache, via libcurl or the curl tool.
Before this patch, when passing a long filename to the above options,
a `<random>.tmp` file was left on the disk without renaming it to the
filename passed to curl. There was also 1 second delay for each
attempted rename operation.
Also:
- checksrc: ban raw `rename()` and `MoveFileEx*()` functions.
- Note: `Curl_rename()` returned 1 on failure before this patch, while
`curlx_rename()` returns -1 after, to match POSIX `rename()`.
Refs:
https://learn.microsoft.com/windows/win32/api/winbase/nf-winbase-movefileexahttps://learn.microsoft.com/windows/win32/fileio/maximum-file-path-limitation
Ref: #20040Closes#20042
Tailored for each job with a relatively tight limits. Also with no
tolerance in valgrind tests: 4 of the 4 has to be run.
Based on Test Clutch feature matrix which displays the minimum and
actual number of tests:
https://testclutch.curl.se/static/reports/feature-matrix.html
Also:
- runtests.pl: include total number of tests in the error message shown
when the limit was not met.
Assisted-by: Dan Fandrich
Follow-up to 3f1cd809ee#19942Closes#20050
It makes them work in Schannel's CA bundle loader, and curl tool's
set/get file timestamp operations (e.g. in `-R`/`--remote-time`). Also
to match file open operations, that already support long filenames.
E.g. when using `--remote-time`, fixing:
```
Warning: Failed to set filetime 1741363917 on outfile: CreateFile failed:
Warning: GetLastError 0x00000003
```
The special long filename logic is necessary to support Windows releases
prior to Windows 10 v1607. With the latter, it's possible to opt-in to
this behavior via a manifest setting. Note that Windows itself also needs
to opt-in to support this. Finally note that curl itself needs passing
`--globoff` to let long filenames through, pending #20044 and #20046.
Refs:
https://learn.microsoft.com/windows/win32/api/fileapi/nf-fileapi-createfileahttps://learn.microsoft.com/windows/win32/fileio/maximum-file-path-limitation
Ref: #8361
Inspired by: #19286
Inspired-by: Mathesh V
Closes#19286Closes#20040
Also:
- vquic-tls.h: do not include unused headers for non-H3 builds.
- autotools: stop looking for `openssl/x509.h` header.
- cmp-config.pl: delete exception for `openssl/x509.h`.
- examples: format/comment sync between the two touched files.
- openssl: drop unused `curlx/wait.h` include.
Closes#20049
With 24b36fd stream flow control window sizes have been set too
restrictive, crippling transfer rates when no rate limit is in effect.
Disable ngtcp3 stream window auto-tuning and extend the stream window
from the small initial size to the effective rate limit. If no rate
limit is configured, extend stream window to maximum value right away.
This cannot shrink the stream window later, however. But growing the
limit or removing it, will work mid download.
Fixes#20030
Reported-by: koujaz on github
Closes#20033
`io.h` already included via `curl_setup.h`, the other headers are
already guarded off for Windows. `INADDR_LOOPBACK` fallback remains
a no-op on Windows.
Closes#20032
- curl_range: replace `sendf.h` with direct header dependency
`curl_trc.h`.
- drop `curl/curl.h` includes from internal sourcees in favor of the
include made from `curl_setup.h`. Replace it with the latter where
it's the only include.
- include `curl_setup.h` before using macros, where missing.
- drop redundant `stdlib.h`, `string.h` includes, in favor of
`curl_setup_once.h` including them.
- drop redundant `limits.h` in favor of `curl_setup.h` including it.
- fake_addrinfo.h: fix typo in comment.
- curl_setup_once.h: drop `stdio.h` in favor of earlier include in
`curl_setup.h`.
- drop stray, unused, `stddef.h` includes.
- memdebug.h: add missing `stddef.h` include. (relying on accidental
includes via other headers before this patch.)
- stddef.h: document why it's included.
- strerr: drop `curl/mprintf.h` in favor of `curl/curl.h` including it
via `curl_setup.h`.
Closes#20027
It should still insert a (single) space when unfolding
Follow-up to 9941e7c95b following up to 67ae101666.
Updated test 1274 and 1940 accordingly.
Closes#20029
Always use curlx_now() when calling Curl_pgrs_now(data). Tests with the
"manual" updates to now proved differ more then 100ms in parallel testing.
Add `curlx_nowp()` to set current time into a struct curltime.
Add `curlx_ptimediff_ms() and friends, passing pointers.
Update documentation.
Closes#19998
- apply more clang-format.
- lib/version: use `CURL_ARRAYSIZE()`.
- INSTALL-CMAKE.md: sync-up an option description with others.
- examples: delete unused main args.
- examples/ftpgetinfo: document `_CRT_SECURE_NO_WARNINGS` symbol.
- delete remaining stray duplicate lines.
- acinclude.m4: drop an unnecessary x-hack.
- vtls/mbedtls: join a URL split into two lines.
- src/tool_cb_see: add parentheses around macro expressions.
- src/tool_operate: move literals to the right side of comparisons.
- libtests: sync up fopen/fstat error messages between tests.
- curl_setup.h: replace `if ! defined __LP64` with `ifndef __LP64`.
I assume it makes no difference on Tandem systems, as the latter form
is already used in `include/curl/system.h`.
Closes#20018
Restore the unfolding behavior from before 67ae101666. This change
(leaving more whitespace in the delivered headers) turned out causing
some friction in the git project so presumably others might also find it
a little surprising.
Reported-by: Jeff King
Ref: https://marc.info/?l=git&m=176606332701171&w=2Closes#20016
To use the modern form when possible. The modern option also allows
using the `no-` prefix to disable.
Supported by: gcc 4.8+, clang 3.2+ (= appleclang 4.2+)
This also automatically changes `-clang:-pedantic` to `-Wpedantic` in
clang-cl builds.
Refs:
9877f689f2https://gcc.gnu.org/onlinedocs/gcc-4.8.5/gcc/Warning-Options.htmlCloses#20010
While wolfSSL_i2d_SSL_SESSION() does not change the passed pointer, like
OpenSSL does, it may one day decide to do so. Pass a copy instead to be
future-proof to such a change in wolfSSL's implementation.
Closes#20008
- update `filelock` from 3.20.0 to 3.20.1 (CVE-2025-68146) (used in pytests)
- update `pytest` from 9.0.1 to 9.0.2
- update `ruff` from 0.14.8 to 0.14.9
Closes#20004
After applying a recent fix made to `threaded.c` (formerly
`multithread.c`) to `threaded-ssl.c`, syncing and updating comments,
the two examples turned out to be identical except their test URLs.
Delete one of them to avoid duplication.
Also:
- examples/threaded: scope a variable.
- examples/threaded: merge comments from its deleted sibling.
Follow-up to 61273f5812#20001
Follow-up to 971e8d661c#19526#19524Closes#20002
This type of test failure requires a test status line in order to be
consistent with other failures and to be parsed properly by Test Clutch.
This is the same style as an exit or postcheck failure.
Closes#19995
Define `CERT_NAME_SEARCH_ALL_NAMES_FLAG` macro if missing.
To allow using a runtime branch regardless of build-time SDK version,
when running on Windows 8+.
In practice it enables this branch for builds using mingw-w64 v3, and
MSVC with Windows SDK <8.
Also reducing build variations.
Follow-up to 29e40a6d8a#4761#3711
Follow-up to 8996300211#1325
Follow-up to 172b2beba6#264 (comment)
Closes#20000
The make rule confused automake by changing directories before creating
the file, causing unitprotos.h to be created in the srcdir instead of
the builddir. This results in a stale file and confusing compile errors
in out-of-tree builds.
Fixes#19966Closes#19993
Define `TCP_KEEP*` macros if they are missing in Windows builds.
To allow using these runtime `setsockopt()` options regardless of
build-time SDK version, when running on Windows 10.0.16299+.
In practice in enables them for builds using mingw-w64 <12, and
MSVC with Windows SDK <10.
Before this patch these runtime options required building curl with
a recent toolchain.
Follow-up to f0de14168a#19559Closes#19999
For Test Clutch.
If set (via env or tflags), include the minimum number of tests required
in runtests' log output:
```
* Min tests: 1750
```
Follow-up to 3f1cd809ee#19942Closes#19987
- lib: delete two unused `<sys/un.h>` includes.
- lib: drop interim macro `WIN32_SOCKADDR_UN`.
Follow-up to 0fe9018e1a#7737
Also fixing a potential issue of leaving unix socket support disabled
if any header would include Windows' `afunix.h`, and define
`UNIX_PATH_MAX` on its own.
- connect: honor unix socket disable option.
- connect: simplify unix socket PP condition.
`USE_UNIX_SOCKETS` already means the necessary header/type are
available, guaranteed by configure. `AF_UNIX` is already used
elsewhere in the code without explicit checks.
- curl_setup.h: document availability of `afunix.h` on Windows more.
It requires mingw-w64 10+ or MS SDK 10.17763.0 VS2017 15.8+.
- curl_setup.h: use `afunix.h` with mingw-w64 v10+ to start avoiding
the local workaround if possible.
- GHA/windows: test disable unix socket option on Windows.
Ref: https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/Closes#19989
When a test server is found or configured, do not silently ignore
errors to start and disable them when checking their version.
This forces pytest to fail when a server is not operating
as it should.
Closes#19996
Use `data->progress.now` as the timestamp of proecssing a transfer.
Update it on significant events and refrain from calling `curlx_now()`
in many places.
The problem this addresses is
a) calling curlx_now() has costs, depending on platform. Calling it
every time results in 25% increase `./runtest` duration on macOS.
b) we used to pass a `struct curltime *` around to save on calls, but
when some method directly use `curx_now()` and some use the passed
pointer, the transfer experienes non-linear time. This results in
timeline checks to report events in the wrong order.
By keeping a timestamp in the easy handle and updating it there, no
longer invoking `curlx_now()` in the "lower" methods, the transfer
can observer a steady clock progression.
Add documentation in docs/internals/TIME-KEEPING.md
Reported-by: Viktor Szakats
Fixes#19935Closes#19961
When someone gives us 0-length UDP packets, ignore
them as they cannot be valid QUIC packets. This also
prevents us from messing up any GSO calculations.
Reported-by: Stanislav Fort
Closes#19978
Make sure to call `curlx_now_init()` before the first call to
`curlx_now()`.
Before this patch the first `curlx_now()` used the non-Vista code path
calling `GetTickCount()` on Vista+. This is harmless, but the upcoming
PR #18009 is going to drop the non-Vista code path, causing a division
by zero at startup in test servers, without this fix.
Bug: https://github.com/curl/curl/pull/18009#issuecomment-3652154307Closes#19973
To really verify the presence of the XML prolog, also in CI.
- move the prolog check from `loadtest` to `checktest`.
(load did a soft error, silently skipping the test instead of failing)
- runtests: enable `-w` functionality permanently for all test targets,
drop the option. It has no measurable performance impact.
- test 798, 1665: add XML prolog.
Follow-up to f0d277cb0e
Follow-up to b5ea0736bb#19946
Follow-up to 904e7ecb66#19347Closes#19970
To avoid update noise. Renovate bumps everything instantly, meaning
a major version a couple hours after release, then all minor bugfix
releases throughout the next 1-2 days. Also putting major versions in
a different group than the bugfix release, and there is no support for
a cooldown period.
After this patch GitHub's Dependabot remains the single tool responsible
to bump GitHub Actions, once a month, grouped, with a cooldown period.
In sync with most other curl repos.
Both Renovate and Dependabot keep bumping pinned pips for now. Also
Renovate keeps updating C dependencies and Dockerfile.
Closes#19954
test 798 - incoming cookie header in a folded line
test 1665 - verify HTTP headers without final CRLF. Make sure all complete
headers are delivered even if the reponse is partial
Make the low-level HTTP header "builder" unfold headers so that
everything else can keep pretending folding does not exist.
This code no longer tries to reduce repeated leading whitespace (in the
continued folded header) to a single one. To avoid having to have a
special state for that.
Adjusted two test cases accordingly
Closes#19949
libcurl supports up to 8MB string inputs, the config file accepts up to
10MB line lengths. It did not make sense to limit the globs to a maximum
of one megabyte.
Closes#19960
To run more pytest sshd tests, and for more static analysis.
Also:
- drop redundant option from `openssl libssh2 ...` config.
- GHA/linux: enable pytest in the LTO job (to test libssh2).
- avoid both with local builds of OpenSSL-forks, due to crypto lib
mixups causing a mixture of build error, crashes, test failures.
Follow-up to eb39fee40b#19934Closes#19943
To formalize they are now XML-compliant (with some asterisks.)
Also to help syntax highlighters work on them to make their content more
readable.
Also:
- Delete empty comment decorations.
- GHA/checksrc: simplify XML check.
- runtests: fail to load test data with XML prolog missing.
Follow-up to bfe6eb1c06#19927
Follow-up to 87ba80a6dfCloses#19946
- cmake: automatically disable typecheck when running clang-tidy,
to avoid possible interference, and to improve performance.
- INSTALL-CMAKE: document both this, and unity=off for clang-tidy.
- GHA/linux: disable for some static analyzers CI jobs to avoid possible
interference.
- GHA/linux: disable in Fil-C job to improve build performance.
Follow-up to 9e6f1c5efb#19637
Follow-up to fd2ca2399e#17955Closes#19941
To detect mistakes made in the runtests framework that reduce
the number of test runs. Before this patch it could go undetected with
a green CI.
The minimum thresholds will need light maintenance going forward (either
bumping them periodically, or adjust if some may fell below minimums for
justified reasons). We may also make minimums tighter or looser, or more
job-specific.
Latest number of test runs for each job can be seen at Test Clutch:
https://testclutch.curl.se/static/reports/feature-matrix.html
Also:
- GHA: set minimums.
Assisted-by: Dan Fandrich
Follow-up to f2a75a14dd
Follow-up to bb1391f943#19510Closes#19942
With either /usr/sbin/sshd found or configured via --with-test-sshd=path
add tests for SCP down- and uploads, insecure, with known hosts or not,
with authorized user key or unauthorized one.
Working now with libssh and libssh2, using a hashed known_hosts file.
Closes#19934
- drop stray duplicate empty lines in docs, scripts, test data, include,
examples, tests.
- drop duplicate PP parenthesis.
- curl-functions.m4: move literals to the right side in if expressions,
to match rest of the source code.
- FAQ.md: delete language designator from an URL.
- packages: apply clang-format (OS400, VMS).
- scripts/schemetable.c: apply clang-format.
- data320: delete duplicate empty line that doesn't change the outcome.
- spacecheck: extend to check for duplicate empty lines
(with exceptions.)
- fix whitespace nits
Closes#19936
It finds debug outputs in source code otherwise.
Output the whitelist "warnings" to stderr to better allow us to count
URLs with `./mdlinkcheck --dry-run | wc -l`.
Closes#19938
The referred function has been deleted earlier.
Also:
- drop commented reference to deleted `CURL_CHECK_OPTION_THREADS`.
0d4fdbf15d#16054
Follow-up to 96a1a05f66#14096Closes#19928
With this, all test data files are XML-compliant.
Also:
- test1158, test1186: use single quotes for the test filename attribute
containing a double quote. For XML-compliance.
- drop support for unquoted attributes. For XML-compliance.
Closes#19926
0.24.6 is the quiche version without the fix for proper handling fo
RESET streams. Require a verion higher than that to run test_05_02.
Follow-up to 14478429e7#19916Closes#19921
`LDAP_VENDOR_NAME` and `winber.h` are available in all supported
MS SDK and mingw-w64 versions. Stop checking for them.
Also drop redundant parenthesis in PP expression.
Closes#19918
Let nghttpx only use http/1.1 to backend. This reproduces the bug in
quiche with higher frequency. Allow test_14_05 to now return a 400 in
addition to the 431 we get from a h2 backend to nghttpx.
Skip test_05_02 in h3 on quiche not newer than version 0.24.4 in which
its bug is fixed: https://github.com/cloudflare/quiche/pull/2278
Ref: https://github.com/cloudflare/quiche/issues/2277Closes#19770 (original Issue)
Closes#19916
Do the whole realloc and the subsequent logging under mutex lock. This
fixed log entries that state allocation a memory location before realloc
logs it as being freed.
Closes#19900
Move new tests from test_12 to test_06 (eyeballing) where they better
fit. Increase reliability by check Alt-Svc redirects from h3 to a lower
version for a port where no h3 is available.
Closes#19903
Explicitly disable these warnings to allow using `-Weverything`.
There are around 600 of them across the codebase.
Silencing them has some drawbacks:
- enums (`CURLcode` mostly) would have to be cast to int to avoid
different signedness depending on C compiler.
(llvm/gcc: unsigned, MSVC/clang-cl: signed by default)
- hex masks need casts to unsigned to avoid the warning.
- fixing remaining warnings is annoying without fixing the above.
- without fixing all warnings the option cannot be enabled, to keep
the codebase warning free.
Ref: #18343 (silenced all warnings, but without the enum cast)
Follow-up to 92f215fea1#18477Closes#19907
CMake 3.18 was released on 2020-07-15.
It enables using (and/or dropping workarounds) for these features:
LTO support, better performance and pkg-config support, `OBJECT` target,
`-S`, `-B`, `--verbose`, `--install` on the command-line, lib directory
support in interface targets, target_link_options(), LINK_OPTIONS,
FetchContent, `list(PREPEND ...)`, unity, Ninja, fixed imported global
issues.
Ref: https://github.com/curl/curl/discussions/18704Closes#19902
All Windows platforms support it. It was permanently enabled with most
build methods. The exception is autotools where it is enabled by
default, with an option to disable it. It changed the build in a few
places for rarely tested code paths, but not bringing other advantages
(and used some 64-bit APIs anyway). This patch makes autotools'
`--disable-largefile` option a no-op for Windows.
Closes#19888
MSTATE_TUNNELING is no longer in use now that we have proxy connection
filters. Remove the state.
Remove the http handler `connect_it` method as it was merely a NOP.
Closes#19894
When the Alt-Svc points to the same host and port, add the destination
ALPN to the `wanted` versions and set it also as the `preferred` version
in negotiations.
This allows Alt-Svc for h3 to point to h2 and have it tried first. Also,
this allows Alt-Svc to say http/1.1 is preferred and changes the ALPN
protocol ordering for the TLS handshake.
Add tests in various combination to verify this works.
Reported-by: yushicheng7788 on github
Fixes#19740Closes#19874
Nothing conclusive for the last ~30 days when `taskkill` was made
a no-op. Jobs remained flaky with all known failure modes. Sometimes
they finish green on the first run, sometimes they fail. Hard to say
more without comparing detailed stats for this period and the
preceding (or upcoming) one.
In almost all runs, the PID to be killed did not exist at the time of
check.
Follow-up to 2701ac6a4d#19421Closes#19897
Only the TLS 1.2 structure for now since it's simpler, and only has a
single label type. This has the bonus of also testing libressl that only
supports logging keys in TLS 1.2
Closes#19816
- TCP Fast Open support on Windows
TFO doesn't really work on the internet and isn't really used anywhere.
We use QUIC now.
- get rid of PATH_MAX
Not a priority and when using 3rd party libraries not really up to us.
- auto-detect proxy
A dream we can just stop having.
- config file parsing
Let's not do that in our library.
- add asynch getaddrinfo support
Let's not add a limited glibc specific backend with bad API
- FTP HOST
If we managed this far without name based vhost FTP, let's not.
Closes#19890
To make the test files XML-compliant, and the expected results
possibly easier to manage by keeping them in `.md`, `.html`, `.1`
and `.txt` files.
Non-XML-compliant files are down to 31 (1.6%) after this patch.
Closes#19882
To make the test files XML-compliant, and the expected results
possibly easier to manage by keeping them in `.c` files.
Non-XML-compliant files are down to 36 after this patch.
Also:
- make all macro expansions apply to `%includetext` contents.
Closes#19799
- to avoid dupes.
- missing slashes.
- drop `.git` suffix from GitHub git repo URLs for a few outliers.
- use short YouTube URL like curl-www does.
- sync two RFC doc URLs with others.
Closes#19879
With Schannel and Unicode, `-shallow=13`. It finishes in 12 minutes,
making it the slowest Windows job. It's still on par with torture jobs
on other platforms (though they manage to fit `-shallow=25`).
Also `-shallow=13` still caught leaks in multiple tests.
Also:
- test2300: exclude from CI Windows torture tests.
- experimental.
The downside of going with deeper torture tests, is that it requires
increasing the job timeout. This in turns means that a hung job takes
more minutes to be killed (due to GitHub bugs where a hung step does not
honor the per-step timeout on Windows, another bug where a hung job gets
killed +5 minutes above the workflow timeout, and another bug (or
feature?) where other failed/hung jobs in the the workflow cannot be
restarted till the last job finishes or gets killed. And all this
probably related to a Perl bug which makes it hang on fork errors, which
is turn related to Cygwin/MSYS2 runtime bugs which breaks fork in case
of curl's mixed MSYS2-Perl/native-curl-binaries environment.)
The end result in longer forced waits before being able to restart flaky
jobs, which slows down iterations and annoying.
Also tried:
- non-c-ares job: detected known issues much less often.
- replaced libidn2 with WinIDN: detected known issues much less often.
- runtests -j9-j20 values: did not make a difference.
- other `-shallow` values: 20 is the max feasible, but comes with the
downside described above.
Ref: #19675 (reboot of)
Follow-up to f08417c425#19863Closes#19865
Detected by Windows torture test 1072 (with `-shallow=20/13`),
test 579 (with `-shallow=18/14/13`), and test 1286 (with `-shallow=15`).
```
** MEMORY FAILURE
Leak detected: memory still allocated: 20 bytes
At 1a1e8136328, there is 18 bytes.
allocated by D:/a/curl/curl/lib/curl_sspi.c:133
At 1a1e8139368, there is 2 bytes.
allocated by D:/a/curl/curl/lib/curl_sspi.c:143
1072: torture FAILED: function number 207 in test.
invoke with "-t207" to repeat this single case.
Warning: http2 server unexpectedly alive
```
Ref: https://github.com/curl/curl/actions/runs/20008523913/job/57374427439?pr=19865
Also simplify the code a little.
Cherry-picked from #19865Closes#19866
- Stricter cookie validation with earlier rejection of empty/invalid
cookie names
- secure and httponly attributes no longer accept = with empty values
(only bare keywords)
- Validation checks (length, TAB, prefixes) moved into the first
name/value pair block for better code organization
- Deferred time(NULL) calls for better performance when expires/max-age
aren't used
- Simplified loop control flow by removing done flag
- The cookie size restriction now only applies to name + value, not other
parts of the header line.
- Fixed a gcc 4.8.1 quirk
Closes#19868
To avoid wasting time allocating data for incoming cookies that are
discarded for one reason or another, delay allocations until after
verifications are done.
Closes#19864
This delays the allocating of the cookie struct until after all the
checks have been done, as many cookies are received and discarded
instead of accepted and this then saves one allocation for every
discarded cookie.
Closes#19864
Without this option `wolfSSL_get_app_data()` always returns NULL.
Disable codepaths using it (and its `set` pair) when curl is built
against a wolfSSL library with this option missing.
Fixing:
```
curl: ../../lib/vtls/wolfssl.c:486: wssl_vtls_new_session_cb: Assertion `cf != ((void *)0)' failed.
```
wolfSSL can be built with the `--enable-context-extra-user-data` or
`-DWOLFSSL_EX_DATA` option to enable this feature. Some higher-level
features also enable it automatically like QUIC, ASIO.
Reported-by: Yedaya Katsman
Bug: https://github.com/curl/curl/pull/19816#issuecomment-3606447845
Ref: https://github.com/curl/curl/actions/runs/19871780796/job/56949160740Closes#19852
curl_formget() accepts a user-provided callback function but does not
validate it is non-NULL before calling it. If a caller passes NULL,
the function will crash with SIGSEGV.
Add NULL check at the start of the function to return an appropriate
error code instead of crashing.
Signed-off-by: Robert W. Van Kirk <robert@rwvk.tech>
Closes#19858
On platforms where neither accept4 nor fcntl was available, an
EPRT connection did not send the accepted socket as non-blocking.
This became apparent when TLS was in use and the test receive
on shutdown did simply hang.
Reported-by: Denis Goleshchikhin
Fixes#19753Closes#19851
- URLs specified outside of the markdown []() are now extracted and
checked
- also check TODO, FAQ and KNOWN_BUGS
- more aggressive avoiding to check github.com/curl/curl, all uses of
example domains and some more established URLs on the curl.se site
- list all errors in the end to make them easier to spot in CI logs
Closes#19848
- drop redundant parentheses from macro definitions.
- apply clang-format in some places missed earlier.
- wolfssl: fix a macro guard comment.
- curl_setup.h: drop empty lines
- FAQ: fix C formatting.
Closes#19854
Clone a multibye conversion function into curlx/fopen, and use that
local copy from curlx/fopen functions. Adjust allocators in curlx/fopen
to use curl's in normal builds, and system allocators in TrackMemory
builds to avoid recursion.
This allows to switch curlx/multibyte functions to curl allocators in
all configurations, as they are no longer called by curlx/fopen, and
a recursive call can no longer happen.
After this patch the system allocator is only used in TrackMemory
Windows builds, within curlx `fopen`, `freopen`, `stat` and `open`
functions.
Also:
- test 1, 440, 767: raise allocation limitsto fit the extra allocations
in Windows Unicode builds.
- replace all uses of `curlx_unicodefree()` macro with `curlx_free()`
across the codebase.
- curlx/multibyte: delete `curlx_unicodefree()`.
- ldap: join Windows and non-Windows codepaths that became
identical after moving from `curlx_unicodefree()` to `curlx_free()`.
- vauth: drop a strdup from standard to curl allocator since
the original allocation is now already done by curl's.
- tool_doswin: drop now superfluous strdup from `FindWin32CACert()`.
- memanalyzer.pm: sync weirdo `calloc` log message with `malloc`'s.
Fixes#19748Closes#19845
Change Unix domain socket paths from `/tmp/curl-socksd-<random>` to
`/drive/path/to/LOGDIR/PIDDIR/*-uds` to avoid having to create and
delete them before use. Also to use a path which remains an absolute one
while passed from MSYS2 Perl to native Windows curl tool and test server
via the command-line, and keep pointing to the same location, fixing:
```
=== Start of file commands.log
../src/curl.exe -q --output log/3/curl1468.out --include --trace-ascii log/3/trace1468
--trace-time http://this.is.a.host.name:64405/1468
--proxy socks5h://localhost/tmp/curl-socksd-YnbvRo98 [...]
=== End of file commands.log
=== Start of file socks2_server.log
[...]
14:11:54.597968 Listening on Unix socket D:/a/_temp/msys64/tmp/curl-socksd-YnbvRo98
```
Ref: https://github.com/curl/curl/actions/runs/19896583933/job/57028545111?pr=19812
The curl tool is pending #19825 to fix accepting an absolute unix domain
socket path on Windows.
Assisted-by: Viktor Szakats
Closes#19810
Legacy LDAP means an OpenLDAP-compatible implementation
without the private API `ldap_init_fd()` introduced in OpenLDAP
2.4.6+ (2007-10-31), and not WinLDAP.
One known example is Apple's LDAP build, which is based on
OpenLDAP 2.4.28 (2011-11-25), without providing this private API.
The version query API was introduced around 1998-1999, before
the minimum (2.0 2000-08-01) required by curl.
Follow-up to 3e2a946926#19808Closes#19832
The example code does not use curl_multi_assign(), but its callback
function used socketp (called sockp in the function) to get the struct
priv pointer instead of the correct clientp (cbp).
Reported-by: Greg Hudson
Fixes#19840Closes#19841
Windows 10.17063+ (having unix socket support) fails to set for unix
sockets the `SO_REUSEADDR` option, with error 10045 (`WSAEOPNOTSUPP`),
and also fails to set `SO_KEEPALIVE` with error 10042 (`WSAENOPROTOOPT`).
Fix by not enabling these socket options on Windows for unix sockets.
Also:
- fixing test 1435, 1436 to run in CI.
- fixing the `socksd` test server for test 1467, 1468, 1470. But, also
disable these for now due to another Windows issue: #19825
Ref: https://stackoverflow.com/questions/68791319/unix-domain-socket-bind-failed-in-windows/68794755#68794755
Ref: #19810Closes#19812
Since we no longer traverse the transfers attached to a connection,
change the sparse bitset to just a `uint32_t` counter.
This makes multi_ev the single user of sparse bitsets for transfers
using a socket and allocation failures are handled there correctly.
Refs #19818Closes#19836
To make it clearer to readers of the code that the resulting dup also
has a null terminator. Something a "normal" memdup() does not provide.
Closes#19833
Function Curl_bufref_ptr() now returns a const char *.
New function Curl_bufref_uptr() returns a const unsigned char *.
Usage and doc updated.
Closes#19827
OpenSSL 4 has plans to make ASN1_STRING opaque, which will break the
build, so convert the code to use accessors. ASN1_STRING_length() and
ASN1_STRING_type() go way back to SSLeay and ASN1_STRING_get0_data() is
OpenSSL 1.1 API present in BoringSSL since foreer and also available
since LibreSSL 2.7, so this should not cause compat issues with any
libcrypto in a supported version of the fork family.
https://github.com/openssl/openssl/issues/29117Closes#19831
Patch #19786 removed an exception, which caused many more CI jobs to run
`memanalyze.pl`. It resulted in a 10-30% (Linux), 15% (macOS), 100% (2x,
on Windows) slowdown of runtest steps. It also made some jobs exceed
their time limits and fail (seen with the Windows ARM64 job.)
Turns out the overhead was caused by calling `memanalyze.pl` as
an external process (twice per test), which in turn had to load a full
Perl stack from scratch each time.
Fix by converting memanalyze to a Perl modul, loaded as part of
`runtests.pl`, which eliminated the overhead completely.
It also sped up existing jobs where memanalyze was run for a long time,
e.g. two c-ares Windows jobs, saving 4.5m per CI run.
Supersedes #19819
Bug: https://github.com/curl/curl/pull/19786#issuecomment-3598679397
Follow-up to fb7033d760#19786Closes#19821
To allow replacing `&` characters in `tests/data/test*` files for
XML-compliance.
Also:
- document `%GT`, `%LT`
Follow-up to de49cc89ab#19470Closes#19824
Eliminate a heap buffer in both `win32_idn_to_ascii()` and
`win32_ascii_to_idn()`, by replacing it with stack buffer. The maximum
size is fixed in these cases, and small enough to fit there.
Also reuse length returned by the UTF-8 to wchar conversion, allowing
to drop `wcslen()` call in both functions, and allowing to call
the wchar to UTF-8 conversion API `WideCharToMultiByte()` with the known
length, saving length calculations within that API too.
Ref: https://github.com/curl/curl/pull/19748#issuecomment-3592015200Closes#19798
Address issues listed in #19770:
- allow for ngttpx to successfully shut down on last attempt that might
extend beyond the finish timestamp
- timeline checks: allos `time_starttransfer` to appear anywhere in
the timeline as a slow client might seen response data before setting
the other counters
- dump logs on test_05_02 as it was not reproduced locally
Fixes#19970Closes#19783
A fix for the tests that took the longest:
- test_05: make the server close the HTTP/1.1 connection when
simulating an error during a download. This eliminates waiting
for a keepalive timeout
- test_02: pause tests with slightly smaller documents, eliminate
special setup for HTTP/2. We test stream window handling now
elsewhere already
- cli_hx_download: run look in 500ms steps instead of 1sec, resuming
paused tranfers earlier.
Closes#19809
Instead of buffering response body data until it is received by the
transfer loop, write the response data directly to the client.
Use a connection wide scratch buffer to get the response body from
quiche. Eliminates need for maintaining individual buffers for each
stream.
Fixes#19803
Reported-by: Stanislav Fort
Closes#19806
add the debug log before freeing the memory, otherwise another thread
might allocate and log it before the free is logged.
Follow-up to a7bebd8502Closes#19787
Protect modification to the `membuf` by different threads
via a mutex. This ensure that index updates are correct and
that data gets written in order.
Closes#19785
Use the already detected `gssapi/gssapi_krb5.h` MIT Kerberos header
to pull in `gssapi_ext.h`, which in turn sets `GSS_C_CHANNEL_BOUND_FLAG`
if supported. Channel binding is present in MIT Kerberos 1.19+.
Also:
- lib: de-duplicate GSS-API header includes.
- vauth: de-duplicate `urldata.h` includes.
- drop interim feature macro in favor of the native GSS one.
Assisted-by: Max Faxälv
Reported-by: Max Faxälv
Bug: https://github.com/curl/curl/pull/19164#issuecomment-3551687025
Follow-up to 8616e5aada#19164Closes#19603Closes#19760
Follow-up to c1e3a760b. The previous update missed an addition that also
can wrap and cause confusion. Fixing this by calling
Curl_pgrsSetDownloadSize() after the overflow check.
Reported-by: Deniz Parlak
Closes#19774
The macro is present in all supported Windows toolchains.
It's present in mingw-w64 v3+, and in MS SDK 6.0A+ (maybe earlier).
Also:
- restrict this logic to `USE_WINSOCK` (was: `_WIN32`), to exclude
alternate socket libraries (i.e. lwIP). lwIP supports `IPV6_V6ONLY`
since its 2.0.0 (2016-11-10) release and it's disabled by default,
unlike in Winsock.
Ref: e65202f825
- delete interim setter function/dummy macro `set_ipv6_v6only()`.
Follow-up to a28f5f68b9#18010
Follow-up to ca3f6decb9#10975Closes#19769
Before this patch it added Windows-specific casts. In unity builds this
also affected other source files.
`setsockopt()` is called without special casts in other places in
the code, and passing a non-const char ptr to a const char ptr arg also
should work.
Basic compile test with mingw-w64 confirms. In case of issues, a cast to
`curl_socklen_t` can be used, or do the special case in an `#if` branch.
Also: merge Windows-specific guards for `SET_RCVTIMEO()`.
Follow-up to 639d052e44#3155
Follow-up to 04cb15ae9dCloses#19768
To avoid potentially executing a different Perl than used by the rest
of the build and tests.
Also to be more portable by not relying on shebang support, though these
particular tests require POSIX shell anyway.
Closes#19767
Move check logic from postchecks to `test613.pl`.
To make these test data files XML-compliant.
Also to avoid POSIX/bash-shellisms in postcheck.
Closes#19766
Since this function returns allocated resources there is probably at
least a theoretical risk this can return NULL.
Pointed out by ZeroPath
Closes#19756
To fix non-unity builds using certain header orders (seen in ntlm.c with
the include order changed):
```
lib/vauth/../sendf.h:117:27: error: ‘struct Curl_cwriter’ declared inside parameter list will not be visible outside of this definition or declaration [-Werror]
117 | struct Curl_cwriter *writer);
| ^~~~~~~~~~~~
lib/vauth/../sendf.h:215:54: error: ‘struct Curl_creader’ declared inside parameter list will not be visible outside of this definition or declaration [-Werror]
215 | CURLcode (*do_init)(struct Curl_easy *data, struct Curl_creader *reader);
| ^~~~~~~~~~~~
[...]
```
Ref: https://github.com/curl/curl/actions/runs/19785420705/job/56691185397?pr=19760
Ref: #19760Closes#19761
Rework the way curl's custom Find modules advertise their properties.
Before this patch, Find modules returned detected dependency properties
(header dirs, libs, libdirs, C flags, etc.) via global variables. curl's
main `CMakeLists.txt` copied their values into global lists, which it
later applied to targets. This solution worked internally, but it was
unsuited for the public, distributed `CURLConfig.cmake` and publishing
curl's Find modules with it, due to polluting the namespace of consumer
projects. It's also impractical to apply the many individual variables
to every targets depending on libcurl.
To allow using Find modules in consumer projects, this patch makes them
define as imported interface targets, named `CURL::<dependency>`. Then
store dependency information as target properties. It avoids namespace
pollution and makes the dependency information apply automatically
to all targets using `CURL::libcurl_static`.
Find modules continue to return `*_FOUND` and `*_VERSION` variables.
For dependencies detected via `pkg-config`, CMake 3.16+ is recommended.
Older CMake versions have a varying degree of support for
propagating/handling library directories. This may cause issues in envs
where dependencies reside in non-system locations and detected via
`pkg-config` (e.g. macOS + Homebrew). Use `CURL_USE_PKGCONFIG=OFF`
to fix these issues. Or upgrade to newer CMake, or link libcurl
dynamically.
Also:
- re-enable `pkg-config` for old cmake `find_library()` integration
tests.
- make `curlinfo` build after these changes.
- distribute local Find modules.
- export the raw list of lib dependencies via `CURL_LIBRARIES_PRIVATE`.
- `CURLconfig.cmake`: use curl's Find modules to detect dependencies in
the consumer env.
- add custom property to target property debug function.
- the curl build process no longer modifies `CMAKE_C_FLAGS`.
Follow-up to e86542038d#17047
Ref: #14930
Ref: https://github.com/libssh2/libssh2/pull/1535
Ref: https://github.com/libssh2/libssh2/pull/1571
Ref: https://github.com/libssh2/libssh2/pull/1581
Ref: https://github.com/libssh2/libssh2/pull/1623Closes#16973
Instead of writing each line to file immediately, this now stores them
in an in-memory buffer until that gets full or curl exits. To make it
run faster and write to file less often.
Closes#19750
To conclude changing the send buffer type from `const void *` to `const
uint8_t *`, change the top level send function and its implementations.
Closes#19743
Remove connection member `waitfor` and keep it in the SSH connection
meta. Add `ssh` to supported tracing features, convert many DEBUGF
printgs to traces.
Closes#19745
To reduce to amount of Debian packages to install, which hopefully
removes some flakiness due to sometimes very slow Azure package
distro servers. Possible also making these jobs finish 20s faster.
Windows from Debian | llvm | gcc
:------------------ | :----------------: | :----------------:
build time | 2m41s -> 2m20s | 3m19s -> 2m57s
installed packages | 288 -> 142 | 247 -> 99
downloads | 403 MB -> 240 MB | 297 MB -> 134 MB
disk space | 2132 MB -> 1289 MB | 1582 MB -> 739 MB
Before: https://github.com/curl/curl/actions/runs/19765983026
After: https://github.com/curl/curl/actions/runs/19766373960?pr=19749
Ref: 02149b7e36Closes#19749
Before this patch curl used the C preprocessor to override standard
memory allocation symbols: malloc, calloc, strdup, realloc, free.
The goal of these is to replace them with curl's debug wrappers in
`CURLDEBUG` builds, another was to replace them with the wrappers
calling user-defined allocators in libcurl. This solution needed a bunch
of workarounds to avoid breaking external headers: it relied on include
order to do the overriding last. For "unity" builds it needed to reset
overrides before external includes. Also in test apps, which are always
built as single source files. It also needed the `(symbol)` trick
to avoid overrides in some places. This would still not fix cases where
the standard symbols were macros. It was also fragile and difficult
to figure out which was the actual function behind an alloc or free call
in a specific piece of code. This in turn caused bugs where the wrong
allocator was accidentally called.
To avoid these problems, this patch replaces this solution with
`curlx_`-prefixed allocator macros, and mapping them _once_ to either
the libcurl wrappers, the debug wrappers or the standard ones, matching
the rest of the code in libtests.
This concludes the long journey to avoid redefining standard functions
in the curl codebase.
Note: I did not update `packages/OS400/*.c` sources. They did not
`#include` `curl_setup.h`, `curl_memory.h` or `memdebug.h`, meaning
the overrides were never applied to them. This may or may not have been
correct. For now I suppressed the direct use of standard allocators
via a local `.checksrc`. Probably they (except for `curlcl.c`) should be
updated to include `curl_setup.h` and use the `curlx_` macros.
This patch changes mappings in two places:
- `lib/curl_threads.c` in libtests: Before this patch it mapped to
libcurl allocators. After, it maps to standard allocators, like
the rest of libtests code.
- `units`: before this patch it mapped to standard allocators. After, it
maps to libcurl allocators.
Also:
- drop all position-dependent `curl_memory.h` and `memdebug.h` includes,
and delete the now unnecessary headers.
- rename `Curl_tcsdup` macro to `curlx_tcsdup` and define like the other
allocators.
- map `curlx_strdup()` to `_strdup()` on Windows (was: `strdup()`).
To fix warnings silenced via `_CRT_NONSTDC_NO_DEPRECATE`.
- multibyte: map `curlx_convert_*()` to `_strdup()` on Windows
(was: `strdup()`).
- src: do not reuse the `strdup` name for the local replacement.
- lib509: call `_strdup()` on Windows (was: `strdup()`).
- test1132: delete test obsoleted by this patch.
- CHECKSRC.md: update text for `SNPRINTF`.
- checksrc: ban standard allocator symbols.
Follow-up to b12da22db1#18866
Follow-up to db98daab05#18844
Follow-up to 4deea9396b#18814
Follow-up to 9678ff5b1b#18776
Follow-up to 10bac43b87#18774
Follow-up to 20142f5d06#18634
Follow-up to bf7375ecc5#18503
Follow-up to 9863599d69#18502
Follow-up to 3bb5e58c10#17827Closes#19626
Install CMake from the Kitware GitHub release archive. To allow choosing
its version independently from the OS.
Switch to 3.7.0 (from 3.7.2) to test the earliest supported version.
Also tested OK with 3.18.4 and 3.7.2.
The download and install step takes 1-2 seconds.
Follow-up to c9e50e9e39#19737Closes#19738
To allow more flexibility and not be limited by defaults offered by
the runner machines:
- Visual Studio 2013: CMake 3.12.2
- Visual Studio 2015, 2017: CMake 3.16.2
Ref: https://www.appveyor.com/docs/windows-images-software/
Start using 3.18.4, 3.19.8, 3.20.6 in older VS jobs to add variations.
Time cost is a couple of seconds per job.
Ref: #18704 (Discussion)
Ref: #16973Closes#19737
Change the send parameter from `const void *` to `const uint8_t *` and
adapt calling code. Several had already unsigned chars and were casting.
Closes#19729
Change `inputbuff` parameter from `const char *` to `const uint8_t *` to
reflect the binary nature of the input bytes. Half the code was casting
unsigned char to signed already in calling.
Closes#19722
Make `port` member in these struct of type `uint16_t`.
add `uint8_t transport` to `struct ip_quadruple
Define TRNSPRT_NONE as 0. By assigning a valid transport only on a
successful connection, it is clear when the ip_quadruple members are
valid. Also, for transports not involving ports, the getinfos for
`CURLINFO_PRIMARY_PORT` and `CURLINFO_LOCAL_PORT` will now always return
-1.
Make all `transport` members and parameters of type `uint8_t`.
Document the return value of `CURLINFO_LOCAL_PORT` and
`CURLINFO_PRIMARY_PORT` in this regard. Add tests that writeout stats
report ports correctly.
Closes#19708
Add protocol handler flag `PROTOPT_CONN_REUSE` to indicate that the
protocol allows reusing connections for other tranfers. Add that
to all handlers that support it.
Create connections with `conn->bits.close = FALSE` and remove all
the `connkeep()` calls in protocol handlers setup/connect implementations.
`PROTOPT_CONN_REUSE` assures that the default behaviour applies
at the end of a transfer without need to juggle the close bit.
`conn->bits.close` now serves as an additional indication that a
connection cannot be reused. Only protocol handles that allow
reuse need to set it to override the default behaviour.
Remove all `connclose()` and `connkeep()` calls from connection
filters. Filters should not modify connection flags. They are
supposed to run in eyeballing situations where a filter is just
one of many determining the outcome.
Fix http response header handling to only honour `Connection: close`
for HTTP/1.x versions.
Closes#19333
When passing a `msg_ctrl` to sendmsg() as part of GSO handling, zero the
complete array. This fixes any false positives by valgrind that complain
about uninitialised memory, even though the kernel only ever accesses
the first two bytes.
Reported-by: Aleksei Bavshin
Fixes#19714Closes#19715
Fix return value indicating to OpenSSL if reference to session is kept
(it is not), so OpenSSL frees it.
Reported-by: Aleksei Bavshin
Fixes#19717Closes#19718
The on_uv_timeout callback was trying to access req->data as
a curl_context pointer, but uv.timeout.data was never initialized,
making it always NULL. This rendered the code inside the if(context)
block unreachable.
Fixes#19462Closes#19538
GnuTLS 3.8.11 started requiring a nettle version new enough to be
missing from Ubuntu LTS released a year ago. To keep up testing it,
build nettle from source. Besides the necessary one time effort this
has the downside that nettle updates now need to be done manually
a couple of times per year when renovate detects one. (if I got the
renovate formula correct to catch the tag format).
Also:
- switch the local GnuTLS build to use the release tarball instead of
the Git repo and calling the script `bootstrap`. The script could
potentially download source code using the cleartext `git:` protocol.
It's also downloading lots of content, including a full OpenSSL repo.
Ref: 955f7a7fc2/NEWS (L41-L44)
Follow-up to 905b718de3#19642
Follow-up to a439fc0e37#19613Closes#19680
Fold the special connection pool shutdown handling in multi the things
the admin handle cares about. Add the admin handle to the 'process'
bitset, deduce it from the 'running' count.
The admin handle is the processed like any other transfer, but has a
special case in `multi_runsingle()`. Simplifies all other multi
processing parts.
Closes#19604
* move the TIMER_POSTQUEUE to the time a connection is chosen,
so that TIMER_NAMELOOKUP always happens afterwards
* client writer: do not trigger TIMER_STARTTRANSFER on CLIENTWRITE_INFO
as ftp and other pingpong protocols write that before starting anything
that is the tranfer itself
* Elimnating debug trancing of "closed stream/connection - bailing"
as confusing, as connection is not really closed on most cases.
* Setting 'data->req.upload_done` correctly, so that no "abort upload"
is happening at the end of a perfectly fine download.
* Adding test cases with up-/download of 0-length files.
* pytest: add a "timeline" of timer value checks to Resulst in curl.py,
so that this can be used in several test cases, replacing the local
stuff in test_16
* add timeline checks to ftp test cases
Closes#19269
Although finally stored as a non-const pointer, the string is intended
to be left unchanged.
This change allows using the function without the need of a cast for
const pointers.
Closes#19692
Some public prototypes do not declare return values or out parameters as
const where they should be. Avoid changing the public interface, but
document those values as read-only.
Closes#19692
- Curl_async_getaddrinfo() always returned NULL so it was pointless.
Return proper curlcode instead to distinguish between errors. Same for
Curl_doh().
- simplify the IP address handling
- make Curl_str2addr() function return CURLcode
Closes#19669
Replace:
- `open()` with `curlx_open()` (1 call).
- `fopen()` with `curlx_fopen()`.
- `fclose()` with `curlx_fclose()`.
To centralize interacting with the CRT in preparation for using "safe"
alternatives on Windows. This also adds long-filename and Unicode
support for these operations on Windows.
Keep using `open()` in the signal handler to avoid any issues with
calling code not allowed in signal handlers.
Cherry-picked from #19643Closes#19679
Windows CRTs have a `share.h`. Before this patch when trying to
`#include <share.h>` it, the compiler picked up curl's internal
`lib/share.h` instead. Rename it to avoid this issue.
CRT `share.h` has constants necessary for using safe open CRT functions.
Also rename `lib/share.c` to keep matching the header.
Ref: https://learn.microsoft.com/cpp/c-runtime-library/sharing-constants
Ref: 625f2c1644#16949#16991
Cherry-picked from #19643Closes#19676
Example of old text:
--dns-ipv4-addr requires that libcurl is built to support c-ares.
New version:
For --dns-ipv4-addr to work, it requires that the underlying libcurl is
built to support c-ares.
Closes#19665
Description of how this works in `docs/internal/RATELIMITS.ms`.
Notable implementation changes:
- KEEP_SEND_PAUSE/KEEP_SEND_HOLD and KEEP_RECV_PAUSE/KEEP_RECV_HOLD
no longer exist. Pausing is down via blocked the new rlimits.
- KEEP_SEND_TIMED no longer exists. Pausing "100-continue" transfers
is done in the new `Curl_http_perform_pollset()` method.
- HTTP/2 rate limiting implemented via window updates. When
transfer initiaiting connection has a ratelimit, adjust the
initial window size
- HTTP/3 ngtcp2 rate limitin implemnented via ack updates
- HTTP/3 quiche does not seem to support this via its API
- the default progress-meter has been improved for accuracy
in "current speed" results.
pytest speed tests have been improved.
Closes#19384
To replace deprecated, unsafe `sys_nerr`, `sys_errlist` global
variables with the function suggested by the CRT warning silenced via
`_CRT_SECURE_NO_WARNINGS`:
```
lib/curlx/strerr.c(291): warning C4996: '__sys_nerr': This function or variable may be unsafe. Consider using strerror instead.
lib/curlx/strerr.c(292): warning C4996: '__sys_errlist': This function or variable may be unsafe. Consider using strerror instead.
```
(where `strerror` in turn suggests `strerror_s`...)
Upside: returns an error and has a Unicode variant. Downaside: happy
to return success when passing unrecognized error codes. Work it around
by looking for the string "Unknown error" returned in such cases and
falling back to other methods to retrieve a description.
Refs:
https://learn.microsoft.com/cpp/c-runtime-library/errno-doserrno-sys-errlist-and-sys-nerrhttps://learn.microsoft.com/cpp/c-runtime-library/reference/strerror-s-strerror-s-wcserror-s-wcserror-sCloses#19646
Also:
- memdebug: fix symbol collision in unity builds.
- memdebug: fix compiler warning by making a variable static.
Follow-up to c77bed81a2#19657Closes#19666
When a trasfer is paused from a read callback with a CURL_READFUNC_PAUSE
code, it should be excluded from the speedcheck. Currently only
transfers paused from write callbacks are excluded, because the code
only checks for "recv direction" of the transfer. This commit adds a
check for "send direction".
Issue similar to https://github.com/curl/curl/issues/6358Closes#19653
- adjust cipher list in infof() statement for min/max TLS version
- skip test_17_07 for wolfSSL 5.8.4 when CHACHA20 is negotiated
due to regression with homebrew build on ARM systems.
Fixes#19644
Reported-by: Viktor Szakats
Closes#19662
The freeing of the already allocated hostname is done by
Curl_async_shutdown(). This extra free in the RR code path made a
double-free.
Presumably not detected because the CI torture tests don't run HTTPS-RR
enabled?
Follow-up to 8d0bfe74fbCloses#19658
This reverts commit a439fc0e37.
It requires a version of libnettle that is not included in these Ubuntu
versions: "Libnettle 3.10 was not found"
Closes#19642
When OpenSSL fails to verify the peer certificate, we checked for
one specific reason code and did not ask Apple SecTrust for any
other failure.
Always ask Apple SecTrust after OpenSSL fails when the `native_ca_store`
is enabled. If the user configures a CAfile or CApath, the native store
is disabled, so this does not affect use cases where users asks curl
to use a specific set of trust anchors.
Do the same for GnuTLS
Fixes#19636
Reported-by: ffath-vo on github
Closes#19638
Usage:
- autotools: `--disable-typecheck` (or `--enable-typecheck` (default))
- cmake: `-DCURL_DISABLE_TYPECHECK=ON`.
To disable `curl_easy_setopt()`/`curl_easy_getinfo()` type checking with
supported (new) gcc and clang compilers. It is useful to improve build
performance for the `tests/libtest` target. In particular the CodeQL
analyzer may take above an hour to compile with type checking enabled,
and disabling it brings it down to seconds. On local machines it may
also cut build times in half when build testdeps, depending on platform
and compiler.
Other than these cases, we recommend leaving type checking enabled.
Ref: fdacf34aae#19632
Also:
- GHA/codeql: use it.
- test1165: check in `include/curl`.
- lib1912: delete stray todo comment.
- spelling and comment nits.
Closes#19637
Replace:
- curl_sspi: macro `_tcsncpy()` with `_tcsncpy_s()`.
- curlx/fopen: `wcsncpy()` with `wcsncpy_s()`.
- curlx/fopen: `wcscpy()` with `wcscpy_s()`.
Use of the pre-existing functions were safe. This patch aims to use the
recommended Windows CRT functions. Handle errors returned by them. Also
to avoid the compiler warnings silenced via `_CRT_SECURE_NO_WARNINGS`:
```
lib/curl_sspi.c(152): warning C4996: 'wcsncpy': This function or variable may be unsafe. Consider using wcsncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS.
lib/curlx/fopen.c(161): warning C4996: 'wcsncpy': This function or variable may be unsafe. Consider using wcsncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS.
lib/curlx/fopen.c(162): warning C4996: 'wcscpy': This function or variable may be unsafe. Consider using wcscpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS.
lib/curlx/fopen.c(174): warning C4996: 'wcsncpy': This function or variable may be unsafe. Consider using wcsncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS.
lib/curlx/fopen.c(175): warning C4996: 'wcscpy': This function or variable may be unsafe. Consider using wcscpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS.
```
Refs:
https://learn.microsoft.com/cpp/c-runtime-library/reference/strncpy-strncpy-l-wcsncpy-wcsncpy-l-mbsncpy-mbsncpy-lhttps://learn.microsoft.com/cpp/c-runtime-library/reference/strncpy-s-strncpy-s-l-wcsncpy-s-wcsncpy-s-l-mbsncpy-s-mbsncpy-s-lhttps://learn.microsoft.com/cpp/c-runtime-library/security-features-in-the-crt
Cherry-picked from #19581 (in part)
Closes#19589
If verifypeer and verifyhost are disabled, to not generate
a failf() message for failed verifications.
Fixes#19615
Reported-by: ncaklovic on github
Closes#19625
`memdebug.h` must be included last within each source. This breaks when
including it in a header, which ends up being included in the middle of
other headers, and `memdebug.h` also ending up in the middle of
includes.
Follow-up to c255d2fdcb#19602Closes#19629
macOS was chosen because xmllint comes preinstalled, saving the prereq
install step. But, macOS's xmllint jobs sometimes doesn't finish in 1m
(instead of under 1 second) and gets cancelled, causing flaky failures.
Go with Linux and an install phase (of 15s) instead.
Examples:
https://github.com/curl/curl/actions/runs/19558021722/job/56004334495Closes#19634
Turns out the cause of CodeQL hangs (or probably just extreme long
compile) is the header `curl/typecheck-gcc.h`. By accident I noticed
that the preprocessed output of libtests.c is 75 MB (megabytes). This
is much higher than the amounf of source code hinted, also compared to
e.g. units.c or other build targets. The reason for the extreme size
is each easy option call pulling in the large checker logic defined
in this header.
By compiling with `-DCURL_DISABLE_TYPECHECK`, preprocessed output drops
to 2.2 MB (34x), and the libtests target builds without issues.
Also build all tests and examples with the Linux HTTP/3 config, covering
3 more files.
With these, CodeQL C coverage is 893 out of 930 (96%) (was: 645 69%)
Follow-up to 71fc11e6bb#18695
Follow-up to a333fd4411#18557
Follow-up to b4922b1295#18564
Closes https://github.com/vszakats/curl/pull/11Closes#19632
Previously it had to realloc the pattern array to store the last entry
even when that last entry triggered an error and could be only half
filled in.
Also cleaned up for readability and better reallocs for sets.
Reported-by: letshack9707 on hackerone
Closes#19614
Based on existing code and commit history it appears
`CURL_DISABLE_INSTALL` means to prevent calling `install()`;
`CURL_ENABLE_EXPORT_TARGET` means to prevent calling `export()` and
`install()`s with `EXPORT` in them.
Fix them to also apply to the lib and src directories in that vain:
- lib: honor `CURL_DISABLE_INSTALL`
- src: honor `CURL_DISABLE_INSTALL`
- src: honor `CURL_ENABLE_EXPORT_TARGET`
https://cmake.org/cmake/help/v4.2/command/install.htmlhttps://cmake.org/cmake/help/v4.2/command/export.html
- `CURL_DISABLE_INSTALL` follow-up to:
aace27b096#12287
- `CURL_ENABLE_EXPORT_TARGET` follow-up to:
8698825106#9638643ec29645#7060Closes#19144
To complement the existing `curlx_fopen()` internal API.
It's used by the curl's `--stderr` option.
`curlx_freopen()` adds two features to the bare `freopen()`:
- tracing for debug-enabled builds.
- Unicode and long-filename support for Windows builds.
In effect this adds long-filename and enables Unicode support for
the `--stderr <filename>` curl command-line option on Windows.
Also add to checksrc.
Follow-up to 2f17a9b654#10673Closes#19598
To override the curl default of 5 minutes (300000 ms).
Sometimes a simple test data change can result in a stuck test, this
option makes it exit with an error early. Possible future use in CI
or fast machines to prevent a single test taking 5 minutes and failing
the whole job.
Example hangers:
tests/data/test65:
```diff
-<data1000 crlf="yes">
+<data1000 crlf="headers">
```
tests/data/tests993:
```diff
-%repeat[1000 x 95 328485%0d%0a]%</data>
+%repeat[1000 x 95 328485%0d%0a]%
+</data>
```
Closes#19319
Only the `test-ci` build target sets `--buildinfo` automatically,
since 985f39c0ce. It needs to be set
manually for other targets used in CI, such as `test-torture`,
to enable the `buildinfo.txt` dump in the runtests step.
For Test Clutch. In an attempt to re-sync `targetarch` with the rest of
macOS jobs on the feature matrix page:
https://testclutch.curl.se/static/reports/feature-matrix.html
Before this patch and possibly since the breaking update It's `aarch64e`
for torture jobs and `aarch64` for the rest
(stricly speaking `aarch64e` is the correct value for all macOS jobs, but
autotools and cmake report arm64/aarch64 without the `e`.)
Regression from 985f39c0ce#18147Closes#19601
There are 58 non-compliant files. Mark them with the `notxml` keyword.
Also include the compliant ones in the GHA/checksrc xmllint CI job.
Also:
- delete XML prolog from the 3 test data files that had them.
- FILEFORMAT.md: document the `notxml` keyword.
- FILEFORMAT.md: fix a typo.
Follow-up to de49cc89ab#19470
Follow-up to f3095f0dbd#19528
Follow-up to 87ba80a6dfCloses#19595
Reduce number of files failing `xmllint --format` from 133 to 57 (-76)
(3% of 1894), by replacing `<` and `>` with new macro `%LT` and `%GT`,
in most places, which is in email addresses (192 lines).
Follow-up to a9ec2a676c#19491Closes#19470
Passing the option as-is to libcurl is fine, but checking that the file
exists allows the tool to better provide a helpful message.
This now done for the following options:
--cacert, --crlfile, --knownhosts, --netrc-file, --proxy-cacert amd
--proxy-crlfile
Bonus: bail out properly on OOM errors in the --cert parser.
Reported-by: Wesley Moore
Fixes#19583Closes#19585
- curl_setup.h: replace `_CRT_SECURE_NO_DEPRECATE` with
`_CRT_SECURE_NO_WARNINGS`, which seems to be the preferred,
more recent macro for this. Also syncing with libssh2.
They are equivalent for curl sources with the supported compilers.
- cmake: stop setting `_CRT_SECURE_NO_DEPRECATE` globally for examples.
- examples: suppress CRT deprecation warnings on a per-file basis.
To make it work when compiling examples out of curl's build systems.
Use `_CRT_SECURE_NO_WARNINGS`.
- examples: document the functions requiring `_CRT_SECURE_NO_WARNINGS`.
- examples/block_ip: delete superfluous `_CRT_SECURE_NO_WARNINGS`.
- examples/block_ip: limit `_CRT_NONSTDC_NO_DEPRECATE` to MSVC.
- examples/log_failed_transfers: fix to set `_CRT_SECURE_NO_WARNINGS`
before headers and limit to MSVC.
- curl_setup.h: document which SDKs support `_CRT_NONSTDC_NO_DEPRECATE`.
Closes#19175
The parsing of the HTTP/1.1 formatted request into the h2/h3 header
structures should detect CURLOPT_CUSTOMREQUEST methods and forward them
correctly.
Add test_01_20 to verify
Fixes#19543
Reported-by: Omdahake on github
Closes#19563
Starting with clang 18, stable clang releases start with minor version 1.
Exclude pre-releases with minor version 0 from the compiler warning
options for that major version.
This fixes the build with Android NDK r29, which uses a prerelease
version of clang 21 that doesn't know the new options yet.
Closes#19566
There remain some false positives, hits in test data, and `dir` use,
around 100 issues in total.
There is no plan to enforce badwords on tests.
Also:
- badwords.txt: let a few `manpage[s]` occurrences through
(in Perl code).
Closes#19541
Before this patch `TCP_KEEP*` socket options were unconditionally used
if the build-time SDK supported them. This caused curl logging errors
(or trace messages since #19527) on Windows versions missing support
for them. After this patch, use them only when the runtime environment
supports it and fall back to the alternate method (`SIO_KEEPALIVE_VALS`)
dynamically.
Also:
- log a trace message when using the Win10 method.
- document which SDK versions offer `TCP_KEEP*` macros.
Ref: https://learn.microsoft.com/windows/win32/winsock/ipproto-tcp-socket-options
Ref: https://learn.microsoft.com/windows/win32/winsock/sio-keepalive-vals
Reported-by: Aleksandr Sergeev
Fixes#19520
Follow-up to dc34498d18#19527Closes#19559
- fix test_17_20 flakiness: the test case did not have `nghttpx` in
its parameters, causing it to no check if a reload was necessary.
When that test ran behind one that gave nghttpx another certificate,
eg. in parallel mode, it used the wrong pinned pubkey.
- Have `env` provide lists of HTTP protocol versions available for
testing. Replace parameterized tests on a fixed protocol list with
the dynamic one from env. This makes checks for protocol availability
in the test function bodies superfluous.
refs #19489Closes#19540
test 1459 "SFTP with corrupted known_hosts" was seen failing in the past.
To fix it, the test was automatically disabled when detecting libssh
0.9.3 or older, as in the curl CircleCI job, running on Ubuntu 20.04.
This work for a long time, until bumping the CircleCI runner to Ubuntu
22.04 (to have OpenSSL 3), where the test was running again, and failing
with the isssue seen in the past.
- Test skipped with Ubuntu 20.04 (libssh 0.9.3):
https://app.circleci.com/pipelines/github/curl/curl/16445/workflows/7f198763-e0b0-4037-9245-4c4b40ab8726/jobs/155164
- Failure seen with Ubuntu 22.04 (libssh 0.9.6):
https://app.circleci.com/pipelines/github/curl/curl/16452/workflows/b817a808-0fd4-40b0-8eb0-d064926efe12/jobs/155206?invite=true#step-107-211709_45
- Failure seen with Ubuntu 24.04 (libssh 0.10.6):
https://app.circleci.com/pipelines/github/curl/curl/16455/workflows/86c631f1-3c5f-4438-b398-3df2bdab5d20/jobs/155218
Turns out the issue issue isn't libssh 0.9.3 itself, but
a CircleCI-specific default configuration in `/etc/ssh/ssh_config`:
```
# BEGIN ANSIBLE MANAGED BLOCK
Host *
StrictHostKeyChecking no <------ this particular line
HashKnownHosts no
SendEnv LANG LC_*
# END ANSIBLE MANAGED BLOCK
```
libssh will consult configuration files on hard-coded default system
locations and alter its behavior based on settings found in them.
This libssh behavior is present in all supported versions:
5a2abd34cehttps://gitlab.com/libssh/libssh-mirror/-/tags/libssh-0.9.0
It means the existing disable logic based on libssh version worked by
coincidence, and what needs to be checked is these configurations
to decide if it's safe to run the test. Another, simpler option is
to also accept the result code 67, though in that case the test
wouldn't actually test what we want, but would pass anyway.
With the old `oldlibssh` workaround deleted, and the problematic setting
manually overridden (`StrictHostKeyChecking yes`):
- CircleCI Ubuntu 20.04 passes with 1459 enabled:
https://app.circleci.com/pipelines/github/curl/curl/16483/workflows/87a9f389-76a2-4a32-acde-c0b411a4c842/jobs/155302
- CircleCI Ubuntu 22.04 does too:
https://app.circleci.com/pipelines/github/curl/curl/16483/workflows/87a9f389-76a2-4a32-acde-c0b411a4c842/jobs/155303
To fix, replace the `runtests` `oldlibssh` detection logic to parse
libssh config files (instead of checking for libssh version) and disable
test 1459 based on that. Notice the detection is making a light attempt
to parse these files, and does not implement most config file features
(such as includes, quoted values and `=` operator.)
The new runtests workaround tests OK with the:
- default CircleCI configuration, disabling 1459 automatically.
- a sudoless configuration fix, with 1459 run successfully.
Also keep setting this option in CircleCI jobs.
- a sudo configuration fix, with 1459 run successfully.
Ref: https://app.circleci.com/pipelines/github/curl/curl/16492/workflows/56f39335-97ba-412c-9a9b-3d662694375a
GHA jobs are not affected and they work fine, with 1459 running successfully
before and after this patch.
It's possible the libssh API offers ways to control config file use
and/or set the strict host checking option programatically. Maybe
to enable in debug mode (albeit CircleCI job are not debug-enabled),
or offer an option for them. It may be something for a future patch.
Follow-up to 23540923e1#8622
Follow-up to 4b01a57c95#8548
Follow-up to bdc664a640#8490
Follow-up to 7c140f6b2d#8444
Ref: 6d9c5c91b9#19549Closes#19557
The mistake is harmless because it is still a size of a pointer, but
this is the correct pointer.
Acked-by: Daniel McCarney
Reported-by: pelioro on hackerone
Bug: https://hackerone.com/reports/3427460Closes#19545
It also means that all supported OpenSSL versions and forks support
TLSv1.3 after this patch.
It reduces `openssl.c` size by more than 10%, or 400 LOC.
Ref: #18822Closes#18330
Windows CE support was limited to successful builds with ming32ce
(a toolchain that hasn't seen an update since 2009, using an ancient gcc
version and "old mingw"-style SDK headers, that curl deprecated earlier).
Builds with MSVC were broken for a long time. mingw32ce builds were never
actually tested and runtime and unlikely to work due to missing stubs.
Windows CE toolchains also miss to comply with C89. Paired with lack of
demand and support for the platform, curl deprecated it earlier.
This patch removes support from the codebase to ease maintaining Windows
codepaths.
Follow-up to f98c0ba834#17924
Follow-up to 8491e6574c#17379
Follow-up to 2a292c3984#15975Closes#17927
- badwords.pl: add `-a` option to check all lines in source code files.
Before this patch indented lines were skipped (to avoid Markdown code
fences.)
- GHA/checksrc: use `-a` when verifying the source code.
- GHA/checksrc: disable `So` and `But` rules for source code.
- GHA/checksrc: add docs/examples to the verified sources.
- badwords.txt: delete 4 duplicates.
- badwords.txt: group and sort contractions.
- badwords.txt: allow ` url = `, `DIR`, `<file name`.
Closes#19536
The HTTP/3 tests did send 20 transfers against nghttpx with a backend
that failed the uploads with a 400 and an incomplete response body. This
causes stream resets.
Apache keeps the connection open, but newer nghttpx closes the front
connection after "too many" reset. When that bites, it depends on the
number of transfers ongoing how the test case fails. This led to flaky
outcomes.
Reduce the transfers to just a single one and check the result of
that one. Parallelism is not important here.
refs #19489Closes#19530
Cleanup the vtls pinned key matching somewhat. Add a DEBUGF
for pinned key hashes that do not match, so we can see in
traces what was going on.
Ref #19489Closes#19529
Line 143: "if(duringconnect)" would always equal true. While this is
harmless, I believe this minor tweak makes the flow slightly more
obvious to the reader and avoids the redundant condition.
Pointed out by CodeSonar
Closes#19523
Sync outliers with the rest of the code.
Also:
- return error in some failed init cases, instead of `CURLE_OK`:
1908, 1910, 1913, 2082, 3010
- lib1541: delete unused struct member.
Closes#19515
Move out logic from a switch() expression and return error directly
instead of using goto. This also removes the odd-looking two subsequent
closing braces at the same indent level.
Closes#19509
Add new functions in `curlx/warnless.h` for controlled type
conversions:
* curlx_uitouz, convert unsigned into to size_t (should always work)
* curlx_uztoso, convert size_t to curl_off_t, capping at CURL_OFF_T_MAX
* curlx_sztouz, convert ssize_t to size_t, return TRUE when ok
* curlx_sotouz_range, convert curl_off_t to size_t interval, capping
values to interval bounds
Remove some unnecesary casts, convert some internal recv functions
to the "return result, have size_t* arg" pattern.
Closes#19495
Rename `Curl_timeleft()` to `Curl_timeleft_ms()` to make the units in
the returned `timediff_t` clear. (We used to always have ms there, but
with QUIC started to sometimes calc ns as well).
Rename some assigned vars without `_ms` suffix for clarity as well.
Closes#19486
Special meanings of URLs became outdated, and it's also no longer
necessary to pass the test number via the URL or domain anymore.
Delete the text.
Follow-up to c6f1b0ff49#19429Closes#19503
Overhaul of the internal cookie APIs and an attempt to better return
errors for OOM and similar critical problems, separate from ordinary and
benign parsing problems.
Closes#19493
Some curl command-lines are long, often repetitive, and difficult
to read or write:
Before this patch (1 test == 1 line):
- <=78 characters: 1099 tests
- 79-132 characters: 500 tests
- 133+ characters: 217 tests: patch meant to help with some of these.
After this patch:
- <=78 characters: 1288 lines
- 79-132 characters: 526 lines
- 133+ characters: 190 lines
After this patch it's possible to fold long lines into multiple ones.
Folding can reduce greppability, thus this is primarily useful for cases
when the options are repetitive, e.g. a list of form options, headers,
mail parameters and the like.
Closes#19500
To untangle the different curl/server requirements of these tests.
Also to make this test run for non-H2 builds. Searching the cause of
the flakiness documented in #19481.
Also:
- fix the callback function prototype. Detected by ASAN with this patch,
though the issue was pre-existing.
```
lib/cw-out.c:211:14: runtime error: call to function emptyWriteFunc
through pointer to incorrect function type
'unsigned long (*)(char *, unsigned long, unsigned long, void *)'
tests/libtest/lib2405.c:72: note: emptyWriteFunc defined here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior lib/cw-out.c:211:14
```
Ref: https://github.com/curl/curl/actions/runs/19296686908/job/55180334364?pr=19487#step:44:3768
Follow-up to 96a5ce5a82#19481Closes#19487
To better reject junk and detect overflows. There were already
additional precautions and protections in place, but this is cleaner.
Extended the 1614 unit tests with some more bad syntax cases.
Closes#19475
Also:
- replace `manpage` with `man page`, add to `badwords.txt`.
- badwords.pl: import `-w` feature from curl-www, syncing the two
scripts fully.
- badwords.txt: import missing items from curl-www, syncing the two
files fully.
- pyspelling.words: drop `cURL` allowed word.
Closes#19468
On Windows this requires Perl 5.22 from year 2015.
Also:
- mdlinkcheck: delete redundant error handling logic.
Follow-up to 77be4a7ab2#19437Closes#19461
dynconvert() now offers to return the size of the converted data as it
might be different that the provided input size.
Bonus: minor indent fixing of some closing braces.
Reported-by: Stanislav Fort (Aisle Research)
Closes#19465
The CURL_FTP_HTTPSTYLE_HEAD logic was added back in 2007 with the
intention to remove that logic one day, but since we never bump the
SONAME it is not likely to happen anytime soon. Remove again for
readability.
Follow-up to 3217809294Closes#19463
Verify that wolfSSL_BIO_meth_new() actually works and handle situations
where it returns NULL.
Reported-by: Stanislav Fort (Aisle Research)
Closes#19459
Without unit, show up to 99999 "raw" (5 digits). After that, prefer to
show the number as less than 1000 per unit and use single decimal
fraction. Like '123.4M' (spending 6 characters).
This now makes the largest possible size to show 8.0E (exabytes).
Probably makes the output easier to read.
Fixes#19431
Reported-by: Fd929c2CE5fA on github
Closes#19433
When asking for the last N bytes of a file, and that size was larger
than the file size, it would miss the first byte due to a logic error.
The fixed range parser is now made a common function in the file now
renamed to vssh.c (from curl_path.c) - used by both backends.
Unit test 2605 verifies the parser.
Reported-by: Stanislav Fort (Aisle Research)
Closes#19460
- allow 02_28 to run in HTTP/1.1 without H2 support again.
Follow-up to 3752de465d#19412
- fix to skip 02_28 for all protocols for curl without compression
support (either zlib, brotli or ztsd).
Closes#19458
Also:
- OS400/makefile.sh: use end-of-options marker in xargs command.
- OS400/make-tests.sh: drop warning suppression.
Seems to not trigger anymore as of shellcheck 0.11.0
Closes#19451
Fix SC2046: "Quote this to prevent word splitting."
Ref: https://www.shellcheck.net/wiki/SC2046
Also:
- shellcheck.sh: add `set -eu`.
- shellcheck.sh, yamlcheck.sh: always run from repo root.
- pass `--` before passing the list of files, where missing.
- badwords.pl, cleancmd.pl: rework to accept `git ls-files` arguments.
Requires Perl 5.22+ (2015-Jun-01) on Windows.
Ref: https://perldoc.perl.org/functions/open
- INTERNALS.md: require Perl 5.22 on Windows.
- spacecheck.pl: formatting.
- GHA/http3-linux: rework command to avoid SC2046.
- stop suppressing SC2046 warnings.
The yamlcheck.sh issue reported-by: Stanislav Fort (Aisle Research)
Ref: 20251109163515_6eb31da3-deb2-4f4d-8327-935904f27da5
Closes#19432
Data files no longer depend on mixed newline styles. Before this
patch the harness still assumed data files to use LF newlines,
ensured by `.gitattribute` and distributing sources with LF newlines.
To allow using platform native newlines (CRLF on Windows typically),
update the test harness to support data files with any newline style
on disk. And delete `.gitattributes`.
Fix to:
- load original data files (from test/data) so that their newline-style
doesn't matter on the checked out source repo, meaning it works
when its CRLF on Windows, just like any other file.
(if a BOM slips in, it's caught by `spacecheck.pl` as binary content.)
- do the same in `util.py` used by `smbserver.py` (for test 1451).
- also fix `util.py` to use us-ascii encoding for data files, replacing utf-8.
Also:
- runtests: rework the stray CR checker to allow full CRLF data files,
and keep warning for mixed newlines.
Follow-up to 904e7ecb66#19347Closes#19398
When a blob option is used and it does not convert, the code would
erroneously pass along an uninitialized stack struct.
Reported-by: Stanislav Fort (Aisle Research)
Closes#19444
They make git branch names using those parentheses, that need to be
quoted when used with git command lines. Avoid parentheses for easier to
use branch names.
Follow-up to f77c574445Closes#19441
In the logic called for curl_multi_fdset().
File descriptors larger than FD_SETSIZE size are simply ignored, which
of course will make things break but at least it does not trash memory.
Reported-by: Stanislav Fort (Aisle Research)
Closes#19439
To debug the Windows CI fails further. Acting on the suspicions that
`taskkill` may sometimes be applied to the wrong process.
- log task info, and task child info before calling `taskkill` on a PID.
(on native Windows.)
One of the calls needs PowerShell.
- add env `CURL_TEST_NO_TASKKILL` to disable using `taskkill`.
- add env `CURL_TEST_NO_TASKKILL_TREE` to use `taskkill` without
`-t`, meaning to kill the process, but not child processes.
- GHA/windows: disable `taskkill` calls, to see what happens.
I'll revert or tweak this in a future commit depending on results.
Ref: https://github.com/curl/curl/discussions/14854#discussioncomment-13062859
Ref: https://github.com/curl/curl/discussions/14854#discussioncomment-14913014Closes#19421
Before this patch servers were loading the original data source file
(from `tests/data/test*`) if they failed to open the preprocessed data
file.
It was causing issues in many (most?) tests, because original data files
are not preprocessed, thus may be incomplete and/or come with wrong
newline characters. It's also causing difficult to diagnose issues when
a test accidentally references another test's data, which by chance
makes the test pass initially, until either that or the executed test
data gets an update, and breaking it, as seen in #19329.
Historically, the fallback existed first, then the preprocessed copy.
The fallback is no longer used by tests (except by stray accidents).
Fix it by dropping the fallback logic and relying on the preprocessed
data file saved there by the runtests framework.
Also fix two remaining test data cross-references:
- test1565: reference own server input data instead of test1's.
- test3014: reference own server input data instead of test1439's.
Ref: #19398
Follow-up to aaf9522a2c#19329Closes#19429
If CMake reports the target platform not supporting shared libs, turn
`BUILD_SHARED_LIBS` off by default. CMake 3.30+ fails with an error
when trying to create a `SHARED` target for such platforms. Earlier
versions used a workaround that may or may not have worked in practice.
Ref: https://cmake.org/cmake/help/v3.30/policy/CMP0164.html
Seen this with a build setting `-DCMAKE_SYSTEM_NAME=Generic`, e.g.
AmigaOS.
Note this may introduce incompatibility for "Generic" targets, which
support shared libs. If that's the case, set `BUILD_SHARED_LIBS=ON`
manually.
Also drop AmigaOS-specific logic handled automatically after this patch.
Ref: https://cmake.org/cmake/help/v3.7/command/get_property.html
Ref: https://cmake.org/cmake/help/v3.7/prop_gbl/TARGET_SUPPORTS_SHARED_LIBS.htmlCloses#19420
They were disabled since these jobs ran in Zuul. The tests are 320, 321,
322, 323, 324. Of which, 323 runs in CI, the rest needs `gnutls-serv`
with SRP enabled, which is not available in current jobs and no longer
offered by Ubuntu's `gnutls-bin` package. 324 doesn't appear as
a skipped test, 323 seems to be running fine, the rest are logged as
skipped. This suggests it's safe to drop the exceptions.
Closes#19413
Build and cache LibreSSL locally with Fil-C and enable it in the Fil-C
job.
Also:
- disable test 776 in the Fil-C job. It fails consistently, and due to
flakiness seen earlier its result is disabled. In this job it seems to
be adding 1 to 9 minues to the test run step and fails consistently.
- include Fil-C version in the LibreSSL cache key to prepare for Fil-C
ABI changes.
- GHA/linux: fully quote `tflags` values to avoid breaking YAML.
Tested and confirmed working with OpenSSL too, but ended up with
LibreSSL for faster, smaller builds.
Closes#19407
To allow running pytests on more curl configurations.
Also delete a redundant H3 feature check from test_17_14_expired_cert.
Cherry-picked from #19407Closes#19412
The short descriptions describe the data each info retrieves. The info
itself does not 'get' the data.
This simplifies and shortens the descriptions and make them more
consistent.
Closes#19406
A regression in curl 8.17.0 led to a customer CAPATH set by the
application (or the curl command) to be ignored unless licurl was built
with a default CAPATH.
Add test cases using `--capath` on the custom pytest CA, generated with
the help of the openssl command when available.
Fixes#19401
Reported-by: Brad King
Closes#19308
Requirements for Fil-C:
- not to accidentally pick up system headers. E.g. from `/usr/include`
on Linux. It can happen when any dependency is auto-detected on this
header path. This makes Fil-C find the wrong system headers, which
in turn breaks the configuration step in subtle ways (with CMake) and
less subtle ways (autotools). Then CMake ends up running into an error
while compiling.
- build all dependencies with Fil-C too.
(this patch doesn't build any dependencies yet.)
- "unity" mode disabled. It should work, but needs a lot of memory and
slower than a standard compiler, or a Fil-C non-unity build.
- x86_64 Linux host platform when using the pre-built toolchain.
Observations on a minimal, static build made with no dependencies and
Fil-C 0.674 (based on clang 20.1.8).
- curl tool sizes:
- cmake, default, w/o -O: 30 MB (gcc 14.2.0: 1.7 MB)
- cmake, default, w/o -O, stripped: 29.6 MB (gcc: 1.4 MB)
- cmake, Release, -O3: 7.2 MB (gcc: 1 MB)
- cmake, Release, -O3, stripped: 6.8 MB (gcc: 0.93 MB)
- autotools, default, -O2: 7 MB
- libcurl.a size is 32 MB (cmake, default, w/o -O) (gcc: 2.7 MB)
- build times 3-3.5x longer (compared to system gcc 14.2.0):
- all runtests available pass OK.
- all pytests skipped due to missing features/dependencies.
- shared libcurl builds also work (cmake, default: 25 MB libcurl.so and
5.75 MB (5.6 stripped) curl tool)
- autotools works fine too, with dependencies disabled or set to avoid
`/usr/include`.
Closes#19391
On some platforms, socket descriptors may use types larger than int.
When these values exceed INT_MAX, conversion to int can truncate to
negative values causing RTMP connection failures, and even accidentally
affect other socket when high-value descriptors map to existing
lower-value sockets after integer conversion. This check ensures socket
values are within the safe range before passing them to the RTMP
library.
Closes#19399
Resumed TLS sessions skip OCSP stapled-response verification. Force a
full handshake so verifystatus() runs.
Follow-up to 4bfd7a9615
Pointed out by ZeroPath
Some internal functions always return CURLE_OK.
- Curl_http_proxy_get_destination() does that from bb4032a, (2 years
ago) And the original inline code does not need to check the status.
- Curl_wildcard_init() does that from e60fe20. (8 years ago)
- Curl_initinfo() does that from a very beginning.
- Curl_pgrsSetDownloadCounter() did not have a return before 914e49b,
ad051e1 recovered its content (2 years ago) but did not completely
recovered the changes related to it.
- auth_digest_get_qop_values() does that from 676de7f.
This directly changes their type to void and cleaned the remaining
checks for their return value.
Closes#19386
Instead of happily ignoring return codes.
Calls that allocate data, like duplicating strings, can fail because of
lack of memory which could then leave the option unset and curl would
unknowingly continue (if the memory shortage was momentary).
Closes#19385
When Curl_conn_cf_recv() returns error, the variable might not be
assigned and the tracing output may (harmlessly) use it uninitialized.
Also add a comment about the typecast from size_t to int being fine.
Pointed out by ZeroPath
Closes#19393
Both CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR would
previously return error on bad input but would wrongly still store and
keep the partial (unacceptable) result in the handle.
Closes#19389
curl is for transfers so disabling all protocols has to be a mistake.
Previously it would allow this to get set (even if curl_easy_setopt()
returns an error for it) and then let libcurl return error instead.
Updated 1474 accordingly.
Closes#19388
There is no more mixed-newline file in the repository after this patch.
Except for`.bat` and `.sln` files (4 in total), all files use LF
newlines.
Also:
- `spacecheck.pl`: drop mixed-EOL exception for test data.
- runtests: add option `-w` to check if test data has stray CR bytes in
them.
- build: enable the option above in test targets, except the CI-specific
one where `spacecheck.pl` does this job already.
- tested OK (with expected failures) in CI with stray CRs added.
- cmake: enable option `-a` for the `tests` target. To continue testing
after a failed test.
Follow-up to 63e9721b63#19313
Follow-up to 6cf3d7b1b1#19318
Follow-up to 4d2a05d3fe#19284Closes#19347
With `check_finished()` triggered by notifications now, the
`progress_meter()` was no longer called at regular intervals.
Move `progress_meter()` out of `check_finished()` into the perform loop
and event callbacks.
Closes#19383
Syncing behavior with `CURL_CA_BUNDLE` and autotools.
`/etc/ssl/certs` is empty by default on macOS systems, thus no likely
auto-detection finds something there.
Follow-up to eefd03c572#18703Closes#19380
With GnuTLS 3.8.0+ the build-time SRP feature detection always succeeds.
It's also disabled by default in these GnuTLS versions.
When using TLS-SRP without it being available in GnuTLS, report
the correct error code `CURLE_NOT_BUILT_IN`, replacing the out of memory
error reported before this patch.
Also add comments to autotools and cmake scripts about this feature
detection property.
Detecting it at build-time would need to run code which doesn't work
in cross-builds. Once curl requires 3.8.0 as minimum, the build-time
checks can be deleted.
```
# before:
curl: (27) gnutls_srp_allocate_client_cred() failed: An unimplemented or disabled feature has been requested.
# after:
curl: (4) GnuTLS: TLS-SRP support not built in: An unimplemented or disabled feature has been requested.
```
Ref: dab063fca2
Ref: a21e89edacCloses#19365
```
docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.md:86:16
docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.md:139:16
```
Also sync `CURL *` and result variable names with rest of docs.
Follow-up to 6d7e924e80#19375Closes#19379
It also does shellcheck on `run:` elements, overlapping with
the homegrown `shellcheck-ci.sh` with the same purpose. But it also does
more and perhaps could replace the script too, especially in curl
sub-repos.
Also:
- GHA/macos: delete potentially useful, but commented, and ultimately
unused, non-default Xcode-testing logic. It's causing unused matrix
exceptions, upsetting actionlint.
Ref: https://github.com/rhysd/actionlintCloses#19373
This commit does the following things:
1. Update the description of gtls_init()
2. In gtls_client_init(), check the invaild SSLVERSION at first. Note
that this part refactors the duplicate/incompatible checks and removes
the useless local variable `sni`.
3. Check the return value of gnutls_ocsp_resp_init(). Although the
original code is safe because gnutls_ocsp_resp_import() will check
the validity of `ocsp_resp`, it is better to catch the error in time
and record the proper message to output log.
Closes#19366
To add another, so far untested standalone toolchain variant to the mix.
This distro is a fairly compact, GCC mingw-w64.
Replacing an existing 15.0.1 snapshot toolchain build job.
Ref: https://github.com/skeeto/w64devkit/releasesCloses#19369
When GnuTLS is detected via pkg-config on a non-default path, e.g. with
Homebrew arm64 (`/opt/homebrew/`).
This was a regression from a commit made in this release cycle.
The Find module doesn't return an absolute path to the detected library
(as the former solution did), but a bare libname and a libpath. We thus
need to explicitly use the libpath while detecting a feature in GnuTLS
found this way. Syncing this with other dependencies.
Follow-up to 1966c86d71#19163Closes#19360
Use the %VERSION instead. The user-agent stripping was introduced at the
time before we had %VERSION (introduced in e6b21d4). The tests would
then remove the user-agent header to make them possible to be compared
in a version independent way.
Fixes#19355
Reported-by: Stefan Eissing
Closes#19356
- `reply/data*`, `verify/stdout`, `verify/stderr`, `verify/file*`,
`verify/proxy`:
- make `crlf="yes"` force CRLF to all lines, instead of just applying
to HTTP protocol headers.
- add support for `crlf="headers"` that only converts HTTP protocol
header lines to CRLF. (previously done via `crlf="yes"`.)
- use `crlf="headers"` where possible.
- `reply/connect*`:
- add support for `crlf="yes"` and `crlf="headers"`.
- use them where possible.
- `client/file*`, `client/stdin`:
- add support for `crlf="yes"`.
- use it where possible.
- `reply/data*`, `verify/protocol`:
- replace existing uses of `crlf="yes"` with `crlf="headers`" where it
does not change the result.
Reducing the number of `tests/data/test*`:
- CRLF newlines from 10295 to 1985. (119985 lines total)
- files with mixed newlines from 656 to 113. (1890 files total)
After this patch there remain 141 sections with mixed newlines, where
the mixing is not split between headers/non-headers. There is no obvious
pattern here. Some of the CRLF uses might be accidental, or
non-significant. They will be tackled in a future patch.
Follow-up to 6cf3d7b1b1#19318
Follow-up to 4d2a05d3fe#19284Closes#19313
find_ssl_filter used while(cf && cf->next) and skipped the last node.
If the SSL filter was last, channel binding lookup failed and we returned
CURLE_BAD_FUNCTION_ARGUMENT. Switch to while(cf) so the tail is examined.
This bug was found with ZeroPath.
Closes#19229
Fixes#19109 - GSSAPI authentication fails on macOS with Apple's Heimdal
implementation which lacks GSS_C_CHANNEL_BOUND_FLAG support for TLS
channel binding.
Commit 0a5ea09a91 introduced TLS channel binding for SPNEGO/GSSAPI
authentication unconditionally, but Apple's Heimdal fork (used on macOS)
does not support this feature, causing "unsupported mechanism" errors
when authenticating to corporate HTTP services with Kerberos.
Solution:
- Add CURL_GSSAPI_HAS_CHANNEL_BINDING detection in curl_gssapi.h based
on GSS_C_CHANNEL_BOUND_FLAG presence (MIT Kerberos >= 1.19)
- Make negotiatedata.channel_binding_data field conditional in vauth.h
- Guard channel binding collection/cleanup in http_negotiate.c
- Guard channel binding usage in spnego_gssapi.c
This follows the same pattern as GSS_C_DELEG_POLICY_FLAG detection and
ensures graceful degradation when channel binding is unavailable while
maintaining full support for implementations that have it.
Changes:
- lib/curl_gssapi.h: Add feature detection macro
- lib/vauth/vauth.h: Make struct field conditional
- lib/http_negotiate.c: Conditional init/cleanup (2 locations)
- lib/vauth/spnego_gssapi.c: Conditional channel binding usage
Tested on macOS with Apple Heimdal (no channel binding) and Linux with
MIT Kerberos (with channel binding). Both configurations authenticate
successfully without errors.
Closes#19164
The definition of these constants does not give a numeric ordering
and MAX_DEFAULT needs to be checked in addition of ciphers and QUIC
checks to apply correctly.
Fixes#19340
Reported-by: Peter Piekarski
Closes#19341
The interim CURLE_AGAIN result was not always converted to a
CURLE_OK and then caused write callers to report a failure.
Fixes#19334
Reported-by: pennae on github
Closes#19338
The test FTP server returned LF newlines for 227/229 replies, instead of
the CRLF used for the rest.
Test data added later were explicitly made to expect an LF in these
response lines.
After this patch the FTP server returns CRLF newlines, allowing
to delete this special case in test data.
Follow-up to 3bfff57e1f
Follow-up to a7937ed49cCloses#19330
Test 696 and 556 share the same libtest code. Make sure to issue
the `GET` request to the correct runtime test number instead of using
the hard-wired "556".
It makes the `sws` test server read the response string from `test696`
`<data>` section, instead of reading it from `test556`. To avoid this
hidden interaction between test data.
AFAICS there is no other similar hard-coded string in reused libtests.
Ref: https://github.com/curl/curl/pull/19313#issuecomment-3477448933
Follow-up to be82a3605a#16003Closes#19329
- fix regex to not catch CR (from CRLF), in `PORT`, `EPRT`
commands, allowing to use `crlf="yes"` more.
- add `crlf="headers"` mode for `protocol` sections.
To call `subnewlines()` without its force option.
This is the mode used in `data` sections when `crlf="yes"`.
(This confusion may be subject to a future commit.)
- subnewlines: apply CRLF to `HEAD` and `CONNECT` HTTP requests.
- subnewlines: apply CRLF to RTSP requests.
- delete remaining empty `protocol` sections.
Reducing the number of `tests/data/test*`:
- CRLF newlines from 11325 to 10295. (119984 lines total)
- files with mixed newlines from 707 to 656. (1890 files total)
Follow-up to 4d2a05d3fe#19284Closes#19318
When the target host is on a different port than 443, the name
"_[port]._https.[name]" shall be used.
Fixes#19301
Reported-by: Gunni on github
Closes#19324
- use `AM`/`CM` where missing.
In GHA/linux-old and AppVeyor CI.
To denote autotools and CMake, and to align with rest of the jobs.
- rename `Old Linux` to `Linux Old` to align with the rest of Linux
jobs on GitHub web views sorted by name.
Closes#19316
When openssl does not verify the certificate, but apple sectrust
does, we also pass it the ocsp stapled response when configured and
available.
When openssl does not verify the cert chain, it will also not be able
to verify the ocsp stapling. Do not call it if sectrust is the
verifier of the cert chain.
Fixes#19307
Reported-by: Harry Sintonen
Closes#19308
- add global init and deinit where missing.
- check global init success.
- improve cleaning up on error codepaths.
- drop `CLI_ERR()` macro, that could quit.
Also make error messages tell the reason.
Closes#19309
To make them explicit, visible, avoid being accidentally trimmed.
Also prevents Git warnings, e.g. on `git am`.
Also:
- runtests: add support for `%spc%` and `%tab%` macros.
- test59: delete non-significant line-ending space.
- spacecheck.pl: drop line-ending whitespace exception for tests.
Closes#19300
- 'CURL *' handles are called 'curl'
- 'CURLM *' handles are called 'multi'
- write callbacks are called 'write_cb'
- read callbacs are called 'read_cb'
- CURLcode variables are called 'res'
It makes the examples look and feel more consistent. It allows for
easier copy and pasting between examples.
Closes#19299
When a SCP/SFTP connection calls the protocol handler disconnect, it
required the connections *and* the easy handles SSH meta data to be
present. When the disconnect is called with an admin handle, the easy
meta data is not present, which prevented the shutdown to run.
The easy meta data is however not necessary to run the shutdown state
machine. Calling it with a NULL `sshp` is fine. To avoid any mixups,
check `sshp` in state operations that need it.
Fixes#19293
Reported-by: And-yW on github
Closes#19295
To make special newlines more explicit and visible.
Mostly in `<protocol>` sections, some in `<data*>` and `<upload>`.
Reducing the number of `tests/data/test*`:
- CRLF newlines from 21535 to 11337.
- files with mixed newlines from 1335 to 707.
Also delete empty `<protocol>` sections.
Closes#19284
Also:
- delete dead code.
- sync `http2-download.c` and `http2-upload.c` sources.
- simplessl: fix constant expression.
- simplessl: avoid `expression is constant` VS2010 warning, drop pragma.
- replace large stack buffers with dynamic allocation.
- http2-download: fix to fill transfer number.
Some of these were pointed out by TIOBE scanner via Coverity 2025.3.0.
Closes#19292
Also:
- tests/libtest/cli_h2_serverpush: re-sync formatting.
Previously fixed in tests based on a local clang-tidy v20 report.
Pointed out by TIOBE scanner via Coverity 2025.3.0.
Follow-up to 83a8818cfe#17706Closes#19291
The maximum size is set to 16MB.
It should not possible to call this function with this large input, but
this is a precaution to catch mistakes and replaces the earlier check on
architectures with small size_t.
Closes#19280
socks_gssapi: the malloc + memcpy was superflous and can be skipped
cleartext: avoid malloc + three memcpy with aprintf()
digest_sspi: use memdup0 instead of malloc + memcpy
vtls: use memdup0 instead of malloc + memcpy
Closes#19282
Custom IMAP commands using -X (e.g. 'FETCH 123 BODY[1]') were only
returning the first line of responses containing literals, instead of
the full multi-line body data.
The issue was that custom commands route through imap_perform_list()
and imap_state_listsearch_resp(), which didn't detect or handle IMAP
literal syntax {size}.
This commit adds literal detection to imap_state_listsearch_resp():
- Detects literal syntax {size} in untagged responses
- Writes the response header line containing the literal marker
- Handles any literal body data already in the pingpong buffer
- Sets up transfer layer to read remaining literal data from socket
- Configures maxdownload and transfer size to include header + body
- Initializes pp->overflow to 0 when no buffered data present
- Modifies imap_done() to transition to FETCH_FINAL for custom
commands that set up downloads
Test 841 and 3206 verify.
Fixes#18847
Reported-by: BohwaZ
Bug: https://github.com/curl/curl/issues/18847Closes#19246
Also requires non-unity build. Possibly more non-default options are
necessary to reproduce. Seen with llvm/clang.
```
lib/http.c:1856:15: error: code will never be executed [-Werror,-Wunreachable-code]
1856 | httpreq = HTTPREQ_GET;
| ^~~~~~~~~~~
1 error generated.
```
Closes#19275
In pytests test_08 with the Caddy server, the new rate-limiting in
ngtcp2 did close the connection because it found "too many" stream data
packet repeats.
It is unclear if this is some Caddy issue or if the ngtcp2 implementaton
is wrong. Or if curl can do anything here.
Reported as https://github.com/ngtcp2/ngtcp2/issues/1850
This PR overwrites the ratelimit defaults in ngtcp2 with ten times
increased values. This makes the errors disappear on macOS.
Enable test_08_04/05 in CI again to see if there are any issues
to be found there. (We had those disabled before having parallel
pytests.)
Closes#19274
Replace the check if a ssl session cache is configured with
a function checking if it is configured *and* if an ssl session
cache is available.
During normal operations, a session cache is always there, however
for "connect-only" transfers this might not be the case. When such
transfers receive new sessions/tickets, they need to silently
discard those and not fail.
Reported-by: Marc Aldorasi
Fixes https://github.com/curl/curl/issues/18983
Closes https://github.com/curl/curl/pull/19251
- Move the checks into the function that needs them, cacertpaths().
Prior to this change the caller made the determination whether to skip
calling cacertpaths for cert detection. However for posterity it is
better to have the checks in cacertpaths since other code could call it.
Closes https://github.com/curl/curl/pull/19148
Change the test certificate to carry a altname 'dns:127.0.0.1' which
should *not* match in test_17_05_bad_ip_addr.
wolfSSL: since `wolfSSL_check_domain_name()` does not differentiate
between DNS and IP names, use if only for DNS names. For IP addresses,
get the peer certificate after the handshake and check that using
wolfSSL_X509_check_ip_asc().
Unfortunately, this succeeds where it should not, as wolfSSL internally
used the same check code for both cases. So, skip the test case until
wolfSSL fixes that.
Reported-by: Joshua Rogers
Closes#19252
The code was checking if a line starts with '.', which would
incorrectly match capability names starting with dots. Per RFC 2449,
the terminator must be a line containing only a single dot.
RFC 2449 also explicitly excludes '.' from valid capability name
starting characters, so this is purely theoretical, but the code
should match the spec.
Changed to check for exact match: line length of 3 with '.\r' or
length 2 with '.\n' to handle both CRLF and LF-only servers.
(Mistake detected with ZeroPath)
Fixes#19228
Reported-by: Joshua Rogers
Closes#19245
To mimic this behavior of the previously used `gss_release_buffer()`.
Some or all of these zero assignments may be redundant.
Follow-up to e7818999db#19018Closes#19167
During TLS renegotiation, the schannel_recv_renegotiate() function is
allowed to block for a short while. Reduce the maximum allowed time to
block from 10 minutes down to 7 seconds.
Closes#19205
Fixing:
```
lib/vtls/mbedtls.c:1505:10: error: call to undeclared function 'Curl_sha256it'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
1505 | return Curl_sha256it(sha256sum, input, inputlen);
| ^
1 error generated.
```
with mbedTLS configuration:
```
tf-psa-crypto/scripts/config.py unset PSA_WANT_ALG_SHA_256
tf-psa-crypto/scripts/config.py unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
tf-psa-crypto/scripts/config.py unset MBEDTLS_LMS_C
```
Follow-up to 3a305831d1#19077Closes#19223
- cryptography from 46.0.2 to 46.0.3 in /tests
- filelock from 3.19.1 to 3.20.0 in /tests
- psutil from 7.1.0 to 7.1.1 in /tests
Closes#19217Closes#19218Closes#19219
To silence zizmor 1.16.0 warnings.
Also:
- http3-linux: replace hard-coded workflow name with variable.
Follow-up to a8174176b5#13841
- codeql: set `cancel-in-progress: true`.
zizmor apparently does not allow `false` in pedantic mode anymore:
https://github.com/zizmorcore/zizmor/pull/1227
- codeql: sync concurrency setting with the rest of the jobs.
(I'm not sure this is correct, or why it was previously special-cased.)
Expressions used (before and after this patch):
- `group: ${{ github.workflow }}-${{ github.event.sha }}-${{ github.event.target_url }}`
for GHA/appveyor-status.
- `group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}`
for all the rest.
Ref: https://github.com/curl/curl/actions/runs/18776245057/job/53571438139?pr=19209Closes#19215
`curl_des.c` contained a single, short, function
`Curl_des_set_odd_parity()`, called from `curl_ntlm_core.c` alone.
Move it there, and define it only when needed.
Follow-up to 300876a7a6
Follow-up to 8cc70db2dbCloses#19209
Make autotools and cmake detect DES support in OpenSSL and mbedTLS.
Forward feature macros to C and omit NTLM from the feature preview list.
Use the feature macros in source. This ensure that `-V` output matches
the preview.
OpenSSL doesn't support DES when built with `no-des` or `no-deprecated`.
mbedTLS 4.x no longer supports it, and it's possible to disable it in
<4 with `scripts/config.py unset MBEDTLS_DES_C`.
Before this patch this worked for
mbedTLS 4 only, and with a regression for pending PR #16973.
Also:
- drop NTLM feature check from `curl_setup.h` in favour of autotools/
cmake feature macros. This makes `curl_setup.h` no longer need
to include an mbedTLS header, which in turn makes tests/server build
without depending on mbedTLS.
Fixing, in #16973:
```
In file included from tests/server/first.h:40,
from bld/tests/server/servers.c:3:
lib/curl_setup.h:741:10: fatal error: mbedtls/version.h: No such file or directory
741 | #include <mbedtls/version.h>
| ^~~~~~~~~~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/18689537893/job/53291322012?pr=16973
Ref: #19181 (initial fix idea)
Follow-up to 3a305831d1#19077
- move back mbedTLS header include and version check from
`curl_setup.h` to each source which consumes mbedTLS.
- GHA/http3-linux: drop workaround that disabled NTLM for
`no-deprecated` OpenSSL builds.
Follow-up to 006977859d#12384
- curl_ntlm_core: drop pointless macro `CURL_NTLM_NOT_SUPPORTED`.
Follow-up to 006977859d#12384Closes#19206
```
lib/vtls/mbedtls.c:786:3: error: call to undeclared function 'mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
786 | mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets(&backend->config,
| ^
lib/vtls/mbedtls.c:787:5: error: use of undeclared identifier 'MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED'; did you mean 'MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH'?
787 | MBEDTLS_SSL_TLS1_3_SIGNAL_NEW_SESSION_TICKETS_ENABLED);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH
dep/mbedtls-3.4.0/_pkg/include/mbedtls/ssl.h:700:5: note: 'MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH' declared here
700 | MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH,
| ^
2 errors generated.
```
Regression from d63e40f8e6#18271 (8.16.0)
Closes#19208
Since using CONNECT_ONLY is by defintion only a connect, we make the
timeleft function return 0 after the connection is done so that it does
not - surprisingly - timeout later.
Fixes#18991
Reported-by: Pavel P
Closes#19204
When parsing incoming headers, they need to have a plain normal colon.
Previously out of convenience we used the same parser function for both
cases (incoming + custom set headers via the API) which made the
function too liberal for incoming HTTP traffic.
Closes#19200
Curl is one of the last callers of PKCS12_PBE_add(). It has been a noop
since OpenSSL 0.9.8k (2006) stubbed it out when moving the built-in PBE
algorithms to a static table:
b8f702a0afCloses#19201
SMTP automatically appends a \n.\n to an upload if there is not already
one at the end of the input. The implementation had a bug where this did
not happen, depending on read size and buffering.
Change test 900 to reproduce the failure. The bug only happened for mail
body input of known length, where EOS was known on the last chunk read.
Change test 900 to use an input file and make it large enough.
Fixes#18798Closes#19193
Reported-by: madoe on github
When a reused connection did transfer 0 bytes, it assumed the transfer
had failed and needed a retry. Add a check for data->red.done, so we can
successfully accept the transfer of a 0-length file via SFTP.
Add test case 1583 to verfiy.
Fix SFTP disconnect debug trace when there was nothing to
disconnect (like when reusing a connection).
Fixes#19165
Reported-by: Alexander Blach
Closes#19189
The parameter `max_pkts` was not checked in the recvmsg() implementation
of vquic_recv_packets() as the packter counter was never increased. This
led to the loop running until an EAGAIN was encountered. Which, in any
real case scenario, does no harm as long as libcurl is ingesting packets
faster than a server is able to send them.
However on a slow device and a fast network this could happen and allow
a denial of serice.
Not a real regression as the vulnerable code has never been released.
libcurl 8.16.0 does not have this bug.
Closes#19186
With GnuTLS, a GNUTLS_E_REHANDSHAKE can be a renegotiate in TLSv1.2 or a
key update in TLSv1.3. This had been made non-blocking in
a1850ad7de but the comment warning about a
blocking call was not updated.
Closes#19187
Obtaining the remote ip of the control connection to be used for the
data connection can fail. Check that and fail the transfer when that
does not work.
Triggered by an OSS-Fuzz issue.
Closes#19185
The counter used to stop accepting cookies after a certain amount has
been received in a single response would previously also count some
cookies that were not actually accepted as they were discarded after the
counter was increased.
Starting now, the counter is increased only for cookies that were
accepted.
Pointed out by ZeroPath
Closes#19157
If one of the hmac init calls fail, Curl_HMAC_init previously would
return without first freeing the allocated HMAC_context.
Fixes#19176
Reported-by: WangDaLei on github
Closes#19177
To not have to guess. Also to sync with autotools, which already uses
this wording.
Also:
- replace the stray term 'folder' with 'directory' for consistency.
- store help text in a temp variable to avoid overly long strings
(mandatory in CMake <4.2.0 and can't be trivially split), also
to avoid repeating this string 4 times.
Ref: https://cmake.org/cmake/help/v4.2/command/set.htmlCloses#19169
Replacing a combination of custom logic in the main script and relying
on CMake's built-in Find module, with code and behavior used for
the rest of dependencies.
Also to:
- add version detection in the non-pkg-config path.
- make `GNUTLS_INCLUDE_DIR` and `GNUTLS_LIBRARY` take precedence over
pkg-config. As with other dependencies.
- document the above two configuration options.
- prepare for #16973, which originally introduced this local Find
module.
The local module is doing largely the same as CMake's built-in
FindGnuTLS. Differences:
- honors `CURL_USE_PKGCONFIG`.
- returns GnuTLS version for non-pkg-config detection.
- consistently returns `GNUTLS_VERSION`.
(CMake's built-in uses s different name in <3.16.)
- CMake 3.16+ returns an imported target. curl supports 3.7,
therefore we may only use it conditionally, which isn't worth it.
Cherry-picked from #16973Closes#19163
The config file parser now has a maximum level of inclusions allowed (5)
to detect and prevent recursive inclusions of itself leading to badness.
Bonus: clean up return code handling from the config parser.
Test 774 verifies
Closes#19168
Give ERRNO explanation in a failf() when unable to open a socket.
Helps in finding out what the issue preventing your curl to work
really is. Just had a wrong ulimit after a sys update.
Closes#19158
Before this patch, this code used to call `gss_release_buffer()` on
objects with buffers allocated via curl's allocator.
`gss_release_buffer()` calls system (or Win32) free on these buffers,
which may mismatch with curl's allocator. To fix it, align these calls
with the pattern used in vauth modules, by replacing
`gss_release_buffer()` with curl free to release the buffers.
Use `Curl_safefree()` to set the freed pointer to NULL, as
`gss_release_buffer()` did.
Also: use object length var when allocating.
Reported-by: Joshua Rogers
Closes#19018
No callers of this function checked the return code, meaning failures
are not lethal == using failf was wrong, and it can just as well return
void.
Closes#19137
Unless it is identical to the previous one.
Follow-up to dbcaa00657
Adjusted test 580, added test 772 and 773
Fixes#19130
Reported-by: Jakub Stasiak
Closes#19134
It was mistakenly removed in 8dab7465a5 (shipped in 8.9.0)
Also fix test 1139 which should have detected this but didn't due to a
bad regex check.
Reported-by: Jonathan Cardoso
Fixes#19151Closes#119152
In init_config_builder_verifier() the call to
rustls_root_cert_store_builder_build() set result on failure but did not
return.
Pointed out by ZeroPath
Closes#19125
In src/tool_operate.c inside the Windows safe-search branch (#ifdef
CURL_CA_SEARCH_SAFE), the code assigns config->cacert = strdup(cacert);
at line 2076 without checking whether strdup returned NULL.
This would allow the code to continue with the wrong value set, causing
possible confusion.
Pointed out by ZeroPath
Closes#19145
For all network related protocols there must be a non-blank hostname
used. This change adds a few asserts in some places to make debug/tests
catch mistakes if any such would slip in.
Closes#19146
CI works without it now. For an inexplicable reason, this single `git`
command took 9 seconds per job, making this patch save more than
2 minutes per workflow run. It was also the only step using PowerShell.
Closes#19150
This function could previously accidentally return true and a NULL path
if only whitespace was provided as argument.
Also, make it stricter and do not allow CR or LF within the string.
Use more strparse parsing.
Drop the comment saying this is from OpenSSH as it has now been
rewritten since then.
Closes#19141
To make sure callers can properly differentiate between errors and know
cleanly when EOF happens. Updated all users and unit test 3200.
Triggered by a remark by ZeroPath
Closes#19140
- honor request id (`id=<number>`) in `curltest/put` and
`curltest/sslinfo` handlers.
- do not truncate `max_upload` input parameter.
- delete unused variables.
- formatting.
Inspired by Joshua's report on tests.
Closes#19061
The code obtained a pointer resp via Curl_bufq_peek(), but called
Curl_bufq_skip() before it would access them in the failf() call.
The Curl_bufq_skip() call can trigger prune_head which may free or
recycle the chunk that resp points into.
Pointed out by ZeroPath
Closes#19139
Use LDAP_OPT_SUCCESS for ldap_get_option, as done in the other calls.
ber_sockbuf_ctrl returns 1 on success so reverse the logic.
Follow-up to f91be14bfbCloses#19138
Adopt ngtcp2_conn_get_stream_user_data which has been available since
ngtcp2 v1.17.0. This improves the time complexity of searching
h3_stream_ctx from O(n) to O(1) where n is the number of stream.
Closes#19132
- Do not leak memory on failed setting algorithm cipher list.
Discovered by ZeroPath.
- Do not free backend->cred after failed AcquireCredentialsHandle.
backend->cred is always freed later, during cleanup.
Closes https://github.com/curl/curl/pull/19118
- do not pre-fill `HAVE_LINUX_TCP_H` on Linux.
`linux/tcp.h` is a Linux kernel userspace header. It's likely
installed when using glibc and likely missing by default when using
something else, e.g. MUSL (e.g. on Alpine).
Therefore always detect it for Linux targets, and only pre-fill it for
non-Linux ones.
- do not pre-fill `HAVE_GLIBC_STRERROR_R` on Linux.
To fix it for non-glibc envs, e.g. MUSL (e.g. on Alpine).
Note, the pre-fill option is a disabled by default, internal option and
strongly not recommended outside of curl development.
Closes#19116
In providercheck(), when failing to open the "store", the exit path
would not previously free the created UI_METHOD and instead leak this
resource.
Pointed out by ZeroPath
Closes#19114
The -F option allows users to provide a file with a set of headers for a
specific formpost section. This code used old handcrafted parsing logic
that potentially could do wrong.
Rewrite to use my_get_line() and dynbuf. Supports longer lines and
should be more solid parsing code.
Gets somewhat complicated by the (unwise) feature that allows "folding"
of header lines in the file: if a line starts with a space it should be
appended to the previous.
The previous code trimmed spurious CR characters wherever they would
occur in a line but this version does not. It does not seem like
something we want or that users would expect.
Test 646 uses this feature.
Closes#19113
- tool_formparse: replace truncated `fseek` with `curlx_fseek`.
- tool_operate: replace truncated `fseek` with `curlx_fseek`.
- tool_paramhlp: replace local duplicate `myfseek`, with `curlx_fseek`.
Follow-up to 4fb12f2891#19100Closes#19107
Before this patch system `malloc()`/`free()` were used to allocate
the buffer returned in the `output_token` object from the debug stub
of `gss_init_sec_context()` when enabled via `CURL_STUB_GSS_CREDS` in
debug-enabled libcurl builds. This object is later released via stock
`gss_release_buffer()`, which, in the Windows builds of MIT Kerberos,
doesn't use the system `free()`, but the Win32 `HeapFree()`.
Fix it by using the GSS alloc/free macros: `gssalloc_malloc()` and
`gssalloc_free()` from `gssapi_alloc.h`.
To make this work without MIT Kerberos feature detection, use a canary
macro to detect a version which installs `gssapi_alloc.h` for Windows.
For <1.15 (2016-11-30) releases, that do not install it, disable the GSS
debug stub in libcurl.
Strictly speaking, non-Windows builds would also need to use GSS
allocators, but, detecting support for `gssapi_alloc.h` is impossible
without build-level logic. Built-level logic is complex and overkill,
and MIT Kerberos, as of 1.22.1, uses standard malloc/free on
non-Windows platforms anyway. (except in GSS debug builds.)
Follow-up to 73840836a5#17752Closes#19064
For files with sizes using an exact multiple of 256 bytes, the final
successful read(s) filled the buffer(s) and the subsequent fread
returned 0 for EOF, which caused read_file_into to fail.
Now, it needs to return 0 and not be EOF to be an error.
Follow-up to dd95a49d49
Pointed out by ZeroPath
Closes#19104
A bit more minimal build than the one used for trurl. To stress test
a build with most features disabled.
Costs 40 seconds, of which 6 is the build, rest is installing tools.
Ref: 5b385001d5
Ref: 3ee10692c7
Follow-up to 5af2457848#17818Closes#17961
Avoid the possible 64-bit offset truncation when used on systems with
small 'long', like Windows.
bonus: make mime_open_file() return bool
Pointed out by ZeroPath
Closes#19100
The choice to continue processing incoming data although the
writeout of the headers/data failed is not obvious. Add a comment
explaining why this is done.
Closes#19093
In MOST protocols and runs, the 'pretransfer' time is less than the
'starttransfer'. E.g. request being sent before response comes in.
However, when curl is starved of cpu a server response might start
streaming in before the multi-state transitioned to DID (and recorded
the 'pretransfer' time).
Do no longer check that 'pretransfer' is less or equal 'starttransfer'.
Check that is is less or equal to the total time instead.
Closes#19096
It's complex and did not help stabilizing CI runs.
Hard to say, but I'm suspicious it's related to the CI errors
-1073741502, 0xC0000142, seen in the 'build examples' and
'disk space used' steps.
Ref: #18526
Reverts 52775a7fb4#18296Closes#19083
The transfer loop used to check the socket and if no poll events
were seen, triggered a "DATA_IDLE" event into the filters to let
them schedule times/do things anyway.
Since we no longer check the socket, the filters have been called
already and the DATA_IDLE event is unnecessary work. Remove it.
Closes#19060
RFC 3617 defines two specific modes, "netascii" and "octet". This code
now checks only for those trailing ones - and not in the hostname since
they can't be there anymore.
Assisted-by: Jay Satiro
Closes#19070
Since it needs to be a trailing piece of the path avoiding strstr() is
faster and more reliable.
Also stopped checking the host name since it cannot actually be there
since quite a long while back. The URL parser doesn't allow such a
hostname.
Moved the check into its own subfunction too.
Closes#19069
- Treat HTTP response codes 522 and 524 as a transient error since
Cloudflare may use them instead of 504 to signal timeout.
For example here is a 522 error message from Cloudflare:
"The initial connection between Cloudflare's network and the origin web
server timed out. As a result, the web page can not be displayed."
Prior to this change the curl tool did not retry on HTTP response codes
522 and 524 when --retry was used.
Fixes https://github.com/curl/curl/discussions/16143
Closes https://github.com/curl/curl/pull/19011
When calling scorecard with --flame to produce a flamegraph, use
"perf" on linux platforms to do the measurements. Update the scorecard
documentation about it.
Closes#19058
- add `curl_global_init()` and `curl_global_cleanup()` where missing.
- check the result of `curl_global_init()` where missing.
- return the last curl error from `main()`.
- drop Win32-specific socket initialization in favor of `curl_global_init()`.
- rename some outliers to `res` for curl result code.
- fix cleanup in some error cases.
Inspired by Joshua's report on examples.
Closes#19053
To make it simpler to move them around, create and delete them without
syncing with `REUSE.toml`.
Also:
- checksrc: allow empty lines in `.checksrc`.
- comment on why curl printfs are disallowed in examples.
Closes#19024
In pop3_perform(), pop3->transfer was derived from the old
data->req.no_body. Then, pop3_perform_command() re-computed
data->req.no_body.
Now we instead call pop3_perform_command() first.
Reported-by: Joshua Rogers
Closes#19039
This allows users to put one of them in their .curlrc and still easily
use the other one at will in command lines.
The --no-* versions disable both of them.
Reported-by: Mitchell Blank Jr
Fixes#19029Closes#19034
The function service_connection() now passes in a reference to the
socket instead of by value since the sub function http_connect() might
close it and set *infdp = CURL_SOCKET_BAD. This would previously not be
detected when service_connection() returned and potentially cause a
double close of the socket.
Reported-by: Joshua Rogers
Closes#19031
If there is lingering letters left on the right side after the paths
have been parsed, they are syntactically incorrect so returning error is
the safe thing to do.
Reported-by: Harry Sintonen
Closes#19030
Protocol handlers not flagging PROTOPT_SSL that allow reuse of existing
SSL connections now need to carry the flag PROTOPT_SSL_REUSE.
Add PROTOPT_SSL_REUSE to imap, ldap, pop3, smtp and ftp.
Add tests the http: urls do not reuse https: connections and vice versa.
Reported-by: Sakthi SK
Fixes#19006Closes#19007
Although the protocol should only run on index 0, there was a mix of
looked up sockindex and using constant 0 in tls send/recv.
Reported-by: Joshua Rogers
Closes#19004
Both the c-ares documentation and the c-ares source code contradict the
previous comment (and mentions/contains no such restriction).
Ref: #19001Closes#19014
As this is in the tool shutdown the impact of it was nothing.
Also, move two global variables to local.
Follow-up to 9a2663322c
Reported-by: Joshua Rogers
Closes#18996
- include `windows.h` after `winsock2.h` via `curl/curl.h`.
- avoid `errno` for WinCE.
- avoid `_vscprintf` for WinCE.
Ref: 4535532ed3#18843
Follow-up to 0780de2625#18668Closes#19016
Use `CMAKE_SIZEOF_VOID_P` to fill the size of three types that differ
on 32 and 64-bit Windows: `curl_socket_t`, `size_t`, and on mingw-w64:
`ssize_t`.
`time_t` remains the only type needing detection at configuration time,
with MSVC or mingw-w64.
Ref: https://cmake.org/cmake/help/v4.1/variable/CMAKE_SIZEOF_VOID_P.htmlCloses#19013
Repeated calls to `Curl_async_is_resolved()` after a failure
returned OK and not the error that was the result of the resolve
fail.
Reported-by: Joshua Rogers
Closes#18999
When thread creation fails, the code uses `errno` to remember the cause.
But pthread_create() never sets errno and gives the error as return value.
Fix that by setting the return value into errno on failure.
Windows: I think the ifdef was the wrong way around. Also set a generic
Windows Error code on CE systems.
Reported-by: Joshua Rogers
Closes#18998
When reusing a connection, the `host` and `conn_to_host` hostname
structs are moved from the template connection onto the existing one.
There was a NULLing of a tempplate member missing in `conn_to_host`
which could then lead to a double free.
Make this struct move into a static function, doing the correct
thing for both `struct hostname` in a connection.
Reported-by: Joshua Rogers
Closes#18995
Fix edge cases around handling of pending send frames and encoding
frames with size_t/curl_off_t possible flowy things.
Reported-by: Joshua Rogers
Closes#18965
Check the result when converting the peer certificate chain
into gnutls internal x590 data structure for errors.
Reported-by: Joshua Rogers
Closes#18964
During the SOCKS connect phase, the `iobuf` is used to receive repsonses
from the server. If the server sends more bytes than expected, the code
discarded them silently.
Fix this by advancing the iobuf only with the length consumed.
Reported-by: Joshua Rogers
Closes#18938
GNU GSS offers `gss.h`; do not check for `gssapi.h`. `gssapi.h`
was originally published by Heimdal, and later MIT Kerberos also added it
for Heimdal compatibility.
Closes#18993
Previous minimum was: 1.2.4 (2002-02-28)
- assume `gssapi/gssapi.h` header for MIT Kerberos.
Drop logic detecting this header, and drop alternate logic including
a bare "gssapi.h". Bare `gssapi.h` is Heimdal-specific. MIT Kerberos
added support for it for Heimdal compatibility on 2006-11-09,
redirecting to `gssapi/gssapi.h`. MIT Kerberos supported the latter
header in the 1990s already.
Ref: 40e1a016f9 (2008-03-06)
Ref: d119352001 (2006-11-09)
- configure.ac: stop using `HAVE_GSSAPI_GSSAPI_H`.
Added in 2010 to support "ancient distros such as RHEL-3" where
`gssapi/gssapi_krb5.h` did not include `gssapi/gssapi.h`.
MIT Kerberos includes it since commit:
d9e959edfa (2003-03-06)
Released in 1.3 (2003-07-08).
Bump minimum required version to avoid this issue.
Reverts cca192e58f (2010-04-16)
Ref: https://web.mit.edu/kerberos/dist/historic.html
Ref: https://sources.debian.org/src/krb5/Closes#18992
The cmake build is running runtests with valgrind. The autotools one is
running scan-build.
Also:
- ignore two memleaks with GNU GSS detected by valgrind.
- add comment on support status of `GSS_C_DELEG_POLICY_FLAG`.
Closes#19008
It's a legacy MIT Kerberos header that's no longer used by curl since:
355bf01c82 (2015-01-09)
There were still mentions of it after this patch, when using versions
<1.2.3, but those versions aren't supported since:
9918541795 (2008-06-12)
This header remains in use by autotools and cmake to detect MIT Kerberos
(vs. Heimdal, which doesn't have it.)
Ref: https://github.com/curl/curl/pull/18978#issuecomment-3387414995Closes#18990
The libssh API uses a 32 bit type for datestamp, so instead of just
force-typecast it, make sure it gets capped at UINT_MAX if the value is
larger.
Reported-by: Joshua Rogers
Closes#18989
curl requires 1.2.4 or newer.
Also:
- vms: stop defining `gss_nt_service_name`. Added in
f9cf3de70b, symbol not used in curl code
since 355bf01c82.
Closes#18978
The file size is weirdly returned in a 150 or 126 response as "XXX
bytes" mentioned somewhere in the response string. This is a rewrite of
the size scanner to replace the strange strstr() + backwards search from
before with a plain forward search until '[number] + " bytes"' is a
match.
Triggered by a report by Joshua Rogers about the previous parser.
Closes#18984
In one c-ares call the passed in pointer was used and not the new
duplicated one. This is probably fine but might as well use the new
pointer as all the other calls do, which will survive longer.
Reported-by: Joshua Rogers
Closes#18980
Previously, if for example the nonce would end with "realm=" etc it
would get the wrong piece, due to the naive parser.
Reported-by: Joshua Rogers
Closes#18975
- Add an example that demonstrates per-transfer verbose logging to
memory.
The transfer's log is written to disk only if the transfer fails.
Closes https://github.com/curl/curl/pull/18668
- Keep data from a failed download instead of discarding it on retry in
some limited cases when we know it's ok (currently only HTTP 200/206).
Prior to this change on failed transfer the tool truncated any outfile
data written before retrying the transfer. This change adds an exception
for HTTP downloads when the user requested auto-resume, because in that
case we can keep the outfile data and resume from the new position.
Reported-by: tkzv@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/18035
Closes https://github.com/curl/curl/pull/18665
Opening the remote file with O_APPEND while attempting to resume causes
all writes to be forced to EOF on servers/implementations where O_APPEND
semantics override a prior seek(). As a result, sftp_seek64() is ignored
and the resumed data is appended, duplicating/corrupting the file.
Fix by:
- Using O_WRONLY (without O_APPEND) when resume_from > 0.
- Skipping the seek entirely if remote_append mode is requested.
Closes#18952
Opening the remote file with O_APPEND while attempting to resume causes
all writes to be forced to EOF on servers/implementations where O_APPEND
semantics override a prior seek(). As a result, sftp_seek64() is ignored
and the resumed data is appended, duplicating/corrupting the file.
Fix by:
- Using O_WRONLY (without O_APPEND) when resume_from > 0.
- Skipping the seek entirely if remote_append mode is requested.
Closes#18952
quiche receive may report a TLS failure after a verified handshake. That
needs to lead to a transfer receive error.
Reported-by: Joshua Rogers
Closes#18934
The kerberos5 library Heimdal is one of three GSS libraries curl support.
It has a memory leak triggered by the new test in #18917 and the project
seems mostly abandoned.
Drop support and steer users to the MIT krb5 or GNU GSS libraries.
Co-authored-by: Daniel Stenberg
Ref: #18928Closes#18928Closes#18932
Return error if there is something after the number other than
whitespace and newline.
Allow comma separated numbers and repeated headers as long as the new value is
the same as was set before.
Add test 767 to 771 to verify.
Reported-by: Ignat Loskutov
Fixes#18921Closes#18925
On ancient Apple OS versions where SecTrustEvaluateWithError() is not
available, the deprected SecTrustEvaluate() is used. In that code
branch, the code checked the wong variable for the verified result.
Closes#18929
Code was calling wolfSSL_get_error() on code that it had
already retrieved with the same function. Remove that.
Reported-by: Joshua Rogers
Closes#18940
The documented `<prefix>_<moduleName>_VERSION` variables are empty in
all tested versions since 3.7.2 to 4.1.2. Stop using it as a fallback
for <3.16 versions, and replace with the undocumented, but working,
`FindPkgConfig` internal variable `_pkg_check_modules_pkg_name`. It
contains the module name which was found.
In practice it caused that with CMake <3.16 + `pkg-config`, curl always
detected the Heimdal flavor of GSS.
Also: Delete a fallback version detection method, which was already
marked with a question mark in comments, and used the same, always
empty, CMake variables.
Ref: https://cmake.org/cmake/help/v4.1/module/FindPkgConfig.html
Bug: https://github.com/curl/curl/pull/18932#issuecomment-3381807070Closes#18950
As done in other jobs, but here tailored to old cmake.
The logs generated by ancient CMake aren't super useful though.
Cherry-picked from #18932Closes#18948
- cryptography from 44.0.1 to 46.0.2 in tests/http
- ruff from 0.13.2 to 0.14.0 in .github/scripts
- reuse from 6.0.0 to 6.1.2 in .github/scripts
- github/codeql-action from 3.30.5 to 4.30.7
Closes#18941Closes#18942Closes#18943Closes#18945Closes#18947
It correctly picked all pips, but also picked
`tests/http/requirements.txt` twice and also
`.github/scripts/codespell-ignore.txt`. Try avoid these issues with this
patch.
Follow-up to 6a31e3137a#18939Closes#18946
The code was overriding system memory allocation functions to a local
jump table (declared in `curl_setup.h`). And setup that jump table
to call the original system allocation functions.
Also tested fine with cegcc/WinCE. The `_strdup` fallback was possibly
required for an MSVC WinCE toolchain.
Closes#18922
Build these examples when the necessary dependencies are present:
- cacertinmem, usercertinmem (OpenSSL/fork)
- multi-uv (libuv)
- multithread, threaded-ssl (pthread)
- sessioninfo (GnuTLS)
Indicate the necessary dependency via a `Required:` comment placed in
the source file. A single dependency per source is supported as of now.
The name of the dependency should match the variable used within
the cmake scripts, which in turn matches the macro used in the config
header. E.g. for GnuTLS it's `USE_GNUTLS`.
Also:
- GHA/macos: build examples in two job to test GnuTLS and pthread ones.
- GHA/linux: enable libuv to test it with examples.
Follow-up to 6bb7714032#18914Closes#18909
The stream blocking might not be the one of the current easy handle.
Look up the stream to be marked as blocking via its stream_id in the
internal hash. Theoretically, this does not have to be one of the h3
streams, so not finding it is not an error.
Fixes#18905
Reported-by: Joshua Rogers
Closes#18906
Similar to our ngtcp2 backend, set our idle timeout for the connection
to 0, meaning we have no such timeout from our side. The effective idle
timeout is then the one announced by the peer.
Closes#18907
Since CURLM_ is already used as prefix for multi error codes, it makes
it easier to detect and understand the difference between identifiers -
and allows for scripts on the website and elsewhere to separate them
properly.
Follow-up to 53be8166b2Closes#18912
To allow building conditional examples, and to simplify by avoiding
cmake-version dependent code.
Follow-up to fe5225b5ea#18209
Cherry-picked from #18909Closes#18911
This API started accepting a const somewhere between OpenSSL 1.0.2b and
1.0.2t. It means this example, like the other similar one now works best
with those versions or newer:
```
docs/examples/usercertinmem.c💯33: error: cast from 'const char *' to 'char *' drops const qualifier [-Werror,-Wcast-qual]
100 | bio = BIO_new_mem_buf((char *)mypem, -1);
| ^
docs/examples/usercertinmem.c:121:34: error: cast from 'const char *' to 'char *' drops const qualifier [-Werror,-Wcast-qual]
121 | kbio = BIO_new_mem_buf((char *)mykey, -1);
| ^
```
Closes#18908
Add infrastructure to colled and dispatch notifications for transfers
and the multi handle in general. Applications can register a callback
and en-/disable notification type the are interested in.
Without a callback installed, notifications are not collected. Same when
a notification type has not been enabled.
Memory allocation failures on adding notifications lead to a general
multi failure state and result in CURLM_OUT_OF_MEMORY returned from
curl_multi_perform() and curl_multi_socket*() invocations.
Closes#18432
In both send/recv functions of the ngtcp2 filter, when TLS verification
has failed, jump out by skipping ingress/egress handling.
Reported-by: Joshua Rogers
Closes#18881
This test does active FTP with a socketopt callback that returns error
for the CURLSOCKTYPE_ACCEPT "purpose" to make sure we test and exercise
this error path - without leaks.
Closes#18879
After this patch, the codebase no longer overrides system printf
functions. Instead it explicitly calls either the curl printf functions
`curl_m*printf()` or the system ones using their original names.
Also:
- drop unused `curl_printf.h` includes.
- checksrc: ban system printf functions, allow where necessary.
Follow-up to db98daab05#18844
Follow-up to 4deea9396b#18814Closes#18866
- fix `CURLcode` vs. LDAP result code confusion.
Return `LDAP_NO_MEMORY` when `Curl_create_sspi_identity()` fails,
since it can only return `CURLE_OUT_OF_MEMORY` as error.
- use `ULONG` for result code on Windows. Drop casts.
- use portable `curl_ldap_num_t`. Drop casts.
- replace magic number 0 with `LDAP_SUCCESS`.
- compare with `LDAP_SUCCESS` instead of assuming non-zero.
(where necessary.)
- add/fix `#endif` comments.
- fix indentation.
Closes#18888
In a case where rubbish would be sent in the line something that isn't a
digit could be first in line and treated as less than '3'. Prevent this
risk by first doing a check that the byte is a digit.
Reported-by: Joshua Rogers
Closes#18870
This adds an extra check that the buffer really has data enough (at
least 4 bytes) to check for a status code before doing so. It *should*
not be necessary, but this was pointed out by an analyzer and it feels
better to make sure.
Reported-by: Joshua Rogers
Closes#18869
- creating a socket filter with NULL addrinfo fails with
CURLE_BAD_FUNCTION_ARGUMENT
- remove getsockname use before accept call, serves no purpose
and did not lead to proper error before
Reported-by: Joshua Rogers
Closes#18882
For `GetLastError()` and `SECURITY_STATUS`:
0x-prefixed, 8-digit, lowercase, hex: 0x1234abcd
Also: say `GetLastError()` instead of `errno` in one message.
Closes#18877
When the close of the quiche filter was never called, the destroy function
did not release all allicated resources.
When closing a quiche filter, set the connected flag to FALSE.
Reported-by: Joshua Rogers
Closes#18880
- curlx_get_winapi_error: accept DWORD (was: int), move casts one level
up the callstack.
- sspi: bump some types to `SECURITY_STATUS` (int -> LONG).
- digest_sspi: drop unnecessary cast.
Closes#18868
Also:
- tests/server: replace local `sstrerror()` with `curlx_strerror()`.
- tests/server: show the error code next to the string, where missing.
- curlx: use `curl_msnprintf()` when building for src and tests.
(units was already using it.)
- lib: drop unused includes found along the way.
- curlx_strerror(): avoid compiler warning (and another similar one):
```
In file included from servers.c:14:
../../lib/../../lib/curlx/strerr.c: In function ‘curlx_strerror’:
../../lib/../../lib/curlx/strerr.c:328:32: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation=]
328 | SNPRINTF(buf, buflen, "%s", msg);
| ^
../../lib/../../lib/curlx/strerr.c:47:18: note: ‘snprintf’ output 1 or more bytes (assuming 2) into a destination of size 1
47 | #define SNPRINTF snprintf
| ^
../../lib/../../lib/curlx/strerr.c:328:7: note: in expansion of macro ‘SNPRINTF’
328 | SNPRINTF(buf, buflen, "%s", msg);
| ^~~~~~~~
```
Follow-up to 45438c8d6f#18823Closes#18840
It cannot actually return an error, so the parent function does not need
to check for error and have an exit path that cannot be reached.
Pointed out by CodeSonar
Closes#18855
i is taken from pointer[length-2] (often the IAC byte) before we do
length -= 2, so using pointer[i] indexes an arbitrary/stale byte
unrelated to the option code. pointer[0] is the suboption’s option code
per the telnet SB format, so printing pointer[0] yields correct, stable
diagnostics.
Closes#18851
Replace `char *dest[1]` with a proper `char dest[1]` array in
cpool_bundle. This removes undefined behavior from memcpy (writing past
the declared object) while keeping the same key semantics: dest_len is
strlen+1 (includes NUL), and hash add/delete calls remain unchanged.
Closes#18850
By quoting the search expression to be replaced. This avoid the issue
when the code leading up to a banned function contained regex characters
that the script did not explicitly handle, e.g. `+`.
Assisted-by: Daniel Stenberg
Ref: https://perldoc.perl.org/functions/quotemeta
Follow-up to dd37d6970c#18775Closes#18845
- http3-linux: move local nghttpx (nghttp2) build to openssl (from
quictls). Also tried LibreSSL, but it made some HTTP/2 tests fails.
- http3-linux: drop quictls ngtcp2 build.
- http3-linux: build local openssl with `no-deprecated`.
(previously tested in the quictls local build.)
- http3-linux: explicitly disable LDAP in cmake openssl jobs.
cmake builds auto-detect OpenLDAP (autotools don't), and when enabled,
linking curl fails because system `libsasl.so` requires MD5 openssl
functions, which are missing from openssl no-deprecated builds.
- macos: move options tested in quictls jobs to other ones.
- linux: drop unused quictls local build. (it was used for msh3.)
Follow-up to 91138b014d#17729
- renovate: drop quictls bump detection.
Closes#18833
Both may apply to rare non-WinCE Windows builds too.
- fix gcc 4.4.0 preprocessor error:
```
docs/examples/http2-upload.c:43:8: error: "_MSC_VER" is not defined
```
Ref: https://github.com/curl/curl/actions/runs/18238150607/job/51935502616
- fix wrong header order:
Inlcude `windows.h` after `winsock2.h` via `curl/curl.h`.
Regressions from 45438c8d6f#18823Closes#18843
```
lib/vtls/openssl.c: In function 'asn1_object_dump':
lib/vtls/openssl.c:299:42: error: passing argument 3 of 'i2t_ASN1_OBJECT' discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
299 | int i = i2t_ASN1_OBJECT(buf, (int)len, a);
| ^
In file included from /home/runner/djgpp/include/openssl/objects.h:965,
from /home/runner/djgpp/include/openssl/evp.h:94,
from /home/runner/djgpp/include/openssl/x509.h:73,
from /home/runner/djgpp/include/openssl/ssl.h:156,
from lib/curl_ntlm_core.c:71,
from bld/lib/CMakeFiles/libcurl_static.dir/Unity/unity_0_c.c:88:
/home/runner/djgpp/include/openssl/asn1.h:921:58: note: expected 'ASN1_OBJECT *' {aka 'struct asn1_object_st *'} but argument is of type 'const ASN1_OBJECT *' {aka 'const struct asn1_object_st *'}
921 | int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a);
| ~~~~~~~~~~~~~^
```
Ref: https://github.com/curl/curl/actions/runs/18236773678/job/51931937131?pr=18039
Follow-up to bb46d42407#18647Closes#18841
To make the source code match the functions called at runtime.
And to avoid the preprocessor trick that may introduces build issues.
Before this patch, libtests, tunits and units were calling a mixture
of curl and system printf calls, then transformed them all to curl
printf calls by including `curl_printf.h`.
Changes made:
- tests: stop including `curl_printf.h`.
- libtest: switch a couple of outlier system printf calls to curl
printf.
- unit: use more curl printf to avoid casts and show whole values.
- unit: switch remaining calls to curl printf explicitly.
- tunit: switch to call curl printf explicitly.
- libtest, tunit, unit: ban system printf.
- unit1307, unit1607, unit1609, unit1652, unit1655, unit3214: bump
types/masks to avoid casts.
After this patch:
- libtests, tunits, units: use exclusively curl printf.
(as before, but explicitly, without relying on redefinitions.)
- servers: is unchanged (it can only use system printf).
Closes#18814
By making them defaults, then fixing and/or reshuffling remaining
exceptions as necessary.
- checksrc: ban by default: `snprintf`, `vsnprintf`, `sscanf`, `strtol`.
- examples: replace `strtol` with `atoi` to avoid a checksrc exception.
- tests/libtest: replace `strtol` with `atol`.
- tests/server: replace most `strtol` with `atol`.
- tests/server: replace most `strtoul` with `atol`/`atoi`.
- tests/server: drop no longer used `util_ultous`.
- fix typo in checksrc rules: `vsnprint` -> `vsnprintf`.
- update local exceptions.
Also:
- examples: ban curl printf functions. They're discouraged in user code.
- examples: replace curl printf with system printf.
Add `snprintf` workaround for <VS2015.
- examples/synctime: fix `-Wfloat-equal`.
- examples/synctime: exclude for non-Windows and non-UWP Windows.
- examples/synctime: build by default.
Closes#18823
The `ld` linker is sensitive to this, and did not find libcurl symbol
with the order before this patch. Seen with mingw-w64 gcc.
Follow-up to f6ddc1fc1e#18554Closes#18835
The new custom_* flags in the SSL config need to be inherited when
setting up the doh easy handle, so that defaults apply the same way as
for the original easy handle.
Closes#18831
Previously the progress meter used a maximum of five digits+letter in
the progress meter output: up to 99999 bytes and then 9999k, 9999M etc.
The output then used two spaces after the size between the next field in
the display.
This new approach uses one letter more with only one space in between
the fields. It makes it possible to show up to 999999 bytes and then
99999k, 99999M etc. The function uses a single decimal when outputting a
value less than 1000 in any unit. Like 999.9M.
Closes#18828
For a complete, online, check.
After this patch the check takes 30s, up from a fraction of a second.
Also bump CodeQL actions to their latest version.
Closes#18827
- better tracing of what system call is used and how often
- ngtcp2: combine vquic_send into larger chunks
- ngtcp2: define own PMTU values and enable MTU probing
- ngtcp2: trace interesting remote transport parameters
Closes#18812
- configure/cmake support for enabling the option
- supported in OpenSSL and GnuTLS backends
- when configured, Apple SecTrust is the default trust store
for peer verification. When one of the CURLOPT_* for adding
certificates is used, that default does not apply.
- add documentation of build options and SSL use
Closes#18703
Released on 2016-Dec-19, it's the first "revamped" stable version, and
the earliest available as a source tarball at the official repository:
https://github.com/heimdal/heimdal/releases/tag/heimdal-7.1.0
It's also the first version hosted by Homebrew. It builds fine locally
with curl, and also builds in CI with old linux: 7.1.0+dfsg-13+deb9u4.
Closes#18809
To test it in GHA and catch issues at PR time. Before this patch,
Circle CI caught them after pushing to master (or non-fork PR
branches.) GHA also run runtests, pytests and static analysis on
these builds, after this patch.
- GHA/linux: enable no-verbose in an existing job.
- GHA/linux: enable no-verbose in the H3 scan-build job too.
- GHA/macos: enable no-verbose in one build (= 3 jobs with different
compilers).
- GHA/codeql: enable no-verbose in the MultiSSL Linux build.
- circleci: delete openssl no-verbose job in favor of the above.
Closes#18797
- it's just too random who got mentioned
- we can't mention all, so better consistently mention none
- make sure they all are mentioned in THANKS
- also remove some unnecessary comment ramblings
Closes#18803
Since the tool code itself adds the ids (controlled with "ids"), getting
them (also) added by the library adds nothing good. Always disable the
lib-ids even when "--trace-config all" is selected.
Also: change "== Info:" into just "* " to reduce output redundancy.
Ref: #18755
Reported-by: Alice Lee Poetics
Closes#18805
Detect via curlinfo if curl has verbose strings disabled, and skip
tests that require it.
Also:
- cmake: make pytests depend on curlinfo.
Cherry-picked from #18797Closes#18801
They use Linuxbrew instead of locally built components.
Linuxbrew limitations compared to the locally built components in
GHA/http3-linux:
- libngtcp2 currently supports OpenSSL only.
- wolfssl can't coexist with openssl.
- somewhat tricky configuration with autotools.
Upside is easy of use, always the latest versions (may be downside),
and availability of almost all packages.
Closes#18693
HTTP/3 defines "reserved stream types" that are intended to be ignored
by a receiver. This is part of the "greasing" effort that flexes parts
of the protocol that are needed for future extensions.
curl's OpenSSL-QUIC implementation treated all unexpected streams as
an error. Which seems the right thing to do *but* for these reserved types.
However OpenSSL does not expose this type and thus, curl needs to silently
discard all unexpected streams opened by the server to allow interop
with servers that flex the GREASE parts.
Fixes#18780
Reported-by: Pocs Norbert
Closes#18791
By checking the size of the actual buffer and using that as memcpy
target instead of another union member, this helps readers and static
code analyzers to determine that this is not a buffer overflow.
Ref: #18677Closes#18787
Also:
- point the source tarball to a working URL.
The GitHub release page misses the official source tarball for 4.1.1.
- GHA/linux: switch LibreSSL build to cmake (syncing with http3-linux.)
- GHA/macos: drop no longer needed LibreSSL build workaround.
Closes#18792
- exclude visual studio project templates
- exclude test cases
- allow 'proxys' which is used for "secure proxy" in test code
- allow Tru64 and secur32
Closes#18789
When attempts on all addresses have been started, do no longer set any
EXPIRE_HAPPY_EYEBALLS timeouts.
Fixes#18767
Reported-by: Johannes Schindelin
Closes#18768
Replace them by `curlx_open()` and `curlx_stat()`.
To make it obvious in the source code what is being executed.
Also:
- tests/server: stop overriding `open()` for test servers.
This is critical for the call made from the signal handler.
For other calls, it's an option to use `curlx_open()`, but
doesn't look important enough to do it, following the path
taken with `fopen()`.
Follow-up to 10bac43b87#18774
Follow-up to 20142f5d06#18634
Follow-up to bf7375ecc5#18503Closes#18776
If the source line had square brackets before the match, the stripping
of the banned function left the original line intact, and repeated the
check on it forever. E.g. with banned function `open` in `lib518.c`:
```c
t518_testfd[0] = open(DEV_NULL, O_RDONLY);
```
Closes#18775
By introducing wrappers for them in the curlx namespace:
`curlx_fopen()`, `curlx_fdopen()`, `curlx_fclose()`.
The undefine/redefine/`(function)()` methods broke on systems
implementing these functions as macros. E.g. AIX 32-bit's `fopen()`.
Also:
- rename `lib/fopen.*` to `lib/curl_fopen.*` (for `Curl_fopen()`)
to make room for the newly added `curlx/fopen.h`.
- curlx: move file-related functions from `multibyte.c` to `fopen.c`.
- tests/server: stop using the curl-specific `fopen()` implementation
on Windows. Unicode isn't used by runtests, and it isn't critical to
run tests on longs path. It can be re-enabled if this becomes
necessary, or if the wrapper receives a feature that's critical for
test servers.
Reported-by: Andrew Kirillov
Bug: https://github.com/curl/curl/issues/18510#issuecomment-3274393640
Follow-up to bf7375ecc5#18503
Follow-up to 9863599d69#18502
Follow-up to 3bb5e58c10#17827Closes#18634
Turns out the signal handler on Windows still wasn't signal safe after
the previous round of fix. There is an `open()` call made from there,
and `open` happens to be unconditionally overridden via `curl_setup.h`
on Windows, to its local implementation (`curlx_win32_open()`), which
does memory allocations and potentially other things that are not signal
safe.
This is a temporary fix, till avoiding the override of system symbols
`open` and `stat` on Windows.
FTR this did not fix the CI 2304 errors, diskspace fail or job hangs due
to 0xC0000142 fork failure (it's rare all three occurs in the same run):
https://github.com/curl/curl/actions/runs/18110523584?pr=18774
Ref: #18634
Follow-up e95f509c66#16852Closes#18774
To avoid typos and non-existing options passed to `./configure` in CI
builds.
Also delete obsolete option `--enable-test-bundles` from Circle CI jobs.
Closes#18759
- GHA/checkdocs: rename `spellcheck` job to `pyspelling` to say
the exact tool used.
- GHA/checkdocs: restore a comment.
- GHA/linux: add `-B .` to a cmake configure to avoid warning, and
future breakage.
- autotools: use correct casing for `Schannel`.
- doh: update RFC URL.
- drop redundant parenthesis.
- fix indentation, whitespace.
Closes#18756
Add script to run all Perl sources through `perl -c` to ensure no
issues, and run this script via GHA/checksrc in CI.
Fallouts:
- fix two repeated declarations.
- move `shell_quote()` from `testutil.pm` to `pathhelp.pm`, to
avoid circular dependency in `globalconfig.pm`.
Closes#18745
When there is more than one user-supplied 'Connection: ' header, add
values that curl needs internally to the first one and emit all
subsequent ones thereafter.
Fixes#18662
Reported-by: Evgeny Grin (Karlson2k)
Closes#18686
Since it would indicate errors to the degree that continuing would just
risk hiding the earlier errors or make things weird.
Inspired by a report in Joshua's sarif data
Closes#18646
To avoid depending on Docker Hub, an Docker image and a GitHub Action.
Also to simplify running this check on a local machine.
Pending question if Dependabot and Mend/Renovate will automatically pick
up `requirements-docs.txt`.
Also:
- enable parallel spellchecking. (also to win back the time lost with
installing components directly from Debian and pip.)
- pin `pyspelling`.
- link to official `pyspelling` docs.
Closes#18736
In an attempt to make `brew install` commands initialize faster.
Often this command started with 20-50 seconds of delay before this
patch. This is an attempt to make it launch faster.
Cherry-picked from #18736
When OpenSSL reports SSL_ERROR_WANT_READ, set the io_need explicitly.
It should have already been set by the BIO, but be safe.
Reported in Joshua's sarif data
Closes#18733
When a transfer has a speed limit less than 4, the receive loop early
exits without receiving anything, causing a busy loop for that transfer.
Perform that check only after the first receive has been done.
Reported in Joshua's sarif data
Closes#18732
The comments on `cf_recv()` function were outdated and described
calling conventions that no longer are true.
Reported in Joshua's sarif data
Closes#18728
The result of setting the negotiated ALPN was not checked, leading
to reporting success when it should not have.
Reported in Joshua's sarif data
Closes#18727
The return code of SSL_get_stream_read_error_code() was not checked
in one location, but others. Make that consistent.
Reported in Joshua's sarif data
Closes#18725
Fail on errors from SSL_handle_events().
Force quit Caddy test instance that is left hanging longer with
openssl-quic tests for unknown reasons.
Reported in Joshua's sarif data
Closes#18720
Restructured the code in the following ways:
* add terminal states SUCCESS and FAILED
* split SOCK4 and SOCK5 states to be more clear
* use `bufq` for send/recv of SOCK messages
* reduce SOCKS4 states, more speaking names
* for most states, move code into static function
* reduce SOCKS5 states, more speaking names
* add helpers for traversing to FAILED state
* add helper to flush bufq
* add hepler to read minimum amount into bufq
Closes#18401
Improvements around HTTP Upgrade: and multiplex hanndling:
* add `Curl_conn_set_multiplex()` to set connection's multiplex
bit and trigger "connchanged" events
* call `Curl_conn_set_multiplex()` in filters' `CF_CTRL_CONN_INFO_UPDATE`
implementation where other connection properties are updated.
This prevents connection updates before the final filter chain
is chosen.
* rename enum `UPGR101_INIT` to `UPGR101_NONE`
* rename connection bit `asks_multiplex` to `upgrade_in_progress`
* trigger "connchanged" when `upgrade_in_progress` clears
* rename `WebSockets` to `WebSocket` as it is the common term
used in documentation
Closes#18227
A probably unnecessary precaution but since the field sizes are 16 bit in the
protocol this makes sure to fail if they would ever be larger as that would go
wrong.
Reported in Joshua's sarif data
Closes#18719
- requirements.txt: shorten copyright headers.
- requirements.txt: pin packages to versions.
- GHA/windows: use `tests/requirements.txt`.
Pick a `cryptography` package version that satifies both `impacket`
and pytests dependencies.
- GHA/checksrc: move pip deps into a new `requirements.txt`.
To make Dependabot detect and bump them.
- GHA/checksrc: replace apt packages for python test deps with pip
install `tests/**/requirements.txt` to a venv.
- GHA/checksrc: use venv and drop `--break-system-packages`.
- GHA/linux: fix to actually activate venvs.
Follow-up to 2638570241#15578
- GHA/linux: fixup (did not cause an issue)
Follow-up to d75785c7de#18660
- GHA: create venvs later, simplify commands.
- GHA: sync pip command-line options, e.g. drop progress-bar,
everywhere.
Assisted-by: Dan Fandrich
Closes#18708
The mbedtls_ssl_read() function is documented to be able to also return
MBEDTLS_ERR_SSL_WANT_WRITE, so act on that accordingly instead of
returning error for it.
Assisted-by: Stefan Eissing
Reported in Joshua's sarif data
Closes#18682
The implementation was incomplete and lesser than the other backends. No
one ever reported a bug or requested enhancements for this, indicating
that this backend was never used.
Closes#18700
Replacing the hard-wired stable image. After this patch, it
will automatically follow upstream updates.
Follow-up to 6870bc1b35
Follow-up to 5a25df253dCloses#18709
- INSTALL.md: fence code to avoid wrong rendering.
Reported-by: rinsuki on github
Fixes: https://github.com/curl/curl-www/issues/480
- use `sh` instead of `bash` as fence language, for less visual noise.
- INSTALL.md: drop stray shebang.
- ECH.md: drop indent from fenced code.
- minor tidy-ups.
Ref: https://curl.se/docs/install.htmlCloses#18707
This reverts commit df60e8fe70.
The "first byte" checkpoint is not strictly the first byte received, but
the sign of first traffic from the server, which a closed connection
also is.
Closes#18676
If GSS returns a token to use that is longer than 65535 bytes, it can't
be transmitted since the length field is an unisgned 16 bit field and
thus needs to trigger an error.
Reported in Joshua's sarif data
Closes#18681
It may take 1.5 minutes to find the C compiler on macos with old cmake.
The build is also slow due to no unity and Ninja support.
```
Wed, 24 Sep 2025 04:56:51 GMT -- Using CMake version 3.11.4
Wed, 24 Sep 2025 04:58:01 GMT -- The C compiler identification is AppleClang 17.0.0.17000013
Wed, 24 Sep 2025 04:58:02 GMT -- Check for working C compiler: /Applications/Xcode_16.4.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang
Wed, 24 Sep 2025 04:59:33 GMT -- Check for working C compiler: /Applications/Xcode_16.4.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -- works
Wed, 24 Sep 2025 04:59:33 GMT -- Detecting C compiler ABI info
Wed, 24 Sep 2025 04:59:35 GMT -- Detecting C compiler ABI info - done
```
Ref: https://github.com/curl/curl/actions/runs/17966736478/job/51100678487?pr=18700#step:10:50Closes#18702
It was using the global parallel value in cmake integration tests, while
on macos runners, this should be lower by one, as used in other macos
jobs. Performance impact is minimal.
Follow-up to fb70812437#16126Closes#18701
Number of combo jobs down to 22 from 24.
Also:
- update the version matrix.
- update exclusion matrix.
- include verbose compiler configuration dump.
It makes the Apple-included, default `-I/usr/local/include` visible.
Ref: #18683Closes#18698
Same issue as seen earlier in the tsan job. Fix it the same way, by
switching to cmake to avoid autotools' libtool confusing the analyzer.
Ref: 2a46df31fd#18274
Configuration remains identical. I removed libssh2 from the installed
packages, because it was unused before, but cmake enabled it by default
and libssh2 has memory leaks:
Ref: https://github.com/curl/curl/actions/runs/17941312820/job/51018425159
Fixing:
```
/usr/bin/llvm-symbolizer-18: /home/runner/work/curl/curl/bld/lib/.libs/libcurl.so.4: no version information available (required by /usr/bin/llvm-symbolizer-18)
/usr/bin/llvm-symbolizer-18: symbol lookup error: /home/runner/work/curl/curl/bld/lib/.libs/libcurl.so.4: undefined symbol: __asan_option_detect_stack_use_after_return
==33900==WARNING: Can't read from symbolizer at fd 3
[..]
==33900==WARNING: Can't write to symbolizer at fd 6
==33900==WARNING: Failed to use and restart external symbolizer
```
Ref: https://github.com/curl/curl/actions/runs/17939949191/job/51013953675?pr=18693
Cherry-picked from #18693Closes#18696
This is an effort to pass more code through clang-tidt and scan-build
static analyzers. Following CodeQL Linux jobs.
GHA/codeql:
- also build with libssh.
- disable verbose output in build steps.
GHA/linux:
- enable more build options for the clang-tidy and scan-build jobs:
libidn2, nghttp2, ldap, kerberos, rtmp, gnutls, gsasl, rustls,
mbedtls, wolfssl
Use Linuxbrew where necessary.
- also enable ECH, gssapi in the scan-build job.
- fix 'scanbuild' to be 'scan-build' in the job name.
GHA/macos:
- build with Rustls in the clang-tidy job.
- add a new clang-tidy job to test HTTP/3 (with openssl + ngtcp2).
- build with libssh in one of the clang-tidy jobs.
- build with LibreSSL in the MultiSSL clang-tidy job.
- build with heimdal and kerberos in the clang-tidy jobs respectively.
- build with OpenLDAP in one clang-tidy job.
- add support for `skipall`, `skiprun` job options, and use it.
Closes#18660
Reported in macOS clang-tidy v21.1.1 build, after enabling libssh in it:
```
lib/vssh/libssh.c
lib/vssh/libssh.c:1342:9: error: Value stored to 'to_t' is never read [clang-analyzer-deadcode.DeadStores,-warnings-as-errors]
1342 | to_t = STRE_OK;
| ^
lib/vssh/libssh.c:1342:9: note: Value stored to 'to_t' is never read
lib/vssh/libssh.c:1349:9: error: Value stored to 'from_t' is never read [clang-analyzer-deadcode.DeadStores,-warnings-as-errors]
1349 | from_t = STRE_OK;
| ^
lib/vssh/libssh.c:1349:9: note: Value stored to 'from_t' is never read
2 warnings generated.
```
Ref: https://github.com/curl/curl/actions/runs/17909917954/job/50918955923?pr=18660#step:11:182
Cherry-picked from #18660Closes#18684
Seen with v21.1.1, non-debug-enabled build:
```
lib/vtls/rustls.c:415:23: error: File position of the stream might be 'indeterminate'
after a failed operation. Can cause undefined behavior [clang-analyzer-unix.Stream,-warnings-as-errors]
415 | const size_t rr = fread(buf, 1, sizeof(buf), f);
| ^
```
Ref: https://github.com/curl/curl/actions/runs/17898248031/job/50887746633?pr=18660#step:11:174
Cherry-picked from #18660Closes#18670
Replace `WSASocketW()` with `CURL_SOCKET()`. Also replace a call
to `socketclose()` with `sclose()`. According to a comment,
`socketclose()` was chosen to silence test 1498 (and 2300) reporting
`MEMORY FAILURE`. These reports were accurate, and were caused by
calling `WSASocketW()` instead of `socket()` (now `CURL_SOCKET()`).
This also fixes the curl `sclose()` call on an error branch, which is
now correctly paired with a curl socket open. The mismatched open/close
calls caused an issue in TrackMemory-enabled (aka `CURLDEBUG`) builds.
Docs confirm that `socket()` is defaulting to overlapped I/O, matching
the replaced `WSASocketW()` call:
https://learn.microsoft.com/windows/win32/api/winsock2/nf-winsock2-socket#remarks
Also:
- checksrc: ban `WSASocket*()` functions.
- report `SOCKERRNO` instead of `GetLastError()` for socket calls,
to match the rest of the codebase.
Follow-up to 9a2663322c#17572Closes#18633
- protocols MUST match one in the accept-list
- protocols are typically all uppercase
- drop All
- use SCP and SFTP instead of SSH
- add Protocols: to some options previously missing one
Closes#18675
Store the used remote address on the first receive call and then make
sure that it remains the same address on subsequent calls to reduce the
risk of tampering. Doesn't make the transfer secure because it is still
unauthenticated and clear text.
Reported in Joshua's sarif data
Closes#18658
Ban the use of IAC (0xff) in telnet options set by the application. They
need to be escaped when sent but I can't see any valid reason for an
application to send them.
Of course, an application sending such data basically ask for trouble.
Reported in Joshua's sarif data
Closes#18657
The range-parsing returned CURLE_RANGE_ERROR directly on one error
instead of calling myssh_to_ERROR() like it should and like it does for
all other errors.
Reported in Joshua's sarif data
Closes#18652
Specifically, when ftpc->wait_data_conn was true and
Curl_conn_connect(...) returned with serv_conned == false the code
called ftp_check_ctrl_on_data_wait and returned without setting
*completep.
Now set it to 0 at function start to avoid this happening again.
Reported in Joshua's sarif data
Closes#18650
Show these flags:
- `LLVM-CLANG` for mainline llvm/clang.
- `APPLE-CLANG` for Apple clang.
- `CLANG-CL` for clang-cl. (cmake only)
Also:
- GHA/linux: fix a job to build with clang, to match its descriptions.
Closes#18645
By appending `:all:[separator]` to the header name. The `[separator]` string
is output between each header value if there are more than one to output.
Test 764 and 765 verify
Idea-by: kapsiR on github
Ref: #18449Closes#18491
It was accidentally broken in commit 0f4c439fc7, shipped since
8.8.0 (May 2024) and yet not a single person has noticed or reported,
indicating that we might as well drop support for FTP Kerberos.
Krb5 support was added in 54967d2a3a (July 2007), and we have
been carrying the extra license information around since then for this
code. This commit removes the last traces of that code and thus we can
remove the extra copyright notices along with it.
Reported-by: Joshua Rogers
Closes#18577
In case we get "funny" input and the same field is provided several
times, free the old pointer before stored a new memdup.
Reported in Joshua's sarif data
Closes#18631
The code called set sshc->nextstate and returned SSH_OK without setting
sshc->actualcode to an error code.
Reported in Joshua's sarif data
Closes#18637
If the last port to test is 65535, the loop would previously wrongly
wrap the counter and start over at 0, which was not intended.
Reported in Joshua's sarif data
Closes#18636
Before this patch `accept4()`, `socket()`, `socketpair()`, `send()` and
`recv()` system symbols were remapped via macros, using the same name,
to local curl debug wrappers. This patch replaces these overrides by
introducing curl-namespaced macros that map either to the system symbols
or to their curl debug wrappers in `CURLDEBUG` (TrackMemory) builds.
This follows a patch that implemented the same for `accept()`.
The old method required tricks to make these redefines work in unity
builds, and avoid them interfering with system headers. These tricks
did not work for system symbols implemented as macros.
The new method allows to setup these mappings once, without interfering
with system headers, upstream macros, or unity builds. It makes builds
more robust.
Also:
- checksrc: ban all mapped functions.
- docs/examples: tidy up checksrc rules.
Follow-up to 9863599d69#18502
Follow-up to 3bb5e58c10#17827Closes#18503
This is a variadic function call with a mismatched argument type; on
platforms where uintptr_t and size_t differ, this invokes undefined
behavior.
Reported in Joshua's sarif data
Closes#18628
- add comment in the header that the argument 'size' is always 1,
as guaranteed by the libcurl API
- then fix the call to fwrite() to avoid using "size, etag_length" which
would be wrong if size was something else than 1, and use a fixed
number there instead.
Reported in Joshua's sarif data
Closes#18630
- update Microsoft documentation links.
(also drop language designator where present.)
- checksrc: allow longer than 78 character lines if they
contain a https URL. To make these links easier to use and parse.
- merge links that were split into two lines.
Closes#18626
`-Weverything` is not enabled by curl, and not recommended by LLVM,
because it may enable experimental options, and will result in new
fallouts after toolchain upgrades. This patch aims to fix/silence as much
as possible as found with llvm/clang 21.1.0. It also permanently enables
warnings that were fixed in source and deemed manageable in the future.
`-Wformat` warnings are addressed separately via #18343.
Fix/silence warnings in the source:
- typecheck-gcc.h: fix `-Wreserved-identifier`.
- lib: silence `-Wcast-function-type-strict`.
For llvm 16+ or Apple clang 16+.
- asyn-ares: limit `HAPPY_EYEBALLS_DNS_TIMEOUT` to old c-ares versions.
- curl_trc: fix `-Wc++-hidden-decl`.
- doh: fix `-Wc++-keyword`.
- ftp: fix `-Wreserved-identifier`.
- ldap: fix `-Wreserved-identifier`.
- mqtt: comment unused macro to avoid warning.
- multi_ev: drop unused macros to avoid warnings.
- setopt: fix useless `break;` after `return;`.
- gtls, mbedtls, rustls: silence `-Wconditional-uninitialized`.
- socks_sspi, schannel, x509asn1: fix `-Wimplicit-int-enum-cast`.
- x509asn1: fix `-Wc++-keyword`.
- openssl: scope `OSSL_UI_METHOD_CAST` to avoid unused macro warning.
- libssh2, wolfssl: drop unused macros.
- curl_ngtcp2, curl_quiche, httpsrr, urlapi: drop/limit unused macros.
- tool_getparam: fix useless `break;` after `return;` or `break;`.
Not normally enabled because it doesn't work with unity.
https://github.com/llvm/llvm-project/issues/71046
- tool_operate: fix `-Wc++-keyword`.
- curlinfo: fix a `-Wunsafe-buffer-usage`.
- tests: silence `-Wformat-non-iso`.
- lib557: fix `-Wreserved-identifier`.
- lib1565: silence `-Wconditional-uninitialized`.
Enable the above clang warnings permanently in picky mode:
- `-Wc++-hidden-decl`
- `-Wc++-keyword` (except for Windows, where it collides with `wchar_t`)
- `-Wcast-function-type-strict`
- `-Wcast-function-type`
- `-Wconditional-uninitialized`
- `-Wformat-non-iso` (except for clang-cl)
- `-Wreserved-identifier`
- `-Wtentative-definition-compat`
Silence problematic `-Weverything` warnings globally (in picky mode):
- `-Wused-but-marked-unused` (88000+ hits) and
`-Wdisabled-macro-expansion` (2600+ hits).
Triggered by `typecheck-gcc.h` when building with clang 14+.
Maybe there exists a way to fix within that header?
Ref: https://discourse.llvm.org/t/removing-wused-but-marked-unused/55310
- `-Wunsafe-buffer-usage`. clang 16+. 7000+ hits.
May be useful in theory, but such high volume of hits makes it
impractical to review and possibly address. Meant for C++.
Ref: https://clang.llvm.org/docs/SafeBuffers.html
Ref: https://stackoverflow.com/questions/77017567/how-to-fix-code-to-avoid-warning-wunsafe-buffer-usage
Ref: https://discourse.llvm.org/t/rfc-c-buffer-hardening/65734
Ref: https://github.com/llvm/llvm-project/pull/111624
- `-Wimplicit-void-ptr-cast`. clang 21+. 1700+ hits.
C++ warning, deemed pure noise.
Ref: https://github.com/curl/curl/issues/18470#issuecomment-3253506266
- `-Wswitch-default` (180+ hits), `-Wswitch-enum` (190+ hits),
`-Wcovered-switch-default` (20+ hits).
Next to impossible to fix cleanly, esp. when the covered `case`
branches depend on compile-time options.
- `-Wdocumentation-unknown-command` (8+ hits).
Triggered in a few sources. Seems arbitrary and bogus.
- `-Wpadded` (550+ hits).
- `-Wc++-keyword` on Windows, where it collides with `wchar_t`.
(100+ hits)
Ref: https://github.com/llvm/llvm-project/issues/155988
- `-Wreserved-macro-identifier`. clang 13+. 5+ hits.
Sometimes it's necessary to set external macros that use
the reserved namespace. E.g. `_CRT_NONSTDC_NO_DEPRECATE`,
`__ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__`, `__NO_NET_API`,
possibly `_REENTRANT`, and more.
It's not worth trying to silence them individually.
- `-Wnonportable-system-include-path` with `clang-cl`.
It'd be broken by doing what the warning suggests.
- `-Wformat-non-iso` for clang-cl.
CMake `PICKY_COMPILER=ON` (the default) or `./configure`
`--enable-warnings` (not the default) is required to enable these
silencing rules.
Also:
- autotools, cmake: fix Apple clang and mainline llvm version translations.
Ref: https://en.wikipedia.org/wiki/Xcode#Toolchain_versions
- autotools, cmake: enable `-Warray-compare` for clang 20+.
Follow-up to 4b7accda5a#17196
- cmake: fix to enable `-Wmissing-variable-declarations` at an earlier
clang version.
- cmake: update internal logic to handle warning options with `+` in
them.
- cmake: fix internal logic to match the whole option when looking
into `CMAKE_C_FLAGS` for custom-disabled warnings.
Follow-up to b85cb8cb4e#18485Closes#18477
To avoid hitting `-Wreserved-macro-identifier` where possible.
- amigaos: introduce local macro instead of reusing `__request()`.
- easy_lock: avoid redefining `__has_builtin()`.
Follow-up to 33fd57b8ff#9062
- rand: drop interim macro `_random()`.
- windows: rename local macro `_tcsdup()` to `Curl_tcsdup()`.
To avoid using the reserved macro namespace and to avoid
colliding with `_tcsdup()` as defined by Windows headers.
- checksrc: ban `_tcsdup()` in favor of `Curl_tcsdup()`.
- tool_doswin: avoid redefining `_use_lfn()` (MS-DOS).
- tool_findfile: limit `__NO_NET_API` hack to AmigaOS.
Syncing this pattern with `lib/netrc.c`.
Follow-up to 784a8ec2c1#16279
- examples/http2-upload: avoid reserved namespace for local macro.
More cases will be removed when dropping WinCE support via #17927.
Cases remain when defining external macros out of curl's control.
Ref: #18477Closes#18482
We used to treat 0 as "call strlen() to get the length" for
curlx_base64_encode, but it turns out this is rather fragile as we
easily do the mistake of passing in zero when the data is actually not
there and then calling strlen() is wrong.
Force the caller to pass in the correct size. A zero length input string
now returns a zero length output and a NULL pointer.
Closes#18617
Because parts of the cookie loading happens on transfer start the
in-memory cookie jar risks being incomplete and then a save might
wrongly truncate the target file.
Added test 1902 to verify.
Reported-by: divinity76 on github
Fixes#18621Closes#18622
The null-termination was first added in the initial SFTP commit in 2006:
a634f64400
At that time this was a reasonable concern because libssh2 started
null-terminating this string just one year prior, in 2005:
efc3841fd2
This fix was released in libssh2 v0.13 (2006-03-02).
curl requires libssh2 v1.2.8, making this workaround no longer necessary.
Follow-up to 9f18cb6544#18598Closes#18606
- null-terminate the result to match the other getter
`libssh2_sftp_symlink_ex()` call.
- check negative result and bail out early.
Reported-by: Joshua Rogers
Closes#18598
- Use the plural 'seconds' for anything other than exactly 1 second.
Before: Will retry in 1.250 second.
After: Will retry in 1.250 seconds.
Follow-up to ca034e83.
Closes https://github.com/curl/curl/pull/18604
When Curl_timeleft() < 0 we used to return 0, masking the expiry and
skipping the caller’s (timeout_ms < 0) path. Now we set FIN and return
the negative value so tftp_multi_statemach() aborts with
CURLE_OPERATION_TIMEDOUT as intended.
Closes#18574
- Ensure memory allocated by malloc() is freed by free().
Prior to this change SSPI's FreeContextBuffer() was sometimes used to
free malloc'd memory. I can only assume the reason we have no crash
reports about this is because the underlying heap free is probably the
same for both.
Reported-by: Joshua Rogers
Fixes https://github.com/curl/curl/issues/18587
Closes https://github.com/curl/curl/pull/18594
The checks did not account for the **two byte** 16bit read so risked
reading one more byte than what actually was received.
Reported-by: Joshua Rogers
Closes#18599
Rewrite the code that removes a filter from the connection and discards
it. Always look at the connection, otherwise it will not work of the
filter is at the top of the chain.
Change QUIC filter setup code to always tear down the chain in
construction when an error occured.
HTTP proxy, do not remove the h1/h2 sub filter on close. Leave it to be
discarded with the connection. Avoids keeping an additional pointer that
might become dangling.
Triggered by a reported on a code bug in discard method.
Reported-by: Joshua Rogers
Closes#18596
Also, show retry delay with decimals since it might be not be integer
seconds.
Regression from da27db068f (shipped in 8.16.0)
Reported-by: Andrew Olsen
Fixes#18591
Assisted-by: Jay Satiro
Closes#18595
For multiple enums, we use LASTENTRY values to do range checks when
receiving an option as integer. So I added LASTENTRY, so the check will
work, even if you add more options later.
Closes#18578
- When an option name is used in text, this script no longer outputs the
short plus long version in the manpage output. It makes the text much
more readable.
This always showing both verions was previously done primarily to make
sure roffit would linkify it correctly, but since roffit 0.17 it
should link both long or short names correctly.
- When managen outputs generic text about options at the end of the
description it now highlights them properly so that they too get
linkified correctly in the HTML version. For consistency.
Closes#18580
AWS-LC fixed a bug with large read ahead buffers in v1.61.0. Check a
define introduced in that version to enable the large read ahead again.
AWS-LC issue: https://github.com/aws/aws-lc/issues/2650Closes#18568
Fixing:
```
ninja: error: '<...>/basedir.md/_bld/docs/libcurl/libcurl-symbols.md',
needed by 'docs/libcurl/curl_easy_cleanup.3', missing and no known rule to make it
```
Reported-by: Nir Azkiel
Fixes#18560
Follow-up to 898b012a9b#1288Closes#18563
- add HTTP/3 build with OpenSSL 3.5, nghttp3 and ngtcp2.
- enable GSASL, Heimdal, rtmp, SSLS-export.
- make one build MultiSSL with GnuTLS, mbedTLS, Rustls, wolfSSL.
- build servers (also on Windows), and tunits.
- use Linuxbrew to install build dependencies missing from Ubuntu.
Coverage is now 466 C files. (was: 446)
Closes#18557
`CI.md` slipped into the 8.15.0, 8.16.0 tarballs by accident.
Remove it again and update the checker exception.
Follow-up to fa3f889752#17463Closes#18549
Remove use of pthread_cancel in asnyc threaded resolving. While there
are system where this works, others might leak to resource leakage
(memory, files, etc.). The popular nsswitch is one example where resolve
code can be dragged in that is not prepared.
The overall promise and mechanism of pthread_cancel() is just too
brittle and the historcal design of getaddrinfo() continues to haunt us.
Fixes#18532
Reported-by: Javier Blazquez
Closes#18540
... without outputing a verbose message about it. In the early days we
had 2L and 1L have different functionalities.
Reported-by: Jicea
Bug: https://curl.se/mail/lib-2025-09/0031.htmlCloses#18547
Make sure to not rebuild man pages after purging system curl, to make
the job faster and avoid timeouts:
```
Sun, 14 Sep 2025 10:16:28 GMT Removing curl (8.5.0-2ubuntu10.6) ...
Sun, 14 Sep 2025 10:16:28 GMT Processing triggers for man-db (2.12.0-4build2) ...
Sun, 14 Sep 2025 10:21:22 GMT (Reading database ... 218629 files and directories currently installed.)
```
Ref: https://github.com/curl/curl/actions/runs/17709785947/job/50326910814?pr=18535#step:3:19Closes#18544
- remove "connect to multiple IPs in parallel"
- remove "CURLOPT_RESOLVE for any port number", It can already be
accomplished with CURLOPT_CONNECT_TO
- remove "dynamically load modules", we don't believe in this
- remove "netrc caching and sharing", we already cache it
- remove "Offer API to flush the connection pool", this is effectively
what CURLMOPT_NETWORK_CHANGED now allows
- remove "WebSocket read callback", introduced in 8.16.0
Closes#18542
- bump OpenSSL 3.4 to 3.5 on VS2022 runners.
- bump OpenSSL 1.1.1 to 3.0 on VS2019 runners.
1.1.1 is documented to be present, but missing.
Fixes:
```
+ cmake -G 'Visual Studio 16 2019' -A x64 [...] -DOPENSSL_ROOT_DIR=C:/OpenSSL-v111-Win64 [...]
CMake Error at C:/Program Files/CMake/share/cmake-4.1/Modules/FindPackageHandleStandardArgs.cmake:227 (message):
Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the
system variable OPENSSL_ROOT_DIR (missing: OPENSSL_CRYPTO_LIBRARY
OPENSSL_INCLUDE_DIR)
Call Stack (most recent call first):
CMakeLists.txt:757 (find_package)
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/52740431/job/tq6h4xhqpa3vgq47?fullLog=true
Ref: https://www.appveyor.com/docs/windows-images-software/
Ref: 9a739f7bceCloses#18543
Some applications may want to periodically recheck the remote server
certificate, which doesn't happen on a long-running connection.
Ref: #18527Closes#18533
To make the texts easier on the eye.
- Remove most free text references to curl versions before 7.60.0 (May
2018)
- Leave those present in a HISTORY section
Most of them are already documented in symbols-in-versions anyway.
Closes#18530
Set a default value to only reuse existing connections if less than 24
hours old. This makes the TLS certificate check get redone for the new
connection. An application can still set it to zero.
Closes#18527
- fix `nghttp2` build to also build the `nghttpx` application.
Restore required `libc-ares-dev`. Also confirm that `libev-dev` is
required too. Document these requirements.
Follow-up to 0455d8772a#18509
- explicitly enable `nghttpx` for the `nghttp2` build to make it fail if
requirements aren't met:
```
configure: error: applications were requested (--enable-app) but dependencies are not met.
```
- explicitly install brotli, zstd, zlib for the dependency builds.
Of these, zstd and zlib are preinstalled. zlib is required for
`nghttpx`. zstd and brotli doesn't seem to be used, but keep them
there just in case and to match the test env.
Follow-up to 0455d8772a#18509
- enable brotli for `nghttpx`. It doesn't change the tests, and also
cost almost nothing, so I figure why not.
Closes#18522
Access the error codes of ngtcp2 when a connect attempt failes. Trace
the information for analysis. Treat errors as permanent failure by
default, trigger retrying only when the server refused without
indicating an error.
Closes#18521
When switching to TSLv1.2 as default in
9d8998c994, this led to an explicit
setting of 1.2 on QUIC connections when using quictls, overriding the
already set min version of 1.3.
This leads to a ClientHello with TLS 1.2+1.3 offered on a QUIC connect
which is rejected by the Caddy server. Using ngtcp2 with OpenSSL 3.5+,
GnuTLS or AWS-LC is not affected.
Fixes#18518
Reported-by: fds242 on github
Closes#18520
- explicitly install `libldap-dev` to not rely on test-specific packages
installing it implicitly, to have the same `curl -V` output for each
TLS backend build pair.
Follow-up to 0455d8772a#18509
- install `libev-dev` for tests. It's a runtime dependency for
the local build of `nghttpx`. Missing it made pytest skip 178 tests.
Also skewing the 'Gain' time. I estimate it to account for 3 minutes,
making the total gain ~20 minutes.
Follow-up to 0455d8772a#18509
(It may be a better solution to disable libev for the local nghttp2
build, to avoid this hidden dependency.)
- fix quiche jobs to use the local build of `libnghttp2`.
- stop installing the `clang` package for Windows-cross. `clang` and
`clang-tidy` tools are preinstalled on the Ubuntu 24.04 runner.
Closes#18519
In the last couple of months some jobs started taking a lot of time and
often timing out due to slow `apt install` from the Azure Ubuntu mirror.
The jobs affected were those that installed large packages:
GHA/http3-linux and the 3 cross-build jobs in GHA/windows.
This patch reduces the installed packaged to the minimum required
to complete the jobs. Saving a minute+ for each http3-linux job (a total
of 20+ minutes for the workflow.) Also saving bandwidth and reducing
the chance for long downloads or timeouts with slow Azure repos.
Details:
- http3: delete redundant packages from the `build-cache` job.
- http3: install gnutls dependencies for gnutls jobs only.
- http3: do not install test dependencies in jobs not running tests.
- http3: drop redundant packages from the curl jobs.
- Windows-cross: replace `mingw-w64` with `gcc-mingw-w64-x86-64-win32`
for the 3 Windows cross-build job. Dropping C++, 32-bit, and 64-bit
POSIX-threaded parts. Saving time and significant bandwidth for each
of the 3 jobs:
Download size: 277 MB -> 65 MB (installed: 1300 MB -> 400 MB)
- Windows-cross: restore previous job time limit of 15m (from 45m)
Follow-up to ff5140a25f#18163
Before:
https://github.com/curl/curl/actions/runs/17611514207 (http3)
https://github.com/curl/curl/actions/runs/17611514185/job/50034354923 (Windows cross)
After:
https://github.com/curl/curl/actions/runs/17628406362?pr=18509 (http3)
https://github.com/curl/curl/actions/runs/17627562551/job/50088055529?pr=18509 (Windows cross)
http3 job | Bef. | Aft. |
:------------------ | ------: | ------: |
Build caches (hot) | 10s | 12s |
AM awslc | 3m 0s | 1m 54s |
CM awslc | 4m 32s | 3m 4s |
AM boringssl | 3m 9s | 1m 48s |
CM boringssl | 3m 43s | 3m 2s |
AM gnutls | 3m 9s | 2m 18s |
CM gnutls | 4m 19s | 2m 55s |
AM libressl | 2m 14s | 1m 24s |
CM libressl | 5m 30s | 2m 57s |
AM openssl | 5m 16s | 4m 17s |
CM openssl | 1m 50s | 1m 47s |
AM openssl-quic | 2m 58s | 1m 7s |
CM openssl-quic | 4m 16s | 2m 43s |
AM quiche | 2m 54s | 1m 34s |
CM quiche | 5m 0s | 3m 15s |
AM quictls | 2m 34s | 1m 13s |
CM quictls | 4m 20s | 3m 17s |
AM wolfssl | 2m 48s | 1m 30s |
CM wolfssl | 4m 49s | 3m 22s |
Total: | 66m 21s | 43m 27s |
Gain: | | 22m 54s |
Out of curiousity, build times as seen in the http3 build-cache job:
- TLS backends:
- openssl: 2m25s
- libressl: 27s
- aws-lc: 41s
- boringssl: 1m8s
- quictls: 1m46s
- gnutls: 6m30s
- wolfssl: 51s
- quiche + boringssl: 1m9s
- ng* libs (not yet optimized for build speed):
- nghttp3: 13s
- ngtcp2: 52s (with 6 backends, 3 runs)
- ngtcp2: 19s (boringssl)
- nghttp2: 21s
Ref: https://github.com/curl/curl/actions/runs/17626120054/job/50083344805
A similar effort in curl-for-win, affecting 2 GHA/curl-for-win Windows
jobs (though they use the default Debian repo, with no issues):
- with llvm/clang:
Download size: 648 MB -> 430 MB (installed: 3344 MB -> 2333 MB)
- with gcc:
Download size: 550 MB -> 328 MB (installed: 2815 MB -> 1804 MB)
Ref: e19665d948
Ref: 6b14c3946a
Bug: https://github.com/curl/curl/pull/18502#issuecomment-3270259744Closes#18509
When passing an address to curl_easy_getinfo to retrieve a value and the
address is NULL, return CURLE_BAD_FUNCTION_ARGUMENT instead of
CURLE_UNKNOWN_OPTION.
Closes#18512
Check the easy handles magic in calls to curl_easy_getinfo().
In Curl_close() clear the magic after DNS shutdown since we'd
like to see tracing for this.
When clearing the magic, also clear the verbose flag so we
no longer call DEBUGFUNCTION on such a handle.
Closes#18511
Some OSes (Linux, macOS, more?) will generate an EMSGSIZE socket error
on the next recv all after receiving an ICMP Packet Too Big on an
unconnected UDP socket.
These can be safely ignored as QUIC's DPLPMTUD uses MTU probes that do
not rely on receiving ICMP packets.
Closes#18505
2025-09-10 11:51:25 +02:00
3908 changed files with 125282 additions and 120404 deletions
while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew install automake libtool; then break 2; else echo Error:wait to try again; sleep 10; fi; done; false Too many retries; done
# shellcheck disable=SC2181
while [[ $? == 0 ]]; do
for i in 1 2 3; do
if brew update && brew install automake libtool; then
break 2
else
echo "Error: wait to try again: $i"
sleep 10
fi
done
falseToo many retries
done
- name:'toolchain versions'
run:echo '::group::brew packages installed'; ls -l /opt/homebrew/opt; echo '::endgroup::'
while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew install automake libtool; then break 2; else echo Error:wait to try again; sleep 10; fi; done; false Too many retries; done
# shellcheck disable=SC2181
while [[ $? == 0 ]]; do
for i in 1 2 3; do
if brew update && brew install automake libtool; then
while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew bundle install --file /tmp/Brewfile; then break 2; else echo Error:wait to try again; sleep 10; fi; done; false Too many retries; done
# shellcheck disable=SC2181
while [[ $? == 0 ]]; do
for i in 1 2 3; do
if brew update && brew install pkgconf libpsl libssh2 ${INSTALL_PACKAGES} ${MATRIX_INSTALL}; then
# Reduce build combinations, by dropping less interesting ones
- {compiler: gcc-13, build:cmake }
- {compiler: gcc-14, build:autotools }
- {image: macos-26, compiler:'gcc-13'}
- {compiler: 'gcc-14' , build:cmake }
# Reduce autotools to just one job that is also build with cmake
- {compiler: 'gcc-13' , build:autotools }
- {compiler: 'gcc-14' , build:autotools }
- {compiler: 'gcc-15' , build:autotools }
- {compiler: 'llvm@15', build:autotools }
- {compiler: 'llvm@18', build:autotools }
- {compiler: 'llvm@20', build:autotools }
- {image: macos-14, build:autotools }
- {image: macos-15, build:autotools }
steps:
- name:'install autotools'
if:${{ matrix.build == 'autotools' }}
run:|
# shellcheck disable=SC2181,SC2034
while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew install automake libtool; then break 2; else echo Error:wait to try again; sleep 10; fi; done; false Too many retries; done
# shellcheck disable=SC2181
while [[ $? == 0 ]]; do
for i in 1 2 3; do
if brew update && brew install automake libtool; then
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Copyright [various years] The Regents of the University of California. All rights reserved.
Copyright [various years] The Regents of the University of California.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors.
3. All advertising materials mentioning features or use of this software must
display the following acknowledgement: This product includes software
developed by the University of California, Berkeley and its contributors.
4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
4. Neither the name of the University nor the names of its contributors may be
used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
