git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

build: drop Heimdal support, update docs, replace with MIT Kerberos in CI

Browse Source 
The kerberos5 library Heimdal is one of three GSS libraries curl support.
It has a memory leak triggered by the new test in #18917 and the project
seems mostly abandoned.

Drop support and steer users to the MIT krb5 or GNU GSS libraries.

Co-authored-by: Daniel Stenberg

Ref: #18928
Closes #18928
Closes #18932
This commit is contained in:
Viktor Szakats 2025-10-08 12:03:18 +02:00
parent cd7b45a3bb
commit 8be9a26451
No known key found for this signature in database
GPG Key ID: B5ABD165E2AEF201
13 changed files with 63 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/codeql.yml vendored
View File

@ -76,7 +76,7 @@ jobs:
sudo apt-get -o Dpkg::Use-Pty=0 update
sudo rm -f /var/lib/man-db/auto-update
sudo apt-get -o Dpkg::Use-Pty=0 install libpsl-dev libbrotli-dev libidn2-dev libssh2-1-dev libssh-dev \
libnghttp2-dev libldap-dev heimdal-dev librtmp-dev libgnutls28-dev libwolfssl-dev
libnghttp2-dev libldap-dev libkrb5-dev librtmp-dev libgnutls28-dev libwolfssl-dev
HOMEBREW_NO_AUTO_UPDATE=1 /home/linuxbrew/.linuxbrew/bin/brew install c-ares gsasl libnghttp3 libngtcp2 mbedtls rustls-ffi
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

2
.github/workflows/linux-old.yml vendored
View File

@ -68,7 +68,7 @@ jobs:
dpkg -i freexian-archive-keyring_2022.06.08_all.deb
echo 'deb http://deb.freexian.com/extended-lts stretch-lts main contrib non-free' | tee /etc/apt/sources.list.d/extended-lts.list
apt-get -o Dpkg::Use-Pty=0 update
apt-get -o Dpkg::Use-Pty=0 install -y --no-install-suggests --no-install-recommends cmake make automake autoconf libtool gcc pkg-config libpsl-dev libzstd-dev zlib1g-dev libgnutls28-dev libc-ares-dev heimdal-dev libldap2-dev librtmp-dev stunnel4 groff
apt-get -o Dpkg::Use-Pty=0 install -y --no-install-suggests --no-install-recommends cmake make automake autoconf libtool gcc pkg-config libpsl-dev libzstd-dev zlib1g-dev libgnutls28-dev libc-ares-dev libkrb5-dev libldap2-dev librtmp-dev stunnel4 groff
# GitHub's actions/checkout needs newer glibc and libstdc++. The latter also depends on
# gcc-8-base, but it doesn't actually seem used in our situation and isn't available in
# the main repo, so force the install.

19
.github/workflows/linux.yml vendored
View File

@ -69,13 +69,13 @@ jobs:
fail-fast: false
matrix:
build:
- name: 'libressl heimdal'
install_packages: libidn2-dev libnghttp2-dev libldap-dev heimdal-dev
- name: 'libressl krb5'
install_packages: libidn2-dev libnghttp2-dev libldap-dev libkrb5-dev
install_steps: libressl pytest codeset-test
configure: LDFLAGS=-Wl,-rpath,/home/runner/libressl/lib --with-openssl=/home/runner/libressl --with-gssapi --enable-debug
- name: 'libressl heimdal valgrind'
install_packages: libnghttp2-dev libldap-dev heimdal-dev valgrind
- name: 'libressl krb5 valgrind'
install_packages: libnghttp2-dev libldap-dev libkrb5-dev valgrind
install_steps: libressl
generate: -DOPENSSL_ROOT_DIR=/home/runner/libressl -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON -DCURL_LIBCURL_VERSIONED_SYMBOLS=ON
@ -365,7 +365,7 @@ jobs:
run: |
apk add --no-cache build-base autoconf automake libtool perl openssl-dev \
libssh2-dev zlib-dev brotli-dev zstd-dev libidn2-dev openldap-dev \
heimdal-dev libpsl-dev c-ares-dev \
krb5-dev libpsl-dev c-ares-dev \
py3-impacket py3-asn1 py3-six py3-pycryptodomex \
perl-time-hires openssh stunnel sudo git openssl
@ -671,13 +671,8 @@ jobs:
TEST_TARGET: ${{ matrix.build.torture && 'test-torture' || 'test-ci' }}
TFLAGS: '${{ matrix.build.tflags }}'
run: |
if [ "${TEST_TARGET}" = 'test-ci' ]; then
if [[ "${MATRIX_INSTALL_PACKAGES}" = *'valgrind'* ]]; then
TFLAGS+=' -j6'
if [[ "${MATRIX_INSTALL_PACKAGES}" = *'heimdal-dev'* ]]; then
TFLAGS+=' ~2056 ~2057 ~2077 ~2078' # memory leaks from Curl_auth_decode_spnego_message() -> gss_import_name()
fi
fi
if [ "${TEST_TARGET}" = 'test-ci' ] && [[ "${MATRIX_INSTALL_PACKAGES}" = *'valgrind'* ]]; then
TFLAGS+=' -j6'
fi
[ -f ~/venv/bin/activate ] && source ~/venv/bin/activate
if [[ "${MATRIX_INSTALL_STEPS}" = *'codeset-test'* ]]; then

10
.github/workflows/macos.yml vendored
View File

@ -294,17 +294,17 @@ jobs:
- name: 'HTTP/3 clang-tidy'
compiler: clang
install: llvm brotli zstd libnghttp3 libngtcp2 openldap heimdal
install: llvm brotli zstd libnghttp3 libngtcp2 openldap krb5
install_steps: clang-tidy skipall
generate: >-
-DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DUSE_NGTCP2=ON
-DLDAP_INCLUDE_DIR=/opt/homebrew/opt/openldap/include -DLDAP_LIBRARY=/opt/homebrew/opt/openldap/lib/libldap.dylib -DLDAP_LBER_LIBRARY=/opt/homebrew/opt/openldap/lib/liblber.dylib
-DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/heimdal
-DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/krb5
-DCURL_CLANG_TIDY=ON -DCLANG_TIDY=/opt/homebrew/opt/llvm/bin/clang-tidy
- name: 'LibreSSL openldap heimdal c-ares +examples'
install: libressl heimdal openldap
generate: -DENABLE_DEBUG=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/libressl -DENABLE_ARES=ON -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/heimdal -DLDAP_INCLUDE_DIR=/opt/homebrew/opt/openldap/include -DLDAP_LIBRARY=/opt/homebrew/opt/openldap/lib/libldap.dylib -DLDAP_LBER_LIBRARY=/opt/homebrew/opt/openldap/lib/liblber.dylib
- name: 'LibreSSL openldap krb5 c-ares +examples'
install: libressl krb5 openldap
generate: -DENABLE_DEBUG=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/libressl -DENABLE_ARES=ON -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/krb5 -DLDAP_INCLUDE_DIR=/opt/homebrew/opt/openldap/include -DLDAP_LIBRARY=/opt/homebrew/opt/openldap/lib/libldap.dylib -DLDAP_LBER_LIBRARY=/opt/homebrew/opt/openldap/lib/liblber.dylib
- name: 'wolfSSL !ldap brotli zstd'
install: brotli wolfssl zstd
install_steps: pytest

6
.github/workflows/non-native.yml vendored
View File

@ -61,7 +61,7 @@ jobs:
architecture: ${{ matrix.arch }}
run: |
# https://pkgsrc.se/
time sudo pkgin -y install cmake ninja-build pkg-config perl brotli heimdal openldap-client libssh2 libidn2 libpsl nghttp2 py311-impacket
time sudo pkgin -y install cmake ninja-build pkg-config perl brotli mit-krb5 openldap-client libssh2 libidn2 libpsl nghttp2 py311-impacket
time cmake -B bld -G Ninja \
-DCMAKE_INSTALL_PREFIX="$HOME"/curl-install \
-DCMAKE_UNITY_BUILD=ON \
@ -164,10 +164,10 @@ jobs:
# https://ports.freebsd.org/
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
time sudo pkg install -y cmake-core ninja perl5 \
pkgconf brotli openldap26-client libidn2 libnghttp2 stunnel py311-impacket
pkgconf brotli krb5-devel openldap26-client libidn2 libnghttp2 stunnel py311-impacket
else
time sudo pkg install -y autoconf automake libtool \
pkgconf brotli openldap26-client libidn2 libnghttp2 stunnel py311-impacket
pkgconf brotli krb5-devel openldap26-client libidn2 libnghttp2 stunnel py311-impacket
export MAKEFLAGS=-j3
fi

80
CMake/FindGSS.cmake
View File

@ -29,8 +29,8 @@
#
# Result variables:
#
# - `GSS_FOUND`: System has the Heimdal library.
# - `GSS_FLAVOUR`: "GNU", "MIT" or "Heimdal" if anything found.
# - `GSS_FOUND`: System has a GSS library.
# - `GSS_FLAVOUR`: "GNU" or "MIT" if anything found.
# - `GSS_INCLUDE_DIRS`: The GSS include directories.
# - `GSS_LIBRARIES`: The GSS library names.
# - `GSS_LIBRARY_DIRS`: The GSS library directories.
@ -41,7 +41,6 @@
set(_gnu_modname "gss")
set(_mit_modname "mit-krb5-gssapi")
set(_heimdal_modname "heimdal-gssapi")
include(CheckIncludeFile)
include(CheckIncludeFiles)
@ -56,7 +55,7 @@ set(_gss_LIBRARY_DIRS "")
if(NOT GSS_ROOT_DIR AND NOT "$ENV{GSS_ROOT_DIR}")
if(CURL_USE_PKGCONFIG)
find_package(PkgConfig QUIET)
pkg_search_module(_gss ${_gnu_modname} ${_mit_modname} ${_heimdal_modname})
pkg_search_module(_gss ${_gnu_modname} ${_mit_modname})
list(APPEND _gss_root_hints "${_gss_PREFIX}")
set(_gss_version "${_gss_VERSION}")
endif()
@ -137,14 +136,8 @@ if(NOT _gss_FOUND) # Not found by pkg-config. Let us take more traditional appr
OUTPUT_STRIP_TRAILING_WHITESPACE)
# Older versions may not have the "--vendor" parameter. In this case we just do not care.
if(_gss_configure_failed)
set(GSS_FLAVOUR "Heimdal") # most probably, should not really matter
else()
if(_gss_vendor MATCHES "Heimdal|heimdal")
set(GSS_FLAVOUR "Heimdal")
else()
set(GSS_FLAVOUR "MIT")
endif()
if(NOT _gss_configure_failed AND NOT _gss_vendor MATCHES "Heimdal|heimdal")
set(GSS_FLAVOUR "MIT") # assume a default, should not really matter
endif()
else() # Either there is no config script or we are on a platform that does not provide one (Windows?)
@ -155,33 +148,19 @@ if(NOT _gss_FOUND) # Not found by pkg-config. Let us take more traditional appr
cmake_push_check_state()
list(APPEND CMAKE_REQUIRED_INCLUDES "${_gss_INCLUDE_DIRS}")
check_include_files("gssapi/gssapi_generic.h;gssapi/gssapi_krb5.h" _gss_have_mit_headers)
cmake_pop_check_state()
if(_gss_have_mit_headers)
set(GSS_FLAVOUR "MIT")
else()
# Prevent compiling the header - just check if we can include it
list(APPEND CMAKE_REQUIRED_DEFINITIONS "-D__ROKEN_H__")
check_include_file("roken.h" _gss_have_roken_h)
check_include_file("heimdal/roken.h" _gss_have_heimdal_roken_h)
if(_gss_have_roken_h OR _gss_have_heimdal_roken_h)
set(GSS_FLAVOUR "Heimdal")
endif()
endif()
cmake_pop_check_state()
else()
# I am not convinced if this is the right way but this is what autotools do at the moment
find_path(_gss_INCLUDE_DIRS NAMES "gssapi.h" HINTS ${_gss_root_hints} PATH_SUFFIXES "include" "inc")
find_path(_gss_INCLUDE_DIRS NAMES "gss.h" HINTS ${_gss_root_hints} PATH_SUFFIXES "include")
if(_gss_INCLUDE_DIRS)
set(GSS_FLAVOUR "Heimdal")
else()
find_path(_gss_INCLUDE_DIRS NAMES "gss.h" HINTS ${_gss_root_hints} PATH_SUFFIXES "include")
if(_gss_INCLUDE_DIRS)
set(GSS_FLAVOUR "GNU")
set(GSS_PC_REQUIRES "gss")
endif()
set(GSS_FLAVOUR "GNU")
set(GSS_PC_REQUIRES "gss")
endif()
endif()
@ -201,35 +180,32 @@ if(NOT _gss_FOUND) # Not found by pkg-config. Let us take more traditional appr
list(APPEND _gss_libdir_suffixes "lib/AMD64")
if(GSS_FLAVOUR STREQUAL "GNU")
set(_gss_libname "gss")
elseif(GSS_FLAVOUR STREQUAL "MIT")
else() # MIT
set(_gss_libname "gssapi64")
else()
set(_gss_libname "libgssapi")
endif()
else()
list(APPEND _gss_libdir_suffixes "lib/i386")
if(GSS_FLAVOUR STREQUAL "GNU")
set(_gss_libname "gss")
elseif(GSS_FLAVOUR STREQUAL "MIT")
else() # MIT
set(_gss_libname "gssapi32")
else()
set(_gss_libname "libgssapi")
endif()
endif()
else()
list(APPEND _gss_libdir_suffixes "lib;lib64") # those suffixes are not checked for HINTS
if(GSS_FLAVOUR STREQUAL "GNU")
set(_gss_libname "gss")
elseif(GSS_FLAVOUR STREQUAL "MIT")
else() # MIT
set(_gss_libname "gssapi_krb5")
else()
set(_gss_libname "gssapi")
endif()
endif()
find_library(_gss_LIBRARIES NAMES ${_gss_libname} HINTS ${_gss_libdir_hints} PATH_SUFFIXES ${_gss_libdir_suffixes})
endif()
endif()
if(NOT GSS_FLAVOUR)
message(FATAL_ERROR "GNU or MIT GSS is required")
endif()
else()
# _gss_MODULE_NAME set since CMake 3.16.
# _pkg_check_modules_pkg_name is undocumented and used as a fallback for CMake <3.16 versions.
@ -240,8 +216,7 @@ else()
set(GSS_FLAVOUR "MIT")
set(GSS_PC_REQUIRES "mit-krb5-gssapi")
else()
set(GSS_FLAVOUR "Heimdal")
set(GSS_PC_REQUIRES "heimdal-gssapi")
message(FATAL_ERROR "GNU or MIT GSS is required")
endif()
message(STATUS "Found GSS/${GSS_FLAVOUR} (via pkg-config): ${_gss_INCLUDE_DIRS} (found version \"${_gss_version}\")")
endif()
@ -254,25 +229,8 @@ set(GSS_LIBRARY_DIRS ${_gss_LIBRARY_DIRS})
set(GSS_CFLAGS ${_gss_CFLAGS})
set(GSS_VERSION ${_gss_version})
if(GSS_FLAVOUR)
if(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "Heimdal")
if(CMAKE_SIZEOF_VOID_P EQUAL 8)
set(_heimdal_manifest_file "Heimdal.Application.amd64.manifest")
else()
set(_heimdal_manifest_file "Heimdal.Application.x86.manifest")
endif()
if(EXISTS "${GSS_INCLUDE_DIRS}/${_heimdal_manifest_file}")
file(STRINGS "${GSS_INCLUDE_DIRS}/${_heimdal_manifest_file}" _heimdal_version_str
REGEX "^.*version=\"[0-9]\\.[^\"]+\".*$")
string(REGEX MATCH "[0-9]\\.[^\"]+" GSS_VERSION "${_heimdal_version_str}")
endif()
if(NOT GSS_VERSION)
set(GSS_VERSION "Heimdal Unknown")
endif()
elseif(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "MIT")
if(NOT GSS_VERSION)
if(GSS_FLAVOUR STREQUAL "MIT")
if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.24)
cmake_host_system_information(RESULT _mit_version QUERY WINDOWS_REGISTRY
"HKLM/SOFTWARE/MIT/Kerberos/SDK/CurrentVersion" VALUE "VersionString")
@ -285,7 +243,7 @@ if(GSS_FLAVOUR)
else()
set(GSS_VERSION "MIT Unknown")
endif()
elseif(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "GNU")
else() # GNU
if(GSS_INCLUDE_DIRS AND EXISTS "${GSS_INCLUDE_DIRS}/gss.h")
set(_version_regex "#[\t ]*define[\t ]+GSS_VERSION[\t ]+\"([^\"]*)\"")
file(STRINGS "${GSS_INCLUDE_DIRS}/gss.h" _version_str REGEX "${_version_regex}")

40
CMakeLists.txt
View File

@ -1442,36 +1442,36 @@ if(CURL_USE_GSSAPI)
if(GSS_FLAVOUR STREQUAL "GNU")
set(HAVE_GSSGNU 1)
else()
else() # MIT
cmake_push_check_state()
list(APPEND CMAKE_REQUIRED_INCLUDES "${GSS_INCLUDE_DIRS}")
set(_include_list "")
check_include_file("gssapi/gssapi.h" HAVE_GSSAPI_GSSAPI_H)
if(HAVE_GSSAPI_GSSAPI_H)
list(APPEND _include_list "gssapi/gssapi.h")
endif()
check_include_files("${_include_list};gssapi/gssapi_generic.h" HAVE_GSSAPI_GSSAPI_GENERIC_H)
if(GSS_FLAVOUR STREQUAL "MIT")
check_include_files("${_include_list};gssapi/gssapi_krb5.h" _have_gssapi_gssapi_krb5_h)
if(HAVE_GSSAPI_GSSAPI_GENERIC_H)
list(APPEND _include_list "gssapi/gssapi_generic.h")
endif()
if(_have_gssapi_gssapi_krb5_h)
list(APPEND _include_list "gssapi/gssapi_krb5.h")
endif()
if(NOT DEFINED HAVE_GSS_C_NT_HOSTBASED_SERVICE)
string(APPEND CMAKE_REQUIRED_FLAGS " ${GSS_CFLAGS}")
list(APPEND CMAKE_REQUIRED_LIBRARIES "${GSS_LIBRARIES}")
curl_required_libpaths("${GSS_LIBRARY_DIRS}")
check_symbol_exists("GSS_C_NT_HOSTBASED_SERVICE" "${_include_list}" HAVE_GSS_C_NT_HOSTBASED_SERVICE)
endif()
if(NOT HAVE_GSS_C_NT_HOSTBASED_SERVICE)
set(HAVE_OLD_GSSMIT ON)
endif()
check_include_files("${_include_list};gssapi/gssapi_krb5.h" _have_gssapi_gssapi_krb5_h)
if(HAVE_GSSAPI_GSSAPI_GENERIC_H)
list(APPEND _include_list "gssapi/gssapi_generic.h")
endif()
if(_have_gssapi_gssapi_krb5_h)
list(APPEND _include_list "gssapi/gssapi_krb5.h")
endif()
if(NOT DEFINED HAVE_GSS_C_NT_HOSTBASED_SERVICE)
string(APPEND CMAKE_REQUIRED_FLAGS " ${GSS_CFLAGS}")
list(APPEND CMAKE_REQUIRED_LIBRARIES "${GSS_LIBRARIES}")
curl_required_libpaths("${GSS_LIBRARY_DIRS}")
check_symbol_exists("GSS_C_NT_HOSTBASED_SERVICE" "${_include_list}" HAVE_GSS_C_NT_HOSTBASED_SERVICE)
endif()
if(NOT HAVE_GSS_C_NT_HOSTBASED_SERVICE)
set(HAVE_OLD_GSSMIT ON)
endif()
unset(_include_list)
cmake_pop_check_state()
endif()

2
RELEASE-NOTES
View File

@ -102,7 +102,6 @@ This release includes the following bugfixes:
o httpsrr: free old pointers when storing new [57]
o INSTALL-CMAKE.md: document useful build targets [215]
o INTERNALS: drop Winsock 2.2 from the dependency list [162]
o INTERNALS: specify minimum version for Heimdal: 7.1.0 [158]
o ip-happy: do not set unnecessary timeout [95]
o ip-happy: prevent event-based stall on retry [155]
o krb5: return appropriate error on send failures [22]
@ -448,7 +447,6 @@ References to bug reports and discussions on issues:
[155] = https://curl.se/bug/?i=18815
[156] = https://curl.se/bug/?i=18893
[157] = https://curl.se/bug/?i=18806
[158] = https://curl.se/bug/?i=18809
[159] = https://curl.se/bug/?i=18924
[160] = https://curl.se/bug/?i=18810
[161] = https://curl.se/bug/?i=18749

17
configure.ac
View File

@ -1840,7 +1840,7 @@ if test x"$want_gss" = xyes; then
gnu_gss=yes
],
[
dnl not found, check Heimdal or MIT
dnl not found, check for MIT
AC_CHECK_HEADERS([gssapi/gssapi.h], [], [not_mit=1])
AC_CHECK_HEADERS(
[gssapi/gssapi_generic.h gssapi/gssapi_krb5.h],
@ -1853,15 +1853,8 @@ if test x"$want_gss" = xyes; then
#endif
])
if test "x$not_mit" = "x1"; then
dnl MIT not found, check for Heimdal
AC_CHECK_HEADER(gssapi.h,
[],
[
dnl no header found, disabling GSS
want_gss=no
AC_MSG_WARN(disabling GSS-API support since no header files were found)
]
)
dnl MIT not found
AC_MSG_ERROR([MIT or GNU GSS library required, but not found])
else
dnl MIT found
dnl check if we have a really old MIT Kerberos version (<= 1.2)
@ -1894,7 +1887,7 @@ fi
if test x"$want_gss" = xyes; then
AC_DEFINE(HAVE_GSSAPI, 1, [if you have GSS-API libraries])
HAVE_GSSAPI=1
curl_gss_msg="enabled (MIT Kerberos/Heimdal)"
curl_gss_msg="enabled (MIT Kerberos)"
link_pkgconfig=''
if test -n "$gnu_gss"; then
@ -1961,8 +1954,6 @@ if test x"$want_gss" = xyes; then
if test -n "$link_pkgconfig"; then
if test -n "$gnu_gss"; then
LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE gss"
elif test "x$not_mit" = "x1"; then
LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE heimdal-gssapi"
else
LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE mit-krb5-gssapi"
fi

2
docs/INSTALL-CMAKE.md
View File

@ -474,7 +474,7 @@ the parent project, ideally in the "extra" find package redirect file:
Available variables:
- `HAVE_GNUTLS_SRP`: `gnutls_srp_verifier` present in GnuTLS.
- `HAVE_GSS_C_NT_HOSTBASED_SERVICE`: `GSS_C_NT_HOSTBASED_SERVICE` present in GSS/Heimdal/Kerberos.
- `HAVE_GSS_C_NT_HOSTBASED_SERVICE`: `GSS_C_NT_HOSTBASED_SERVICE` present in GSS/Kerberos.
- `HAVE_LDAP_INIT_FD`: `ldap_init_fd` present in LDAP library.
- `HAVE_LDAP_URL_PARSE`: `ldap_url_parse` present in LDAP library.
- `HAVE_OPENSSL_SRP`: `SSL_CTX_set_srp_username` present in OpenSSL (or fork).

1
docs/INTERNALS.md
View File

@ -36,7 +36,6 @@ versions of libs and build tools.
- wolfSSL 3.4.6
- OpenLDAP 2.0
- MIT Kerberos 1.2.4
- Heimdal 7.1.0
- nghttp2 1.15.0
## Build tools

15
docs/KNOWN_BUGS
View File

@ -38,7 +38,6 @@ problems may have been fixed or changed somewhat since this was written.
5.2 curl-config --libs contains private details
5.3 LDFLAGS passed too late making libs linked incorrectly
5.6 Cygwin: make install installs curl-config.1 twice
5.11 configure --with-gssapi with Heimdal is ignored on macOS
5.12 flaky CI builds
5.13 long paths are not fully supported on Windows
5.15 Unicode on Windows
@ -49,7 +48,6 @@ problems may have been fixed or changed somewhat since this was written.
6.5 NTLM does not support password with Unicode 'SECTION SIGN' character
6.6 libcurl can fail to try alternatives with --proxy-any
6.7 Do not clear digest for single realm
6.8 Heimdal memory leaks
6.9 SHA-256 digest not supported in Windows SSPI builds
6.10 curl never completes Negotiate over HTTP
6.11 Negotiate on Windows fails
@ -238,12 +236,6 @@ problems may have been fixed or changed somewhat since this was written.
https://github.com/curl/curl/issues/8839
5.11 configure --with-gssapi with Heimdal is ignored on macOS
... unless you also pass --with-gssapi-libs
https://github.com/curl/curl/issues/3841
5.12 flaky CI builds
We run many CI builds for each commit and PR on github, and especially a
@ -342,13 +334,6 @@ problems may have been fixed or changed somewhat since this was written.
https://github.com/curl/curl/issues/3267
6.8 Heimdal memory leaks
Running test 2077 and 2078 with curl built to do GSS with Heimdal causes
valgrind errors (memory leak).
https://github.com/curl/curl/issues/14446
6.9 SHA-256 digest not supported in Windows SSPI builds
Windows builds of curl that have SSPI enabled use the native Windows API calls

4
docs/TODO
View File

@ -496,8 +496,8 @@
4.6 GSSAPI via Windows SSPI
In addition to currently supporting the SASL GSSAPI mechanism (Kerberos V5)
via third-party GSS-API libraries, such as Heimdal or MIT Kerberos, also add
support for GSSAPI authentication via Windows SSPI.
via third-party GSS-API libraries, such as MIT Kerberos, also add support
for GSSAPI authentication via Windows SSPI.
4.7 STAT for LIST without data connection