- Keep data from a failed download instead of discarding it on retry in
some limited cases when we know it's ok (currently only HTTP 200/206).
Prior to this change on failed transfer the tool truncated any outfile
data written before retrying the transfer. This change adds an exception
for HTTP downloads when the user requested auto-resume, because in that
case we can keep the outfile data and resume from the new position.
Reported-by: tkzv@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/18035
Closes https://github.com/curl/curl/pull/18665
Return error if there is something after the number other than
whitespace and newline.
Allow comma separated numbers and repeated headers as long as the new value is
the same as was set before.
Add test 767 to 771 to verify.
Reported-by: Ignat Loskutov
Fixes#18921Closes#18925
Add infrastructure to colled and dispatch notifications for transfers
and the multi handle in general. Applications can register a callback
and en-/disable notification type the are interested in.
Without a callback installed, notifications are not collected. Same when
a notification type has not been enabled.
Memory allocation failures on adding notifications lead to a general
multi failure state and result in CURLM_OUT_OF_MEMORY returned from
curl_multi_perform() and curl_multi_socket*() invocations.
Closes#18432
This test does active FTP with a socketopt callback that returns error
for the CURLSOCKTYPE_ACCEPT "purpose" to make sure we test and exercise
this error path - without leaks.
Closes#18879
- configure/cmake support for enabling the option
- supported in OpenSSL and GnuTLS backends
- when configured, Apple SecTrust is the default trust store
for peer verification. When one of the CURLOPT_* for adding
certificates is used, that default does not apply.
- add documentation of build options and SSL use
Closes#18703
By introducing wrappers for them in the curlx namespace:
`curlx_fopen()`, `curlx_fdopen()`, `curlx_fclose()`.
The undefine/redefine/`(function)()` methods broke on systems
implementing these functions as macros. E.g. AIX 32-bit's `fopen()`.
Also:
- rename `lib/fopen.*` to `lib/curl_fopen.*` (for `Curl_fopen()`)
to make room for the newly added `curlx/fopen.h`.
- curlx: move file-related functions from `multibyte.c` to `fopen.c`.
- tests/server: stop using the curl-specific `fopen()` implementation
on Windows. Unicode isn't used by runtests, and it isn't critical to
run tests on longs path. It can be re-enabled if this becomes
necessary, or if the wrapper receives a feature that's critical for
test servers.
Reported-by: Andrew Kirillov
Bug: https://github.com/curl/curl/issues/18510#issuecomment-3274393640
Follow-up to bf7375ecc5#18503
Follow-up to 9863599d69#18502
Follow-up to 3bb5e58c10#17827Closes#18634
When there is more than one user-supplied 'Connection: ' header, add
values that curl needs internally to the first one and emit all
subsequent ones thereafter.
Fixes#18662
Reported-by: Evgeny Grin (Karlson2k)
Closes#18686
By appending `:all:[separator]` to the header name. The `[separator]` string
is output between each header value if there are more than one to output.
Test 764 and 765 verify
Idea-by: kapsiR on github
Ref: #18449Closes#18491
It was accidentally broken in commit 0f4c439fc7, shipped since
8.8.0 (May 2024) and yet not a single person has noticed or reported,
indicating that we might as well drop support for FTP Kerberos.
Krb5 support was added in 54967d2a3a (July 2007), and we have
been carrying the extra license information around since then for this
code. This commit removes the last traces of that code and thus we can
remove the extra copyright notices along with it.
Reported-by: Joshua Rogers
Closes#18577
Because parts of the cookie loading happens on transfer start the
in-memory cookie jar risks being incomplete and then a save might
wrongly truncate the target file.
Added test 1902 to verify.
Reported-by: divinity76 on github
Fixes#18621Closes#18622
- When an option name is used in text, this script no longer outputs the
short plus long version in the manpage output. It makes the text much
more readable.
This always showing both verions was previously done primarily to make
sure roffit would linkify it correctly, but since roffit 0.17 it
should link both long or short names correctly.
- When managen outputs generic text about options at the end of the
description it now highlights them properly so that they too get
linkified correctly in the HTML version. For consistency.
Closes#18580
Remove use of pthread_cancel in asnyc threaded resolving. While there
are system where this works, others might leak to resource leakage
(memory, files, etc.). The popular nsswitch is one example where resolve
code can be dragged in that is not prepared.
The overall promise and mechanism of pthread_cancel() is just too
brittle and the historcal design of getaddrinfo() continues to haunt us.
Fixes#18532
Reported-by: Javier Blazquez
Closes#18540
Only actually needed servers should be listed and none is then implied
if no servers are listed.
Outputs a warning if "none" is still set as a server.
Closes#18466
If a string argument is expected and the first two bytes are 0xe2 ex80
and the third has the 7th bit set, that's enough for curl to warn.
Previously we tried to detect and warn only for the unicode double
quote, but users might use single quotes, other quotes or even lead the
argument with one of the "zero widths" characters. This is an attempt to
detect many of those. Without triggering for "normal" IDN hostnames.
Closes#18459
Split out adding of individual request headers into a switch. Check
the connection http version only on fresh connections, use separate
methods.
Add TE: header directly without allocation. Add bit for indicating
Connection: header has been added and custom headers should not do
that again.
Closes#18444
This allows --remote-time to set dates before 1970.
Due to a minor omission in the API, it will still avoid setting the time
if it is indeed exactly epoch 0 (jan 1 1970).
Verified by test 762
Fixes#18424
Reported-by: Terence Eden
Closes#18443
- using {} with single entries makes little sense
- when using {} sets with two entry lists, there can only be 64 to reach
maximum number of URLs
Verify the max check in test 761
To avoid NULL derferences with many outputs and --next.
Follow-up to 034612cd51
Add test 760 to verify
Reported-by: BobodevMm on github
Fixes#18375Closes#18376
Changed strategy to start up and terminate resolver thread.
When starting up:
Start the thread with mutex acquired, wait for signal from thread that
it started and has incremented the ref counter. Thread set
pthread_cancel() to disabled before that and only enables cancelling
during resolving itself. This assure that the ref counter is correct and
the unlinking of the resolve context always happens.
When shutting down resolving:
If ref counting shows thread has finished, join it, free everything. If
thread has not finished, try pthread_cancel() (non Windows), but keep
the thread handle around.
When destroying resolving:
Shutdown first, then, if the thread is still there and 'quick_exit' is
not set, join it and free everything. This might occur a delay if
getaddrinfo() hangs and cannot be interrupted by pthread_cancel().
Destroying resolving happens when another resolve is started on an
easy handle or when the easy handle is closed.
Add test795 to check that connect timeout triggers correctly
when resolving is delayed. Add debug env var `CURL_DNS_DELAY_MS`
to simulate delays in resolving.
Fix test1557 to set `quick_exit` and use `xxx.invalid` as domain
instead of `nothing` that was leading to hangers in CI.
Closes#18263
`runtests.pl` defaults to `-` if a command is not set, since
c43ad0f972.
Also:
- drop a stray `</file>`.
- replace a `nothing` with a guaranteed invalid hostname.
Ref: 4334033b43
- replace unused URLs with `-`.
Closes#18319
When an application install its own OpenSSL verify callback and that
callback invokes `SSL_set_retry_verify()`, the transfer is automatically
paused and does not progress the connect attempt any further until
unpaused via `curl_easy_pause().
Added test758 to verify.
Ref: #18284
Original PR by @Natris
Bug: https://curl.se/mail/lib-2025-08/0012.htmlCloses#18288
Easily triggered when doing an FTP ranged download with the end range
larger than the file size.
A regression since 30de937bda (shipped in curl 8.9.0)
Add test 2307 to verify.
Reported-by: kupavcevdenis on github
Fixes#18283Closes#18295
Add support for CURLOPT_READFUNCTION with WebSocket urls when *not* in
connect-only mode, e.g. when using curl_multi_perform.
Install the callback function and set CURLOPT_UPLOAD. Return
CURL_READFUNC_PAUSE when having nothing more to send and unpause the
transfer when more data is ready.
This will send the read bytes in a WebSocket BINARY frame.
Add support for this mode in the pytest "ws_data" client and have all
tests run in 'curl_ws_send/recv' and 'peform' mode as well.
Add `curl_ws_start_frame()`. Document, cover in libcurl-ws.md and
explain the READFUNCTION mode for websockets.
Add example `websocket-updown` for this.
Closes#17683
in the user home directory.
Before this patch, the curl tool found the system curlrc first, ignoring
the custom one set by the test via `CURL_HOME`.
Closes#18242
Instead of doing malloc/free every time and "manual" buffer population.
This reuses the dynbuf for this purpose for the duration of parsing the
file.
Closes#18230
The GlobalConfig only exists in a single instance and it has worked like
this since the dawn of time. It is about time we stop passing around
pointers to what was already essentially a global object and instead
just use a... global.
It simplifies things.
Closes#18213
curl_easy_reset() did not reset the `rewind_read` flag. This caused any
handles that previously had a CURLE_SEND_FAIL_REWIND error to get stuck
with that error, failing any subsequent requests, even if they didn't
have any body at all.
Verified in test 3034
Fixes#18206Closes#18207
Hold them for half the normal lifetime. Helps when told to transfer N
URLs in quick succession that all use the same non-resolving hostname.
Done by storing a DNS entry with a NULL pointer for 'addr'.
Previously an attempt was made in #12406 by Björn Stenberg that was
ultimately never merged.
Closes#18157
Adds `curl_off_t curl_multi_get_offt(CURLM *multi_handle, CURLMinfo_offt
info)` to the multi interface with enums:
* CURLMINFO_XFERS_CURRENT: current number of transfers
* CURLMINFO_XFERS_RUNNING: number of running transfers
* CURLMINFO_XFERS_PENDING: number of pending transfers
* CURLMINFO_XFERS_DONE: number of finished transfers to read
* CURLMINFO_XFERS_ADDED: total number of transfers added, ever
Add documentation for functions and info enums.
Add use in the curl command line tool to replace two static
variables counting the same "from the outside".
refs #17870Closes#17992
Output the current UTC time using strftime format. %f is an extra curl
specific flag to output the microsecond fraction of the current second.
Verified by test 1981
Closes#18119
Makes curl follow redirects an act on the response code and change a
custom method accordingly, contrary to --location.
Potential future command line to send QUERY and following a redirect
according to the status code:
curl -d "request-body" -X QUERY --follow https://example.com
add test 794,796,797
Assisted-by: Daniel Böhmer <post@daniel-boehmer.de>
Closes#16543
