- asyn-thrdd.c: scope an include.
- apply more clang-format suggestions.
- tidy-up PP guard comments.
- delete empty line from the top of headers.
- add empty line after `curl_setup.h` include where missing.
- fix indent.
- CODE_STYLE.md: add `strcpy`.
Follow-up to 8636ad55df#20088
- lib1901.c: drop unnecessary line.
Follow-up to 436e67f65b#20076Closes#20070
1. With `MBEDTLS_SSL_PROTO_TLS1_2` not enabled, the mbedTLS code was not
able to connect to any server due to broken logic in curl's
`mbed_set_ssl_version_min_max()`. Now it correctly sets the minimum
supported TLS version based on what is compiled in the library.
2. If debugging is enabled, move the debugging enabling earlier in the
`mbed_connect_step1()` so that verbose errors are actually displayed if
failures happen (see the previous point -- it would've made debugging
that issue easier).
3. Remove the constant `mbedtls_x509_crt_profile_fr` and instead use
mbedTLS-included profile `mbedtls_x509_crt_profile_next` with
`mbedtls_ssl_conf_cert_profile()`. This will follow the latest standards
as new mbedTLS versions are released (rather than being stuck-in-time
until someone comes along to fix what was hard-coded here). This has the
immediate benefit of no longer supporting SHA1 certs and insecure RSA
key-lengths (1024). This fix immediately prevents previously possible
MITM attacks (SHA1 hashes and RSA-1024 keys can be forged relatively
easily by nation-state actors and criminal organizations with
deep-pockets).
4. Added [predictive
resistance](https://mbed-tls.readthedocs.io/en/latest/kb/how-to/add-a-random-generator/#enabling-prediction-resistance)
to the random number generator (adding more entropy to the RNG).
5. Split the random number generator into initialization, the actual
random generation, and the "freeing" of the resources. This
significantly reduces the overhead of using the RNG.
6. Removed the separate RNG function in the TLS connect stage (instead
use the "main" one) and remove the ad-hoc threading support. Instead
properly document how to enable threading in mbedTLS. As it was, other
internals of mbedTLS could have race conditions (in the RSA module in
particular) if `MBEDTLS_THREADING_C` was *not* enabled. And if it is
enabled, then these race-conditions cannot happen. And also, if
MBEDTLS_THREADING_C is enabled then the RNG functions [are fully
thread-safe](https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading/).
So, the previous ad-hoc threading support was both partial and broken.
7. Enable support for disabling `MBEDTLS_PEM_PARSE_C`.
8. Add support for `CURLOPT_SSLCERTTYPE` so user can specify `PEM` or
`DER` and get faster execution.
Closes#19983
- drop stray duplicate empty lines in docs, scripts, test data, include,
examples, tests.
- drop duplicate PP parenthesis.
- curl-functions.m4: move literals to the right side in if expressions,
to match rest of the source code.
- FAQ.md: delete language designator from an URL.
- packages: apply clang-format (OS400, VMS).
- scripts/schemetable.c: apply clang-format.
- data320: delete duplicate empty line that doesn't change the outcome.
- spacecheck: extend to check for duplicate empty lines
(with exceptions.)
- fix whitespace nits
Closes#19936
The example code does not use curl_multi_assign(), but its callback
function used socketp (called sockp in the function) to get the struct
priv pointer instead of the correct clientp (cbp).
Reported-by: Greg Hudson
Fixes#19840Closes#19841
A fix for the tests that took the longest:
- test_05: make the server close the HTTP/1.1 connection when
simulating an error during a download. This eliminates waiting
for a keepalive timeout
- test_02: pause tests with slightly smaller documents, eliminate
special setup for HTTP/2. We test stream window handling now
elsewhere already
- cli_hx_download: run look in 500ms steps instead of 1sec, resuming
paused tranfers earlier.
Closes#19809
Remove connection member `waitfor` and keep it in the SSH connection
meta. Add `ssh` to supported tracing features, convert many DEBUGF
printgs to traces.
Closes#19745
Make `port` member in these struct of type `uint16_t`.
add `uint8_t transport` to `struct ip_quadruple
Define TRNSPRT_NONE as 0. By assigning a valid transport only on a
successful connection, it is clear when the ip_quadruple members are
valid. Also, for transports not involving ports, the getinfos for
`CURLINFO_PRIMARY_PORT` and `CURLINFO_LOCAL_PORT` will now always return
-1.
Make all `transport` members and parameters of type `uint8_t`.
Document the return value of `CURLINFO_LOCAL_PORT` and
`CURLINFO_PRIMARY_PORT` in this regard. Add tests that writeout stats
report ports correctly.
Closes#19708
Some public prototypes do not declare return values or out parameters as
const where they should be. Avoid changing the public interface, but
document those values as read-only.
Closes#19692
Based on existing code and commit history it appears
`CURL_DISABLE_INSTALL` means to prevent calling `install()`;
`CURL_ENABLE_EXPORT_TARGET` means to prevent calling `export()` and
`install()`s with `EXPORT` in them.
Fix them to also apply to the lib and src directories in that vain:
- lib: honor `CURL_DISABLE_INSTALL`
- src: honor `CURL_DISABLE_INSTALL`
- src: honor `CURL_ENABLE_EXPORT_TARGET`
https://cmake.org/cmake/help/v4.2/command/install.htmlhttps://cmake.org/cmake/help/v4.2/command/export.html
- `CURL_DISABLE_INSTALL` follow-up to:
aace27b096#12287
- `CURL_ENABLE_EXPORT_TARGET` follow-up to:
8698825106#9638643ec29645#7060Closes#19144
The short descriptions describe the data each info retrieves. The info
itself does not 'get' the data.
This simplifies and shortens the descriptions and make them more
consistent.
Closes#19406
```
docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.md:86:16
docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.md:139:16
```
Also sync `CURL *` and result variable names with rest of docs.
Follow-up to 6d7e924e80#19375Closes#19379
It was mistakenly removed in 8dab7465a5 (shipped in 8.9.0)
Also fix test 1139 which should have detected this but didn't due to a
bad regex check.
Reported-by: Jonathan Cardoso
Fixes#19151Closes#119152
Since CURLM_ is already used as prefix for multi error codes, it makes
it easier to detect and understand the difference between identifiers -
and allows for scripts on the website and elsewhere to separate them
properly.
Follow-up to 53be8166b2Closes#18912
Add infrastructure to colled and dispatch notifications for transfers
and the multi handle in general. Applications can register a callback
and en-/disable notification type the are interested in.
Without a callback installed, notifications are not collected. Same when
a notification type has not been enabled.
Memory allocation failures on adding notifications lead to a general
multi failure state and result in CURLM_OUT_OF_MEMORY returned from
curl_multi_perform() and curl_multi_socket*() invocations.
Closes#18432
This test does active FTP with a socketopt callback that returns error
for the CURLSOCKTYPE_ACCEPT "purpose" to make sure we test and exercise
this error path - without leaks.
Closes#18879
When attempts on all addresses have been started, do no longer set any
EXPIRE_HAPPY_EYEBALLS timeouts.
Fixes#18767
Reported-by: Johannes Schindelin
Closes#18768
