via env `CURL_TEST_SSH_KEYALGO`, `rsa` (default), `ecdsa`, `ed25519`.
To ease debugging and testing and to make these code paths more
universal.
Closes#21223
- vms/curlmsg_vms.h: delete unused/commented code.
- vtls/schannel_verify: sort includes.
- typecheck-gcc.h: fix indent and alignment.
- lib/config-win32.h: drop idle `#undef`.
- spacecheck: check for stray empty lines before after curly braces.
- make literals more readable: 1048576 -> 1024 * 1024
- scope variables.
- use ISO date in a comment.
- drop redundant parentheses.
- drop empty comments.
- unfold lines.
- duplicate/stray spaces in comments.
- fix indent, whitespace, minor typos.
Closes#20690
- drop stray duplicate empty lines in docs, scripts, test data, include,
examples, tests.
- drop duplicate PP parenthesis.
- curl-functions.m4: move literals to the right side in if expressions,
to match rest of the source code.
- FAQ.md: delete language designator from an URL.
- packages: apply clang-format (OS400, VMS).
- scripts/schemetable.c: apply clang-format.
- data320: delete duplicate empty line that doesn't change the outcome.
- spacecheck: extend to check for duplicate empty lines
(with exceptions.)
- fix whitespace nits
Closes#19936
Change Unix domain socket paths from `/tmp/curl-socksd-<random>` to
`/drive/path/to/LOGDIR/PIDDIR/*-uds` to avoid having to create and
delete them before use. Also to use a path which remains an absolute one
while passed from MSYS2 Perl to native Windows curl tool and test server
via the command-line, and keep pointing to the same location, fixing:
```
=== Start of file commands.log
../src/curl.exe -q --output log/3/curl1468.out --include --trace-ascii log/3/trace1468
--trace-time http://this.is.a.host.name:64405/1468
--proxy socks5h://localhost/tmp/curl-socksd-YnbvRo98 [...]
=== End of file commands.log
=== Start of file socks2_server.log
[...]
14:11:54.597968 Listening on Unix socket D:/a/_temp/msys64/tmp/curl-socksd-YnbvRo98
```
Ref: https://github.com/curl/curl/actions/runs/19896583933/job/57028545111?pr=19812
The curl tool is pending #19825 to fix accepting an absolute unix domain
socket path on Windows.
Assisted-by: Viktor Szakats
Closes#19810
There remain some false positives, hits in test data, and `dir` use,
around 100 issues in total.
There is no plan to enforce badwords on tests.
Also:
- badwords.txt: let a few `manpage[s]` occurrences through
(in Perl code).
Closes#19541
Add script to run all Perl sources through `perl -c` to ensure no
issues, and run this script via GHA/checksrc in CI.
Fallouts:
- fix two repeated declarations.
- move `shell_quote()` from `testutil.pm` to `pathhelp.pm`, to
avoid circular dependency in `globalconfig.pm`.
Closes#18745
Only actually needed servers should be listed and none is then implied
if no servers are listed.
Outputs a warning if "none" is still set as a server.
Closes#18466
`Time::HiRes` was already used unconditionally before this patch in
`servers.pm`. This package, and functions used by runtests (`sleep` and
`gettimeofday`) are supported by the minimum Perl version required for
curl:
https://perldoc.perl.org/5.8.0/Time::HiRes
- Drop the `portable_sleep()` wrapper in favor of `Time::HiRes::sleep()`.
- Use `Time::HiRes` unconditionally in `serverhelp.pm`.
- Stop using the `Win32` package where available. It was included
to provide a Windows fallback for `Time::HiRes::sleep()`. It was never
actually called, but the dependency may have loaded `Win32.dll`, which
often appears in failed fork operations in GHA logs.
Ref: a6fed41f6f#5054#5034
Ref: https://github.com/curl/curl/discussions/14854Closes#18287
Some tests make a hard-coded call to the libtest binary in the precheck
step. With bundle builds the binary changed name and calling convention.
Before this patch these tests failed the pre-check and did not run for
the 5 affected tests: 518, 537, 678, 1517, 1960
Fixing, e.g.:
```
test 1517 SKIPPED: precheck command error
```
https://github.com/curl/curl/actions/runs/16611990422/job/46996698437?pr=18039#step:13:4832
It also fixes builds with a custom `CURL_DIRSUFFIX` set.
Follow-up to 2c27a67daa#17590
Follow-up to 71cf0d1fca#14772Closes#18099
Some CI tests fail due to "Can't start ssh server due to lack of USER name" -
add more ways to try to figure it out if no environment variable works: the
whoami and id commands.
Closes#17544
Fix all lookups of the port a server is using by
- unlinking the portfile before the start
- waiting `timeout` seconds for the port file to exist
and contain a positive number
- check results and fail server start when port could
not be determined
Closes#17516
If there were two tests using the "https-mtls" server there was a perl
unbound variable error, since certfile wan't set. Additionally, once the
responsiveserver function was actually called, it failed finding a
responsiveness function. For now I made it use the `verifypid` function,
since the curl execution in `verifyhttp` doesn't know about client
certificates.
Closes#17493
When running under load, a started server may not produce a valid portfile
before the runner starts reading it. If the read is not successful, wait
for 100ms and try again, timing out after 15 seconds.
Fixes#17492Closes#17495
Currently the DNS server only responds to A and AAAA queries. It always
responds with a fixed response: the localhost address. Three times.
It should work fine over either IPv4 or IPv6, but I don't think it
matters much for curl testing.
The idea is to allow curl tests to use "normal" DNS hostnames (using the
normal name resolving code paths) and still use the local test servers.
This setup currently only works if curl is built with c-ares because
redirecting DNS requests to our test server when using getaddrinfo() is
not easy.
This should be extended to respond to HTTPS queries as well to allow
more testing there, as c-ares is always used for that.
Test 2102 is the first test using this.
Closes#17015
To allow configuring paths styles for SCP and SFTP servers separately.
- make `scp://` URLs use `%SCP_PWD` (was: `%SSH_PWD`).
- make `%SCP_PWD` equal to `%POSIX_PWD`.
To fix test 3022 with OpenSSH-Windows 9.8.0 server.
The fix works on a local machine. Remains broken in CI.
Before this patch, it was equal to `%FILE_PWD` when using
OpenSSH-Windows, otherwise it was `%POSIX_PWD`.
Notice that no matter what path-style we pass, test 3022
was and still is broken with earlier OpenSSH-Windows versions.
(as tested with 9.5.0, 9.5.0-beta20240403, 8.0.0.1)
- rename rest of `%SSH_PWD` uses to `%SFTP_PWD`.
- drop unused `%POSIX_PWD`.
- GHA/windows: test with OpenSSH-Windows server again.
In the LibreSSL MSVC job. This job is short enough to fit the slow
install of the built-in OpenSSH-Windows tools, if needed.
Follow-up to 1abb087a9c#5298
Ref: #16803Closes#17041
Since we start the server on our own port we know the server running is
us. By removing unnecessary verification we speed up tests a little.
Closes#17005
- test2088 verifies that mutual tls works
This adds a new certificate to generate which has the clientAuth key
usage enabled, and uses it to connect to a https-mtls server.
Closes#16923
Before this patch the curl repository and source tarball distribution
contained test certificates as binary blobs. Used by runtests.
Drop these certificates in favor of generating them dynamically as
part of the build process. Both via autotools and CMake.
As part of this, improve certificates, the generator script and process,
file layout, and fix any issue to make it work fast and smooth both in
CI and local builds.
Note, cert generator scripts require OpenSSL >=1.0.2
(or LibreSSL >=3.1.0). Generation requires POSIX shell, also with CMake.
Without a POSIX shell tests relying on TLS (and stunnel) will fail.
Details:
- build: generate certs as part of the test run process.
- build, tests: generate certs in the build directory.
- binarycheck: drop concept of known binary files with hashes.
- binarycheck: move binary check logic into spacecheck and drop this
separate checker tool.
- build: fix to clean all cert files.
- autotools: fix to not run leaf cert generators in parallel. To avoid
confusion when updating the revocation database and counter.
- scripts: drop `scripts` subdir, merge two scripts into one,
auto-generate root cert, allow generating multiple leafs at once.
- scripts: switch to EC-256 keys (was: RSA-2048). For key size and perf.
- scripts: drop `-x` echo, text dumps, most other output. To avoid log
noise and make it quicker in CI.
- scripts: make it non-RSA-specific.
- scripts: delete unused code.
- scripts: use POSIX shell shebang. Some envs don't have bash (Alpine).
- scripts: pass test pseudo-secrets via the command-line. To avoid:
```
+ openssl genrsa -out test-ca.key -passout fd:0 2048
Invalid password argument, starting with "fd:"
```
- cmake: fix to launch generator scripts via the detected POSIX shell.
- cmake: fix `build-certs` rule to not depend on `SRPFILES`
(`srp-verifier-*`).
- cmake: drop `EXCLUDE_FROM_ALL` for the cert subdir. It makes
the Visual Studio generator miss to create the `clean-certs`,
`build-certs` targets. No target depend on them, so they don't execute
implicitly anyway. Fixes:
```
MSBUILD : error MSB1009: Project file does not exist.
Switch: clean-certs.vcxproj
```
- cmake: add `VERBATIM USES_TERMINAL` to `build-certs` target.
- GHA/linux: install openssl on Alpine, for the cert generator scripts.
Follow-up to 556f722fe3#16593
Follow-up to fa461b4eff#14486Closes#16824
In the cases observed throughout the last year, `handle64` run once per
test run, but with no action (match or task kill). It did not help with
flakiness and seems redundant.
runtests launched it (if present) in Cygwin/MSYS jobs too, where it
probably shouldn't have, because we have seen no flakiness there. In CI
the tool was present and launched in MSYS2 jobs, but not in Cygwin.
After this patch the "clearlocks" warning remain in the log. They are
consistently appearing once in every MSVC CI log, early in the tests:
```
test 3207 SKIPPED: curl lacks OpenSSL support
[...START-OF-TESTS...]
test 0003...[HTTP POST with auth and contents but with content-length set to 0]
--pd---e--- OK (3 out of 1596, remaining: 17:50, took 1.423s, duration: 00:02)
test 0007...[HTTP with cookie parser and header recording]
--pd--oe--- OK (7 out of 1596, remaining: 07:51, took 1.485s, duration: 00:02)
test 0006...[HTTP with simple cookie send]
--pd---e--- OK (6 out of 1596, remaining: 09:11, took 1.488s, duration: 00:02)
test 0005...[HTTP over proxy]
--pd---e--- OK (5 out of 1596, remaining: 11:03, took 1.491s, duration: 00:02)
CUSTOMBUILD : error : 169: cleardir(log/8/lock) failed [D:\a\curl\curl\bld\tests\test-ci.vcxproj]
test 0001...[HTTP GET]
--pd---e--- OK (1 out of 1596, remaining: 55:34, took 1.466s, duration: 00:02)
test 0004...[Replaced internal and added custom HTTP headers]
```
Ref: https://github.com/curl/curl/actions/runs/13546192228/job/37858323380?pr=16484#step:14:167
Ref: e53523fef0#14859
Ref: 311c31ec8e#6179
Follow-up to 3a8920e5ed#16600Closes#16484
Keep only the generated files needed for tests. Place generated
intermediaries in `tests/certs/gen` where they are ignored by git. No
longer generated `*.dhp` files.
Have a shorter naming scheme: `test-ca` instead of `EdelCurlRoot-ca` and
`test-localhost` instead of `Server-localhost-sv`, etc.
Remove the `stunnel` certificate as it was nearly a duplicate of
`test-localhost`.
No longer copy a generated certificates to `tests/stunnel.pem`. Let test
server default to `certs/test-localhost.pem` instead.
Closes#16593
Support multi-target cmake builds via `CURL_DIRSUFFIX` env. For example:
`export CURL_DIRSUFFIX=Debug/`.
Multi-target generators place their output to `src/<subdir>/`,
`lib/<subdir>/`, `tests/server/<subdir>`, `tests/libtest/<subdir>` and
`tests/unit/<subdir>/` by default. Before this patch, `runtests.pl`
couldn't run on such builds because it expected the binaries under the
their `<subdir>`-less directories. This patch allows to set such subdir
and make `runtests.pl` find the binaries. In CI we use multi-target
builds with tests for MSVC. It also helps Xcode-generator builds, though
in CI we don't have such job running tests.
There may be better solutions to configure this, but passing a custom
value to `runtests.pl` including its subprocesses is somewhat tricky.
The reason the configuration value expects the slash at the end is
because MSYS is automagically expanding the env to a (wrong) absolute
path if the slash is in the front.
Also:
- drop the `-DCMAKE_RUNTIME_OUTPUT_DIRECTORY_*=` workaround from CI.
- replace `resolve` references in tests with a new `%RESOLVE` variable.
It didn't use a filename extension before. After this patch it uses
`exe_ext('TOOL')`. I'm not sure if this is the correct choice vs.
`exe_ext('SRV')`.
- fix `-c` option format in manual.
- fix some whitespace.
Note, in CI we still tweak `CMAKE_RUNTIME_OUTPUT_DIRECTORY_*` in jobs
which share steps between `./configure` and cmake. It's easier that way.
Ref: #15000
Cherry-picked from #16394Closes#16452
In certain Windows configurations, Perl resides under `C:/Program Files`
causing tests to fail when executing Perl. Fix by quoting the command.
Seen in `dl-mingw` jobs when switching to the default `bash` shell
offered by the `windows-latest` runner on GHA.
Also:
- apply the same fix for `valgrind` for consistency.
- make more use of `shell_quote()` when passing the `srcdir` directory
over the command-line. This doesn't come up in CI, but seems like
good practice. There are lots more unquoted arguments and possibly
also commands.
```
-------e--- OK (940 out of 1537, remaining: 00:32, took 0.217s, duration: 00:50)
test 1167...[Verify curl prefix of public symbols in header files]
/C/Program Files/Git/usr/bin/perl -I. -ID:/a/curl/curl/tests returned 127, when expecting 0
1167: exit FAILED
[...]
=== Start of file stderr1167
sh: line 1: /C/Program: No such file or directory
```
Ref: https://github.com/curl/curl/actions/runs/13181757313/job/36794072190?pr=16217#step:13:2107Closes#16220
handle/handle64 requires a literal match with the filenames it's
listing.
Also:
- make handle64 log messages more unique to help text searches.
- update a comment with Windows Perl info.
Cherry-picked from #14949Closes#15436
- add variable for the null device filename and use that in Perl code.
- initialize this variable with `NUL` on native Windows.
- add `%DEV_NULL` variable and use it in tests.
Fixes `The system cannot find the path specified.` messages seen when
running `runtests.pl` with native Windows Perl.
Also adjust code to not break mcedit syntax highlighting.
Cherry-picked from #14949Closes#15098
To ensure Perl invocations within tests call the same Perl binary used
for running the tests, as specified or auto-detected via `PERL` env
(autotools) or `PERL_EXECUTABLE` setting (cmake). Instead of the first
`perl` executable found in `PATH`.)
Cherry-picked from #14949Closes#15097
Before this patch not all tests used `%FILE_PWD` with the `file://`
protocol.
Keep `%PWD` for test1145, to keep it fail on Windows like the test
expects.
Cherry-picked from #14949Closes#15090
Check responsiveness of http/3 server when running.
Also, a test case with http/2 or http/3 server requirement
now implicitly drags in a 'http' server and we need no longer
mention that in testdata.
Closes#15058
This is the %CLIENT6IP variable - but without outmost brackets since
some commmand lines need the address without the brackets. With this
variable we can run three more tests without prechecks.
Closes#15039
- perform torture tests with '-j2' for shorter runtime
- when waiting on test results overly long, log the tests
waited for and eventually log the test log directories
for easier analysis what is wrong in CI jobs.
- sockfilt.c: treat the windows errno 109 (ERROR_BROKEN_PIPE)
as a socket closed by the client and do not exit.
- when verifying https server, do not in addition check
the http server behind it also
- when tearing down the stunnel of a non-responsive https
server, tear down the http server with it
Closes#14960
CI:
- GHA/windows: enable OpenSSH server, SysInternals `handle`, `impacket`.
Skip `impacket` on MSYS2 due to install failure.
Skip OpenSSH server for old/standalone mingw-w64 (building curl
without SSH there.)
- GHA/windows: make test tool installs a separate step.
- GHA/cygwin: enable OpenSSH server.
Skip `impacket`: it's compiling for 7 minutes then breaks.
Skip `stunnel` due to sluggish test run performance.
(This update is unrelated to Azure jobs.)
- GHA/linux: migrate Linux jobs from Azure CI.
- GHA/linux: migrate scanbuild job from Azure CI.
- GHA/linux: enable libssh2 in a job. Also enable valgrind.
- CI/windows: enable SSPI in two jobs.
- CI/windows: disable zlib in one more job.
- CI/windows: improve `if` condition checking GnuTLS.
- CI/windows: ignore SFTP/SCP tests as necessary.
- universally ignore SCP tests, they fail everywhere.
- ignore test 612.
- ignore test 613 616 618 with MSYS2 mingw-w64.
- ignore test 614 with libssh.
- ignore all SFTP with MSYS2 native.
- ignore all SFTP with vcpkg with `libssh2[core,zlib]`.
- ignore a couple of SFTP tests with MSYS2 mingw-w64.
(This matches settings on Azure CI.)
- GHA/windows: ignore failing 1451 'Basic SMB request' test for
old mingw-w64 7.3.0 (but not for 9.5.0!):
```
2024-09-11 21:45:59,738 ERROR smbComNegotiate: b'NT LM 0.12\x00' is not in list
[...]
curl: (7) Could not connect to server
[...]
FAIL 1451: 'Basic SMB request' SMB
```
Ref: https://github.com/curl/curl/actions/runs/10816280746/job/30007130770#step:13:3546
- CI/Azure: delete, now moved to GHA.
sshserver:
- sshserver: fix permissions for SSH host key on Windows, allowing sshd
to launch.
- sshserver: fix initializing config paths with Cygwin/MSYS2 sshd.
- sshserver: fix initializing config paths in parallel builds.
- sshserver: delete redundant `DenyUsers`. This also opens the way
to allow multiple usernames.
- sshserver: fix `AllowUsers` for GHA/windows, by allowing the
domainless username again.
Follow-up to 3ee7c676ec#5721
- sshserver: fix `Deprecated option` warnings in `sshd_config`:
```
D:/a/curl/curl/bld/tests/log/2/server/curl_sshd_config line 7: Deprecated option AuthorizedKeysFile2
D:/a/curl/curl/bld/tests/log/2/server/curl_sshd_config line 25: Deprecated option KeyRegenerationInterval
D:/a/curl/curl/bld/tests/log/2/server/curl_sshd_config line 35: Deprecated option RhostsRSAAuthentication
D:/a/curl/curl/bld/tests/log/2/server/curl_sshd_config line 36: Deprecated option RSAAuthentication
D:/a/curl/curl/bld/tests/log/2/server/curl_sshd_config line 37: Deprecated option ServerKeyBits
D:/a/curl/curl/bld/tests/log/2/server/curl_sshd_config line 41: Deprecated option UseLogin
```
- sshserver: fix `Deprecated option` warnings in `ssh_config` with
Cygwin/MSYS2.
- sshserver: fix dumping config files due to the filenames missing their
full paths.
- sshserver: add workaround to make `logmsg` messages visible.
Before this patch they only went to a file and never shown.
runtests:
- runtests: log details when these Windows commands are called:
`handle`, `taskkill`, `tasklist`.
- runtests: add documentation links to Windows tools:
`handle`, `taskkill`, `tasklist`, `icacls`.
- runtests: add `-t` (kill whole tree) option to `taskkill` in
`servers.pm`, syncing it with the other `taskkill` call.
Follow-up to bc72a78a11#14488
- runtests: show warning if Sysinternals `handle` tool is missing.
- runtests: drop Windows XP Home compatibility `tskill` call.
The call was made on all Windows versions. It's possibly overkill to
do this, because XP Home is probably rarely used for running curl
tests these days. In case it's needed, it'd be better to put it under
an explicit option.
- runtests: show Perl version and path.
Fix/silence fallouts:
- unit2603: fix building with disabled HTTP support.
- unit2604: silence `-Woverlength-strings` warnings in C89 mode.
- test437, test1614: fix to pass with no-IPv6 builds.
Closes#14859
- when server are killed by a test case, do not wait for the server lock
file to go away. These tests are mostly about client timeouts and the
server will hang until killed.
- when killing a server successfully, check for a remaining lock file,
log its existence and remove it.
- lower the delay timings on SLOWDOWN by half
- add SLOWDOWNDATA server command to only slow down the FTP data bytes,
not the control ones.
- lower some timeout values
Closes#14835
- Install stunnel.
- Regenerate certificates (as SecureTransport requires a validity period
less than 398 days).
- Restart server if it is unresponsive.
- Do not hardcode the SHA-256 base64 public pinned key.
- Ignore test 313 as SecureTransport does not support crl file.
- Ignore tests 1631 and 1632 as SecureTransport is not yet able to shut
down FTP over HTTPS gracefully.
- Add a CMake target for generating certificates.
Closes#14486
