This adds another bitflag on CURLOPT_WS_OPTIONS (CURLWS_NOAUTOPONG) that
disables the default and automatic PONG reply in the WebSocket layer.
Assisted-by: Calvin Ruocco
Closes#16744
Change multi's book keeping of transfers to no longer use lists, but a
special table and bitsets for unsigned int values.
`multi-xfers` is the `uint_tbl` where `multi_add_handle()` inserts a new
transfer which assigns it a unique identifier `mid`. Use bitsets to keep
track of transfers that are in state "process" or "pending" or
"msgsent".
Use sparse bitsets to replace `conn->easyq` and event handlings tracking
of transfers per socket. Instead of pointers, keep the mids involved.
Provide base data structures and document them in docs/internal:
* `uint_tbl`: a table of transfers with `mid` as lookup key,
handing out a mid for adds between 0 - capacity.
* `uint_bset`: a bitset keeping unsigned ints from 0 - capacity.
* `uint_spbset`: a sparse bitset for keeping a small number of
unsigned int values
* `uint_hash`: for associating `mid`s with a pointer.
This makes the `mid` the recommended way to refer to transfers inside
the same multi without risk of running into a UAF.
Modifying table and bitsets is safe while iterating over them. Overall
memory requirements are lower as with the double linked list apprach.
Closes#16761
Currently the DNS server only responds to A and AAAA queries. It always
responds with a fixed response: the localhost address. Three times.
It should work fine over either IPv4 or IPv6, but I don't think it
matters much for curl testing.
The idea is to allow curl tests to use "normal" DNS hostnames (using the
normal name resolving code paths) and still use the local test servers.
This setup currently only works if curl is built with c-ares because
redirecting DNS requests to our test server when using getaddrinfo() is
not easy.
This should be extended to respond to HTTPS queries as well to allow
more testing there, as c-ares is always used for that.
Test 2102 is the first test using this.
Closes#17015
Very similar to 9f8bdd0eae, but affects
e.g. netrc file parsing.
Suggested-by: Graham Christensen <graham@grahamc.com>
Add test 744 to verify
Closes#17036
To allow configuring paths styles for SCP and SFTP servers separately.
- make `scp://` URLs use `%SCP_PWD` (was: `%SSH_PWD`).
- make `%SCP_PWD` equal to `%POSIX_PWD`.
To fix test 3022 with OpenSSH-Windows 9.8.0 server.
The fix works on a local machine. Remains broken in CI.
Before this patch, it was equal to `%FILE_PWD` when using
OpenSSH-Windows, otherwise it was `%POSIX_PWD`.
Notice that no matter what path-style we pass, test 3022
was and still is broken with earlier OpenSSH-Windows versions.
(as tested with 9.5.0, 9.5.0-beta20240403, 8.0.0.1)
- rename rest of `%SSH_PWD` uses to `%SFTP_PWD`.
- drop unused `%POSIX_PWD`.
- GHA/windows: test with OpenSSH-Windows server again.
In the LibreSSL MSVC job. This job is short enough to fit the slow
install of the built-in OpenSSH-Windows tools, if needed.
Follow-up to 1abb087a9c#5298
Ref: #16803Closes#17041
And also require HTTP. Also add `IPv6` to the keywords.
Fixing:
Linux AM openssl !ipv6 !--libcurl:
```
FAIL 1265: 'NO_PROXY with IPv6 numerical address' HTTP, HTTP proxy, http_proxy, NO_PROXY, noproxy
FAIL 1324: 'HTTP with --resolve and [ipv6address]' HTTP, HTTP GET, --resolve
FAIL 2086: 'Pre-request callback for HTTP IPv6' HTTP, IPv6
```
Ref: https://github.com/curl/curl/actions/runs/14378524385/job/40318328714?pr=17012#step:41:3789
Follow-up to a09e49168a#17005Closes#17014
- test2088 verifies that mutual tls works
This adds a new certificate to generate which has the clientAuth key
usage enabled, and uses it to connect to a https-mtls server.
Closes#16923
The fix in b8bd019c6a (#16959) broke the
CURLOPT_HTTP_TRANSFER_DECODING handling, shown in test 319 and curl's
--raw option.
This is a follow-up that restores the functionality.
Enable test 319 again.
Fixes#16974Closes#16984
Made the HTTPS-RR parser a little stricter while at it.
Drop the ALPN escape handling, that was not needed.
Make the hode handle (and ignore) duplicate ALPN entries.
Closes#16972
- allow and ignore "identity" as an encoding
- fail if any other encoder than chunked follows after chunked
- fail on unsolicited encodings - when the server encodes but curl did
not ask for it
Add test 1493 to 1496 to verify.
Disable test 319 as that is now broken: issue #16974
Reported-by: Jonathan Rosa
Fixes#16956Closes#16959
Unify the case, punctuation and name of test case keywords so they can
be more easily selected or skipped when desired. Add a few keywords that
were missing. Fix a couple of typos in test names.
To make it uniform in all tests, and greppability.
Also:
- replace `-k` flag with `-q` in test 1268. (the actual flag doesn't
matter in this test)
- keep `-k` in test 300 to test its short form.
(also verified to fail without a working `-k`)
Closes#16878
This document now lists all previous releases.
This allows us to verify that documentation refers to actual release
versions.
Test 971 now verifies options-in-versions and all command line options
documentation individually. Fixed a few discrepancies.
Test 1488 verifies libcurl options "Added-in" to exist. Fixed a few
discrepancies there as well.
Closes#16907
When multiple headers share the same name, AWS SigV4 expects them to be
merged into a single header line, with values comma-delimited in the
order they appeared.
Add libtest 1978 to verify.
Closes#16743
Instead of via `tests/data/DISABLED` file.
They are all missing CRL feature support, as opposed to being broken.
Follow-up to 8adee8824c#16862
Follow-up to 8b1b5cd4d2#16660Closes#16865
Before this patch the curl repository and source tarball distribution
contained test certificates as binary blobs. Used by runtests.
Drop these certificates in favor of generating them dynamically as
part of the build process. Both via autotools and CMake.
As part of this, improve certificates, the generator script and process,
file layout, and fix any issue to make it work fast and smooth both in
CI and local builds.
Note, cert generator scripts require OpenSSL >=1.0.2
(or LibreSSL >=3.1.0). Generation requires POSIX shell, also with CMake.
Without a POSIX shell tests relying on TLS (and stunnel) will fail.
Details:
- build: generate certs as part of the test run process.
- build, tests: generate certs in the build directory.
- binarycheck: drop concept of known binary files with hashes.
- binarycheck: move binary check logic into spacecheck and drop this
separate checker tool.
- build: fix to clean all cert files.
- autotools: fix to not run leaf cert generators in parallel. To avoid
confusion when updating the revocation database and counter.
- scripts: drop `scripts` subdir, merge two scripts into one,
auto-generate root cert, allow generating multiple leafs at once.
- scripts: switch to EC-256 keys (was: RSA-2048). For key size and perf.
- scripts: drop `-x` echo, text dumps, most other output. To avoid log
noise and make it quicker in CI.
- scripts: make it non-RSA-specific.
- scripts: delete unused code.
- scripts: use POSIX shell shebang. Some envs don't have bash (Alpine).
- scripts: pass test pseudo-secrets via the command-line. To avoid:
```
+ openssl genrsa -out test-ca.key -passout fd:0 2048
Invalid password argument, starting with "fd:"
```
- cmake: fix to launch generator scripts via the detected POSIX shell.
- cmake: fix `build-certs` rule to not depend on `SRPFILES`
(`srp-verifier-*`).
- cmake: drop `EXCLUDE_FROM_ALL` for the cert subdir. It makes
the Visual Studio generator miss to create the `clean-certs`,
`build-certs` targets. No target depend on them, so they don't execute
implicitly anyway. Fixes:
```
MSBUILD : error MSB1009: Project file does not exist.
Switch: clean-certs.vcxproj
```
- cmake: add `VERBATIM USES_TERMINAL` to `build-certs` target.
- GHA/linux: install openssl on Alpine, for the cert generator scripts.
Follow-up to 556f722fe3#16593
Follow-up to fa461b4eff#14486Closes#16824
The base64 sections were added in a time when there was no other way to
do these tests. Now we remove them again to make less "hidden" data in
the test suite.
For several test cases we instead then provide a sequence of binary
octets which is not really better, but I have tried to minimize them.
Closes#16816
- on native Windows (also when using MSYS2 openssh), the group and other
permissions do not end up as requested by Perl's chmod:
```diff
--- log/8/check-expected
+++ log/8/check-generated
@@ -1,3 +1,3 @@
d????????? N U U N ??? N NN:NN asubdir[LF]
--rw?rw?rw? 1 U U 37 Jan 1 2000 plainfile.txt[LF]
+-rw?r-?r-? 1 U U 37 Jan 1 2000 plainfile.txt[LF]
-r-?r-?r-? 1 U U 47 Dec 31 2000 rofile.txt[LF]
```
Ref: https://github.com/curl/curl/actions/runs/14004029192/job/39215359241?pr=16781#step:15:1596
Fix it by ignoring group and other attributes.
- fix failing postprocess cleanup by making the read-only test file
writeable again before deleting it. Fixing:
```
Directory not empty at ../../tests/libtest/test613.pl line 83.
```
(seen on Windows with Git for Windows `perl.exe`)
- unignore in GHA/windows.
Closes#16791
It accidentally worked on all CI-tested operating systems, except on
native Windows.
Fixing:
```
=== Start of file stderr612
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
[...]
curl: (21) rm command failed: Operation failed
```
Ref: https://github.com/curl/curl/actions/runs/14004029192/job/39215359241?pr=16781#step:15:1424
Also remove this test from the ignore list in GHA/windows.
Closes#16801
It was introduced in 294136b754, but not shipped in a release. It
has caused problems and after checking, the browsers don't insist on it
even if RFC 9112 says it is mandatory.
Adjust test 2 to do a response without the space.
Closes#16728
Regression from 597ee915c4 (not shipped in a release)
Reported-by: Carlos Henrique Lima Melara
Assisted-by: Scott Talbert
Added such a cookie to test 31.
Fixes#16692Closes#16703
- if there are pending internal handles left in the list, they are
leftovers (from for example Doh) and must be freed.
- unlink_all_msgsent_handles() did not properly move all msgsent
handles over to the process list as intended
Fixes a DoH memory leak found by oss-fuzz.
Add test 2101 that can reproduce and verify.
Closes#16674
For the case when the connection struct is all setup, the protocol
handler allocates data in its setup_connection function, but the
connection struct is discarded again before used further because a
connection reuse is prefered. Then the handler's disconnect function was
not previously called, which then would lead to a memory leak.
I added test case 698 that reproduces the leak and the fix.
Reported-by: Philippe Antoine
Closes#16604
Keep only the generated files needed for tests. Place generated
intermediaries in `tests/certs/gen` where they are ignored by git. No
longer generated `*.dhp` files.
Have a shorter naming scheme: `test-ca` instead of `EdelCurlRoot-ca` and
`test-localhost` instead of `Server-localhost-sv`, etc.
Remove the `stunnel` certificate as it was nearly a duplicate of
`test-localhost`.
No longer copy a generated certificates to `tests/stunnel.pem`. Let test
server default to `certs/test-localhost.pem` instead.
Closes#16593
With this change, the argument passed to the CURLOPT_FOLLOWLOCATION
option is now instead a "mode" instead of just a boolean. Documentation
is extended to describe the two new modes.
Test 1571 to 1581 verify.
Closes#16473
Further testing with timeouts in event based processing revealed that
our current shutdown handling in the connection pool was not clear
enough. Graceful shutdowns can only happen inside a multi handle and it
was confusing to track in the code which situation actually applies. It
seems better to split the shutdown handling off and have that code
always be part of a multi handle.
Add `cshutdn.[ch]` with its own struct to maintain connections being
shut down. A `cshutdn` always belongs to a multi handle and uses that
for socket/timeout monitoring.
The `cpool`, which can be part of a multi or share, either passes
connections to a `cshutdn` or terminates them with a one-time, best
effort.
Add an `admin` easy handle to each multi and share. This is used to
perform all maintenance operations where no "real" easy handle is
available. This solves the problem that the multi admin handle requires
some additional initialisation (e.g. timeout list).
The share needs its admin handle as it is often cleaned up when no other
transfer or multi handle exists any more. But we need a `data` in almost
every call.
Fix file:// handling of errors when adding a new connection to the pool.
Changes in `curl` itself:
- for parallel transfers, do not set a connection pool in the share,
rely on the multi's connection pool instead. While not a requirement
for the new `cshutdn` to work, this is
a) helpful in testing to trigger graceful shutdowns
b) a broader code coverage of libcurl via the curl tool
- on test_event with uv, cleanup the multi handle before returning from
parallel_event(). The uv struct is on the stack, cleanup of the multi
later will crash when it tries to register sockets. This is a "eat
your own dogfood" related fix.
Closes#16508
This allows you to use the `certs` and `num_certs` writeout variables in
the curl tool, and getting information about the server certificates
using CURLINFO_CERTINFO.
Closes#16459
Support multi-target cmake builds via `CURL_DIRSUFFIX` env. For example:
`export CURL_DIRSUFFIX=Debug/`.
Multi-target generators place their output to `src/<subdir>/`,
`lib/<subdir>/`, `tests/server/<subdir>`, `tests/libtest/<subdir>` and
`tests/unit/<subdir>/` by default. Before this patch, `runtests.pl`
couldn't run on such builds because it expected the binaries under the
their `<subdir>`-less directories. This patch allows to set such subdir
and make `runtests.pl` find the binaries. In CI we use multi-target
builds with tests for MSVC. It also helps Xcode-generator builds, though
in CI we don't have such job running tests.
There may be better solutions to configure this, but passing a custom
value to `runtests.pl` including its subprocesses is somewhat tricky.
The reason the configuration value expects the slash at the end is
because MSYS is automagically expanding the env to a (wrong) absolute
path if the slash is in the front.
Also:
- drop the `-DCMAKE_RUNTIME_OUTPUT_DIRECTORY_*=` workaround from CI.
- replace `resolve` references in tests with a new `%RESOLVE` variable.
It didn't use a filename extension before. After this patch it uses
`exe_ext('TOOL')`. I'm not sure if this is the correct choice vs.
`exe_ext('SRV')`.
- fix `-c` option format in manual.
- fix some whitespace.
Note, in CI we still tweak `CMAKE_RUNTIME_OUTPUT_DIRECTORY_*` in jobs
which share steps between `./configure` and cmake. It's easier that way.
Ref: #15000
Cherry-picked from #16394Closes#16452
This now insists on using a server auth option unless --insecure is
provided. As an added bonus, it now also only checks for the knownhosts
file once (if found).
Ref: #16197Closes#16205
- make it only accept version 1.0, as that is the version curl supports
- convert the parser to use strparse
- the status code max is now 999, but it does allow != 3 digits
Closes#16435
