Since more than one handle can be removed in a single call to
multi_runsingle(), we cannot easily continue on the next node when a
node has been removed since that node migth ALSO have been removed.
Reported-by: Philippe Antoine
Closes#16588
Without this, any usage of sendbuf_hds_len on a retried request is
wrong. We noticed by getting debug callbacks with incorrect header len.
We did not figure out how to trigger the retries in a test environment
though.
Closes#16573
No longer ignore the `--ciphers` argument in gnutls curl builds, but use
it to set the gnutls priority string.
When the set ciphers start with '+', '-' or '!', it is *appended* to the
curl generated priority string. Otherwise it replaces the curl one
completely.
Add test_17_18 to check various combinations.
Closes#16557
nghttp2 will on its own send GOAWAY frames, closing the connection, when
internal processing of frames runs into errors. This may not become
visible in a direct error code from a call to nghttp2.
Check for session being closed on ingress processing (on sending, we
already did that) and report an error if so. In addition, monitor
outgoing GOAWAY not initiated by us so that the user will get a fail
message when that happens.
Add some more long response header tests.
Closes#16544
When the server sends HEADER/CONTINUATION frames that exceed nghttp2's
size, this error is being reported via the on_invalid_frame_recv
callback. Without registering there, it will go unnoticed.
RST the stream when such a frame is encountered.
Closes#16544
We send a GOAWAY, but some servers ignore that and happily continue
sending the stream response. RST the stream when response header errors
are encountered.
Fixes#16535
Reported-by: Peng-Yu Chen
Closes#16544
This change:
- Breaks out the existing print out of the LIBSSH2_DEBUG compile-time
flag
- Adds (single) quotation marks around the string to better expose the
actual value
- Adds a NULL print if not set, mirroring other verbose prints in
libssh2
Why was this done?
I was trying out the `sftp` option in `curl`, and found myself hitting
an issue where I was not able to get curl to tell me which username it
was using to connect to a host.
With this change, the `User: ` line is printed with `-v`, just like
other SSH verbose prints.
Instead of using the pattern used with *SSH MD5 public key*, where a
ternary is used to print `NULL` on NULL values, it is using a different
branch to add quotes around the string value.
The quotes around the string value are used to better expose to the user
an empty string value, compared to "no-value".
Closes#16430
- cf-h1-proxy: check return code and return error if the parser fails
- http: make the Retry-After parser check for a date string first then
number to avoid mis-parsing the begining of a date as a number
Closes#16548
- Explain ftp_conn's newhost and newport in the struct definition.
Follow-up to 1485e892 which changed the order of some struct members to
reduce struct size.
Closes https://github.com/curl/curl/pull/16538
`data->id` is unique in the same connection pool, but a multi may
involved more than one pool. `data->mid` is unique inside the multi and
since multi_ev lives inside one multi, the `mid` is the right thing to
use.
Closes#16545
With this change, the argument passed to the CURLOPT_FOLLOWLOCATION
option is now instead a "mode" instead of just a boolean. Documentation
is extended to describe the two new modes.
Test 1571 to 1581 verify.
Closes#16473
- replace several ISSPACE() with ISBLANK(), since the former also skips
CR and LF which in most cases should not occur where this macro is
used
- after this commit, there is no ISSPACE() user left in libcurl code, but
unfortunately tool and test code use the macro so it cannot be removed.
Closes#16520
This is a partial fix of #16535. The error message format is borrowed
from the existing code[1].
Sample message before:
curl: (56) process_pending_input: nghttp2_session_mem_recv() returned -902:The user callback function failed
Sample message after:
curl: (56) Error receiving HTTP2 header: 100(A value or data field grew larger than allowed)
[1]: df672695e5/lib/http2.c (L1999-L2000)Closes#16536
Further testing with timeouts in event based processing revealed that
our current shutdown handling in the connection pool was not clear
enough. Graceful shutdowns can only happen inside a multi handle and it
was confusing to track in the code which situation actually applies. It
seems better to split the shutdown handling off and have that code
always be part of a multi handle.
Add `cshutdn.[ch]` with its own struct to maintain connections being
shut down. A `cshutdn` always belongs to a multi handle and uses that
for socket/timeout monitoring.
The `cpool`, which can be part of a multi or share, either passes
connections to a `cshutdn` or terminates them with a one-time, best
effort.
Add an `admin` easy handle to each multi and share. This is used to
perform all maintenance operations where no "real" easy handle is
available. This solves the problem that the multi admin handle requires
some additional initialisation (e.g. timeout list).
The share needs its admin handle as it is often cleaned up when no other
transfer or multi handle exists any more. But we need a `data` in almost
every call.
Fix file:// handling of errors when adding a new connection to the pool.
Changes in `curl` itself:
- for parallel transfers, do not set a connection pool in the share,
rely on the multi's connection pool instead. While not a requirement
for the new `cshutdn` to work, this is
a) helpful in testing to trigger graceful shutdowns
b) a broader code coverage of libcurl via the curl tool
- on test_event with uv, cleanup the multi handle before returning from
parallel_event(). The uv struct is on the stack, cleanup of the multi
later will crash when it tries to register sockets. This is a "eat
your own dogfood" related fix.
Closes#16508
To make sure we store and use the correct port used for this particular
lookup.
Partial revert of 8ded8e5f3fFixes#16531
Reported-by: Jay Satiro
Closes#16532
Add a standalong hash table for curl_offt_t as key. This allows a
smaller memory footprint and faster lookups as we do not need to deal
with variable key lengths.
Use in all places we had the standard hash for this purpose.
Closes#16442
Fixes#16249
Forwarded-to-us-by: Carlos Henrique Lima Melara
Always use `gnutls_certificate_set_x509_key_file2()` for loading keys
and certificates, even without a password, since this function support
pkcs11 urls.
Thanks to @tatsuhiro-t for finding this out.
Help-by: Tatsuhiro Tsujikawa
Closes#16472
- fix redirect from file:// URL with query part
- find_host_sep() simplify
- urlencode_str() simplify
- redirect_url() simplify
- made more const char *
- add more redirect URL test cases to test 1560
Closes#16498
- GHA/windows/WinCE:
- set `-O3 -DNDEBUG` C flags manually for the CMake mingw32ce build.
CMake doesn't recognize the platform and fails to add them. To match
autotools (using `-O2`), and hit similar compiler warnings.
- enable parallel builds for cmake.
- tune parallelism for cmake using unity batches.
- tune parallelism for autotools.
Follow-up to 2a292c3984#15975
- tests: fix potentially uninitialized value in `readline()` in
`getpart.c`. Detected by gcc 4.4.0 `-O2` (Windows CE) jobs:
```
tests/server/getpart.c: In function 'getpart':
tests/server/getpart.c:298: error: 'datalen' may be used uninitialized in this function
```
Ref: https://github.com/curl/curl/actions/runs/13522595237/job/37785147505?pr=16476#step:11:25
Follow-up to 592880a3ca
- vtls_scache: rework returning pointer to avoid compiler warning seen
with `-O3` gcc 4.4.0 builds (Windows CE/schannel):
```
lib/vtls/schannel.c: In function 'schannel_connect_step1':
lib/vtls/vtls_scache.c:975: error: dereferencing pointer 'old_cred.4474' does break strict-aliasing rules
lib/vtls/vtls_scache.c:985: error: dereferencing pointer 'old_cred.4474' does break strict-aliasing rules
lib/vtls/schannel.c:959: note: initialized from here
```
Ref: https://github.com/curl/curl/actions/runs/13523868335/job/37789610845#step:9:25
Follow-up to fa0ccd9f1f#15774Closes#16476
`./configure` mingw32ce builds enable C99 mode automatically, that
triggers compiler warnings in gcc 4.4.0. We initially worked it around
in CI by suppressing the detection of C99 with `ac_cv_prog_cc_c99=no`.
Replace it with automatically silencing the bogus warnings in C99 mode,
for all build systems:
```
lib/ftp.c: In function 'Curl_GetFTPResponse':
lib/ftp.c:726: error: format '%zd' expects type 'signed size_t', but argument 4 has type 'ssize_t'
lib/ws.c: In function 'ws_dec_pass_payload':
lib/ws.c:304: error: format '%zd' expects type 'signed size_t', but argument 3 has type 'ssize_t'
lib/ws.c: In function 'ws_enc_write_head':
lib/ws.c:581: error: format '%zd' expects type 'signed size_t', but argument 3 has type 'long int'
lib/vtls/schannel.c: In function 'schannel_connect_step1':
lib/vtls/schannel.c:1122: error: format '%zd' expects type 'signed size_t', but argument 3 has type 'ssize_t'
lib/vtls/schannel.c: In function 'schannel_connect_step2':
lib/vtls/schannel.c:1311: error: format '%zd' expects type 'signed size_t', but argument 3 has type 'ssize_t'
lib/vtls/schannel.c: In function 'schannel_send':
lib/vtls/schannel.c:1793: error: format '%zd' expects type 'signed size_t', but argument 3 has type 'ssize_t'
lib/vtls/schannel.c:1810: error: format '%zd' expects type 'signed size_t', but argument 3 has type 'ssize_t'
lib/vtls/schannel.c: In function 'schannel_shutdown':
lib/vtls/schannel.c:2286: error: format '%zd' expects type 'signed size_t', but argument 4 has type 'ssize_t'
lib/vtls/vtls.c: In function 'ssl_cf_recv':
lib/vtls/vtls.c:1422: error: format '%zd' expects type 'signed size_t', but argument 5 has type 'ssize_t'
```
Ref: https://github.com/curl/curl/actions/runs/13533841306/job/37821720902?pr=16492#step:9:20
Also: simplify Windows CE job configuration in GHA/windows.
Follow-up to 2a292c3984#15975Closes#16492
- Show verbose message if the CA native import option is set but
the wolfSSL build does not support it.
wolfSSL has to be built with WOLFSSL_SYS_CA_CERTS to import native
CA certificates and that may not be common.
Closes https://github.com/curl/curl/pull/16417
To help applications do the right thing easier, change some enum values
into defines with L suffixes so that they get the corect type (long)
easier when used with curl_easy_setopt(). This also fixes a few of our
own libtests.
To reduce the risk that this change breaks the compile for any existing
users, the previously provided enums are still provided, but the values
to use are not defined by the enums.
This change "magically" fixes a few RTSP test failures we have had on
64-bit platforms because those options were not see using longs
properly.
Closes#16482
This allows you to use the `certs` and `num_certs` writeout variables in
the curl tool, and getting information about the server certificates
using CURLINFO_CERTINFO.
Closes#16459
curl requires Windows XP since 2023. Drop version detection code using
`GetVersionEx()` aimed to support earlier Windows versions. With that
call deleted, the embedded manifest in `curl.rc` becomes unnecessary.
Delete it too, along with the enabler logic in build systems.
This allows to stop forcing `/MANIFEST:NO` for MSVC builds. Dropping it
fixes VS2008 shared builds, that require an auto-generated SxS
(side-by-side assembly) manifest to find their CRT DLLs. This was the
issue that prevented VS2008 `curl.exe` launching on AppVeyor CI:
```
src/curl.exe: error while loading shared libraries: ?: cannot open shared object file: No such file or directory
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/51577006/job/eitypvwlb1rxr11d#L261
FWIW the `curl.rc` embedded manifest wasn't ever enabled for VS2008 CI
builds either, because CMake did not pass our custom macro via
`CMAKE_RC_FLAGS` to `rc.exe`. For reasons I could not figure out.
After this patch the curl build no longer inject its own manifest, and
lets the default be applied by linkers and toolchains. It fixes VS2008
shared builds. curl continues to detect the real Windows version via
`RtlVerifyVersionInfo()` from `ntdll`.
Follow-up to 960d601481#12225
Follow-up to 5044909ca2#7810
Follow-up to ebd213270a#1221
Ref: #15972
Cherry-picked from #16394Closes#16453
Enable TLS Early Data for wolfSSL:
- merge WOLFSSL_CTX and WOLFSSL setup from ngtcp2 with the general
implemenation in wolfssl.c
- enable for QUIC via ngtcp2
- give Curl_vquic_tls_init() a `struct alpn_spec` like used for the TCP
case. Adapt gnutls and other users.
- enable pytest test cases for early data with wolfSSL
and while this messes up wolfssl.c anyway, do
- rename all struct/functions with prefix 'wolfssl_' to 'wssl_' to not
pollute that name prefix
- rename `ctx/handle` to `ssl_ctx/ssl`, as used in openssl case
Closes#16167
- make it only accept version 1.0, as that is the version curl supports
- convert the parser to use strparse
- the status code max is now 999, but it does allow != 3 digits
Closes#16435
Rework the event based handling of transfers and connections to
be "localized" into a single source file with clearer dependencies.
- add multi_ev.c and multi_ev.h
- add docs/internal/MULTI-EV.md to explain the overall workings
- only do event handling book keeping when the socket callback
is set
- add handling for "connection only" event tracking, when internal
easy handles are used that are not really tied to a connection.
Used in connection pool.
- remove transfer member "last_poll" and connections "shutdown_poll"
and keep all that internal to multi_ev.c
- add CURL_TRC_M() for tracing of "multi" related things, including
event handling and connection pool operations. Add new trace
feature "multi" for trace config.
multi traces will show exactly what is going on in regard to
event handling.
- multi: trace transfers "mstate" in every CURL_TRC_M() call
- make internal trace buffer 2048 bytes and end the silliness
with +n here -m there. Adjust test 1652 expectations of resulting
length and input edge cases.
- add trace feature "lib-ids" to perfix libcurl traces with transfer
and connection ids. Useful for debugging libcurl applications.
Closes#16308
When running curl event based, connect attempts stalled as the 'done'
check was using the wrong state in gnutls.
Add event based pytest runs to all http3 jobs and the openssl and
mbedtls ones on linux.
Closes#16423
