Jim King [Wed, 18 Jan 2023 16:54:30 +0000 (11:54 -0500)]
openssl: interop with AWS-LC
* Configure changes to detect AWS-LC
* CMakeLists.txt changes to detect AWS-LC
* Compile-time branches needed to support AWS-LC
* Correctly set OSSL_VERSION and report AWS-LC release number
* GitHub Actions script to build with autoconf and cmake against AWS-LC
AWS-LC is a BoringSSL/OpenSSL derivative
For more information see https://github.com/awslabs/aws-lc/
Viktor Szakats [Thu, 30 Mar 2023 08:55:20 +0000 (08:55 +0000)]
cmake: picky-linker fixes for openssl, ZLIB, H3 and more
- fix HTTP/3 support detection with OpenSSL/quictls built with ZLIB.
(Requires curl be built with ZLIB option also.)
- fix HTTP/3 support detection with OpenSSL/quictls/LibreSSL and `ld`
linker on Windows.
- fix HTTP/3 support detection with wolfSSL to automatically add
`ws2_32` to the lib list on Windows. For all linkers.
- reposition ZLIB (and other compression) detection _after_ TLS
detection, but before calling HTTP/3-support detection via
`CheckQuicSupportInOpenSSL`.
This also seems to fix an odd case, where OpenSSL/quictls is correctly
detected, but its header path is not set while compiling, breaking
build at `src/curl_ntlm_core.c`. Reason for this remains undiscovered.
- satisfy "picky" linkers such as `ld` with MinGW, that are highly
sensitive to lib order, by also adding brotli to the beginning of the
lib list.
- satisfy "picky" linkers by adding certain Windows systems libs to
the lib list for OpenSSL/LibreSSL. (Might need additional ones for
other forks, such as `pthread` for BoringSSL.)
Note: It'd make sense to _always_ add `ws2_32`, `crypt32` (except
Windows App targets perhaps?), `bcrypt` (except old-mingw!) on Windows
at this point. They are almost always required, and if some aren't,
they are ignored by the linker with no effect on final binaries.
dengjfzh [Tue, 21 Mar 2023 07:45:59 +0000 (15:45 +0800)]
rtsp: skip malformed RTSP interleaved frame data
Some IP cameras send malformed RTSP interleaved frames sometimes, which
can cause curl_easy_perform return 1 (CURLE_UNSUPPORTED_PROTOCOL). This
change attempts to skip clearly incorrect RTSP interleaving frame data.
Stefan Eissing [Mon, 20 Mar 2023 13:23:53 +0000 (14:23 +0100)]
lib: add `bufq` and `dynhds`
Adding `bufq`:
- at init() time configured to hold up to `n` chunks of `m` bytes each.
- various methods for reading from and writing to it.
- `peek` support to get access to buffered data without copy
- `pass` support to allow buffer flushing on write if it becomes full
- use case: IO buffers for dynamic reads and writes that do not blow up
- distinct from `dynbuf` in that:
- it maintains a read position
- writes on a full bufq return CURLE_AGAIN instead of nuking itself
- Init options:
- SOFT_LIMIT: allow writes into a full bufq
- NO_SPARES: free empty chunks right away
- a `bufc_pool` that can keep a number of spare chunks to
be shared between different `bufq` instances
Adding `dynhds`:
- a straightforward list of name+value pairs as used for HTTP headers
- headers can be appended dynamically
- headers can be removed again
- headers can be replaced
- headers can be looked up
- http/1.1 formatting into a `dynbuf`
- configured at init() with limits on header counts and total string
sizes
- use case: pass a HTTP request or response around without being version
specific
- express a HTTP request without a curl easy handle (used in h2 proxy
tunnels)
- future extension possibilities:
- conversions of `dynhds` to nghttp2/nghttp3 name+value arrays
Ronan Pigott [Tue, 28 Mar 2023 06:24:51 +0000 (23:24 -0700)]
docs/cmdline-opts: document the dotless config path
The real xdg config path is $XDG_CONFIG_HOME/curlrc, without the dot.
The dotless name seems preferable, so let's match the documentation to
the behavior.
Daniel Stenberg [Mon, 27 Mar 2023 11:02:08 +0000 (13:02 +0200)]
dynbuf: never allocate larger than "toobig"
As dynbufs always have a fixed maximum size which they are not allowed
to grow larger than, making sure that it never allocates a larger buffer
makes sure the buffer does not allocate memory that will never be used.
Daniel Stenberg [Sun, 26 Mar 2023 15:43:28 +0000 (17:43 +0200)]
multi: remove PENDING + MSGSENT handles from the main linked list
As they are not driving transfers or any socket activity, the main loop
does not need to iterate over these handles. A performance improvement.
They are instead only held in their own separate lists.
'data->multi' is kept a pointer to the multi handle as long as the easy
handle is actually part of it even when the handle is moved to the
pending/msgsent lists. It needs to know which multi handle it belongs
to, if for example curl_easy_cleanup() is called before the handle is
removed from the multi handle.
Alll 'data->multi' pointers of handles still part of the multi handle
gets cleared by curl_multi_cleanup() which "orphans" all previously
attached easy handles.
This is take 2. The first version was reverted for the 8.0.1 release.
Stefan Eissing [Fri, 17 Mar 2023 08:30:02 +0000 (09:30 +0100)]
tests/http: add timeout to running curl in test cases
- we had a CI case once where `curl` seemingly did not
return and it was hard to guess what happened.
- make curl execution in test cases time out after 60 seconds
Dan Fandrich [Sat, 25 Mar 2023 01:10:08 +0000 (18:10 -0700)]
CI: skip some more builds when possible
When a commit only contains tests, documentation, or cmake files, skip
those builds that aren't affected by those.
The file filters available on the CI services don't seem to allow
skipping individual jobs, only the entire workflow, so we can't get any
more fine-grained than this.
Stefan Eissing [Thu, 23 Mar 2023 08:39:37 +0000 (09:39 +0100)]
ngtcp2: adjust config and code checks for ngtcp2 without nghttp3
- make configure show on HTTP3 feature that both ngtcp2 and nghttp3
are in play
- define ENABLE_QUIC only when USE_NGTCP2 and USE_NGHTTP3 are defined
- add USE_NGHTTP3 in the ngtcp2 implementation
Douglas R. Reno [Sun, 19 Mar 2023 07:07:51 +0000 (02:07 -0500)]
cmake: bring in the network library on Haiku.
When cross-compiling for Haiku, the networking library needs to be
brought in. Without this, an unknown type of "Error" is reported in
lib/curl_setup_once.h.
This is also needed when using CMake natively on Haiku to build libcurl.
jonrumsey [Mon, 20 Mar 2023 10:17:09 +0000 (10:17 +0000)]
gskit: various compile errors in OS400
Various compile failures in gskit.c;
- pipe_ssloverssl() needs Curl_easy data parameter for
Curl_conn_cf_get_socket(cf, data)
- key_passwd is in ssl_config, not conn_config
- close_on() has 2 parameters, not 4
- getsockopt() needs to call Curl_conn_cf_get_socket(), not
cxn->sock[FIRSTSOCKET]
Daniel Stenberg [Tue, 14 Mar 2023 15:55:01 +0000 (16:55 +0100)]
lib: skip Curl_llist_destroy calls
Linked lists themselves do not carry any allocations, so for the lists
that do not have have a set destructor we can just skip the
Curl_llist_destroy() call and save CPU time.
Casey Bodley [Wed, 15 Feb 2023 15:47:04 +0000 (10:47 -0500)]
aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
all s3 requests default to UNSIGNED-PAYLOAD and add the required
x-amz-content-sha256 header. this allows CURLAUTH_AWS_SIGV4 to correctly
sign s3 requests to amazon with no additional configuration
Viktor Szakats [Tue, 14 Mar 2023 11:57:31 +0000 (11:57 +0000)]
wolfssl: add quic/ngtcp2 detection in cmake, and fix builds
- add QUIC/ngtcp2 detection in CMake with wolfSSL.
Because wolfSSL uses zlib if available, move compression detection
before TLS detection. (OpenSSL might also need this in the future.)
- wolfSSL 5.5.0 started using C99 types in its `quic.h` header, but it
doesn't #include the necessary C99 header itself, breaking builds
(unless another dependency pulled it by chance.) Add local workaround
for it. For this to work with all build tools, we had to fix our
header detection first. Ref: #10745
Stefan Eissing [Thu, 9 Mar 2023 09:50:55 +0000 (10:50 +0100)]
tests/http: add pytest to GHA and improve tests
- added to: ngtcp2-quictls, ngtcp2-gnutls and the linux varians
quiche, bearssl, libressl, mbedtls, openssl3, rustls
- added disabled in ngtcp2-wolfssl due to weird SSL_connect() errors
not reproducable locally
Improvements on pytest:
- handling of systems with nghttpx in $PATH
- configure will seach $PATH got nghttpx used in pytest
- pytest fixes for managing nghttpx without h3 support
- ngtcp2-wolfssl: use a fully enabled wolfssl build
- lower parallel count for http/1.1 tests, since we do not
want to test excessive connections.
- check built curl for HTTPS-proxy support in proxy tests
- bearssl does not like one of our critical cert extensions, making
it non-critical now
- bearssl is too slow for test_12, skipping
- making sure we do h3 tests only when curl and server support is there
Viktor Szakats [Mon, 13 Mar 2023 10:46:38 +0000 (10:46 +0000)]
build: fix stdint/inttypes detection with non-autotools
Fix `stdint.h` and `inttypes.h` detection with non-autotools builds on
Windows. (autotools already auto-detected them accurately.)
`lib/config-win32.h` builds (e.g. `Makefile.mk`):
- set `HAVE_STDINT_H` where supported.
- set `HAVE_INTTYPES_H` for MinGW.
CMake:
- auto-detect them on Windows. (They were both force-disabled.)
- delete unused `CURL_PULL_STDINT_H`.
- delete unused `CURL_PULL_INTTYPES_H`.
- stop detecting `HAVE_STDINT_H` twice.
Present since the initial CMake commit: 4c5307b45655ba75ab066564afdc0c111a8b9291
curl doesn't use these C99 headers, we need them now to workaround
broken wolfSSL builds. Ref: #10739
Once that clears up, we can delete these detections and macros (unless
we want to keep them for future us.)
Dan Fandrich [Mon, 13 Mar 2023 01:56:22 +0000 (18:56 -0700)]
tests: make first.c the same for both lib tests and unit tests
The only difference used to be global variable used in unittest tests.
After cb7ed5a removed individual flag overrides for the unittests, first.c
was no longer recompiled for unit tests to include the flag, so whether it
worked or gave a link error depended on whether it was compiled in
libtest or unittest first. This way also speeds up the build by
eliminating 40 identical compile invocations.
Jay Satiro [Sat, 4 Mar 2023 09:07:24 +0000 (04:07 -0500)]
tool: improve --stderr handling
- freopen stderr with the user-specified file (--stderr file) instead of
using a separate 'errors' stream.
- In tool_setup.h override stdio.h's stderr macro as global variable
tool_stderr.
Both freopen and overriding the stderr macro are necessary because if
the user-specified filename is "-" then stdout is assigned to
tool_stderr and no freopen takes place. See the PR for more information.
Dan Fandrich [Fri, 10 Mar 2023 21:15:43 +0000 (13:15 -0800)]
http: don't send 100-continue for short PUT requests
This is already how curl is documented to behave in Everything curl, but
in actuality only short POSTs skip this. This should knock 30 seconds
off a full run of the test suite since the 100-continue timeout will no
longer be hit.
Dan Fandrich [Thu, 9 Mar 2023 21:17:44 +0000 (13:17 -0800)]
tests: hack to build most unit tests under cmake
These are only built when a libcurl static library is available, since
we're not building a special libcurlu library yet and these tests rely
on private symbols that aren't available in the shared library. A few
unit tests do require libcurlu, so those are not built.
Dan Fandrich [Thu, 9 Mar 2023 20:23:14 +0000 (12:23 -0800)]
tests: keep cmake unit tests names in sync
Put only the test names into Makefile.inc so they can be used by both
cmake and automake. This will prevent the list of tests from becoming
out of date when they are also built under cmake.
projects / thirdparty / curl.git / log
