Daniel Stenberg [Wed, 1 Feb 2023 07:26:08 +0000 (08:26 +0100)]
urlapi: skip path checks if path is just "/"
As a miniscule optimization, treat a path of the length 1 as the same as
non-existing, as it can only be a single leading slash, and that's what
we do for no paths as well.
Viktor Szakats [Wed, 1 Feb 2023 09:44:57 +0000 (09:44 +0000)]
tls: fixes for wolfssl + openssl combo builds
1. Add `USE_WOLFSSL` to the TLS backend priority list in
`lib/curl_ntlm_core.c`.
2. Fix `lib/curl_ntlm_core.h` to respect TLS backend priority, bringing
it in sync with the above list and `lib/curl_ntlm_core.c` itself.
Reported-by: Mark Roszko
Ref: https://github.com/curl/curl/issues/10321
3. Allow enabling both wolfSSL and OpenSSL at the same time in
`lib/Makefile.mk` bringing this in line with cmake/autotools builds.
Update logic to select the crypto-specific lib for `ngtcp2`, which
supports a single TLS backend at the same time.
Stefan Eissing [Mon, 30 Jan 2023 15:03:00 +0000 (16:03 +0100)]
cf-socket: improvements in socket I/O handling
- Curl_write_plain/Curl_read_plain have been eliminated. Last code use
now uses Curl_conn_send/recv so that requests use conn->send/revc
callbacks which defaults to cfilters use.
- Curl_recv_plain/Curl_send_plain have been internalized in cf-socket.c.
- USE_RECV_BEFORE_SEND_WORKAROUND (active on Windows) has been moved
into cf-socket.c. The pre_recv buffer is held at the socket filter
context. `postponed_data` structures have been removed from
`connectdata`.
- the hanger in HTTP/2 request handling was a result of read buffering
on all sends and the multi handling is not prepared for this. The
following happens:
- multi preforms on a HTTP/2 easy handle
- h2 reads and processes data
- this leads to a send of h2 data
- which receives and buffers before the send
- h2 returns
- multi selects on the socket, but no data arrives (its in the buffer already)
the workaround now receives data in a loop as long as there is something in
the buffer. The real fix would be for multi to change, so that `data_pending`
is evaluated before deciding to wait on the socket.
io_buffer, optional, in cf-socket.c, http/2 sets state.drain if lower
filter have pending data.
This io_buffer is only available/used when the
-DUSE_RECV_BEFORE_SEND_WORKAROUND is active, e.g. on Windows
configurations. It also maintains the original checks on protocol
handler being HTTP and conn->send/recv not being replaced.
The HTTP/2 (nghttp2) cfilter now sets data->state.drain when it finds
out that the "lower" filter chain has still pending data at the end of
its IO operation. This prevents the processing from becoming stalled.
Jay Satiro [Mon, 23 Jan 2023 08:44:16 +0000 (03:44 -0500)]
write-out.d: clarify Windows % symbol escaping
- Clarify that in Windows batch files the % must be escaped as %%, and
at the command prompt it cannot be escaped which could lead to
incorrect expansion.
Prior to this change the doc implied % must be escaped as %% in win32
always.
---
Examples showing how a write-out argument is received by curl:
If curl --write-out "%{http_code}" is executed in a batch file:
{http_code}
If curl --write-out "%%{http_code}" is executed in a batch file:
%{http_code}
If curl --write-out "%{http_code}" is executed from the command prompt:
%{http_code}
If curl --write-out "%%{http_code}" is executed from the command prompt:
%%{http_code}
At the command prompt something like "%{speed_download}%{http_code}"
would first be parsed by the command interpreter as %{speed_download}%
and would be expanded as environment variable {speed_download} if it
existed, though that's highly unlikely since Windows environment names
don't use braces.
---
Reported-by: Muhammad Hussein Ammari
Ref: https://github.com/bagder/everything-curl/pull/279
Ryan Schmidt [Thu, 26 Jan 2023 01:05:02 +0000 (19:05 -0600)]
cf-socket: Fix build when not HAVE_GETPEERNAME
Remove remaining references to conn and sockfd, which were removed from
the function signature when conninfo_remote was renamed to
conn_set_primary_ip in 6a8d7ef.
Stop explicitly defining `SECURITY_WIN32` in CMake builds.
No other build systems define this macro, because it's unconditionally
defined in `lib/curl_sspi.h` already. This is the only curl source using
the `sspi.h` and `security.h` Win32 headers, and no other Win32 headers
need this macro.
Dan Fandrich [Fri, 20 Jan 2023 19:35:48 +0000 (11:35 -0800)]
CI: Add a workflow to automatically label pull requests
The labeler language is quite restrictive right now so labels are added
quite conservatively, meaning that many PRs won't get labels when it's
"obvious" they should. It will still save some manual work on those
that it can label.
Jay Satiro [Fri, 20 Jan 2023 23:37:44 +0000 (18:37 -0500)]
system.h: assume OS400 is always built with ILEC compiler
Prior to this change the OS400 types were only defined when __ILEC400__.
That symbol is only defined by IBM's C compiler and not their C++
compiler, which led to missing types when users on OS400 would compile a
C++ application that included curl.
The IBM C and C++ compilers are the only native compilers on the
platform.
Assisted-by: Jon Rumsey Reported-by: John Sherrill
Fixes https://github.com/curl/curl/issues/10305
Closes https://github.com/curl/curl/pull/10329
xgladius [Tue, 17 Jan 2023 18:08:10 +0000 (12:08 -0600)]
cmake: Remove deprecated symbols check
curl stopped use of CMAKE_USE_ as a prefix for its own build symbols in
2021 and added a check, meant to last 1 year, to fatally error on those
symbols. This commit removes that check.
Jay Satiro [Thu, 5 Jan 2023 23:32:27 +0000 (18:32 -0500)]
openssl: Don't ignore CA paths when using Windows CA store (redux)
.. and remove 'experimental' designation from CURLSSLOPT_NATIVE_CA.
This commit restores the behavior of CURLSSLOPT_NATIVE_CA so that it
does not override CURLOPT_CAINFO / CURLOPT_CAPATH, or the hardcoded
default locations. Instead the native Windows CA store can be used at
the same time.
---
This behavior was originally added over two years ago in abbc5d60
(#5585) but then 83393b1a (#7892) broke it over a year ago, I assume
inadvertently.
The CURLSSLOPT_NATIVE_CA feature was marked experimental and likely
rarely used.
Stefan Eissing [Thu, 12 Jan 2023 15:43:35 +0000 (16:43 +0100)]
openssl: make the BIO_METHOD a local variable in the connection filter
This avoids UAF issues when `curl_global_cleanup()` is called before all
transfers have been completely handled. Unfortunately this seems to be a
more common pattern than we like.
easyoptions: Fix header printing in generation script
The optiontable.pl script prints the header comment when generating
easyoptions.c, but it wasn't escaping all characters which jumbled the
curl ascii logo. Fix by escaping.
Stefan Eissing [Wed, 11 Jan 2023 09:30:42 +0000 (10:30 +0100)]
curl_log: for failf/infof and debug logging implementations
- new functions and macros for cfilter debugging
- set CURL_DEBUG with names of cfilters where debug logging should be
enabled
- use GNUC __attribute__ to enable printf format checks during compile
Stefan Eissing [Thu, 5 Jan 2023 16:01:42 +0000 (17:01 +0100)]
ngtcp2: add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl
Using common method for SSL_CTX initialization of verfiy peer and CA
settings. This also provides X509_STORE sharing to become available for
ngtcp2+openssl HTTP/3.
Reported-by: violetlige on github
Fixes #10222
Closes #10239
Stefan Eissing [Mon, 9 Jan 2023 15:58:10 +0000 (16:58 +0100)]
tests-httpd: basic infra to run curl against an apache httpd plus nghttpx for h3
- adding '--with-test-httpd=<path>' to configure non-standard apache2
install
- python env and base classes for running httpd
- basic tests for connectivity with h1/h2/h3
- adding test cases for truncated responses in http versions.
- adding goaway test for HTTP/3.
- adding "stuttering" tests with parallel downloads in chunks with
varying delays between chunks.
- adding a curltest module to the httpd server, adding GOAWAY test.
- mod_curltest now installs 2 handlers
- 'echo': writing as response body what came as request body
- 'tweak': with query parameters to tweak response behaviour
- marked known fails as skip for now
- ECONNECTREFUSED has not its own fail message in quic filters
- Debug logging in connect eyballing improved
- Fix bug in ngtcp2/quiche that could lead to false success reporting.
Reported-by: Divy Le Ray
Fixes #10245
Closes #10248
Daniel Stenberg [Sat, 7 Jan 2023 15:03:40 +0000 (16:03 +0100)]
curl.h: allow up to 10M buffer size
Bump the limit from 512K. There might be reasons for applications using
h3 to set larger buffers and there is no strong reason for curl to have
a very small maximum.
Stefan Eissing [Mon, 2 Jan 2023 13:08:16 +0000 (14:08 +0100)]
msh3: run again in its cfilter
- test 2500, single GET works
- test 2501, single POST stalls
- test 2502, multiple, sequential GETs each use a new connection since
MsH3ConnectionGetState(qconn) no longer reports CONNECTED after one
GET.
Jay Satiro [Thu, 5 Jan 2023 07:14:53 +0000 (02:14 -0500)]
CURLOPT_HEADERDATA.3: warn DLL users must set write function
- Warn that in Windows if libcurl is running from a DLL and if
CURLOPT_HEADERDATA is set then CURLOPT_WRITEFUNCTION or
CURLOPT_HEADERFUNCTION must be set as well, otherwise the user may
experience crashes.
We already have a similar warning in CURLOPT_WRITEDATA. Basically, in
Windows libcurl could crash writing a FILE pointer that was created by
a different C runtime. In Windows each DLL that is part of a program may
or may not have its own C runtime.
Built-in TLS backends are detected at test time by scanning for their
names in the version string line returned by the cli tool: as this line
may also list the libssh configuration that mentions its own backend,
the curl backend may be wrongly determined.
In example, if the version line contains "libssh/0.10.4/openssl/zlib",
OpenSSL is detected as a curl-configured backend even if not.
This fix requires the backend names to appear as full words preceded by
spacing in the version line to be recognized as curl TLS backends.
Stefan Eissing [Thu, 5 Jan 2023 18:23:21 +0000 (19:23 +0100)]
quic: rename vquic implementations, fix for quiche build.
- quiche in debug mode did not build, fixed.
- moved all vquic implementation files to prefix curl_* to avoid
the potential mixups between provided .h files and our own.
- quich passes test 2500 and 2502. 2501, the POST, fail with
the body being rejected. Quich bug?
Stefan Eissing [Thu, 5 Jan 2023 10:13:17 +0000 (11:13 +0100)]
sectransp: fix for incomplete read/writes
SecureTransport expects result code errSSLWouldBlock when the requested
length could not be sent/recieved in full. The previous code returned
noErr, which let SecureTransport to believe that the IO had terminated
prematurely.
Stefan Eissing [Wed, 4 Jan 2023 13:37:52 +0000 (14:37 +0100)]
tool_operate: fix headerfile writing
Do not rely on the first transfer started to be the first to get a
response (remember -Z). All transfers now write the headefile (-D) in
append mode, making sure that the order of transfer responses does not
lead to overwrites of previous data.
Daniel Stenberg [Sun, 1 Jan 2023 10:26:22 +0000 (11:26 +0100)]
misc: reduce struct and struct field sizes
- by using BIT() instead of bool
- imap: shrink struct
- ftp: make state 'unsigned char'
- ftp: sort ftp_conn struct entries on size
- urldata: use smaller fields for SSL version info storage
- pop3: reduce the pop3_conn struct size
- smtp: reduce the size of the smtp structs
Jay Satiro [Tue, 3 Jan 2023 22:15:26 +0000 (17:15 -0500)]
http2: fix compiler warning due to uninitialized variable
Prior to this change http2_cfilter_add could return an uninitialized
cfilter pointer in an OOM condition. In this case though, the pointer
is discarded and not dereferenced so there was no risk of a crash.
Stefan Eissing [Tue, 3 Jan 2023 12:13:37 +0000 (13:13 +0100)]
cf-socket: keep sockaddr local in the socket filters
- copy `struct Curl_addrinfo` on filter setup into context
- remove `struct Curl_addrinfoi *` with `struct Curl_sockaddr_ex *` in
connectdata that is set and NULLed by the socket filter
- this means we have no reference to the resolver info in connectdata or
its filters
- trigger the CF_CTRL_CONN_INFO_UPDATE event when the complete filter
chain reaches connected status
- update easy handle connection information on CF_CTRL_DATA_SETUP event.
Daniel Stenberg [Mon, 2 Jan 2023 12:51:48 +0000 (13:51 +0100)]
copyright: update all copyright lines and remove year ranges
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING
checksrc is updated to allow non-year using copyright statements
Daniel Stenberg [Mon, 2 Jan 2023 10:43:51 +0000 (11:43 +0100)]
docs/DEPRECATE.md: deprecate gskit
Ref: #10163
- This is a niche TLS library, only running on some IBM systems
- no regular curl contributors use this backend
- no CI builds use or verify this backend
- gskit, or the curl adaption for it, lacks many modern TLS features
making it an inferior solution
- build breakages in this code take weeks or more to get detected
- fixing gskit code is mostly done "flying blind"
projects / thirdparty / curl.git / log
