Stefan Eissing [Fri, 18 Aug 2023 09:08:52 +0000 (11:08 +0200)]
test2600: fix flakiness on low cpu
- refs #11355 where failures to to low cpu resources in CI
are reported
- vastly extend CURLOPT_CONNECTTIMEOUT_MS and max durations
to test cases
- trigger Curl_expire() in test filter to allow re-checks before
the usual 1second interval
Emanuele Torre [Sat, 19 Aug 2023 16:51:16 +0000 (18:51 +0200)]
tool/var: also error when expansion result starts with NUL
Expansions whose output starts with NUL were being expanded to the empty
string, and not being recognised as values that contain a NUL byte, and
should error.
Daniel Stenberg [Wed, 16 Aug 2023 08:43:02 +0000 (10:43 +0200)]
lib: move mimepost data from ->req.p.http to ->state
When the legacy CURLOPT_HTTPPOST option is used, it gets converted into
the modem mimpost struct at first use. This data is (now) kept for the
entire transfer and not only per single HTTP request. This re-enables
rewind in the beginning of the second request instead of in end of the
first, as brought by 1b39731.
The request struct is per-request data only.
Extend test 650 to verify.
Fixes #11680 Reported-by: yushicheng7788 on github
Closes #11682
Patrick Monnerat [Thu, 10 Aug 2023 22:30:17 +0000 (00:30 +0200)]
test1554: check translatable string options in OS400 wrapper
This test runs a perl script that checks all string options are properly
translated by the OS400 character code conversion wrapper. It also
verifies these options are listed in alphanumeric order in the wrapper
switch statement.
Stefan Eissing [Thu, 17 Aug 2023 09:16:11 +0000 (11:16 +0200)]
bearssl: handshake fix, provide proper get_select_socks() implementation
- bring bearssl handshake times down from +200ms down to other TLS backends
- vtls: improve generic get_select_socks() implementation
- tests: provide Apache with a suitable ssl session cache
trrui-huawei [Fri, 11 Aug 2023 06:14:11 +0000 (14:14 +0800)]
quiche: enable quiche to handle timeout events
In parallel with ngtcp2, quiche also offers the `quiche_conn_on_timeout`
interface for the application to invoke upon timer
expiration. Therefore, invoking the `on_timeout` function of the
Connection is crucial to ensure seamless functionality of quiche with
timeout events.
Marin Hannache [Mon, 14 Aug 2023 08:21:46 +0000 (10:21 +0200)]
http: do not require a user name when using CURLAUTH_NEGOTIATE
In order to get Negotiate (SPNEGO) authentication to work in HTTP you
used to be required to provide a (fake) user name (this concerned both
curl and the lib) because the code wrongly only considered
authentication if there was a user name provided, as in:
curl -u : --negotiate https://example.com/
This commit leverages the `struct auth` want member to figure out if the
user enabled CURLAUTH_NEGOTIATE, effectively removing the requirement of
setting a user name both in curl and the lib.
Viktor Szakats [Fri, 11 Aug 2023 00:37:26 +0000 (00:37 +0000)]
build: streamline non-UWP wincrypt detections
- with CMake, use the variable `WINDOWS_STORE` to detect an UWP build
and disable our non-UWP-compatible use the Windows crypto API. This
allows to drop two dynamic feature checks.
`WINDOWS_STORE` is true when invoking CMake with
`CMAKE_SYSTEM_NAME` == `WindowsStore`. Introduced in CMake v3.1.
- with autotools, drop the separate feature check for `wincrypt.h`. On
one hand this header has been present for long (even Borland C 5.5 had
it from year 2000), on the other we used the check result solely to
enable another check for certain crypto functions. This fails anyway
with the header not present. We save one dynamic feature check at the
configure stage.
Jay Satiro [Thu, 8 Dec 2022 06:26:13 +0000 (01:26 -0500)]
schannel: verify hostname independent of verify cert
Prior to this change when CURLOPT_SSL_VERIFYPEER (verifypeer) was off
and CURLOPT_SSL_VERIFYHOST (verifyhost) was on we did not verify the
hostname in schannel code.
This fixes KNOWN_BUG 2.8 "Schannel disable CURLOPT_SSL_VERIFYPEER and
verify hostname". We discussed a fix several years ago in #3285 but it
went stale.
Assisted-by: Daniel Stenberg
Bug: https://curl.haxx.se/mail/lib-2018-10/0113.html Reported-by: Martin Galvan
Ref: https://github.com/curl/curl/pull/3285
The above automatically enabled for Windows builds, with an option to
disable with `SHARE_LIB_OBJECT=OFF`.
This patch extend this feature to all platforms as a manual option.
You can enable it by setting `SHARE_LIB_OBJECT=ON`. Then shared objects
are built in PIC mode, meaning the static lib will also have PIC code.
Viktor Szakats [Tue, 8 Aug 2023 09:41:20 +0000 (09:41 +0000)]
cmake: assume `wldap32` availability on Windows
This system library first shipped with Windows ME, available as an extra
install for some older releases (according to [1]). The import library
was present already in old MinGW 3.4.2 (year 2007).
Drop the feature check and its associated `HAVE_WLDAP32` variable.
To manually disable `wldap32`, you can use the `USE_WIN32_LDAP=OFF`
CMake option, like before.
Daniel Stenberg [Wed, 9 Aug 2023 07:26:18 +0000 (09:26 +0200)]
cmdline-opts/page-header: reorder, clean up
- removed some unnecessary blurb to focus
- moved up the more important URL details
- put "globbing" into its own subtitle and moved down a little
- mention the online man page in the version section
OpenSSL 1.1.1 defines this macro, but no ealier version, or any of the
popular forks (yet). Use the macro itself to detect its presence,
replacing the hard-wired fork-specific conditions.
This way the feature will enable automatically when forks implement it,
while also shorter and possibly requiring less future maintenance.
Viktor Szakats [Mon, 7 Aug 2023 19:50:11 +0000 (19:50 +0000)]
cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks
- `HAVE_LIBWINMM` was detected but unused. The `winmm` system library is
also not used by curl, but it is by its optional dependency `librtmp`.
Change the logic to always add `winmm` when `USE_LIBRTMP` is set. This
library has been available since the early days of Windows.
- `HAVE_LIBWS2_32` detected `ws2_32` lib on Windows. This lib is present
since Windows 95 OSR2 (AFAIR). Winsock1 already wasn't supported and
other existing logic already assumed this lib being present, so delete
the check and replace the detection variable with `WIN32` and always
add `ws2_32` on Windows.
Viktor Szakats [Mon, 7 Aug 2023 16:32:46 +0000 (16:32 +0000)]
openssl: switch to modern init for LibreSSL 2.7.0+
LibreSSL 2.7.0 (2018-03-21) introduced automatic initialization,
`OPENSSL_init_ssl()` function and deprecated the old, manual init
method, as seen in OpenSSL 1.1.0. Switch to the modern method when
available.
Daniel Stenberg [Mon, 7 Aug 2023 11:02:32 +0000 (13:02 +0200)]
gskit: remove
We remove support for building curl with gskit.
- This is a niche TLS library, only running on some IBM systems
- no regular curl contributors use this backend
- no CI builds use or verify this backend
- gskit, or the curl adaption for it, lacks many modern TLS features
making it an inferior solution
- build breakages in this code take weeks or more to get detected
- fixing gskit code is mostly done "flying blind"
This removal has been advertized in DEPRECATED in Jan 2, 2023 and it has
been mentioned on the curl-library mailing list.
It could be brought back, this is not a ban. Given proper effort and
will, gskit support is welcome back into the curl TLS backend family.
Daniel Stenberg [Fri, 4 Aug 2023 14:07:16 +0000 (16:07 +0200)]
docs/cmdline: add small "warning" to verbose options
"Note that verbose output of curl activities and network traffic might
contain sensitive data, including user names, credentials or secret data
content. Be aware and be careful when sharing trace logs with others."
projects / thirdparty / curl.git / log
