V220 Suspicious sequence of types castings: memsize -> 32-bit integer ->
memsize. The value being cast: 'sizeof
(buf->data)'. curl\lib\vtls\vtls.c 2025
Dan Fandrich [Mon, 10 Apr 2023 18:05:55 +0000 (11:05 -0700)]
test1169: fix so it works properly everywhere
- Use an absolute path for the -L option since the module isn't in the
perl path
- Create the needed test file in a <file> section; <precheck> isn't
intended for this
- Fix the test number in the file name, which was wrong
Dan Fandrich [Mon, 10 Apr 2023 17:35:04 +0000 (10:35 -0700)]
tests: stop using strndup(), which isn't portable
It's not available on Solaris 10, for example. Since this is just test
code that doesn't need to use an optimized system version, replace it
with the implementation copied from tool_cb_hdr.c.
Daniel Stenberg [Sat, 8 Apr 2023 22:38:00 +0000 (00:38 +0200)]
urlapi: prevent setting invalid schemes with *url_set()
A typical mistake would be to try to set "https://" - including the
separator - this is now rejected as that would then lead to
url_get(... URL...) would get an invalid URL extracted.
Stefan Eissing [Thu, 6 Apr 2023 09:19:46 +0000 (11:19 +0200)]
tests: increase sws timeout for more robust testing
- for https CONNECT forwarding, this was fixed at 5 seconds
which led to spurious CI test failures
- add --keepalive parameter to sws to control this
- let httpserver use 30 seconds
Stefan Eissing [Thu, 6 Apr 2023 09:59:12 +0000 (11:59 +0200)]
http2: move HTTP/2 stream vars into local context
- remove NGHTTP2 members of `struct HTTP`
- add `void *h2_ctx` to `struct HTTP`
- add `void *h3_ctx` to `struct HTTP`
- separate h2/h3 pointers are needed for eyeballing
- manage local stream_ctx in http implementations
Stefan Eissing [Thu, 6 Apr 2023 07:54:57 +0000 (09:54 +0200)]
proxy: http2 proxy tunnel implementation
- currently only on debug build and when env variable
CURL_PROXY_TUNNEL_H2 is present.
- will ALPN negotiate with the proxy server and switch
tunnel filter based on the protocol negotiated.
- http/1.1 tunnel code moved into cf-h1-proxy.[ch]
- http/2 tunnel code implemented in cf-h2-proxy.[ch]
- tunnel start and ALPN set remains in http_proxy.c
- moving all haproxy related code into cf-haproxy.[ch]
VTLS changes
- SSL filters rely solely on the "alpn" specification they
are created with and no longer check conn->bits.tls_enable_alpn.
- checks on which ALPN specification to use (or none at all) are
done in vtls.c when creating the filter.
Testing
- added a nghttpx forward proxy to the pytest setup that
speaks HTTP/2 and forwards all requests to the Apache httpd
forward proxy server.
- extending test coverage in test_10 cases
- adding proxy tests for direct/tunnel h1/h2 use of basic auth.
- adding test for http/1.1 and h2 proxy tunneling to pytest
Stefan Eissing [Wed, 5 Apr 2023 12:52:16 +0000 (14:52 +0200)]
vtls and h2 improvements
- eliminate receive loop in vtls to fill buffer. This may
lead to partial reads of data which is counter productive
- let http2 instead loop smarter to process pending network
data without transfer switches
scorecard improvements
- do not start caddy when only httpd is requested
- allow curl -v to stderr file on --curl-verbose
Dan Fandrich [Sat, 1 Apr 2023 15:59:38 +0000 (08:59 -0700)]
unit tests: use the unit test infrastructure better
Allow UNITTEST_STOP to return the error code, use the fail & abort
macros to indicate test failure and return success instead of fail if
the unit test can't test anything because of missing features at
compile-time. A couple of tests could never fail because they were
overriding the failure return code.
Dan Fandrich [Fri, 31 Mar 2023 04:32:17 +0000 (21:32 -0700)]
tests: move server config files under the pid dir
These files are generated by the test servers and must therefore be
found in the log directory to make them available to only those servers
once multiple test runners are executing in parallel. They must also not
be deleted with the log files, so they are stored in the pidfile
directory.
Stefan Eissing [Fri, 31 Mar 2023 09:07:18 +0000 (11:07 +0200)]
rustls: fix error in recv handling
- when rustls is told to recieve more TLS data and its internal
plaintext buffers are full, it returns an IOERROR
- avoid receiving TLS data while plaintext is not read empty
pytest:
- increase curl run timeout when invoking pytest with higher verbosity
Stefan Eissing [Thu, 30 Mar 2023 11:00:51 +0000 (13:00 +0200)]
http3: improvements across backends
- ngtcp2: using bufq for recv stream data
- internal stream_ctx instead of `struct HTTP` members
for quiche, ngtcp2 and msh3
- no more QUIC related members in `struct HTTP`
- experimental use of recvmmsg(), disabled by default
- testing on my old debian box shows no throughput improvements.
- leaving it in, but disabled, for future revisit
- vquic: common UDP receive code for ngtcp2 and quiche
- vquic: common UDP send code for ngtcp2 and quiche
- added pytest skips for known msh3 failures
- fix unit2601 to survive torture testing
- quiche: using latest `master` from quiche and enabling large download
tests, now that key change is supported
- fixing test_07_21 where retry handling of starting a stream
was faulty
- msh3: use bufq for recv buffering headers and data
- msh3: replace fprintf debug logging with LOG_CF where possible
- msh3: force QUIC expire timers on recv/send to have more than
1 request per second served
Dan Fandrich [Fri, 31 Mar 2023 02:13:38 +0000 (19:13 -0700)]
tests: limit return code of unit tests and lib tests
Values greater than 125 have special meanings, so cap it there. Unit
tests and lib tests use the number of failures as the return code, so a
large number of failures (such as test 2601 as a torture test) can
exceed this causing the test to be erroneously reported as having
failed.
Dan Fandrich [Thu, 30 Mar 2023 22:36:29 +0000 (15:36 -0700)]
test1960: point to the correct path for the precheck tool
Otherwise, it might find the binary in .libs which can cause it to use
the system libcurl which can fail. This error is only visible by
noticing that the test is skipped.
Stefan Eissing [Thu, 30 Mar 2023 10:13:49 +0000 (12:13 +0200)]
http2: flow control and buffer improvements
- use bufq for send/receive of network data
- usd bufq for send/receive of stream data
- use HTTP/2 flow control with no-auto updates to control the
amount of data we are buffering for a stream
HTTP/2 stream window set to 128K after local tests, defined
code constant for now
- elminiating PAUSEing nghttp2 processing when receiving data
since a stream can now take in all DATA nghttp2 forwards
Improved scorecard and adjuste http2 stream window sizes
- scorecard improved output formatting and options default
- scorecard now also benchmarks small requests / second
Dan Fandrich [Tue, 28 Mar 2023 04:09:55 +0000 (21:09 -0700)]
docs: bump the minimum perl version to 5.6
It's actually been this way since at least 2012 (when a 3-argument open
was added to runtests.pl). Given the lack of complaints in the interim,
it's safe to call this 23 year old perl version the minimum.
Dan Fandrich [Wed, 22 Mar 2023 23:48:23 +0000 (16:48 -0700)]
runtests: refactor singletest() into separate functions
This takes it from a 1200 line behemoth into something more manageable.
The content and order of the functions is taken almost directly from
singletest() so the diff sans whitespace is quite short.
Dan Fandrich [Wed, 22 Mar 2023 20:35:06 +0000 (13:35 -0700)]
runtests: refactor singletest() into distinct sections
Namely:
- Verify that this test case should be run
- Start the servers needed to run this test case
- Check that test environment is fine to run this test case
- Prepare the test environment to run this test case
- Run the test command
- Clean up after test command
- Verify test succeeded
Jim King [Wed, 18 Jan 2023 16:54:30 +0000 (11:54 -0500)]
openssl: interop with AWS-LC
* Configure changes to detect AWS-LC
* CMakeLists.txt changes to detect AWS-LC
* Compile-time branches needed to support AWS-LC
* Correctly set OSSL_VERSION and report AWS-LC release number
* GitHub Actions script to build with autoconf and cmake against AWS-LC
AWS-LC is a BoringSSL/OpenSSL derivative
For more information see https://github.com/awslabs/aws-lc/
Viktor Szakats [Thu, 30 Mar 2023 08:55:20 +0000 (08:55 +0000)]
cmake: picky-linker fixes for openssl, ZLIB, H3 and more
- fix HTTP/3 support detection with OpenSSL/quictls built with ZLIB.
(Requires curl be built with ZLIB option also.)
- fix HTTP/3 support detection with OpenSSL/quictls/LibreSSL and `ld`
linker on Windows.
- fix HTTP/3 support detection with wolfSSL to automatically add
`ws2_32` to the lib list on Windows. For all linkers.
- reposition ZLIB (and other compression) detection _after_ TLS
detection, but before calling HTTP/3-support detection via
`CheckQuicSupportInOpenSSL`.
This also seems to fix an odd case, where OpenSSL/quictls is correctly
detected, but its header path is not set while compiling, breaking
build at `src/curl_ntlm_core.c`. Reason for this remains undiscovered.
- satisfy "picky" linkers such as `ld` with MinGW, that are highly
sensitive to lib order, by also adding brotli to the beginning of the
lib list.
- satisfy "picky" linkers by adding certain Windows systems libs to
the lib list for OpenSSL/LibreSSL. (Might need additional ones for
other forks, such as `pthread` for BoringSSL.)
Note: It'd make sense to _always_ add `ws2_32`, `crypt32` (except
Windows App targets perhaps?), `bcrypt` (except old-mingw!) on Windows
at this point. They are almost always required, and if some aren't,
they are ignored by the linker with no effect on final binaries.
dengjfzh [Tue, 21 Mar 2023 07:45:59 +0000 (15:45 +0800)]
rtsp: skip malformed RTSP interleaved frame data
Some IP cameras send malformed RTSP interleaved frames sometimes, which
can cause curl_easy_perform return 1 (CURLE_UNSUPPORTED_PROTOCOL). This
change attempts to skip clearly incorrect RTSP interleaving frame data.
Stefan Eissing [Mon, 20 Mar 2023 13:23:53 +0000 (14:23 +0100)]
lib: add `bufq` and `dynhds`
Adding `bufq`:
- at init() time configured to hold up to `n` chunks of `m` bytes each.
- various methods for reading from and writing to it.
- `peek` support to get access to buffered data without copy
- `pass` support to allow buffer flushing on write if it becomes full
- use case: IO buffers for dynamic reads and writes that do not blow up
- distinct from `dynbuf` in that:
- it maintains a read position
- writes on a full bufq return CURLE_AGAIN instead of nuking itself
- Init options:
- SOFT_LIMIT: allow writes into a full bufq
- NO_SPARES: free empty chunks right away
- a `bufc_pool` that can keep a number of spare chunks to
be shared between different `bufq` instances
Adding `dynhds`:
- a straightforward list of name+value pairs as used for HTTP headers
- headers can be appended dynamically
- headers can be removed again
- headers can be replaced
- headers can be looked up
- http/1.1 formatting into a `dynbuf`
- configured at init() with limits on header counts and total string
sizes
- use case: pass a HTTP request or response around without being version
specific
- express a HTTP request without a curl easy handle (used in h2 proxy
tunnels)
- future extension possibilities:
- conversions of `dynhds` to nghttp2/nghttp3 name+value arrays
projects / thirdparty / curl.git / log
