Daniel Stenberg [Mon, 5 Sep 2022 21:21:15 +0000 (23:21 +0200)]
misc: ISSPACE() => ISBLANK()
Instances of ISSPACE() use that should rather use ISBLANK(). I think
somewhat carelessly used because it sounds as if it checks for space or
whitespace, but also includes %0a to %0d.
For parsing purposes, we should only accept what we must and not be
overly liberal. It leads to surprises and surprises lead to bad things.
Daniel Stenberg [Thu, 1 Sep 2022 07:23:22 +0000 (09:23 +0200)]
NPN: remove support for and use of
Next Protocol Negotiation is a TLS extension that was created and used
for agreeing to use the SPDY protocol (the precursor to HTTP/2) for
HTTPS. In the early days of HTTP/2, before the spec was finalized and
shipped, the protocol could be enabled using this extension with some
servers.
curl supports the NPN extension with some TLS backends since then, with
a command line option `--npn` and in libcurl with
`CURLOPT_SSL_ENABLE_NPN`.
HTTP/2 proper is made to use the ALPN (Application-Layer Protocol
Negotiation) extension and the NPN extension has no purposes
anymore. The HTTP/2 spec was published in May 2015.
Today, use of NPN in the wild should be extremely rare and most likely
totally extinct. Chrome removed NPN support in Chrome 51, shipped in
June 2016. Removed in Firefox 53, April 2017.
Samuel Henrique [Thu, 1 Sep 2022 21:32:49 +0000 (22:32 +0100)]
configure: fail if '--without-ssl' + explicit parameter for an ssl lib
A side effect of a previous change to configure (576e507c78bdd2ec88)
exposed a non-critical issue that can happen if configure is called with
both '--without-ssl' and some parameter setting the use of a ssl library
(e.g. --with-gnutls). The configure script would end up assuming this is
a MultiSSL build, due to the way the case statement is written.
I have changed the order of the variables in the string concatenation
for the case statement and also tweaked the options so that
--without-ssl never turns the build into a MultiSSL one and also clearly
stating that there are conflicting parameters if the user sets it like
described above.
Daniel Stenberg [Fri, 2 Sep 2022 12:24:25 +0000 (14:24 +0200)]
tests/certs/scripts: insert standard curl source headers
... including the SPDX-License-Identifier.
These omissions were not detected by the RUEUSE CI job nor the copyright.pl
scanners because we have a general wildcard in .reuse/dep5 for
"tests/certs/*".
Reported-by: Samuel Henrique
Fixes #9417
Closes #9420
Samuel Henrique [Fri, 2 Sep 2022 11:02:02 +0000 (12:02 +0100)]
CURLOPT_WILDCARDMATCH.3: Fix backslash escaping under single quotes
Lintian (on Debian) has been complaining about this for a while but
I didn't bother initially as the groff parser that we use is not
affected by this.
But I have now noticed that the online manpage is affected by it:
https://curl.se/libcurl/c/CURLOPT_WILDCARDMATCH.html
(I'm using double quotes for quoting-only down below)
The section that should be parsed as "'\'" ends up being parsed as
"'´".
This is due to roffit not parsing "'\\'" correctly, which is fine
as the "correct" way of writing "'\'" is "'\e'" instead.
Note that this fix is not enough to fix the online manpage at
curl's website, as roffit seems to parse it wrongly either way.
My intent is to at least fix the manpage so that roffit can
be changed to parse "'\e'" correctly (although I suggest making
roffit parse both ways correctly, since that's what groff does).
More details at:
https://bugs.debian.org/966803
https://salsa.debian.org/lintian/lintian/-/blob/930b18e4b28b7540253f458ef42a884cca7965c3/tags/a/acute-accent-in-manual-page.tag
Daniel Stenberg [Wed, 31 Aug 2022 13:57:46 +0000 (15:57 +0200)]
tool_operate: prevent over-queuing in parallel mode
When doing a huge amount of parallel transfers, we must not add them to
the per_transfer list frivolously since they all use memory after all.
This was previous done without really considering millions or billions
of transfers. Massive parallelism would use a lot of memory for no good
purpose.
The queue is now limited to twice the paralleism number.
This makes the 'Qd' value in the parallel progress meter mostly useless
for users, but works for now for us as a debug display.
Reported-by: justchen1369 on github
Fixes #8933
Closes #9389
Viktor Szakats [Wed, 31 Aug 2022 11:57:24 +0000 (11:57 +0000)]
cmake: fix original MinGW builds
1. Re-enable `HAVE_GETADDRINFO` detection on Windows
Commit d08ee3c83d6bd416aef62ff844c98e47c4682429 (in 2013) added logic
that automatically assumed `getaddrinfo()` to be present for builds
with IPv6 enabled. As it turns out, certain toolchains (e.g. original
MinGW) by default target older Windows versions, and thus do not
support `getaddrinfo()` out of the box. The issue was masked for
a while by CMake builds forcing a newer Windows version, but that
logic got deleted in commit 8ba22ffb2030ed91312fc8634e29516cdf0a9761.
Since then, some CI builds started failing due to IPv6 enabled,
`HAVE_GETADDRINFO` set, but `getaddrinfo()` in fact missing.
It also turns out that IPv6 works without `getaddrinfo()` since commit 67a08dca27a6a07b36c7f97252e284ca957ff1a5 (from 2019, via #4662). So,
to resolve all this, we can now revert the initial commit, thus
restoring `getaddrinfo()` detection and support IPv6 regardless of its
outcome.
Reported-by: Daniel Stenberg
2. Omit `bcrypt` with original MinGW
Original (aka legacy/old) MinGW versions do not support `bcrypt`
(introduced with Vista). We already have logic to handle that in
`lib/rand.c` and autotools builds, where we do not call the
unsupported API and do not link `bcrypt`, respectively, when using
original MinGW.
This patch ports that logic to CMake, fixing the link error:
`c:/mingw/bin/../lib/gcc/mingw32/9.2.0/../../../../mingw32/bin/ld.exe: cannot find -lbcrypt`
Orgad Shaneh [Wed, 3 Aug 2022 16:13:07 +0000 (19:13 +0300)]
url: really use the user provided in the url when netrc entry exists
If the user is specified as part of the URL, and the same user exists
in .netrc, Authorization header was not sent at all.
The user and password fields were assigned in conn->user and password
but the user was not assigned to data->state.aptr, which is the field
that is used in output_auth_headers and friends.
Daniel Stenberg [Mon, 29 Aug 2022 07:17:54 +0000 (09:17 +0200)]
libssh: ignore deprecation warnings
libssh 0.10.0 marks all SCP functions as "deprecated" which causes
compiler warnings and errors in our CI jobs and elsewhere. Ignore
deprecation warnings if 0.10.0 or later is found in the build.
If they actually remove the functions at a later point, then someone can
deal with that pain and functionality break then.
Marc Hoersken [Mon, 25 Jul 2022 20:29:27 +0000 (22:29 +0200)]
multi_wait: fix skipping to populate revents for extra_fds
On Windows revents was not populated for extra_fds if
multi_wait had to wait due to the Curl_poll pre-check
not signalling any readiness. This commit fixes that.
Reviewed-by: Marcel Raad Reviewed-by: Jay Satiro
Closes #9361
Jay Satiro [Thu, 25 Aug 2022 07:46:42 +0000 (03:46 -0400)]
tests: fix http2 tests to use CRLF headers
Prior to this change some tests that rely on nghttpx proxy did not use
CRLF headers everywhere. A recent change in nghttp2, which updated its
version of llhttp (HTTP parser), requires curl's HTTP/1.1 test server to
use CRLF headers.
Daniel Stenberg [Thu, 25 Aug 2022 15:29:48 +0000 (17:29 +0200)]
configure: if asked to use TLS, fail if no TLS lib was detected
Previously the configure script would just warn about this fact and
continue with TLS disabled build which is not always helpful. TLS should
be explicitly disabled if that is what the user wants.
Dustin Howett [Thu, 25 Aug 2022 00:20:43 +0000 (19:20 -0500)]
schannel: when importing PFX, disable key persistence
By default, the PFXImportCertStore API persists the key in the user's
key store (as though the certificate was being imported for permanent,
ongoing use.)
The documentation specifies that keys that are not to be persisted
should be imported with the flag `PKCS12_NO_PERSIST_KEY`.
NOTE: this flag is only supported on versions of Windows newer than XP
and Server 2003.
Daniel Stenberg [Mon, 22 Aug 2022 08:56:42 +0000 (10:56 +0200)]
multi: have curl_multi_remove_handle close CONNECT_ONLY transfer
Ẃhen it has been used in the multi interface, it is otherwise left in
the connection cache, can't be reused and nothing will close them since
the easy handle loses the association with the multi handle and thus the
connection cache - until the multi handle is closed or it gets pruned
because the cache is full.
Daniel Stenberg [Tue, 23 Aug 2022 11:42:42 +0000 (13:42 +0200)]
docs/cmdline-opts/gen.pl: encode leading single and double quotes
As "(aq" and "(dq" to prevent them from implying a meaning in the nroff
output. This removes the need for using \& escapes in the .d files'
description parts.
Viktor Szakats [Mon, 15 Aug 2022 02:49:59 +0000 (02:49 +0000)]
Makefile.m32: allow -nghttp3/-ngtcp2 without -ssl [ci skip]
Before this patch `-nghttp3`/`-ngtcp2` had an effect only when `-ssl`
was also enabled. `-ssl` meaning OpenSSL (and its forks). After 8a13be227eede2601c2b3b1c63e08b3dc9b35dd5 nghttp3/ngtcp2 can also be
used together with wolfSSL. This patch adds the ability to enable
`-nghttp3`/`-ngtcp2` independently from `-ssl` (OpenSSL), allowing to
use it with wolfSSL or other, future TLS backends.
Before this patch, it was fine to enable `-nghttp3`/`-ngtcp2`
unconditionally. After this patch, this is no longer the case, and now
it's the user's responsibility to enable `-nghttp3`/`-ngtcp2` only
together with a compatible TLS backend.
When using a TLS backend other than OpenSSL, the TLS-specific ngtcp2
library must be configured manually, e.g.:
`export CURL_LDFLAG_EXTRAS=-lngtcp2_crypto_wolfssl`
Stefan Eissing [Wed, 10 Aug 2022 08:06:52 +0000 (10:06 +0200)]
quic: add support via wolfSSL
- based on ngtcp2 PR https://github.com/ngtcp2/ngtcp2/pull/505
- configure adapted to build against ngtcp2 wolfssl crypto lib
- quic code added for creation of WOLFSSL* instances
David Carlier [Sat, 13 Aug 2022 14:17:12 +0000 (15:17 +0100)]
memdebug: add annotation attributes
memory debug tracking annotates whether the returned pointer does not
`alias`, hints where the size required is, for Windows to be better
debugged via Visual Studio.
Emanuele Torre [Fri, 12 Aug 2022 03:18:10 +0000 (05:18 +0200)]
docs/cmdline-opts: fix example and categories for --form-escape
The example was missing a "--form" argument
I also replaced "--form" with "-F" to shorten the line a bit since it
was already very long.
And I also moved --form-escape from the "post" category to the "upload"
category (this is what I originally wanted to fix, before also noticing
the mistake in the example).
Daniel Stenberg [Thu, 11 Aug 2022 07:07:02 +0000 (09:07 +0200)]
configure: introduce CURL_SIZEOF
This is a rewrite of the previously used GPLv3+exception licensed
file. With this change, there is no more reference to GPL so we can
remove that from LICENSES/.
projects / thirdparty / curl.git / log
