Viktor Szakats [Fri, 18 Jul 2025 21:43:32 +0000 (23:43 +0200)]
cmake: fix to disable Schannel and SSPI for non-Windows targets
Fixing:
```
In file included from lib/vtls/vtls.c:50:
In file included from lib/vtls/../urldata.h:314:
lib/vtls/../curl_sspi.h:41:10: fatal error: 'security.h' file not found
41 | #include <security.h>
| ^~~~~~~~~~~~
1 error generated.
lib/curl_sspi.h:41:10: fatal error: 'security.h' file not found
41 | #include <security.h>
| ^~~~~~~~~~~~
1 error generated.
```
Stefan Eissing [Mon, 21 Jul 2025 10:23:06 +0000 (12:23 +0200)]
pytest: add SOCKS tests and scoring
Configure curl with `--with-test-sockd=<path to sockd>` for a locally
installed dante sockd server and new `test_40_*` will verify that
down- and uploads work via SOCKS.
Invoke scorecard.py with `--socks4` or `--socks5` to run performance
tests with SOCKS. Note that SOCKS is not supported for HTTP/3.
Viktor Szakats [Tue, 22 Jul 2025 10:19:22 +0000 (12:19 +0200)]
test1148: drop redundant `LC_NUMBER=` env setting
No longer necessary after a previous change made sure to strip
the '100.0%' number from the result, before checking it. The dot is
a regex character catching any decimal separator.
Viktor Szakats [Tue, 22 Jul 2025 14:44:45 +0000 (16:44 +0200)]
lib1560: fix memory leak when run without UTF-8 support
The issue is missed in CI, because valgrind jobs all run with UTF-8
support.
Fixing:
```
test 1560...[URL API]
valgrind ERROR ==13362== 104 bytes in 1 blocks are definitely lost in loss record 1 of 1
==13362== at 0x484D953: calloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==13362== by 0x48E1302: curl_dbg_calloc (in /curl/bld/lib/libcurl.so.4.8.0)
==13362== by 0x4931D12: curl_url (in /curl/bld/lib/libcurl.so.4.8.0)
==13362== by 0x14F658: get_parts (in /curl/bld/tests/libtest/libtests)
==13362== by 0x150AC6: test_lib1560 (in /curl/bld/tests/libtest/libtests)
==13362== by 0x17F5D5: main (in /curl/bld/tests/libtest/libtests)
```
Ref: https://github.com/curl/curl/actions/runs/16446352985/job/46479298080?pr=17988#step:41:3007
Viktor Szakats [Tue, 15 Jul 2025 19:37:51 +0000 (21:37 +0200)]
test1560: set locale/codeset with `LC_ALL` (was: `LANG`), test in CI
To fix running test 1560 when `LC_ALL` is set to something unexpected
(e.g. `C`). Also syncing it with the rest of tests.
Also:
- GHA/linux: enable `libidn2` in more jobs.
Also to enable test 1560 reproducing this issue in more jobs.
- GHA/linux: run tests with `LC_ALL=C` in one of the jobs.
- GHA/linux: switch to the non-deprecated package name for libidn2.
- GHA/macos: run tests with non-default locale settings in one job.
- GHA/macos: enable AppleIDN in that job.
Viktor Szakats [Fri, 11 Jul 2025 19:50:23 +0000 (21:50 +0200)]
GHA/checksrc: expand spellcheck, fix issues found
- codespell: break logic out into its own runnable script. Allowing
to run it on local machines.
- codespell: install via `pip`, bump to latest version.
- codespell: show version number in CI log.
- codespell: drop no longer needed word exception: `msdos`.
- codespell: include all curl source tree, except `packages` and
`winbuild`. Drop an obsolete file exclusion.
- add new spellchecker job using the `typos` tool. It includes
the codespell dictionary and a couple more. Use linuxbrew to install
it. This takes 10 seconds, while installing via `cargo` from source
would take over a minute.
- codespell: introduce an inline ignore filter compatible with `cspell`
Make `typos` recognize it, too. Move single exceptions inline.
Fix new typos found. Also rename variables and words to keep
spellchecking exceptions at minumum. This involves touching some tests.
Also switch base64 strings to `%b64[]` to avoid false positives.
Viktor Szakats [Sun, 20 Jul 2025 23:57:26 +0000 (01:57 +0200)]
windows: fix `if_nametoindex()` detection with autotools, improve with cmake
- autotools: fix auto-detection on the Windows platform.
It was mis-detected when targeting Windows XP/2003 64-bit.
It was permanently undetected when building for Windows 32-bit.
```
lib/url.c: In function 'zonefrom_url':
lib/url.c:1802:18: error: implicit declaration of function 'if_nametoindex' [-Wimplicit-function-declaration]
1802 | scopeidx = if_nametoindex(zoneid);
| ^~~~~~~~~~~~~~
lib/url.c:1802:18: error: nested extern declaration of 'if_nametoindex' [-Werror=nested-externs]
```
Ref: https://github.com/curl/curl/actions/runs/16405598782/job/46351023138?pr=17982#step:10:29
Reported-by: LoRd_MuldeR
Fixes #17979
Without this patch the workaround for the 8.15.0 release is:
`export ac_cv_func_if_nametoindex=0` for Windows XP/2003 64-bit.
Background: Checking for the `if_nametoindex()` function via
`AC_CHECK_FUNCS()` (autotools) or `check_function_exists()` (cmake) do
not work on Windows, for two reasons:
- the function may be disabled at compile-time in Windows headers
when targeting old Windows versions (XP or WS2003 in curl context)
via `_WIN32_WINNT`. But it's always present in the system implib
`iphlpapi` where these checks are looking.
- for 32-bit Windows the function signature in the implib requires
a 4-byte argument, while these checks always use no arguments,
making them always fail.
- cmake: call `if_nametoindex` dynamically with mingw-w64 v1.0.
This mingw-w64 version lacks prototype and implib entry for it.
- cmake: add auto-detection for Windows and use as a fallback for
non-pre-fill cases.
- cmake: disable pre-fill with `_CURL_PREFILL=OFF`. (for testing)
- cmake: disable pre-fill for untested compilers. (i.e. non-MSVC,
non-mingw64)
- GHA/windows: make an autotools job build for Windows XP.
Unconditionally enable _GNU_SOURCE when building on GNU/Hurd; this way
it is possible to properly use/rely on GNU extensions e.g. accept4(),
memrchr(), and the GNU strerror_r().
Viktor Szakats [Sat, 19 Jul 2025 13:21:31 +0000 (15:21 +0200)]
multissl: initialize when requesting a random number
To fix test 1308 in MultiSSL builds.
Failure was caused by the random number generator virtual function being
NULL, instead of pointing to the implementation in the runtime-selected
TLS backend. This could happen in MultiSSL builds when a functionality
was asking for a random number without triggering a VTLS function table
initialization first. Such functionality is MIME, or form data via MIME.
The reason CI did not catch it in an earlier MultiSSL GHA/windows job,
is that it was a debug-enabled one. In debug-enabled builds the test
runner was overriding the random number generator for all tests.
Viktor Szakats [Sat, 19 Jul 2025 20:53:08 +0000 (22:53 +0200)]
GHA/macos: enable QUIC API with OpenSSL
In one autotools and one cmake job.
Also:
- enable OpenSSL QUIC in two more jobs.
- pytest: add checks to skip h3 tests when there is no h3 server to
tests 26, 27a, 27b, 27c, 29 in test_02_download. Fixing:
```
FAILED tests/http/test_02_download.py::TestDownload::test_02_26_session_shared_reuse[h3] - AssertionError: expected exit code 0, got 1
[...]
```
Ref: https://github.com/curl/curl/actions/runs/16392680316/job/46320739635?pr=17973
Viktor Szakats [Fri, 18 Jul 2025 21:09:15 +0000 (23:09 +0200)]
GHA/macos: add Rustls, aws-lc jobs
Bind them to the (arbitrary choice of) Apple clang and gcc compilers,
respectively.
Also:
- bind existing mbedTLS job to the llvm compiler, to keep the number of
jobs the same as before this patch.
- move OpenLDAP from mbedTLS over to LibreSSL to keep testing it with
all 3 compilers.
- simplify exclusions for clang-tidy and torture jobs.
- tag clang-tidy and torture jobs via `install_steps`.
To avoid keeping around special bool fields.
test1560: skip some URLs if UTF-8 is not supported
Debian CI found that `lib1560` implements tests that will fail when
UTF-8 isn't supported. We can detect that with `nl_langinfo` and skip
the specific URLs that fail (i.e., those whose `getflags` are either
`CURLU_PUNYCODE` or `CURLU_PUNY2IDN`).
Viktor Szakats [Sat, 19 Jul 2025 16:45:25 +0000 (18:45 +0200)]
tests: set `CURL_ENTROPY` per test, not globally
Setting `CURL_ENTROPY` in debug-enabled builds overrides the code paths
responsible for random number generation. To avoid masking issue there,
this patch moves `CURL_ENTROPY` settings to each test that requires it,
and stop setting it by default for all tests (in `runner.pm`).
This makes it possible to catch random generator issues in debug-enabled
builds; extending test coverage.
To keep offering a well-defined state for tests, make `runner.pm` delete
the `CURL_ENTROPY` env, if present.
Reported-by: Kai Pastor Reported-by: Tal Regev
Bug: https://github.com/microsoft/vcpkg/pull/46444#pullrequestreview-3026575393
Ref: https://github.com/microsoft/vcpkg/pull/46444/commits/3a845c4b15066e8167bb4708007180fb6bedf40d
Stefan Eissing [Wed, 16 Jul 2025 09:10:13 +0000 (11:10 +0200)]
openssl: some small cleanups
- rename Curl_oss_check_peer_cert() to Curl_ossl_check_peer_cert()
- leave altname match loop after the first success when the match
was an ip address
- remove static subj_alt_hostcheck() since it did not really do much
- use length based infof() output of altname, even though it does
seem always to be nul terminated
Viktor Szakats [Fri, 11 Jul 2025 16:02:32 +0000 (18:02 +0200)]
test1706: pass include directory to `managen` for out-of-tree builds
Fixing:
```
readline() on closed filehandle INC at ../../curl-99.98.97/tests/../scripts/managen line 1299.
```
Ref: https://github.com/curl/curl/actions/runs/16224106087/job/45811979199?pr=17877#step:3:8545
Stefan Eissing [Mon, 14 Jul 2025 09:41:59 +0000 (11:41 +0200)]
connection: clarify `transport`
The `transport` to use for a transfer, e.g. TCP/QUIC/UNIX/UDP, is
initially selected by options and protocol used. This is set at the
`struct connectdata` as `transport` member.
During connection establishment, this transport may change due to
Alt-Svc or Happy-Eyeballing. Most common is the switch from TCP to QUIC.
Rename the connection member to `transport_wanted` and add a way to
query the connection for the transport in use via a new connection
filter query.
The filter query can also be used in the happy eyeballing attempts when
code needs to know which transport is used by the "filter below". This
happens in wolfssl initialization, as one example.
When using winbuild or Visual Studio IDE Project Files.
To simplify and prepare for dropping support for VS2008.
Details:
- fix VS2012 default target to be Windows 8 (was Vista).
Confirmed by CI:
```
-- The C compiler identification is MSVC 17.0.61030.0
-- Found _WIN32_WINNT=0x0602
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/51594696/job/elbl0w5n7fmoos2f#L45
It also aligns with the default being Windows 7 for VS2010,
and Windows Vista for VS2008.
- bump minimum target to XP (was Windows 2000) when using VS2008.
curl requires XP.
- add Windows release names to comments for clarity.
- add hex Windows version to a comment for clarity.
- merge VS2008/VS2012 minimum/default logic and comments.
- reduce scope of local minimum/default macros.
- shorten comments to fit within line limit.
Daniel Stenberg [Mon, 14 Jul 2025 06:59:04 +0000 (08:59 +0200)]
VULN-DISCLOSURE-POLICY.md: 7 days embargo is max
It was recently updated in this doc to seven, but there were *two*
numbers mentioned and only one of them was updated leaving the paragraph
quite confusing.
Viktor Szakats [Sun, 13 Jul 2025 01:28:19 +0000 (03:28 +0200)]
GHA: minor tidy-ups
- GHA/checksrc: make a step name more accurate.
- cmakelint.sh: make sure to run from project root.
To make it easier to run locally.
- cmakelint.sh: use `set -eu`.
Viktor Szakats [Sat, 12 Jul 2025 16:07:51 +0000 (18:07 +0200)]
GHA/checksrc: use Linux for CI checks, merge job into misc checks
CI check used macOS before this patch, but with the help of Linuxbrew,
latest zizmor and shellcheck are also available on Linux.
Also:
- migrate CI checks to the misc check workflow, to make both shellcheck
use the same, latest, shellcheck version, and to save the overhead of
an extra workflow.
Daniel McCarney [Fri, 11 Jul 2025 20:19:12 +0000 (16:19 -0400)]
lib/vts: fix a copy-pasted early data comment typo
In gtls.c there was a typo'd comment that I think was missing the word
"no" to indicate there's "no GnuTLS way to signal no EarlyData".
This commit fixes that typo, and also updates a copy-pasted instance
that made it into wolfssl.c where it should refer to the WolfSSL API
missing the capability, not GnuTLS.
Viktor Szakats [Wed, 9 Jul 2025 22:36:03 +0000 (00:36 +0200)]
test1175: fix to run, and fix documentation issues detected
Fix test 1175 by passing the source root directory (was: tests).
Before this patch this caused silent Perl warnings and returning success
without executing the tests, due to:
```
readline() on closed filehandle $f at ../../tests/test1175.pl line 55.
readline() on closed filehandle $f at ../../tests/test1175.pl line 39.
```
Running the test revealed these issues:
```
CURLE_FUNCTION_NOT_FOUND is not in libcurl-errors.md
CURLE_HTTP_POST_ERROR is not in libcurl-errors.md
CURLE_TELNET_OPTION_SYNTAX is not in libcurl-errors.md
CURLM_CALL_MULTI_SOCKET is not in libcurl-errors.md
```
Apply fixes:
- mark `CURLE_FUNCTION_NOT_FOUND` deprecated by 7.53.0
- mark `CURLE_HTTP_POST_ERROR` deprecated by 7.56.0
- mark `CURLE_TELNET_OPTION_SYNTAX` deprecated by 7.78.0
- document `CURLM_CALL_MULTI_SOCKET` as a synonym for
`CURLM_CALL_MULTI_PERFORM`
- test1477: exclude `CURLM_CALL_MULTI_SOCKET`.
But, these weren't officially deprecated. It may need more updates
to reflect that in other places, or fix the issues differently.
Viktor Szakats [Thu, 10 Jul 2025 07:55:02 +0000 (09:55 +0200)]
checksrc-all: rewrite in Perl, remove `checksrc.bat`
`checksrc.bat` was outdated and required Perl for `checksrc.pl` anyway.
Rewrite `checksrc-all.sh` in Perl, making it usable in envs without
a POSIX shell.
projects / thirdparty / curl.git / log
