Stefan Eissing [Thu, 25 Apr 2024 11:12:18 +0000 (13:12 +0200)]
http3: quiche+ngtcp2 improvements
- quiche: error transfers that try to receive on a closed
or draining connection
- ngtcp2: use callback for extending max bidi streams. This
allows more precise calculation of MAX_CONCURRENT as we
only can start a new stream when the server acknowledges
the close - not when we locally have closed it.
- remove a fprintf() from h2-download client to avoid excess
log files on tests timing out.
Stefan Eissing [Fri, 26 Apr 2024 08:11:51 +0000 (10:11 +0200)]
vtls: TLS session storage overhaul
- add session with destructor callback
- remove vtls `session_free` method
- let `Curl_ssl_addsessionid()` take ownership
of session object, freeing it also on failures
- change tls backend use
- test_17, add tests for SSL session resumption
Daniel Stenberg [Thu, 25 Apr 2024 07:52:51 +0000 (09:52 +0200)]
multi: avoid memory-leak risk
'newurl' is allocated in some conditions and used in a few scenarios,
but there were theoretical combinations in which it would not get freed.
Move the free to happen unconditionally. Never triggered by tests, but
spotted by Coverity.
Stefan Eissing [Thu, 25 Apr 2024 15:35:50 +0000 (17:35 +0200)]
CI: macos fixes for new ARM GHA images
- based on #13478 with additions from #13476
- make homebrew install path flexible
- fix OpenSSL pkgconfig files libdir
- add path to --with-libssh2 target
- disable gcc securetransport due to linker
errors (missing symbols), probably because
the os version is no longer low enough
Jay Satiro [Tue, 28 Nov 2023 08:39:09 +0000 (03:39 -0500)]
dllmain: Call OpenSSL thread cleanup for Windows and Cygwin
- Call OPENSSL_thread_stop on thread termination (DLL_THREAD_DETACH)
to prevent a memory leak in case OpenSSL is linked statically.
- Warn in libcurl-thread.3 that if OpenSSL is linked statically then it
may require thread cleanup.
OpenSSL may need per-thread cleanup to stop a memory leak. For Windows
and Cygwin if libcurl was built as a DLL then we can do that for the
user by calling OPENSSL_thread_stop on thread termination. However, if
libcurl was built statically then we do not have notification of thread
termination and cannot do that for the user.
Also, there are several other unusual cases where it may be necessary
for the user to call OPENSSL_thread_stop, so in the libcurl-thread
warning I added a link to the OpenSSL documentation.
Co-authored-by: Viktor Szakats Reported-by: southernedge@users.noreply.github.com Reported-by: zmcx16@users.noreply.github.com
Ref: https://www.openssl.org/docs/man3.0/man3/OPENSSL_thread_stop.html#NOTES
Jan Venekamp [Tue, 23 Apr 2024 15:59:46 +0000 (17:59 +0200)]
rustls: remove incorrect SSLSUPP_TLS13_CIPHERSUITES flag
The rustls backend advertises SSLSUPP_TLS13_CIPHERSUITES, but
the code does not actually seem to support it (yet?). Removed
the flag and corrected documentation.
tool_operate: don't truncate the etag save file by default
This fixes a regression of 75d79a4486b279100209ddf8c7fdb12955fb66e9. The
code in tool-operate truncated the etag save file, under the assumption
that the file would be written with a new etag value. However since 75d79a4486b279100209ddf8c7fdb12955fb66e9 that might not be the case
anymore and could result in the file being truncated when --etag-compare
and --etag-save was used and that the etag value matched with what the
server responded. Instead the truncation should not be done when a new
etag value should be written.
Test 3204 was added to verify that the file with the etag value doesn't
change the contents when used by --etag-compare and --etage-save and
that value matches with what the server returns on a non 2xx response.
Stefan Eissing [Thu, 18 Apr 2024 21:24:34 +0000 (23:24 +0200)]
http2 + ngtcp2: pass CURLcode errors from callbacks
- errors returned by Curl_xfer_write_resp() and the header variant are
not errors in the protocol. The result needs to be returned on the
next recv() from the protocol filter.
- make xfer write errors for response data cause the stream to be
cancelled
- added pytest test_02_14 and test_02_15 to verify that also for
parallel processing
Daniel Stenberg [Fri, 19 Apr 2024 08:27:04 +0000 (10:27 +0200)]
http: reject HTTP major version switch mid connection
A connection that has seen an HTTP major version now refuses any other
major HTTP version in future responses. Previously, a HTTP/1.x
connection would just silently accept HTTP/2 or HTTP/3 in the status
lines as long as it had support for those built-in. It would then just
lead to confusion and badness.
Indirectly Spotted by CodeSonar which identified a duplicate assignment
in this function.
Daniel Stenberg [Fri, 19 Apr 2024 07:32:23 +0000 (09:32 +0200)]
mqtt: when Curl_xfer_recv returns error, don't use nread
A returned error code makes other return value unreliable, and in this
case potentially uninitialized. On error, do not read other return
values like the nread counter.
Daniel Stenberg [Fri, 19 Apr 2024 07:13:42 +0000 (09:13 +0200)]
ftp: fix socket leak on rare error
In the function AcceptServerConnect() the newly created socket would
leak if Curl_conn_tcp_accepted_set() returns error. Which basically
should never happen.
Daniel Stenberg [Wed, 17 Apr 2024 09:39:25 +0000 (11:39 +0200)]
urlapi: add CURLU_GET_EMPTY for empty queries and fragments
By default the API inhibits empty queries and fragments extracted.
Unless this new flag is set.
This also makes the behavior more consistent: without it set, zero
length queries and fragments are considered not present in the URL. With
the flag set, they are returned as a zero length strings if they were in
fact present in the URL.
This applies when extracting the individual query and fragment
components and for the full URL.
Daniel Stenberg [Wed, 17 Apr 2024 08:42:28 +0000 (10:42 +0200)]
urlapi: fix relative redirects to fragment-only
Using the URL API for a redirect URL when the redirected-to string
starts with a hash, ie is only a fragment, the API would produce the
wrong final URL.
Adjusted test 1560 to test for several new redirect cases.
Stefan Eissing [Wed, 27 Mar 2024 14:01:06 +0000 (15:01 +0100)]
http/2, http/3: decouple stream state from easy handle
- add `Curl_hash_offt` as hashmap between a `curl_off_t` and
an object. Use this in h2+h3 connection filters to associate
`data->id` with the internal stream state.
- changed implementations of all affected connection filters
- removed `h2_ctx*` and `h3_ctx*` from `struct HTTP` and thus
the easy handle
- solves the problem of attaching "foreign protocol" easy handles
during connection shutdown
idn: add native AppleIDN (icucore) support for macOS/iOS
I implemented the IDN functions for macOS and iOS using Unicode
libraries coming with macOS and iOS.
Builds and runs here on macOS 14.2.1. Also verified to load and
run on older macOS version 10.13.
Build requires macOS SDK 13 or equivalent.
Set `-DUSE_APPLE_IDN=ON` CMake option to enable it.
With autotools and other build tools, set these manual options:
```
CPPFLAGS=-DUSE_APPLE_IDN
LIBS=-licucore
```
Completes TODO 1.6.
TODO: add autotools option and feature-detection.
Refs: #5330 #5371 Co-authored-by: Viktor Szakats
Closes #13246
Stefan Eissing [Mon, 15 Apr 2024 12:34:32 +0000 (14:34 +0200)]
http3: extend download abort tests, fixes in ngtcp2
- fix flow handling in ngtcp2 to ACK data on streams
we abort ourself.
- extend test_02_23* cases to also run for h3
- skip test_02_23* for OpenSSL QUIC as it gets stalled
on progressing the connection
Viktor Szakats [Sat, 13 Apr 2024 09:51:36 +0000 (09:51 +0000)]
openvms: look for `USE_IPV6` in `config.h` (was: `ENABLE_IPV6`)
The OpenVMS script `config_h.com` is parsing the config header
generated by autotools. Let's make it look for the macro name we now
use universally across the codebase.
Viktor Szakats [Mon, 15 Apr 2024 18:39:15 +0000 (18:39 +0000)]
mbedtls: fix building with v3 in CMake Unity mode
Before this patch the internal feature detection macro
`HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS` was defined in three files,
with an incomplete logic in one of them. In Unity mode that spilled
into another source file and broke the build.
Daniel Stenberg [Fri, 5 Apr 2024 11:07:16 +0000 (13:07 +0200)]
multi: introduce SETUP state for better timeouts
Since we can go to the CONNECT state from PENDING, potentially multiple
times for a single transfer, this change introdues a SETUP state that
happens before CONNECT when doing a new transfer.
Now, doing a redirect on a handle goes back to SETUP (not CONNECT like
before) and we initilize the connect timeout etc in SETUP. Previously,
we would do it in CONNECT but that would make it unreliable in cases
where a transfer goes in and out between CONNECT and PENDING multiple
times.
SETUP is transient, so the handle never actually stays in that state.
Additionally: take care of timeouts of PENDING transfers in
curl_multi_perform()
docs: clarify CURLOPT_MAXFILESIZE and CURLOPT_MAXFILESIZE_LARGE
The bounds of the size parameter were not specified, and nor was it
specified how to disable the maximum file size check.
The documentation also incorrectly stated that CURLOPT_MAXFILESIZE
always returns CURLE_OK and that CURLOPT_MAXFILESIZE_LARGE only returns
CURLE_OK or CURLE_UNKNOWN_OPTION.
It also did not mention what the default value is, which is zero. This
commit updates the documentation to make note of all these things.
Daniel Stenberg [Thu, 4 Apr 2024 09:14:44 +0000 (11:14 +0200)]
multi: timeout handles even without connection
When there is a "change" in a multi handle and pending handles are moved
back to the main list to be retested if they can proceed further (for
example a previous transfer completed or a connection has a confirmed
multiplexed state), the timeout check in multi_runsingle() would not
trigger because it required an established connection.
This could make a pending tranfer go back to pending state even though
it had been "in progress" for a longer time than permitted. By removing
the requirement for an associated connection, the timeout check will be
done proper even for transfers that has not yet been assigned one.
Ref #13227 Reported-by: Rahul Krishna M
Closes #13276
Patrick Monnerat [Sun, 14 Apr 2024 12:20:28 +0000 (14:20 +0200)]
mprintf: check fputc error rather than matching returned character
OS/400 ascii fputc wrapper deviates from the posix standard by the
fact that it returns the ebcdic encoding of the original ascii
character. Testing for a matching value for success will then always
fail.
This commit replaces the chariacter comparison by an explicit error
return check.
Viktor Szakats [Sat, 13 Apr 2024 10:42:34 +0000 (10:42 +0000)]
ci: add CMake build variation, fixup libssh detection in `linux-old`
To test without c-ares and hit `easy_lock.h` on an old system. Use this
new build step to introduce small variations, and also test libssh2.
Also add workaround to existing job to enable libssh. (CMake's generic
auto-detection doesn't seem to work here.):
```
CMake Warning at CMakeLists.txt:908 (find_package):
Could not find a package configuration file provided by "libssh" with any
of the following names:
Viktor Szakats [Thu, 11 Apr 2024 16:35:08 +0000 (16:35 +0000)]
lib: merge `ENABLE_QUIC` C macro into `USE_HTTP3`
Before this patch `lib/curl_setup.h` defined these two macros right
next to each other, then the source code used them interchangeably.
After this patch, `USE_HTTP3` guards all HTTP/3 / QUIC features.
(Like `USE_HTTP2` does for HTTP/2.) `ENABLE_QUIC` is no longer used.
This patch doesn't change the way HTTP/3 is enabled via autotools
or CMake. Builders who enabled HTTP/3 manually by defining both of
these macros via `CPPFLAGS` can now delete `-DENABLE_QUIC`.
Before this patch, two macros were used to guard IPv6 features in curl
sources: `ENABLE_IPV6` and `USE_IPV6`. This patch makes the source use
the latter for consistency with other similar switches.
`-DENABLE_IPV6` remains accepted for compatibility as a synonym for
`-DUSE_IPV6`, when passed to the compiler.
`ENABLE_IPV6` also remains the name of the CMake and `Makefile.vc`
options to control this feature.
docs: add CURLOPT_NOPROGRESS to CURLOPT_XFERINFOFUNCTION example
It's important to set `CURLOPT_NOPROGRESS` to `0` if you want your
transfer callback function, set by `CURLOPT_XFERINFOFUNCTION`, getting
called. To emphasize this to the users, add this to the code example.
Limited to x64, because for build testing the additional CPUs don't add
much value compared to the extra build time. They can be enabled easily
if deemed useful.
To the extent of curl-for-win configuration options, it's trivial to add
further build combinations.