Viktor Szakats [Fri, 22 Aug 2025 21:55:47 +0000 (23:55 +0200)]
asyn-thrdd: fix no `HAVE_GETADDRINFO` builds
mingw32ce, CM 4.4.0-arm schannel:
```
lib/asyn-thrdd.c: In function 'gethostbyname_thread':
lib/asyn-thrdd.c:349: error: too many arguments to function 'async_thrd_cleanup'
```
Ref: https://github.com/curl/curl/actions/runs/17158865566/job/48682687295?pr=18039#step:9:21
Viktor Szakats [Fri, 22 Aug 2025 14:42:06 +0000 (16:42 +0200)]
openssl: drop more legacy cruft
- drop `ALLOW_RENEG` undocumented (insecure) build-time option.
- drop unnecessary check for `OPENSSL_VERSION_NUMBER`.
It's present in all supported OpenSSL versions and forks.
Stefan Eissing [Fri, 22 Aug 2025 13:24:04 +0000 (15:24 +0200)]
asyn-thrdd: manage DEFERRED and locks better
- cancel thread waits until thread start is at least 5ms in the past
to give it some time to get its cancellation setup in place
- cancel thread without holding the mutex. It's supposed to be an
async operation, but better be safe
- set DEFERRED cancel state explicitly, should be default in a pthread,
but better be safe
- assume:
- `BIO_CTRL_EOF`
- `SSL_CTRL_SET_MSG_CALLBACK`
- `SSL_CTRL_SET_MSG_CALLBACK`
- `SSL_CTRL_SET_TLSEXT_HOSTNAME`
- `SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER`
- `SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS`
- `SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG`
- `SSL_OP_NO_COMPRESSION`
- `SSL_OP_NO_TICKET`
- `X509_V_FLAG_PARTIAL_CHAIN`
- `X509_V_FLAG_TRUSTED_FIRST`
They are present in all supported OpenSSL (and fork) versions.
- replace `SSL_ERROR_WANT_EARLY` with `SSL_ERROR_WANT_CLIENT_HELLO_CB`.
The former appeared in OpenSSL 1.1.1-dev, but renamed before
the stable release.
- document support for macros:
- `ENGINE_CTRL_GET_CMD_FROM_NAME`
- `SSL_ERROR_WANT_ASYNC_JOB`
- `SSL_ERROR_WANT_ASYNC`
- `SSL2_VERSION_MAJOR`
- `TLS1_3_VERSION`
- drop legacy fallback for `CONF_MFLAGS_DEFAULT_SECTION`.
It was there for OpenSSL 0.9.8 support.
- fix `SSL_CTRL_SET_MSG_CALLBACK` accidentally serving as a guard for
OpenSSL (and forks) as a whole.
Stefan Eissing [Mon, 11 Aug 2025 13:58:11 +0000 (15:58 +0200)]
ares: use `ares_strerror()` to retrieve error messages
Add optional detail to `Curl_resolver_error()` to add to failure message
where available. This makes, for c-ares, the reason for a failed
resource available to the user without extra trace config.
When "dns" tracing enabled, print the c-ares server config at the start
of a resolve.
Stefan Eissing [Thu, 21 Aug 2025 19:50:20 +0000 (21:50 +0200)]
asyn-thrdd: remove condition variable
Add a flag `thrd_don` to assess if the resolving thread has finished and
only destroy the context when *both* ref_count reaches 0 and thrd_done
is true.
Stefan Eissing [Thu, 21 Aug 2025 19:19:27 +0000 (21:19 +0200)]
asyn-thrdd: use condition var more carefully
When the thread started is too fast, the signal will come before the
wait. Add an additional check before the wait to catch the thread
having started or already ended.
Viktor Szakats [Wed, 20 Aug 2025 18:29:20 +0000 (20:29 +0200)]
runtests: replace `--ci` with `--buidinfo`, show OS/Perl version again
I figure OS/Perl version may be useful to see in local runs,
and also in CI runs where `--ci` was not set:
https://curl.se/dev/log.cgi?id=20250820041228-707387#prob1
Also, only show a message if the `diff` tool is missing.
Viktor Szakats [Wed, 20 Aug 2025 09:04:18 +0000 (11:04 +0200)]
GHA/http3-linux: test non-unity, and more cmake
Reshuffle HTTP/3 jobs to:
- test all backends with cmake too. Adding 4 jobs.
- build all backends in non-unity mode too.
Either with autotools or cmake.
- run tests once for each backend
Either with autotools or cmake, with a preference for cmake to finish
faster.
- drop building examples. There is nothing HTTP/3-specific in examples,
and they are already built in GHA/linux.
- de-dupe some shared settings.
Stefan Eissing [Wed, 20 Aug 2025 13:48:20 +0000 (15:48 +0200)]
threaded-resolver: fix shutdown
Changed strategy to start up and terminate resolver thread.
When starting up:
Start the thread with mutex acquired, wait for signal from thread that
it started and has incremented the ref counter. Thread set
pthread_cancel() to disabled before that and only enables cancelling
during resolving itself. This assure that the ref counter is correct and
the unlinking of the resolve context always happens.
When shutting down resolving:
If ref counting shows thread has finished, join it, free everything. If
thread has not finished, try pthread_cancel() (non Windows), but keep
the thread handle around.
When destroying resolving:
Shutdown first, then, if the thread is still there and 'quick_exit' is
not set, join it and free everything. This might occur a delay if
getaddrinfo() hangs and cannot be interrupted by pthread_cancel().
Destroying resolving happens when another resolve is started on an
easy handle or when the easy handle is closed.
Add test795 to check that connect timeout triggers correctly
when resolving is delayed. Add debug env var `CURL_DNS_DELAY_MS`
to simulate delays in resolving.
Fix test1557 to set `quick_exit` and use `xxx.invalid` as domain
instead of `nothing` that was leading to hangers in CI.
Also:
- drop a stray `</file>`.
- replace a `nothing` with a guaranteed invalid hostname.
Ref: https://github.com/curl/curl/pull/18263/commits/4334033b43acca9b01ba43e08e611c8654feb84d
- replace unused URLs with `-`.
Stefan Eissing [Tue, 19 Aug 2025 13:46:34 +0000 (15:46 +0200)]
ares: handle channel being destroyed early
We are destroying the ares channel already when we shutdown
resolving. Querying the pollset afterwards is still happening,
especially in event based processing and needs to work in the
absence of a channel.
Fixes #18317 Reported-by: Natris on github
Closes #18318
Viktor Szakats [Mon, 18 Aug 2025 08:28:42 +0000 (10:28 +0200)]
processhelp.pm: use `Win32::Process*` perl modules if available
`Win32::Process::List` and `Win32::Process`.
To replace external calls to `tasklist.exe` and `taskkill.exe`.
The perl modules are wrappers/binding to Win32 API calls. They avoid
launching external processes with a command shell (including MSYS2),
the external tool, and creating command-lines and parsing tool output.
According to local tests and the CI, one test session calls
`tasklist.exe` 350-400 times. `taskkill.exe` is rarely called:
https://github.com/curl/curl/actions/runs/17012376726?pr=18296
It's hard to predict any possible side-effect of dynamically loading
the two necessary, module DLLs into the Perl process. The MSYS2 runtime
if prone to fail when doing this in fork operations, as seen earlier
with the Win32.DLL module. But, is looks like a symptom, not the root
cause for these failures, because the failures are present with or
without perl.exe loading the Win32.DLL.
Ref: be01b60ce532af6eb18c11fbd565355dbb570a2e #18287
Viktor Szakats [Sun, 17 Aug 2025 08:46:22 +0000 (10:46 +0200)]
GHA/windows: switch from MSBuild to Ninja for MSVC jobs running tests
This patch fixes flakiness caused by MSBuild scanning the runtests.pl
output for regex patterns. When finding a hit, it returns an error code
to cmake, making the build test CI step fail. This happens rarely after
an earlier mitigation tweaking outputs, but, as expected, it did not
resolve it completely.
MSBuild doesn't have an option to disable this behavior. To fix, this
patch migrates the two affected jobs from MSBuild to Ninja. To align
with existing multi-config logic, it uses the `Ninja Multi-Config`
generator, which hasn't been tested before in CI.
Switching to Ninja was not trivial. Visual Studio to this day relies on
an MS-DOS batch file stored at an unstable location (containing spaces
and parenthesis), to initialize its environment. Without this env,
`cl.exe` is unable to find its own components. GHA does not initialize
it (even if it did, it could only default to a single specific target).
CMake helps with this when using a Visual Studio generator, but doesn't
when using Ninja. (On local machines the VS installer adds a couple
of Start menu items for launching pre-configured command prompts.)
The MS-DOS batches don't integrate well with CI envs and even less so
with shell scripts. To avoid it, this patch uses manual configuration.
Also without using environment variables, to make it easy to use and
easy to debug and trace in logs. Configuring Visual Studio is relatively
stable across releases and hasn't changed a whole lot in the last 2
decades, but still may need more maintenance compared to llvm, or pretty
much any other toolchain out there. On the upside, it allows to manually
select compiler version, SDK version, cross-combinations, and allows
choosing clang-cl. The configuration aims to find the latest of these
automatically.
Some traps that had to be avoided:
- need to switch to MS-DOS short names to avoid spaces in the VS
component paths.
- need to switch to forward slashes to avoid confusing downstream tools
with backslashes.
- need to pass either MSYS2 for Windows-style path depending on setting.
- need to use a trick to retrieve the oddly named `ProgramFiles(x86)`
Windows env from shell script.
- need to match VS version (2022) and edition (Enterprise), found on GHA
runners.
- need to pass the CMake generator via env so that the space in the name
doesn't trip the shell when passed via a variable.
- trash and unexpected dirs when detecting SDK/toolchain versions.
- need to pass `-external:W0` to the C compiler to avoid MSVC warning:
`D9007: '/external:I' requires '/external:W'; option ignored`
- using cmake options only, to make it run without relying on envs and
work out-of-the-box when running subsequent cmake sessions.
- some others discovered while making work clang-cl locally in
cross-builds.
Ninja also improves performance in most cases (though wasn't a goal
here). After this patch configure is significantly faster (1.5-2x),
builds are a tiny bit faster, except examples which was twice as fast
with MSBuild. Disk space use is 10% lower.
MSBuild builds remain tested in AppVeyor CI and the UWP job.
David Zhuang [Wed, 6 Aug 2025 00:45:06 +0000 (17:45 -0700)]
ngtcp2: use custom mem funcs
Pass curl's memory functions to the nghttp3 and ngtcp2 functions that
allow them. This allows custom memory functions passed by the curl user
to be used in nghttp3 and ngtcp2.
Daniel Stenberg [Mon, 18 Aug 2025 07:54:50 +0000 (09:54 +0200)]
asyn-thrdd: fix Curl_async_pollset without socketpair
- remove a superfluous if()
- edit the #ifdef to only do the timeout checks when socketpair support
is missing, as that code flow could not be reached otherways anyway
CodeSonar pointed out possible issue that led me to see this.
Stefan Eissing [Thu, 14 Aug 2025 12:12:54 +0000 (14:12 +0200)]
openssl: auto-pause on verify callback retry
When an application install its own OpenSSL verify callback and that
callback invokes `SSL_set_retry_verify()`, the transfer is automatically
paused and does not progress the connect attempt any further until
unpaused via `curl_easy_pause().
Added test758 to verify.
Ref: #18284
Original PR by @Natris
Bug: https://curl.se/mail/lib-2025-08/0012.html
Closes #18288
Viktor Szakats [Thu, 14 Aug 2025 14:45:15 +0000 (16:45 +0200)]
GHA/linux: try improving valgrind job times with cmake
Make the:
- mbedTLS valgrind job finish under 14m, vs 15m before.
- OpenSSL -O3 valgrind job finish in 14m30, vs 16m17.
- OpenSSL libssh2 valgrind job finish in 16m, vs 17m30.
- long valgrind rustls job finish 1 minute earlier, in return
for spending 30s more on the other rustls job.
Keep using autotools for the less slow valgrind job to test this combo.
Viktor Szakats [Thu, 14 Aug 2025 11:36:04 +0000 (13:36 +0200)]
runtests: assume `Time::HiRes`, drop Perl Win32 dependency
`Time::HiRes` was already used unconditionally before this patch in
`servers.pm`. This package, and functions used by runtests (`sleep` and
`gettimeofday`) are supported by the minimum Perl version required for
curl:
https://perldoc.perl.org/5.8.0/Time::HiRes
- Drop the `portable_sleep()` wrapper in favor of `Time::HiRes::sleep()`.
- Use `Time::HiRes` unconditionally in `serverhelp.pm`.
- Stop using the `Win32` package where available. It was included
to provide a Windows fallback for `Time::HiRes::sleep()`. It was never
actually called, but the dependency may have loaded `Win32.dll`, which
often appears in failed fork operations in GHA logs.
Ref: a6fed41f6f12f3b71cfe85609f02a294b972d3d3 #5054 #5034
Ref: https://github.com/curl/curl/discussions/14854
Viktor Szakats [Wed, 13 Aug 2025 08:20:10 +0000 (10:20 +0200)]
mbedtls: check for feature macros instead of version
Drop three interim macros and mbedTLS version checks in favor of feature
macros defined by mbedTLS itself.
These mbedTLS features require mbedTLS 3.6.0/3.6.1 for production.
Earlier versions may have partial/experimental support for them,
disabled by default and (AFAICS) without documented build options
to enable them.
One feature guard already used the native macro instead of the interim
one before this patch. (`MBEDTLS_SSL_SESSION_TICKETS`)
Viktor Szakats [Fri, 8 Aug 2025 22:45:34 +0000 (00:45 +0200)]
openssl: save and restore OpenSSL error queue in two functions
After merging #18228, I reviewed whether the clearing of the error queue
may interfere with preceding code. Turns out there may be a preceding
`SSL_Connect()` call.
This patch replaces the previous fix of clearing the error queue with
saving and restoring it in two functions which may be called between
the connect call and the `SSL_get_error()` call following it:
- `ossl_log_tls12_secret()`
- `Curl_ssl_setup_x509_store()`
The `ERR_set_mark()`, `ERR_pop_to_mark()` functions are present in all
supported OpenSSL and LibreSSL versions. Also in BoringSSL since its
initial commit.
OpenSSL may modify its error queue in all API calls that can fail.
Thanks-to: Viktor Dukhovni
Ref: https://github.com/curl/curl/issues/18190#issuecomment-3167702142
Ref: https://github.com/curl/curl/issues/18190#issuecomment-3169211739
Ref: https://github.com/curl/curl/issues/18190#issuecomment-3169988050
Viktor Szakats [Wed, 13 Aug 2025 13:14:31 +0000 (15:14 +0200)]
GHA/linux: fix thread sanitizer error output
Replace autotools with cmake to avoid libtool wrappers that are changing
`LD_LIBRARY_PATH` in a way incompatible with the thread sanitizer.
To fix the output when the sanitizier is finding something:
```
==51718==WARNING: Can't write to symbolizer at fd 7
/usr/bin/llvm-symbolizer-18: /home/runner/work/curl/curl/bld/lib/.libs/libcurl.so.4: no version information available (required by /usr/bin/llvm-symbolizer-18)
/usr/bin/llvm-symbolizer-18: symbol lookup error: /home/runner/openssl/lib/libcrypto.so.3: undefined symbol: __tsan_func_entry
```
Ref: https://github.com/curl/curl/actions/runs/16911402500/job/47913783729#step:39:4466
Also:
- disable memory tracker which turned out to be incompatible with
the thread sanitizer and detaching threads.
Ref: #18263 and #curl IRC.
- the job is ~30 seconds faster after this patch.
Viktor Szakats [Tue, 12 Aug 2025 07:58:13 +0000 (09:58 +0200)]
URL-SYNTAX.md: drop link to codepoints.net to pass linkcheck
The link works in a browser, but started failing the `mdlinkcheck` test:
```
check https://codepoints.net/U+00DF
FAIL
docs/URL-SYNTAX.md:199 ERROR links to missing URL https://codepoints.net/U+00DF
```
Ref: https://github.com/curl/curl/actions/runs/16902543407/job/47884625446?pr=18254#step:3:22
Dan Fandrich [Mon, 11 Aug 2025 20:36:22 +0000 (13:36 -0700)]
CI: update libstdc++ for linux-old build
actions/checkout@v5 requires a newer libstdc++ than the container
contains. Update it to a backwards-compatible version just like we
already do for libc6.
Stefan Eissing [Tue, 8 Jul 2025 07:15:43 +0000 (09:15 +0200)]
websocket: support CURLOPT_READFUNCTION
Add support for CURLOPT_READFUNCTION with WebSocket urls when *not* in
connect-only mode, e.g. when using curl_multi_perform.
Install the callback function and set CURLOPT_UPLOAD. Return
CURL_READFUNC_PAUSE when having nothing more to send and unpause the
transfer when more data is ready.
This will send the read bytes in a WebSocket BINARY frame.
Add support for this mode in the pytest "ws_data" client and have all
tests run in 'curl_ws_send/recv' and 'peform' mode as well.
Add `curl_ws_start_frame()`. Document, cover in libcurl-ws.md and
explain the READFUNCTION mode for websockets.
Stefan Eissing [Mon, 11 Aug 2025 09:39:03 +0000 (11:39 +0200)]
resolving: dns error tracing
* Add more tracing information to c-ares errors.
* remove CURL_ASYNC_SUCCESS, rename `ares->last_status` to
`ares->ares_status`. Give trace explanation for "common"
errors
* add ares "csv" information to tracing on failure
* DoH: invoke `Curl_resolver_error()` on failure to populate
error buf
projects / thirdparty / curl.git / log
