Viktor Szakats [Fri, 13 Feb 2026 00:47:10 +0000 (01:47 +0100)]
tidy-up: miscellaneous
- vms/curlmsg_vms.h: delete unused/commented code.
- vtls/schannel_verify: sort includes.
- typecheck-gcc.h: fix indent and alignment.
- lib/config-win32.h: drop idle `#undef`.
- spacecheck: check for stray empty lines before after curly braces.
- make literals more readable: 1048576 -> 1024 * 1024
- scope variables.
- use ISO date in a comment.
- drop redundant parentheses.
- drop empty comments.
- unfold lines.
- duplicate/stray spaces in comments.
- fix indent, whitespace, minor typos.
Viktor Szakats [Thu, 19 Feb 2026 17:10:58 +0000 (18:10 +0100)]
openssl: fix potential NULL dereference when loading certs (Windows)
This could happen if the first cert to be loaded missed EKU (Enhanced
Key Usage) data, when using native CA on Windows.
Fix by skipping certs without Enhanced Key Usage data.
Detected by clang-tidy:
```
lib/vtls/openssl.c:2922:15: warning: Access to field 'cUsageIdentifier'
results in a dereference of a null pointer (loaded from variable
'enhkey_usage') [clang-analyzer-core.NullDereference]
2922 | if(!enhkey_usage->cUsageIdentifier) {
| ^
```
Daniel Stenberg [Tue, 24 Feb 2026 10:01:35 +0000 (11:01 +0100)]
setopt: refuse blobs with zero length
A blob must have a length or it will not be accepted. By enforcing the
check here, TLS backend code can rely on the fact that the length is
always non-zero from this point.
Viktor Szakats [Wed, 18 Feb 2026 23:44:43 +0000 (00:44 +0100)]
lib: use lib source directory as base include path
Backtrack on previous change that aimed to solve the wrong `share.h`
being included. It turns out it did not fix this issue. At the same time
it introduced relative header filenames and the need to include the same
headers differently depending on the source files' location, reducing
readability and editability.
Replace this method by re-adding curl's lib source directory to the
header path and addressing headers by the their full, relative name to
that base directory. Aligning with this method already used in src and
tests.
With these advantages:
- makes includes easier to read, recognize, grep, sort, write, and copy
between sources,
- syncs the way these headers are included across curl components,
- avoids the ambiguity between system `schannel.h`, `rustls.h` vs.
local headers using the same names in `lib/vtls`,
- silences clang-tidy `readability-duplicate-include` checker, which
detects the above issue,
Ref: https://clang.llvm.org/extra/clang-tidy/checks/readability/duplicate-include.html
- possibly silences TIOBE coding standard warnings:
`6.10.2.a: Don't use relative paths in #include statements.`
- long shot: it works well with concatenated test sources, for
clang-tidy-friendly custom unity builds. Ref: #20667
Slight downside: it's not enforced.
If there happens to be a collision between a local `lib/*.h` header and
a system one, the solution is to rename (possibly with its `.c`
counterpart) into the `curl_` namespace. This is also the method used by
curl in the past.
Also:
- curlx/inet_pton: reduce scope of an include.
- toolx/tool_time: apply this to an include, and update VS project
files accordingly. Also dropping unnecessary lib/curlx header path.
- clang-tidy: enable `readability-duplicate-include`.
Viktor Szakats [Mon, 23 Feb 2026 12:32:52 +0000 (13:32 +0100)]
cmake: add C++ integration test
Also:
- include code to verify a C++-specific public header regression
reported in 8.19.0-rc2.
- curl/curl.h: mention C++ global namespace in comment.
- GHA/dist: add CI job for C++. Runtime: 15 seconds.
Viktor Szakats [Mon, 23 Feb 2026 11:00:18 +0000 (12:00 +0100)]
curl/curl.h: revert to recursive macros to keep supporting C++ use-case
To avoid breaking 3rd-party code reusing these symbols as C++ methods,
e.g. in CMake sources:
```
cmake/src/v4.0.0-b30653ae0c.clean/Source/cmCurl.cxx:119:24: error: expected unqualified-id
119 | ::CURLcode res = ::curl_easy_setopt(curl, CURLOPT_CAINFO, cafile.c_str());
| ^
```
Viktor Szakats [Sun, 22 Feb 2026 01:18:49 +0000 (02:18 +0100)]
tests/server: silence clang-tidy warning
It looks like a case that can never happen in practice.
Seen on mingw-w64 with experimental concatenated (vs. #included) test
sources:
```
tests/server/util.c:662:16: error: Null pointer passed as 1st
argument to string length function [clang-analyzer-unix.cstring.NullArg]
662 | size_t len = strlen(unix_socket);
| ^
```
Ref: https://github.com/curl/curl/actions/runs/22267482855/job/64416261156#step:10:273
Viktor Szakats [Sun, 22 Feb 2026 10:41:49 +0000 (11:41 +0100)]
cmake: force-disable unity for clang-tidied build targets only
Instead of globally disabling unity for all targets when clang-tidy is
enabled.
After this patch `CMAKE_UNITY_BUILD=ON` is honored for:
- static libcurl when building both static and shared separately.
- libcurlu and libcurltool internal libraries when building the test
target.
While keeping unity disabled for the libcurl build pass running
clang-tidy, and the curl tool, also running clang-tidy.
To make clang-tidy-enabled builds finish faster when unity mode is
enabled, yet performs the same clang-tidy checks as before this patch.
Effect on:
- GHA/macos: core build: same, buils tests 5-12 seconds faster,
with steps going down from 259 to 25.
- GHA/windows (not enabled): it'd save about 1 minute, bringing total
time barely below 10m, still one of the slowest jobs overall.
(#20667 is trying a way for 4x speed-up (with a drawback)).
Viktor Szakats [Sun, 22 Feb 2026 13:13:21 +0000 (14:13 +0100)]
cmake: limit clang-tidy to the shared libcurl if static is also built
On platforms that require building static and shared libcurl separately,
after this change clang-tidy is only run on one of them, to reduce build
time by avoiding the double-work. From a clang-tidy standpoint, static
and shared libs are identical.
Except `dllmain.c` on Windows, which is only present in shared. To keep
running it through clang-tidy, prefer the shared library for clang-tidy.
Daniel Stenberg [Sat, 21 Feb 2026 22:16:39 +0000 (23:16 +0100)]
tool: improve config error messaging
- make sure that errors for specific options in config files identify
the file, line number and shows the error about the correct option
- improve some error message wording
- add warning for leading single quote of arguments in config files
(verified in test 1712)
- adjust test error outputs accordingly
test1712 introduces mode=warn
Use the mode="warn" attribute if the output curl warning output, as it
then makes the check without newlines and the prefix to better handle
that the lines may wrap at different points depending on the lengths of
the lines and terminal width.
Also:
- lib/parsedate: avoid relying on side-effect of missing parentheses.
- lib/http: drop redundant parentheses.
- fix cases in headers missed by clang-tidy.
Viktor Szakats [Wed, 18 Feb 2026 14:14:06 +0000 (15:14 +0100)]
clang-tidy: check `misc-header-include-cycle`, fix in internal headers
Also opt-out `curl/curl.h` because it includes `curl/mprintf.h`, which
in turn includes `curl/curl.h` for `CURL_EXTERN`. Not changeable in
public headers to remain compatible. (Somehow only triggered for
examples.)
Viktor Szakats [Wed, 18 Feb 2026 16:46:36 +0000 (17:46 +0100)]
libtests: drop two redundant `memset()`s
Reported by clang-tidy `bugprone-sizeof-expression`.
Silencing:
```
tests/libtest/cli_h2_pausing.c:164:23: warning: suspicious usage of 'sizeof()' on an expression of pointer type [bugprone-sizeof-expression]
164 | memset(&resolve, 0, sizeof(resolve));
| ^
tests/libtest/cli_upload_pausing.c:158:23: warning: suspicious usage of 'sizeof()' on an expression of pointer type [bugprone-sizeof-expression]
158 | memset(&resolve, 0, sizeof(resolve));
| ^
```
Anna Liberty [Thu, 19 Feb 2026 20:23:04 +0000 (12:23 -0800)]
docs: reword explanation of --variable option
Simplify the language expaining the --variable option, reducing
repetition. Also fix some minor grammar issues and makes language for
examples more consistent.
Viktor Szakats [Thu, 19 Feb 2026 17:34:35 +0000 (18:34 +0100)]
tests/server/sockfilt: check for NULL `tv` to silence clang-tidy
A NULL dereference cannot happen with existing use of this code.
linux-mingw, CM clang-tidy:
```
/home/runner/work/curl/curl/tests/server/sockfilt.c:720:24: error: Access
to field 'tv_sec' results in a dereference of a null pointer (loaded from
variable 'tv') [clang-analyzer-core.NullDereference,-warnings-as-errors]
720 | tv->tv_sec = 0;
| ~~ ^
```
Ref: https://github.com/curl/curl/actions/runs/22191200093/job/64179197235?pr=20631#step:10:283
Viktor Szakats [Thu, 19 Feb 2026 23:43:57 +0000 (00:43 +0100)]
clang-tidy: work around clang-tidy <=20 false positive (Windows)
clang-tidy <= v20 (as seen between 18.1.3 and 20.1.2) report
`readability-uppercase-literal-suffix` originating from mingw-w64 system
header `_mingw_mac.h` via `define __MSABI_LONG(x) x ## l`
Triggered by `SOCKENOMEM` (e.g. in tests/server/sockfilt.c):
```
warning: integer literal has suffix 'l', which is not uppercase [readability-uppercase-literal-suffix]
```
Work around by replacing Windows macro `WSA_NOT_ENOUGH_MEMORY`
with its literal value.
Viktor Szakats [Thu, 19 Feb 2026 15:43:08 +0000 (16:43 +0100)]
cmake: improve clang-tidy invocation for tests in cross-builds
By passing to clang-tidy the C compiler with `--target` and sysroot
options, if any.
Fixing (GHA/windows, linux-mingw, CM clang-tidy):
```
lib/curl_setup.h:841:10: error: 'io.h' file not found [clang-diagnostic-error]
841 | #include <io.h>
| ^~~~~~
Found compiler error(s).
FAILED: [code=1] tests/server/CMakeFiles/servers-clang-tidy bld/tests/server/CMakeFiles/servers-clang-tidy
cd tests/server && /usr/bin/clang-tidy --config-file=.clang-tidy.yml
--warnings-as-errors=* --checks=-clang-diagnostic-unused-function first.c getpart.c util.c dnsd.c [...]
-- <-D-options> <-I-options> <cflags>
```
For reference, this is CMake's built-in clang-tidy invocation:
```
/usr/local/bin/cmake -E __run_co_compile --tidy="/usr/bin/clang-tidy;--config-file=.clang-tidy.yml;
--warnings-as-errors=*;--extra-arg-before=--driver-mode=gcc" --source=lib/curl_fopen.c
-- /usr/bin/clang --target=x86_64-w64-mingw32 <-D-options> <-I-options> <cflags>
```
Also:
- bump cmakelint `--max-statements`. Needs 59 after this patch.
- use undocumented CMake variables:
- `CMAKE_C_COMPILE_OPTIONS_TARGET` for `--target=`
- `CMAKE_C_COMPILE_OPTIONS_SYSROOT` for `--sysroot=`
Viktor Szakats [Tue, 17 Feb 2026 23:55:27 +0000 (00:55 +0100)]
clang-tidy: sync argument names in prototype and definition
Discovered with clang-tidy checker
`readability-inconsistent-declaration-parameter-name`.
Also:
- do not enforce the above because of inconsistencies still present
between public API prototypes and definitions. (Also betwen man page
protos, and man page examples, and other parts of the code, e.g.
`easy` vs `curl` vs `d` vs `handle`) Perhaps subject for a future
effort:
https://github.com/curl/curl/actions/runs/22166472728/job/64094691653
- enable and fix `readability-named-parameter` where missing.
Viktor Szakats [Wed, 18 Feb 2026 18:04:12 +0000 (19:04 +0100)]
rtspd: fix to check `realloc()` result
Also enable `bugprone-suspicious-realloc-usage` clang-tidy option
to verify.
Fixing:
```
tests/server/rtspd.c:328:37: error: 'req->rtp_buffer' may be set to null if 'realloc' fails,
which may result in a leak of the original buffer
[bugprone-suspicious-realloc-usage,-warnings-as-errors]
328 | req->rtp_buffer = realloc(req->rtp_buffer,
| ~~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~
```
Viktor Szakats [Wed, 18 Feb 2026 12:21:19 +0000 (13:21 +0100)]
cmake/FindMbedTLS: add workaround for missing static MSVC `mbedcrypto.lib` 4.0.0
Seen with mbedTLS 4.0.0. mbedTLS 4.0.0 renamed `mbedcrypto` lib to
`tfpsacrypto`, while also keeping a copy under the old name to aid
transition. However, this compatibility logic is broken for MSVC static
builds, and the old name missing.
Work around by looking for the new name in the raw detection codepath.
Note that using `pkg-config`-based detection also works as a workaround.
Reported-by: tawmoto on github
Fixes #20616
Ref: https://github.com/Mbed-TLS/mbedtls/blob/v4.0.0/library/CMakeLists.txt#L275-L282
Ref: https://github.com/Mbed-TLS/mbedtls/issues/10605
Viktor Szakats [Sun, 15 Feb 2026 22:58:39 +0000 (23:58 +0100)]
clang-tidy: fixes and improvements
Fix bigger and smaller kinks in how clang-tidy is configured and used.
Sync behavior more between autotools and cmake, lib/src and tests. Bump
clang-tidy minimum version and prepare logic to allow using clang-tidy
to a fuller extent.
- move clang-tidy settings from builds to a new `.clang-tidy.yml`.
To make it easy to see and edit checks at one place. Also to allow
using the `--checks=` option internally to silence tests-specific
checks. (clang-tidy does not support multiple `--check=` options via
the command-line.)
Use explicit `--config-file=` option to point to the configuration.
- .clang-tidy.yml: link to documentation.
- suppress `clang-diagnostic-nullability-extension` due to a false
positive in libtests with `CURL_WERROR=ON` and `PICKY_COMPILER=OFF`.
- .clang-tidy.yml: enable `portability-*`, `misc-const-correctness`.
- drop `--quiet` clang-tidy option by default to make its working a bit
more transparent. The extra output is minimial.
- consistently use double-dashes in clang-tidy command-line options.
Supported by clang-tidy 9.0.0+ (2019-09-19). Before this patch single
and double were used arbitrarily.
- src/tool_parsecfg: silence false positive `clang-analyzer-unix.Stream`.
Seen with clang 18 + clang-tidy 19 and 20 (only with autotools.)
- INTERNALS: require clang-tidy 14.0.0+. For the `--config-file` option.
- INTERNALS: recommend clang-tidy 19.1.0+, to avoid bogus
`clang-analyzer-valist.Uninitialized` warnings. (bug details below)
autotools:
- allow configuring the clang-tidy tool via `CLANG_TIDY` env.
Also to use in GHA to point to a suffixed clang-tody tool.
- fix to pass CFLAGS to lib, src sources.
(keep omitting them when using a non-clang compiler.)
- fix to pass `--warnings-as-errors=*` in quotes to avoid globbing.
cmake:
- fix to not pass an empty `-I` to clang-tidy.
- fix to pass CFLAGS (picky warnings) to clang-tidy for test sources.
(keep omitting them when using a non-clang compiler.)
- fix to disable `clang-diagnostic-unused-function` for test sources.
(tests have static entry points, which trigger this check when
checking them as individidual sources.)
- fix forwarding `CURL_CLANG_TIDYFLAGS` to clang-tidy.
- force disable picky warnings when running clang-tidy with a non-clang
compiler. To not pass these flags when checking lib and src.
CI:
- GHA/linux: avoid clang-tidy bug by upgrading to v19, and drop the
workaround.
- GHA/linux: switch to clang from gcc in the clang-tidy job. Using gcc
doesn't allow passing CFLAGS to clang-tidy, making it less effective.
(My guess this was one factor contributing to this job often missing
to find certain issues compared to GHA/macos.)
I recomment using clang-tidy with a clang compiler, preferably the same
version or one that's compatible. Other cases are best effort, and may
fail if a C flag is passed to clang-tidy that it does not understand.
Picky warnings are mostly omitted when using a non-clang compiler,
reducing its usefulness.
Details and reproducer for the v18 (and earlier) clang-tidy bug,
previously affecting the GHA/linux job:
clang-tidy <=18 emits false warnings way when passing multiple C sources
at once (as done with autotools):
Viktor Szakats [Fri, 13 Feb 2026 16:05:36 +0000 (17:05 +0100)]
build: fix `-Wunused-macros` warnings, and related tidy-ups
- fix internal macro `AN_APPLE_OS` reused between sources without
resetting it. It may potentially have left the system sha256
function unused.
- fix to define `WOLFSSL_OPTIONS_IGNORE_SYS` so that it always applies
to wolfSSL headers, also during feature detection.
- md4, md5, sha256: simplify fallback logic.
- delete 20+ unused macros.
- scope or move macros to avoid `-Wunused-macros` warnings.
- examples: delete unused code.
The warning detects macros defined but not used within the same C
source. It does not warn for macros defined in headers. It also works
with unity builds, but to a lesser extent.
Stefan Eissing [Tue, 17 Feb 2026 08:50:25 +0000 (09:50 +0100)]
easy: reset errorbuf on eyeballing success
Any failf() that fill the errorbuf need to be forgotten once happy
eyeballing finds a succssful winner. Because the errorbuf, once set, is
not overwritten with future error information.
Adds test_05_05 to verify.
Reported-by: Tim Friedrich Brüggemann
Fixes #20608
Viktor Szakats [Sat, 14 Feb 2026 11:03:16 +0000 (12:03 +0100)]
cmake: enable binutils ld workaround for all toolchains at build-time (revert)
The change was valid, but caused an annoying warning with perfectly
working non-binutils ld linkers:
```
ld: warning: ignoring duplicate libraries: 'my/path/usr/local/lib/libcrypto.a'
```
(seen with Apple clang, when using static `libcrypto.a`)
It means that for the binutil ld hack to work at consumption-time, curl
must be built with the same picky binutils (gcc) toolchain.
Viktor Szakats [Sat, 14 Feb 2026 12:30:33 +0000 (13:30 +0100)]
examples/usercertinmem: use modern OpenSSL API, drop mentions of RSA
Replacing API calls deprecated by OpenSSL 3, and also missing
from OpenSSL 3 no-deprecated builds, fixing builds with the latter:
`PEM_read_bio_RSAPrivateKey()`, `RSA_free()`,
`SSL_CTX_use_RSAPrivateKey()`
Also: rename callback to match its `cacertinmem.c` sibling.
Refactor and simplify the Schannel code, primarily by reducing
duplicated buffer-management and credential-setup logic.
- split client certificate selection into get_client_cert() and SSPI
credential acquisition into acquire_sspi_handle()
- introduce a struct sbuffer for encrypted/decrypted buffering
- Add ensure_encoding_size() and ensure_decoding_size() helpers to
centralize buffer growth/realloc decisions
- Tighten variable scopes and tidy indentation/logging in the handshake
and receive/decrypt loops.
- Update comments and adjusts some receive error-condition handling to
better preserve buffered-data behavior.
Viktor Szakats [Thu, 12 Feb 2026 16:59:18 +0000 (17:59 +0100)]
msvc: VS2026: unlock picky warning in cmake, test in CI
Upgrade a GHA/windows job to VS2026 (from VS2022), using a runner image
released a week ago. It also comes with the same Windows SDK as VS2022:
v10.0.26100.0.
The runner image uses Windows 2025 unfortunately, which makes the job
run significantly slower than before this patch:
- configure: 49s -> 1m10s
- build: 3s -> 5s
- install test prereqs: 23s -> 27s
- run tests: 3m18s -> 4m11s
- build examples: 15s -> 25s
It's a shame.
Also:
- cmake: enable picky warnings for VS2026 internal version 19.50.
Build is clean with existing options.
- GHA/windows: make the built-in OpenSSH intall path recognize
the windows-2025-vs2026 image as windows-2025.
- windows-2025-vs2026 is able to load the cached stunnel made on
the windows-2022 runner.
- disk use of the build is almost identical to VS2022.
Viktor Szakats [Thu, 12 Feb 2026 14:21:12 +0000 (15:21 +0100)]
cmake: add `BORINGSSL_VERSION` configuration variable, test in CI
To simplify setting BoringSSL version, using:
`-DBORINGSSL_VERSION=0.20260211.0`
or
`-DBORINGSSL_VERSION=${boringssl_version}`
Previously it could be set via C flags, using complicated shell quotes:
`-DCMAKE_C_FLAGS="-DCURL_BORINGSSL_VERSION=\\\"${boringssl_version}\\\""`
(the C flags method remains, also for autotools)
It'd be nice if BoringSSL published its version not just via
`MODULE.bazel` in its source tree, but from its public headers, to make
these workarounds unnecessary.
projects / thirdparty / curl.git / log
