Daniel Stenberg [Sun, 16 Oct 2022 10:58:55 +0000 (12:58 +0200)]
libssh: if sftp_init fails, don't get the sftp error code
This flow extracted the wrong code (sftp code instead of ssh code), and
the code is sometimes (erroneously) returned as zero anyway, so skip
getting it and set a generic error.
Reported-by: David McLaughlin
Fixes #9737
Closes #9740
Viktor Szakats [Fri, 14 Oct 2022 19:06:37 +0000 (19:06 +0000)]
cmake: set HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID on Windows
`lib/config-win32.h` enables this configuration option unconditionally.
Make it apply to CMake builds as well.
While here, delete a broken check for
`HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID` from `CMakeLists.txt`. This came with
the initial commit [1], but did not include the actual verification code
inside `CMake/CurlTests.c`, so it always failed. A later commit [2]
added a second test, for non-Windows platforms.
Enabling this flag causes test 1056 to fail with CMake builds, as they
do with autotools builds. Let's apply the same solution and ignore the
results here as well.
Viktor Szakats [Fri, 14 Oct 2022 18:19:09 +0000 (18:19 +0000)]
cmake: set HAVE_GETADDRINFO_THREADSAFE on Windows
autotools enables this configuration option unconditionally for Windows
[^1]. Do the same in CMake.
The above will make this work for all reasonably recent environments.
The logic present in `lib/config-win32.h` [^2] has the following
exceptions which we did not cover in this CMake update:
- Builds targeting Windows 2000 and earlier
- MS Visual C++ 5.0 (1997) and earlier
Also make sure to disable this feature when `HAVE_GETADDRINFO` isn't
set, to avoid a broken build. We might want to handle that in the C
sources in a future commit.
Viktor Szakats [Fri, 14 Oct 2022 18:06:30 +0000 (18:06 +0000)]
cmake: sync HAVE_SIGNAL detection with autotools
`HAVE_SIGNAL` means the availability of the `signal()` function in
autotools, while in CMake it meant the availability of that function
_and_ the symbol `SIGALRM`.
The latter is not available on Windows, but the function is, which means
on Windows, autotools did define `HAVE_SIGNAL`, but CMake did not,
introducing a slight difference into the binaries.
This patch syncs CMake behaviour with autotools to look for the function
only.
The logic came with the initial commit adding CMake support to curl, so
the commit history doesn't reveal the reason behind it. In any case,
it's best to check the existence of `SIGALRM` directly in the source
before use. For now, curl builds fine with `HAVE_SIGNAL` enabled and
`SIGALRM` missing.
Viktor Szakats [Fri, 14 Oct 2022 17:31:19 +0000 (17:31 +0000)]
cmake: delete duplicate HAVE_GETADDRINFO test
A custom `HAVE_GETADDRINFO` check came with the initial CMake commit
[1]. A later commit [2] added a standard check for it as well. The
standard check run before the custom one, so CMake ignored the latter.
The custom check was also non-portable, so this patch deletes it in
favor of the standard check.
Daniel Stenberg [Wed, 5 Oct 2022 07:12:39 +0000 (09:12 +0200)]
cookie: reject cookie names or content with TAB characters
TABs in name and content seem allowed by RFC 6265: "the algorithm strips
leading and trailing whitespace from the cookie name and value (but
maintains internal whitespace)"
Cookies with TABs in the names are rejected by Firefox and Chrome.
TABs in content are stripped out by Firefox, while Chrome discards the
whole cookie.
TABs in cookies also cause issues in saved netscape cookie files.
Reported-by: Trail of Bits
URL: https://curl.se/mail/lib-2022-10/0032.html
URL: https://github.com/httpwg/http-extensions/issues/2262
- `HAVE_SIGNAL` has a different meaning in CMake. It's enabled when both
the `signal()` function and the `SIGALRM` macro are found. In
autotools and this header, it means the function only. For the
function alone, CMake uses `HAVE_SIGNAL_FUNC`.
Daniel Stenberg [Thu, 13 Oct 2022 10:00:09 +0000 (12:00 +0200)]
tool_paramhelp: asserts verify maximum sizes for string loading
The two defines MAX_FILE2MEMORY and MAX_FILE2STRING define the largest
strings accepted when loading files into memory, but as the size is
later used as input to functions that take the size as 'int' as
argument, the sizes must not be larger than INT_MAX.
These two new assert()s make the code error out if someone would bump
the sizes without this consideration.
Daniel Stenberg [Thu, 13 Oct 2022 09:30:16 +0000 (11:30 +0200)]
http: try parsing Retry-After: as a number first
Since the date parser allows YYYYMMDD as a date format (due to it being
a bit too generic for parsing this particular header), a large integer
number could wrongly match that pattern and cause the parser to generate
a wrong value.
No date format accepted for this header starts with a decimal number, so
by reversing the check and trying a number first we can deduct that if
that works, it was not a date.
Viktor Szakats [Wed, 12 Oct 2022 14:19:09 +0000 (14:19 +0000)]
tidy-up: delete unused HAVE_STRUCT_POLLFD
It was only defined in `lib/config-win32.h`, when building for Vista.
It was only used in `select.h`, in a condition that also included a
check for `POLLIN` which is a superior choice for this detection and
which was already used by cmake and autotools builds.
Viktor Szakats [Tue, 11 Oct 2022 21:16:00 +0000 (21:16 +0000)]
Makefile.m32: drop CROSSPREFIX and our CC/AR defaults [ci skip]
This patch aimed to fix a regression [0], where `CC` initialization
moved beyond its first use. But, on closer inspection it turned out that
the `CC` initialization does not work as expected due to GNU Make
filling it with `cc` by default. So unless implicit values were
explicitly disabled via a GNU Make option, the default value of
`$CROSSPREFIX` + `gcc` was never used. At the same time the implicit
value `cc` maps to `gcc` in (most/all?) MinGW envs.
`AR` has the same issue, with a default value of `ar`.
We could reintroduce a separate variable to fix this without ill
effects, but for simplicity and flexibility, it seems better to drop
support for `CROSSPREFIX`, along with our own `CC`/`AR` init logic, and
require the caller to initialize `CC`, `AR` and `RC` to the full
(prefixed if necessary) names of these tools, as desired.
We keep `RC ?= windres` because `RC` is empty by default.
Viktor Szakats [Tue, 11 Oct 2022 21:05:44 +0000 (21:05 +0000)]
smb: replace CURL_WIN32 with WIN32
PR #9255 aimed to fix a Cygwin/MSYS issue (#8220). It used the
`CURL_WIN32` macro, but that one is not defined here, while compiling
curl itself. This patch changes this to `WIN32`, assuming this was the
original intent.
Matthias Gatto [Thu, 13 Jan 2022 14:53:52 +0000 (15:53 +0100)]
aws_sigv4: fix header computation
Handle canonical headers and signed headers creation as explained here:
https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
The algo tells that signed and canonical must contain at last host and
x-amz-date.
So we check whatever thoses are present in the curl http headers list.
If they are, we use the one enter by curl user, otherwise we generate
them. then we to lower, and remove space from each http headers plus
host and x-amz-date, then sort them all by alphabetical order.
This patch also fix a bug with host header, which was ignoring the port.
Dustin Howett [Thu, 25 Aug 2022 00:20:43 +0000 (19:20 -0500)]
schannel: when importing PFX, disable key persistence
By default, the PFXImportCertStore API persists the key in the user's
key store (as though the certificate was being imported for permanent,
ongoing use.)
The documentation specifies that keys that are not to be persisted
should be imported with the flag PKCS12_NO_PERSIST_KEY.
NOTE: this flag is only supported on versions of Windows newer than XP
and Server 2003.
--
This is take 2 of the original fix. It extends the lifetime of the
client certificate store to that of the credential handle. The original
fix which landed in 70d010d and was later reverted in aec8d30 failed to
work properly because it did not do that.
Minor changes were made to the schannel credential context to support
closing the client certificate store handle at the end of an SSL session.
Viktor Szakats [Tue, 11 Oct 2022 07:56:01 +0000 (07:56 +0000)]
Makefile.m32: support more options [ci skip]
- Add support for these options:
`-wolfssl`, `-wolfssh`, `-mbedtls`, `-libssh`, `-psl`
Caveats:
- `-wolfssh` requires `-wolfssl`.
- `-wolfssl` cannot be used with OpenSSL backends in parallel.
- `-libssh` has build issues with BoringSSL and LibreSSL, and also
what looks like a world-writable-config vulnerability on Windows.
Consider it experimental.
- `-psl` requires `-idn2` and extra libs passed via
`LIBS=-liconv -lunistring`.
- Detect BoringSSL/wolfSSL and set ngtcp2 crypto lib accordingly.
- Generalize MultiSSL detection.
- Use else-if syntax. Requires GNU Make 3.81 (2006-04-01).
- Document more customization options.
This brings over some configuration logic from `curl-for-win`.
Viktor Szakats [Tue, 11 Oct 2022 07:52:32 +0000 (07:52 +0000)]
cmake: enable more detection on Windows
Enable `HAVE_UNISTD_H`, `HAVE_STRTOK_R` and `HAVE_STRCASECMP` detection
on Windows, instead of having predefined values.
With these features detected correctly, CMake Windows builds get closer
to the autotools and `config-win32.h` ones.
This also fixes detecting `HAVE_FTRUNCATE` correctly, which required
`unistd.h`.
Fixing `ftruncate()` in turn causes a build warning/error with legacy
MinGW/MSYS1 due to an offset type size mismatch. This env misses to
detect `HAVE_FILE_OFFSET_BITS`, which may be a reason. This patch
force-disables `HAVE_FTRUNCATE` for this platform.
Viktor Szakats [Tue, 11 Oct 2022 07:51:33 +0000 (07:51 +0000)]
autotools: allow unix sockets on Windows
Fixes: https://github.com/curl/curl-for-win/blob/73a070d96fd906fdee929e2f1f00a9149fb39239/curl-autotools.sh#L44-L47
On Windows this feature is present, but not the header used in the
detection logic. It also requires an elaborate enabler logic
(as seen in `lib/curl_setup.h`). Let's always allow it and let the
lib code deal with the details.
Daniel Stenberg [Mon, 10 Oct 2022 21:10:52 +0000 (23:10 +0200)]
header.d: add category smtp and imap
They were previously (erroneously) added manually to tool_listhelp.c
which would make them get removed again when the file is updated next
time, unless added correctly here in header.d
Daniel Stenberg [Mon, 10 Oct 2022 09:10:12 +0000 (11:10 +0200)]
curl/get_url_file_name: use libcurl URL parser
To avoid URL tricks, use the URL parser for this.
This update changes curl's behavior slightly in that it will ignore the
possible query part from the URL and only use the file name from the
actual path from the URL. I consider it a bugfix.
"curl -O localhost/name?giveme-giveme" will now save the output in the
local file named 'name'
Martin Ågren [Tue, 11 Oct 2022 05:57:42 +0000 (07:57 +0200)]
docs: fix grammar around needing pass phrase
"You never needed a pass phrase" reads like it's about to be followed by
something like "until version so-and-so", but that is not what is
intended. Change to "You never need a pass phrase". There are two
instances of this text, so make sure to update both.
Petr Štetiar [Mon, 10 Oct 2022 05:36:56 +0000 (07:36 +0200)]
curl-wolfssl.m4: error out if wolfSSL is not usable
When I explicitly declare, that I would like to have curl built with
wolfSSL support using `--with-wolfssl` configure option, then I would
expect, that either I endup with curl having that support, for example
in form of https support or it wouldn't be available at all.
Downstream projects like for example OpenWrt build curl wolfSSL variant
with `--with-wolfssl` already, but in certain corner cases it does fail:
configure:25299: checking for wolfSSL_Init in -lwolfssl
configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip]
In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33,
from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35,
from target-x86_64_musl/usr/include/wolfssl/ssl.h:35,
from conftest.c:47:
target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory
#include <wolfssl/wolfcrypt/sp_int.h>
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
and in the end thus produces curl without https support:
curl: (1) Protocol "https" not supported or disabled in libcurl
So fix it, by making the working wolfSSL mandatory and error out in
configure step when that's not the case:
checking for wolfSSL_Init in -lwolfssl... no
configure: error: --with-wolfssl but wolfSSL was not found or doesn't work
References: https://github.com/openwrt/packages/issues/19005
References: https://github.com/openwrt/packages/issues/19547 Signed-off-by: Petr Štetiar <ynezz@true.cz>
Closes #9682
Paul Seligman [Fri, 7 Oct 2022 11:52:31 +0000 (07:52 -0400)]
ws: minor fixes for web sockets without the CONNECT_ONLY flag
- Fixed an issue where is_in_callback was getting cleared when using web
sockets with debug logging enabled
- Ensure the handle is is_in_callback when calling out to fwrite_func
- Change the write vs. send_data decision to whether or not the handle
is in CONNECT_ONLY mode.
- Account for buflen not including the header length in curl_ws_send
Daniel Stenberg [Wed, 5 Oct 2022 22:49:10 +0000 (00:49 +0200)]
strcase: add and use Curl_timestrcmp
This is a strcmp() alternative function for comparing "secrets",
designed to take the same time no matter the content to not leak
match/non-match info to observers based on how fast it is.
The time this function takes is only a function of the shortest input
string.
Daniel Stenberg [Mon, 3 Oct 2022 15:40:02 +0000 (17:40 +0200)]
websockets: remodeled API to support 63 bit frame sizes
curl_ws_recv() now receives data to fill up the provided buffer, but can
return a partial fragment. The function now also get a pointer to a
curl_ws_frame struct with metadata that also mentions the offset and
total size of the fragment (of which you might be receiving a smaller
piece). This way, large incoming fragments will be "streamed" to the
application. When the curl_ws_frame struct field 'bytesleft' is 0, the
final fragment piece has been delivered.
curl_ws_recv() was also adjusted to work with a buffer size smaller than
the fragment size. (Possibly needless to say as the fragment size can
now be 63 bit large).
curl_ws_send() now supports sending a piece of a fragment, in a
streaming manner, in addition to sending the entire fragment in a single
call if it is small enough. To send a huge fragment, curl_ws_send() can
be used to send it in many small calls by first telling libcurl about
the total expected fragment size, and then send the payload in N number
of separate invokes and libcurl will stream those over the wire.
The struct curl_ws_meta() returns is now called 'curl_ws_frame' and it
has been extended with two new fields: *offset* and *bytesleft*. To help
describe the passed on data chunk when a fragment is delivered in many
smaller pieces.
docs/examples: avoid deprecated options in examples where possible
Example programs targeting a deprecated feature/option are commented with
a warning about it.
Other examples are adapted to not use deprecated options.
Viktor Szakats [Thu, 6 Oct 2022 15:30:13 +0000 (15:30 +0000)]
tidy-up: delete parallel/unused feature flags
Detecting headers and lib separately makes sense when headers come in
variations or with extra ones, but this wasn't the case here. These were
duplicate/parallel macros that we had to keep in sync with each other
for a working build. This patch leaves a single macro for each of these
dependencies:
- Rely on `HAVE_LIBZ`, delete parallel `HAVE_ZLIB_H`.
Also delete CMake logic making sure these two were in sync, along with
a toggle to turn off that logic, called `CURL_SPECIAL_LIBZ`.
Also delete stray `HAVE_ZLIB` defines.
There is also a `USE_ZLIB` variant in `lib/config-dos.h`. This patch
retains it for compatibility and deprecates it.
- Rely on `USE_LIBSSH2`, delete parallel `HAVE_LIBSSH2_H`.
Also delete `LIBSSH2_WIN32`, `LIBSSH2_LIBRARY` from
`winbuild/MakefileBuild.vc`, these have a role when building libssh2
itself. And `CURL_USE_LIBSSH`, which had no use at all.
Also delete stray `HAVE_LIBSSH2` defines.
- Rely on `USE_LIBSSH`, delete parallel `HAVE_LIBSSH_LIBSSH_H`.
Also delete `LIBSSH_WIN32`, `LIBSSH_LIBRARY` and `HAVE_LIBSSH` from
`winbuild/MakefileBuild.vc`, these were the result of copy-pasting the
libssh2 line, and were not having any use.
- Delete unused `HAVE_LIBPSL_H` and `HAVE_LIBPSL`.
Daniel Stenberg [Wed, 5 Oct 2022 22:52:35 +0000 (00:52 +0200)]
CURLOPT_COOKIEFILE: insist on "" for enable-without-file
The former way that also suggested using a non-existing file to just
enable the cookie engine could lead to developers maybe a bit carelessly
guessing a file name that will not exist, and then in a future due to
circumstances, such a file could be made to exist and then accidentally
libcurl would read cookies not actually meant to.
Daniel Stenberg [Thu, 6 Oct 2022 07:07:03 +0000 (09:07 +0200)]
tests/Makefile: remove run time stats from ci-test
The ci-test is the normal makefile target invoked in CI jobs. This has
been using the -r option to runtests.pl since a long time, but I find
that it mostly just adds many lines to the test output report without
anyone caring much about those stats.
tool: avoid generating ambiguous escaped characters in --libcurl
C string hexadecimal-escaped characters may have more than 2 digits.
This results in a wrong C compiler interpretation of a 2-digit escaped
character when followed by an hex digit character.
The solution retained here is to represent such characters as 3-digit
octal escapes.
Exclude linker flags specifying depedency libs and libpaths, when
building against `libcurl.dll`. In such case these options are not
necessary (but may cause errors if not/wrongly configured.)
Also move and reword a comment on `CPPFLAGS` to not apply to
`UNICODE` options. These are necessary for all build targets.
Jay Satiro [Wed, 5 Oct 2022 07:33:39 +0000 (03:33 -0400)]
runtests: fix uninitialized value on ignored tests
- Don't show TESTFAIL message (ie tests failed which aren't ignored) if
only ignored tests failed.
Before:
IGNORED: failed tests: 571 612 1056
TESTDONE: 1214 tests out of 1217 reported OK: 99%
Use of uninitialized value $failed in concatenation (.) or string at
./runtests.pl line 6290.
TESTFAIL: These test cases failed:
After:
IGNORED: failed tests: 571 612 1056
TESTDONE: 1214 tests out of 1217 reported OK: 99%
Jay Satiro [Sun, 2 Oct 2022 21:21:28 +0000 (17:21 -0400)]
cirrus: use make LDFLAGS=-all-static instead of curl_LDFLAGS
- Correct the use of -all-static for static Windows CI builds.
curl_LDFLAGS was removed from the makefile when metalink support was
removed. LDFLAGS=-all-static is passed to make only, because it is not a
valid option for configure compilation tests.
Viktor Szakats [Tue, 4 Oct 2022 19:14:38 +0000 (19:14 +0000)]
Makefile.m32: fix regression with tool_hugehelp [ci skip]
In a recent commit I mistakenly deleted this logic, after seeing a
reference to a filename ending with `.cvs` and thinking it must have
been long gone. Turns out this is an existing file. Restore the rule
and the necessary `COPY` definitions with it.
The restored logic is required for a successful build on a bare source
tree (as opposed to a source release tarball).
Also shorten an existing condition similar to the one added in this
patch.
Viktor Szakats [Tue, 4 Oct 2022 17:09:51 +0000 (17:09 +0000)]
Makefile.m32: deduplicate build rules [ci skip]
After this patch, we reduce the three copies of most `Makefile.m32`
logic to one. This now resides in `lib/Makefile.m32`. It makes future
updates easier, the code shorter, with a small amount of added
complexity.
`Makefile.m32` reduction:
| | bytes | LOC total | blank | comment | code |
|-------------------|-------:|----------:|-------:|---------:|------:|
| 7.85.0 | 34772 | 1337 | 79 | 192 | 1066 |
| before this patch | 17601 | 625 | 62 | 106 | 457 |
| after this patch | 11680 | 392 | 52 | 104 | 236 |
Details:
- Change rules to create objects for the `v*` subdirs in the `lib` dir.
This allows to use a shared compile rule and assumes that filenames
are not (and will not be) colliding across these directories.
`Makefile.m32` now also stores a list of these subdirs. They are
changing rarely though.
- Sync as much as possible between the three `Makefile.m32` scripts'
rules and their source/target sections.
- After this patch `CPPFLAGS` are all applied to the `src` sources once
again. This matches the behaviour of cmake/autotools. Only zlib ones
are actually required there.
- Use `.rc` names from `Makefile.inc` instead of keeping a duplicate.
- Change examples to link `libcurl.dll` by default. This makes building
trivial, even as a cross-build:
`CC=x86_64-w64-mingw32-gcc make -f Makefile.m32`
To run them, you need to move/copy or add-to-path `libcurl.dll`.
You can select static mode via `CFG=-static`.
- List more of the `Makefile.m32` config variables.
- Drop `.rc` support from examples. It made it fragile without much
benefit.
- Include a necessary system lib for the `externalsocket.c` example.
- Exclude unnecessary systems libs when building in `-dyn` mode.
Viktor Szakats [Mon, 3 Oct 2022 19:46:56 +0000 (19:46 +0000)]
Makefile.m32: major rework [ci skip]
This patch overhauls `Makefile.m32` scripts, fixing a list of quirks,
making its behaviour and customization envvars align better with other
build systems, aiming for less code, that is easier to read, use and
maintain.
Details:
- Rename customization envvars:
`CURL_CC` -> `CC`
`CURL_RC` -> `RC`
`CURL_AR` -> `AR`
`CURL_LDFLAG_EXTRAS_DLL` -> `CURL_LDFLAGS_LIB`
`CURL_LDFLAG_EXTRAS_EXE` -> `CURL_LDFLAGS_BIN`
- Drop `CURL_STRIP` and `CURL_RANLIB`. These tools are no longer used.
- Accept `CFLAGS`, `CPPFLAGS`, `RCFLAGS`, `LDFLAGS` and `LIBS` envvars.
- Drop `CURL_CFLAG_EXTRAS`, `CURL_LDFLAG_EXTRAS`, `CURL_RCFLAG_EXTRAS` in
favor of the above.
- Do not automatically enable `zlib` with `libssh2`. `zlib` is optional
with `libssh2`.
- Omit unnecessary `CPPFLAGS` options when building `curl.exe` and
examples.
- Drop support for deprecated `-winssl` `CFG` option. Use `-schannel`
instead.
- Avoid late evaluation where not necessary (`=` -> `:=`).
- Drop support for `CURL_DLL_A_SUFFIX` to override the implib suffix.
Instead, use the standard naming scheme by default: `libcurl.dll.a`.
The toolchain recognizes the name, and selects it automatically when
asking for a `-shared` vs. `-static` build.
- Stop applying `strip` to `libcurl.a`. Follow-up from 16a58e9f93c7e89e1f87720199388bcfcfa148a4. There was no debug info to
strip since then.
- Stop setting `-O3`, `-W`, `-Wall` options. You can add these to
`CFLAGS` as desired.
- Always enable `-DCURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG` with OpenSSL,
to avoid that vulnerability on Windows.
- Add `-lbrotlicommon` to `LIBS` when using `brotli`.
- Do not enable `-nghttp3` without `-ngtcp2`.
- `-ssh2` and `-rtmp` options no longer try to auto-select a TLS-backend.
You need to set the backend explicitly. This scales better and avoids
issues with certain combinations (e.g. `libssh2` + `wolfssl` with no
`schannel`).
- Default to OpenSSL TLS-backend with `ngtcp2`. Possible to override via
`NGTCP2_LIBS`.
- Old, alternate method of enabling components (e.g. `SSH2=1`) no longer
supported.
- Delete `SPNEGO` references. They were no-ops.
- Drop support for Win9x environments.
- Allow setting `OPENSSL_LIBS` independently from `OPENSSL_LIBPATH`.
- Support autotools/CMake `libssh2` builds by default.
- Respect `CURL_DLL_SUFFIX` in `-dyn` mode when building `curl.exe` and
examples.
- Assume standard directory layout with `LIBCARES_PATH`. (Instead of the
long gone embedded one.)
- Stop static linking with c-ares by default. Add
`CPPFLAGS=-DCARES_STATICLIB` to enable it.
- Reorganize internal layout to avoid redundancy and emit clean diffs
between src/lib and example make files.
- Delete unused variables.
- Code cleanups/rework.
- Comment and indentation fixes.
- Drop auto-detection of OpenSSL 1.0.2 and earlier. Now always defaulting
to OpenSSL 1.1.0 and later, LibreSSL and BoringSSL.
- Drop `Invalid path to OpenSSL package` detection. OpenSSL has been
using a standard file layout since 1.1.0, so this seems unnecessary
now.
- Drop special logic to enable Novell LDAP SDK support.
- Drop special logic to enable OpenLDAP LDAP SDK support. This seems
to be distinct from native OpenLDAP, with support implemented inside
`lib/ldap.c` (vs. `lib/openldap.c`) back when the latter did not exist
yet in curl.
- Add `-lwldap32` only if there is no other LDAP library (either native
OpenLDAP, or SDKs above) present.
- Update `doc/INSTALL.md` accordingly.
After this patch, it's necessary to make configration changes when using
OpenSSL 1.0.2 or earlier, or the two LDAP SDKs.
I haven't tested these scenarios, and in general we recommend using
a recent OpenSSL release. Also, WinLDAP (the Windows default) and
OpenLDAP (via `-DUSE_OPENLDAP`) are the LDAP options actively worked on
in curl.
Viktor Szakats [Sat, 1 Oct 2022 18:23:09 +0000 (18:23 +0000)]
docs: update sourceforge project links [ci skip]
SourceForge projects can now choose between two hostnames, with .io and
.net ending. Both support HTTPS by default now. Opening the other variant
will perm-redirected to the one chosen by the project.
The .io -> .net redirection is done insecurely.
Let's update the URLs to point to the current canonical endpoints to
avoid any redirects.
Viktor Szakats [Sat, 1 Oct 2022 10:07:34 +0000 (10:07 +0000)]
Makefile.m32: cleanups and fixes [ci skip]
- Add `-lcrypt32` once, and add it always for simplicity.
- Delete broken link and reference to the pre-Vista WinIDN add-on.
MS no longer distribute it.
- Delete related `WINIDN_PATH` option. IDN is a system lib since Vista.
- Sync `LIBCARES_PATH` default with the rest of dependencies.
- Delete version numbers from dependency path defaults.
- `libgsasl` package is now called `gsasl`.
- Delete `libexpat` and `libxml2` references. No longer used by curl.
- Delete `Edit the path below...` comments. We recommend to predefine
those envvars instead.
- `libcares.a` is not an internal dependency anymore. Stop using it as
such.
- `windres` `--include-dir` -> `-I`, `-F` -> `--target=` for readability.
- Delete `STRIP`, `CURL_STRIP`, `AR` references from `src/Makefile.m32`.
They were never used.
- Stop to `clean` some objects twice in `src/Makefile.m32`.
- Delete cvs-specific leftovers.
- Finish resource support in examples make file.
- Delete `-I<root>/lib` from examples make file.
- Fix copyright start year in examples make file.
- Delete duplicate `ftpuploadresume` input in examples make file.
- Sync OpenSSL lib order, `SYNC` support, `PROOT` use, dependency path
defaults, variables names and other internal bits between the three
make files.
- `lib/Makefile.m32` accepted custom options via `DLL_LIBS` envvar. This
was lib-specific and possibly accidental. Use `CURL_LDFLAG_EXTRAS_DLL`
envvar for the same effect.
- Fix linking `curl.exe` and examples to wrong static libs with
auto-detected OpenSSL 1.0.2 or earlier.
- Add `-lgdi32` for OpenSSL 1.0.2 and earlier only.
- Add link to Novell LDAP SDK and use a relative default path. Latest
version is from 2016, linked to an outdated OpenSSL 1.0.1.
- Whitespace and comment cleanups.
TODO in a next commit:
Delete built-in detection/logic for OpenSSL 1.0.2 and earlier, the Novell
LDAP SDK and the other LDAP SDK (which is _not_ OpenLDAP). Write up the
necessary custom envvars to configure them.
Added in 68b215157fdf69612edebdb220b3804822277822, while adding openldap
support. This is also the single mention of this constant in the source
tree and also in that commit. Based on these, it seems like an accident.
projects / thirdparty / curl.git / log
