Make test bundles the default. Drop non-bundle build mode.
Also do all the optimizations and tidy-ups this allows, simpler builds,
less bundle exceptions, streamlined build mechanics.
Also rework the init/deinit macro magic for unit tests. The new method
allows using unique init/deinit function names, and calling them with
arguments. This is in turn makes it possible to reduce the use of global
variables.
Note this drop existing build options `-DCURL_TEST_BUNDLES=` from cmake
and `--enable-test-bundles` / `--disable-test-bundles` from autotools.
Also:
- rename test entry functions to have unique names: `test_<testname>`
This removes the last exception that was handled in the generator.
- fix `make dist` to not miss test sources with test bundles enabled.
- sync and merge `tests/mk-bundle.pl` into `scripts/mk-unity.pl`.
- mk-unity.pl: add `--embed` option and use it when `CURL_CLANG_TIDY=ON`
to ensure that `clang-tidy` does not miss external test C sources.
(because `clang-tidy` ignores code that's #included.)
- tests/unit: drop no-op setup/stop functions.
- tests: reduce symbol scopes, global macros, other fixes and tidy-ups.
- tool1621: fix to run, also fix it to pass.
- sockfilt: fix Windows compiler warning in certain unity include order,
by explicitly including `warnless.h`.
Follow-up to 6897aeb105#17468Closes#17590
`SSL_pending()` only checks if the *current* TLS packet has more data.
There might be more data in SSL's buffers.
`SSL_has_pending()` only checks if there is data in buffers, but does
*not* check if there is a complete TLS packet that can be decoded.
If we only check the first, we will poll on socket events without having
processed all data and may stall. If we only check the second, we would
busy loop without SSL_read() ever giving something.
Add the flag `connssl->input_pending` that is set on incoming data in
the BIO receive. Clear the flag when encountering a CURLE_AGAIN on
the filters receive (via SSL_read()) or see an EOF.
Ref: #17596Closes#17601
The secure transport vTLS backend was the only Curl_ssl struct instance
that populated the false_start field. Since its removed, we can now
remove that field entirely. This was a protocol feature specific to TLS
1.2 that has been replaced by the more widely adopted TLS 1.3 early data
mechanisms.
--false-start is now deprecated
Closes#17595
Since the code now checks for NULL and returns before this point, 'ntlm'
cannot be NULL at this point in the code. Pointed out by Coverity.
Follow-up to 5586520745Closes#17587
After this patch there is no more double/multiple compile of the same
libtest source under a different libtest ID. Each libtest is compiled
once, and changing behavior at runtime based on test ID.
- drop recently added physical clones for two prevously multi-compiled
tests:
- merge lib587 into lib554 again, branch at runtime.
- merge lib645 into lib643 again, branch at runtime.
- replace existing dynamic branching to use `testnum` instead of
a manually rolled `testno` based on an extra command-line argument.
lib1571, lib1576.
- mk-bundle.pl: stop defining `LIB*` macros. No longer used.
- libtests: drop all `LIB*_C` guards.
- Make these tests branch at runtime, stop building copies:
- lib585, based on lib500
- lib565, based on lib510
- lib529, based on lib525
- lib527, lib532, based on lib526
- lib545, based on lib544
- lib548, based on lib547
- lib696, based on lib556
- lib584, based on lib589
- lib1539, based on lib1514
- lib1543, based on lib1518
- lib1917, based on lib1916
- lib1946, based on lib1940
- lib671, 672, 673, based on lib670
Follow-up to 02dd471bbf#17591
Follow-up to 6897aeb105#17468Closes#17598
Adjust the differences at runtime instead of build-time, to avoid
extra buillds.
Set the `CURL_TESTNUM` env variable to pass test numbers to tests.
Make libtest/first.c use that env variable to set the `testnum` global
variable to allow tests to differ based on which test that runs it.
Closes#17591
cfilter/conn: change send/recv function signatures. Unify the
calling/return conventions in our send/receive handling.
Curl_conn_recv(), adjust pnread type
Parameter `pnread` was a `ssize_t *`, but `size_t *` is better since the
function returns any error in its `CURLcode` return value.
Closes#17546
Convert the debug-only handling of SSL_ERROR_SYSCALL so that it is
enabled in all builds with openssl. This should not make a difference in
supported OpenSSL versions, but if whatever version or fork we link
against *does* return SSL_ERROR_SYSCALL, handle this as a fatal error.
Fixes#17471
Reported-by: Michael Kaufmann
Closes#17531
Since the amount of early data sent in the upload test_07_70 varies
much with how fast the server respondes and completes the handshake,
assert that we did sent at least *some* early data instead of relying
on a specific amount.
Closes#17575
The checks for a connection being "too long idle" or "too old" where
rounding down the elapsed time to seconds before comparing to the
configured max values. This caused connections to be reused for up to
999ms longer than intended.
Change the compares to scale the configured seconds up to ms, so
connection will properly be "too old" 1 ms after the coonfigured values.
Fixes sporadic failures of test1542 on platforms where "sleep(2)"
returnes before 2 full seconds on the internal clock where passed.
Reported-by: Christian Weisgerber
URL: https://curl.se/mail/lib-2025-06/0004.htmlCloses#17571
These libraries do not support TLS 1.3 and have been marked for removal
for over a year. We want to help users select a TLS dependency that is
future-proof and reliable, and not supporting TLS 1.3 in 2025 does not
infer confidence. Users who build libcurl are likely to be served better
and get something more future-proof with a TLS library that supports
1.3.
Closes#16677
Public `curl/curl.h` includes these headers for non-Windows platforms
without further conditions. This makes it safe to assume these headers
do exist, allowing to save two feature checks for non-Windows targets.
`sys/time.h` is also assumed on Windows with mingw-w64, for declaring
`gettimeofday()`.
Closes#17522
Delete macros from `curl_config.h.cmake` that were never set by
the CMake script: `_LARGE_FILES`, `_THREAD_SAFE`, `const`, `size_t`.
Also:
- lib/config-riscos.h: drop `#undef _LARGE_FILES`. This is an
IBM-specific macro, no need to unset it on other platforms.
Cherry-picked from #17576Closes#17580
Trying to avoid the occasional ~6-minute long delays seen in the OpenBSD
since last week. The long delay causes the CI job to timeout and fail:
https://github.com/curl/curl/actions/workflows/non-native.yml?page=2&query=branch%3Amaster
The exact reason is or test number is unknown. I base this attempt on
looking at the first occurrences and possible patches that may be
related.
The issue was first seen in CI within PR #17136:
```
[...]
Wed, 07 May 2025 07:10:30 GMT test 3014...[Check if %{num_headers} returns correct number of headers]
Wed, 07 May 2025 07:10:30 GMT s-p----e--- OK (1743 out of 1778, remaining: 00:02, took 0.195s, duration: 01:43)
Wed, 07 May 2025 07:10:30 GMT test 3016...[GET a directory using file://]
[long delay here]
Wed, 07 May 2025 07:16:17 GMT -------
Wed, 07 May 2025 07:16:17 GMT Error: The operation was canceled.
```
Ref: https://github.com/curl/curl/actions/runs/14877264415/job/41776966626#step:3:5566
Ref: https://github.com/curl/curl/actions/runs/14900320627/job/41850699301#step:3:5561 (next in PR)
Then in master, shortly after merging it via d3594be6531df3d5eafcdd09f84ad9dee1777028:
```
[...]
Mon, 02 Jun 2025 09:23:55 GMT test 3201...[HTTP GET when PROXY Protocol enabled and spoofed client IP]
Mon, 02 Jun 2025 09:23:55 GMT --p----e--- OK (1777 out of 1788, remaining: 00:00, took 0.222s, duration: 01:42)
Mon, 02 Jun 2025 09:23:55 GMT RUN: failed to start the HTTP/2 server
Mon, 02 Jun 2025 09:23:55 GMT test 3202...[HTTP-IPv6 GET with PROXY protocol with spoofed client IP]
[long delay here]
Mon, 02 Jun 2025 09:29:48 GMT --p----e--- OK (1778 out of 1788, remaining: 00:00, took 0.1
Mon, 02 Jun 2025 09:29:48 GMT Error: The operation was canceled.
```
Ref: https://github.com/curl/curl/actions/runs/15388587165/job/43292652793#step:3:5097
Ref: https://github.com/curl/curl/actions/runs/15390589464/job/43298911578#step:3:5097 (next in master)
Closes#17562
Using a mixture of techniques to avoid symbols collisions:
- reduce scope.
- add `t*_` / `T*_` prefix.
- move shared functions to `testutil.c`.
(`suburl()`, `rlim2str()`)
- clone re-used lib*.c sources.
(lib587, lib645)
- include shared symbols just once in re-used `lib*.c` sources.
(using `LIB*_C` guards.)
- drop re-used `lib*.c` sources where they were identical or
unused.
- make macros global.
- #undef macros before use.
What remain is the entry functions `test`, and `unit_setup`,
`unit_stop` in unit tests.
Also:
- fix formatting and other minor things along the way.
- add `const` where possible.
- sync some symbol names between tests.
- drop `mk-bundle-hints.sh` that's no longer necessary.
Closes#17468
- replace dynamic `InitSecurityInterface()` call with early binding and
link `secur32` system DLL.
The library and function are available in all supported curl Windows
targets, meaning WinXP or newer. Add small hack for mingw32ce to
make it build.
- detect and use `if_nametoindex()` on Windows when available. Link
`iphlpapi` system DLL. Requires targeting Vista or newer.
Replacing the dynamic call and the pre-load optimization for lib3026.
Suggested-by: Jay Satiro
Closes#17413
Extend MSVC jobs with the option to use MSYS2 binary package as DLL
dependencies. Allow to use them alone (without vcpkg) or combined with
vcpkg packages. This saves the trouble of building these packages from
source and cache them manually.
This solution requires two tricks:
- workaround for zlib which installs a target-specific `zconf.h` that's
not portable between platforms and C compilers.
- manual dependency configuration in CMake to ensure linking against
the MSYS2 DLLs (and not it static libs). Static libs aren't portable
to MSVC due to missing symbols `__chkstk_ms`, `_stack_chk_fail`,
`_memcpy_chk`, `_stack_chk_guard`, and potentially other issues. CMake
in MSVC mode, `linker.exe` and `pkg-config` pick the static libs by
default. To pick `.dll.a` in favour of `.a`, these tools would have
to be taught about this convention. An alternative is deleting static
libs and see if `.dll.a` are picked-up automatically.
Using MSYS2 packages adds an install step taking 15-45 seconds per job.
It allowed to:
- re-enable libpsl for all MSVC jobs.
- convert the Intel 64-bit job to use MSYS2 without vcpkg, enabling
brotli, zstd, OpenSSL 3.5.0, libssh2 (with OpenSSL cryprography) and
nghttp2.
Using the same technique it's possible to re-enable more features
in MSVC builds, e.g. GnuTLS (also with H3), LibreSSL, mbedTLS, nghttp3,
ngtcp2, libssh, c-ares, gsasl, and replace vcpkg zlib, for faster runs.
What's missing compared to vcpkg is BoringSSL and wolfSSL
(the MSYS2-supplied build doesn't fit curl's requirements IIRC). These
could be built and cached manually.
Also:
- add workaround for zlib (classic) which uses a generated `zconf.h`,
rendering the MSYS2 zlib header incompatible with MSVC.
- set the correct `msystem` for arm64.
- allow using MSVC without vcpkg.
Follow-up to cd0ec4784c#17089Closes#17561
Remove structs for negotiate, krb5, ntlm and gsasl from connectdata and
store them as connection meta data with auto cleanup.
De-complexify sasl mech selection by moving code into static functions.
Closes#17557
We don't check the memory debug output with the threaded resolver, so
the only way to do it with with valgrind.
Also move the disabling of memory tracking to where we log that we're
doing it.
Closes#17501
When running torture tests with valgrind enabled, the torture function
got a command line that already had the valgrind invocation in it. It
added another, at the end resulting in an empty valgrind log file.
Remove the duplicate logic adding valgrind, which already had a bit of
different logic that wasn't updated when the other one was.
Closes#17501
For the `gh` tool, over `GITHUB_TOKEN`. It accepts both, of which
the former seems to be preferred according to the source code and
documentation.
GHA/appveyor-status already uses `GH_TOKEN`.
Closes#17556
When a pingpong based protocol tries to perform a connection disconnect,
it sends a sort of "logout" command to the server, unless the connection
is deemed dead.
But the disconnect might happen before pingpong data has been completely
sent, in which case sending the "logout" will not work. Check the
pingpong state and do not "logout" when data is pending.
This was detected as a condition in fuzzing that triggered a debug
assert in the pingpong sending.
Closes#17555
This boolean option was moved to the wrong handling function. Make it
an ARG_NONE and move it to the correct handler and add a test to
verify that the option works.
Follow-up to 698491f44
Reported-by: fjaell on github
Fixes#17545Closes#17547
Some CI tests fail due to "Can't start ssh server due to lack of USER name" -
add more ways to try to figure it out if no environment variable works: the
whoami and id commands.
Closes#17544
zizmor 1.9.0 effectively bans using GHA macros within shell script
snippets. Rework them to pass GHA macro values via envs and use those
envs in shell snippets. `${{ env.* }}` macros could be converted
to native env references after making their names shell-compatible.
Envs and shell commands can no longer be used in GHA macro values. Most
cases could be fixed by using literals. Passing quoted values with
spaces combined with other args also doesn't work anymore. This was
replaced by passing them separately.
Despite the initial complications, avoiding GHA macros in scripts does
seems to make the CI code reasonable cleaner. It also makes it possible
to analyze the scripts with shellcheck, finding subtle issues that went
unnoticed till now.
Also:
- un-ignore and fix three existing zizmor `template-injection` issues.
- add script to extract and shellcheck all shell code stored within GHA
and Circle CI YAML files.
- add CI job to run this script.
- fix shellcheck issues discovered.
- fix minor differences between cmake and autotools FreeBSD jobs.
- merge cmake/autotools FreeBSD jobs to avoid developing unwanted
differences again.
- fix/sync quote use across shell code.
- replace `$HOME` with `~` or literal where it made sense.
- replace most `brew --prefix` with literals.
- move all curl install tests to the `curl-install*` prefix.
- add missing curl install tests to cygwin/msys/mingw/*bsd.
- pipe to `tar` instead of storing downloads on disk.
- drop unnecessary `PKG_CONFIG_PATH` when building nghttp3.
Ref: https://github.com/curl/curl/actions/runs/15461461371/job/43523546041
Ref: https://github.com/zizmorcore/zizmor/releases/tag/v1.9.0
Follow-up to e522f47986#17278Closes#17537
