Keeping the relevant 'ssl_scache' in 'data->state' leads to problems
when the owner of the cache is cleaned up and this reference is left
dangling.
Remove the ref entirely and always find the ssl_scache at the current
share or multi.
Folded in #16260 (test 3208) to verify this fixes the bug with a
dangling reference when an easy handle is used with easy_perform first
and in a multi_perform after.
Ref: #16236Closes#16261
curl 8.12.0 introduced an improved SSL session cache. All easy handles
that are added to the same multi handle automatically use the multi
handle's SSL session cache.
Clsoes #16245
Some of the 'goto fail' situations could happen without having
initialized the local variables referenced in the error code flow.
Reported-by: Marcel Raad
Fixes#16246Closes#16251
The eventfd manpage says:
A write(2) fails with the error EINVAL if the size of the supplied
buffer is less than 8 bytes
When doing x32 on a 64-bit system, pointers are still four bytes so this
code must not use the size of a pointer but the size of a 64-bit type.
Fixes#16237
Reported-by: Jan Engelhardt
Closes#16239
With `CURL_DISABLE_SOCKETPAIR` defined and `USE_HTTPSRR_ARES`
undefined, the local variable `socketi` was unused.
This fixes a regression from commit 0d4fdbf15d.
Closes https://github.com/curl/curl/pull/16179
OpenSSL QUIC method errors on setting TLSv1.2 ciphers, where other
methods do not.
Refrain setting --ciphers when min TLS version is 1.3 or higher.
Refrain setting --tls13-ciphers when max TLS version is less than 1.3.
Add 2 test cases.
Fixes#16232
Reported-by: zzq1015 on github
Closes#16235
- add VS2019 job, with Schannel + OpenSSL 1.0.2.
First MultiSSL job here and add the last missing modern VS version.
- fix builds with mixed ALPN capabilities in MultiSSL unity builds.
Caused by reusing `HAS_ALPN` between TLS modules without
resetting it. Fix it by using unique names for each backend.
- merge a VS2010 job into a VS2012. With MultiSSL and x86 OpenSSL.
- make a job static.
- fix `Shared`/`Static` in a job name.
- add `Shared` to job names.
Closes#16231
There were two places in the code that tried to connect the SSL filter,
e.g. do the TLS handshake, but only one changed imap state to CAPA
afterwards.
Depending on timing, the wrong path was taken and the connection was
hanging, waiting for a server reply to a command not sent.
Do the upgrade to tls in one place and update connection filter and
smtps protocol handler at the same time. Always transition to CAPA on
success.
Closes#16213
There were two places in the code that tried to connect the SSL filter,
e.g. do the TLS handshake, but only one changed pop3 state to CAPA
afterwards.
Depending on timing, the wrong path was taken and the connection was
hanging, waiting for a server reply to a command not sent.
Do the upgrade to tls in one place and update connection filter and
smtps protocol handler at the same time. Always transition to CAPA on
success.
Ref: #16166Closes#16208
There were two places in the code that tried to connect the SSL filter,
e.g. do the TLS handshake, but only one changed stmp state to EHLO
afterwards.
Depending on timing, the wrong path was taken and the connection was
hanging, waiting for a server reply to a command not sent.
Do the upgrade to tls in one place and update connection filter and
smtps protocol handler at the same time. Always transition to EHLO on
success.
Fixes#16189
Reported-by: Christian Schmitz
Closes#16206
Add CMake test project consuming curl via these methods:
`FetchContent`, `add_subdirectory()`, `find_package()`.
Also:
- GHA/distcheck: run these tests in CI.
- cmakelint: exclude a warning for calling "wonky-cased" built-in
CMake functions, such as `FetchContent_Declare()`.
Closes#16126
For Find modules where `<Modulename>` is not fully uppercase.
`<Modulename>` is case-exact name used in the Find modules filename:
`CMake/Find<Moduleame>.cmake`.
`find_package_handle_standard_args()` sets both `<MODULENAME>_FOUND` and
`<Modulename>_FOUND` when detecting the dependency. Some CMake code
relies on this and 3rd-party code may rely on it too. Make sure to set
the latter variant when detecting the dependency via `pkg-config`, where
we don't call `find_package_handle_standard_args()`.
CMake sets these variable to `TRUE` (not `ON` or `1`). Replicate this
for compatibility.
Closes#16153
We set this macro to silence a warning inside `openldap.h`. With this
warning now silenced by using `-isystem`, we can drop it. Also it never
had to be set to `1`.
Also enable OpenLDAP in a CMake GHA/macos job.
Follow-up to 445fb81237#14763
Follow-up to 751e168d93#12024Closes#16146
The latest copy I could find at:
https://beta.novell.com/developer/ndk/ldap_libraries_for_c.html
is from 2016-Feb-03, available for Linux and Windows.
I built curl against the Windows package with CMake:
https://sdk.suse.com/ndk/cldap/builds/2016/openldapsdk-devel-windows64-2016-01-28.zip
(It comes with OpenSSL 1.0.1q-fips (2015-Dec-03) binaries.)
CMake identified it as OpenLDAP and built with it as expected:
```
curl 8.12.0-DEV (x86_64-w64-mingw32) libcurl/8.12.0-DEV Schannel OpenLDAP/2.4.37
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IPv6 Kerberos Largefile NTLM SPNEGO SSL SSPI threadsafe UnixSockets
```
Since it identified it as OpenLDAP (`lib/openldap.c`), the branch
deleted in this PR (`lib/ldap.c`) wasn't reached. Thus, defining
the `CURL_HAS_NOVELL_LDAPSDK` also made no difference in the build.
This suggests the code guarded by it is now orphan and unnecessary.
Novell NetWare builds were another user, but we dropped support for them
in 2022: 3b16575ae9#8358Closes#16176
This issue was not addressed with CMake builds so far. curl-for-win
worked thanks to its `-Wl,--start-group` workaround. It affects
binutils `ld` linking statically. Shared linking and llvm's `lld`
doesn't need strict lib order, and are not affected.
The solution is to pass libs in dependency order, with least dependent
(e.g. system) libs last. In case of cyclic dependency, may pass libs
twice.
Fix most issues by moving Windows system libs `ws2_32` and `bcrypt`
last, and move SSH libs first due to their dependence on crypto
backends and zlib compression.
Also:
- modify an existing Linux curl-for-win job to use gcc.
- add a specific Windows gcc job to test this. Make it use different
options than the default to extend build coverage too: `libssh`,
`zlib-ng`, 32-bit.
- prefer CMake imported targets for OpenSSL and ZLIB.
Examples of issues fixed:
Windows LibreSSL, libpsl vs. ws2_32:
```
x86_64-w64-mingw32-ld: curl/libressl/lib/libcrypto.a(bss_sock.c.obj):bss_sock.c:(.text$sock_ctrl[sock_ctrl]+0x59): undefined reference to `__imp_shutdown'
x86_64-w64-mingw32-ld: curl/libressl/lib/libcrypto.a(gcm128.c.obj):gcm128.c:(.text$CRYPTO_gcm128_init[CRYPTO_gcm128_init]+0x65): undefined reference to `__imp_ntohl'
x86_64-w64-mingw32-ld: curl/libpsl/_x64-win-ucrt/usr/lib/libpsl.a(psl.o):(.text$psl_is_cookie_domain_acceptable+0xef): undefined reference to `__imp_WSAStringToAddressW'
```
Ref: https://github.com/curl/curl/actions/runs/13157579253/job/36718144881?pr=16182#step:3:5354
Linux libssh2 vs. zlib:
```
/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/bin/ld: curl/libssh2/_a64-linux-gnu-libressl/usr/lib/libssh2.a(unity_0_c.c.o): in function `comp_method_zlib_dtor':
(.text.comp_method_zlib_dtor+0x8c): undefined reference to `deflateEnd'
/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/bin/ld: curl/libssh2/_a64-linux-gnu-libressl/usr/lib/libssh2.a(unity_0_c.c.o): in function `comp_method_zlib_comp':
(.text.comp_method_zlib_comp+0x50): undefined reference to `deflate'
/usr/lib/gcc-cross/aarch64-linux-gnu/12/../../../../aarch64-linux-gnu/bin/ld: curl/libssh2/_a64-linux-gnu-libressl/usr/lib/libssh2.a(unity_0_c.c.o): in function `comp_method_zlib_init':
(.text.comp_method_zlib_init+0x8c): undefined reference to `deflateInit_'
```
Ref: https://github.com/curl/curl/actions/runs/13157270420/job/36717189086?pr=16182#step:3:5285
Windows libssh vs. ws2_32 and LibreSSL:
```
/usr/bin/i686-w64-mingw32-ld: curl/libssh/_x86-win-ucrt-libressl/usr/lib/libssh.a(connect.c.obj):(.text$ssh_connect_host_nonblocking+0x92): undefined reference to `WspiapiGetAddrInfo@16'
/usr/bin/i686-w64-mingw32-ld: curl/libssh/_x86-win-ucrt-libressl/usr/lib/libssh.a(connect.c.obj):(.text$ssh_connect_host_nonblocking+0x3d9): undefined reference to `gai_strerrorA'
/usr/bin/i686-w64-mingw32-ld: curl/libssh/_x86-win-ucrt-libressl/usr/lib/libssh.a(kex.c.obj):(.text$ssh_client_select_hostkeys+0xd2): undefined reference to `FIPS_mode'
/usr/bin/i686-w64-mingw32-ld: curl/libssh/_x86-win-ucrt-libressl/usr/lib/libssh.a(options.c.obj):(.text$ssh_options_set+0x942): undefined reference to `FIPS_mode'
```
Ref: https://github.com/curl/curl/actions/runs/13163986294/job/36739557888?pr=16182#step:3:5127
Ref: https://github.com/curl/curl/actions/runs/13163986294/job/36739557888?pr=16182#step:3:5121Closes#16182
It should be done if "threaded-resolver" is enabled, but the detection
was slightly broken for builds that add c-ares for the asyn-rr feature.
Closes#16226
libssh 0.9.0 was shipped on June 28 2019 and is the first version
featuring the knownhosts API
Drop libssh from the GHA/linux-old CI job since it gets a libssh 0.7.3
version, too old for us now.
Closes#16200
Instead of picky-backing on the libcurl one using the curlx shortcut,
which is fragile since the libcurl one is not present in all builds.
Reported-by: mschroeder-fzj on github
Fixes#16201Closes#16203
In certain Windows configurations, Perl resides under `C:/Program Files`
causing tests to fail when executing Perl. Fix by quoting the command.
Seen in `dl-mingw` jobs when switching to the default `bash` shell
offered by the `windows-latest` runner on GHA.
Also:
- apply the same fix for `valgrind` for consistency.
- make more use of `shell_quote()` when passing the `srcdir` directory
over the command-line. This doesn't come up in CI, but seems like
good practice. There are lots more unquoted arguments and possibly
also commands.
```
-------e--- OK (940 out of 1537, remaining: 00:32, took 0.217s, duration: 00:50)
test 1167...[Verify curl prefix of public symbols in header files]
/C/Program Files/Git/usr/bin/perl -I. -ID:/a/curl/curl/tests returned 127, when expecting 0
1167: exit FAILED
[...]
=== Start of file stderr1167
sh: line 1: /C/Program: No such file or directory
```
Ref: https://github.com/curl/curl/actions/runs/13181757313/job/36794072190?pr=16217#step:13:2107Closes#16220
Sync the test path with test1515. If fixes the test when the perl tool
resides on a path with spaces in it. E.g. when using the perl from Git
for Windows. This is a workaround, there may be a better fix this
type of issue.
Similar fix for test1515: 38b055446a
Failure:
```
test 1516...[caching of manual libcurl DNS entries after dead connection]
lib1515.exe returned 3, when expecting 0
1516: exit FAILED
=== Start of file stderr1516
Test: lib1515
[...]
17:59:32.390000 == Info: Expire cleared
request http://testserver.example.com:63621/C:/Program Files/Git/path/15160001 failed with 3
Test ended with result 3
=== End of file stderr1516
```
Ref: https://github.com/curl/curl/actions/runs/13184790755/job/36804217128?pr=16217#step:13:2805Closes#16223
It was wrongly bumped to 1.16.0 in db50fc6e95. While we strongly
recommend using 1.16.0 or later, we still allow builds using older
versions.
It would make sense to raise the requirement to at least 1.11.0 (Feb 19
2016) but that's not done right now.
Closes#16221
As `tool_hugehelp.c` is no longer included into `Makefile.inc`,
I did add it explicitly to list of source files built on IBMi.
Follow-up to 96843f4ef7#16068Fixes#16214Closes#16215
