Members of the filter context, like stream hash and buffers, need to be
initialized early and protected by a flag to also avoid double cleanup.
This allow the context to be used safely before a connect() is started
and the other parts of the context are set up.
Closes#14505
Before, setting CURLOPT_SSLVERSION with wolfSSL restricted the the tls
proto to just the specified version. Now it properly supports a range.
So it can set the min and max tls proto (max requires wolfSSL 4.2.0).
Bump the absolute minimum required version of wolfSSL to 3.4.6 (released
2015) because it is needed for the wolfSSL_CTX_SetMinVersion() function.
Closes#14480
When using `curl_ws_send()`, perform a blocking send of the data under
the following conditions:
- the websocket is in raw mode and the call is done from within a curl
callback. A partial write of the data could subsequently mess up the
ws framing, as a callback has a hard time handling this.
- the websocket is encoding the data itself, has added it to its
internal sendbuf. A partial flush of the buffer has unclear semantics
for the caller, as they will have no idea what to send again.
Fixes WebSockets tests with CURL_DBG_SOCK_WBLOCK=90 set.
Closes#14458
Channel Bindings are used to tie the session context to a specific TLS
channel. This is to provide additional proof of valid identity,
mitigating authentication relay attacks.
Major web servers have the ability to require (None/Accept/Require)
GSSAPI channel binding, rendering Curl unable to connect to such
websites unless support for channel bindings is implemented.
IIS calls this feature Extended Protection (EPA), which is used in
Enterprise environments using Kerberos for authentication.
This change require krb5 >= 1.19, otherwise channel bindings won't be
forwarded through SPNEGO.
Co-Authored-By: Steffen Kieß <947515+steffen-kiess@users.noreply.github.com>
Closes#13098
Before this patch, `pkg-config` was used for `UNIX` builds only (with
a few exceptions like wolfSSL, libssh, gsasl, libuv). This patch extends
`pkg-config` use to all envs except: `MSVC` without vcpkg. Meaning MSVC
with vcpkg will now use it. Also mingw on Windows.
Also apply the new condition to options where `pkg-config` was used
unconditionally (= for all targets). These are:
`-DCURL_USE_WOLFSSL=ON`, `-DCURL_USE_LIBSSH=ON`,
`-DCURL_USE_GSASL=ON` and `-DCURL_USE_LIBUV=ON`
This patch may still cause regressions for cross-builds (e.g. mingw
cross-build from Unix) and potentially other cases. If that happens, we
recommend using some of these methods to explicitly disable `pkg-config`
when using CMake:
- CMake option: `-DPKG_CONFIG_EXECUTABLE=`
(or `-DPKG_CONFIG_EXECUTABLE=nonexistent` or similar)
This is similar to the (curl-specific) `PKG_CONFIG` env for autotools.
- export env: `PKG_CONFIG_LIBDIR=`
(or `PKG_CONFIG_PATH`, `PKG_CONFIG_SYSROOT_DIR`,
or the CMake-specific `PKG_CONFIG`)
We may improve control over this in a future patch, also allowing opting
in MSVC (without vcpkg).
Ref: #14405
Ref: #14408
Ref: #14140Closes#14483
Rename internal macros to match their `libcurl.pc` metadata counterpart.
Also apply these to the `curl-config.in` template.
- `CPPFLAG_CURL_STATICLIB` -> `LIBCURL_PC_CFLAGS`
- `LIBCURL_LIBS` -> `LIBCURL_PC_LIBS_PRIVATE`
- `LIBCURL_NO_SHARED` -> `LIBCURL_PC_LIBS`
Closes#14476
- Turned them all into functions to also do asserts etc.
- The llist related structs got all their fields renamed in order to make
sure no existing code remains using direct access.
- Each list node struct now points back to the list it "lives in", so
Curl_node_remove() no longer needs the list pointer.
- Rename the node struct and some of the access functions.
- Added lots of ASSERTs to verify API being used correctly
- Fix some cases of API misuse
Add docs/LLIST.md documenting the internal linked list API.
Closes#14485
Instead of having an especially "unique" linked list handler for the
main list of easy handles within the multi handle, this now uses a
regular Curl_llist for this as well.
With this change, it is also clearer that every easy handle added to a
multi handle belongs to one and only one out of three different lists:
process - the general one for normal transfer processing
pending - queued up waiting to get a connection (MSTATE_PENDING)
msgsent - transfer completed (MSTATE_MSGSENT)
An easy handle must therefore be removed from the current list before it
gets added to another.
Closes#14474
libidn2 is detected by default, which triggers a `pkg-config` detectio
attempt by default. This in turn may pick up libidn2 inadvertently from
the disk, and append the libidn2 header directory to the include path.
This header directory might contain incompatible system and/or component
headers, causing confusion and failed builds.
Some of these side-effects may be the result of an unknowningly
configured (or misconfigured) `pkg-config`. In another reported case,
it was hit by the `pkg-config` from Strawberry Perl. Until we
investigate the reasons and come up with a technique to avoid these
issues, limit `pkg-config` detection to UNIX platforms, like we already
do in `Find*` modules.
Notice that `-DCURL_USE_LIBSSH=ON`, `-DCURL_USE_GSASL=ON`, and
`-DCURL_USE_LIBUV=ON` options continue to have the above side-effects,
though these options are disabled by default.
Follow-up to f43adc2c49#14137
Reported-by: Micah Snyder
Fixes#14405Closes#14408
- memdebug: replace keyword `malloc` with `__malloc__` to
not interfere with envs where `malloc` is redefined. Also apply
the fix to `alloc_size`.
Fixes:
```
lib/memdebug.h:107:13: warning: unknown attribute 'vec_malloc' ignored [-Wunknown-attributes]
CURL_EXTERN ALLOC_FUNC FILE *curl_dbg_fdopen(int filedes, const char *mode,
^~~~~~~~~~
lib/memdebug.h:37:37: note: expanded from macro 'ALLOC_FUNC'
# define ALLOC_FUNC __attribute__((malloc))
^~~~~~
/usr/include/stdlib.h:753:16: note: expanded from macro 'malloc'
#define malloc vec_malloc
^~~~~~~~~~
```
- memdebug: always undef before defining.
Also do this for the rest of functions redefined in the same block.
Avoids warning on AIX:
```
lib/memdebug.h:117:9: warning: 'malloc' macro redefined [-Wmacro-redefined]
#define malloc(size) curl_dbg_malloc(size, __LINE__, __FILE__)
^
/usr/include/stdlib.h:753:9: note: previous definition is here
#define malloc vec_malloc
^
```
- easy: fix `-Wformat` warning on AIX by adding a cast.
```
lib/easy.c:608:47: warning: format specifies type 'int' but the argument has type 'long' [-Wformat]
"%" CURL_FORMAT_SOCKET_T ")", fds[i].fd);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~
```
- if2ip: silence compiler warning inside AIX system header.
```
/lib/if2ip.c:219:19: warning: signed shift result (0x80000000) sets the sign bit of the shift expression's type ('int') and becomes negative [-Wshift-sign-overflow]
if(ioctl(dummy, SIOCGIFADDR, &req) < 0) {
^~~~~~~~~~~
/usr/include/sys/ioctl.h:401:26: note: expanded from macro 'SIOCGIFADDR'
#define SIOCGIFADDR (int)_IOWR('i',33, struct oifreq) /* get ifnet address */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/sys/ioctl.h:174:23: note: expanded from macro '_IOWR'
#define _IOWR(x,y,t) (IOC_INOUT|((sizeof(t)&IOCPARM_MASK)<<16)|(x<<8)|y)
^~~~~~~~~
/usr/include/sys/ioctl.h:168:20: note: expanded from macro 'IOC_INOUT'
#define IOC_INOUT (IOC_IN|IOC_OUT)
^~~~~~
/usr/include/sys/ioctl.h:167:28: note: expanded from macro 'IOC_IN'
#define IOC_IN (0x40000000<<1) /* copy in parameters */
~~~~~~~~~~^ ~
```
Ref: https://curl.se/dev/log.cgi?id=20240808180420-3809007
Assisted-by: Dan Fandrich
Closes#14464
- prefix local variables with underscore and convert to lowercase.
- list variables accepted by `libcurl.pc` and `curl-config` templates.
- quote more string literals.
Follow-up to 919394ee64#14450Closes#14462
Log progress only at start and end of transfer to give normalized
output when upload data is only partially sent or temporarily blocked.
Fixes test with CURL_DBG_SOCK_WBLOCK=90 set.
Closes#14454
Fix FTP protocol to flush the pingpong's send buffer before receiving a
response from the server, as it may never come otherwise.
Fixes FTP/FTPS tests with `CURL_DBG_SOCK_WBLOCK=90` set.
Closes#14452
... using the new script 'maxline' to which we specify the maximum
number of columns we allow any single line to be, or it will cause an
error.
Starting out with a max width at 100 columns.
Bonus: shorten the long line in the --ipfs-gateway section.
Closes#14423
- tidy up two `MATCHES` expression by avoiding macros expansion and
adding quotes. Then convert then to `STREQUAL` to match other places
in the code doing the same checks.
- fix setting `_ALL_SOURCE` for AIX to match what autotools does.
- delete stray `_ALL_SOURCE` reference from `lib/config_riscos.h`
- simplify/fix two `STREQUAL ""` checks.
The one in the `openssl_check_symbol_exists()` macro succeeded
regardless of the value. The other could return TRUE when
`CMAKE_OSX_SYSROOT` was undefined.
- delete code for CMake versions (<3.7) we no longer support.
- prefer `LIST(APPEND ...)` to extend `CURL_LIBS`.
- use `CURL_LIBS` to add the `network` lib for Haiku.
Before this patch it was done via raw C flags. I could not test this.
- move `_WIN32_WINNT`-related code next to each other.
It also moves detection to the top, allowing more code to use
the result.
- merge two `WIN32` blocks.
- rename internal variables to underscore + lowercase.
- unwrap a line, indent, whitespace.
Closes#14450
Assign the value of the variable instead of the name of the variable
when detecting GSS version via `pkg-config` on old (?) CMake.
(On recent CMake, there is an empty value in these variables.)
Closes#14445
- quote string literals.
In the hope it improves syntax-highlighting and readability.
- use lowercase, underscore-prefixed local var names.
As a hint for scope, to help readability.
- prefer `pkg_search_module` (over `pkg_check_modules`).
They are the same, but `pkg_search_module` stops searching
at the first hit.
- more `IN LISTS` in `foreach()`.
- OtherTests.cmake: clear `CMAKE_EXTRA_INCLUDE_FILES` after use.
- add `PROJECT_LABEL` for http/client and unit test targets.
- sync `Find*` module comments and formatting.
- drop a few local variables.
- drop bogus `CARES_LIBRARIES` from comment.
- unquote numeric literal.
Follow-up to acbc6b703f#14197Closes#14388
- rely on the new flush to handle blocked sends. No longer
do simulated EAGAIN on (partially) blocked sends with their
need to handle repeats.
- fix some debug handling CURL_SMALLREQSEND env var
- add some assertings in request.c for affirming we do it right
- enhance assertion output in test_16 for easier analysis
Closes#14435
Before this patch `pkg-config`-based detection was ignored, and used
solely as a path hint for native detection.
- fix `pkg_search_module()` result prefix to match what code expects:
`_GSS` (was: `_GSS_PKG`). Update variable that were in sync with old
prefix.
- update the pkg-config codepath to use `_GSS_MODULE_NAME` to detect
GSS flavour. This requires CMake 3.16.
Otherwise fall back to the old method. (The old method doesn't seem to
work anymore (?) as of CMake 3.30.1. Documented
`<prefix>_<modulename>_VERSION` variable is defined, but empty.)
- update the pkg-config codepath to use `_GSS_VERSION` set by CMake.
Resort to the old code when this variable is empty. (The old code
doesn't seem to work anymore (?) as of CMake 3.30.1)
- fix pkg-config codepath to set the documented result variables.
- align native detection variable names with those generated by
`pkg_search_module()` in the pkg-config codepath.
- GHA/macos: enable GSS Heimdal in a cmake job.
Uses the native detection.
- GHA/linux: enable GSS Heimdal in cmake and autotools jobs.
CMake uses `pkg-config`-based detection.
- suppress test 2077 and 2078 results on Linux + Heimdal.
```
FAIL-IGNORED 2077: 'curl --fail --negotiate to unauthenticated service fails' HTTP, HTTP GET, GSS-API
FAIL-IGNORED 2078: 'curl --negotiate should not send empty POST request only' HTTP, HTTP GET, GSS-API
```
Failing with valgrind errors in both autotools and cmake builds:
https://github.com/curl/curl/actions/runs/10282222581/job/28453472068?pr=14430#step:38:3638https://github.com/curl/curl/actions/runs/10282222581/job/28453473398?pr=14430#step:38:7831Closes#14430
