- on load, only replace existing HSTS entries if there is a full host
match
- on matching, prefer a full host match and secondary the longest tail
subdomain match
Closes#15210
When a multi handle is being cleaned up, it can still cause user
callbacks to be fired. Notably Curl_cpool_destroy calls socket_callback
on all pooled connections. It's still possible for the callback to call
curl_multi_assign leading to an assert.
This commit moves clearing of a multi handle magic to a point where the
multi handle stops being a valid object.
Fixes#15201Closes#15206
- update mbedTLS repo URL.
- switch local mbedTLS build to use CMake, and Ninja.
CMake build is required to create and install mbedTLS `pkg-config`
files. (as of v3.6.1)
`-DCMAKE_POSITION_INDEPENDENT_CODE=ON` required to avoid this error
when linking mbedtls to `libcurl.so`:
```
/usr/bin/ld: /home/runner/mbedtls/lib/libmbedcrypto.a(cipher.c.o): warning: relocation against `mbedtls_cipher_base_lookup_table' in read-only section `.text'
/usr/bin/ld: /home/runner/mbedtls/lib/libmbedtls.a(ssl_tls.c.o): relocation R_X86_64_PC32 against symbol `mbedtls_x509_crt_profile_suiteb' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: bad value
```
Ref: https://github.com/curl/curl/actions/runs/11245069259/job/31264386723#step:40:43
- make local mbedTLS build 10x smaller by omitting programs and tests.
- GHA/linux: fix cmake warning by adding `-B .` option.
- GHA/linux: add build-only cmake job for packaged mbedTLS (2.x).
- fix compiler warning when building with mbedTLS 2.x:
```
/home/runner/work/curl/curl/lib/vtls/mbedtls.c:344:1: error: ‘mbed_cipher_suite_get_str’ defined but not used [-Werror=unused-function]
344 | mbed_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size,
| ^~~~~~~~~~~~~~~~~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/11244999065/job/31264168295#step:40:50
Also in preparation for #15193Closes#15208
Fix to set `HAVE_GSSGNU` when GNU GSS is detected.
Also set the appropriate `pkg-config` dependency and do version
detection for the GNU GSS flavour.
Tested with `pkg-config` and partly tested without. The latter case
picks up everything else but, in my env. This is likely not the last
word to implement this detection correctly for all build-cases.
GNU GSS doesn't seem to have a Homebrew formula and building
it locally needs manual tweaks to make finish successfully.
Also move a MIT-specific header detection into to MIT-specific `if`
branch.
Closes#15176
When the pool is cleaned up due to host limits, the bundle may be
cleaned up as well making the old pointer invalid.
Fixes#15185
Reported-by: Moritz Knüsel
Closes#15186
To sync with `./configure`.
- `HAVE_NETINET_IN6_H` is
needed by HPE NonStop NSE and NSX systems.
Follow-up to 76ebd54175#2155
- `HAVE_CLOSESOCKET_CAMEL`, `HAVE_PROTO_BSDSOCKET_H`
are for AmigaOS.
(Note: `./configure` tries to detect these for all targets, cmake does
it only for AmigaOS, to not inflate configure time.)
Closes#15172
Added in 37eba37019 (2009-06-17) to help
detecting socket functions.
But, this `socket.h` isn't used in the source code since
90dd1fc664#8288 (2022-01-16).
Closes#15173
Before this patch they were detected via manual methods, then with
`AC_CHECK_FUNCS()`.
Delete the manual checks and keep the latter.
Also delete `CURL_INCLUDES_POLL()` which is no longer used after
the above.
Closes#15170
Before this patch `setmode()` was not detected with Cygwin/MSYS, because
it's a macro, not a function, and detection is looking for a function.
Switching to symbol detection doesn't work because it mis-detects it on
BSD systems which features a function with the same name but different
functionality and arguments.
Fix it by looking for a `_setmode()` function on Cygwin/MSYS, and use it
if available.
`_setmode()` is recommended over `setmode()` by Windows documentation so
use that on Windows too. It seems to be available on all supported
compilers, so omit detection.
https://learn.microsoft.com/cpp/c-runtime-library/reference/posix-setmodehttps://learn.microsoft.com/cpp/c-runtime-library/reference/setmode
Officially Windows requires argument `_O_BINARY` with an underscore.
`O_BINARY` is also supported but bound to conditions. Continue to use it
for simplicity. Cygwin supports `O_BINARY` (no underscore).
Closes#15169
These ensure a more consistent style and can find some errors statically
that would otherwise only be seen at run-time. Also, bump the Ubuntu
version of some other checks to get newer versions of some linters.
Closes#15067
- Use the appropriate variable type for the curlx_tvtoms() return code:
timediff_t and remove the typecast.
- Simplify the function and avoid the odd expire adjustment that
probably is a rest from ancient days when the expire function did not
handle zero millisecond timeouts.
Closes#15145
Since we see Windows fails of 1915, add tracing and a connect timeout.
The test uses a port no one is supposed to listen on, but Windows has
this weird wait logic. So, set a short timeout.
Closes#15107
As the parsing and address "regeneration" are done anyway, we might as
well use the updated version in the result and thereby A) get a
normalized (and lower cased) version of the address and B) avoid a
strcpy().
Updated test 1560 to verify.
Closes#15143
Since OpenSSL does its own send/recv internally, we may miss the moment
to populate the x509 store right before the server response. Do it
instead before we start the handshake, at the loss of the time to set
this up.
Closes#15137
Due to timings on paused response receive, the error code may vary due
to the location where it is detected that the server closed the transfer
prematurely.
Be more lenient in always allowing PARTIAL_FILE as ok.
Closes#15138
