- 11.7 signal-based resolver timeouts
Not considered a bug anymore but just implementation details. People
should avoid using timeouts with the synchronous name resolver.
- 11.16 libcurl uses renames instead of locking for atomic operations
Not a bug, just a description of how it works
Closes#11032
- remove h3 issues believed to be fixed
- make the flaky CI issue be generic and not Windows specific
- "TLS session cache does not work with TFO" now documented
This is now a documented restriction and not a bug. TFO in general is
rarely used and has other problems, making it a low-priotity thing to
work on.
- remove "Renegotiate from server may cause hang for OpenSSL backend"
This is an OpenSSL issue, not a curl one. Even if it taints curl.
- rm "make distclean loops forever"
- rm "configure finding libs in wrong directory"
Added a section to docs/INSTALL.md about it.
- "A shared connection cache is not thread-safe"
Moved over to TODO and expanded for other sharing improvements we
could do
- rm "CURLOPT_OPENSOCKETPAIRFUNCTION is missing"
- rm "Blocking socket operations in non-blocking API"
Already listed as a TODO
- rm "curl compiled on OSX 10.13 failed to run on OSX 10.10"
Water under the bridge. No one cares about this anymore.
- rm "build on Linux links libcurl to libdl"
Verified to not be true (anymore).
- rm "libpsl is not supported"
The cmake build supports it since cafb356e19Closes#10963
RFC 7686 states that:
> Applications that do not implement the Tor
> protocol SHOULD generate an error upon the use of .onion and
> SHOULD NOT perform a DNS lookup.
Let's do that.
https://www.rfc-editor.org/rfc/rfc7686#section-2
Add test 1471 and 1472 to verify
Fixes#543Closes#10705
Before this patch, enabling LDAPS required a manual C flag:
c1cfc31cfc/curl-cmake.sh (L105)
Fix this and enable LDAPS automatically when using `wldap32` (and
when not explicitly disabled). This matches autotools and `Makefile.mk`
behavior. Also remove issue from KNOWN_BUGS.
Add workaround for MSVS 2010 warning triggered by LDAPS now enabled
in more CI tests:
`ldap.c(360): warning C4306: 'type cast' : conversion from 'int' to 'void *' of greater size`
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/46408284/job/v8mwl9yfbmoeqwlr#L312
Reported-by: JackBoosY on github
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad
Fixes#6284Closes#10674
- remove "Excessive HTTP/2 packets with TCP_NODELAY"
This is not a bug. Rather room for improvement.
I believe these have been fixed:
- 17.4 Connection failures with parallel HTTP/2
- 17.5 HTTP/2 connections through HTTPS proxy frequently stall
- remove "FTPS needs session reuse"
That is still true, but curl should also do session reuse now.
- remove "ASCII FTP"
It is documented behavior, and not single user has asked for extended
functionality here the last decade or so.
- remove "Passive transfer tries only one IP address"
add as a TODO
- remove "DoH leaks memory after followlocation"
With a recipe on how to reproduce, this is pointless to keep around
- remove "DoH does not inherit all transfer options"
add it as a TODO
Closes#10487
The protocol needs to know the size ahead of time, this is now a known
restriction and not a bug.
Also output a clearer error if the URL path does not contain proper
share.
Ref: #7896Closes#10484
- CURL_GLOBAL_SSL
This option was changed in libcurl 7.57.0 and clearly it has not caused
too many issues and a lot of time has passed.
- Store TLS context per transfer instead of per connection
This is a possible future optimization. One that is much less important
and interesting since the added support for CA caching.
- Microsoft telnet server
This bug was filed in May 2007 against curl 7.16.1 and we have not
received further reports.
- active FTP over a SOCKS
Actually, proxies in general is not working with active FTP mode. This
is now added in proxy documentation.
- DICT responses show the underlying protocol
curl still does this, but since this is now an established behavior
since forever we cannot change it easily and adding an option for it
seems crazy as this protocol is not so little its not worth it. Let's
just live with it.
- Secure Transport disabling hostname validation also disables SNI
This is an already documented restriction in Secure Transport.
- CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM
The curl_formadd() function is marked and documented as deprecated. No
point in collecting bugs for it. It should not be used further.
- STARTTRANSFER time is wrong for HTTP POSTs
After close source code inspection I cannot see how this is true or that
there is any special treatment for different HTTP methods. We also have
not received many further reports on this, making me strongly suspect
that this is no (longer an) issue.
- multipart formposts file name encoding
The once proposed RFC 5987-encoding is since RFC 7578 documented as MUST
NOT be used. The since then implemented MIME API allows the user to set
the name on their own and can thus provide it encoded as it wants.
- DoH is not used for all name resolves when enabled
It is questionable if users actually want to use DoH for interface and
FTP port name resolving. This restriction is now documented and we
advice users against using name resolving at all for these functions.
Closes#10043
Since years back the "if2ip" function verifies that it binds to a local IPv6
address that uses the same scope as the remote address.
This is not a bug.
Fixes#686Closes#9998
- "FTP with CONNECT and slow server"
I believe this is not a problem these days.
- "FTP with NULs in URL parts"
The FTP protocol does not support them properly anyway.
- remove "FTP and empty path parts in the URL"
I don't think this has ever been reported as a real problem but was only
a hypothetical one.
- "Premature transfer end but healthy control channel"
This is not a bug, this is an optimization that *could* be performed but is
not an actual problem.
- "FTP without or slow 220 response"
Instead add to the documentation of the connect timeout that the
connection is considered complete at TCP/TLS/QUIC layer.
Closes#9979
- 1.2 Multiple methods in a single WWW-Authenticate: header
This is not considered a bug anymore but a restriction and one that we
keep because we have NEVER gotten this reported by users in the wild and
because of this I consider this a fringe edge case we don't need to
support.
- 1.6 Unnecessary close when 401 received waiting for 100
This is not a bug, but possibly an optimization that *can* be done.
- 1.7 Deflate error after all content was received
This is not a curl bug. This happens due to broken servers.
- 2.1 CURLINFO_SSL_VERIFYRESULT has limited support
This is not a bug. This is just the nature of the implementation.
- 2.2 DER in keychain
This is not a bug.
- 5.7 Visual Studio project gaps
This is not a bug.
- 15.14 cmake build is not thread-safe
Fixed in 109e9730ee
- 11.3 Disconnects do not do verbose
This is not a bug.
Closes#9871
The read callback can timeout if there's nothing to read within the
given maximum period. Example use case is when doing "curl -m 3
telnet://example.com" or anything else that expects input on stdin or
similar that otherwise would "hang" until something happens and then not
respect the timeout.
This fixes KNOWN_BUG 8.1, first filed in July 2009.
Bug: https://sourceforge.net/p/curl/bugs/846/Closes#9815
- Replace `Github` with `GitHub`.
- Replace `windows` with `Windows`
- Replace `advice` with `advise` where a verb is used.
- A few fixes on removing repeated words.
- Replace `a HTTP` with `an HTTP`
Closes#9802
For both IPv4 and IPv6 addresses. Now also checks IPv6 addresses "correctly"
and not with string comparisons.
Split out the noproxy checks and functionality into noproxy.c
Added unit test 1614 to verify checking functions.
Reported-by: Mathieu Carbonneaux
Fixes#9773Fixes#5745Closes#9775
Mostly based on recent language decisions from "everything curl":
- remove contractions (isn't => is not)
- *an* HTTP (consistency)
- runtime (no hyphen)
- backend (no hyphen)
- URL is uppercase
Closes#8646
The tools.ietf.org domain has been deprecated a while now, with the
links being redirected to datatracker.ietf.org.
Rather than make people eat that redirect time, this change switches the
URL to a more canonical source.
Closes#8317
- Add description: Explain that some options aren't inherited because
they are not relevant for the DoH SSL connections or may result in
unexpected behavior.
- Remove the reference to #4578 (SSL verify options not inherited) since
that was fixed by #6597 (separate DoH-specific options for verify).
- Explain that DoH-specific options (those created by #6597) are
available: CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and
CURLOPT_DOH_SSL_VERIFYSTATUS.
- Add a reference to #6605 and explain that the user's debug function is
not inherited because it would be unexpected to pass internal handles
(ie DoH handles) to the user's callback.
Closes https://github.com/curl/curl/issues/6605
By differentiating between ON and AUTO it can make a missing zlib
library a hard error when CURL_ZLIB=ON is used.
Reviewed-by: Jakub Zakrzewski
Closes#6221Fixes#6173
