- always define `CURL_STATICLIB` when building libcurl for Windows.
This disables `__declspec(dllexport)` for exported libcurl symbols.
In normal mode (hide symbols) these exported symbols are specified
via `libcurl.def`. When not hiding symbols, all symbols are exported
by default.
Regression from 1199308dbcFixes#11844
- fix to omit `libcurl.def` when not hiding private symbols.
Regression from 2ebc74c36a
- fix `ENABLED_DEBUG=ON` + shared curl tool Windows builds by also
omitting `libcurl.def` in this case, and exporting all symbols
instead. This ensures that a shared curl tool can access all debug
functions which are not normally exported from libcurl DLL.
- delete `INTERFACE_COMPILE_DEFINITIONS "CURL_STATICLIB"` for "objects"
target.
Follow-up to 2ebc74c36a
- delete duplicate `BUILDING_LIBCURL` definitions.
- fix `HIDES_CURL_PRIVATE_SYMBOLS` to not overwrite earlier build settings.
Follow-up to 1199308dbcCloses#11914
- use shared code for setting up the CONNECT request
when tunneling, used in HTTP/1.x and HTTP/2 proxying
- eliminate use of Curl_buffer_send() and other manipulations
of `data->req` or `data->state.ulbuf`
Closes#11808
fseek uses long offset which does not match with curl_off_t. This leads
to undefined behavior when calling the callback and caused failure on
arm 32 bit.
Use a wrapper to solve this and use fseeko which uses off_t instead of
long.
Thanks to the nice people at Libera IRC #musl for helping finding this
out.
Fixes#11882Fixes#11900Closes#11918
A debug-only function that is basically never used. Removed to ease the
use of the singleuse script to detect non-static functions not used
outside the file where it is defined.
Closes#11931
- Fix netrc info message to use the generic ".netrc" filename if the
user did not specify a netrc location.
- Update --netrc doc to add that recent versions of curl on Windows
prefer .netrc over _netrc.
Before:
* Couldn't find host google.com in the (nil) file; using defaults
After:
* Couldn't find host google.com in the .netrc file; using defaults
Closes https://github.com/curl/curl/pull/11904
Also fix to export all symbols in Windows debug builds, making
`-debug-dyn` builds work with `-DCURL_STATICLIB` set.
Ref: https://github.com/curl/curl/pull/11914 (same for CMake)
Closes#11924
Previously it would only stop them from getting started if the size is
known to be too big then.
Update the libcurl and curl docs accordingly.
Fixes#11810
Reported-by: Elliot Killick
Assisted-by: Jay Satiro
Closes#11820
- If libssh2_userauth_publickey_fromfile_ex returns -1 then show error
message "SSH public key authentication failed: Reason unknown (-1)".
When libssh2_userauth_publickey_fromfile_ex returns -1 it does so as a
generic error and therefore doesn't set an error message. AFAICT that is
not documented behavior.
Prior to this change libcurl retrieved the last set error message which
would be from a previous function failing. That resulted in misleading
auth failed error messages in verbose mode.
Bug: https://github.com/curl/curl/issues/11837#issue-1891827355
Reported-by: consulion@users.noreply.github.com
Closes https://github.com/curl/curl/pull/11881
- use CLIENTWRITE_BODY *only* when data is actually body data
- add CLIENTWRITE_INFO for meta data that is *not* a HEADER
- debug assertions that BODY/INFO/HEADER is not used mixed
- move `data->set.include_header` check into Curl_client_write
so protocol handlers no longer have to care
- add special in FTP for `data->set.include_header` for historic,
backward compatible reasons
- move unpausing of client writes from easy.c to sendf.c, so that
code is in one place and can forward flags correctly
Closes#11885
Using the system's provided arpa/tftp.h and optimizing, GCC 12 detects
and reports a stringop-overread warning:
tftpd.c: In function ‘write_behind.isra’:
tftpd.c:485:12: warning: ‘write’ reading between 1 and 2147483647 bytes from a region of size 0 [-Wstringop-overread]
485 | return write(test->ofile, writebuf, count);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from tftpd.c:71:
/usr/include/arpa/tftp.h:58:30: note: source object ‘tu_data’ of size 0
58 | char tu_data[0]; /* data or error string */
| ^~~~~~~
This occurs because writebuf points to this field and the latter
cannot be considered as being of dynamic length because it is not
the last field in the structure. Thus it is bound to its declared
size.
This commit always uses curl's own version of tftp.h where the
target field is last in its structure, effectively avoiding the
warning.
As HAVE_ARPA_TFTP_H is not used anymore, cmake/configure checks for
arpa/tftp.h are removed.
Closes#11897
Previously a build that disabled NTLM and aws-sigv4 would fail to build
since the hmac was disabled, but it is also needed for digest auth.
Follow-up to e92edfbef6Fixes#11890
Reported-by: Aleksander Mazur
Closes#11896
When bearer auth was disabled, the if/else logic got wrong and caused
problems.
Follow-up to e92edfbef6Fixes#11892
Reported-by: Aleksander Mazur
Closes#11895
Not the counter that accumulates all headers over all redirects.
Follow-up to 3ee79c1674
Do a second check for 20 times the limit for the accumulated size for
all headers.
Fixes#11871
Reported-by: Joshix-1 on github
Closes#11872
It was that small on purpose, but this change now adds the null byte to
avoid the error.
Follow-up to 3aa3cc9b05
Reported-by: Dan Fandrich
Ref: #11838Closes#11870
When creating new transfers for doing DoH, they now inherit the debug
settings from the initiating transfer, so that the application can
redirect and handle the verbose output correctly even for the DoH
transfers.
Reported-by: calvin2021y on github
Fixes#11864Closes#11869
When comparing with an empty part, the non-empty one is always
considered greater-than. Previously, the two would be considered equal
which would randomly place empty parts amongst non-empty ones. This
showed as a test 439 failure on Solaris as it uses a different
implementation of qsort() that compares parts differently.
Fixes#11855Closes#11868
Generate alphanumerical random strings.
Prior this change curl used to create random hex strings. This was
mostly okay, but having alphanumerical random strings is better: The
strings have more entropy in the same space.
The MIME multipart boundary used to be mere 64-bits of randomness due
to being 16 hex chars. With these changes the boundary is 22
alphanumerical chars, or little over 130 bits of randomness.
Closes#11838
Plus: reduce the hash table size from 256 to 63. It seems unlikely to
make much of a speed difference for most use cases but saves 1.5KB of
data per instance.
Closes#11862
- Use the ALLCAPS version of the macro so that it is clear a macro is
being called that evaluates the variable multiple times.
- Also capitalize macro isurlpuntcs => ISURLPUNTCS since it evaluates
a variable multiple times.
This is a follow-up to 291d225a which changed Curl_isunreserved into an
alias macro for ISUNRESERVED. The problem is the former is not easily
identified as a macro by the caller, which could lead to a bug.
For example, ISUNRESERVED(*foo++) is easily identifiable as wrong but
Curl_isunreserved(*foo++) is not even though they both are the same.
Closes https://github.com/curl/curl/pull/11846
- Handle user headers in format 'name:' and 'name;' with no value.
The former is used when the user wants to remove an internal libcurl
header and the latter is used when the user actually wants to send a
no-value header in the format 'name:' (note the semi-colon is converted
by libcurl to a colon).
Prior to this change the AWS header import code did not special case
either of those and the generated AWS SignedHeaders would be incorrect.
Reported-by: apparentorder@users.noreply.github.com
Ref: https://curl.se/docs/manpage.html#-H
Fixes https://github.com/curl/curl/issues/11664
Closes https://github.com/curl/curl/pull/11668
- Use CERT_CONTEXT's pbCertEncoded to determine chain order.
CERT_CONTEXT from SECPKG_ATTR_REMOTE_CERT_CONTEXT contains
end-entity/server certificate in pbCertEncoded. We can use this pointer
to determine the order of certificates when enumerating hCertStore using
CertEnumCertificatesInStore.
This change is to help ensure that the ordering of the certificate chain
requested by the user via CURLINFO_CERTINFO has the same ordering on all
versions of Windows.
Prior to this change Schannel certificate order was reversed in 8986df80
but that was later reverted in f540a39b when it was discovered that
Windows 11 22H2 does the reversal on its own.
Ref: https://github.com/curl/curl/issues/9706
Closes https://github.com/curl/curl/pull/11632
In https://www.rfc-editor.org/rfc/rfc2831#section-2.1.2
digest-uri-value should be serv-type "/" host , where host is:
The DNS host name or IP address for the service requested. The
DNS host name must be the fully-qualified canonical name of the
host. The DNS host name is the preferred form; see notes on server
processing of the digest-uri.
Realm may not be the host, so we must specify the host explicitly.
Note this change only affects the non-SSPI digest code. The digest code
used by SSPI builds already uses the hostname to generate the spn.
Ref: https://github.com/curl/curl/issues/11369
Closes https://github.com/curl/curl/pull/11395
Percent encoding needs to be done using uppercase, and most
non-alphanumerical must be percent-encoded.
Fixes#11794
Reported-by: John Walker
Closes#11806
- requests >64K are send in parts to the filter
- fix parsing of the request to assemble it correctly
from several sends
- open a QUIC stream only when the complete request has
been collected
Closes#11815
- we delay loading the x509 store to shorten the handshake time.
However an application callback installed via CURLOPT_SSL_CTX_FUNCTION
may need to have the store loaded and try to manipulate it.
- load the x509 store before invoking the app callback
Fixes#11800
Reported-by: guoxinvmware on github
Cloes #11805
