Because it reduces test coverage significantly:
```
TESTINFO: "curl has SSPI support" 109 times (64, 65, 67, 68, 69, 70, 72, 81, 88 and 100 more)
```
Follow-up to e53523fef0#14859Closes#14947
CI:
- GHA/windows: enable OpenSSH server, SysInternals `handle`, `impacket`.
Skip `impacket` on MSYS2 due to install failure.
Skip OpenSSH server for old/standalone mingw-w64 (building curl
without SSH there.)
- GHA/windows: make test tool installs a separate step.
- GHA/cygwin: enable OpenSSH server.
Skip `impacket`: it's compiling for 7 minutes then breaks.
Skip `stunnel` due to sluggish test run performance.
(This update is unrelated to Azure jobs.)
- GHA/linux: migrate Linux jobs from Azure CI.
- GHA/linux: migrate scanbuild job from Azure CI.
- GHA/linux: enable libssh2 in a job. Also enable valgrind.
- CI/windows: enable SSPI in two jobs.
- CI/windows: disable zlib in one more job.
- CI/windows: improve `if` condition checking GnuTLS.
- CI/windows: ignore SFTP/SCP tests as necessary.
- universally ignore SCP tests, they fail everywhere.
- ignore test 612.
- ignore test 613 616 618 with MSYS2 mingw-w64.
- ignore test 614 with libssh.
- ignore all SFTP with MSYS2 native.
- ignore all SFTP with vcpkg with `libssh2[core,zlib]`.
- ignore a couple of SFTP tests with MSYS2 mingw-w64.
(This matches settings on Azure CI.)
- GHA/windows: ignore failing 1451 'Basic SMB request' test for
old mingw-w64 7.3.0 (but not for 9.5.0!):
```
2024-09-11 21:45:59,738 ERROR smbComNegotiate: b'NT LM 0.12\x00' is not in list
[...]
curl: (7) Could not connect to server
[...]
FAIL 1451: 'Basic SMB request' SMB
```
Ref: https://github.com/curl/curl/actions/runs/10816280746/job/30007130770#step:13:3546
- CI/Azure: delete, now moved to GHA.
sshserver:
- sshserver: fix permissions for SSH host key on Windows, allowing sshd
to launch.
- sshserver: fix initializing config paths with Cygwin/MSYS2 sshd.
- sshserver: fix initializing config paths in parallel builds.
- sshserver: delete redundant `DenyUsers`. This also opens the way
to allow multiple usernames.
- sshserver: fix `AllowUsers` for GHA/windows, by allowing the
domainless username again.
Follow-up to 3ee7c676ec#5721
- sshserver: fix `Deprecated option` warnings in `sshd_config`:
```
D:/a/curl/curl/bld/tests/log/2/server/curl_sshd_config line 7: Deprecated option AuthorizedKeysFile2
D:/a/curl/curl/bld/tests/log/2/server/curl_sshd_config line 25: Deprecated option KeyRegenerationInterval
D:/a/curl/curl/bld/tests/log/2/server/curl_sshd_config line 35: Deprecated option RhostsRSAAuthentication
D:/a/curl/curl/bld/tests/log/2/server/curl_sshd_config line 36: Deprecated option RSAAuthentication
D:/a/curl/curl/bld/tests/log/2/server/curl_sshd_config line 37: Deprecated option ServerKeyBits
D:/a/curl/curl/bld/tests/log/2/server/curl_sshd_config line 41: Deprecated option UseLogin
```
- sshserver: fix `Deprecated option` warnings in `ssh_config` with
Cygwin/MSYS2.
- sshserver: fix dumping config files due to the filenames missing their
full paths.
- sshserver: add workaround to make `logmsg` messages visible.
Before this patch they only went to a file and never shown.
runtests:
- runtests: log details when these Windows commands are called:
`handle`, `taskkill`, `tasklist`.
- runtests: add documentation links to Windows tools:
`handle`, `taskkill`, `tasklist`, `icacls`.
- runtests: add `-t` (kill whole tree) option to `taskkill` in
`servers.pm`, syncing it with the other `taskkill` call.
Follow-up to bc72a78a11#14488
- runtests: show warning if Sysinternals `handle` tool is missing.
- runtests: drop Windows XP Home compatibility `tskill` call.
The call was made on all Windows versions. It's possibly overkill to
do this, because XP Home is probably rarely used for running curl
tests these days. In case it's needed, it'd be better to put it under
an explicit option.
- runtests: show Perl version and path.
Fix/silence fallouts:
- unit2603: fix building with disabled HTTP support.
- unit2604: silence `-Woverlength-strings` warnings in C89 mode.
- test437, test1614: fix to pass with no-IPv6 builds.
Closes#14859
There is a 4-5x difference in test run times. Make the reason more
obvious by adding valgrind to the job names.
Also:
- tidy up job names.
Closes#14853
- install impacket for cmake jobs.
- stop installing autotools for cmake jobs.
(also saving the extra seconds necessary for impacket install.)
- delete no longer necessary openssl pkg-config patch.
- `brew unlink openssl` unconditionally. This is safe, we no longer need
it at the default path, and the condition were never met anyway for
a while now.
- stop installing openssl, it's there on the base image.
(it was also missed for cmake, but that's okay)
before: https://github.com/curl/curl/actions/runs/10864438947/job/30149718802
after: https://github.com/curl/curl/actions/runs/10865247916/job/30151507582Closes#14911
* Documentation is updated to describe new required version, and to link
to the upstream README about cryptography providers.
* GitHub workflow is updated to fetch 0.14.0.
* Breaking changes in`lib/vtls/rustls.c` are addressed:
* The `rustls_client_config_builder_build()` function now uses an out
parameter for the built config instead of returning it directly.
This allows the building process to fail if the default crypto
provider state isn't appropriate, or another error condition occurs.
* Default ciphersuites are collected using renamed functions named to
make it clear the ciphersuites are associated with the default
crypto provider.
* Customization of ciphersuites is now done via
a `rustls_crypto_provider_builder` used to instantiate a
`rustls_crypto_provider`. The customized provider can then can be
used with `rustls_client_config_builder_new_custom` in place of
providing ciphersuites directly.
* `rustls_connection_get_negotiated_ciphersuite()` now returns the
ciphersuite ID directly.
Closes#14889
This verifies that using older autotools still works. The results of the
autoconf build should end up being identical to the second of the two
cmake builds (the difference in the platform string notwithstanding).
Closes#14816
The uploads are only used as a cache mechanism between jobs to save them
from having to re-run maketgz multiple times, so there is no need to
save the artifact longer than this.
Closes#14793
The SSL_Session object is mutated during connection inside openssl,
and it might not be thread-safe. Besides, according to documentation
of openssl:
```
SSL_SESSION objects keep internal link information about the session
cache list, when being inserted into one SSL_CTX object's session
cache. One SSL_SESSION object, regardless of its reference count,
must therefore only be used with one SSL_CTX object (and the SSL
objects created from this SSL_CTX object).
```
If I understand correctly, it is not safe to share it even in a
single thread.
Instead, serialize the SSL_SESSION before adding it to the cache,
and deserialize it after retrieving it from the cache, so that no
concurrent write to the same object is infeasible.
Also
- add a ci test for thread sanitizer
- add a test for sharing ssl sessions concurrently
- avoid redefining memory functions when not building libcurl, but
including the soruce in libtest
- increase the concurrent connections limit in sws
Notice that there are fix for a global data race for openssl which
is not yet release. The fix is cherry pick for the ci test with
thread sanitizer.
d8def79838Closes#14751
After this patch LDAPS is disabled by default when LDAP is manually
disabled.
This makes it unnecessary to disable them in sync manually just to avoid
a `CMakeLists.txt` warning.
Syncs behavior with `./configure`.
Closes#14758
Bring the option name style in sync with cmake and with other configure
options aiming to enable something unrelated to an optional package.
(I initially named this new option `--with-windows-unicode` within this
release cycle.)
Follow-up to 9e4a2187e7#14478Closes#14746
For cross-builds rely on `_POSIX_C_SOURCE` to decide if `poll()` is
supported, rather than just assuming it isn't.
This may still miss to detect `poll()` support, as seen for example with
Linux MUSL cross-builds.
Also:
- GHA/curl-for-win: enable RISC-V 64 cross-target for Linux MUSL.
(to test this case with cmake, with a false-negative.)
The first RISC-V 64 build in curl's CI.
- GHA/curl-for-win: add arm64/intel64 job for Linux glibc.
(to test this case with cmake, and succeed.)
- cmake: delete unnecessary `#include <sys/time.h>` from non-cross-build
`poll()` detection snippet.
Follow-up tp cc8b813765#14718Fixes#14714Closes#14734
Starting today vcpkg wants to rebuild GnuTLS but fails:
```
error: building shiftmedia-libgnutls:x64-windows failed with: BUILD_FAILED
```
Ref: https://github.com/curl/curl/actions/runs/10594890318/job/29359499149#step:5:144
Temporary solution:
- drop it from the MultiSSL job.
- replace with mbedTLS job. This job still tests libssh and I could
not find a better place for it right away.
GnuTLS to be restored once it builds again. Possibly when this hash
reaches the GHA `windows-latest` runner:
f5ec6f30ff
Also:
- switch to Debug for the mbedTLS job. Should also work now with
GnuTLS, once it's back:
Ref: https://github.com/microsoft/vcpkg/pull/40473Closes#14710
- GHA/macos: set timeout for test runs.
Double the value for autotools to fit torture tests.
- GHA/cygwin: reduce test run timeout for autotools.
- GHA/cygwin: enable building tests with cmake.
- GHA/windows: enable building tests with MSYS cmake.
- GHA/windows: enable building tests with MSVC UWP.
- appveyor: enable building tests with VS2008 x86 and VS2010 x64.
- tests: add workaround compiler warnings when building with VS2010:
```
tests\server\util.c(482): warning C4306: 'type cast' : conversion from 'int' to 'void (__cdecl *)(int)' of greater size
tests\server\util.c(486): warning C4306: 'type cast' : conversion from 'int' to 'void (__cdecl *)(int)' of greater size
tests\server\util.c(490): warning C4306: 'type cast' : conversion from 'int' to 'void (__cdecl *)(int)' of greater size
tests\server\util.c(720): warning C4306: 'type cast' : conversion from 'int' to 'void (__cdecl *)(int)' of greater size
tests\server\util.c(726): warning C4306: 'type cast' : conversion from 'int' to 'void (__cdecl *)(int)' of greater size
tests\server\util.c(732): warning C4306: 'type cast' : conversion from 'int' to 'void (__cdecl *)(int)' of greater size
tests\server\util.c(781): warning C4306: 'type cast' : conversion from 'int' to 'void (__cdecl *)(int)' of greater size
tests\server\util.c(785): warning C4306: 'type cast' : conversion from 'int' to 'void (__cdecl *)(int)' of greater size
tests\server\util.c(789): warning C4306: 'type cast' : conversion from 'int' to 'void (__cdecl *)(int)' of greater size
```
Ref: https://ci.appveyor.com/project/curlorg/curl/builds/50485633/job/4ujlwxod3cexmn2q#L1535
With this, tests are built in all GHA cygwin/windows jobs.
Timeouts avoid long runs with runaway issues, example:
https://github.com/curl/curl/actions/runs/10575522173Closes#14700
1. GHA/windows: enable WinIDN in Linux cross-builds.
(to reveal the issue in CI.)
2. fix compiler warning when building with mingw-w64 supporting
WinIDN, while targeting pre-Vista Windows, with a `WINVER` set to
target Vista or newer. (Such was Ubuntu's mingw-w64 with the
classic-mingw-specific trick in point 3 of this PR.)
```
../../lib/idn.c:154:23: error: redundant redeclaration of ‘IdnToAscii’ [-Werror=redundant-decls]
154 | WINBASEAPI int WINAPI IdnToAscii(DWORD dwFlags,
| ^~~~~~~~~~
In file included from /usr/share/mingw-w64/include/windows.h:73,
from /usr/share/mingw-w64/include/winsock2.h:23,
from ../../lib/setup-win32.h:91,
from ../../lib/curl_setup.h:308,
from ../../lib/idn.c:29:
/usr/share/mingw-w64/include/winnls.h:1075:30: note: previous declaration of ‘IdnToAscii’ was here
1075 | WINNORMALIZEAPI int WINAPI IdnToAscii (DWORD dwFlags, LPCWSTR lpUnicodeCharStr, int cchUnicodeChar, LPWSTR lpASCIICharStr, int cchASCIIChar);
| ^~~~~~~~~~
[...same for IdnToUnicode...]
```
Ref: https://github.com/curl/curl/actions/runs/10542832783/job/29210098553#step:7:89
3. drop `WINVER` override for classic-mingw. curl no longer supports
building with classic-mingw.
Reverts 37f1c21cb9#7581
4. sync `if IdnToUnicode can be linked` detection snippet with the live
code in `lib/idn.c`. It fixes detection for the scenario in point 2.
5. delete unused `WINIDN_DIR` variable.
Bug: https://github.com/curl/curl/pull/12606#issuecomment-1885381038
Previous abandoned attempt: #12684
Reviewed-by: Jay Satiro
Closes#14680
A number of checks don't match our style or are buggy and so are disabled.
Co-authored-by: Viktor Szakats <vszakats@users.noreply.github.com>
Fixes#14580Closes#14665
- configure: disable pthreads by default on Windows.
- configure: disable detecting `fseeko()` on Windows.
(It exists in mingw-w64 2.0.0 and newer, but it's permanently ignored
in CMake, as this function is never necessary on Windows.)
- extend existing exceptions with their Windows variants.
- `lib/formdata.c`: prioritize `_fseeki64()` over `fseeko()`.
To reduce the difference between Windows builds, which now all use
`_fseeki64()`.
- cmake: perm-enable `HAVE_DIRENT_H` and `HAVE_OPENDIR` for mingw-w64,
to match configure.
Follow-up to bfe54b0e88#13137
This in theory could make the dir listing feature work in mingw-w64
build, but in my tests (on WINE) it failed at the preceding `open()`
call.
- cmake: perm-enable `HAVE_STRINGS_H` and `HAVE_UTIME_H` for mingw-w64,
to match configure. (They are wrappers and make no difference in the build.)
Also:
- configure: sync `USE_MANUAL` macro with cmake, by only setting it for
`src`. Drop checker exception.
- CI: use `--disable-dependency-tracking` in existing jobs.
- CI: install packages before git checkout, in existing jobs.
Closes#14678
Also:
- add a line to CMake log output showing the host and target OS and CPU
when doing cross-builds.
- reduce excessive timeout for `curl -V` steps.
Closes#14661
A bunch of tiny jobs that run various source or documentation checks are
consolidated into two workflow files: checksrc.yml and checkdocs.yml.
This reduces the proliferation of new files containing one-line checks
and brings those that operate similarly together for better reasoning
about them. The man-examples check is also now running again for the
first time in 7 months.
Various calls to find, xargs and git ls-files are changed where possible
to use NUL line terminators in pipes to avoid issues with oddly-named
files that might find their way into the repo.
Closes#14654
- Install stunnel.
- Regenerate certificates (as SecureTransport requires a validity period
less than 398 days).
- Restart server if it is unresponsive.
- Do not hardcode the SHA-256 base64 public pinned key.
- Ignore test 313 as SecureTransport does not support crl file.
- Ignore tests 1631 and 1632 as SecureTransport is not yet able to shut
down FTP over HTTPS gracefully.
- Add a CMake target for generating certificates.
Closes#14486
This job unconditionally runs checksrc on ALL .c and .h files present in
git.
checksrc.pl: fixed to look for ".checksrc" in the same directory from
where it loads the file to check so that it an be invoked like this
Closes#14625
Running the http pytest had to be done from tests directory or above,
because the repeat argument fixture was defined in tests/conftest.py.
However, the repeat argument is not needed because its functionality
can be provided by pytest-repeat as documented in the test's
README.md. So, removed the pytest_addoption function for the repeat
argument and the pytest_report_header function is moved to
tests/http/conftest.py.
TODO: Remove repeat argument from all tests. As a stopgap, a
one-element list is defined for it for now.
Closes#14611
Drop `find_package(libssh CONFIG)` detection method in favour of
the Find module that supports both `pkg-config`, and CMake-native
(since #14555) detection.
This aligns `libssh` detection with other dependencies. It makes the
build honor custom configuration via `LIBSSH_INCLUDE_DIR`,
`LIBSSH_LIBRARY`.
Also enable libssh in a GHA/macos cmake job for build coverage.
Fixing:
- curl-for-win requiring a hack to configure libssh:
4f9acbed92/curl.sh (L255-L263)
- after #14555, GHA/windows gnutls vcpkg job no longer auto-detected
libssh, due to a regression missing to enable libssh when
found via `find_package(libssh CONFIG)`.
Ref: https://github.com/curl/curl/actions/runs/10470138955/job/28994650338
Follow-up to 422696f0a4#14555Closes#14614
