The SHA-1 algorithm is deprecated (particularly for security-sensitive
applications) in a variety of OS environments. This already affects
RHEL-9 and derivatives, which are not willing to use certificates using
that algorithm. The fix is to use sha256 instead, which is already used
for most of the other certificates in the test suite.
Fixes#10135
This gets rid of issues related to sha1 signatures.
Manual steps after "make clean-certs" and "make build-certs":
- Copy tests/certs/stunnel-sv.pem to tests/stunnel.pem
(make clean-certs does not remove the original tests/stunnel.pem)
- Copy tests/certs/Server-localhost-sv.pubkey-pinned into --pinnedpubkey
options of tests/data/test2041 and tests/data/test2087
Closes#10153
The cookiefile entries are set into the handle and should remain set for
the lifetime of the handle so that duplicating it also duplicates the
list. Therefore, the struct field is moved from 'state' to 'set'.
Fixes#10133Closes#10134
Follow-up to ac612dfeee
strtoul() accepts a leading minus so better make sure there is none
Extended test 356 somewhat to use a huge negative 64 bit number that
otherwise becomes a low positive number.
Closes#10095
This commit fixes a bug in the dump-header feature regarding the
determination of the second fopen(3) option.
Reported-by: u20221022 on github
See #4753
See #4762Fixes#10074Closes#10079
Also, move the output of the nghttpx_h3 info to the general "Env:" line
in the test output header.
Reported-by: Marcel Raad
Ref: ca15b7512e (commitcomment-92015094)Closes#10044
The `crlf="yes"` attribute and "hyper mode" are now only applied on a
subset of dedicated sections: data, datacheck, stdout and protocol.
Updated test 2500 accordingly.
Also made test1 use crlf="yes" for <protocol>, mostly because it is
often used as a template test case. Going forward, using this attribute
we should be able to write test cases using linefeeds only and avoid
mixed line ending encodings.
Follow-up to ca15b7512eFixes#10009Closes#10010
- adding support for HTTP/3 test cases via a nghttpx server that is
build with ngtcp2 and nghttp3.
- test2500 is the first test case, performing a simple GET.
- nghttpx is checked for support and the 'feature' nghttpx-h3
is set accordingly. test2500 will only run, when supported.
- a specific nghttpx location can be given in the environment
variable NGHTTPX or via the configure option
--with-test-nghttpx=<path>
Extend NGHTTPX config to H2 tests as well
* use $ENV{NGHTTPX} and the configured default also in http2 server starts
* always provide the empty test/nghttpx.conf to nghttpx. as it defaults to
reading /etc/nghttpx/nghttpx.conf otherwise.
Added nghttpx to CI ngtcp2 jobs to run h3 tests.
Closes#9031
Added setting: RETRSIZE [size] in the <servercmd> section. When set this
will cause the test FTP server to return the size set (rather than the
actual size) in the acknowledgement from a RETR request.
Closes#9772
Prior to this change, DEBUGINFOD_URLS was always disabled by runtests
due to a report of it slowing down tests. However, some setups need it
to fetch debug symbols, and if it is disabled on those systems then curl
tests with valgrind will fail.
Reported-by: Mark Gaiser
Ref: #8805Closes#9950
1956 adds the sha256 value corresponding to an empty buffer
1957 adds an arbitrary value and confirms that the signature differs from 1956
1958 adds whitespace to 1957 and confirms that the signature matches 1957
1959 adds a value longer than 'char sha_hex[65]' in Curl_output_aws_sigv4()
Signed-off-by: Casey Bodley <cbodley@redhat.com>
Closes#9804
Reproduces #9735 and verifies the subsequent fix. The original issue
uses a pipe that cannot be rewound, but this test case instead sets a
callback without rewind ability to get roughly the same properties but
being a much more portable test.
- Load Windows system libraries secur32 and iphlpapi beforehand, so
that libcurl's repeated global init/cleanup only increases/decreases
the library's refcount rather than causing it to load/unload.
Assisted-by: Marc Hoersken
Closes https://github.com/curl/curl/pull/9412
Add a deprecated attribute to functions and enum values that should not
be used anymore.
This uses a gcc 4.3 dialect, thus is only available for this version of
gcc and newer. Note that the _Pragma() keyword is introduced by C99, but
is available as part of the gcc dialect even when compiling in C89 mode.
It is still possible to disable deprecation at a calling module compile
time by defining CURL_DISABLE_DEPRECATION.
Gcc type checking macros are made aware of possible deprecations.
Some testing support Perl programs are adapted to the extended
declaration syntax.
Several test and unit test C programs intentionally use deprecated
functions/options and are annotated to not generate a warning.
New test 1222 checks the deprecation status in doc and header files.
Closes#9667
Field feature_names contains a null-terminated sorted array of feature
names. Bitmask field features is deprecated.
Documentation is updated. Test 1177 and tests/version-scan.pl updated to
match new documentation format and extended to check feature names too.
Closes#9583
A regfression in 7.86.0 (via 1e9a538e05) made the tailmatch work
differently than before. This restores the logic to how it used to work:
All names listed in NO_PROXY are tailmatched against the used domain
name, if the lengths are identical it needs a full match.
Update the docs, update test 1614.
Reported-by: Stuart Henderson
Fixes#9842Closes#9858
