On Windows revents was not populated for extra_fds if
multi_wait had to wait due to the Curl_poll pre-check
not signalling any readiness. This commit fixes that.
Reviewed-by: Marcel Raad
Reviewed-by: Jay Satiro
Closes#9361
By default, the PFXImportCertStore API persists the key in the user's
key store (as though the certificate was being imported for permanent,
ongoing use.)
The documentation specifies that keys that are not to be persisted
should be imported with the flag `PKCS12_NO_PERSIST_KEY`.
NOTE: this flag is only supported on versions of Windows newer than XP
and Server 2003.
Fixes#9300Closes#9363
Ẃhen it has been used in the multi interface, it is otherwise left in
the connection cache, can't be reused and nothing will close them since
the easy handle loses the association with the multi handle and thus the
connection cache - until the multi handle is closed or it gets pruned
because the cache is full.
Reported-by: Dominik Thalhammer
Fixes#9335Closes#9342
Since the libssh2 API uses 'long' to store the timestamp, it cannot
transfer >32bit times on Windows and 32bit architecture builds.
Avoid nasty surprises by instead not setting such time.
Spotted by Coverity
Closes#9325
The libssh API used caps the time to an unsigned 32bit variable. Avoid
nasty surprises by instead not setting such time.
Spotted by Coverity.
Closes#9324
Before this patch `-nghttp3`/`-ngtcp2` had an effect only when `-ssl`
was also enabled. `-ssl` meaning OpenSSL (and its forks). After
8a13be227e nghttp3/ngtcp2 can also be
used together with wolfSSL. This patch adds the ability to enable
`-nghttp3`/`-ngtcp2` independently from `-ssl` (OpenSSL), allowing to
use it with wolfSSL or other, future TLS backends.
Before this patch, it was fine to enable `-nghttp3`/`-ngtcp2`
unconditionally. After this patch, this is no longer the case, and now
it's the user's responsibility to enable `-nghttp3`/`-ngtcp2` only
together with a compatible TLS backend.
When using a TLS backend other than OpenSSL, the TLS-specific ngtcp2
library must be configured manually, e.g.:
`export CURL_LDFLAG_EXTRAS=-lngtcp2_crypto_wolfssl`
(or via `NGTCP2_LIBS`)
Closes#9314
- based on ngtcp2 PR https://github.com/ngtcp2/ngtcp2/pull/505
- configure adapted to build against ngtcp2 wolfssl crypto lib
- quic code added for creation of WOLFSSL* instances
Closes#9290
memory debug tracking annotates whether the returned pointer does not
`alias`, hints where the size required is, for Windows to be better
debugged via Visual Studio.
Closes https://github.com/curl/curl/pull/9306
This commit splits the branch-heavy resolve_server() function into
various sub-functions, in order to reduce the amount of nested
if/else-statements.
Beside this, it also removes many else-sequences, by returning in the
previous if-statement.
Closes#9283
Following the footsteps of other clients like Firefox/Chrome. RFC 6761
says clients SHOULD do this.
Add test 389 to verify.
Reported-by: TheKnarf on github
Fixes#9192Closes#9296
This commit replaces a self-made character check for alphanumeric
characters within imap_is_bchar() with the ISALNUM() macro, as it is
reduces the size of the code and makes the performance better, due to
ASCII arithmetic.
Closes#9289
By (almost) sorting the struct fields in connectdata in a decending size
order, having the single char ones last, we reduce the number of holes
in the struct and thus the amount of storage needed.
Closes#9280
On AmigaOS 4.x, handle native absolute paths, whilst blocking relative
paths. Also allow unix style paths if feature enabled at link time.
Inspiration-from: Michael Trebilcock
Closes#9259
So that an address used from the DNS cache that was previously used for
QUIC can be reused for TCP and vice versa.
To make this possible, set conn->transport to "unix" for unix domain
connections ... and store the transport struct field in an unsigned char
to use less space.
Reported-by: ウさん
Fixes#9274Closes#9276
from: "curl: (58) unable to set client certificate"
to: curl: (58) unable to set client certificate [error:0A00018F:SSL
routines::ee key too small]
Closes#9228
AmiSSL v5 is the latest version, featuring a port of OpenSSL 3.0.
Support for previous OpenSSL 1.1.x versions has been dropped, so
makes sense to enforce v5 as the minimum requirement. This also
allows all the AmiSSL stub workarounds to be removed as they are
now provided in a link library in the AmiSSL SDK.
Closes#9267
When parsing the "qop=" parameter of the digest authentication, and the
value is provided within quotes, the list of values can have leading
white space which the parser previously did not handle correctly.
Add test case 388 to verify.
Reported-by: vlubart on github
Fixes#9264Closes#9270
- Support TLS 1.3 as the default max TLS version for Windows Server 2022
and Windows 11.
- Support specifying TLS 1.3 ciphers via existing option
CURLOPT_TLS13_CIPHERS (tool: --tls13-ciphers).
Closes https://github.com/curl/curl/pull/8419
The options were added in #6341 and d13179d, but cause problems: Lots of
POLLIN event occurs but recvfrom read nothing.
Reported-by: Tatsuhiro Tsujikawa
Fixes#9209Closes#9215
