This fix impacts ws-data.c and ws-pingpong.c. sleep() replaced with
system PROCESS_DELAY_() having the same resolution as usleep().
Fixes#15711Closes#15712
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
The base64 mime encoder stalls when it cannot encode a full 3 byte input
set into the read buffer. The workaround for this limitation was
incomplete and could lead to stalled transfers when the last chunk to
upload was smaller than 4 bytes.
Use a tmp buffer on small reads to allow mime encoders more space to put
their things.
Add test case reproducing the issue and fix.
Reported-by: Alexis Savin
Fixes#15688Closes#15691
Fix regression that no longer printed the error messages about expired
certificates in openssl. Add test case for openssl/gnutls/wolfssl.
Fixes#15612
Reported-by: hiimmat on github
Closes#15613
Add test_02_33 to run with various values for the multi option
CURLMOPT_MAX_HOST_CONNECTIONS and CURLOPT_FRESH_CONNECT to trigger
connection pool limit handling code.
Closes#15494
Build wolfSSL master with
./configure --prefix=/path --enable-ip-alt-name --enable-quic
--enable-earlydata --enable-psk --enable-opensslcoexist
and configure curl with openssl + wolfssl. Normal tests run.
pytest session resumption fails, as wolfssl does not handle the
new_session callback without opensslextra right now.
Closes#15481
Changes to make a curl built with OpenSSL + GnuTLS to run successfully
in our pytests. Run
CURL_SSL_BACKEND=openssl pytest
to test a TLS backend other than the default.
Closes#15443
Add two test cases that connection using a hostname the server has no
certificate for. First, verify that the peer verification fail, as
expected. Second, provide '--insecure' to test that the connection
succeeded and returned some data.
Closes#15429
New args for scorecard.py:
* --remote ip:port to run tests against a remote server
* --start-only: to only start the servers, listing their ports
Start the server using "scorecard.py --start-only" on one machine and
then run the tests with "scorecard.py --remote ip:port" against that
machine.
Closes#15415
Use session cache for QUIC when built with quictls or wolfSSL.
Add test_017_10 for verifying QUIC TLS session reuse when built with
quictls, gnutls or wolfssl.
Closes#15358
Add length to session saves, making it clear that we are storing a byte
blob and allowing memcmp() on sameness check.
Remove some pytest skips for bearssl to see if they now work properly in
CI.
Closes#15395
Use mbedtls_ssl_session_load() and mbedtls_ssl_session_save() to convert
TLS sessions to byte blobs for the session cache.
Fix a skip message to better indicate why the test is skipped for
mbedtls.
Closes#15398
It reduces the number of synonym variables in the code.
Makes it easier to grok and grep.
- replace `CURL_SOURCE_DIR`
with `PROJECT_SOURCE_DIR`.
- replace `CURL_BINARY_DIR`
with `PROJECT_BINARY_DIR` or `CMAKE_CURRENT_BINARY_DIR`.
- replace a single use of `CMAKE_BINARY_DIR`
with `PROJECT_BINARY_DIR`.
- replace `CMAKE_CURRENT_*_DIR`
with `PROJECT_*_DIR` where it makes the code more uniform.
- quote an argument (formatting).
Closes#15331
We used to include a special mod_h2 in our CI that supports the
directive H2MaxDataFrameLen for test_02_20. Since then, ubuntu-lastest
includes a more recent apache httpd. Let's see if we can live without
the special.
Closes#15353
When a server signals EOS from its side and the curl upload is
unfinished and the server has not given a positive HTTP status response,
auto RST the stream to signal that the upload is incomplete and that the
whole transfer can be stopped.
Fixes the case where the server responds with 413 on an upload but does
not RST the stream from its side, as httpd and others do.
Reported-by: jkamp-aws on github
Fixes#15316Closes#15325
Once SSL_shutdown() has been called, OpenSSL does not really seem to
like it when it is called again and the other side has some finally data
to deliver.
Instead SSL_read() needs to be used solely, once the close notify has
been sent from curl's side.
Closes#15321
Override the system default config in test_17_09, since we want to check
all TLS versions. Provide own, empty config file to gnutls, so that any
system wide file has no effect.
The latest ubunu image in GH CI disables TLS 1.0 and 1.1
system wide for GnuTLS. Good intentions.
Closes#15310
vsftpd 3.0 at least writes its version number to stdin (!) instead of
stderr. This works due for backwards compatibility reasons in UNIX, so
we must check stdin for anything written there to reliably parse the
version string.
Closes#15278
Fix new issues found by `proselint`.
Also:
- silence this technical warning:
```
:0: DeprecationWarning: /home/runner/.proselintrc was found instead of a JSON file. Rename to /home/runner/.proselintrc.json.
```
- fix an input filename.
`proselints` fails now if an input file is missing.
Reported-by: Jay Satiro
Bug: https://github.com/curl/curl/pull/15291#issuecomment-2410505100Closes#15293
For TLSv1.3, if supported, observer special return code to retrieve
newly arrived session from mbedTLS.
Adjust test expectations now that TLSv1.3 session resumption works in
mbedTLS >= 3.6.0.
Based on #14135 by @ad-chaos
Closes#15245
Register a callback to get notified of new SSL sessions by wolfSSL.
Remove the explicit session retrieval after handshake, since this does
not work for TLSv1.3.
Adjust test expectations now that TLSv1.3 session resumption works
in wolfSSL.
Closes#15243
Add session reuse for QUIC transfers using GnuTLS. This does not include
support for TLS early data, yet.
Fix check of early data support in common GnuTLS init code to not access
the filter context, as the struct varies between TCP and QUIC
connections.
Closes#15265
Based on #14135, implement TLSv1.3 earlydata support for the curl
command line, libcurl and its implementation in GnuTLS.
If a known TLS session announces early data support, and the feature is
enabled *and* it is not a "connect-only" transfer, delay the TLS
handshake until the first request is being sent.
- Add --tls-earldata as new boolean command line option for curl.
- Add CURLSSLOPT_EARLYDATA to libcurl to enable use of the feature.
- Add CURLINFO_EARLYDATA_SENT_T to libcurl, reporting the amount of
bytes sent and accepted/rejected by the server.
Implementation details:
- store the ALPN protocol selected at the SSL session.
- When reusing the session and enabling earlydata, use exactly
that ALPN protocol for negoptiation with the server. When the
sessions ALPN does not match the connections ALPN, earlydata
will not be enabled.
- Check that the server selected the correct ALPN protocol for
an earlydata connect. If the server does not confirm or reports
something different, the connect fails.
- HTTP/2: delay sending the initial SETTINGS frames during connect,
if not connect-only.
Verification:
- add test_02_32 to verify earlydata GET with nghttpx.
- add test_07_70 to verify earlydata PUT with nghttpx.
- add support in 'hx-download', 'hx-upload' clients for the feature
Assisted-by: ad-chaos on github
Closes#15211
Due to timings on paused response receive, the error code may vary due
to the location where it is detected that the server closed the transfer
prematurely.
Be more lenient in always allowing PARTIAL_FILE as ok.
Closes#15138
When uploading FTP with unknown length, we write a last 0-length chunk
with the EOS flag set. OpenSSL's SSL_write() errors on such a write.
Skip writing 0-length data to TLS backends instead.
Add test in FTPS for such uploads to verify.
Fixes#15101
Reported-by: Denis Goleshchikhin
Closes#15102
It enables running pytests in cmake jobs, regardless of underlying build
tool choice (= makes it work with ninja.)
Also:
- drop pytest logic launching `make` and exiting in case of failure.
Maybe there is a better way and keep this functionality somehow, bind
it to a command-line option? make it fail softly?
- GHA/linux: invoke pytest via the build, not directly.
- autotools: add missing dummy runtests targets when cross-compiling.
Closes#15034
Suppress deprecation warnings the closest to the deprecated code, using
`CURL_IGNORE_DEPRECATION()`. Then drop build-specific suppressions, and
file-wide ones. The latter is not compatible with Unity mode. Also
replace manual suppressions with a macro to apply to all compilers with
deprecation warning support. Also enable deprecation warnings for clang.
- curl/curl.h: enable deprecation warnings for clang.
- docs/examples: stop setting `CURL_DISABLE_DEPRECATION` with autotools.
Suppression moved to C-level earlier. Syncs with cmake.
Follow-up to 5fc61a37c1#14123
- tests/http/clients: stop setting `CURL_DISABLE_DEPRECATION` in
autotools. If it becomes necessary in the future, it can be done in
C via the macro. Syncs with cmake.
- lib1545: stop setting `CURL_DISABLE_DEPRECATION` in autotools.
Drop guard from test source.
Follow-up to 0f10360073#12444
- libtest, unit: replace `CURL_DISABLE_DEPRECATION` with
`CURL_IGNORE_DEPRECATION()`.
- docs/examples: replace pragmas with `CURL_IGNORE_DEPRECATION()`.
Closes#14789
- When searching for existing connections, interpret the
default CURL_HTTP_VERSION_2TLS as "anything goes". This
will allow us to reuse HTTP/3 connections better
- add 'http/1.1' as allowed protocol identifier in Alt-Svc
files
- add test_02_0[345] for testing protocol selection on
provided alt-svc files
Fixes#14890
Reported-by: MacKenzie
Closes#14966
Some of the `.in` files were listed in `EXTRA_DIST`. Delete them.
`.in` files (passed to `AC_CONFIG_FILES`) are added automatically
to the distro by autotools.
Closes#14821
When uploading data from stdin ('-T -'), and the EOS was only detected
on a 0-length read, the EOS was not forwarded to the filters. This led
HTTP/2 to hang on not forwarding this to the server.
Added test_07_14 to reproduce and verify.
Fixes#14870
Reported-by: nekopsykose on github
Closes#14877
Do not give up connect on servers that are in draining state. This might
indicate the QUIC server restarting and the UDP packet routing still
hitting the instance shutting down.
Instead keep on connecting until the overall TIMEOUT fires.
Closes#14863
Follow-up to a07ba37b5e which did not
solve the issue of corrent polling for FTP active data connections.
Added test cases for active up-/download.
Closes#14786
Change mingw-w64 printf format checks in public curl headers to use
`__MINGW_PRINTF_FORMAT` instead of `gnu_printf`. This syncs the format
checker with format string macros published via `curl/system.h`. (Also
disable format checks for mingw-w64 older than 3.0.0 (2013-09-20) and
classic-mingw, which do not support this macro.)
This fixes bogus format checker `-Wformat` warnings in 3rd party code
using curl format strings with the curl printf functions, when using
mingw-w64 7.0.0 (2019-11-10) and older (with GCC, MSVCRT).
It also allows to delete two workaounds for this within curl itself:
- setting `-D__USE_MINGW_ANSI_STDIO=1` for mingw-w64 via cmake and
configure for `docs/examples` and `tests/http/clients`.
Ref: c730c8549b#14640
The format check macro is incompatible (depending on mingw-w64 version
and configuration) with the C99 `%z` (`size_t`) format string used
internally by curl.
To work around this problem, override the format check style in curl
public headers to use `gnu_printf`. This is compatible with `%z` in all
mingw-w64 versions and allows keeping the C99 format strings internally.
Also:
- lib/ws.c: add missing space to an error message.
- docs/examples/ftpgetinfo.c: fix to use standard printf.
Ref: #14643 (take 1)
Follow-up to 3829759bd0#12489Closes#14703
Adds test cases to check that plain http: with HTTP/2 works
via 'Upgrade: h2c' or --http2-prior-knowledge'.
Also added tests to check connection reused in these situations.
Closes#14694
Update IP related information at the connection and the transfer in two
places only: once the filter chain connects and when a transfer is added
to a connection. The latter only updates on reuse when the filters
already are connected.
The only user of that information before a full connect is the HAProxy
filter. Add cfilter CF_QUERY_IP_INFO query to let it find the
information from the filters "below".
This solves two issues with the previous version:
- updates where often done twice with the same info
- happy eyeballing filter "forks" could overwrite each others
updates before the full winner was determined.
Closes#14699
