As tested in test_02_07, when firing off 200 urls with --parallel, 199
wait for the first connection to be established. if that is multiuse,
urls are added up to its capacity.
The first url over capacity opens another connection. But subsequent
urls found the same situation and open a connection too. They should
have waited for the second connection to actually connect and make its
capacity known.
This change fixes that by
- setting `connkeep()` early in the HTTP setup handler. as otherwise
a new connection is marked as closeit by default and not considered
for multiuse at all
- checking the "connected" status for a candidate always and continuing
to PIPEWAIT if no alternative is found.
pytest:
- removed "skip" from test_02_07
- added test_02_07b to check that http/1.1 continues to work as before
Closes#10456
- sscanf is slow and complex, avoid it
- give up already if the string is 12 bytes or longer as no valid string
can be that long
- this can now be done without copy
Closes#10547
- Define OPENSSL_SUPPRESS_DEPRECATED.
OpenSSL 3 has deprecated some of the functions libcurl uses such as
those with DES, MD5 and ENGINE prefix. We don't have replacements for
those functions so the warnings were disabled in autotools and cmake
builds, but still showed in other builds.
Closes https://github.com/curl/curl/pull/10543
- sscanf() is rather complex and slow, strchr() much simpler
- the port number function does not need to fully verify the IPv6 address
anyway as it is done later in the hostname_check() function and doing
it twice is unnecessary.
Closes#10541
Add const qualifier to 5th argument of Curl_os400_sendto()
Make OS400 wrapper for sendto match the normal prototype of sendto()
with a const qualifier.
Fixes#10539Closes#10548
For SOCKS modes where a local host resolve is done.
It was previously disabled in 12d655d456, but a few local tests seem to
indicate that it works fine. Works now because of the SOCKS refactor of
4a4b63daaa that made it non-blocking.
Reported-by: roughtex on github
Fixes#10537Closes#10540
- connect timeout was used at half the configured value, if the
destination had 1 ip version 4 and other version 6 addresses
(or the other way around)
- extended test2600 to reproduce these cases
Reported-by: Michael Kaufmann
Fixes#10514Closes#10517
* do not process pending input data when copying pausedata to the
caller
* return CURLE_AGAIN if the output buffer could not be completely
written out.
Ref: #10525Closes#10529
Add an intermediate cast to `void *`, as done everywhere else when
casting from `sockaddr *` to `sockaddr_in *`.
Closes https://github.com/curl/curl/pull/10528
Turns out "/usr/include/et/com_err.h" typedefs this type (without proper
variable scoping).
comerr is the "common error description library" that apparently might be used
by krb5 code, which then makes this header get used in a curl build.
Reported-by: Bruno Henrique Batista Cruz da Silva
Fixed#10502Closes#10500
- adding pytest test_10 cases for proxy httpd setup tests
- fixing openssl bug in https: proxy hostname verification that
used the hostname of the request and not the proxy name.
Closes#10498
The protocol needs to know the size ahead of time, this is now a known
restriction and not a bug.
Also output a clearer error if the URL path does not contain proper
share.
Ref: #7896Closes#10484
This addresses undefined behaviour found using clang's UBsan:
curl/lib/setopt.c:177:14: runtime error: applying non-zero offset 1 to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior curl/lib/setopt.c:177:14 in
Closes#10472
Changes numeric error codes into verbose error codes in two places.
Adds a prefix indicating that the error came from rustls, and in some
places which function it came from.
Adds special handling for RUSTLS_RESULT_UNEXPECTED_EOF, since the
default message of "Unexpected EOF" is insufficiently explanatory.
Closes#10463
Follow-up to e8b00fcd6a
Due to the new 'if(!nonblocking)' check on the block a level above,
there is no need to check for it again within the same conditional.
Detected by Coverity
Closes#10473
vquic stabilization
- udp send code shared between ngtcp2 and quiche
- quiche handling of data and events improved
ngtcp2 and pytest improvements
- fixes handling of "drain" situations, discovered in scorecard
tests with the Caddy server.
- improvements in handling transfers that have already data or
are already closed to make an early return on recv
pytest
- adding caddy tests when available
scorecard improvemnts.
- using correct caddy port
- allowing tests for only httpd or caddy
Closes#10451
- as reported in #10433, HTTP/2 uploads may stall when a response is
received before the upload is done. This happens when the
data->state.drain is set for such a transfer, as the special handling
in transfer.c from then on only cared about downloads.
- add continuation of uploads, if applicable, in this case.
- add pytest case test_07_12_upload_seq_large to reproduce this scenario
(although, current nghttp2 implementation is using drain less often)
Reported-by: Lucas Pardue
Fixes#10433Closes#10443
If curl is built with openldap support (USE_OPENLDAP=1) but does not
have also some other protocol (IMAP/SMTP/POP3) enabled that brings
in Curl_sasl_* functions, then the build will fail with undefined
references to various symbols:
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_decode_mech'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_parse_url_auth_option'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_cleanup'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_can_authenticate'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_continue'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_start'
ld: ../lib/.libs/libcurl.so: undefined reference to `Curl_sasl_init'
This was tracked down to these functions bein used in openldap.c but
defined in curl_sasl.c and then forward in two vauth/ files to have
a guard against a set of #define configurations that was now extended
to cover also this case.
Example configuration targeted that could reproduce the problem:
curl 7.87.1-DEV () libcurl/7.87.1-DEV .... OpenLDAP/2.6.3
Protocols: file ftp ftps http https ldap ldaps
Closes#10445
Prior to this change a workaround for Windows to recv before every send
was enabled by default. The way it works is a recv is called before
every send and saves the received data, in case send fails because in
Windows apparently that can wipe out the socket's internal received
data buffer.
This feature has led to several bugs because the way libcurl operates
it waits on a socket to read or to write, and may not at all times
check for buffered receive data.
Two recent significant bugs this workaround caused:
- Broken Schannel TLS 1.3 connections (#9431)
- HTTP/2 arbitrary hangs (#10253)
The actual code remains though it is disabled by default. Though future
changes to connection filter buffering could improve the situation IMO
it's just not tenable to manage this workaround.
Ref: https://github.com/curl/curl/issues/657
Ref: https://github.com/curl/curl/pull/668
Ref: https://github.com/curl/curl/pull/720
Ref: https://github.com/curl/curl/issues/9431
Ref: https://github.com/curl/curl/issues/10253
Closes https://github.com/curl/curl/pull/10409
add a small buffer to nghttp2 session sending in order to aggregate
small SETTINGS/PRIO/WIN_UPDATE frames that nghttp2 "writes" to the
callback individually.
Ref: #10389Closes#10432
move Curl_ssl_setup_x509_store() call after the first send (ClientHello)
this gives time to parse CA anchors while waiting on the server reply
Ref: #10389Closes#10432
I believe the code was secure before this, but limiting the accepted
name length to what is used in the structures should help Coverity's
analysis.
Closes#10431
