- cmake, config-*: drop unused `PACKAGE*`, `VERSION` variables.
- config-win32: indentation
- config-win32ce: drop mingw-specific code.
This header is not used with MinGW.
- config-win32ce: `_WIN64` is never true for Windows CE, drop.
Closes#15978
Delete the workaround added via a94a68a3c1
(2013-02-04). The commit message has no details. The comment mentions
"Dialog Hell", and seems to fix CMake missing to regenerate `CURL.sln`
with VS2010. It also added a FIXME saying the workaround can be deleted
with future versions of CMake.
At the time CMake's latest version was v2.8.10.
curl now requires v3.7 (2018) minimum, and v3.24 (2022) was the
latest CMake natively supporting VS2010. Assume this has since been
fixed.
Also: format an MSVC version reference in comment.
Closes#15973
Large file support requires `_fseeki64()`. This function is offered in
VS2005 and upper.
VS2003 has it in the static CRT only, with declaration missing from
headers, so it's not usable.
Ref: https://archive.org/details/X10-38445 (MS Visual Studio .NET 2003)
Ref: 8b76a8aeb2#15526Closes#15958
Build failed when both `ADDRESS_FAMILY` and `sockaddr_un` stuct were
missing from the Windows SDK, with UnixSockets enabled.
Seen with GNU 4.4.0 in CeGCC 0.59.1:
```
lib/curl_setup.h:983: error: expected specifier-qualifier-list before 'ADDRESS_FAMILY'
lib/curl_setup.h:985: warning: struct has no members
```
Also reported with VS2003:
https://datagirl.xyz/posts/wolfssl_curl_w2k.htmlCloses#15969
In effect it meant `_WIN32 && !USE_WIN32_LARGE_FILES`.
Replace it with these macros.
Also:
- configure: delete tautological check for small file support.
- configure: delete stray `_MSC_VER` reference. autotools does not
support MSVC.
- drop tautological checks for WinCE in `config-win32*.h` when setting
`USE_WIN32_LARGE_FILES`.
- merge related PP logic.
- prefer `#ifdef`, fix whitespace.
Suggested-by: Marcel Raad
Report: https://github.com/curl/curl/pull/15952#issuecomment-2580092328Closes#15968
- drop unused `LIBIDN_REQUIRED_VERSION` macro.
Unused since 9c91ec7781
- drop compatibility error for `CURL_WANTS_CA_BUNDLE_ENV`.
This macro was once set by `Makefile.mk` and Watcom makefiles.
They are no longer supported, making the compatibility message moot.
Follow-up to 7d7346519d#1542 (2017)
Follow-up to c2aeb1b3ba#1538 (2017)
- document last MSVC supporting the `!_MT` condition
Ref: https://stackoverflow.com/questions/2278919/are-the-time-functions-of-msvc-thread-safe
- flatten an `#if` tree, prefer `#ifdef`.
- fix/adjust indentation, whitespace.
Closes#15967
Dedupe and migrate MSVC-specific warning suppressions to `curl_setup.h`.
Make cmake set `_CRT_SECURE_NO_DEPRECATE` for examples and standalone
tests, and stop setting `_CRT_NONSTDC_NO_DEPRECATE` for them.
Details:
- drop version guards. On ancient MSVC version these macro are a no-op.
- move to `curl_setup.h` from `config-win32*.h`.
- sync macro values with CMake.
- cmake: stop setting them globally in favour of `curl_setup.h`.
- cmake: re-add these macros to `docs/examples` and `tests/http/clients`,
which do not use `curl_setup.h`.
- cmake: drop `_CRT_NONSTDC_NO_DEPRECATE` for examples and tests.
They build fine without.
- update comments.
Closes#15960
curl requires C compilers supporting 64-bit `curl_off_t` type since
835682661c#10597 (v8.0.0).
Assume the MSVC compiler offers the necessary support.
It makes curl require Visual Studio .NET 2003, v7.1 (`_MSC_VER = 1310`).
With the possibility that 1300 (Visual Studio .NET, v7.0, 2002), or 1200
(Visual C++, 32-bit, v6.0, 1998) may also work.
Follow-up to ca18198dd4#15952Closes#15955
The pending cookie RFC update (currently known as 6265bis draft-19) says
Let cookie-age-limit be the maximum age of the cookie (which name of
Max-Age and an attribute-value of expiry-time. SHOULD be 400 days or
less.
This change makes received cookies over the wire get capped to 400 days.
It does not cap the expiry date of cookies loaded from file.
It does this by rounding the expire time to a even minute. This, to
allow the test suite to do the same and have a chance to get the same
number for stable testing without requiring a debug build.
The test script generates TWO numbers in the output file for each
%days[] used in the input test file, and the function that subsequently
compares and verifies output is fine with *either* of the two numbers.
This is done so that if the test case is generated the second
immediately before curl runs, that updated expiry number is also deemed
okay. It still checks for an exact match of either number.
Closes#15937
When using early data with GnuTLS, the the timer `appconnect`
had the value from the "pretended" connect, not when the actual
TLS handshake was done.
Closes#15954
It's Visual C++, 32-bit, version 2.0, released in 1993. Used to verify
if `_INTEGRAL_MAX_BITS` is available.
After this patch we assume `_INTEGRAL_MAX_BITS` is always available in
MSVC.
Closes#15952
- drop version guard for `__inline`.
Supported since `_MSC_VER` 1000.
Visual C++, 32-bit, version 4.0 (1996)
- drop version guard for `__declspec(noreturn)` and `__forceinline`.
Supported since `_MSC_VER` 1200.
Visual C++, 32-bit, version 6.0 (1998)
For ancient versions, it's possible to override the default behaviour
by setting these macros via `CPPFLAGS`: `CURL_NORETURN`, `CURL_INLINE`,
`CURL_FORCEINLINE`
Closes#15946
We decided last year not to pursue avoiding this warning, because it
adds noise and friction, while in most cases not revealing actual code
issues. We fixed the interesting portion of them throughout mid-2024.
Conclude this effort by deleting related FIXMEs and temporary comments.
Follow-up to 3829759bd0#12489Closes#15939
This discussion:
https://github.com/openssl/openssl/discussions/23339#discussion-6094341
Specifically item number 2 (Send Blocking) was raised by the curl team,
noting that SSL_want_write returning false was not a good indicator of
when a stream is writeable. The suggestion in that discussion was to use
SSL_poll with an SSL_POLL_EVENT_W flag instead, as that is a proper
indication of when an SSL_object will allow writing without blocking.
While ssl_want_write updates its state based on the last error
encountered (implying a need to retry an operation to update the
last_error state again), SSL_poll checks stream buffer status during the
call, giving it more up to date information on request. This is the
method used by our guide demos (quic-hq-interop specifically), and it
works well.
This change has been run through the curl test suite, and shown to pass
all tests. However, given the initial problem description I'm not sure
if there is a test case that explicitly checks for blocking and
unblocking of streams. As such some additional testing may be warranted.
Closes#15909
The TE request header field is invalid in HTTP/2. Since clients may not
know in advance if a connection negotiates HTTP/2, automatically strip
such a header when h2 is in play.
Add test_01_10 to verify.
Reported-by: Jiri Stary
Fixes#15941Closes#15943
Adds the experimental feature `ssls-export` to libcurl and curl for
importing and exporting SSL sessions from/to a file.
* add functions to libcurl API
* add command line option `--ssl-sessions <filename>` to curl
* add documenation
* add support in configure
* add support in cmake
+ add pytest case
Closes#15924
- bump cookie counter and "creation time" to use 'unsigned int'
- use BIT() for single-bit struct field
- make invalid_octets() return bool properly
Closes#15921
MSVC 1900 and older is missing a `const` specifier in the `inet_ntop()`
declaration for the second argument. A workaround was in place for it
in cmake, but it didn't cover all necessary versions.
Replace the workaround with a different one, move it to `lib/inet_ntop.c`
and extend to all necessary MSVC versions.
Also add CI jobs for the older MSVC versions: 2013, 2015, 2017.
Closes#15923
Count connections to a host against a possibly configured destination
limit. Trigger multi `connchange` when a connection has been shutdown,
so pending transfers can try to get a connection once again.
Reported-by: baranyaib90 on github
Fixes#15857Closes#15879
Subparts may have been previously used as a top-level mime structure and
thus not rewound.
New test 695 checks the proper functioning in these particular conditions.
Reported-by: Qriist on github
Fixes#15842Closes#15911
This just adds a precaution and shows a clear intention in the code.
Added because CodeSonar is reporting a false positive Use After Free on
this function.
Closes#15889
curl_multi_waitfds(m, NULL, ...);
=> Curl_waitfds_init(&cwfds, ufds, size);
=> Curl_waitfds_add_ps(&cwfds);
=> cwfds_add_sock(cwfds, ...);
Would then try to use the ->wfds array while set to NULL previously.
This should not happen, which this is now also protected with an assert
to trigger debug builds if it happens.
Caught by CodeSonar
Assisted-by: Jay Satiro
Closes#15881
In OpenSSL < 3.0, the modularity was provided by mechanism called
"engines". This is supported in curl, but the engines got deprecated
with OpenSSL 3.0 in favor of more versatile providers.
This adds a support for OpenSSL Providers, to use PKCS#11 keys, namely
through the pkcs11 provider. This is done using similar approach as the
engines and this is automatically built in when the OpenSSL 3 and newer
is used.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Closes#15587
To make it build again with CMake + Android 20 and earlier.
8e34505776 synced `getpwuid_r()` detection
in cmake with autotools. It means cmake started detecting it with
Android <21 just like autotools, and thus cmake builds also need to
tackle the missing declaration with old Android SDK versions. Use a PP
solution, allowing to drop the autotools-specific on used before this
patch.
Follow-up to 8e34505776#15164
Follow-up to 9c33813d83#2609
Ref: #2058Closes#15871
- cmake: add auto-detection. Sync this with autotools.
- enable for MS-DOS and AmigaOS builds.
(auto-detection doesn't work for cross-builds.)
- tidy up detection snippet.
- fix comment.
Closes#15868
- Ensure that CURLM_OK is returned when curl_multi_remove_handle is
called with an already removed easy handle.
Prior to this change and since ba235ab2 which precedes 8.10.0, if
curl_multi_remove_handle was called with an already-removed easy handle
then the return code would be CURLM_OK or CURLM_BAD_EASY_HANDLE
depending respectively on whether the multi did or did not contain other
easy handles.
This change restores the old behavior of returning CURLM_OK in both
cases.
Reported-by: Ralph Sennhauser
Fixes https://github.com/curl/curl/issues/15844
Closes https://github.com/curl/curl/pull/15852
- Treat negative Retry-After date-based times as 0.
- Treat Retry-After times greater than 6 hours as 6 hours.
Prior to this change Retry-After did not have a limited range and the
server could have set a time greater than 6 hours or a date in the past
that would result in a negative time, either of which may be unexpected
by the user.
The 6 hour limit is purposely not documented so that it can be changed
in the future if necessary.
Closes https://github.com/curl/curl/pull/15833
mbedtls is picky when a mbedtls_ssl_write) was previously blocked. It
requires to be called with the same amount of bytes again, or it will
lose bytes, e.g. reporting all was sent but they were not. Remember the
blocked length and use that when set.
Reported-by: Tamás Bálint Misius
Fixes#15801Closes#15846
Use 'banfunc' and 'allowfunc' in .checksrc to specify which functions to
ban or allow to be used. This saves us from having to edit the script
going forward when we want to ban or allow specific functions.
This replaces a set of previous rules and all banned functions are now
checked with the BANNEDFUNC rule.
There is a set of default banned functions, shown by invoking
./checksrc.
Also, -a and -b options are added to specify allowed or banned functions
on the command line.
Closes#15835
The redirect logic was broken when the redirect-to URL was a relative
URL only as a fragment or query (starting with '#' or '?').
Extended test 1560 to reproduce, then verify.
Reported-by: Jeroen Ooms
Fixes#15836Closes#15848
- Make curl_multi_waitfds consistent with the documentation.
Issue Addressed:
- The documentation of curl_multi_waitfds indicates that users should
be able to call curl_multi_waitfds with a NULL ufds. However, before
this change, the function would return CURLM_BAD_FUNCTION_ARGUMENT.
- Additionally, the documentation suggests that users can use this
function to determine the number of file descriptors (fds) needed.
However, the function would stop counting fds if the supplied fds
were exhausted.
Changes Made:
- NULL ufds Handling: curl_multi_waitfds can now accept a NULL ufds if
size is also zero.
- Counting File Descriptors: If curl_multi_waitfds is passed a NULL
ufds, or the size of ufds is insufficient, the output parameter
fd_count will return the number of fds needed. This value may be
higher than actually needed but never lower.
Testing:
- Test 2405 has been updated to cover the usage scenarios described
above.
Fixes https://github.com/curl/curl/issues/15146
Closes https://github.com/curl/curl/pull/15155
