From 25ec37489b9d5de93ae96056ffc3dd6ed1e65764 Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Fri, 15 Mar 2024 11:57:09 +0800 Subject: [PATCH 1/4] =?UTF-8?q?8.4.0=20=E5=8D=87=E7=BA=A7=E5=88=B0=208.6.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: liuxiyao223 --- .github/dependabot.yml | 6 + .github/scripts/badwords.pl | 67 + .github/scripts/badwords.txt | 46 + .github/scripts/cleancmd.pl | 52 + .github/scripts/codespell-ignore.txt | 15 + .github/scripts/verify-examples.pl | 110 + .github/scripts/verify-synopsis.pl | 80 + .github/workflows/badwords.yml | 27 + .github/workflows/codespell.yml | 36 + .github/workflows/man-examples.yml | 35 + .github/workflows/osslq-linux.yml | 233 ++ .github/workflows/synopsis.yml | 28 + CMake/CurlTests.c | 271 +- CMake/FindZstd.cmake | 7 + CMake/Macros.cmake | 23 +- CMake/OtherTests.cmake | 175 +- CMake/PickyWarnings.cmake | 65 +- CMake/Platforms/WindowsCache.cmake | 255 +- CMake/curl-config.cmake.in | 4 +- CMakeLists.txt | 715 ++-- COPYING | 63 +- Makefile.am | 139 +- RELEASE-NOTES | 619 +-- acinclude.m4 | 303 +- appveyor.sh | 160 + configure.ac | 280 +- docs/ALTSVC.md | 6 +- docs/BINDINGS.md | 2 + docs/BUGS.md | 2 +- docs/CIPHERS.md | 8 +- docs/CLIENT-WRITERS.md | 104 + docs/CMakeLists.txt | 8 +- docs/CODE_STYLE.md | 2 +- docs/CONNECTION-FILTERS.md | 149 +- docs/CONTRIBUTE.md | 16 +- docs/CURLDOWN.md | 125 + docs/DEPRECATE.md | 15 + docs/EXPERIMENTAL.md | 2 +- docs/FEATURES.md | 10 +- docs/GOVERNANCE.md | 2 +- docs/HISTORY.md | 2 +- docs/HSTS.md | 4 +- docs/HTTP-COOKIES.md | 19 + docs/HTTP3.md | 86 +- docs/HYPER.md | 4 + docs/INSTALL-CMAKE.md | 133 + docs/INSTALL.cmake | 89 - docs/INSTALL.md | 131 +- docs/KNOWN_BUGS | 41 +- docs/Makefile.am | 50 +- docs/NEW-PROTOCOL.md | 2 +- docs/PARALLEL-TRANSFERS.md | 6 +- docs/SECURITY-ADVISORY.md | 2 +- docs/SSLCERTS.md | 14 +- docs/THANKS | 81 + docs/TODO | 25 +- docs/TheArtOfHttpScripting.md | 43 +- docs/URL-SYNTAX.md | 8 +- docs/VULN-DISCLOSURE-POLICY.md | 14 +- docs/WEBSOCKET.md | 7 +- docs/cmdline-opts/CMakeLists.txt | 8 +- docs/cmdline-opts/MANPAGE.md | 59 +- docs/cmdline-opts/Makefile.am | 7 +- docs/cmdline-opts/Makefile.inc | 539 +-- docs/cmdline-opts/_AUTHORS.md | 5 + docs/cmdline-opts/_BUGS.md | 5 + docs/cmdline-opts/_DESCRIPTION.md | 11 + docs/cmdline-opts/_ENVIRONMENT.md | 114 + .../{page-footer => _EXITCODES.md} | 307 +- docs/cmdline-opts/_FILES.md | 6 + docs/cmdline-opts/_GLOBBING.md | 40 + docs/cmdline-opts/_NAME.md | 4 + docs/cmdline-opts/_OPTIONS.md | 26 + docs/cmdline-opts/_OUTPUT.md | 11 + docs/cmdline-opts/_PROGRESS.md | 25 + docs/cmdline-opts/_PROTOCOLS.md | 51 + docs/cmdline-opts/_PROXYPREFIX.md | 22 + docs/cmdline-opts/_SEEALSO.md | 5 + docs/cmdline-opts/_SYNOPSIS.md | 5 + docs/cmdline-opts/_URL.md | 28 + docs/cmdline-opts/_VARIABLES.md | 44 + docs/cmdline-opts/_VERSION.md | 15 + docs/cmdline-opts/_WWW.md | 4 + ...-unix-socket.d => abstract-unix-socket.md} | 10 +- docs/cmdline-opts/{alt-svc.d => alt-svc.md} | 11 +- docs/cmdline-opts/{anyauth.d => anyauth.md} | 12 +- docs/cmdline-opts/{append.d => append.md} | 11 +- .../{aws-sigv4.d => aws-sigv4.md} | 12 +- docs/cmdline-opts/{basic.d => basic.md} | 10 +- .../{ca-native.d => ca-native.md} | 21 +- docs/cmdline-opts/{cacert.d => cacert.md} | 17 +- docs/cmdline-opts/{capath.d => capath.md} | 11 +- .../{cert-status.d => cert-status.md} | 10 +- .../{cert-type.d => cert-type.md} | 12 +- docs/cmdline-opts/{cert.d => cert.md} | 37 +- docs/cmdline-opts/{ciphers.d => ciphers.md} | 12 +- .../{compressed-ssh.d => compressed-ssh.md} | 10 +- .../{compressed.d => compressed.md} | 10 +- docs/cmdline-opts/{config.d => config.md} | 44 +- .../{connect-timeout.d => connect-timeout.md} | 14 +- docs/cmdline-opts/connect-to.d | 24 - docs/cmdline-opts/connect-to.md | 30 + .../{continue-at.d => continue-at.md} | 12 +- .../{cookie-jar.d => cookie-jar.md} | 12 +- docs/cmdline-opts/{cookie.d => cookie.md} | 26 +- .../{create-dirs.d => create-dirs.md} | 11 +- ...create-file-mode.d => create-file-mode.md} | 10 +- docs/cmdline-opts/{crlf.d => crlf.md} | 10 +- docs/cmdline-opts/{crlfile.d => crlfile.md} | 11 +- docs/cmdline-opts/{curves.d => curves.md} | 16 +- .../{data-ascii.d => data-ascii.md} | 12 +- .../{data-binary.d => data-binary.md} | 10 +- docs/cmdline-opts/{data-raw.d => data-raw.md} | 12 +- .../{data-urlencode.d => data-urlencode.md} | 35 +- docs/cmdline-opts/{data.d => data.md} | 16 +- .../{delegation.d => delegation.md} | 23 +- docs/cmdline-opts/{digest.d => digest.md} | 12 +- .../{disable-eprt.d => disable-eprt.md} | 11 +- .../{disable-epsv.d => disable-epsv.md} | 11 +- docs/cmdline-opts/{disable.d => disable.md} | 10 +- ...e-in-url.d => disallow-username-in-url.md} | 13 +- .../{dns-interface.d => dns-interface.md} | 11 +- .../{dns-ipv4-addr.d => dns-ipv4-addr.md} | 11 +- .../{dns-ipv6-addr.d => dns-ipv6-addr.md} | 11 +- .../{dns-servers.d => dns-servers.md} | 12 +- .../{doh-cert-status.d => doh-cert-status.md} | 10 +- .../{doh-insecure.d => doh-insecure.md} | 10 +- docs/cmdline-opts/{doh-url.d => doh-url.md} | 10 +- .../{dump-header.d => dump-header.md} | 10 +- docs/cmdline-opts/{egd-file.d => egd-file.md} | 10 +- docs/cmdline-opts/{engine.d => engine.md} | 11 +- .../{etag-compare.d => etag-compare.md} | 11 +- .../{etag-save.d => etag-save.md} | 10 +- ...pect100-timeout.d => expect100-timeout.md} | 10 +- .../{fail-early.d => fail-early.md} | 11 +- .../{fail-with-body.d => fail-with-body.md} | 11 +- docs/cmdline-opts/{fail.d => fail.md} | 11 +- .../{false-start.d => false-start.md} | 10 +- .../{form-escape.d => form-escape.md} | 10 +- .../{form-string.d => form-string.md} | 10 +- docs/cmdline-opts/{form.d => form.md} | 62 +- .../{ftp-account.d => ftp-account.md} | 10 +- ...e-to-user.d => ftp-alternative-to-user.md} | 11 +- .../{ftp-create-dirs.d => ftp-create-dirs.md} | 10 +- .../{ftp-method.d => ftp-method.md} | 26 +- docs/cmdline-opts/{ftp-pasv.d => ftp-pasv.md} | 10 +- docs/cmdline-opts/{ftp-port.d => ftp-port.md} | 42 +- docs/cmdline-opts/{ftp-pret.d => ftp-pret.md} | 11 +- ...ftp-skip-pasv-ip.d => ftp-skip-pasv-ip.md} | 10 +- ...ftp-ssl-ccc-mode.d => ftp-ssl-ccc-mode.md} | 10 +- .../{ftp-ssl-ccc.d => ftp-ssl-ccc.md} | 11 +- .../{ftp-ssl-control.d => ftp-ssl-control.md} | 14 +- docs/cmdline-opts/gen.pl | 431 +- docs/cmdline-opts/{get.d => get.md} | 16 +- docs/cmdline-opts/{globoff.d => globoff.md} | 11 +- ...eout-ms.d => happy-eyeballs-timeout-ms.md} | 11 +- ...haproxy-clientip.d => haproxy-clientip.md} | 14 +- ...haproxy-protocol.d => haproxy-protocol.md} | 10 +- docs/cmdline-opts/{head.d => head.md} | 12 +- docs/cmdline-opts/{header.d => header.md} | 20 +- docs/cmdline-opts/{help.d => help.md} | 10 +- .../{hostpubmd5.d => hostpubmd5.md} | 16 +- .../{hostpubsha256.d => hostpubsha256.md} | 10 +- docs/cmdline-opts/{hsts.d => hsts.md} | 10 +- docs/cmdline-opts/{http0.9.d => http0.9.md} | 12 +- docs/cmdline-opts/{http1.0.d => http1.0.md} | 11 +- docs/cmdline-opts/{http1.1.d => http1.1.md} | 11 +- ...r-knowledge.d => http2-prior-knowledge.md} | 11 +- docs/cmdline-opts/{http2.d => http2.md} | 12 +- .../{http3-only.d => http3-only.md} | 13 +- docs/cmdline-opts/{http3.d => http3.md} | 12 +- ...tent-length.d => ignore-content-length.md} | 10 +- docs/cmdline-opts/{include.d => include.md} | 17 +- docs/cmdline-opts/{insecure.d => insecure.md} | 14 +- .../{interface.d => interface.md} | 12 +- docs/cmdline-opts/ipfs-gateway.d | 44 - docs/cmdline-opts/ipfs-gateway.md | 39 + docs/cmdline-opts/{ipv4.d => ipv4.md} | 11 +- docs/cmdline-opts/{ipv6.d => ipv6.md} | 11 +- docs/cmdline-opts/{json.d => json.md} | 23 +- ...sion-cookies.d => junk-session-cookies.md} | 11 +- .../{keepalive-time.d => keepalive-time.md} | 17 +- docs/cmdline-opts/{key-type.d => key-type.md} | 10 +- docs/cmdline-opts/{key.d => key.md} | 17 +- docs/cmdline-opts/{krb.d => krb.md} | 11 +- docs/cmdline-opts/{libcurl.d => libcurl.md} | 10 +- .../{limit-rate.d => limit-rate.md} | 16 +- .../{list-only.d => list-only.md} | 11 +- .../{local-port.d => local-port.md} | 12 +- ...location-trusted.d => location-trusted.md} | 12 +- docs/cmdline-opts/{location.d => location.md} | 11 +- .../{login-options.d => login-options.md} | 19 +- .../{mail-auth.d => mail-auth.md} | 11 +- .../{mail-from.d => mail-from.md} | 11 +- ...t-allowfails.d => mail-rcpt-allowfails.md} | 10 +- .../{mail-rcpt.d => mail-rcpt.md} | 10 +- docs/cmdline-opts/mainpage.idx | 43 + docs/cmdline-opts/{manual.d => manual.md} | 12 +- .../{max-filesize.d => max-filesize.md} | 10 +- .../{max-redirs.d => max-redirs.md} | 10 +- docs/cmdline-opts/{max-time.d => max-time.md} | 15 +- docs/cmdline-opts/{metalink.d => metalink.md} | 10 +- .../{negotiate.d => negotiate.md} | 13 +- .../{netrc-file.d => netrc-file.md} | 12 +- .../{netrc-optional.d => netrc-optional.md} | 10 +- docs/cmdline-opts/{netrc.d => netrc.md} | 18 +- docs/cmdline-opts/{next.d => next.md} | 15 +- docs/cmdline-opts/{no-alpn.d => no-alpn.md} | 11 +- .../{no-buffer.d => no-buffer.md} | 10 +- .../{no-clobber.d => no-clobber.md} | 13 +- .../{no-keepalive.d => no-keepalive.md} | 10 +- docs/cmdline-opts/{no-npn.d => no-npn.md} | 11 +- ...-progress-meter.d => no-progress-meter.md} | 11 +- .../{no-sessionid.d => no-sessionid.md} | 10 +- docs/cmdline-opts/{noproxy.d => noproxy.md} | 26 +- docs/cmdline-opts/{ntlm-wb.d => ntlm-wb.md} | 13 +- docs/cmdline-opts/{ntlm.d => ntlm.md} | 10 +- .../{oauth2-bearer.d => oauth2-bearer.md} | 12 +- .../{output-dir.d => output-dir.md} | 11 +- docs/cmdline-opts/{output.d => output.md} | 30 +- docs/cmdline-opts/page-header | 258 -- ...llel-immediate.d => parallel-immediate.md} | 11 +- .../{parallel-max.d => parallel-max.md} | 10 +- docs/cmdline-opts/{parallel.d => parallel.md} | 11 +- docs/cmdline-opts/{pass.d => pass.md} | 11 +- .../{path-as-is.d => path-as-is.md} | 10 +- .../{pinnedpubkey.d => pinnedpubkey.md} | 12 +- docs/cmdline-opts/{post301.d => post301.md} | 12 +- docs/cmdline-opts/{post302.d => post302.md} | 12 +- docs/cmdline-opts/{post303.d => post303.md} | 12 +- docs/cmdline-opts/{preproxy.d => preproxy.md} | 11 +- .../{progress-bar.d => progress-bar.md} | 10 +- .../{proto-default.d => proto-default.md} | 11 +- .../{proto-redir.d => proto-redir.md} | 12 +- docs/cmdline-opts/{proto.d => proto.md} | 48 +- .../{proxy-anyauth.d => proxy-anyauth.md} | 12 +- .../{proxy-basic.d => proxy-basic.md} | 12 +- .../{proxy-ca-native.d => proxy-ca-native.md} | 21 +- .../{proxy-cacert.d => proxy-cacert.md} | 13 +- .../{proxy-capath.d => proxy-capath.md} | 12 +- .../{proxy-cert-type.d => proxy-cert-type.md} | 10 +- .../{proxy-cert.d => proxy-cert.md} | 10 +- .../{proxy-ciphers.d => proxy-ciphers.md} | 12 +- .../{proxy-crlfile.d => proxy-crlfile.md} | 11 +- .../{proxy-digest.d => proxy-digest.md} | 12 +- .../{proxy-header.d => proxy-header.md} | 14 +- .../{proxy-http2.d => proxy-http2.md} | 10 +- .../{proxy-insecure.d => proxy-insecure.md} | 11 +- .../{proxy-key-type.d => proxy-key-type.md} | 11 +- .../{proxy-key.d => proxy-key.md} | 11 +- .../{proxy-negotiate.d => proxy-negotiate.md} | 11 +- .../{proxy-ntlm.d => proxy-ntlm.md} | 11 +- .../{proxy-pass.d => proxy-pass.md} | 11 +- ...y-pinnedpubkey.d => proxy-pinnedpubkey.md} | 13 +- ...y-service-name.d => proxy-service-name.md} | 11 +- ...allow-beast.d => proxy-ssl-allow-beast.md} | 11 +- ...t-cert.d => proxy-ssl-auto-client-cert.md} | 11 +- ...tls13-ciphers.d => proxy-tls13-ciphers.md} | 12 +- ...oxy-tlsauthtype.d => proxy-tlsauthtype.md} | 11 +- ...oxy-tlspassword.d => proxy-tlspassword.md} | 11 +- .../{proxy-tlsuser.d => proxy-tlsuser.md} | 11 +- .../{proxy-tlsv1.d => proxy-tlsv1.md} | 10 +- .../{proxy-user.d => proxy-user.md} | 10 +- docs/cmdline-opts/{proxy.d => proxy.md} | 11 +- docs/cmdline-opts/{proxy1.0.d => proxy1.0.md} | 12 +- .../{proxytunnel.d => proxytunnel.md} | 10 +- docs/cmdline-opts/{pubkey.d => pubkey.md} | 10 +- docs/cmdline-opts/{quote.d => quote.md} | 61 +- .../{random-file.d => random-file.md} | 10 +- docs/cmdline-opts/{range.d => range.md} | 47 +- docs/cmdline-opts/{rate.d => rate.md} | 15 +- docs/cmdline-opts/{raw.d => raw.md} | 10 +- docs/cmdline-opts/{referer.d => referer.md} | 15 +- ...te-header-name.d => remote-header-name.md} | 10 +- .../{remote-name-all.d => remote-name-all.md} | 10 +- .../{remote-name.d => remote-name.md} | 12 +- .../{remote-time.d => remote-time.md} | 11 +- .../{remove-on-error.d => remove-on-error.md} | 12 +- .../{request-target.d => request-target.md} | 13 +- docs/cmdline-opts/{request.d => request.md} | 40 +- docs/cmdline-opts/{resolve.d => resolve.md} | 13 +- ...retry-all-errors.d => retry-all-errors.md} | 10 +- ...try-connrefused.d => retry-connrefused.md} | 11 +- .../{retry-delay.d => retry-delay.md} | 10 +- .../{retry-max-time.d => retry-max-time.md} | 10 +- docs/cmdline-opts/{retry.d => retry.md} | 10 +- .../{sasl-authzid.d => sasl-authzid.md} | 10 +- docs/cmdline-opts/{sasl-ir.d => sasl-ir.md} | 10 +- .../{service-name.d => service-name.md} | 11 +- .../{show-error.d => show-error.md} | 10 +- docs/cmdline-opts/{silent.d => silent.md} | 12 +- docs/cmdline-opts/{socks4.d => socks4.md} | 14 +- docs/cmdline-opts/{socks4a.d => socks4a.md} | 14 +- .../{socks5-basic.d => socks5-basic.md} | 12 +- ...cks5-gssapi-nec.d => socks5-gssapi-nec.md} | 10 +- ...api-service.d => socks5-gssapi-service.md} | 10 +- .../{socks5-gssapi.d => socks5-gssapi.md} | 12 +- .../{socks5-hostname.d => socks5-hostname.md} | 13 +- docs/cmdline-opts/{socks5.d => socks5.md} | 13 +- .../{speed-limit.d => speed-limit.md} | 18 +- .../{speed-time.d => speed-time.md} | 11 +- .../{ssl-allow-beast.d => ssl-allow-beast.md} | 18 +- ...-client-cert.d => ssl-auto-client-cert.md} | 11 +- .../{ssl-no-revoke.d => ssl-no-revoke.md} | 11 +- docs/cmdline-opts/{ssl-reqd.d => ssl-reqd.md} | 11 +- ...est-effort.d => ssl-revoke-best-effort.md} | 12 +- docs/cmdline-opts/{ssl.d => ssl.md} | 12 +- docs/cmdline-opts/{sslv2.d => sslv2.md} | 11 +- docs/cmdline-opts/{sslv3.d => sslv3.md} | 11 +- docs/cmdline-opts/{stderr.d => stderr.md} | 11 +- .../{styled-output.d => styled-output.md} | 11 +- ...-headers.d => suppress-connect-headers.md} | 12 +- .../{tcp-fastopen.d => tcp-fastopen.md} | 9 +- .../{tcp-nodelay.d => tcp-nodelay.md} | 10 +- .../{telnet-option.d => telnet-option.md} | 27 +- .../{tftp-blksize.d => tftp-blksize.md} | 10 +- .../{tftp-no-options.d => tftp-no-options.md} | 10 +- .../{time-cond.d => time-cond.md} | 15 +- docs/cmdline-opts/{tls-max.d => tls-max.md} | 32 +- .../{tls13-ciphers.d => tls13-ciphers.md} | 12 +- .../{tlsauthtype.d => tlsauthtype.md} | 11 +- .../{tlspassword.d => tlspassword.md} | 11 +- docs/cmdline-opts/{tlsuser.d => tlsuser.md} | 11 +- docs/cmdline-opts/{tlsv1.0.d => tlsv1.0.md} | 10 +- docs/cmdline-opts/{tlsv1.1.d => tlsv1.1.md} | 11 +- docs/cmdline-opts/{tlsv1.2.d => tlsv1.2.md} | 11 +- docs/cmdline-opts/{tlsv1.3.d => tlsv1.3.md} | 11 +- docs/cmdline-opts/{tlsv1.d => tlsv1.md} | 11 +- .../{tr-encoding.d => tr-encoding.md} | 10 +- .../{trace-ascii.d => trace-ascii.md} | 11 +- .../{trace-config.d => trace-config.md} | 11 +- .../{trace-ids.d => trace-ids.md} | 11 +- .../{trace-time.d => trace-time.md} | 11 +- docs/cmdline-opts/{trace.d => trace.md} | 13 +- .../{unix-socket.d => unix-socket.md} | 10 +- .../{upload-file.d => upload-file.md} | 19 +- .../{url-query.d => url-query.md} | 19 +- docs/cmdline-opts/{url.d => url.md} | 11 +- .../{use-ascii.d => use-ascii.md} | 11 +- .../{user-agent.d => user-agent.md} | 11 +- docs/cmdline-opts/{user.d => user.md} | 15 +- docs/cmdline-opts/{variable.d => variable.md} | 29 +- docs/cmdline-opts/{verbose.d => verbose.md} | 13 +- docs/cmdline-opts/{version.d => version.md} | 104 +- .../{write-out.d => write-out.md} | 286 +- docs/cmdline-opts/{xattr.d => xattr.md} | 16 +- docs/{curl-config.1 => curl-config.md} | 146 +- docs/examples/10-at-a-time.c | 4 +- docs/examples/Makefile.inc | 7 + docs/examples/Makefile.mk | 26 +- docs/examples/address-scope.c | 62 + docs/examples/anyauthput.c | 14 +- docs/examples/chkspeed.c | 8 +- docs/examples/cookie_interface.c | 2 +- docs/examples/debug.c | 5 +- docs/examples/externalsocket.c | 8 +- docs/examples/ftpget.c | 2 +- docs/examples/ftpsget.c | 2 +- docs/examples/ftpupload.c | 2 +- docs/examples/http2-download.c | 9 +- docs/examples/http2-serverpush.c | 5 +- docs/examples/http2-upload.c | 5 +- docs/examples/interface.c | 52 + docs/examples/ipv6.c | 26 +- docs/examples/keepalive.c | 55 + docs/examples/localport.c | 53 + docs/examples/multi-debugcallback.c | 5 +- docs/examples/netrc.c | 49 + .../sethostname.h => docs/examples/range.c | 35 +- docs/examples/rtsp-options.c | 55 + docs/examples/sendrecv.c | 11 + docs/examples/sftpget.c | 2 +- docs/examples/synctime.c | 6 +- docs/libcurl/CMakeLists.txt | 49 +- docs/libcurl/Makefile.am | 54 +- docs/libcurl/curl_easy_cleanup.md | 76 + docs/libcurl/curl_easy_duphandle.md | 72 + docs/libcurl/curl_easy_escape.md | 75 + docs/libcurl/curl_easy_getinfo.md | 483 +++ docs/libcurl/curl_easy_header.md | 160 + docs/libcurl/curl_easy_init.md | 73 + docs/libcurl/curl_easy_nextheader.md | 100 + docs/libcurl/curl_easy_option_by_id.md | 54 + docs/libcurl/curl_easy_option_by_name.md | 53 + docs/libcurl/curl_easy_option_next.md | 89 + .../{curl_easy_pause.3 => curl_easy_pause.md} | 135 +- docs/libcurl/curl_easy_perform.md | 83 + docs/libcurl/curl_easy_recv.md | 103 + docs/libcurl/curl_easy_reset.md | 56 + docs/libcurl/curl_easy_send.md | 95 + docs/libcurl/curl_easy_setopt.md | 1381 +++++++ docs/libcurl/curl_easy_strerror.md | 59 + docs/libcurl/curl_easy_unescape.md | 73 + docs/libcurl/curl_easy_upkeep.md | 77 + docs/libcurl/curl_escape.md | 58 + docs/libcurl/curl_formadd.md | 313 ++ docs/libcurl/curl_formfree.md | 76 + docs/libcurl/curl_formget.md | 72 + docs/libcurl/curl_free.md | 52 + .../{curl_getdate.3 => curl_getdate.md} | 164 +- docs/libcurl/curl_getenv.md | 57 + docs/libcurl/curl_global_cleanup.md | 74 + ...curl_global_init.3 => curl_global_init.md} | 125 +- docs/libcurl/curl_global_init_mem.md | 95 + docs/libcurl/curl_global_sslset.md | 138 + ...rl_global_trace.3 => curl_global_trace.md} | 117 +- docs/libcurl/curl_mime_addpart.md | 70 + docs/libcurl/curl_mime_data.md | 76 + ...rl_mime_data_cb.3 => curl_mime_data_cb.md} | 133 +- docs/libcurl/curl_mime_encoder.md | 100 + docs/libcurl/curl_mime_filedata.md | 88 + docs/libcurl/curl_mime_filename.md | 79 + docs/libcurl/curl_mime_free.md | 65 + docs/libcurl/curl_mime_headers.md | 78 + docs/libcurl/curl_mime_init.md | 72 + docs/libcurl/curl_mime_name.md | 67 + docs/libcurl/curl_mime_subparts.md | 83 + docs/libcurl/curl_mime_type.md | 86 + .../{curl_mprintf.3 => curl_mprintf.md} | 323 +- docs/libcurl/curl_multi_add_handle.md | 88 + docs/libcurl/curl_multi_assign.md | 81 + docs/libcurl/curl_multi_cleanup.md | 65 + docs/libcurl/curl_multi_fdset.md | 119 + docs/libcurl/curl_multi_get_handles.md | 77 + docs/libcurl/curl_multi_info_read.md | 102 + docs/libcurl/curl_multi_init.md | 57 + docs/libcurl/curl_multi_perform.md | 107 + docs/libcurl/curl_multi_poll.md | 128 + docs/libcurl/curl_multi_remove_handle.md | 73 + docs/libcurl/curl_multi_setopt.md | 125 + docs/libcurl/curl_multi_socket.md | 95 + docs/libcurl/curl_multi_socket_action.md | 120 + docs/libcurl/curl_multi_socket_all.3 | 1 - docs/libcurl/curl_multi_socket_all.md | 95 + docs/libcurl/curl_multi_strerror.md | 51 + docs/libcurl/curl_multi_timeout.md | 89 + docs/libcurl/curl_multi_wait.md | 121 + docs/libcurl/curl_multi_wakeup.md | 91 + docs/libcurl/curl_pushheader_byname.md | 82 + docs/libcurl/curl_pushheader_bynum.md | 69 + docs/libcurl/curl_share_cleanup.md | 54 + docs/libcurl/curl_share_init.md | 56 + docs/libcurl/curl_share_setopt.md | 71 + docs/libcurl/curl_share_strerror.md | 50 + docs/libcurl/curl_slist_append.md | 75 + docs/libcurl/curl_slist_free_all.md | 58 + docs/libcurl/curl_strequal.md | 57 + docs/libcurl/curl_strnequal.3 | 1 - docs/libcurl/curl_strnequal.md | 57 + docs/libcurl/curl_unescape.md | 65 + docs/libcurl/curl_url.md | 64 + docs/libcurl/curl_url_cleanup.md | 51 + docs/libcurl/curl_url_dup.md | 56 + docs/libcurl/curl_url_get.md | 210 + .../{curl_url_set.3 => curl_url_set.md} | 241 +- docs/libcurl/curl_url_strerror.md | 53 + docs/libcurl/curl_version.md | 46 + ...rl_version_info.3 => curl_version_info.md} | 396 +- docs/libcurl/curl_ws_meta.md | 143 + docs/libcurl/curl_ws_recv.md | 73 + docs/libcurl/curl_ws_send.md | 120 + docs/libcurl/libcurl-easy.md | 52 + docs/libcurl/libcurl-env-dbg.md | 118 + docs/libcurl/libcurl-env.md | 99 + .../{libcurl-errors.3 => libcurl-errors.md} | 769 ++-- .../{libcurl-multi.3 => libcurl-multi.md} | 135 +- ...libcurl-security.3 => libcurl-security.md} | 300 +- docs/libcurl/libcurl-share.md | 62 + docs/libcurl/libcurl-thread.md | 99 + ...libcurl-tutorial.3 => libcurl-tutorial.md} | 816 ++-- .../libcurl/{libcurl-url.3 => libcurl-url.md} | 168 +- docs/libcurl/{libcurl-ws.3 => libcurl-ws.md} | 110 +- docs/libcurl/{libcurl.3 => libcurl.md} | 208 +- docs/libcurl/mksymbolsmanpage.pl | 286 +- docs/libcurl/opts/CMakeLists.txt | 13 +- docs/libcurl/opts/CURLINFO_ACTIVESOCKET.md | 77 + docs/libcurl/opts/CURLINFO_APPCONNECT_TIME.md | 71 + .../opts/CURLINFO_APPCONNECT_TIME_T.md | 73 + docs/libcurl/opts/CURLINFO_CAINFO.md | 66 + docs/libcurl/opts/CURLINFO_CAPATH.md | 66 + docs/libcurl/opts/CURLINFO_CERTINFO.md | 101 + docs/libcurl/opts/CURLINFO_CONDITION_UNMET.md | 80 + docs/libcurl/opts/CURLINFO_CONNECT_TIME.md | 67 + docs/libcurl/opts/CURLINFO_CONNECT_TIME_T.md | 70 + docs/libcurl/opts/CURLINFO_CONN_ID.md | 70 + .../opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD.md | 70 + .../CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md | 67 + .../opts/CURLINFO_CONTENT_LENGTH_UPLOAD.md | 69 + .../opts/CURLINFO_CONTENT_LENGTH_UPLOAD_T.md | 66 + docs/libcurl/opts/CURLINFO_CONTENT_TYPE.md | 75 + docs/libcurl/opts/CURLINFO_COOKIELIST.md | 82 + .../libcurl/opts/CURLINFO_EFFECTIVE_METHOD.md | 72 + docs/libcurl/opts/CURLINFO_EFFECTIVE_URL.md | 68 + docs/libcurl/opts/CURLINFO_FILETIME.md | 76 + docs/libcurl/opts/CURLINFO_FILETIME_T.md | 78 + docs/libcurl/opts/CURLINFO_FTP_ENTRY_PATH.md | 70 + docs/libcurl/opts/CURLINFO_HEADER_SIZE.md | 65 + docs/libcurl/opts/CURLINFO_HTTPAUTH_AVAIL.md | 77 + .../libcurl/opts/CURLINFO_HTTP_CONNECTCODE.md | 65 + docs/libcurl/opts/CURLINFO_HTTP_VERSION.md | 61 + docs/libcurl/opts/CURLINFO_LASTSOCKET.md | 77 + docs/libcurl/opts/CURLINFO_LOCAL_IP.md | 72 + docs/libcurl/opts/CURLINFO_LOCAL_PORT.md | 68 + docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME.md | 68 + .../opts/CURLINFO_NAMELOOKUP_TIME_T.md | 69 + docs/libcurl/opts/CURLINFO_NUM_CONNECTS.md | 65 + docs/libcurl/opts/CURLINFO_OS_ERRNO.md | 62 + .../libcurl/opts/CURLINFO_PRETRANSFER_TIME.md | 73 + .../opts/CURLINFO_PRETRANSFER_TIME_T.md | 75 + docs/libcurl/opts/CURLINFO_PRIMARY_IP.md | 73 + docs/libcurl/opts/CURLINFO_PRIMARY_PORT.md | 67 + docs/libcurl/opts/CURLINFO_PRIVATE.md | 68 + docs/libcurl/opts/CURLINFO_PROTOCOL.md | 73 + docs/libcurl/opts/CURLINFO_PROXYAUTH_AVAIL.md | 78 + docs/libcurl/opts/CURLINFO_PROXY_ERROR.md | 105 + .../opts/CURLINFO_PROXY_SSL_VERIFYRESULT.md | 64 + docs/libcurl/opts/CURLINFO_QUEUE_TIME_T.md | 70 + docs/libcurl/opts/CURLINFO_REDIRECT_COUNT.md | 62 + docs/libcurl/opts/CURLINFO_REDIRECT_TIME.md | 70 + docs/libcurl/opts/CURLINFO_REDIRECT_TIME_T.md | 72 + docs/libcurl/opts/CURLINFO_REDIRECT_URL.md | 69 + docs/libcurl/opts/CURLINFO_REFERER.md | 67 + docs/libcurl/opts/CURLINFO_REQUEST_SIZE.md | 63 + docs/libcurl/opts/CURLINFO_RESPONSE_CODE.md | 65 + docs/libcurl/opts/CURLINFO_RETRY_AFTER.md | 71 + .../libcurl/opts/CURLINFO_RTSP_CLIENT_CSEQ.md | 61 + docs/libcurl/opts/CURLINFO_RTSP_CSEQ_RECV.md | 61 + .../libcurl/opts/CURLINFO_RTSP_SERVER_CSEQ.md | 65 + docs/libcurl/opts/CURLINFO_RTSP_SESSION_ID.md | 66 + docs/libcurl/opts/CURLINFO_SCHEME.md | 68 + docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD.md | 73 + docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD_T.md | 70 + docs/libcurl/opts/CURLINFO_SIZE_UPLOAD.md | 69 + docs/libcurl/opts/CURLINFO_SIZE_UPLOAD_T.md | 66 + docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD.md | 67 + .../libcurl/opts/CURLINFO_SPEED_DOWNLOAD_T.md | 65 + docs/libcurl/opts/CURLINFO_SPEED_UPLOAD.md | 65 + docs/libcurl/opts/CURLINFO_SPEED_UPLOAD_T.md | 63 + docs/libcurl/opts/CURLINFO_SSL_ENGINES.md | 65 + .../libcurl/opts/CURLINFO_SSL_VERIFYRESULT.md | 65 + .../opts/CURLINFO_STARTTRANSFER_TIME.md | 71 + .../opts/CURLINFO_STARTTRANSFER_TIME_T.md | 73 + docs/libcurl/opts/CURLINFO_TLS_SESSION.md | 75 + ..._TLS_SSL_PTR.3 => CURLINFO_TLS_SSL_PTR.md} | 172 +- docs/libcurl/opts/CURLINFO_TOTAL_TIME.md | 69 + docs/libcurl/opts/CURLINFO_TOTAL_TIME_T.md | 71 + docs/libcurl/opts/CURLINFO_XFER_ID.md | 70 + .../CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.md | 61 + .../CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.md | 60 + docs/libcurl/opts/CURLMOPT_MAXCONNECTS.md | 69 + .../opts/CURLMOPT_MAX_CONCURRENT_STREAMS.md | 59 + .../opts/CURLMOPT_MAX_HOST_CONNECTIONS.md | 72 + .../opts/CURLMOPT_MAX_PIPELINE_LENGTH.md | 64 + .../opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.md | 70 + docs/libcurl/opts/CURLMOPT_PIPELINING.md | 77 + .../opts/CURLMOPT_PIPELINING_SERVER_BL.md | 68 + .../opts/CURLMOPT_PIPELINING_SITE_BL.md | 66 + docs/libcurl/opts/CURLMOPT_PUSHDATA.md | 87 + ...USHFUNCTION.3 => CURLMOPT_PUSHFUNCTION.md} | 137 +- docs/libcurl/opts/CURLMOPT_SOCKETDATA.md | 82 + docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.md | 135 + docs/libcurl/opts/CURLMOPT_TIMERDATA.md | 75 + docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.md | 103 + .../opts/CURLOPT_ABSTRACT_UNIX_SOCKET.md | 71 + docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.md | 61 + docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.md | 110 + docs/libcurl/opts/CURLOPT_ADDRESS_SCOPE.md | 63 + docs/libcurl/opts/CURLOPT_ALTSVC.md | 111 + docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.md | 97 + docs/libcurl/opts/CURLOPT_APPEND.md | 61 + docs/libcurl/opts/CURLOPT_AUTOREFERER.md | 77 + docs/libcurl/opts/CURLOPT_AWS_SIGV4.md | 118 + docs/libcurl/opts/CURLOPT_BUFFERSIZE.md | 79 + docs/libcurl/opts/CURLOPT_CAINFO.md | 87 + docs/libcurl/opts/CURLOPT_CAINFO_BLOB.md | 84 + docs/libcurl/opts/CURLOPT_CAPATH.md | 79 + docs/libcurl/opts/CURLOPT_CA_CACHE_TIMEOUT.md | 82 + docs/libcurl/opts/CURLOPT_CERTINFO.md | 90 + ...NCTION.3 => CURLOPT_CHUNK_BGN_FUNCTION.md} | 113 +- docs/libcurl/opts/CURLOPT_CHUNK_DATA.md | 102 + .../opts/CURLOPT_CHUNK_END_FUNCTION.md | 82 + docs/libcurl/opts/CURLOPT_CLOSESOCKETDATA.md | 75 + .../opts/CURLOPT_CLOSESOCKETFUNCTION.md | 86 + docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.md | 89 + .../libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.md | 64 + docs/libcurl/opts/CURLOPT_CONNECT_ONLY.md | 83 + docs/libcurl/opts/CURLOPT_CONNECT_TO.md | 114 + .../CURLOPT_CONV_FROM_NETWORK_FUNCTION.md | 114 + .../opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.md | 107 + .../opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.md | 110 + docs/libcurl/opts/CURLOPT_COOKIE.md | 97 + docs/libcurl/opts/CURLOPT_COOKIEFILE.md | 103 + docs/libcurl/opts/CURLOPT_COOKIEJAR.md | 86 + docs/libcurl/opts/CURLOPT_COOKIELIST.md | 136 + docs/libcurl/opts/CURLOPT_COOKIESESSION.md | 75 + docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.md | 78 + docs/libcurl/opts/CURLOPT_CRLF.md | 62 + docs/libcurl/opts/CURLOPT_CRLFILE.md | 82 + docs/libcurl/opts/CURLOPT_CURLU.md | 79 + docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.md | 130 + docs/libcurl/opts/CURLOPT_DEBUGDATA.md | 86 + ...BUGFUNCTION.3 => CURLOPT_DEBUGFUNCTION.md} | 160 +- docs/libcurl/opts/CURLOPT_DEFAULT_PROTOCOL.md | 89 + docs/libcurl/opts/CURLOPT_DIRLISTONLY.md | 80 + .../opts/CURLOPT_DISALLOW_USERNAME_IN_URL.md | 68 + .../libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.md | 90 + docs/libcurl/opts/CURLOPT_DNS_INTERFACE.md | 69 + docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP4.md | 70 + docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP6.md | 70 + docs/libcurl/opts/CURLOPT_DNS_SERVERS.md | 76 + .../opts/CURLOPT_DNS_SHUFFLE_ADDRESSES.md | 75 + .../opts/CURLOPT_DNS_USE_GLOBAL_CACHE.md | 68 + .../opts/CURLOPT_DOH_SSL_VERIFYHOST.md | 90 + .../opts/CURLOPT_DOH_SSL_VERIFYPEER.md | 102 + .../opts/CURLOPT_DOH_SSL_VERIFYSTATUS.md | 76 + docs/libcurl/opts/CURLOPT_DOH_URL.md | 96 + docs/libcurl/opts/CURLOPT_EGDSOCKET.md | 67 + docs/libcurl/opts/CURLOPT_ERRORBUFFER.md | 101 + .../opts/CURLOPT_EXPECT_100_TIMEOUT_MS.md | 64 + docs/libcurl/opts/CURLOPT_FAILONERROR.md | 74 + docs/libcurl/opts/CURLOPT_FILETIME.md | 72 + docs/libcurl/opts/CURLOPT_FNMATCH_DATA.md | 80 + docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.md | 88 + docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.md | 93 + docs/libcurl/opts/CURLOPT_FORBID_REUSE.md | 69 + docs/libcurl/opts/CURLOPT_FRESH_CONNECT.md | 68 + .../{CURLOPT_FTPPORT.3 => CURLOPT_FTPPORT.md} | 108 +- docs/libcurl/opts/CURLOPT_FTPSSLAUTH.md | 76 + docs/libcurl/opts/CURLOPT_FTP_ACCOUNT.md | 67 + .../opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.md | 70 + .../opts/CURLOPT_FTP_CREATE_MISSING_DIRS.md | 88 + docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.md | 86 + docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.md | 72 + docs/libcurl/opts/CURLOPT_FTP_SSL_CCC.md | 78 + docs/libcurl/opts/CURLOPT_FTP_USE_EPRT.md | 73 + docs/libcurl/opts/CURLOPT_FTP_USE_EPSV.md | 73 + docs/libcurl/opts/CURLOPT_FTP_USE_PRET.md | 66 + .../libcurl/opts/CURLOPT_GSSAPI_DELEGATION.md | 65 + .../opts/CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.md | 71 + docs/libcurl/opts/CURLOPT_HAPROXYPROTOCOL.md | 64 + .../libcurl/opts/CURLOPT_HAPROXY_CLIENT_IP.md | 63 + docs/libcurl/opts/CURLOPT_HEADER.md | 76 + docs/libcurl/opts/CURLOPT_HEADERDATA.md | 89 + ...ERFUNCTION.3 => CURLOPT_HEADERFUNCTION.md} | 120 +- docs/libcurl/opts/CURLOPT_HEADEROPT.md | 81 + docs/libcurl/opts/CURLOPT_HSTS.md | 83 + docs/libcurl/opts/CURLOPT_HSTSREADDATA.md | 72 + docs/libcurl/opts/CURLOPT_HSTSREADFUNCTION.md | 106 + docs/libcurl/opts/CURLOPT_HSTSWRITEDATA.md | 72 + .../libcurl/opts/CURLOPT_HSTSWRITEFUNCTION.md | 110 + docs/libcurl/opts/CURLOPT_HSTS_CTRL.md | 78 + docs/libcurl/opts/CURLOPT_HTTP09_ALLOWED.md | 64 + docs/libcurl/opts/CURLOPT_HTTP200ALIASES.md | 75 + docs/libcurl/opts/CURLOPT_HTTPAUTH.md | 163 + docs/libcurl/opts/CURLOPT_HTTPGET.md | 71 + ...OPT_HTTPHEADER.3 => CURLOPT_HTTPHEADER.md} | 185 +- docs/libcurl/opts/CURLOPT_HTTPPOST.md | 100 + docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.md | 75 + .../opts/CURLOPT_HTTP_CONTENT_DECODING.md | 62 + .../opts/CURLOPT_HTTP_TRANSFER_DECODING.md | 61 + docs/libcurl/opts/CURLOPT_HTTP_VERSION.md | 119 + .../opts/CURLOPT_IGNORE_CONTENT_LENGTH.md | 73 + docs/libcurl/opts/CURLOPT_INFILESIZE.md | 85 + docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.md | 81 + docs/libcurl/opts/CURLOPT_INTERFACE.md | 83 + docs/libcurl/opts/CURLOPT_INTERLEAVEDATA.md | 72 + .../opts/CURLOPT_INTERLEAVEFUNCTION.md | 102 + docs/libcurl/opts/CURLOPT_IOCTLDATA.md | 72 + docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.md | 103 + docs/libcurl/opts/CURLOPT_IPRESOLVE.md | 83 + docs/libcurl/opts/CURLOPT_ISSUERCERT.md | 77 + docs/libcurl/opts/CURLOPT_ISSUERCERT_BLOB.md | 92 + .../opts/CURLOPT_KEEP_SENDING_ON_ERROR.md | 68 + docs/libcurl/opts/CURLOPT_KEYPASSWD.md | 68 + docs/libcurl/opts/CURLOPT_KRBLEVEL.md | 66 + docs/libcurl/opts/CURLOPT_LOCALPORT.md | 64 + docs/libcurl/opts/CURLOPT_LOCALPORTRANGE.md | 67 + docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.md | 76 + docs/libcurl/opts/CURLOPT_LOW_SPEED_LIMIT.md | 70 + docs/libcurl/opts/CURLOPT_LOW_SPEED_TIME.md | 67 + docs/libcurl/opts/CURLOPT_MAIL_AUTH.md | 76 + docs/libcurl/opts/CURLOPT_MAIL_FROM.md | 69 + docs/libcurl/opts/CURLOPT_MAIL_RCPT.md | 80 + .../opts/CURLOPT_MAIL_RCPT_ALLOWFAILS.md | 81 + docs/libcurl/opts/CURLOPT_MAXAGE_CONN.md | 71 + docs/libcurl/opts/CURLOPT_MAXCONNECTS.md | 75 + docs/libcurl/opts/CURLOPT_MAXFILESIZE.md | 69 + .../libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.md | 70 + docs/libcurl/opts/CURLOPT_MAXLIFETIME_CONN.md | 73 + docs/libcurl/opts/CURLOPT_MAXREDIRS.md | 72 + .../opts/CURLOPT_MAX_RECV_SPEED_LARGE.md | 70 + .../opts/CURLOPT_MAX_SEND_SPEED_LARGE.md | 72 + docs/libcurl/opts/CURLOPT_MIMEPOST.md | 81 + docs/libcurl/opts/CURLOPT_MIME_OPTIONS.md | 97 + docs/libcurl/opts/CURLOPT_NETRC.md | 141 + docs/libcurl/opts/CURLOPT_NETRC_FILE.md | 66 + .../opts/CURLOPT_NEW_DIRECTORY_PERMS.md | 64 + docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.md | 60 + docs/libcurl/opts/CURLOPT_NOBODY.md | 78 + docs/libcurl/opts/CURLOPT_NOPROGRESS.md | 65 + docs/libcurl/opts/CURLOPT_NOPROXY.md | 91 + docs/libcurl/opts/CURLOPT_NOSIGNAL.md | 78 + docs/libcurl/opts/CURLOPT_OPENSOCKETDATA.md | 92 + .../opts/CURLOPT_OPENSOCKETFUNCTION.md | 132 + docs/libcurl/opts/CURLOPT_PASSWORD.md | 71 + docs/libcurl/opts/CURLOPT_PATH_AS_IS.md | 75 + docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.md | 143 + docs/libcurl/opts/CURLOPT_PIPEWAIT.md | 78 + docs/libcurl/opts/CURLOPT_PORT.md | 72 + docs/libcurl/opts/CURLOPT_POST.md | 102 + docs/libcurl/opts/CURLOPT_POSTFIELDS.md | 124 + docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.md | 71 + .../opts/CURLOPT_POSTFIELDSIZE_LARGE.md | 72 + docs/libcurl/opts/CURLOPT_POSTQUOTE.md | 72 + docs/libcurl/opts/CURLOPT_POSTREDIR.md | 81 + docs/libcurl/opts/CURLOPT_PREQUOTE.md | 76 + docs/libcurl/opts/CURLOPT_PREREQDATA.md | 73 + ...EQFUNCTION.3 => CURLOPT_PREREQFUNCTION.md} | 127 +- docs/libcurl/opts/CURLOPT_PRE_PROXY.md | 84 + docs/libcurl/opts/CURLOPT_PRIVATE.md | 72 + docs/libcurl/opts/CURLOPT_PROGRESSDATA.md | 80 + docs/libcurl/opts/CURLOPT_PROGRESSFUNCTION.md | 125 + docs/libcurl/opts/CURLOPT_PROTOCOLS.md | 104 + docs/libcurl/opts/CURLOPT_PROTOCOLS_STR.md | 88 + docs/libcurl/opts/CURLOPT_PROXY.md | 146 + docs/libcurl/opts/CURLOPT_PROXYAUTH.md | 77 + docs/libcurl/opts/CURLOPT_PROXYHEADER.md | 80 + docs/libcurl/opts/CURLOPT_PROXYPASSWORD.md | 70 + docs/libcurl/opts/CURLOPT_PROXYPORT.md | 68 + docs/libcurl/opts/CURLOPT_PROXYTYPE.md | 99 + docs/libcurl/opts/CURLOPT_PROXYUSERNAME.md | 73 + docs/libcurl/opts/CURLOPT_PROXYUSERPWD.md | 71 + docs/libcurl/opts/CURLOPT_PROXY_CAINFO.md | 93 + .../libcurl/opts/CURLOPT_PROXY_CAINFO_BLOB.md | 92 + docs/libcurl/opts/CURLOPT_PROXY_CAPATH.md | 81 + docs/libcurl/opts/CURLOPT_PROXY_CRLFILE.md | 83 + docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT.md | 82 + .../opts/CURLOPT_PROXY_ISSUERCERT_BLOB.md | 95 + docs/libcurl/opts/CURLOPT_PROXY_KEYPASSWD.md | 70 + .../opts/CURLOPT_PROXY_PINNEDPUBLICKEY.md | 124 + .../opts/CURLOPT_PROXY_SERVICE_NAME.md | 65 + docs/libcurl/opts/CURLOPT_PROXY_SSLCERT.md | 79 + .../libcurl/opts/CURLOPT_PROXY_SSLCERTTYPE.md | 75 + .../opts/CURLOPT_PROXY_SSLCERT_BLOB.md | 85 + docs/libcurl/opts/CURLOPT_PROXY_SSLKEY.md | 77 + docs/libcurl/opts/CURLOPT_PROXY_SSLKEYTYPE.md | 66 + .../libcurl/opts/CURLOPT_PROXY_SSLKEY_BLOB.md | 86 + docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.md | 125 + .../opts/CURLOPT_PROXY_SSL_CIPHER_LIST.md | 91 + .../libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.md | 119 + .../opts/CURLOPT_PROXY_SSL_VERIFYHOST.md | 94 + .../opts/CURLOPT_PROXY_SSL_VERIFYPEER.md | 94 + .../opts/CURLOPT_PROXY_TLS13_CIPHERS.md | 78 + .../opts/CURLOPT_PROXY_TLSAUTH_PASSWORD.md | 71 + .../opts/CURLOPT_PROXY_TLSAUTH_TYPE.md | 80 + .../opts/CURLOPT_PROXY_TLSAUTH_USERNAME.md | 71 + .../opts/CURLOPT_PROXY_TRANSFER_MODE.md | 69 + docs/libcurl/opts/CURLOPT_PUT.md | 89 + docs/libcurl/opts/CURLOPT_QUICK_EXIT.md | 62 + docs/libcurl/opts/CURLOPT_QUOTE.md | 161 + docs/libcurl/opts/CURLOPT_RANDOM_FILE.md | 67 + docs/libcurl/opts/CURLOPT_RANGE.md | 84 + docs/libcurl/opts/CURLOPT_READDATA.md | 77 + docs/libcurl/opts/CURLOPT_READFUNCTION.md | 123 + docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.md | 115 + .../opts/CURLOPT_REDIR_PROTOCOLS_STR.md | 94 + docs/libcurl/opts/CURLOPT_REFERER.md | 67 + docs/libcurl/opts/CURLOPT_REQUEST_TARGET.md | 67 + docs/libcurl/opts/CURLOPT_RESOLVE.md | 115 + .../opts/CURLOPT_RESOLVER_START_DATA.md | 70 + .../opts/CURLOPT_RESOLVER_START_FUNCTION.md | 88 + docs/libcurl/opts/CURLOPT_RESUME_FROM.md | 80 + .../libcurl/opts/CURLOPT_RESUME_FROM_LARGE.md | 79 + docs/libcurl/opts/CURLOPT_RTSP_CLIENT_CSEQ.md | 62 + docs/libcurl/opts/CURLOPT_RTSP_REQUEST.md | 139 + docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.md | 61 + docs/libcurl/opts/CURLOPT_RTSP_SESSION_ID.md | 68 + docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.md | 72 + docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.md | 68 + docs/libcurl/opts/CURLOPT_SASL_AUTHZID.md | 72 + docs/libcurl/opts/CURLOPT_SASL_IR.md | 72 + docs/libcurl/opts/CURLOPT_SEEKDATA.md | 71 + docs/libcurl/opts/CURLOPT_SEEKFUNCTION.md | 102 + .../opts/CURLOPT_SERVER_RESPONSE_TIMEOUT.md | 75 + .../CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.md | 74 + docs/libcurl/opts/CURLOPT_SERVICE_NAME.md | 66 + docs/libcurl/opts/CURLOPT_SHARE.md | 88 + docs/libcurl/opts/CURLOPT_SOCKOPTDATA.md | 75 + docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.md | 132 + docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.md | 69 + .../libcurl/opts/CURLOPT_SOCKS5_GSSAPI_NEC.md | 63 + .../opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.md | 68 + docs/libcurl/opts/CURLOPT_SSH_AUTH_TYPES.md | 67 + docs/libcurl/opts/CURLOPT_SSH_COMPRESSION.md | 64 + docs/libcurl/opts/CURLOPT_SSH_HOSTKEYDATA.md | 73 + .../opts/CURLOPT_SSH_HOSTKEYFUNCTION.md | 98 + .../opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.md | 71 + .../CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.md | 65 + docs/libcurl/opts/CURLOPT_SSH_KEYDATA.md | 75 + ...YFUNCTION.3 => CURLOPT_SSH_KEYFUNCTION.md} | 132 +- docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.md | 68 + .../opts/CURLOPT_SSH_PRIVATE_KEYFILE.md | 76 + .../opts/CURLOPT_SSH_PUBLIC_KEYFILE.md | 71 + docs/libcurl/opts/CURLOPT_SSLCERT.md | 87 + docs/libcurl/opts/CURLOPT_SSLCERTTYPE.md | 71 + docs/libcurl/opts/CURLOPT_SSLCERT_BLOB.md | 83 + docs/libcurl/opts/CURLOPT_SSLENGINE.md | 74 + .../libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.md | 70 + docs/libcurl/opts/CURLOPT_SSLKEY.md | 71 + docs/libcurl/opts/CURLOPT_SSLKEYTYPE.md | 72 + docs/libcurl/opts/CURLOPT_SSLKEY_BLOB.md | 87 + docs/libcurl/opts/CURLOPT_SSLVERSION.md | 143 + docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.md | 92 + ...SSL_CTX_DATA.3 => CURLOPT_SSL_CTX_DATA.md} | 115 +- ...FUNCTION.3 => CURLOPT_SSL_CTX_FUNCTION.md} | 136 +- docs/libcurl/opts/CURLOPT_SSL_EC_CURVES.md | 61 + docs/libcurl/opts/CURLOPT_SSL_ENABLE_ALPN.md | 60 + docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.md | 62 + docs/libcurl/opts/CURLOPT_SSL_FALSESTART.md | 62 + docs/libcurl/opts/CURLOPT_SSL_OPTIONS.md | 116 + .../opts/CURLOPT_SSL_SESSIONID_CACHE.md | 66 + docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.md | 114 + docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.md | 98 + docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.md | 68 + docs/libcurl/opts/CURLOPT_STDERR.md | 65 + docs/libcurl/opts/CURLOPT_STREAM_DEPENDS.md | 77 + docs/libcurl/opts/CURLOPT_STREAM_DEPENDS_E.md | 80 + docs/libcurl/opts/CURLOPT_STREAM_WEIGHT.md | 81 + .../opts/CURLOPT_SUPPRESS_CONNECT_HEADERS.md | 103 + docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.md | 64 + docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.md | 71 + docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.md | 70 + docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.md | 69 + docs/libcurl/opts/CURLOPT_TCP_NODELAY.md | 71 + docs/libcurl/opts/CURLOPT_TELNETOPTIONS.md | 66 + docs/libcurl/opts/CURLOPT_TFTP_BLKSIZE.md | 63 + docs/libcurl/opts/CURLOPT_TFTP_NO_OPTIONS.md | 78 + docs/libcurl/opts/CURLOPT_TIMECONDITION.md | 72 + docs/libcurl/opts/CURLOPT_TIMEOUT.md | 90 + docs/libcurl/opts/CURLOPT_TIMEOUT_MS.md | 64 + docs/libcurl/opts/CURLOPT_TIMEVALUE.md | 69 + docs/libcurl/opts/CURLOPT_TIMEVALUE_LARGE.md | 71 + docs/libcurl/opts/CURLOPT_TLS13_CIPHERS.md | 80 + docs/libcurl/opts/CURLOPT_TLSAUTH_PASSWORD.md | 70 + docs/libcurl/opts/CURLOPT_TLSAUTH_TYPE.md | 75 + docs/libcurl/opts/CURLOPT_TLSAUTH_USERNAME.md | 69 + docs/libcurl/opts/CURLOPT_TRAILERDATA.md | 59 + docs/libcurl/opts/CURLOPT_TRAILERFUNCTION.md | 110 + docs/libcurl/opts/CURLOPT_TRANSFERTEXT.md | 65 + .../libcurl/opts/CURLOPT_TRANSFER_ENCODING.md | 68 + docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.md | 87 + .../libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.md | 78 + .../opts/CURLOPT_UPKEEP_INTERVAL_MS.md | 82 + docs/libcurl/opts/CURLOPT_UPLOAD.md | 97 + .../libcurl/opts/CURLOPT_UPLOAD_BUFFERSIZE.md | 80 + docs/libcurl/opts/CURLOPT_URL.md | 145 + docs/libcurl/opts/CURLOPT_USERAGENT.md | 66 + docs/libcurl/opts/CURLOPT_USERNAME.md | 92 + docs/libcurl/opts/CURLOPT_USERPWD.md | 98 + docs/libcurl/opts/CURLOPT_USE_SSL.md | 86 + docs/libcurl/opts/CURLOPT_VERBOSE.md | 71 + docs/libcurl/opts/CURLOPT_WILDCARDMATCH.md | 111 + docs/libcurl/opts/CURLOPT_WRITEDATA.md | 63 + docs/libcurl/opts/CURLOPT_WRITEFUNCTION.md | 136 + docs/libcurl/opts/CURLOPT_WS_OPTIONS.md | 75 + docs/libcurl/opts/CURLOPT_XFERINFODATA.md | 80 + docs/libcurl/opts/CURLOPT_XFERINFOFUNCTION.md | 120 + docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.md | 67 + docs/libcurl/opts/CURLSHOPT_LOCKFUNC.md | 77 + .../{CURLSHOPT_SHARE.3 => CURLSHOPT_SHARE.md} | 125 +- docs/libcurl/opts/CURLSHOPT_UNLOCKFUNC.md | 72 + docs/libcurl/opts/CURLSHOPT_UNSHARE.md | 84 + docs/libcurl/opts/CURLSHOPT_USERDATA.md | 62 + docs/libcurl/opts/Makefile.am | 43 +- docs/libcurl/opts/Makefile.inc | 2 + docs/libcurl/symbols-in-versions | 18 +- docs/{mk-ca-bundle.1 => mk-ca-bundle.md} | 188 +- include/curl/curl.h | 36 +- include/curl/curlver.h | 2 +- include/curl/mprintf.h | 18 +- include/curl/system.h | 49 +- include/curl/urlapi.h | 1 + lib/CMakeLists.txt | 21 +- lib/Makefile.am | 2 +- lib/Makefile.inc | 8 +- lib/Makefile.mk | 186 +- lib/altsvc.c | 17 +- lib/arpa_telnet.h | 9 +- lib/asyn-ares.c | 39 +- lib/asyn-thread.c | 235 +- lib/base64.c | 1 + lib/bufref.c | 6 +- lib/c-hyper.c | 111 +- lib/cf-h1-proxy.c | 122 +- lib/cf-h2-proxy.c | 79 +- lib/cf-haproxy.c | 24 +- lib/cf-https-connect.c | 56 +- lib/cf-socket.c | 178 +- lib/cf-socket.h | 17 - lib/cfilters.c | 190 +- lib/cfilters.h | 108 +- lib/config-amigaos.h | 1 - lib/config-dos.h | 1 - lib/config-os400.h | 12 - lib/config-plan9.h | 2 - lib/config-riscos.h | 6 - lib/config-win32.h | 164 +- lib/config-win32ce.h | 14 +- lib/conncache.c | 25 +- lib/connect.c | 163 +- lib/content_encoding.c | 329 +- lib/content_encoding.h | 9 +- lib/cookie.c | 16 +- lib/curl_config.h.cmake | 45 +- lib/curl_hmac.h | 3 +- lib/curl_memory.h | 6 +- lib/curl_multibyte.c | 4 +- lib/curl_multibyte.h | 8 +- lib/curl_ntlm_core.c | 9 + lib/curl_ntlm_wb.c | 18 +- lib/curl_path.h | 2 +- lib/curl_printf.h | 4 + lib/curl_rtmp.c | 14 +- lib/curl_sasl.c | 22 +- lib/curl_setup.h | 217 +- lib/curl_setup_once.h | 8 +- lib/curl_sspi.h | 16 + lib/curl_trc.c | 28 +- lib/curl_trc.h | 105 +- lib/dict.c | 5 +- lib/doh.c | 60 +- lib/dynbuf.c | 13 +- lib/dynbuf.h | 4 +- lib/dynhds.c | 29 + lib/dynhds.h | 9 + lib/easy.c | 82 +- lib/easy_lock.h | 9 + lib/easyoptions.c | 4 +- lib/file.c | 46 +- lib/fopen.c | 32 +- lib/formdata.c | 16 +- lib/ftp.c | 203 +- lib/ftplistparser.c | 3 - lib/functypes.h | 2 +- lib/getenv.c | 5 +- lib/getinfo.c | 5 +- lib/gopher.c | 4 +- lib/headers.c | 35 +- lib/hostip.c | 115 +- lib/hostip.h | 4 + lib/hostip6.c | 7 +- lib/hsts.c | 48 +- lib/http.c | 539 ++- lib/http.h | 26 +- lib/http2.c | 144 +- lib/http_aws_sigv4.c | 30 +- lib/http_chunks.c | 355 +- lib/http_chunks.h | 60 +- lib/http_proxy.c | 6 +- lib/idn.c | 2 +- lib/imap.c | 97 +- lib/inet_pton.c | 3 +- lib/inet_pton.h | 3 - lib/krb5.c | 39 +- lib/ldap.c | 26 +- lib/md4.c | 11 +- lib/memdebug.c | 39 +- lib/memdebug.h | 6 +- lib/mime.c | 26 +- lib/mime.h | 3 +- lib/mprintf.c | 1210 +++--- lib/mqtt.c | 38 +- lib/mqtt.h | 1 + lib/multi.c | 415 +- lib/multihandle.h | 15 +- lib/netrc.c | 2 +- lib/noproxy.c | 1 - lib/openldap.c | 73 +- lib/pingpong.c | 268 +- lib/pingpong.h | 20 +- lib/pop3.c | 108 +- lib/progress.c | 18 +- lib/progress.h | 3 +- lib/rand.c | 34 +- lib/rand.h | 2 +- lib/rename.c | 2 +- lib/rtsp.c | 410 +- lib/rtsp.h | 9 + lib/select.c | 2 +- lib/sendf.c | 369 +- lib/sendf.h | 131 +- lib/setopt.c | 264 +- lib/setup-win32.h | 73 +- lib/share.c | 8 +- lib/share.h | 10 +- lib/smb.c | 13 +- lib/smtp.c | 34 +- lib/socketpair.c | 9 +- lib/socketpair.h | 17 + lib/socks.c | 109 +- lib/socks_gssapi.c | 7 +- lib/socks_sspi.c | 12 +- lib/strdup.c | 24 +- lib/strdup.h | 3 +- lib/strerror.c | 78 +- lib/strerror.h | 2 +- lib/system_win32.c | 35 +- lib/system_win32.h | 34 +- lib/telnet.c | 117 +- lib/tftp.c | 16 +- lib/tftp.h | 3 + lib/timediff.c | 2 +- lib/timeval.c | 7 +- lib/transfer.c | 574 +-- lib/transfer.h | 21 +- lib/url.c | 1165 +++--- lib/url.h | 9 +- lib/urlapi.c | 204 +- lib/urldata.h | 102 +- lib/vauth/digest.c | 1 - lib/vauth/digest_sspi.c | 4 + lib/vauth/krb5_gssapi.c | 3 +- lib/vauth/krb5_sspi.c | 3 +- lib/vauth/ntlm.c | 6 +- lib/vauth/ntlm_sspi.c | 8 +- lib/version.c | 20 +- lib/version_win32.c | 4 +- lib/version_win32.h | 4 +- lib/vquic/curl_msh3.c | 43 +- lib/vquic/curl_ngtcp2.c | 811 ++-- lib/vquic/curl_osslq.c | 2237 +++++++++++ lib/vquic/curl_osslq.h | 51 + lib/vquic/curl_quiche.c | 472 +-- lib/vquic/vquic-tls.c | 609 +++ lib/vquic/vquic-tls.h | 98 + lib/vquic/vquic.c | 41 +- lib/vquic/vquic_int.h | 10 +- lib/vssh/libssh.c | 96 +- lib/vssh/libssh2.c | 328 +- lib/vssh/ssh.h | 1 + lib/vssh/wolfssh.c | 31 +- lib/vtls/bearssl.c | 86 +- lib/vtls/gtls.c | 131 +- lib/vtls/gtls.h | 6 +- lib/vtls/keylog.c | 9 +- lib/vtls/mbedtls.c | 41 +- lib/vtls/mbedtls_threadlock.c | 2 +- lib/vtls/openssl.c | 578 +-- lib/vtls/openssl.h | 21 +- lib/vtls/rustls.c | 125 +- lib/vtls/schannel.c | 232 +- lib/vtls/schannel_int.h | 17 + lib/vtls/schannel_verify.c | 68 +- lib/vtls/sectransp.c | 56 +- lib/vtls/vtls.c | 509 ++- lib/vtls/vtls.h | 82 +- lib/vtls/vtls_int.h | 40 +- lib/vtls/wolfssl.c | 64 +- lib/vtls/x509asn1.c | 899 ++--- lib/warnless.c | 12 +- lib/warnless.h | 21 +- lib/ws.c | 344 +- lib/ws.h | 13 +- m4/curl-amissl.m4 | 2 +- m4/curl-compilers.m4 | 166 +- m4/curl-functions.m4 | 64 +- m4/curl-gnutls.m4 | 1 + m4/curl-openssl.m4 | 32 +- m4/curl-wolfssl.m4 | 1 + maketgz | 7 +- packages/OS400/.gitattributes | 6 + packages/OS400/ccsidcurl.c | 2 +- packages/OS400/curl.inc.in | 18 + packages/vms/config_h.com | 32 - projects/Windows/VC14.20/.gitignore | 9 + projects/Windows/VC14.20/curl-all.sln | 298 ++ projects/Windows/VC14.20/lib/.gitignore | 10 + projects/Windows/VC14.20/lib/libcurl.sln | 181 + projects/Windows/VC14.20/lib/libcurl.tmpl | 2381 +++++++++++ .../VC14.20/lib/libcurl.vcxproj.filters | 17 + projects/Windows/VC14.20/src/.gitignore | 10 + projects/Windows/VC14.20/src/curl.sln | 181 + projects/Windows/VC14.20/src/curl.tmpl | 2671 +++++++++++++ .../Windows/VC14.20/src/curl.vcxproj.filters | 17 + projects/Windows/VC14.30/src/curl.sln | 2 +- projects/generate.bat | 23 +- scripts/Makefile.am | 4 +- scripts/cd2cd | 226 ++ scripts/cd2nroff | 373 ++ scripts/cdall | 44 + scripts/checksrc.pl | 20 + scripts/nroff2cd | 193 + scripts/schemetable.c | 207 + scripts/updatemanpages.pl | 357 -- src/CMakeLists.txt | 3 +- src/Makefile.am | 6 +- src/Makefile.inc | 2 + src/Makefile.mk | 29 +- src/curl.rc | 2 +- src/tool_cb_dbg.c | 2 +- src/tool_cb_hdr.c | 37 +- src/tool_cb_prg.c | 22 +- src/tool_cb_rea.c | 2 +- src/tool_cb_see.c | 15 - src/tool_cb_see.h | 4 +- src/tool_cb_wrt.c | 26 +- src/tool_cfgable.c | 5 +- src/tool_cfgable.h | 2 +- src/tool_dirhie.c | 8 +- src/tool_doswin.c | 36 +- src/tool_doswin.h | 8 +- src/tool_easysrc.h | 2 +- src/tool_filetime.c | 8 +- src/tool_filetime.h | 4 +- src/tool_findfile.c | 2 +- src/tool_findfile.h | 2 +- src/tool_formparse.c | 2 +- src/tool_getparam.c | 3480 +++++++++-------- src/tool_getparam.h | 1 + src/tool_getpass.c | 6 +- src/tool_help.c | 20 +- src/tool_helpers.c | 2 + src/tool_ipfs.c | 293 ++ src/tool_ipfs.h | 33 + src/tool_listhelp.c | 12 +- src/tool_main.c | 13 +- src/tool_msgs.c | 7 +- src/tool_msgs.h | 12 +- src/tool_operate.c | 255 +- src/tool_operate.h | 2 +- src/tool_operhlp.c | 4 +- src/tool_paramhlp.c | 6 +- src/tool_paramhlp.h | 2 + src/tool_parsecfg.c | 9 +- src/tool_sdecls.h | 2 +- src/tool_setopt.c | 16 +- src/tool_setup.h | 4 +- src/tool_sleep.c | 2 +- src/tool_urlglob.c | 30 +- src/tool_util.c | 2 +- src/tool_writeout_json.c | 4 +- src/tool_xattr.c | 4 +- src/var.c | 2 +- tests/FILEFORMAT.md | 11 + tests/Makefile.am | 50 +- tests/README.md | 81 +- tests/data/DISABLED | 5 +- tests/data/Makefile.inc | 21 +- tests/data/test1026 | 2 +- tests/data/test1119 | 2 +- tests/data/test1132 | 2 +- tests/data/test1135 | 2 +- tests/data/test1139 | 2 +- tests/data/test1140 | 2 +- tests/data/test1154 | 4 +- tests/data/test1165 | 2 +- tests/data/test1167 | 2 +- tests/data/test1173 | 2 +- tests/data/test1175 | 2 +- tests/data/test1177 | 2 +- tests/data/test1222 | 2 +- tests/data/test1254 | 2 +- tests/data/test1268 | 2 +- tests/data/test1275 | 2 +- tests/data/test1276 | 2 +- tests/data/test1279 | 2 +- tests/data/test1474 | 121 - tests/data/test1475 | 83 + tests/data/test1476 | 59 + tests/data/test1477 | 30 + tests/data/test1478 | 32 + tests/data/test1506 | 1 - tests/data/test1538 | 6 +- tests/data/test1544 | 2 +- tests/data/test1545 | 38 + tests/data/test1683 | 2 - tests/data/test1704 | 66 + tests/data/test19 | 2 +- tests/data/test1900 | 38 + tests/data/test194 | 3 +- tests/data/test1940 | 4 + tests/data/test2307 | 71 + tests/data/test250 | 2 +- tests/data/test268 | 59 + tests/data/test285 | 2 +- tests/data/test3012 | 5 +- tests/data/test3103 | 2 +- tests/data/test421 | 2 +- tests/data/test439 | 6 +- tests/data/test457 | 5 +- tests/data/test459 | 63 + tests/data/test460 | 28 + tests/data/test461 | 48 + tests/data/test498 | 2 +- tests/data/test689 | 53 + tests/data/test722 | 6 +- tests/data/test723 | 2 +- tests/data/test724 | 8 +- tests/data/test725 | 4 +- tests/data/test726 | 2 +- tests/data/test727 | 6 +- tests/data/test729 | 41 + tests/data/test730 | 52 + tests/data/test731 | 58 + tests/data/test732 | 52 + tests/data/test733 | 52 + tests/data/test734 | 52 + tests/data/test735 | 52 + tests/data/test736 | 58 + tests/data/test737 | 58 + tests/data/test738 | 37 + tests/data/test739 | 34 + tests/data/test740 | 60 + tests/data/test741 | 42 + tests/data/test742 | 66 + tests/data/test80 | 4 +- tests/data/test971 | 2 +- tests/data/test992 | 52 + tests/ftpserver.pl | 3 +- tests/http/clients/h2-download.c | 22 +- tests/http/clients/h2-serverpush.c | 5 +- tests/libtest/CMakeLists.txt | 2 +- tests/libtest/Makefile.am | 2 +- tests/libtest/Makefile.inc | 8 +- tests/libtest/first.c | 14 +- tests/libtest/lib1156.c | 2 +- tests/libtest/lib1517.c | 2 +- tests/libtest/lib1531.c | 2 +- tests/libtest/lib1545.c | 56 + tests/libtest/lib1560.c | 22 +- tests/libtest/lib1900.c | 55 + tests/libtest/lib1940.c | 2 + tests/libtest/lib1947.c | 2 +- tests/libtest/lib1960.c | 6 - tests/libtest/lib2305.c | 2 - tests/libtest/lib3026.c | 4 +- tests/libtest/lib517.c | 2 +- tests/libtest/lib518.c | 108 +- tests/libtest/lib537.c | 91 +- tests/libtest/lib544.c | 2 - tests/libtest/lib552.c | 5 +- tests/libtest/lib557.c | 56 +- tests/libtest/lib567.c | 1 + tests/libtest/lib568.c | 1 + tests/libtest/lib670.c | 2 +- tests/libtest/sethostname.c | 2 - tests/libtest/stub_gssapi.c | 10 +- tests/libtest/test.h | 2 +- tests/libtest/test613.pl | 2 +- tests/libtest/testtrace.c | 5 +- tests/libtest/testutil.c | 8 +- tests/libtest/testutil.h | 2 +- tests/pathhelp.pm | 1 + tests/runner.pm | 24 +- tests/runtests.1 | 40 +- tests/runtests.pl | 10 +- tests/server/getpart.c | 4 +- tests/server/mqttd.c | 55 +- tests/server/resolve.c | 2 +- tests/server/rtspd.c | 2 +- tests/server/sockfilt.c | 14 +- tests/server/socksd.c | 66 +- tests/server/sws.c | 19 +- tests/server/tftpd.c | 6 +- tests/server/util.c | 52 +- tests/server/util.h | 11 +- tests/servers.pm | 38 +- tests/{symbol-scan.pl => test1119.pl} | 0 tests/{mem-include-scan.pl => test1132.pl} | 0 tests/{extern-scan.pl => test1135.pl} | 0 tests/{manpage-scan.pl => test1139.pl} | 27 +- tests/{nroff-scan.pl => test1140.pl} | 2 + tests/{disable-scan.pl => test1165.pl} | 41 + tests/{badsymbols.pl => test1167.pl} | 0 tests/{manpage-syntax.pl => test1173.pl} | 0 tests/{error-codes.pl => test1175.pl} | 0 tests/{version-scan.pl => test1177.pl} | 4 +- tests/{check-deprecated.pl => test1222.pl} | 0 tests/{markdown-uppercase.pl => test1275.pl} | 29 +- tests/{option-check.pl => test1276.pl} | 0 tests/test1477.pl | 100 + ...ck-translatable-options.pl => test1544.pl} | 0 tests/{options-scan.pl => test971.pl} | 6 +- tests/testutil.pm | 13 + tests/unit/curlcheck.h | 2 - tests/unit/unit1394.c | 2 +- tests/unit/unit1395.c | 10 +- tests/unit/unit1398.c | 2 +- tests/unit/unit1604.c | 4 +- tests/unit/unit1651.c | 2 +- tests/unit/unit1652.c | 4 +- tests/unit/unit2600.c | 8 +- tests/unit/unit3200.c | 5 + 1293 files changed, 73864 insertions(+), 17915 deletions(-) create mode 100644 .github/dependabot.yml create mode 100755 .github/scripts/badwords.pl create mode 100644 .github/scripts/badwords.txt create mode 100755 .github/scripts/cleancmd.pl create mode 100644 .github/scripts/codespell-ignore.txt create mode 100755 .github/scripts/verify-examples.pl create mode 100755 .github/scripts/verify-synopsis.pl create mode 100644 .github/workflows/badwords.yml create mode 100644 .github/workflows/codespell.yml create mode 100644 .github/workflows/man-examples.yml create mode 100644 .github/workflows/osslq-linux.yml create mode 100644 .github/workflows/synopsis.yml create mode 100644 appveyor.sh create mode 100644 docs/CLIENT-WRITERS.md create mode 100644 docs/CURLDOWN.md create mode 100644 docs/INSTALL-CMAKE.md delete mode 100644 docs/INSTALL.cmake create mode 100644 docs/cmdline-opts/_AUTHORS.md create mode 100644 docs/cmdline-opts/_BUGS.md create mode 100644 docs/cmdline-opts/_DESCRIPTION.md create mode 100644 docs/cmdline-opts/_ENVIRONMENT.md rename docs/cmdline-opts/{page-footer => _EXITCODES.md} (47%) create mode 100644 docs/cmdline-opts/_FILES.md create mode 100644 docs/cmdline-opts/_GLOBBING.md create mode 100644 docs/cmdline-opts/_NAME.md create mode 100644 docs/cmdline-opts/_OPTIONS.md create mode 100644 docs/cmdline-opts/_OUTPUT.md create mode 100644 docs/cmdline-opts/_PROGRESS.md create mode 100644 docs/cmdline-opts/_PROTOCOLS.md create mode 100644 docs/cmdline-opts/_PROXYPREFIX.md create mode 100644 docs/cmdline-opts/_SEEALSO.md create mode 100644 docs/cmdline-opts/_SYNOPSIS.md create mode 100644 docs/cmdline-opts/_URL.md create mode 100644 docs/cmdline-opts/_VARIABLES.md create mode 100644 docs/cmdline-opts/_VERSION.md create mode 100644 docs/cmdline-opts/_WWW.md rename docs/cmdline-opts/{abstract-unix-socket.d => abstract-unix-socket.md} (80%) rename docs/cmdline-opts/{alt-svc.d => alt-svc.md} (87%) rename docs/cmdline-opts/{anyauth.d => anyauth.md} (88%) rename docs/cmdline-opts/{append.d => append.md} (79%) rename docs/cmdline-opts/{aws-sigv4.d => aws-sigv4.md} (83%) rename docs/cmdline-opts/{basic.d => basic.md} (85%) rename docs/cmdline-opts/{ca-native.d => ca-native.md} (57%) rename docs/cmdline-opts/{cacert.d => cacert.md} (85%) rename docs/cmdline-opts/{capath.d => capath.md} (88%) rename docs/cmdline-opts/{cert-status.d => cert-status.md} (88%) rename docs/cmdline-opts/{cert-type.d => cert-type.md} (82%) rename docs/cmdline-opts/{cert.d => cert.md} (65%) rename docs/cmdline-opts/{ciphers.d => ciphers.md} (75%) rename docs/cmdline-opts/{compressed-ssh.d => compressed-ssh.md} (75%) rename docs/cmdline-opts/{compressed.d => compressed.md} (89%) rename docs/cmdline-opts/{config.d => config.md} (73%) rename docs/cmdline-opts/{connect-timeout.d => connect-timeout.md} (84%) delete mode 100644 docs/cmdline-opts/connect-to.d create mode 100644 docs/cmdline-opts/connect-to.md rename docs/cmdline-opts/{continue-at.d => continue-at.md} (88%) rename docs/cmdline-opts/{cookie-jar.d => cookie-jar.md} (90%) rename docs/cmdline-opts/{cookie.d => cookie.md} (71%) rename docs/cmdline-opts/{create-dirs.d => create-dirs.md} (85%) rename docs/cmdline-opts/{create-file-mode.d => create-file-mode.md} (78%) rename docs/cmdline-opts/{crlf.d => crlf.md} (78%) rename docs/cmdline-opts/{crlfile.d => crlfile.md} (78%) rename docs/cmdline-opts/{curves.d => curves.md} (66%) rename docs/cmdline-opts/{data-ascii.d => data-ascii.md} (68%) rename docs/cmdline-opts/{data-binary.d => data-binary.md} (90%) rename docs/cmdline-opts/{data-raw.d => data-raw.md} (74%) rename docs/cmdline-opts/{data-urlencode.d => data-urlencode.md} (82%) rename docs/cmdline-opts/{data.d => data.md} (90%) rename docs/cmdline-opts/{delegation.d => delegation.md} (80%) rename docs/cmdline-opts/{digest.d => digest.md} (80%) rename docs/cmdline-opts/{disable-eprt.d => disable-eprt.md} (89%) rename docs/cmdline-opts/{disable-epsv.d => disable-epsv.md} (85%) rename docs/cmdline-opts/{disable.d => disable.md} (87%) rename docs/cmdline-opts/{disallow-username-in-url.d => disallow-username-in-url.md} (73%) rename docs/cmdline-opts/{dns-interface.d => dns-interface.md} (79%) rename docs/cmdline-opts/{dns-ipv4-addr.d => dns-ipv4-addr.md} (78%) rename docs/cmdline-opts/{dns-ipv6-addr.d => dns-ipv6-addr.md} (77%) rename docs/cmdline-opts/{dns-servers.d => dns-servers.md} (75%) rename docs/cmdline-opts/{doh-cert-status.d => doh-cert-status.md} (69%) rename docs/cmdline-opts/{doh-insecure.d => doh-insecure.md} (70%) rename docs/cmdline-opts/{doh-url.d => doh-url.md} (87%) rename docs/cmdline-opts/{dump-header.d => dump-header.md} (87%) rename docs/cmdline-opts/{egd-file.d => egd-file.md} (83%) rename docs/cmdline-opts/{engine.d => engine.md} (82%) rename docs/cmdline-opts/{etag-compare.d => etag-compare.md} (86%) rename docs/cmdline-opts/{etag-save.d => etag-save.md} (81%) rename docs/cmdline-opts/{expect100-timeout.d => expect100-timeout.md} (85%) rename docs/cmdline-opts/{fail-early.d => fail-early.md} (90%) rename docs/cmdline-opts/{fail-with-body.d => fail-with-body.md} (87%) rename docs/cmdline-opts/{fail.d => fail.md} (89%) rename docs/cmdline-opts/{false-start.d => false-start.md} (86%) rename docs/cmdline-opts/{form-escape.d => form-escape.md} (75%) rename docs/cmdline-opts/{form-string.d => form-string.md} (87%) rename docs/cmdline-opts/{form.d => form.md} (75%) rename docs/cmdline-opts/{ftp-account.d => ftp-account.md} (77%) rename docs/cmdline-opts/{ftp-alternative-to-user.d => ftp-alternative-to-user.md} (78%) rename docs/cmdline-opts/{ftp-create-dirs.d => ftp-create-dirs.md} (77%) rename docs/cmdline-opts/{ftp-method.d => ftp-method.md} (77%) rename docs/cmdline-opts/{ftp-pasv.d => ftp-pasv.md} (86%) rename docs/cmdline-opts/{ftp-port.d => ftp-port.md} (65%) rename docs/cmdline-opts/{ftp-pret.d => ftp-pret.md} (79%) rename docs/cmdline-opts/{ftp-skip-pasv-ip.d => ftp-skip-pasv-ip.md} (84%) rename docs/cmdline-opts/{ftp-ssl-ccc-mode.d => ftp-ssl-ccc-mode.md} (78%) rename docs/cmdline-opts/{ftp-ssl-ccc.d => ftp-ssl-ccc.md} (80%) rename docs/cmdline-opts/{ftp-ssl-control.d => ftp-ssl-control.md} (66%) rename docs/cmdline-opts/{get.d => get.md} (77%) rename docs/cmdline-opts/{globoff.d => globoff.md} (83%) rename docs/cmdline-opts/{happy-eyeballs-timeout-ms.d => happy-eyeballs-timeout-ms.md} (87%) rename docs/cmdline-opts/{haproxy-clientip.d => haproxy-clientip.md} (87%) rename docs/cmdline-opts/{haproxy-protocol.d => haproxy-protocol.md} (85%) rename docs/cmdline-opts/{head.d => head.md} (83%) rename docs/cmdline-opts/{header.d => header.md} (88%) rename docs/cmdline-opts/{help.d => help.md} (89%) rename docs/cmdline-opts/{hostpubmd5.d => hostpubmd5.md} (52%) rename docs/cmdline-opts/{hostpubsha256.d => hostpubsha256.md} (77%) rename docs/cmdline-opts/{hsts.d => hsts.md} (92%) rename docs/cmdline-opts/{http0.9.d => http0.9.md} (84%) rename docs/cmdline-opts/{http1.0.d => http1.0.md} (80%) rename docs/cmdline-opts/{http1.1.d => http1.1.md} (77%) rename docs/cmdline-opts/{http2-prior-knowledge.d => http2-prior-knowledge.md} (83%) rename docs/cmdline-opts/{http2.d => http2.md} (88%) rename docs/cmdline-opts/{http3-only.d => http3-only.md} (89%) rename docs/cmdline-opts/{http3.d => http3.md} (92%) rename docs/cmdline-opts/{ignore-content-length.d => ignore-content-length.md} (84%) rename docs/cmdline-opts/{include.d => include.md} (57%) rename docs/cmdline-opts/{insecure.d => insecure.md} (90%) rename docs/cmdline-opts/{interface.d => interface.md} (80%) delete mode 100644 docs/cmdline-opts/ipfs-gateway.d create mode 100644 docs/cmdline-opts/ipfs-gateway.md rename docs/cmdline-opts/{ipv4.d => ipv4.md} (82%) rename docs/cmdline-opts/{ipv6.d => ipv6.md} (82%) rename docs/cmdline-opts/{json.d => json.md} (75%) rename docs/cmdline-opts/{junk-session-cookies.d => junk-session-cookies.md} (78%) rename docs/cmdline-opts/{keepalive-time.d => keepalive-time.md} (65%) rename docs/cmdline-opts/{key-type.d => key-type.md} (81%) rename docs/cmdline-opts/{key.d => key.md} (74%) rename docs/cmdline-opts/{krb.d => krb.md} (82%) rename docs/cmdline-opts/{libcurl.d => libcurl.md} (83%) rename docs/cmdline-opts/{limit-rate.d => limit-rate.md} (86%) rename docs/cmdline-opts/{list-only.d => list-only.md} (93%) rename docs/cmdline-opts/{local-port.d => local-port.md} (70%) rename docs/cmdline-opts/{location-trusted.d => location-trusted.md} (73%) rename docs/cmdline-opts/{location.d => location.md} (94%) rename docs/cmdline-opts/{login-options.d => login-options.md} (65%) rename docs/cmdline-opts/{mail-auth.d => mail-auth.md} (74%) rename docs/cmdline-opts/{mail-from.d => mail-from.md} (68%) rename docs/cmdline-opts/{mail-rcpt-allowfails.d => mail-rcpt-allowfails.md} (84%) rename docs/cmdline-opts/{mail-rcpt.d => mail-rcpt.md} (85%) create mode 100644 docs/cmdline-opts/mainpage.idx rename docs/cmdline-opts/{manual.d => manual.md} (72%) rename docs/cmdline-opts/{max-filesize.d => max-filesize.md} (91%) rename docs/cmdline-opts/{max-redirs.d => max-redirs.md} (82%) rename docs/cmdline-opts/{max-time.d => max-time.md} (77%) rename docs/cmdline-opts/{metalink.d => metalink.md} (81%) rename docs/cmdline-opts/{negotiate.d => negotiate.md} (83%) rename docs/cmdline-opts/{netrc-file.d => netrc-file.md} (81%) rename docs/cmdline-opts/{netrc-optional.d => netrc-optional.md} (78%) rename docs/cmdline-opts/{netrc.d => netrc.md} (86%) rename docs/cmdline-opts/{next.d => next.md} (78%) rename docs/cmdline-opts/{no-alpn.d => no-alpn.md} (87%) rename docs/cmdline-opts/{no-buffer.d => no-buffer.md} (87%) rename docs/cmdline-opts/{no-clobber.d => no-clobber.md} (76%) rename docs/cmdline-opts/{no-keepalive.d => no-keepalive.md} (82%) rename docs/cmdline-opts/{no-npn.d => no-npn.md} (87%) rename docs/cmdline-opts/{no-progress-meter.d => no-progress-meter.md} (80%) rename docs/cmdline-opts/{no-sessionid.d => no-sessionid.md} (88%) rename docs/cmdline-opts/{noproxy.d => noproxy.md} (48%) rename docs/cmdline-opts/{ntlm-wb.d => ntlm-wb.md} (62%) rename docs/cmdline-opts/{ntlm.d => ntlm.md} (89%) rename docs/cmdline-opts/{oauth2-bearer.d => oauth2-bearer.md} (80%) rename docs/cmdline-opts/{output-dir.d => output-dir.md} (82%) rename docs/cmdline-opts/{output.d => output.md} (67%) delete mode 100644 docs/cmdline-opts/page-header rename docs/cmdline-opts/{parallel-immediate.d => parallel-immediate.md} (77%) rename docs/cmdline-opts/{parallel-max.d => parallel-max.md} (81%) rename docs/cmdline-opts/{parallel.d => parallel.md} (74%) rename docs/cmdline-opts/{pass.d => pass.md} (74%) rename docs/cmdline-opts/{path-as-is.d => path-as-is.md} (77%) rename docs/cmdline-opts/{pinnedpubkey.d => pinnedpubkey.md} (89%) rename docs/cmdline-opts/{post301.d => post301.md} (83%) rename docs/cmdline-opts/{post302.d => post302.md} (83%) rename docs/cmdline-opts/{post303.d => post303.md} (79%) rename docs/cmdline-opts/{preproxy.d => preproxy.md} (88%) rename docs/cmdline-opts/{progress-bar.d => progress-bar.md} (89%) rename docs/cmdline-opts/{proto-default.d => proto-default.md} (82%) rename docs/cmdline-opts/{proto-redir.d => proto-redir.md} (81%) rename docs/cmdline-opts/{proto.d => proto.md} (77%) rename docs/cmdline-opts/{proxy-anyauth.d => proxy-anyauth.md} (70%) rename docs/cmdline-opts/{proxy-basic.d => proxy-basic.md} (73%) rename docs/cmdline-opts/{proxy-ca-native.d => proxy-ca-native.md} (58%) rename docs/cmdline-opts/{proxy-cacert.d => proxy-cacert.md} (65%) rename docs/cmdline-opts/{proxy-capath.d => proxy-capath.md} (66%) rename docs/cmdline-opts/{proxy-cert-type.d => proxy-cert-type.md} (68%) rename docs/cmdline-opts/{proxy-cert.d => proxy-cert.md} (71%) rename docs/cmdline-opts/{proxy-ciphers.d => proxy-ciphers.md} (76%) rename docs/cmdline-opts/{proxy-crlfile.d => proxy-crlfile.md} (67%) rename docs/cmdline-opts/{proxy-digest.d => proxy-digest.md} (70%) rename docs/cmdline-opts/{proxy-header.d => proxy-header.md} (83%) rename docs/cmdline-opts/{proxy-http2.d => proxy-http2.md} (84%) rename docs/cmdline-opts/{proxy-insecure.d => proxy-insecure.md} (71%) rename docs/cmdline-opts/{proxy-key-type.d => proxy-key-type.md} (66%) rename docs/cmdline-opts/{proxy-key.d => proxy-key.md} (68%) rename docs/cmdline-opts/{proxy-negotiate.d => proxy-negotiate.md} (73%) rename docs/cmdline-opts/{proxy-ntlm.d => proxy-ntlm.md} (70%) rename docs/cmdline-opts/{proxy-pass.d => proxy-pass.md} (68%) rename docs/cmdline-opts/{proxy-pinnedpubkey.d => proxy-pinnedpubkey.md} (81%) rename docs/cmdline-opts/{proxy-service-name.d => proxy-service-name.md} (68%) rename docs/cmdline-opts/{proxy-ssl-allow-beast.d => proxy-ssl-allow-beast.md} (68%) rename docs/cmdline-opts/{proxy-ssl-auto-client-cert.d => proxy-ssl-auto-client-cert.md} (66%) rename docs/cmdline-opts/{proxy-tls13-ciphers.d => proxy-tls13-ciphers.md} (81%) rename docs/cmdline-opts/{proxy-tlsauthtype.d => proxy-tlsauthtype.md} (69%) rename docs/cmdline-opts/{proxy-tlspassword.d => proxy-tlspassword.md} (67%) rename docs/cmdline-opts/{proxy-tlsuser.d => proxy-tlsuser.md} (67%) rename docs/cmdline-opts/{proxy-tlsv1.d => proxy-tlsv1.md} (72%) rename docs/cmdline-opts/{proxy-user.d => proxy-user.md} (90%) rename docs/cmdline-opts/{proxy.d => proxy.md} (94%) rename docs/cmdline-opts/{proxy1.0.d => proxy1.0.md} (81%) rename docs/cmdline-opts/{proxytunnel.d => proxytunnel.md} (86%) rename docs/cmdline-opts/{pubkey.d => pubkey.md} (87%) rename docs/cmdline-opts/{quote.d => quote.md} (87%) rename docs/cmdline-opts/{random-file.d => random-file.md} (84%) rename docs/cmdline-opts/{range.d => range.md} (76%) rename docs/cmdline-opts/{rate.d => rate.md} (90%) rename docs/cmdline-opts/{raw.d => raw.md} (83%) rename docs/cmdline-opts/{referer.d => referer.md} (74%) rename docs/cmdline-opts/{remote-header-name.d => remote-header-name.md} (93%) rename docs/cmdline-opts/{remote-name-all.d => remote-name-all.md} (77%) rename docs/cmdline-opts/{remote-name.d => remote-name.md} (89%) rename docs/cmdline-opts/{remote-time.d => remote-time.md} (78%) rename docs/cmdline-opts/{remove-on-error.d => remove-on-error.md} (72%) rename docs/cmdline-opts/{request-target.d => request-target.md} (65%) rename docs/cmdline-opts/{request.d => request.md} (79%) rename docs/cmdline-opts/{resolve.d => resolve.md} (91%) rename docs/cmdline-opts/{retry-all-errors.d => retry-all-errors.md} (94%) rename docs/cmdline-opts/{retry-connrefused.d => retry-connrefused.md} (74%) rename docs/cmdline-opts/{retry-delay.d => retry-delay.md} (84%) rename docs/cmdline-opts/{retry-max-time.d => retry-max-time.md} (86%) rename docs/cmdline-opts/{retry.d => retry.md} (93%) rename docs/cmdline-opts/{sasl-authzid.d => sasl-authzid.md} (86%) rename docs/cmdline-opts/{sasl-ir.d => sasl-ir.md} (73%) rename docs/cmdline-opts/{service-name.d => service-name.md} (68%) rename docs/cmdline-opts/{show-error.d => show-error.md} (75%) rename docs/cmdline-opts/{silent.d => silent.md} (83%) rename docs/cmdline-opts/{socks4.d => socks4.md} (85%) rename docs/cmdline-opts/{socks4a.d => socks4a.md} (85%) rename docs/cmdline-opts/{socks5-basic.d => socks5-basic.md} (67%) rename docs/cmdline-opts/{socks5-gssapi-nec.d => socks5-gssapi-nec.md} (81%) rename docs/cmdline-opts/{socks5-gssapi-service.d => socks5-gssapi-service.md} (72%) rename docs/cmdline-opts/{socks5-gssapi.d => socks5-gssapi.md} (67%) rename docs/cmdline-opts/{socks5-hostname.d => socks5-hostname.md} (85%) rename docs/cmdline-opts/{socks5.d => socks5.md} (86%) rename docs/cmdline-opts/{speed-limit.d => speed-limit.md} (40%) rename docs/cmdline-opts/{speed-time.d => speed-time.md} (83%) rename docs/cmdline-opts/{ssl-allow-beast.d => ssl-allow-beast.md} (55%) rename docs/cmdline-opts/{ssl-auto-client-cert.d => ssl-auto-client-cert.md} (79%) rename docs/cmdline-opts/{ssl-no-revoke.d => ssl-no-revoke.md} (79%) rename docs/cmdline-opts/{ssl-reqd.d => ssl-reqd.md} (88%) rename docs/cmdline-opts/{ssl-revoke-best-effort.d => ssl-revoke-best-effort.md} (75%) rename docs/cmdline-opts/{ssl.d => ssl.md} (89%) rename docs/cmdline-opts/{sslv2.d => sslv2.md} (83%) rename docs/cmdline-opts/{sslv3.d => sslv3.md} (83%) rename docs/cmdline-opts/{stderr.d => stderr.md} (78%) rename docs/cmdline-opts/{styled-output.d => styled-output.md} (83%) rename docs/cmdline-opts/{suppress-connect-headers.d => suppress-connect-headers.md} (77%) rename docs/cmdline-opts/{tcp-fastopen.d => tcp-fastopen.md} (83%) rename docs/cmdline-opts/{tcp-nodelay.d => tcp-nodelay.md} (83%) rename docs/cmdline-opts/{telnet-option.d => telnet-option.md} (51%) rename docs/cmdline-opts/{tftp-blksize.d => tftp-blksize.md} (77%) rename docs/cmdline-opts/{tftp-no-options.d => tftp-no-options.md} (79%) rename docs/cmdline-opts/{time-cond.d => time-cond.md} (84%) rename docs/cmdline-opts/{tls-max.d => tls-max.md} (76%) rename docs/cmdline-opts/{tls13-ciphers.d => tls13-ciphers.md} (82%) rename docs/cmdline-opts/{tlsauthtype.d => tlsauthtype.md} (84%) rename docs/cmdline-opts/{tlspassword.d => tlspassword.md} (76%) rename docs/cmdline-opts/{tlsuser.d => tlsuser.md} (75%) rename docs/cmdline-opts/{tlsv1.0.d => tlsv1.0.md} (87%) rename docs/cmdline-opts/{tlsv1.1.d => tlsv1.1.md} (85%) rename docs/cmdline-opts/{tlsv1.2.d => tlsv1.2.md} (85%) rename docs/cmdline-opts/{tlsv1.3.d => tlsv1.3.md} (84%) rename docs/cmdline-opts/{tlsv1.d => tlsv1.md} (83%) rename docs/cmdline-opts/{tr-encoding.d => tr-encoding.md} (81%) rename docs/cmdline-opts/{trace-ascii.d => trace-ascii.md} (89%) rename docs/cmdline-opts/{trace-config.d => trace-config.md} (86%) rename docs/cmdline-opts/{trace-ids.d => trace-ids.md} (76%) rename docs/cmdline-opts/{trace-time.d => trace-time.md} (72%) rename docs/cmdline-opts/{trace.d => trace.md} (84%) rename docs/cmdline-opts/{unix-socket.d => unix-socket.md} (74%) rename docs/cmdline-opts/{upload-file.d => upload-file.md} (86%) rename docs/cmdline-opts/{url-query.d => url-query.md} (69%) rename docs/cmdline-opts/{url.d => url.md} (92%) rename docs/cmdline-opts/{use-ascii.d => use-ascii.md} (79%) rename docs/cmdline-opts/{user-agent.d => user-agent.md} (86%) rename docs/cmdline-opts/{user.d => user.md} (91%) rename docs/cmdline-opts/{variable.d => variable.md} (94%) rename docs/cmdline-opts/{verbose.d => verbose.md} (90%) rename docs/cmdline-opts/{version.d => version.md} (76%) rename docs/cmdline-opts/{write-out.d => write-out.md} (84%) rename docs/cmdline-opts/{xattr.d => xattr.md} (60%) rename docs/{curl-config.1 => curl-config.md} (56%) create mode 100644 docs/examples/address-scope.c create mode 100644 docs/examples/interface.c create mode 100644 docs/examples/keepalive.c create mode 100644 docs/examples/localport.c create mode 100644 docs/examples/netrc.c rename tests/libtest/sethostname.h => docs/examples/range.c (70%) create mode 100644 docs/examples/rtsp-options.c create mode 100644 docs/libcurl/curl_easy_cleanup.md create mode 100644 docs/libcurl/curl_easy_duphandle.md create mode 100644 docs/libcurl/curl_easy_escape.md create mode 100644 docs/libcurl/curl_easy_getinfo.md create mode 100644 docs/libcurl/curl_easy_header.md create mode 100644 docs/libcurl/curl_easy_init.md create mode 100644 docs/libcurl/curl_easy_nextheader.md create mode 100644 docs/libcurl/curl_easy_option_by_id.md create mode 100644 docs/libcurl/curl_easy_option_by_name.md create mode 100644 docs/libcurl/curl_easy_option_next.md rename docs/libcurl/{curl_easy_pause.3 => curl_easy_pause.md} (59%) create mode 100644 docs/libcurl/curl_easy_perform.md create mode 100644 docs/libcurl/curl_easy_recv.md create mode 100644 docs/libcurl/curl_easy_reset.md create mode 100644 docs/libcurl/curl_easy_send.md create mode 100644 docs/libcurl/curl_easy_setopt.md create mode 100644 docs/libcurl/curl_easy_strerror.md create mode 100644 docs/libcurl/curl_easy_unescape.md create mode 100644 docs/libcurl/curl_easy_upkeep.md create mode 100644 docs/libcurl/curl_escape.md create mode 100644 docs/libcurl/curl_formadd.md create mode 100644 docs/libcurl/curl_formfree.md create mode 100644 docs/libcurl/curl_formget.md create mode 100644 docs/libcurl/curl_free.md rename docs/libcurl/{curl_getdate.3 => curl_getdate.md} (42%) create mode 100644 docs/libcurl/curl_getenv.md create mode 100644 docs/libcurl/curl_global_cleanup.md rename docs/libcurl/{curl_global_init.3 => curl_global_init.md} (57%) create mode 100644 docs/libcurl/curl_global_init_mem.md create mode 100644 docs/libcurl/curl_global_sslset.md rename docs/libcurl/{curl_global_trace.3 => curl_global_trace.md} (56%) create mode 100644 docs/libcurl/curl_mime_addpart.md create mode 100644 docs/libcurl/curl_mime_data.md rename docs/libcurl/{curl_mime_data_cb.3 => curl_mime_data_cb.md} (53%) create mode 100644 docs/libcurl/curl_mime_encoder.md create mode 100644 docs/libcurl/curl_mime_filedata.md create mode 100644 docs/libcurl/curl_mime_filename.md create mode 100644 docs/libcurl/curl_mime_free.md create mode 100644 docs/libcurl/curl_mime_headers.md create mode 100644 docs/libcurl/curl_mime_init.md create mode 100644 docs/libcurl/curl_mime_name.md create mode 100644 docs/libcurl/curl_mime_subparts.md create mode 100644 docs/libcurl/curl_mime_type.md rename docs/libcurl/{curl_mprintf.3 => curl_mprintf.md} (55%) create mode 100644 docs/libcurl/curl_multi_add_handle.md create mode 100644 docs/libcurl/curl_multi_assign.md create mode 100644 docs/libcurl/curl_multi_cleanup.md create mode 100644 docs/libcurl/curl_multi_fdset.md create mode 100644 docs/libcurl/curl_multi_get_handles.md create mode 100644 docs/libcurl/curl_multi_info_read.md create mode 100644 docs/libcurl/curl_multi_init.md create mode 100644 docs/libcurl/curl_multi_perform.md create mode 100644 docs/libcurl/curl_multi_poll.md create mode 100644 docs/libcurl/curl_multi_remove_handle.md create mode 100644 docs/libcurl/curl_multi_setopt.md create mode 100644 docs/libcurl/curl_multi_socket.md create mode 100644 docs/libcurl/curl_multi_socket_action.md delete mode 100644 docs/libcurl/curl_multi_socket_all.3 create mode 100644 docs/libcurl/curl_multi_socket_all.md create mode 100644 docs/libcurl/curl_multi_strerror.md create mode 100644 docs/libcurl/curl_multi_timeout.md create mode 100644 docs/libcurl/curl_multi_wait.md create mode 100644 docs/libcurl/curl_multi_wakeup.md create mode 100644 docs/libcurl/curl_pushheader_byname.md create mode 100644 docs/libcurl/curl_pushheader_bynum.md create mode 100644 docs/libcurl/curl_share_cleanup.md create mode 100644 docs/libcurl/curl_share_init.md create mode 100644 docs/libcurl/curl_share_setopt.md create mode 100644 docs/libcurl/curl_share_strerror.md create mode 100644 docs/libcurl/curl_slist_append.md create mode 100644 docs/libcurl/curl_slist_free_all.md create mode 100644 docs/libcurl/curl_strequal.md delete mode 100644 docs/libcurl/curl_strnequal.3 create mode 100644 docs/libcurl/curl_strnequal.md create mode 100644 docs/libcurl/curl_unescape.md create mode 100644 docs/libcurl/curl_url.md create mode 100644 docs/libcurl/curl_url_cleanup.md create mode 100644 docs/libcurl/curl_url_dup.md create mode 100644 docs/libcurl/curl_url_get.md rename docs/libcurl/{curl_url_set.3 => curl_url_set.md} (52%) create mode 100644 docs/libcurl/curl_url_strerror.md create mode 100644 docs/libcurl/curl_version.md rename docs/libcurl/{curl_version_info.3 => curl_version_info.md} (60%) create mode 100644 docs/libcurl/curl_ws_meta.md create mode 100644 docs/libcurl/curl_ws_recv.md create mode 100644 docs/libcurl/curl_ws_send.md create mode 100644 docs/libcurl/libcurl-easy.md create mode 100644 docs/libcurl/libcurl-env-dbg.md create mode 100644 docs/libcurl/libcurl-env.md rename docs/libcurl/{libcurl-errors.3 => libcurl-errors.md} (57%) rename docs/libcurl/{libcurl-multi.3 => libcurl-multi.md} (60%) rename docs/libcurl/{libcurl-security.3 => libcurl-security.md} (73%) create mode 100644 docs/libcurl/libcurl-share.md create mode 100644 docs/libcurl/libcurl-thread.md rename docs/libcurl/{libcurl-tutorial.3 => libcurl-tutorial.md} (76%) rename docs/libcurl/{libcurl-url.3 => libcurl-url.md} (58%) rename docs/libcurl/{libcurl-ws.3 => libcurl-ws.md} (59%) rename docs/libcurl/{libcurl.3 => libcurl.md} (60%) create mode 100644 docs/libcurl/opts/CURLINFO_ACTIVESOCKET.md create mode 100644 docs/libcurl/opts/CURLINFO_APPCONNECT_TIME.md create mode 100644 docs/libcurl/opts/CURLINFO_APPCONNECT_TIME_T.md create mode 100644 docs/libcurl/opts/CURLINFO_CAINFO.md create mode 100644 docs/libcurl/opts/CURLINFO_CAPATH.md create mode 100644 docs/libcurl/opts/CURLINFO_CERTINFO.md create mode 100644 docs/libcurl/opts/CURLINFO_CONDITION_UNMET.md create mode 100644 docs/libcurl/opts/CURLINFO_CONNECT_TIME.md create mode 100644 docs/libcurl/opts/CURLINFO_CONNECT_TIME_T.md create mode 100644 docs/libcurl/opts/CURLINFO_CONN_ID.md create mode 100644 docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD.md create mode 100644 docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md create mode 100644 docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD.md create mode 100644 docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD_T.md create mode 100644 docs/libcurl/opts/CURLINFO_CONTENT_TYPE.md create mode 100644 docs/libcurl/opts/CURLINFO_COOKIELIST.md create mode 100644 docs/libcurl/opts/CURLINFO_EFFECTIVE_METHOD.md create mode 100644 docs/libcurl/opts/CURLINFO_EFFECTIVE_URL.md create mode 100644 docs/libcurl/opts/CURLINFO_FILETIME.md create mode 100644 docs/libcurl/opts/CURLINFO_FILETIME_T.md create mode 100644 docs/libcurl/opts/CURLINFO_FTP_ENTRY_PATH.md create mode 100644 docs/libcurl/opts/CURLINFO_HEADER_SIZE.md create mode 100644 docs/libcurl/opts/CURLINFO_HTTPAUTH_AVAIL.md create mode 100644 docs/libcurl/opts/CURLINFO_HTTP_CONNECTCODE.md create mode 100644 docs/libcurl/opts/CURLINFO_HTTP_VERSION.md create mode 100644 docs/libcurl/opts/CURLINFO_LASTSOCKET.md create mode 100644 docs/libcurl/opts/CURLINFO_LOCAL_IP.md create mode 100644 docs/libcurl/opts/CURLINFO_LOCAL_PORT.md create mode 100644 docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME.md create mode 100644 docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME_T.md create mode 100644 docs/libcurl/opts/CURLINFO_NUM_CONNECTS.md create mode 100644 docs/libcurl/opts/CURLINFO_OS_ERRNO.md create mode 100644 docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME.md create mode 100644 docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME_T.md create mode 100644 docs/libcurl/opts/CURLINFO_PRIMARY_IP.md create mode 100644 docs/libcurl/opts/CURLINFO_PRIMARY_PORT.md create mode 100644 docs/libcurl/opts/CURLINFO_PRIVATE.md create mode 100644 docs/libcurl/opts/CURLINFO_PROTOCOL.md create mode 100644 docs/libcurl/opts/CURLINFO_PROXYAUTH_AVAIL.md create mode 100644 docs/libcurl/opts/CURLINFO_PROXY_ERROR.md create mode 100644 docs/libcurl/opts/CURLINFO_PROXY_SSL_VERIFYRESULT.md create mode 100644 docs/libcurl/opts/CURLINFO_QUEUE_TIME_T.md create mode 100644 docs/libcurl/opts/CURLINFO_REDIRECT_COUNT.md create mode 100644 docs/libcurl/opts/CURLINFO_REDIRECT_TIME.md create mode 100644 docs/libcurl/opts/CURLINFO_REDIRECT_TIME_T.md create mode 100644 docs/libcurl/opts/CURLINFO_REDIRECT_URL.md create mode 100644 docs/libcurl/opts/CURLINFO_REFERER.md create mode 100644 docs/libcurl/opts/CURLINFO_REQUEST_SIZE.md create mode 100644 docs/libcurl/opts/CURLINFO_RESPONSE_CODE.md create mode 100644 docs/libcurl/opts/CURLINFO_RETRY_AFTER.md create mode 100644 docs/libcurl/opts/CURLINFO_RTSP_CLIENT_CSEQ.md create mode 100644 docs/libcurl/opts/CURLINFO_RTSP_CSEQ_RECV.md create mode 100644 docs/libcurl/opts/CURLINFO_RTSP_SERVER_CSEQ.md create mode 100644 docs/libcurl/opts/CURLINFO_RTSP_SESSION_ID.md create mode 100644 docs/libcurl/opts/CURLINFO_SCHEME.md create mode 100644 docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD.md create mode 100644 docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD_T.md create mode 100644 docs/libcurl/opts/CURLINFO_SIZE_UPLOAD.md create mode 100644 docs/libcurl/opts/CURLINFO_SIZE_UPLOAD_T.md create mode 100644 docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD.md create mode 100644 docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD_T.md create mode 100644 docs/libcurl/opts/CURLINFO_SPEED_UPLOAD.md create mode 100644 docs/libcurl/opts/CURLINFO_SPEED_UPLOAD_T.md create mode 100644 docs/libcurl/opts/CURLINFO_SSL_ENGINES.md create mode 100644 docs/libcurl/opts/CURLINFO_SSL_VERIFYRESULT.md create mode 100644 docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME.md create mode 100644 docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME_T.md create mode 100644 docs/libcurl/opts/CURLINFO_TLS_SESSION.md rename docs/libcurl/opts/{CURLINFO_TLS_SSL_PTR.3 => CURLINFO_TLS_SSL_PTR.md} (51%) create mode 100644 docs/libcurl/opts/CURLINFO_TOTAL_TIME.md create mode 100644 docs/libcurl/opts/CURLINFO_TOTAL_TIME_T.md create mode 100644 docs/libcurl/opts/CURLINFO_XFER_ID.md create mode 100644 docs/libcurl/opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.md create mode 100644 docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.md create mode 100644 docs/libcurl/opts/CURLMOPT_MAXCONNECTS.md create mode 100644 docs/libcurl/opts/CURLMOPT_MAX_CONCURRENT_STREAMS.md create mode 100644 docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.md create mode 100644 docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.md create mode 100644 docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.md create mode 100644 docs/libcurl/opts/CURLMOPT_PIPELINING.md create mode 100644 docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.md create mode 100644 docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.md create mode 100644 docs/libcurl/opts/CURLMOPT_PUSHDATA.md rename docs/libcurl/opts/{CURLMOPT_PUSHFUNCTION.3 => CURLMOPT_PUSHFUNCTION.md} (51%) create mode 100644 docs/libcurl/opts/CURLMOPT_SOCKETDATA.md create mode 100644 docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.md create mode 100644 docs/libcurl/opts/CURLMOPT_TIMERDATA.md create mode 100644 docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_ABSTRACT_UNIX_SOCKET.md create mode 100644 docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.md create mode 100644 docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.md create mode 100644 docs/libcurl/opts/CURLOPT_ADDRESS_SCOPE.md create mode 100644 docs/libcurl/opts/CURLOPT_ALTSVC.md create mode 100644 docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.md create mode 100644 docs/libcurl/opts/CURLOPT_APPEND.md create mode 100644 docs/libcurl/opts/CURLOPT_AUTOREFERER.md create mode 100644 docs/libcurl/opts/CURLOPT_AWS_SIGV4.md create mode 100644 docs/libcurl/opts/CURLOPT_BUFFERSIZE.md create mode 100644 docs/libcurl/opts/CURLOPT_CAINFO.md create mode 100644 docs/libcurl/opts/CURLOPT_CAINFO_BLOB.md create mode 100644 docs/libcurl/opts/CURLOPT_CAPATH.md create mode 100644 docs/libcurl/opts/CURLOPT_CA_CACHE_TIMEOUT.md create mode 100644 docs/libcurl/opts/CURLOPT_CERTINFO.md rename docs/libcurl/opts/{CURLOPT_CHUNK_BGN_FUNCTION.3 => CURLOPT_CHUNK_BGN_FUNCTION.md} (51%) create mode 100644 docs/libcurl/opts/CURLOPT_CHUNK_DATA.md create mode 100644 docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_CLOSESOCKETDATA.md create mode 100644 docs/libcurl/opts/CURLOPT_CLOSESOCKETFUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.md create mode 100644 docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.md create mode 100644 docs/libcurl/opts/CURLOPT_CONNECT_ONLY.md create mode 100644 docs/libcurl/opts/CURLOPT_CONNECT_TO.md create mode 100644 docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_COOKIE.md create mode 100644 docs/libcurl/opts/CURLOPT_COOKIEFILE.md create mode 100644 docs/libcurl/opts/CURLOPT_COOKIEJAR.md create mode 100644 docs/libcurl/opts/CURLOPT_COOKIELIST.md create mode 100644 docs/libcurl/opts/CURLOPT_COOKIESESSION.md create mode 100644 docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.md create mode 100644 docs/libcurl/opts/CURLOPT_CRLF.md create mode 100644 docs/libcurl/opts/CURLOPT_CRLFILE.md create mode 100644 docs/libcurl/opts/CURLOPT_CURLU.md create mode 100644 docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.md create mode 100644 docs/libcurl/opts/CURLOPT_DEBUGDATA.md rename docs/libcurl/opts/{CURLOPT_DEBUGFUNCTION.3 => CURLOPT_DEBUGFUNCTION.md} (53%) create mode 100644 docs/libcurl/opts/CURLOPT_DEFAULT_PROTOCOL.md create mode 100644 docs/libcurl/opts/CURLOPT_DIRLISTONLY.md create mode 100644 docs/libcurl/opts/CURLOPT_DISALLOW_USERNAME_IN_URL.md create mode 100644 docs/libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.md create mode 100644 docs/libcurl/opts/CURLOPT_DNS_INTERFACE.md create mode 100644 docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP4.md create mode 100644 docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP6.md create mode 100644 docs/libcurl/opts/CURLOPT_DNS_SERVERS.md create mode 100644 docs/libcurl/opts/CURLOPT_DNS_SHUFFLE_ADDRESSES.md create mode 100644 docs/libcurl/opts/CURLOPT_DNS_USE_GLOBAL_CACHE.md create mode 100644 docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYHOST.md create mode 100644 docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYPEER.md create mode 100644 docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYSTATUS.md create mode 100644 docs/libcurl/opts/CURLOPT_DOH_URL.md create mode 100644 docs/libcurl/opts/CURLOPT_EGDSOCKET.md create mode 100644 docs/libcurl/opts/CURLOPT_ERRORBUFFER.md create mode 100644 docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.md create mode 100644 docs/libcurl/opts/CURLOPT_FAILONERROR.md create mode 100644 docs/libcurl/opts/CURLOPT_FILETIME.md create mode 100644 docs/libcurl/opts/CURLOPT_FNMATCH_DATA.md create mode 100644 docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.md create mode 100644 docs/libcurl/opts/CURLOPT_FORBID_REUSE.md create mode 100644 docs/libcurl/opts/CURLOPT_FRESH_CONNECT.md rename docs/libcurl/opts/{CURLOPT_FTPPORT.3 => CURLOPT_FTPPORT.md} (51%) create mode 100644 docs/libcurl/opts/CURLOPT_FTPSSLAUTH.md create mode 100644 docs/libcurl/opts/CURLOPT_FTP_ACCOUNT.md create mode 100644 docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.md create mode 100644 docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.md create mode 100644 docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.md create mode 100644 docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.md create mode 100644 docs/libcurl/opts/CURLOPT_FTP_SSL_CCC.md create mode 100644 docs/libcurl/opts/CURLOPT_FTP_USE_EPRT.md create mode 100644 docs/libcurl/opts/CURLOPT_FTP_USE_EPSV.md create mode 100644 docs/libcurl/opts/CURLOPT_FTP_USE_PRET.md create mode 100644 docs/libcurl/opts/CURLOPT_GSSAPI_DELEGATION.md create mode 100644 docs/libcurl/opts/CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.md create mode 100644 docs/libcurl/opts/CURLOPT_HAPROXYPROTOCOL.md create mode 100644 docs/libcurl/opts/CURLOPT_HAPROXY_CLIENT_IP.md create mode 100644 docs/libcurl/opts/CURLOPT_HEADER.md create mode 100644 docs/libcurl/opts/CURLOPT_HEADERDATA.md rename docs/libcurl/opts/{CURLOPT_HEADERFUNCTION.3 => CURLOPT_HEADERFUNCTION.md} (56%) create mode 100644 docs/libcurl/opts/CURLOPT_HEADEROPT.md create mode 100644 docs/libcurl/opts/CURLOPT_HSTS.md create mode 100644 docs/libcurl/opts/CURLOPT_HSTSREADDATA.md create mode 100644 docs/libcurl/opts/CURLOPT_HSTSREADFUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_HSTSWRITEDATA.md create mode 100644 docs/libcurl/opts/CURLOPT_HSTSWRITEFUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_HSTS_CTRL.md create mode 100644 docs/libcurl/opts/CURLOPT_HTTP09_ALLOWED.md create mode 100644 docs/libcurl/opts/CURLOPT_HTTP200ALIASES.md create mode 100644 docs/libcurl/opts/CURLOPT_HTTPAUTH.md create mode 100644 docs/libcurl/opts/CURLOPT_HTTPGET.md rename docs/libcurl/opts/{CURLOPT_HTTPHEADER.3 => CURLOPT_HTTPHEADER.md} (52%) create mode 100644 docs/libcurl/opts/CURLOPT_HTTPPOST.md create mode 100644 docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.md create mode 100644 docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.md create mode 100644 docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.md create mode 100644 docs/libcurl/opts/CURLOPT_HTTP_VERSION.md create mode 100644 docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.md create mode 100644 docs/libcurl/opts/CURLOPT_INFILESIZE.md create mode 100644 docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.md create mode 100644 docs/libcurl/opts/CURLOPT_INTERFACE.md create mode 100644 docs/libcurl/opts/CURLOPT_INTERLEAVEDATA.md create mode 100644 docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_IOCTLDATA.md create mode 100644 docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_IPRESOLVE.md create mode 100644 docs/libcurl/opts/CURLOPT_ISSUERCERT.md create mode 100644 docs/libcurl/opts/CURLOPT_ISSUERCERT_BLOB.md create mode 100644 docs/libcurl/opts/CURLOPT_KEEP_SENDING_ON_ERROR.md create mode 100644 docs/libcurl/opts/CURLOPT_KEYPASSWD.md create mode 100644 docs/libcurl/opts/CURLOPT_KRBLEVEL.md create mode 100644 docs/libcurl/opts/CURLOPT_LOCALPORT.md create mode 100644 docs/libcurl/opts/CURLOPT_LOCALPORTRANGE.md create mode 100644 docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.md create mode 100644 docs/libcurl/opts/CURLOPT_LOW_SPEED_LIMIT.md create mode 100644 docs/libcurl/opts/CURLOPT_LOW_SPEED_TIME.md create mode 100644 docs/libcurl/opts/CURLOPT_MAIL_AUTH.md create mode 100644 docs/libcurl/opts/CURLOPT_MAIL_FROM.md create mode 100644 docs/libcurl/opts/CURLOPT_MAIL_RCPT.md create mode 100644 docs/libcurl/opts/CURLOPT_MAIL_RCPT_ALLOWFAILS.md create mode 100644 docs/libcurl/opts/CURLOPT_MAXAGE_CONN.md create mode 100644 docs/libcurl/opts/CURLOPT_MAXCONNECTS.md create mode 100644 docs/libcurl/opts/CURLOPT_MAXFILESIZE.md create mode 100644 docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.md create mode 100644 docs/libcurl/opts/CURLOPT_MAXLIFETIME_CONN.md create mode 100644 docs/libcurl/opts/CURLOPT_MAXREDIRS.md create mode 100644 docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.md create mode 100644 docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.md create mode 100644 docs/libcurl/opts/CURLOPT_MIMEPOST.md create mode 100644 docs/libcurl/opts/CURLOPT_MIME_OPTIONS.md create mode 100644 docs/libcurl/opts/CURLOPT_NETRC.md create mode 100644 docs/libcurl/opts/CURLOPT_NETRC_FILE.md create mode 100644 docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.md create mode 100644 docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.md create mode 100644 docs/libcurl/opts/CURLOPT_NOBODY.md create mode 100644 docs/libcurl/opts/CURLOPT_NOPROGRESS.md create mode 100644 docs/libcurl/opts/CURLOPT_NOPROXY.md create mode 100644 docs/libcurl/opts/CURLOPT_NOSIGNAL.md create mode 100644 docs/libcurl/opts/CURLOPT_OPENSOCKETDATA.md create mode 100644 docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_PASSWORD.md create mode 100644 docs/libcurl/opts/CURLOPT_PATH_AS_IS.md create mode 100644 docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.md create mode 100644 docs/libcurl/opts/CURLOPT_PIPEWAIT.md create mode 100644 docs/libcurl/opts/CURLOPT_PORT.md create mode 100644 docs/libcurl/opts/CURLOPT_POST.md create mode 100644 docs/libcurl/opts/CURLOPT_POSTFIELDS.md create mode 100644 docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.md create mode 100644 docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.md create mode 100644 docs/libcurl/opts/CURLOPT_POSTQUOTE.md create mode 100644 docs/libcurl/opts/CURLOPT_POSTREDIR.md create mode 100644 docs/libcurl/opts/CURLOPT_PREQUOTE.md create mode 100644 docs/libcurl/opts/CURLOPT_PREREQDATA.md rename docs/libcurl/opts/{CURLOPT_PREREQFUNCTION.3 => CURLOPT_PREREQFUNCTION.md} (51%) create mode 100644 docs/libcurl/opts/CURLOPT_PRE_PROXY.md create mode 100644 docs/libcurl/opts/CURLOPT_PRIVATE.md create mode 100644 docs/libcurl/opts/CURLOPT_PROGRESSDATA.md create mode 100644 docs/libcurl/opts/CURLOPT_PROGRESSFUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_PROTOCOLS.md create mode 100644 docs/libcurl/opts/CURLOPT_PROTOCOLS_STR.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXYAUTH.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXYHEADER.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXYPASSWORD.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXYPORT.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXYTYPE.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXYUSERNAME.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXYUSERPWD.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_CAINFO.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_CAINFO_BLOB.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_CAPATH.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_CRLFILE.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT_BLOB.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_KEYPASSWD.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_PINNEDPUBLICKEY.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_SSLCERT.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_SSLCERTTYPE.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_SSLCERT_BLOB.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_SSLKEY.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_SSLKEYTYPE.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_SSLKEY_BLOB.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_SSL_CIPHER_LIST.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYHOST.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYPEER.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_TLS13_CIPHERS.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_PASSWORD.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_TYPE.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_USERNAME.md create mode 100644 docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.md create mode 100644 docs/libcurl/opts/CURLOPT_PUT.md create mode 100644 docs/libcurl/opts/CURLOPT_QUICK_EXIT.md create mode 100644 docs/libcurl/opts/CURLOPT_QUOTE.md create mode 100644 docs/libcurl/opts/CURLOPT_RANDOM_FILE.md create mode 100644 docs/libcurl/opts/CURLOPT_RANGE.md create mode 100644 docs/libcurl/opts/CURLOPT_READDATA.md create mode 100644 docs/libcurl/opts/CURLOPT_READFUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.md create mode 100644 docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS_STR.md create mode 100644 docs/libcurl/opts/CURLOPT_REFERER.md create mode 100644 docs/libcurl/opts/CURLOPT_REQUEST_TARGET.md create mode 100644 docs/libcurl/opts/CURLOPT_RESOLVE.md create mode 100644 docs/libcurl/opts/CURLOPT_RESOLVER_START_DATA.md create mode 100644 docs/libcurl/opts/CURLOPT_RESOLVER_START_FUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_RESUME_FROM.md create mode 100644 docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.md create mode 100644 docs/libcurl/opts/CURLOPT_RTSP_CLIENT_CSEQ.md create mode 100644 docs/libcurl/opts/CURLOPT_RTSP_REQUEST.md create mode 100644 docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.md create mode 100644 docs/libcurl/opts/CURLOPT_RTSP_SESSION_ID.md create mode 100644 docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.md create mode 100644 docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.md create mode 100644 docs/libcurl/opts/CURLOPT_SASL_AUTHZID.md create mode 100644 docs/libcurl/opts/CURLOPT_SASL_IR.md create mode 100644 docs/libcurl/opts/CURLOPT_SEEKDATA.md create mode 100644 docs/libcurl/opts/CURLOPT_SEEKFUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_SERVER_RESPONSE_TIMEOUT.md create mode 100644 docs/libcurl/opts/CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.md create mode 100644 docs/libcurl/opts/CURLOPT_SERVICE_NAME.md create mode 100644 docs/libcurl/opts/CURLOPT_SHARE.md create mode 100644 docs/libcurl/opts/CURLOPT_SOCKOPTDATA.md create mode 100644 docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.md create mode 100644 docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_NEC.md create mode 100644 docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.md create mode 100644 docs/libcurl/opts/CURLOPT_SSH_AUTH_TYPES.md create mode 100644 docs/libcurl/opts/CURLOPT_SSH_COMPRESSION.md create mode 100644 docs/libcurl/opts/CURLOPT_SSH_HOSTKEYDATA.md create mode 100644 docs/libcurl/opts/CURLOPT_SSH_HOSTKEYFUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.md create mode 100644 docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.md create mode 100644 docs/libcurl/opts/CURLOPT_SSH_KEYDATA.md rename docs/libcurl/opts/{CURLOPT_SSH_KEYFUNCTION.3 => CURLOPT_SSH_KEYFUNCTION.md} (58%) create mode 100644 docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.md create mode 100644 docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.md create mode 100644 docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.md create mode 100644 docs/libcurl/opts/CURLOPT_SSLCERT.md create mode 100644 docs/libcurl/opts/CURLOPT_SSLCERTTYPE.md create mode 100644 docs/libcurl/opts/CURLOPT_SSLCERT_BLOB.md create mode 100644 docs/libcurl/opts/CURLOPT_SSLENGINE.md create mode 100644 docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.md create mode 100644 docs/libcurl/opts/CURLOPT_SSLKEY.md create mode 100644 docs/libcurl/opts/CURLOPT_SSLKEYTYPE.md create mode 100644 docs/libcurl/opts/CURLOPT_SSLKEY_BLOB.md create mode 100644 docs/libcurl/opts/CURLOPT_SSLVERSION.md create mode 100644 docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.md rename docs/libcurl/opts/{CURLOPT_SSL_CTX_DATA.3 => CURLOPT_SSL_CTX_DATA.md} (52%) rename docs/libcurl/opts/{CURLOPT_SSL_CTX_FUNCTION.3 => CURLOPT_SSL_CTX_FUNCTION.md} (57%) create mode 100644 docs/libcurl/opts/CURLOPT_SSL_EC_CURVES.md create mode 100644 docs/libcurl/opts/CURLOPT_SSL_ENABLE_ALPN.md create mode 100644 docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.md create mode 100644 docs/libcurl/opts/CURLOPT_SSL_FALSESTART.md create mode 100644 docs/libcurl/opts/CURLOPT_SSL_OPTIONS.md create mode 100644 docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.md create mode 100644 docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.md create mode 100644 docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.md create mode 100644 docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.md create mode 100644 docs/libcurl/opts/CURLOPT_STDERR.md create mode 100644 docs/libcurl/opts/CURLOPT_STREAM_DEPENDS.md create mode 100644 docs/libcurl/opts/CURLOPT_STREAM_DEPENDS_E.md create mode 100644 docs/libcurl/opts/CURLOPT_STREAM_WEIGHT.md create mode 100644 docs/libcurl/opts/CURLOPT_SUPPRESS_CONNECT_HEADERS.md create mode 100644 docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.md create mode 100644 docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.md create mode 100644 docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.md create mode 100644 docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.md create mode 100644 docs/libcurl/opts/CURLOPT_TCP_NODELAY.md create mode 100644 docs/libcurl/opts/CURLOPT_TELNETOPTIONS.md create mode 100644 docs/libcurl/opts/CURLOPT_TFTP_BLKSIZE.md create mode 100644 docs/libcurl/opts/CURLOPT_TFTP_NO_OPTIONS.md create mode 100644 docs/libcurl/opts/CURLOPT_TIMECONDITION.md create mode 100644 docs/libcurl/opts/CURLOPT_TIMEOUT.md create mode 100644 docs/libcurl/opts/CURLOPT_TIMEOUT_MS.md create mode 100644 docs/libcurl/opts/CURLOPT_TIMEVALUE.md create mode 100644 docs/libcurl/opts/CURLOPT_TIMEVALUE_LARGE.md create mode 100644 docs/libcurl/opts/CURLOPT_TLS13_CIPHERS.md create mode 100644 docs/libcurl/opts/CURLOPT_TLSAUTH_PASSWORD.md create mode 100644 docs/libcurl/opts/CURLOPT_TLSAUTH_TYPE.md create mode 100644 docs/libcurl/opts/CURLOPT_TLSAUTH_USERNAME.md create mode 100644 docs/libcurl/opts/CURLOPT_TRAILERDATA.md create mode 100644 docs/libcurl/opts/CURLOPT_TRAILERFUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_TRANSFERTEXT.md create mode 100644 docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.md create mode 100644 docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.md create mode 100644 docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.md create mode 100644 docs/libcurl/opts/CURLOPT_UPKEEP_INTERVAL_MS.md create mode 100644 docs/libcurl/opts/CURLOPT_UPLOAD.md create mode 100644 docs/libcurl/opts/CURLOPT_UPLOAD_BUFFERSIZE.md create mode 100644 docs/libcurl/opts/CURLOPT_URL.md create mode 100644 docs/libcurl/opts/CURLOPT_USERAGENT.md create mode 100644 docs/libcurl/opts/CURLOPT_USERNAME.md create mode 100644 docs/libcurl/opts/CURLOPT_USERPWD.md create mode 100644 docs/libcurl/opts/CURLOPT_USE_SSL.md create mode 100644 docs/libcurl/opts/CURLOPT_VERBOSE.md create mode 100644 docs/libcurl/opts/CURLOPT_WILDCARDMATCH.md create mode 100644 docs/libcurl/opts/CURLOPT_WRITEDATA.md create mode 100644 docs/libcurl/opts/CURLOPT_WRITEFUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_WS_OPTIONS.md create mode 100644 docs/libcurl/opts/CURLOPT_XFERINFODATA.md create mode 100644 docs/libcurl/opts/CURLOPT_XFERINFOFUNCTION.md create mode 100644 docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.md create mode 100644 docs/libcurl/opts/CURLSHOPT_LOCKFUNC.md rename docs/libcurl/opts/{CURLSHOPT_SHARE.3 => CURLSHOPT_SHARE.md} (50%) create mode 100644 docs/libcurl/opts/CURLSHOPT_UNLOCKFUNC.md create mode 100644 docs/libcurl/opts/CURLSHOPT_UNSHARE.md create mode 100644 docs/libcurl/opts/CURLSHOPT_USERDATA.md rename docs/{mk-ca-bundle.1 => mk-ca-bundle.md} (34%) create mode 100644 lib/vquic/curl_osslq.c create mode 100644 lib/vquic/curl_osslq.h create mode 100644 lib/vquic/vquic-tls.c create mode 100644 lib/vquic/vquic-tls.h create mode 100644 packages/OS400/.gitattributes create mode 100644 projects/Windows/VC14.20/.gitignore create mode 100644 projects/Windows/VC14.20/curl-all.sln create mode 100644 projects/Windows/VC14.20/lib/.gitignore create mode 100644 projects/Windows/VC14.20/lib/libcurl.sln create mode 100644 projects/Windows/VC14.20/lib/libcurl.tmpl create mode 100644 projects/Windows/VC14.20/lib/libcurl.vcxproj.filters create mode 100644 projects/Windows/VC14.20/src/.gitignore create mode 100644 projects/Windows/VC14.20/src/curl.sln create mode 100644 projects/Windows/VC14.20/src/curl.tmpl create mode 100644 projects/Windows/VC14.20/src/curl.vcxproj.filters create mode 100755 scripts/cd2cd create mode 100755 scripts/cd2nroff create mode 100755 scripts/cdall create mode 100755 scripts/nroff2cd create mode 100644 scripts/schemetable.c delete mode 100644 scripts/updatemanpages.pl create mode 100644 src/tool_ipfs.c create mode 100644 src/tool_ipfs.h delete mode 100644 tests/data/test1474 create mode 100644 tests/data/test1475 create mode 100644 tests/data/test1476 create mode 100644 tests/data/test1477 create mode 100644 tests/data/test1478 create mode 100644 tests/data/test1545 create mode 100644 tests/data/test1704 create mode 100644 tests/data/test1900 create mode 100644 tests/data/test2307 create mode 100644 tests/data/test268 create mode 100644 tests/data/test459 create mode 100644 tests/data/test460 create mode 100644 tests/data/test461 create mode 100644 tests/data/test689 create mode 100644 tests/data/test729 create mode 100644 tests/data/test730 create mode 100644 tests/data/test731 create mode 100644 tests/data/test732 create mode 100644 tests/data/test733 create mode 100644 tests/data/test734 create mode 100644 tests/data/test735 create mode 100644 tests/data/test736 create mode 100644 tests/data/test737 create mode 100644 tests/data/test738 create mode 100644 tests/data/test739 create mode 100644 tests/data/test740 create mode 100644 tests/data/test741 create mode 100644 tests/data/test742 create mode 100644 tests/data/test992 create mode 100644 tests/libtest/lib1545.c create mode 100644 tests/libtest/lib1900.c rename tests/{symbol-scan.pl => test1119.pl} (100%) rename tests/{mem-include-scan.pl => test1132.pl} (100%) rename tests/{extern-scan.pl => test1135.pl} (100%) rename tests/{manpage-scan.pl => test1139.pl} (91%) rename tests/{nroff-scan.pl => test1140.pl} (96%) rename tests/{disable-scan.pl => test1165.pl} (77%) rename tests/{badsymbols.pl => test1167.pl} (100%) rename tests/{manpage-syntax.pl => test1173.pl} (100%) rename tests/{error-codes.pl => test1175.pl} (100%) rename tests/{version-scan.pl => test1177.pl} (96%) rename tests/{check-deprecated.pl => test1222.pl} (100%) rename tests/{markdown-uppercase.pl => test1275.pl} (78%) rename tests/{option-check.pl => test1276.pl} (100%) create mode 100755 tests/test1477.pl rename tests/{check-translatable-options.pl => test1544.pl} (100%) rename tests/{options-scan.pl => test971.pl} (95%) diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..5ace4600a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/scripts/badwords.pl b/.github/scripts/badwords.pl new file mode 100755 index 000000000..ffebad94e --- /dev/null +++ b/.github/scripts/badwords.pl @@ -0,0 +1,67 @@ +#!/usr/bin/perl +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +# +# bad[:=]correct +# +# If separator is '=', the string will be compared case sensitively. +# If separator is ':', the check is done case insensitively. +# +my $w; +while() { + chomp; + if($_ =~ /^#/) { + next; + } + if($_ =~ /^([^:=]*)([:=])(.*)/) { + my ($bad, $sep, $better)=($1, $2, $3); + push @w, $bad; + $alt{$bad} = $better; + if($sep eq "=") { + $exactcase{$bad} = 1; + } + } +} + +my $errors; + +sub file { + my ($f) = @_; + my $l = 0; + open(F, "<$f"); + while() { + my $in = $_; + $l++; + chomp $in; + if($in =~ /^ /) { + next; + } + # remove the link part + $in =~ s/(\[.*\])\(.*\)/$1/g; + # remove backticked texts + $in =~ s/\`.*\`//g; + foreach my $w (@w) { + my $case = $exactcase{$w}; + if(($in =~ /^(.*)$w/i && !$case) || + ($in =~ /^(.*)$w/ && $case) ) { + my $p = $1; + my $c = length($p)+1; + print STDERR "$f:$l:$c: error: found bad word \"$w\"\n"; + printf STDERR " %4d | $in\n", $l; + printf STDERR " | %*s^%s\n", length($p), " ", + "~" x (length($w)-1); + printf STDERR " maybe use \"%s\" instead?\n", $alt{$w}; + $errors++; + } + } + } + close(F); +} + +my @files = @ARGV; + +foreach my $each (@files) { + file($each); +} +exit $errors; diff --git a/.github/scripts/badwords.txt b/.github/scripts/badwords.txt new file mode 100644 index 000000000..0e6be76c6 --- /dev/null +++ b/.github/scripts/badwords.txt @@ -0,0 +1,46 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +# +back-end:backend +e-mail:email +run-time:runtime +set-up:setup +tool chain:toolchain +tool-chain:toolchain +wild-card:wildcard +wild card:wildcard +i'm:I am +you've:You have +they've:They have +they're:They are +should've:should have +don't:do not +could've:could have +doesn't:does not +isn't:is not + a html: an html + a http: an http + a ftp: an ftp + url =URL +internet\W=Internet +isation:ization +it's:it is +there's:there is +[^.]\. And: Rewrite it somehow? +^(And|So|But) = Rewrite it somehow? +\. But: Rewrite it somehow? +file name :filename +\. So : Rewrite without "so" ? + dir :directory +you'd:you would +you'll:you will +can't:cannot +that's:that is +web page:webpage +host name\W:hostname +file name\W:filename +didn't:did not +doesn't:does not +won't:will not +couldn't:could not diff --git a/.github/scripts/cleancmd.pl b/.github/scripts/cleancmd.pl new file mode 100755 index 000000000..5d0fe2b2f --- /dev/null +++ b/.github/scripts/cleancmd.pl @@ -0,0 +1,52 @@ +#!/usr/bin/perl +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +# +# Input: a cmdline docs markdown, it gets modfied *in place* +# +# The main purpose is to strip off the leading meta-data part, but also to +# clean up whatever else the spell checker might have a problem with that we +# still deem is fine. + +my $header = 1; +while(1) { + # set this if the markdown has no meta-data header to skip + if($ARGV[0] eq "--no-header") { + shift @ARGV; + $header = 0; + } + else { + last; + } +} + +my $f = $ARGV[0]; + +open(F, "<$f") or die; + +my $ignore = $header; +my $sepcount = 0; +my @out; +while() { + if(/^---/ && $header) { + if(++$sepcount == 2) { + $ignore = 0; + } + next; + } + next if($ignore); + + # strip out all long command line options + $_ =~ s/--[a-z0-9-]+//g; + + # strip out https URLs, we don't want them spellchecked + $_ =~ s!https://[a-z0-9\#_/.-]+!!gi; + + push @out, $_; +} +close(F); + +open(O, ">$f") or die; +print O @out; +close(O); diff --git a/.github/scripts/codespell-ignore.txt b/.github/scripts/codespell-ignore.txt new file mode 100644 index 000000000..3832cec4d --- /dev/null +++ b/.github/scripts/codespell-ignore.txt @@ -0,0 +1,15 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +clen +te +wont +statics +nome +wast +numer +anull +inout +msdos +ba +fo diff --git a/.github/scripts/verify-examples.pl b/.github/scripts/verify-examples.pl new file mode 100755 index 000000000..28d24595f --- /dev/null +++ b/.github/scripts/verify-examples.pl @@ -0,0 +1,110 @@ +#!/usr/bin/env perl +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +my @files = @ARGV; +my $cfile = "test.c"; +my $check = "./scripts/checksrc.pl"; +my $error; + +if($files[0] eq "-h") { + print "Usage: verify-synopsis [man pages]\n"; + exit; +} + +sub testcompile { + my $rc = system("gcc -c test.c -DCURL_DISABLE_TYPECHECK -DCURL_ALLOW_OLD_MULTI_SOCKET -DCURL_DISABLE_DEPRECATION -Wunused -Werror -Wno-unused-but-set-variable -I include") >> 8; + return $rc; +} + +sub checksrc { + my $rc = system("$check test.c") >> 8; + return $rc; +} + +sub extract { + my($f) = @_; + my $syn = 0; + my $l = 0; + my $iline = 0; + my $fail = 0; + open(F, "<$f") or die "failed opening input file $f : $!"; + open(O, ">$cfile") or die "failed opening output file $cfile : $!"; + print O "#include \n"; + while() { + $iline++; + if(/^.SH EXAMPLE/) { + $syn = 1 + } + elsif($syn == 1) { + if(/^.nf/) { + $syn++; + print O "/* !checksrc! disable UNUSEDIGNORE all */\n"; + print O "/* !checksrc! disable COPYRIGHT all */\n"; + print O "/* !checksrc! disable FOPENMODE all */\n"; + printf O "#line %d \"$f\"\n", $iline+1; + } + } + elsif($syn == 2) { + if(/^.fi/) { + last; + } + if(/(?, et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +my @files = @ARGV; +my $cfile = "test.c"; + +if($files[0] eq "-h") { + print "Usage: verify-synopsis [man pages]\n"; + exit; +} + +sub testcompile { + my $rc = system("gcc -c test.c -DCURL_DISABLE_TYPECHECK -DCURL_ALLOW_OLD_MULTI_SOCKET -I include") >> 8; + return $rc; +} + + +sub extract { + my($f) = @_; + my $syn = 0; + my $l = 0; + my $iline = 0; + open(F, "<$f"); + open(O, ">$cfile"); + while() { + $iline++; + if(/^.SH SYNOPSIS/) { + $syn = 1 + } + elsif($syn == 1) { + if(/^.nf/) { + $syn++; + print O "#line $iline \"$f\"\n"; + } + } + elsif($syn == 2) { + if(/^.fi/) { + last; + } + # turn the vararg argument into vararg + $_ =~ s/, parameter\)\;/, ...);/; + print O $_; + $l++; + } + } + close(F); + close(O); + + return 0; +} + +my $error; +for my $m (@files) { + print "Verify $m\n"; + extract($m); + $error |= testcompile($m); +} +exit $error; diff --git a/.github/workflows/badwords.yml b/.github/workflows/badwords.yml new file mode 100644 index 000000000..fc0b52001 --- /dev/null +++ b/.github/workflows/badwords.yml @@ -0,0 +1,27 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: badwords + +on: + # Trigger the workflow on push or pull requests, but only for the + # master branch + push: + branches: + - master + - '*/ci' + pull_request: + branches: + - master + +jobs: + check: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + + - name: check + run: ./.github/scripts/badwords.pl < .github/scripts/badwords.txt docs/*.md docs/libcurl/*.md docs/libcurl/opts/*.md diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml new file mode 100644 index 000000000..2b095dae7 --- /dev/null +++ b/.github/workflows/codespell.yml @@ -0,0 +1,36 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: Codespell + +on: + push: + branches: + - master + - '*/ci' + paths: + - 'lib/**' + - 'src/**' + - 'include/**' + pull_request: + branches: + - master + - 'lib/**' + - 'src/**' + - 'include/**' + +jobs: + codespell: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: install + run: | + sudo apt-get update + sudo apt-get install codespell + + - name: spellcheck + run: codespell --skip src/tool_hugehelp.c -I .github/scripts/codespell-ignore.txt include src lib diff --git a/.github/workflows/man-examples.yml b/.github/workflows/man-examples.yml new file mode 100644 index 000000000..6f0d1e8ae --- /dev/null +++ b/.github/workflows/man-examples.yml @@ -0,0 +1,35 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: manpage examples + +on: + push: + branches: + - master + - '*/ci' + paths: + - 'docs/libcurl/curl_*.3' + - 'docs/libcurl/opts/*.3' + - '.github/scripts/verify-examples.pl' + pull_request: + branches: + - master + paths: + - 'docs/libcurl/curl_*.3' + - 'docs/libcurl/opts/*.3' + - '.github/scripts/verify-examples.pl' + +jobs: + verify: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: render nroff versions + run: autoreconf -fi && ./configure --without-ssl --without-libpsl && make -C docs + + - name: verify examples + run: ./.github/scripts/verify-examples.pl docs/libcurl/curl*.3 docs/libcurl/opts/*.3 diff --git a/.github/workflows/osslq-linux.yml b/.github/workflows/osslq-linux.yml new file mode 100644 index 000000000..997e35bab --- /dev/null +++ b/.github/workflows/osslq-linux.yml @@ -0,0 +1,233 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: osslq-linux + +on: + push: + branches: + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '**/CMakeLists.txt' + - '.azure-pipelines.yml' + - '.circleci/**' + - '.cirrus.yml' + - 'appveyor.*' + - 'CMake/**' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + pull_request: + branches: + - master + paths-ignore: + - '**/*.md' + - '**/CMakeLists.txt' + - '.azure-pipelines.yml' + - '.circleci/**' + - '.cirrus.yml' + - 'appveyor.*' + - 'CMake/**' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + +concurrency: + # Hardcoded workflow filename as workflow name above is just Linux again + group: osslq-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +env: + MAKEFLAGS: -j 3 + openssl3-version: openssl-3.2.0 + quictls-version: 3.1.4+quic + nghttp3-version: v1.1.0 + ngtcp2-version: v1.2.0 + nghttp2-version: v1.59.0 + mod_h2-version: v2.0.26 + +jobs: + autotools: + name: ${{ matrix.build.name }} + runs-on: 'ubuntu-latest' + timeout-minutes: 60 + strategy: + fail-fast: false + matrix: + build: + - name: openssl-quic + configure: >- + PKG_CONFIG_PATH="$HOME/openssl3/lib/pkgconfig" LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib" + --enable-warnings --enable-werror --enable-debug --disable-ntlm + --with-test-nghttpx="$HOME/nghttpx/bin/nghttpx" + --with-openssl=$HOME/openssl3 --with-openssl-quic + --with-nghttp3=$HOME/nghttpx + + steps: + - run: | + sudo apt-get update + sudo apt-get install libtool autoconf automake pkg-config stunnel4 \ + libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev libev-dev libc-ares-dev \ + nettle-dev libp11-kit-dev libtspi-dev libunistring-dev guile-2.2-dev libtasn1-bin \ + libtasn1-6-dev libidn2-0-dev gawk gperf libtss2-dev dns-root-data bison gtk-doc-tools \ + texinfo texlive texlive-extra-utils autopoint libev-dev \ + apache2 apache2-dev libnghttp2-dev + name: 'install prereqs and impacket, pytest, crypto, apache2' + + - name: cache openssl3 + if: contains(matrix.build.install_steps, 'openssl3') + uses: actions/cache@v3 + id: cache-openssl3 + env: + cache-name: cache-openssl3 + with: + path: /home/runner/openssl3 + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.openssl3-version }} + + - name: 'install openssl3' + if: steps.cache-openssl3.outputs.cache-hit != 'true' + run: | + git clone --quiet --depth=1 -b ${{ env.openssl3-version }} https://github.com/openssl/openssl + cd openssl + ./config --prefix=$HOME/openssl3 --libdir=$HOME/openssl3/lib + make -j1 install_sw + + - name: cache quictls + if: contains(matrix.build.install_steps, 'quictls') + uses: actions/cache@v3 + id: cache-quictls + env: + cache-name: cache-quictls + with: + path: /home/runner/quictls + key: ${{ runner.os }}-build-${{ env.cache-name }}-quictls-${{ env.quictls-version }} + + - name: cache quictls + uses: actions/cache@v3 + id: cache-quictls-no-deprecated + env: + cache-name: cache-quictls-no-deprecated + with: + path: /home/runner/quictls + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.quictls-version }} + + - if: steps.cache-quictls-no-deprecated.outputs.cache-hit != 'true' + run: | + cd $HOME + git clone --quiet --depth=1 -b openssl-${{ env.quictls-version }} https://github.com/quictls/openssl quictls + cd quictls + ./config no-deprecated --prefix=$HOME/nghttpx --libdir=$HOME/nghttpx/lib + make + name: 'build quictls' + + - run: | + cd $HOME/quictls + make -j1 install_sw + name: 'install quictls' + + + - name: cache nghttp3 + uses: actions/cache@v3 + id: cache-nghttp3 + env: + cache-name: cache-nghttp3 + with: + path: /home/runner/nghttp3 + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.nghttp3-version }} + + - if: steps.cache-nghttp3.outputs.cache-hit != 'true' + run: | + cd $HOME + git clone --quiet --depth=1 -b ${{ env.nghttp3-version }} https://github.com/ngtcp2/nghttp3 + cd nghttp3 + autoreconf -fi + ./configure --prefix=$HOME/nghttpx PKG_CONFIG_PATH="$HOME/nghttpx/lib/pkgconfig" --enable-lib-only + make + name: 'build nghttp3' + + - run: | + cd $HOME/nghttp3 + make install + name: 'install nghttp3' + + # depends on all other cached libs built so far + - run: | + git clone --quiet --depth=1 -b ${{ env.ngtcp2-version }} https://github.com/ngtcp2/ngtcp2 + cd ngtcp2 + autoreconf -fi + ./configure --prefix=$HOME/nghttpx PKG_CONFIG_PATH="$HOME/nghttpx/lib/pkgconfig" --enable-lib-only --with-openssl + make install + name: 'install ngtcp2' + + # depends on all other cached libs built so far + - run: | + git clone --quiet --depth=1 -b ${{ env.nghttp2-version }} https://github.com/nghttp2/nghttp2 + cd nghttp2 + autoreconf -fi + ./configure --prefix=$HOME/nghttpx PKG_CONFIG_PATH="$HOME/nghttpx/lib/pkgconfig" --enable-http3 + make install + name: 'install nghttp2' + + - name: cache mod_h2 + uses: actions/cache@v3 + id: cache-mod_h2 + env: + cache-name: cache-mod_h2 + with: + path: /home/runner/mod_h2 + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.mod_h2-version }} + + - if: steps.cache-mod_h2.outputs.cache-hit != 'true' + run: | + cd $HOME + git clone --quiet --depth=1 -b ${{ env.mod_h2-version }} https://github.com/icing/mod_h2 + cd mod_h2 + autoreconf -fi + ./configure + make + name: 'build mod_h2' + + - run: | + cd $HOME/mod_h2 + sudo make install + name: 'install mod_h2' + + - uses: actions/checkout@v4 + + - run: | + sudo python3 -m pip install -r tests/requirements.txt -r tests/http/requirements.txt + name: 'install python test prereqs' + + - run: autoreconf -fi + name: 'autoreconf' + + - run: ./configure ${{ matrix.build.configure }} + name: 'configure' + + - run: make V=1 + name: 'make' + + - run: make V=1 examples + name: 'make examples' + + - run: make V=1 -C tests + name: 'make tests' + + - run: make V=1 test-ci + name: 'run tests' + env: + # 2500 and 25002 fail atm due to fin handling + TFLAGS: "!http/3" + + - run: pytest -v tests + name: 'run pytest' + env: + TFLAGS: "${{ matrix.build.tflags }}" + CURL_CI: github diff --git a/.github/workflows/synopsis.yml b/.github/workflows/synopsis.yml new file mode 100644 index 000000000..0938f4bfc --- /dev/null +++ b/.github/workflows/synopsis.yml @@ -0,0 +1,28 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: SYNOPSIS + +on: + push: + branches: + - master + - '*/ci' + paths: + - 'docs/libcurl/curl_*.3' + pull_request: + branches: + - master + paths: + - 'docs/libcurl/curl_*.3' + +jobs: + verify: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: verify-synopsis + run: ./.github/scripts/verify-synopsis.pl docs/libcurl/curl*.3 diff --git a/CMake/CurlTests.c b/CMake/CurlTests.c index ea80ec89a..83d743d34 100644 --- a/CMake/CurlTests.c +++ b/CMake/CurlTests.c @@ -23,7 +23,6 @@ ***************************************************************************/ #ifdef HAVE_FCNTL_O_NONBLOCK - /* headers for FCNTL_O_NONBLOCK test */ #include #include @@ -45,14 +44,13 @@ #error "O_NONBLOCK does not work on this platform" #endif -int -main () +int main(void) { - /* O_NONBLOCK source test */ - int flags = 0; - if(0 != fcntl(0, F_SETFL, flags | O_NONBLOCK)) - return 1; - return 0; + /* O_NONBLOCK source test */ + int flags = 0; + if(0 != fcntl(0, F_SETFL, flags | O_NONBLOCK)) + return 1; + return 0; } #endif @@ -108,36 +106,16 @@ int main(void) } #endif -#ifdef HAVE_SOCKLEN_T -#ifdef _WIN32 -#include -#else -#include -#include -#endif -int -main () -{ -if ((socklen_t *) 0) - return 0; -if (sizeof (socklen_t)) - return 0; - ; - return 0; -} -#endif #ifdef HAVE_IN_ADDR_T #include #include #include - -int -main () +int main(void) { -if ((in_addr_t *) 0) - return 0; -if (sizeof (in_addr_t)) - return 0; + if((in_addr_t *) 0) + return 0; + if(sizeof(in_addr_t)) + return 0; ; return 0; } @@ -150,11 +128,10 @@ if (sizeof (in_addr_t)) #ifdef HAVE_STDBOOL_H #include #endif -int -main () +int main(void) { -if (sizeof (bool *) ) - return 0; + if(sizeof(bool *)) + return 0; ; return 0; } @@ -165,8 +142,9 @@ if (sizeof (bool *) ) #include #include #include -int main() { return 0; } +int main(void) { return 0; } #endif + #ifdef HAVE_FILE_OFFSET_BITS #ifdef _FILE_OFFSET_BITS #undef _FILE_OFFSET_BITS @@ -181,104 +159,83 @@ int main() { return 0; } int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; -int main () { ; return 0; } +int main(void) { ; return 0; } #endif + #ifdef HAVE_IOCTLSOCKET /* includes start */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # ifndef WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN # endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# endif +# include #endif - -int -main () +int main(void) { - -/* ioctlsocket source code */ - int socket; - unsigned long flags = ioctlsocket(socket, FIONBIO, &flags); - + /* ioctlsocket source code */ + int socket; + unsigned long flags = ioctlsocket(socket, FIONBIO, &flags); ; return 0; } #endif + #ifdef HAVE_IOCTLSOCKET_CAMEL /* includes start */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # ifndef WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN # endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# endif +# include #endif - -int -main () +int main(void) { - -/* IoctlSocket source code */ - if(0 != IoctlSocket(0, 0, 0)) - return 1; + /* IoctlSocket source code */ + if(0 != IoctlSocket(0, 0, 0)) + return 1; ; return 0; } #endif + #ifdef HAVE_IOCTLSOCKET_CAMEL_FIONBIO /* includes start */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # ifndef WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN # endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# endif +# include #endif - -int -main () +int main(void) { - -/* IoctlSocket source code */ - long flags = 0; - if(0 != IoctlSocket(0, FIONBIO, &flags)) - return 1; + /* IoctlSocket source code */ + long flags = 0; + if(0 != IoctlSocket(0, FIONBIO, &flags)) + return 1; ; return 0; } #endif + #ifdef HAVE_IOCTLSOCKET_FIONBIO /* includes start */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # ifndef WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN # endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# endif +# include #endif - -int -main () +int main(void) { - - int flags = 0; - if(0 != ioctlsocket(0, FIONBIO, &flags)) - return 1; - + int flags = 0; + if(0 != ioctlsocket(0, FIONBIO, &flags)) + return 1; ; return 0; } #endif + #ifdef HAVE_IOCTL_FIONBIO /* headers for FIONBIO test */ /* includes start */ @@ -297,19 +254,16 @@ main () #ifdef HAVE_STROPTS_H # include #endif - -int -main () +int main(void) { - - int flags = 0; - if(0 != ioctl(0, FIONBIO, &flags)) - return 1; - + int flags = 0; + if(0 != ioctl(0, FIONBIO, &flags)) + return 1; ; return 0; } #endif + #ifdef HAVE_IOCTL_SIOCGIFADDR /* headers for FIONBIO test */ /* includes start */ @@ -329,28 +283,23 @@ main () # include #endif #include - -int -main () +int main(void) { - struct ifreq ifr; - if(0 != ioctl(0, SIOCGIFADDR, &ifr)) - return 1; - + struct ifreq ifr; + if(0 != ioctl(0, SIOCGIFADDR, &ifr)) + return 1; ; return 0; } #endif + #ifdef HAVE_SETSOCKOPT_SO_NONBLOCK /* includes start */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # ifndef WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN # endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# endif +# include #endif /* includes start */ #ifdef HAVE_SYS_TYPES_H @@ -360,30 +309,30 @@ main () # include #endif /* includes end */ - -int -main () +int main(void) { - if(0 != setsockopt(0, SOL_SOCKET, SO_NONBLOCK, 0, 0)) - return 1; + if(0 != setsockopt(0, SOL_SOCKET, SO_NONBLOCK, 0, 0)) + return 1; ; return 0; } #endif + #ifdef HAVE_GLIBC_STRERROR_R #include #include void check(char c) {} -int -main () { +int main(void) +{ char buffer[1024]; /* This will not compile if strerror_r does not return a char* */ check(strerror_r(EACCES, buffer, sizeof(buffer))[0]); return 0; } #endif + #ifdef HAVE_POSIX_STRERROR_R #include #include @@ -391,92 +340,51 @@ main () { /* float, because a pointer can't be implicitly cast to float */ void check(float f) {} -int -main () { +int main(void) +{ char buffer[1024]; /* This will not compile if strerror_r does not return an int */ check(strerror_r(EACCES, buffer, sizeof(buffer))); return 0; } #endif + #ifdef HAVE_FSETXATTR_6 #include /* header from libc, not from libattr */ -int -main() { +int main(void) +{ fsetxattr(0, 0, 0, 0, 0, 0); return 0; } #endif + #ifdef HAVE_FSETXATTR_5 #include /* header from libc, not from libattr */ -int -main() { +int main(void) +{ fsetxattr(0, 0, 0, 0, 0); return 0; } #endif + #ifdef HAVE_CLOCK_GETTIME_MONOTONIC #include -int -main() { +int main(void) +{ struct timespec ts = {0, 0}; clock_gettime(CLOCK_MONOTONIC, &ts); return 0; } #endif + #ifdef HAVE_BUILTIN_AVAILABLE -int -main() { +int main(void) +{ if(__builtin_available(macOS 10.12, *)) {} return 0; } #endif -#ifdef HAVE_VARIADIC_MACROS_C99 -#define c99_vmacro3(first, ...) fun3(first, __VA_ARGS__) -#define c99_vmacro2(first, ...) fun2(first, __VA_ARGS__) - -int fun3(int arg1, int arg2, int arg3); -int fun2(int arg1, int arg2); - -int fun3(int arg1, int arg2, int arg3) { - return arg1 + arg2 + arg3; -} -int fun2(int arg1, int arg2) { - return arg1 + arg2; -} - -int -main() { - int res3 = c99_vmacro3(1, 2, 3); - int res2 = c99_vmacro2(1, 2); - (void)res3; - (void)res2; - return 0; -} -#endif -#ifdef HAVE_VARIADIC_MACROS_GCC -#define gcc_vmacro3(first, args...) fun3(first, args) -#define gcc_vmacro2(first, args...) fun2(first, args) -int fun3(int arg1, int arg2, int arg3); -int fun2(int arg1, int arg2); - -int fun3(int arg1, int arg2, int arg3) { - return arg1 + arg2 + arg3; -} -int fun2(int arg1, int arg2) { - return arg1 + arg2; -} - -int -main() { - int res3 = gcc_vmacro3(1, 2, 3); - int res2 = gcc_vmacro2(1, 2); - (void)res3; - (void)res2; - return 0; -} -#endif #ifdef HAVE_ATOMIC /* includes start */ #ifdef HAVE_SYS_TYPES_H @@ -490,17 +398,24 @@ main() { #endif /* includes end */ -int -main() { +int main(void) +{ _Atomic int i = 1; i = 0; /* Force an atomic-write operation. */ return i; } #endif + #ifdef HAVE_WIN32_WINNT /* includes start */ -#ifdef WIN32 -# include "../lib/setup-win32.h" +#ifdef _WIN32 +# ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN +# endif +# ifndef NOGDI +# define NOGDI +# endif +# include #endif /* includes end */ @@ -508,8 +423,8 @@ main() { #define expand(x) enquote(x) #pragma message("_WIN32_WINNT=" expand(_WIN32_WINNT)) -int -main() { +int main(void) +{ return 0; } #endif diff --git a/CMake/FindZstd.cmake b/CMake/FindZstd.cmake index 973e6ad4a..0ea9e0c87 100644 --- a/CMake/FindZstd.cmake +++ b/CMake/FindZstd.cmake @@ -56,11 +56,18 @@ find_library(Zstd_LIBRARY NAMES zstd ${PC_Zstd_LIBRARY_DIRS} ) +if(Zstd_INCLUDE_DIR) + file(READ "${Zstd_INCLUDE_DIR}/zstd.h" _zstd_header) + string(REGEX MATCH ".*define ZSTD_VERSION_MAJOR *([0-9]+).*define ZSTD_VERSION_MINOR *([0-9]+).*define ZSTD_VERSION_RELEASE *([0-9]+)" _zstd_ver "${_zstd_header}") + set(Zstd_VERSION "${CMAKE_MATCH_1}.${CMAKE_MATCH_2}.${CMAKE_MATCH_3}") +endif() + include(FindPackageHandleStandardArgs) find_package_handle_standard_args(Zstd REQUIRED_VARS Zstd_LIBRARY Zstd_INCLUDE_DIR + VERSION_VAR Zstd_VERSION ) if(Zstd_FOUND) diff --git a/CMake/Macros.cmake b/CMake/Macros.cmake index e12bf303f..9ff62ea72 100644 --- a/CMake/Macros.cmake +++ b/CMake/Macros.cmake @@ -23,19 +23,6 @@ ########################################################################### #File defines convenience macros for available feature testing -# This macro checks if the symbol exists in the library and if it -# does, it prepends library to the list. It is intended to be called -# multiple times with a sequence of possibly dependent libraries in -# order of least-to-most-dependent. Some libraries depend on others -# to link correctly. -macro(check_library_exists_concat LIBRARY SYMBOL VARIABLE) - check_library_exists("${LIBRARY};${CURL_LIBS}" ${SYMBOL} "${CMAKE_LIBRARY_PATH}" - ${VARIABLE}) - if(${VARIABLE}) - set(CURL_LIBS ${LIBRARY} ${CURL_LIBS}) - endif() -endmacro() - # Check if header file exists and add it to the list. # This macro is intended to be called multiple times with a sequence of # possibly dependent header files. Some headers depend on others to be @@ -58,7 +45,7 @@ macro(curl_internal_test CURL_TEST) "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}") endif() - message(STATUS "Performing Curl Test ${CURL_TEST}") + message(STATUS "Performing Test ${CURL_TEST}") try_compile(${CURL_TEST} ${CMAKE_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/CMake/CurlTests.c @@ -67,15 +54,15 @@ macro(curl_internal_test CURL_TEST) OUTPUT_VARIABLE OUTPUT) if(${CURL_TEST}) set(${CURL_TEST} 1 CACHE INTERNAL "Curl test ${FUNCTION}") - message(STATUS "Performing Curl Test ${CURL_TEST} - Success") + message(STATUS "Performing Test ${CURL_TEST} - Success") file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log - "Performing Curl Test ${CURL_TEST} passed with the following output:\n" + "Performing Test ${CURL_TEST} passed with the following output:\n" "${OUTPUT}\n") else() - message(STATUS "Performing Curl Test ${CURL_TEST} - Failed") + message(STATUS "Performing Test ${CURL_TEST} - Failed") set(${CURL_TEST} "" CACHE INTERNAL "Curl test ${FUNCTION}") file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log - "Performing Curl Test ${CURL_TEST} failed with the following output:\n" + "Performing Test ${CURL_TEST} failed with the following output:\n" "${OUTPUT}\n") endif() endif() diff --git a/CMake/OtherTests.cmake b/CMake/OtherTests.cmake index d67a9059b..7701c0ee9 100644 --- a/CMake/OtherTests.cmake +++ b/CMake/OtherTests.cmake @@ -23,115 +23,89 @@ ########################################################################### include(CheckCSourceCompiles) include(CheckCSourceRuns) - -# The begin of the sources (macros and includes) -set(_source_epilogue "#undef inline") +include(CheckTypeSize) macro(add_header_include check header) if(${check}) - set(_source_epilogue "${_source_epilogue}\n#include <${header}>") + set(_source_epilogue "${_source_epilogue} + #include <${header}>") endif() endmacro() -set(signature_call_conv) -if(HAVE_WINDOWS_H) - add_header_include(HAVE_WINSOCK2_H "winsock2.h") - add_header_include(HAVE_WINDOWS_H "windows.h") - set(_source_epilogue - "${_source_epilogue}\n#ifndef WIN32_LEAN_AND_MEAN\n#define WIN32_LEAN_AND_MEAN\n#endif") - set(signature_call_conv "PASCAL") +set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY) + +if(NOT DEFINED HAVE_STRUCT_SOCKADDR_STORAGE) + set(CMAKE_EXTRA_INCLUDE_FILES) if(WIN32) - set(CMAKE_REQUIRED_LIBRARIES ws2_32) + set(CMAKE_EXTRA_INCLUDE_FILES "winsock2.h") + set(CMAKE_REQUIRED_DEFINITIONS "-DWIN32_LEAN_AND_MEAN") + set(CMAKE_REQUIRED_LIBRARIES "ws2_32") + elseif(HAVE_SYS_SOCKET_H) + set(CMAKE_EXTRA_INCLUDE_FILES "sys/socket.h") endif() -else() + check_type_size("struct sockaddr_storage" SIZEOF_STRUCT_SOCKADDR_STORAGE) + set(HAVE_STRUCT_SOCKADDR_STORAGE ${HAVE_SIZEOF_STRUCT_SOCKADDR_STORAGE}) +endif() + +if(NOT WIN32) + set(_source_epilogue "#undef inline") add_header_include(HAVE_SYS_TYPES_H "sys/types.h") add_header_include(HAVE_SYS_SOCKET_H "sys/socket.h") + check_c_source_compiles("${_source_epilogue} + int main(void) + { + int flag = MSG_NOSIGNAL; + (void)flag; + return 0; + }" HAVE_MSG_NOSIGNAL) endif() -set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY) - +set(_source_epilogue "#undef inline") +add_header_include(HAVE_SYS_TIME_H "sys/time.h") check_c_source_compiles("${_source_epilogue} - int main(void) { - int flag = MSG_NOSIGNAL; - (void)flag; + #include + int main(void) + { + struct timeval ts; + ts.tv_sec = 0; + ts.tv_usec = 0; + (void)ts; return 0; - }" HAVE_MSG_NOSIGNAL) - -if(NOT HAVE_WINDOWS_H) - add_header_include(HAVE_SYS_TIME_H "sys/time.h") -endif() -check_c_source_compiles("${_source_epilogue} -#include -int main(void) { - struct timeval ts; - ts.tv_sec = 0; - ts.tv_usec = 0; - (void)ts; - return 0; -}" HAVE_STRUCT_TIMEVAL) - -if(HAVE_WINDOWS_H) - set(CMAKE_EXTRA_INCLUDE_FILES winsock2.h) -else() - set(CMAKE_EXTRA_INCLUDE_FILES) - if(HAVE_SYS_SOCKET_H) - set(CMAKE_EXTRA_INCLUDE_FILES sys/socket.h) - endif() -endif() - -check_type_size("struct sockaddr_storage" SIZEOF_STRUCT_SOCKADDR_STORAGE) -if(HAVE_SIZEOF_STRUCT_SOCKADDR_STORAGE) - set(HAVE_STRUCT_SOCKADDR_STORAGE 1) -endif() + }" HAVE_STRUCT_TIMEVAL) unset(CMAKE_TRY_COMPILE_TARGET_TYPE) -if(NOT CMAKE_CROSSCOMPILING) - if(NOT ${CMAKE_SYSTEM_NAME} MATCHES "Darwin" AND NOT ${CMAKE_SYSTEM_NAME} MATCHES "iOS") - # only try this on non-apple platforms - - # if not cross-compilation... - set(CMAKE_REQUIRED_FLAGS "") - if(HAVE_SYS_POLL_H) - set(CMAKE_REQUIRED_FLAGS "-DHAVE_SYS_POLL_H") - elseif(HAVE_POLL_H) - set(CMAKE_REQUIRED_FLAGS "-DHAVE_POLL_H") - endif() - check_c_source_runs(" - #include - #include - - #ifdef HAVE_SYS_POLL_H - # include - #elif HAVE_POLL_H - # include - #endif - - int main(void) - { - if(0 != poll(0, 0, 10)) { - return 1; /* fail */ - } - else { - /* detect the 10.12 poll() breakage */ - struct timeval before, after; - int rc; - size_t us; - - gettimeofday(&before, NULL); - rc = poll(NULL, 0, 500); - gettimeofday(&after, NULL); - - us = (after.tv_sec - before.tv_sec) * 1000000 + - (after.tv_usec - before.tv_usec); - - if(us < 400000) { - return 1; - } - } - return 0; +if(NOT CMAKE_CROSSCOMPILING AND NOT APPLE) + set(_source_epilogue "#undef inline") + add_header_include(HAVE_SYS_POLL_H "sys/poll.h") + add_header_include(HAVE_POLL_H "poll.h") + check_c_source_runs("${_source_epilogue} + #include + #include + int main(void) + { + if(0 != poll(0, 0, 10)) { + return 1; /* fail */ + } + else { + /* detect the 10.12 poll() breakage */ + struct timeval before, after; + int rc; + size_t us; + + gettimeofday(&before, NULL); + rc = poll(NULL, 0, 500); + gettimeofday(&after, NULL); + + us = (after.tv_sec - before.tv_sec) * 1000000 + + (after.tv_usec - before.tv_usec); + + if(us < 400000) { + return 1; + } + } + return 0; }" HAVE_POLL_FINE) - endif() endif() # Detect HAVE_GETADDRINFO_THREADSAFE @@ -140,8 +114,8 @@ if(WIN32) set(HAVE_GETADDRINFO_THREADSAFE ${HAVE_GETADDRINFO}) elseif(NOT HAVE_GETADDRINFO) set(HAVE_GETADDRINFO_THREADSAFE FALSE) -elseif(CMAKE_SYSTEM_NAME STREQUAL "AIX" OR - CMAKE_SYSTEM_NAME STREQUAL "Darwin" OR +elseif(APPLE OR + CMAKE_SYSTEM_NAME STREQUAL "AIX" OR CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR CMAKE_SYSTEM_NAME STREQUAL "HP-UX" OR CMAKE_SYSTEM_NAME STREQUAL "MidnightBSD" OR @@ -153,14 +127,10 @@ elseif(CMAKE_SYSTEM_NAME MATCHES "BSD") endif() if(NOT DEFINED HAVE_GETADDRINFO_THREADSAFE) - - set(_save_epilogue "${_source_epilogue}") set(_source_epilogue "#undef inline") - add_header_include(HAVE_SYS_SOCKET_H "sys/socket.h") add_header_include(HAVE_SYS_TIME_H "sys/time.h") add_header_include(HAVE_NETDB_H "netdb.h") - check_c_source_compiles("${_source_epilogue} int main(void) { @@ -172,7 +142,7 @@ if(NOT DEFINED HAVE_GETADDRINFO_THREADSAFE) }" HAVE_H_ERRNO) if(NOT HAVE_H_ERRNO) - check_c_source_runs("${_source_epilogue} + check_c_source_compiles("${_source_epilogue} int main(void) { h_errno = 2; @@ -197,17 +167,12 @@ if(NOT DEFINED HAVE_GETADDRINFO_THREADSAFE) if(HAVE_H_ERRNO OR HAVE_H_ERRNO_ASSIGNABLE OR HAVE_H_ERRNO_SBS_ISSUE_7) set(HAVE_GETADDRINFO_THREADSAFE TRUE) endif() - - set(_source_epilogue "${_save_epilogue}") endif() -if(NOT DEFINED HAVE_CLOCK_GETTIME_MONOTONIC_RAW) - set(_save_epilogue "${_source_epilogue}") +if(NOT WIN32 AND NOT DEFINED HAVE_CLOCK_GETTIME_MONOTONIC_RAW) set(_source_epilogue "#undef inline") - add_header_include(HAVE_SYS_TYPES_H "sys/types.h") add_header_include(HAVE_SYS_TIME_H "sys/time.h") - check_c_source_compiles("${_source_epilogue} #include int main(void) @@ -216,6 +181,4 @@ if(NOT DEFINED HAVE_CLOCK_GETTIME_MONOTONIC_RAW) (void)clock_gettime(CLOCK_MONOTONIC_RAW, &ts); return 0; }" HAVE_CLOCK_GETTIME_MONOTONIC_RAW) - - set(_source_epilogue "${_save_epilogue}") endif() diff --git a/CMake/PickyWarnings.cmake b/CMake/PickyWarnings.cmake index 1310cb4fb..d82bbb1d6 100644 --- a/CMake/PickyWarnings.cmake +++ b/CMake/PickyWarnings.cmake @@ -23,6 +23,12 @@ ########################################################################### include(CheckCCompilerFlag) +unset(WPICKY) + +if(CURL_WERROR AND CMAKE_COMPILER_IS_GNUCC AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 5.0) + set(WPICKY "${WPICKY} -pedantic-errors") +endif() + if(PICKY_COMPILER) if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang") @@ -52,8 +58,8 @@ if(PICKY_COMPILER) # Assume these options always exist with both clang and gcc. # Require clang 3.0 / gcc 2.95 or later. list(APPEND WPICKY_ENABLE - -Wbad-function-cast # clang 3.0 gcc 2.95 - -Wconversion # clang 3.0 gcc 2.95 + -Wbad-function-cast # clang 2.7 gcc 2.95 + -Wconversion # clang 2.7 gcc 2.95 -Winline # clang 1.0 gcc 1.0 -Wmissing-declarations # clang 1.0 gcc 2.7 -Wmissing-prototypes # clang 1.0 gcc 1.0 @@ -70,23 +76,38 @@ if(PICKY_COMPILER) # Always enable with clang, version dependent with gcc set(WPICKY_COMMON_OLD + -Waddress # clang 2.7 gcc 4.3 + -Wattributes # clang 2.7 gcc 4.1 -Wcast-align # clang 1.0 gcc 4.2 -Wdeclaration-after-statement # clang 1.0 gcc 3.4 - -Wempty-body # clang 3.0 gcc 4.3 + -Wdiv-by-zero # clang 2.7 gcc 4.1 + -Wempty-body # clang 2.7 gcc 4.3 -Wendif-labels # clang 1.0 gcc 3.3 -Wfloat-equal # clang 1.0 gcc 2.96 (3.0) - -Wignored-qualifiers # clang 3.0 gcc 4.3 + -Wformat-security # clang 2.7 gcc 4.1 + -Wignored-qualifiers # clang 2.8 gcc 4.3 + -Wmissing-field-initializers # clang 2.7 gcc 4.1 + -Wmissing-noreturn # clang 2.7 gcc 4.1 -Wno-format-nonliteral # clang 1.0 gcc 2.96 (3.0) - -Wno-sign-conversion # clang 3.0 gcc 4.3 -Wno-system-headers # clang 1.0 gcc 3.0 + # -Wpadded # clang 2.9 gcc 4.1 # Not used because we cannot change public structs + -Wold-style-definition # clang 2.7 gcc 3.4 + -Wredundant-decls # clang 2.7 gcc 4.1 + -Wsign-conversion # clang 2.9 gcc 4.3 + -Wno-error=sign-conversion # FIXME -Wstrict-prototypes # clang 1.0 gcc 3.3 - -Wtype-limits # clang 3.0 gcc 4.3 + # -Wswitch-enum # clang 2.7 gcc 4.1 # Not used because this basically disallows default case + -Wtype-limits # clang 2.7 gcc 4.3 + -Wunreachable-code # clang 2.7 gcc 4.1 + # -Wunused-macros # clang 2.7 gcc 4.1 # Not practical + -Wunused-parameter # clang 2.7 gcc 4.1 -Wvla # clang 2.8 gcc 4.3 ) set(WPICKY_COMMON -Wdouble-promotion # clang 3.6 gcc 4.6 appleclang 6.3 -Wenum-conversion # clang 3.2 gcc 10.0 appleclang 4.6 g++ 11.0 + -Wpragmas # clang 3.5 gcc 4.1 appleclang 6.0 -Wunused-const-variable # clang 3.4 gcc 6.0 appleclang 5.1 ) @@ -95,12 +116,17 @@ if(PICKY_COMPILER) ${WPICKY_COMMON_OLD} -Wshift-sign-overflow # clang 2.9 -Wshorten-64-to-32 # clang 1.0 + -Wlanguage-extension-token # clang 3.0 + -Wformat=2 # clang 3.0 gcc 4.8 ) # Enable based on compiler version if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 3.6) OR (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 6.3)) list(APPEND WPICKY_ENABLE ${WPICKY_COMMON} + -Wunreachable-code-break # clang 3.5 appleclang 6.0 + -Wheader-guard # clang 3.4 appleclang 5.1 + -Wsometimes-uninitialized # clang 3.2 appleclang 4.6 ) endif() if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 3.9) OR @@ -117,6 +143,12 @@ if(PICKY_COMPILER) -Wextra-semi-stmt # clang 7.0 appleclang 10.3 ) endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 10.0) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 12.4)) + list(APPEND WPICKY_ENABLE + -Wimplicit-fallthrough # clang 4.0 gcc 7.0 appleclang 12.4 # we have silencing markup for clang 10.0 and above only + ) + endif() else() # gcc list(APPEND WPICKY_DETECT ${WPICKY_COMMON} @@ -125,9 +157,11 @@ if(PICKY_COMPILER) if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 4.3) list(APPEND WPICKY_ENABLE ${WPICKY_COMMON_OLD} + -Wclobbered # gcc 4.3 -Wmissing-parameter-type # gcc 4.3 -Wold-style-declaration # gcc 4.3 -Wstrict-aliasing=3 # gcc 4.0 + -Wtrampolines # gcc 4.3 ) endif() if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 4.5 AND MINGW) @@ -137,7 +171,7 @@ if(PICKY_COMPILER) endif() if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 4.8) list(APPEND WPICKY_ENABLE - -Wformat=2 # clang 3.0 gcc 4.8 (clang part-default, enabling it fully causes -Wformat-nonliteral warnings) + -Wformat=2 # clang 3.0 gcc 4.8 ) endif() if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 5.0) @@ -159,7 +193,8 @@ if(PICKY_COMPILER) -Walloc-zero # gcc 7.0 -Wduplicated-branches # gcc 7.0 -Wformat-overflow=2 # gcc 7.0 - -Wformat-truncation=1 # gcc 7.0 + -Wformat-truncation=2 # gcc 7.0 + -Wimplicit-fallthrough # clang 4.0 gcc 7.0 -Wrestrict # gcc 7.0 ) endif() @@ -172,13 +207,11 @@ if(PICKY_COMPILER) # - unset(WPICKY) - - foreach(_CCOPT ${WPICKY_ENABLE}) + foreach(_CCOPT IN LISTS WPICKY_ENABLE) set(WPICKY "${WPICKY} ${_CCOPT}") endforeach() - foreach(_CCOPT ${WPICKY_DETECT}) + foreach(_CCOPT IN LISTS WPICKY_DETECT) # surprisingly, CHECK_C_COMPILER_FLAG needs a new variable to store each new # test result in. string(MAKE_C_IDENTIFIER "OPT${_CCOPT}" _optvarname) @@ -190,8 +223,10 @@ if(PICKY_COMPILER) set(WPICKY "${WPICKY} ${_CCOPT}") endif() endforeach() - - message(STATUS "Picky compiler options:${WPICKY}") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${WPICKY}") endif() endif() + +if(WPICKY) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${WPICKY}") + message(STATUS "Picky compiler options:${WPICKY}") +endif() diff --git a/CMake/Platforms/WindowsCache.cmake b/CMake/Platforms/WindowsCache.cmake index 5daec0e1e..d3391d92f 100644 --- a/CMake/Platforms/WindowsCache.cmake +++ b/CMake/Platforms/WindowsCache.cmake @@ -21,113 +21,168 @@ # SPDX-License-Identifier: curl # ########################################################################### -if(NOT UNIX) - if(WIN32) +if(NOT WIN32) + message(FATAL_ERROR "This file should be included on Windows platform only") +endif() - set(HAVE_WINDOWS_H 1) - set(HAVE_WS2TCPIP_H 1) - set(HAVE_WINSOCK2_H 1) +set(HAVE_LOCALE_H 1) - if(MINGW) - set(HAVE_SNPRINTF 1) - set(HAVE_UNISTD_H 1) - set(HAVE_INTTYPES_H 1) +if(MINGW) + set(HAVE_SNPRINTF 1) + set(HAVE_UNISTD_H 1) + set(HAVE_LIBGEN_H 1) + set(HAVE_STDDEF_H 1) # detected by CMake internally in check_type_size() + set(HAVE_STDBOOL_H 1) + set(HAVE_BOOL_T "${HAVE_STDBOOL_H}") + set(HAVE_STRTOLL 1) + set(HAVE_BASENAME 1) + set(HAVE_STRCASECMP 1) + set(HAVE_FTRUNCATE 1) + set(HAVE_SYS_PARAM_H 1) + set(HAVE_SYS_TIME_H 1) + set(HAVE_GETTIMEOFDAY 1) +else() + set(HAVE_LIBGEN_H 0) + set(HAVE_STRCASECMP 0) + set(HAVE_FTRUNCATE 0) + set(HAVE_SYS_PARAM_H 0) + set(HAVE_SYS_TIME_H 0) + set(HAVE_GETTIMEOFDAY 0) + if(MSVC) + set(HAVE_UNISTD_H 0) + set(HAVE_LOCALE_H 1) + set(HAVE_STDDEF_H 1) # detected by CMake internally in check_type_size() + set(HAVE_STDATOMIC_H 0) + if(NOT MSVC_VERSION LESS 1800) + set(HAVE_STDBOOL_H 1) set(HAVE_STRTOLL 1) - set(HAVE_BASENAME 1) - elseif(MSVC) - if(NOT MSVC_VERSION LESS 1800) - set(HAVE_INTTYPES_H 1) - set(HAVE_STRTOLL 1) - else() - set(HAVE_INTTYPES_H 0) - set(HAVE_STRTOLL 0) - endif() - if(NOT MSVC_VERSION LESS 1900) - set(HAVE_SNPRINTF 1) - else() - set(HAVE_SNPRINTF 0) - endif() - set(HAVE_BASENAME 0) + else() + set(HAVE_STDBOOL_H 0) + set(HAVE_STRTOLL 0) endif() + set(HAVE_BOOL_T "${HAVE_STDBOOL_H}") + if(NOT MSVC_VERSION LESS 1900) + set(HAVE_SNPRINTF 1) + else() + set(HAVE_SNPRINTF 0) + endif() + set(HAVE_BASENAME 0) + set(HAVE_STRTOK_R 0) + set(HAVE_FILE_OFFSET_BITS 0) + set(HAVE_ATOMIC 0) + endif() +endif() - set(HAVE_LIBSOCKET 0) - set(HAVE_GETHOSTNAME 1) - set(HAVE_LIBZ 0) +# Available in Windows XP and newer +set(HAVE_GETADDRINFO 1) +set(HAVE_FREEADDRINFO 1) - set(HAVE_ARC4RANDOM 0) - set(HAVE_FNMATCH 0) - set(HAVE_SCHED_YIELD 0) - set(HAVE_ARPA_INET_H 0) - set(HAVE_FCNTL_H 1) - set(HAVE_IFADDRS_H 0) - set(HAVE_IO_H 1) - set(HAVE_NETDB_H 0) - set(HAVE_NETINET_IN_H 0) - set(HAVE_NETINET_TCP_H 0) - set(HAVE_NETINET_UDP_H 0) - set(HAVE_NET_IF_H 0) - set(HAVE_IOCTL_SIOCGIFADDR 0) - set(HAVE_POLL_H 0) - set(HAVE_POLL_FINE 0) - set(HAVE_PWD_H 0) - set(HAVE_STRINGS_H 0) - set(HAVE_SYS_FILIO_H 0) - set(HAVE_SYS_WAIT_H 0) - set(HAVE_SYS_IOCTL_H 0) - set(HAVE_SYS_PARAM_H 0) - set(HAVE_SYS_POLL_H 0) - set(HAVE_SYS_RESOURCE_H 0) - set(HAVE_SYS_SELECT_H 0) - set(HAVE_SYS_SOCKET_H 0) - set(HAVE_SYS_SOCKIO_H 0) - set(HAVE_SYS_STAT_H 1) - set(HAVE_SYS_TIME_H 0) - set(HAVE_SYS_TYPES_H 1) - set(HAVE_SYS_UN_H 0) - set(HAVE_SYS_UTIME_H 1) - set(HAVE_TERMIOS_H 0) - set(HAVE_TERMIO_H 0) - set(HAVE_UTIME_H 0) +set(HAVE_FCHMOD 0) +set(HAVE_SOCKETPAIR 0) +set(HAVE_SENDMSG 0) +set(HAVE_ALARM 0) +set(HAVE_FCNTL 0) +set(HAVE_GETPPID 0) +set(HAVE_UTIMES 0) +set(HAVE_GETPWUID_R 0) +set(HAVE_STRERROR_R 0) +set(HAVE_SIGINTERRUPT 0) +set(HAVE_PIPE 0) +set(HAVE_IF_NAMETOINDEX 0) +set(HAVE_GETRLIMIT 0) +set(HAVE_SETRLIMIT 0) +set(HAVE_FSETXATTR 0) +set(HAVE_LIBSOCKET 0) +set(HAVE_SETLOCALE 1) +set(HAVE_SETMODE 1) +set(HAVE_GETPEERNAME 1) +set(HAVE_GETSOCKNAME 1) +set(HAVE_GETHOSTNAME 1) +set(HAVE_LIBZ 0) - set(HAVE_FSEEKO 0) - set(HAVE__FSEEKI64 1) - set(HAVE_SOCKET 1) - set(HAVE_SELECT 1) - set(HAVE_STRDUP 1) - set(HAVE_STRICMP 1) - set(HAVE_STRCMPI 1) - set(HAVE_MEMRCHR 0) - set(HAVE_GETTIMEOFDAY 0) - set(HAVE_CLOSESOCKET 1) - set(HAVE_SIGSETJMP 0) - set(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1) - set(HAVE_GETPASS_R 0) - set(HAVE_GETPWUID 0) - set(HAVE_GETEUID 0) - set(HAVE_UTIME 1) - set(HAVE_GMTIME_R 0) - set(HAVE_CLOCK_GETTIME_MONOTONIC_RAW 0) - set(HAVE_GETHOSTBYNAME_R 0) - set(HAVE_SIGNAL 1) - set(HAVE_LINUX_TCP_H 0) - set(HAVE_GLIBC_STRERROR_R 0) - set(HAVE_MACH_ABSOLUTE_TIME 0) - set(HAVE_GETIFADDRS 0) +set(HAVE_RECV 1) +set(HAVE_SEND 1) +set(HAVE_STROPTS_H 0) +set(HAVE_SYS_XATTR_H 0) +set(HAVE_ARC4RANDOM 0) +set(HAVE_FNMATCH 0) +set(HAVE_SCHED_YIELD 0) +set(HAVE_ARPA_INET_H 0) +set(HAVE_FCNTL_H 1) +set(HAVE_IFADDRS_H 0) +set(HAVE_IO_H 1) +set(HAVE_NETDB_H 0) +set(HAVE_NETINET_IN_H 0) +set(HAVE_NETINET_TCP_H 0) +set(HAVE_NETINET_UDP_H 0) +set(HAVE_NET_IF_H 0) +set(HAVE_IOCTL_SIOCGIFADDR 0) +set(HAVE_POLL_H 0) +set(HAVE_POLL_FINE 0) +set(HAVE_PWD_H 0) +set(HAVE_STRINGS_H 0) # mingw-w64 has it (wrapper to string.h) +set(HAVE_SYS_FILIO_H 0) +set(HAVE_SYS_WAIT_H 0) +set(HAVE_SYS_IOCTL_H 0) +set(HAVE_SYS_POLL_H 0) +set(HAVE_SYS_RESOURCE_H 0) +set(HAVE_SYS_SELECT_H 0) +set(HAVE_SYS_SOCKET_H 0) +set(HAVE_SYS_SOCKIO_H 0) +set(HAVE_SYS_STAT_H 1) +set(HAVE_SYS_TYPES_H 1) +set(HAVE_SYS_UN_H 0) +set(HAVE_SYS_UTIME_H 1) +set(HAVE_TERMIOS_H 0) +set(HAVE_TERMIO_H 0) +set(HAVE_UTIME_H 0) # mingw-w64 has it (wrapper to sys/utime.h) - set(HAVE_GETHOSTBYNAME_R_3 0) - set(HAVE_GETHOSTBYNAME_R_3_REENTRANT 0) - set(HAVE_GETHOSTBYNAME_R_5 0) - set(HAVE_GETHOSTBYNAME_R_5_REENTRANT 0) - set(HAVE_GETHOSTBYNAME_R_6 0) - set(HAVE_GETHOSTBYNAME_R_6_REENTRANT 0) +set(HAVE_FSEEKO 0) +set(HAVE__FSEEKI64 1) +set(HAVE_SOCKET 1) +set(HAVE_SELECT 1) +set(HAVE_STRDUP 1) +set(HAVE_STRICMP 1) +set(HAVE_STRCMPI 1) +set(HAVE_MEMRCHR 0) +set(HAVE_CLOSESOCKET 1) +set(HAVE_SIGSETJMP 0) +set(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1) +set(HAVE_GETPASS_R 0) +set(HAVE_GETPWUID 0) +set(HAVE_GETEUID 0) +set(HAVE_UTIME 1) +set(HAVE_GMTIME_R 0) +set(HAVE_GETHOSTBYNAME_R 0) +set(HAVE_SIGNAL 1) +set(HAVE_SIGACTION 0) +set(HAVE_LINUX_TCP_H 0) +set(HAVE_GLIBC_STRERROR_R 0) +set(HAVE_MACH_ABSOLUTE_TIME 0) +set(HAVE_GETIFADDRS 0) +set(HAVE_FCNTL_O_NONBLOCK 0) +set(HAVE_IOCTLSOCKET 1) +set(HAVE_IOCTLSOCKET_CAMEL 0) +set(HAVE_IOCTLSOCKET_CAMEL_FIONBIO 0) +set(HAVE_IOCTLSOCKET_FIONBIO 1) +set(HAVE_IOCTL_FIONBIO 0) +set(HAVE_SETSOCKOPT_SO_NONBLOCK 0) +set(HAVE_POSIX_STRERROR_R 0) +set(HAVE_BUILTIN_AVAILABLE 0) +set(HAVE_MSG_NOSIGNAL 0) +set(HAVE_STRUCT_TIMEVAL 1) +set(HAVE_STRUCT_SOCKADDR_STORAGE 1) - set(HAVE_O_NONBLOCK 0) - set(HAVE_IN_ADDR_T 0) - set(STDC_HEADERS 1) +set(HAVE_GETHOSTBYNAME_R_3 0) +set(HAVE_GETHOSTBYNAME_R_3_REENTRANT 0) +set(HAVE_GETHOSTBYNAME_R_5 0) +set(HAVE_GETHOSTBYNAME_R_5_REENTRANT 0) +set(HAVE_GETHOSTBYNAME_R_6 0) +set(HAVE_GETHOSTBYNAME_R_6_REENTRANT 0) - set(HAVE_SIGACTION 0) - set(HAVE_MACRO_SIGSETJMP 0) - else() - message("This file should be included on Windows platform only") - endif() -endif() +set(HAVE_O_NONBLOCK 0) +set(HAVE_IN_ADDR_T 0) +set(STDC_HEADERS 1) + +set(HAVE_SIZEOF_SUSECONDS_T 0) +set(HAVE_SIZEOF_SA_FAMILY_T 0) diff --git a/CMake/curl-config.cmake.in b/CMake/curl-config.cmake.in index 056907c4f..9adb96e0a 100644 --- a/CMake/curl-config.cmake.in +++ b/CMake/curl-config.cmake.in @@ -35,4 +35,6 @@ include("${CMAKE_CURRENT_LIST_DIR}/@TARGETS_EXPORT_NAME@.cmake") check_required_components("@PROJECT_NAME@") # Alias for either shared or static library -add_library(@PROJECT_NAME@::libcurl ALIAS @PROJECT_NAME@::@LIB_SELECTED@) +if(NOT TARGET @PROJECT_NAME@::libcurl) + add_library(@PROJECT_NAME@::libcurl ALIAS @PROJECT_NAME@::@LIB_SELECTED@) +endif() diff --git a/CMakeLists.txt b/CMakeLists.txt index 1b19c681d..1b5ea67c2 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -21,25 +21,8 @@ # SPDX-License-Identifier: curl # ########################################################################### -# curl/libcurl CMake script # by Tetetest and Sukender (Benoit Neil) -# TODO: -# The output .so file lacks the soname number which we currently have within the lib/Makefile.am file -# Add full (4 or 5 libs) SSL support -# Add INSTALL target (EXTRA_DIST variables in Makefile.am may be moved to Makefile.inc so that CMake/CPack is aware of what's to include). -# Check on all possible platforms -# Test with as many configurations possible (With or without any option) -# Create scripts that help keeping the CMake build system up to date (to reduce maintenance). According to Tetetest: -# - lists of headers that 'configure' checks for; -# - curl-specific tests (the ones that are in m4/curl-*.m4 files); -# - (most obvious thing:) curl version numbers. -# Add documentation subproject -# -# To check: -# (From Daniel Stenberg) The cmake build selected to run gcc with -fPIC on my box while the plain configure script did not. -# (From Daniel Stenberg) The gcc command line use neither -g nor any -O options. As a developer, I also treasure our configure scripts's --enable-debug option that sets a long range of "picky" compiler options. - # Note: By default this CMake build script detects the version of some # dependencies using `check_symbol_exists`. Those checks do not work # in the case that both CURL and its dependency are included as @@ -54,13 +37,13 @@ # HAVE_GNUTLS_SRP: `gnutls_srp_verifier` present in GnuTLS # HAVE_SSL_CTX_SET_QUIC_METHOD: `SSL_CTX_set_quic_method` present in OpenSSL/wolfSSL # HAVE_QUICHE_CONN_SET_QLOG_FD: `quiche_conn_set_qlog_fd` present in QUICHE -# HAVE_ZSTD_CREATEDSTREAM: `ZSTD_createDStream` present in Zstd # # For each of the above variables, if the variable is DEFINED (either # to ON or OFF), the symbol detection will be skipped. If the # variable is NOT DEFINED, the symbol detection will be performed. cmake_minimum_required(VERSION 3.7...3.16 FATAL_ERROR) +message(STATUS "Using CMake version ${CMAKE_VERSION}") set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}") include(Utilities) @@ -105,6 +88,8 @@ option(BUILD_SHARED_LIBS "Build shared libraries" ON) option(BUILD_STATIC_LIBS "Build static libraries" OFF) option(BUILD_STATIC_CURL "Build curl executable with static libcurl" OFF) option(ENABLE_ARES "Set to ON to enable c-ares support" OFF) +option(CURL_DISABLE_INSTALL "Set to ON to disable installation targets" OFF) + if(WIN32) option(CURL_STATIC_CRT "Set to ON to build libcurl with static CRT on Windows (/MT)." OFF) option(ENABLE_UNICODE "Set to ON to use the Unicode version of the Windows API functions" OFF) @@ -220,6 +205,8 @@ option(CURL_DISABLE_GETOPTIONS "disables curl_easy_options API for existing opti mark_as_advanced(CURL_DISABLE_GETOPTIONS) option(CURL_DISABLE_GOPHER "disables Gopher" OFF) mark_as_advanced(CURL_DISABLE_GOPHER) +option(CURL_DISABLE_HEADERS_API "disables headers-api support" OFF) +mark_as_advanced(CURL_DISABLE_HEADERS_API) option(CURL_DISABLE_HSTS "disables HSTS support" OFF) mark_as_advanced(CURL_DISABLE_HSTS) option(CURL_DISABLE_HTTP "disables HTTP" OFF) @@ -237,6 +224,8 @@ mark_as_advanced(CURL_DISABLE_LIBCURL_OPTION) option(CURL_DISABLE_MIME "disables MIME support" OFF) mark_as_advanced(CURL_DISABLE_MIME) option(CURL_DISABLE_MQTT "disables MQTT" OFF) +mark_as_advanced(CURL_DISABLE_BINDLOCAL) +option(CURL_DISABLE_BINDLOCAL "disables local binding support" OFF) mark_as_advanced(CURL_DISABLE_MQTT) option(CURL_DISABLE_NETRC "disables netrc parser" OFF) mark_as_advanced(CURL_DISABLE_NETRC) @@ -315,18 +304,22 @@ if(ENABLE_IPV6 AND NOT WIN32) endif() endif() -if(USE_MANUAL) - #nroff is currently only used when USE_MANUAL is set, so we can prevent the warning of no *NROFF if USE_MANUAL is OFF (or not defined), by not even looking for NROFF.. - curl_nroff_check() -endif() find_package(Perl) -cmake_dependent_option(ENABLE_MANUAL "to provide the built-in manual" - ON "NROFF_USEFUL;PERL_FOUND" - OFF) +option(BUILD_LIBCURL_DOCS "to build libcurl man pages" ON) +# curl source release tarballs come with the curl man page pre-built. +option(ENABLE_CURL_MANUAL "to build the man page for curl and enable its -M/--manual option" OFF) -if(ENABLE_MANUAL) - set(USE_MANUAL ON) +if(ENABLE_CURL_MANUAL OR BUILD_LIBCURL_DOCS) + if(PERL_FOUND) + curl_nroff_check() + if(NROFF_USEFUL) + set(HAVE_MANUAL_TOOLS ON) + endif() + endif() + if(NOT HAVE_MANUAL_TOOLS) + message(WARNING "Perl not found, or nroff not useful. Will not build manuals.") + endif() endif() if(CURL_STATIC_CRT) @@ -362,28 +355,30 @@ include(CheckCSourceCompiles) # On windows preload settings if(WIN32) - list(APPEND CMAKE_REQUIRED_DEFINITIONS -D_WINSOCKAPI_=) include(${CMAKE_CURRENT_SOURCE_DIR}/CMake/Platforms/WindowsCache.cmake) endif() if(ENABLE_THREADED_RESOLVER) - find_package(Threads REQUIRED) if(WIN32) set(USE_THREADS_WIN32 ON) else() + find_package(Threads REQUIRED) set(USE_THREADS_POSIX ${CMAKE_USE_PTHREADS_INIT}) set(HAVE_PTHREAD_H ${CMAKE_USE_PTHREADS_INIT}) + set(CURL_LIBS ${CURL_LIBS} ${CMAKE_THREAD_LIBS_INIT}) endif() - set(CURL_LIBS ${CURL_LIBS} ${CMAKE_THREAD_LIBS_INIT}) endif() # Check for all needed libraries -check_library_exists_concat("socket" connect HAVE_LIBSOCKET) +check_library_exists("socket" "connect" "" HAVE_LIBSOCKET) +if(HAVE_LIBSOCKET) + set(CURL_LIBS "socket;${CURL_LIBS}") +endif() check_function_exists(gethostname HAVE_GETHOSTNAME) if(WIN32) - list(APPEND CURL_LIBS "ws2_32") + list(APPEND CURL_LIBS "ws2_32" "bcrypt") if(USE_LIBRTMP) list(APPEND CURL_LIBS "winmm") endif() @@ -413,7 +408,7 @@ set(openssl_default ON) if(WIN32 OR CURL_USE_SECTRANSP OR CURL_USE_SCHANNEL OR CURL_USE_MBEDTLS OR CURL_USE_WOLFSSL) set(openssl_default OFF) endif() -cmake_dependent_option(CURL_USE_OPENSSL "Use OpenSSL code. Experimental" ${openssl_default} CURL_ENABLE_SSL OFF) +cmake_dependent_option(CURL_USE_OPENSSL "Enable OpenSSL for SSL/TLS" ${openssl_default} CURL_ENABLE_SSL OFF) option(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG "Disable automatic loading of OpenSSL configuration" OFF) count_true(enabled_ssl_options_count @@ -487,11 +482,6 @@ if(CURL_USE_OPENSSL) include_directories(${OPENSSL_INCLUDE_DIR}) endif() - if(WIN32) - list(APPEND CURL_LIBS "ws2_32") - list(APPEND CURL_LIBS "bcrypt") # for OpenSSL/LibreSSL - endif() - if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "openssl") set(valid_default_ssl_backend TRUE) endif() @@ -604,17 +594,12 @@ option(CURL_ZSTD "Set to ON to enable building curl with zstd support." OFF) set(HAVE_ZSTD OFF) if(CURL_ZSTD) find_package(Zstd REQUIRED) - if(NOT DEFINED HAVE_ZSTD_CREATEDSTREAM) - cmake_push_check_state() - set(CMAKE_REQUIRED_INCLUDES ${Zstd_INCLUDE_DIRS}) - set(CMAKE_REQUIRED_LIBRARIES ${Zstd_LIBRARIES}) - check_symbol_exists(ZSTD_createDStream "zstd.h" HAVE_ZSTD_CREATEDSTREAM) - cmake_pop_check_state() - endif() - if(Zstd_FOUND AND HAVE_ZSTD_CREATEDSTREAM) + if(Zstd_FOUND AND NOT Zstd_VERSION VERSION_LESS "1.0.0") set(HAVE_ZSTD ON) list(APPEND CURL_LIBS ${Zstd_LIBRARIES}) include_directories(${Zstd_INCLUDE_DIRS}) + else() + message(WARNING "zstd v1.0.0 or newer is required, disabling zstd support.") endif() endif() @@ -647,6 +632,20 @@ macro(openssl_check_symbol_exists SYMBOL FILES VARIABLE) cmake_pop_check_state() endmacro() +# Ensure that the OpenSSL fork actually supports QUIC. +macro(openssl_check_quic) + if(NOT DEFINED HAVE_SSL_CTX_SET_QUIC_METHOD) + if(USE_OPENSSL) + openssl_check_symbol_exists(SSL_CTX_set_quic_method "openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD) + elseif(USE_WOLFSSL) + openssl_check_symbol_exists(wolfSSL_set_quic_method "wolfssl/options.h;wolfssl/openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD) + endif() + endif() + if(NOT HAVE_SSL_CTX_SET_QUIC_METHOD) + message(FATAL_ERROR "QUIC support is missing in OpenSSL fork. Try setting -DOPENSSL_ROOT_DIR") + endif() +endmacro() + if(USE_OPENSSL OR USE_WOLFSSL) if(NOT DEFINED HAVE_SSL_SET0_WBIO) openssl_check_symbol_exists(SSL_set0_wbio "openssl/ssl.h" HAVE_SSL_SET0_WBIO) @@ -673,18 +672,7 @@ if(USE_NGTCP2) else() find_package(NGTCP2 REQUIRED quictls) endif() - - # Be sure that the OpenSSL/wolfSSL library actually supports QUIC. - if(NOT DEFINED HAVE_SSL_CTX_SET_QUIC_METHOD) - if(USE_OPENSSL) - openssl_check_symbol_exists(SSL_CTX_set_quic_method "openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD) - elseif(USE_WOLFSSL) - openssl_check_symbol_exists(wolfSSL_set_quic_method "wolfssl/options.h;wolfssl/openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD) - endif() - endif() - if(NOT HAVE_SSL_CTX_SET_QUIC_METHOD) - message(FATAL_ERROR "QUIC support is missing in OpenSSL/LibreSSL/BoringSSL/wolfSSL. Try setting -DOPENSSL_ROOT_DIR") - endif() + openssl_check_quic() elseif(USE_GNUTLS) find_package(NGTCP2 REQUIRED GnuTLS) else() @@ -706,7 +694,10 @@ if(USE_QUICHE) message(FATAL_ERROR "Only one HTTP/3 backend can be selected!") endif() find_package(QUICHE REQUIRED) - CheckQuicSupportInOpenSSL() + if(NOT HAVE_BORINGSSL) + message(FATAL_ERROR "quiche requires BoringSSL") + endif() + openssl_check_quic() set(USE_QUICHE ON) include_directories(${QUICHE_INCLUDE_DIRS}) list(APPEND CURL_LIBS ${QUICHE_LIBRARIES}) @@ -729,6 +720,10 @@ if(USE_MSH3) list(APPEND CURL_LIBS ${MSH3_LIBRARIES}) endif() +if(CURL_WITH_MULTI_SSL AND (USE_NGTCP2 OR USE_QUICHE OR USE_MSH3)) + message(FATAL_ERROR "MultiSSL cannot be enabled with HTTP/3 and vice versa.") +endif() + if(NOT CURL_DISABLE_SRP AND (HAVE_GNUTLS_SRP OR HAVE_OPENSSL_SRP)) set(USE_TLS_SRP 1) endif() @@ -751,8 +746,12 @@ if(NOT CURL_DISABLE_LDAP) if(NOT USE_WIN32_LDAP) # Check for LDAP set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES}) - check_library_exists_concat(${CMAKE_LDAP_LIB} ldap_init HAVE_LIBLDAP) - check_library_exists_concat(${CMAKE_LBER_LIB} ber_init HAVE_LIBLBER) + check_library_exists("${CMAKE_LDAP_LIB}" "ldap_init" "" HAVE_LIBLDAP) + if(HAVE_LIBLDAP) + check_library_exists("${CMAKE_LDAP_LIB};${CMAKE_LBER_LIB}" "ber_init" "" HAVE_LIBLBER) + else() + check_library_exists("${CMAKE_LBER_LIB}" "ber_init" "" HAVE_LIBLBER) + endif() set(CMAKE_REQUIRED_INCLUDES_BAK ${CMAKE_REQUIRED_INCLUDES}) set(CMAKE_LDAP_INCLUDE_DIR "" CACHE STRING "Path to LDAP include directory") @@ -776,7 +775,7 @@ if(NOT CURL_DISABLE_LDAP) endif() set(NEED_LBER_H ON) set(_HEADER_LIST) - if(HAVE_WINDOWS_H) + if(WIN32) list(APPEND _HEADER_LIST "windows.h") endif() if(HAVE_SYS_TYPES_H) @@ -791,8 +790,10 @@ if(NOT CURL_DISABLE_LDAP) list(APPEND CMAKE_REQUIRED_DEFINITIONS -DLDAP_DEPRECATED=1) list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB}) + set(CURL_LIBS "${CMAKE_LDAP_LIB};${CURL_LIBS}") if(HAVE_LIBLBER) list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LBER_LIB}) + set(CURL_LIBS "${CMAKE_LBER_LIB};${CURL_LIBS}") endif() check_c_source_compiles(" @@ -839,7 +840,11 @@ endif() # Check for idn2 option(USE_LIBIDN2 "Use libidn2 for IDN support" ON) if(USE_LIBIDN2) - check_library_exists_concat("idn2" idn2_lookup_ul HAVE_LIBIDN2) + check_library_exists("idn2" "idn2_lookup_ul" "" HAVE_LIBIDN2) + if(HAVE_LIBIDN2) + set(CURL_LIBS "idn2;${CURL_LIBS}") + check_include_file_concat("idn2.h" HAVE_IDN2_H) + endif() else() set(HAVE_LIBIDN2 OFF) endif() @@ -910,10 +915,8 @@ if(CURL_USE_GSSAPI) check_include_file_concat("gssapi/gssapi_generic.h" HAVE_GSSAPI_GSSAPI_GENERIC_H) check_include_file_concat("gssapi/gssapi_krb5.h" HAVE_GSSAPI_GSSAPI_KRB5_H) - if(GSS_FLAVOUR STREQUAL "Heimdal") - set(HAVE_GSSHEIMDAL ON) - else() # MIT - set(HAVE_GSSMIT ON) + if(NOT GSS_FLAVOUR STREQUAL "Heimdal") + # MIT set(_INCLUDE_LIST "") if(HAVE_GSSAPI_GSSAPI_H) list(APPEND _INCLUDE_LIST "gssapi/gssapi.h") @@ -1052,13 +1055,46 @@ if(CURL_CA_PATH_SET AND endif() # Check for header files -if(NOT UNIX) - check_include_file_concat("windows.h" HAVE_WINDOWS_H) - check_include_file_concat("ws2tcpip.h" HAVE_WS2TCPIP_H) - check_include_file_concat("winsock2.h" HAVE_WINSOCK2_H) +if(WIN32) + set(CURL_INCLUDES ${CURL_INCLUDES} "winsock2.h") + set(CURL_INCLUDES ${CURL_INCLUDES} "ws2tcpip.h") + set(CURL_INCLUDES ${CURL_INCLUDES} "windows.h") +endif() + +if(WIN32) + # detect actual value of _WIN32_WINNT and store as HAVE_WIN32_WINNT + curl_internal_test(HAVE_WIN32_WINNT) + if(HAVE_WIN32_WINNT) + string(REGEX MATCH ".*_WIN32_WINNT=0x[0-9a-fA-F]+" OUTPUT "${OUTPUT}") + string(REGEX REPLACE ".*_WIN32_WINNT=" "" OUTPUT "${OUTPUT}") + string(REGEX REPLACE "0x([0-9a-f][0-9a-f][0-9a-f])$" "0x0\\1" OUTPUT "${OUTPUT}") # pad to 4 digits + string(TOLOWER "${OUTPUT}" HAVE_WIN32_WINNT) + message(STATUS "Found _WIN32_WINNT=${HAVE_WIN32_WINNT}") + endif() + # avoid storing HAVE_WIN32_WINNT in CMake cache + unset(HAVE_WIN32_WINNT CACHE) + + if(HAVE_WIN32_WINNT) + if(HAVE_WIN32_WINNT STRLESS "0x0501") + # Windows XP is required for freeaddrinfo, getaddrinfo + message(FATAL_ERROR "Building for Windows XP or newer is required.") + endif() + + # pre-fill detection results based on target OS version + if(MINGW OR MSVC) + if(HAVE_WIN32_WINNT STRLESS "0x0600") + set(HAVE_INET_NTOP 0) + set(HAVE_INET_PTON 0) + else() # Windows Vista or newer + set(HAVE_INET_NTOP 1) + set(HAVE_INET_PTON 1) + endif() + unset(HAVE_INET_NTOP CACHE) + unset(HAVE_INET_PTON CACHE) + endif() + endif() endif() -check_include_file_concat("inttypes.h" HAVE_INTTYPES_H) check_include_file_concat("sys/filio.h" HAVE_SYS_FILIO_H) check_include_file_concat("sys/wait.h" HAVE_SYS_WAIT_H) check_include_file_concat("sys/ioctl.h" HAVE_SYS_IOCTL_H) @@ -1076,7 +1112,6 @@ check_include_file_concat("sys/utime.h" HAVE_SYS_UTIME_H) check_include_file_concat("sys/xattr.h" HAVE_SYS_XATTR_H) check_include_file_concat("arpa/inet.h" HAVE_ARPA_INET_H) check_include_file_concat("fcntl.h" HAVE_FCNTL_H) -check_include_file_concat("idn2.h" HAVE_IDN2_H) check_include_file_concat("ifaddrs.h" HAVE_IFADDRS_H) check_include_file_concat("io.h" HAVE_IO_H) check_include_file_concat("libgen.h" HAVE_LIBGEN_H) @@ -1092,7 +1127,6 @@ check_include_file_concat("poll.h" HAVE_POLL_H) check_include_file_concat("pwd.h" HAVE_PWD_H) check_include_file_concat("stdatomic.h" HAVE_STDATOMIC_H) check_include_file_concat("stdbool.h" HAVE_STDBOOL_H) -check_include_file_concat("stdint.h" HAVE_STDINT_H) check_include_file_concat("strings.h" HAVE_STRINGS_H) check_include_file_concat("stropts.h" HAVE_STROPTS_H) check_include_file_concat("termio.h" HAVE_TERMIO_H) @@ -1137,7 +1171,6 @@ elseif(HAVE_LIBSOCKET) set(CMAKE_REQUIRED_LIBRARIES socket) endif() -check_symbol_exists(fchmod "${CURL_INCLUDES}" HAVE_FCHMOD) check_symbol_exists(fnmatch "${CURL_INCLUDES};fnmatch.h" HAVE_FNMATCH) check_symbol_exists(basename "${CURL_INCLUDES};string.h" HAVE_BASENAME) check_symbol_exists(socket "${CURL_INCLUDES}" HAVE_SOCKET) @@ -1174,6 +1207,7 @@ check_symbol_exists(gethostbyname_r "${CURL_INCLUDES}" HAVE_GETHOSTBYNAME_R) check_symbol_exists(signal "${CURL_INCLUDES};signal.h" HAVE_SIGNAL) check_symbol_exists(strtoll "${CURL_INCLUDES};stdlib.h" HAVE_STRTOLL) check_symbol_exists(strerror_r "${CURL_INCLUDES};stdlib.h;string.h" HAVE_STRERROR_R) +check_symbol_exists(sigaction "signal.h" HAVE_SIGACTION) check_symbol_exists(siginterrupt "${CURL_INCLUDES};signal.h" HAVE_SIGINTERRUPT) check_symbol_exists(getaddrinfo "${CURL_INCLUDES};stdlib.h;string.h" HAVE_GETADDRINFO) check_symbol_exists(getifaddrs "${CURL_INCLUDES};stdlib.h" HAVE_GETIFADDRS) @@ -1190,6 +1224,10 @@ check_symbol_exists(setlocale "${CURL_INCLUDES}" HAVE_SETLOCALE) check_symbol_exists(setmode "${CURL_INCLUDES}" HAVE_SETMODE) check_symbol_exists(setrlimit "${CURL_INCLUDES}" HAVE_SETRLIMIT) +if(HAVE_FSEEKO) + set(HAVE_DECL_FSEEKO 1) +endif() + if(NOT MSVC OR (MSVC_VERSION GREATER_EQUAL 1900)) # earlier MSVC compilers had faulty snprintf implementations check_symbol_exists(snprintf "stdio.h" HAVE_SNPRINTF) @@ -1213,20 +1251,11 @@ check_type_size("sa_family_t" SIZEOF_SA_FAMILY_T) set(HAVE_SA_FAMILY_T ${HAVE_SIZEOF_SA_FAMILY_T}) set(CMAKE_EXTRA_INCLUDE_FILES "") -set(CMAKE_EXTRA_INCLUDE_FILES "ws2def.h") -check_type_size("ADDRESS_FAMILY" SIZEOF_ADDRESS_FAMILY) -set(HAVE_ADDRESS_FAMILY ${HAVE_SIZEOF_ADDRESS_FAMILY}) -set(CMAKE_EXTRA_INCLUDE_FILES "") - -# sigaction and sigsetjmp are special. Use special mechanism for -# detecting those, but only if previous attempt failed. -check_symbol_exists(sigaction "signal.h" HAVE_SIGACTION) - -if(NOT HAVE_SIGSETJMP) - check_symbol_exists(sigsetjmp "setjmp.h" HAVE_MACRO_SIGSETJMP) - if(HAVE_MACRO_SIGSETJMP) - set(HAVE_SIGSETJMP 1) - endif() +if(WIN32) + set(CMAKE_EXTRA_INCLUDE_FILES "winsock2.h") + check_type_size("ADDRESS_FAMILY" SIZEOF_ADDRESS_FAMILY) + set(HAVE_ADDRESS_FAMILY ${HAVE_SIZEOF_ADDRESS_FAMILY}) + set(CMAKE_EXTRA_INCLUDE_FILES "") endif() # Do curl specific tests @@ -1250,8 +1279,6 @@ foreach(CURL_TEST HAVE_BOOL_T STDC_HEADERS HAVE_FILE_OFFSET_BITS - HAVE_VARIADIC_MACROS_C99 - HAVE_VARIADIC_MACROS_GCC HAVE_ATOMIC ) curl_internal_test(${CURL_TEST}) @@ -1271,18 +1298,6 @@ set(CMAKE_EXTRA_INCLUDE_FILES "curl/curl.h") check_type_size("curl_socket_t" SIZEOF_CURL_SOCKET_T) set(CMAKE_EXTRA_INCLUDE_FILES "") -if(WIN32) - # detect actual value of _WIN32_WINNT and store as HAVE_WIN32_WINNT - curl_internal_test(HAVE_WIN32_WINNT) - if(HAVE_WIN32_WINNT) - string(REGEX MATCH ".*_WIN32_WINNT=0x[0-9a-fA-F]+" OUTPUT "${OUTPUT}") - string(REGEX REPLACE ".*_WIN32_WINNT=" "" HAVE_WIN32_WINNT "${OUTPUT}") - message(STATUS "Found _WIN32_WINNT=${HAVE_WIN32_WINNT}") - endif() - # avoid storing HAVE_WIN32_WINNT in CMake cache - unset(HAVE_WIN32_WINNT CACHE) -endif() - if(NOT WIN32 AND NOT CMAKE_CROSSCOMPILING) # on not-Windows and not-crosscompiling, check for writable argv[] include(CheckCSourceRuns) @@ -1338,8 +1353,10 @@ if(NEED_REENTRANT) endforeach() endif() -# Check clock_gettime(CLOCK_MONOTONIC, x) support -curl_internal_test(HAVE_CLOCK_GETTIME_MONOTONIC) +if(NOT WIN32) + # Check clock_gettime(CLOCK_MONOTONIC, x) support + curl_internal_test(HAVE_CLOCK_GETTIME_MONOTONIC) +endif() # Check compiler support of __builtin_available() curl_internal_test(HAVE_BUILTIN_AVAILABLE) @@ -1375,15 +1392,6 @@ if(CMAKE_COMPILER_IS_GNUCC AND APPLE) endif() endif() -# TODO test which of these headers are required -if(WIN32) - set(CURL_PULL_WS2TCPIP_H ${HAVE_WS2TCPIP_H}) -else() - set(CURL_PULL_SYS_TYPES_H ${HAVE_SYS_TYPES_H}) - set(CURL_PULL_SYS_SOCKET_H ${HAVE_SYS_SOCKET_H}) - set(CURL_PULL_SYS_POLL_H ${HAVE_SYS_POLL_H}) -endif() - include(CMake/OtherTests.cmake) add_definitions(-DHAVE_CONFIG_H) @@ -1404,8 +1412,6 @@ if(WIN32) if(USE_WIN32_CRYPTO OR USE_SCHANNEL) list(APPEND CURL_LIBS "advapi32" "crypt32") endif() - - list(APPEND CURL_LIBS "bcrypt") endif() if(MSVC) @@ -1475,7 +1481,7 @@ set(generated_dir "${CMAKE_CURRENT_BINARY_DIR}/generated") set(project_config "${generated_dir}/${PROJECT_NAME}Config.cmake") set(version_config "${generated_dir}/${PROJECT_NAME}ConfigVersion.cmake") -if(USE_MANUAL) +if(HAVE_MANUAL_TOOLS) add_subdirectory(docs) endif() @@ -1492,258 +1498,257 @@ if(BUILD_TESTING) add_subdirectory(tests) endif() -# Helper to populate a list (_items) with a label when conditions (the remaining -# args) are satisfied -macro(_add_if label) - # needs to be a macro to allow this indirection - if(${ARGN}) - set(_items ${_items} "${label}") +if(NOT CURL_DISABLE_INSTALL) + + # Helper to populate a list (_items) with a label when conditions (the remaining + # args) are satisfied + macro(_add_if label) + # needs to be a macro to allow this indirection + if(${ARGN}) + set(_items ${_items} "${label}") + endif() + endmacro() + + # NTLM support requires crypto function adaptions from various SSL libs + if(NOT (CURL_DISABLE_NTLM) AND + (USE_OPENSSL OR USE_MBEDTLS OR USE_DARWINSSL OR USE_WIN32_CRYPTO OR USE_GNUTLS)) + set(use_curl_ntlm_core ON) endif() -endmacro() -# NTLM support requires crypto function adaptions from various SSL libs -# TODO alternative SSL libs tests for SSP1, GnuTLS, NSS -if(NOT (CURL_DISABLE_NTLM) AND - (USE_OPENSSL OR USE_MBEDTLS OR USE_DARWINSSL OR USE_WIN32_CRYPTO OR USE_GNUTLS)) - set(use_curl_ntlm_core ON) -endif() - -# Clear list and try to detect available features -set(_items) -_add_if("SSL" SSL_ENABLED) -_add_if("IPv6" ENABLE_IPV6) -_add_if("unixsockets" USE_UNIX_SOCKETS) -_add_if("libz" HAVE_LIBZ) -_add_if("brotli" HAVE_BROTLI) -_add_if("zstd" HAVE_ZSTD) -_add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX OR USE_THREADS_WIN32) -_add_if("IDN" HAVE_LIBIDN2 OR USE_WIN32_IDN) -_add_if("Largefile" (SIZEOF_CURL_OFF_T GREATER 4) AND - ((SIZEOF_OFF_T GREATER 4) OR USE_WIN32_LARGE_FILES)) -# TODO SSP1 (Schannel) check is missing -_add_if("SSPI" USE_WINDOWS_SSPI) -_add_if("GSS-API" HAVE_GSSAPI) -_add_if("alt-svc" NOT CURL_DISABLE_ALTSVC) -_add_if("HSTS" NOT CURL_DISABLE_HSTS) -# TODO SSP1 missing for SPNEGO -_add_if("SPNEGO" NOT CURL_DISABLE_NEGOTIATE_AUTH AND - (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) -_add_if("Kerberos" NOT CURL_DISABLE_KERBEROS_AUTH AND - (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) -# NTLM support requires crypto function adaptions from various SSL libs -# TODO alternative SSL libs tests for SSP1, GnuTLS, NSS -_add_if("NTLM" NOT (CURL_DISABLE_NTLM) AND - (use_curl_ntlm_core OR USE_WINDOWS_SSPI)) -# TODO missing option (autoconf: --enable-ntlm-wb) -_add_if("NTLM_WB" NOT (CURL_DISABLE_NTLM) AND - (use_curl_ntlm_core OR USE_WINDOWS_SSPI) AND - NOT CURL_DISABLE_HTTP AND NTLM_WB_ENABLED) -_add_if("TLS-SRP" USE_TLS_SRP) -# TODO option --with-nghttp2 tests for nghttp2 lib and nghttp2/nghttp2.h header -_add_if("HTTP2" USE_NGHTTP2) -_add_if("HTTP3" USE_NGTCP2 OR USE_QUICHE) -_add_if("MultiSSL" CURL_WITH_MULTI_SSL) -# TODO wolfSSL only support this from v5.0.0 onwards -_add_if("HTTPS-proxy" SSL_ENABLED AND (USE_OPENSSL OR USE_GNUTLS - OR USE_SCHANNEL OR USE_RUSTLS OR USE_BEARSSL OR - USE_MBEDTLS OR USE_SECTRANSP)) -_add_if("unicode" ENABLE_UNICODE) -_add_if("threadsafe" HAVE_ATOMIC OR (WIN32 AND - HAVE_WIN32_WINNT GREATER_EQUAL 0x600)) -_add_if("PSL" USE_LIBPSL) -string(REPLACE ";" " " SUPPORT_FEATURES "${_items}") -message(STATUS "Enabled features: ${SUPPORT_FEATURES}") - -# Clear list and try to detect available protocols -set(_items) -_add_if("HTTP" NOT CURL_DISABLE_HTTP) -_add_if("HTTPS" NOT CURL_DISABLE_HTTP AND SSL_ENABLED) -_add_if("FTP" NOT CURL_DISABLE_FTP) -_add_if("FTPS" NOT CURL_DISABLE_FTP AND SSL_ENABLED) -_add_if("FILE" NOT CURL_DISABLE_FILE) -_add_if("TELNET" NOT CURL_DISABLE_TELNET) -_add_if("LDAP" NOT CURL_DISABLE_LDAP) -# CURL_DISABLE_LDAP implies CURL_DISABLE_LDAPS -_add_if("LDAPS" NOT CURL_DISABLE_LDAPS AND - ((USE_OPENLDAP AND SSL_ENABLED) OR - (NOT USE_OPENLDAP AND HAVE_LDAP_SSL))) -_add_if("DICT" NOT CURL_DISABLE_DICT) -_add_if("TFTP" NOT CURL_DISABLE_TFTP) -_add_if("GOPHER" NOT CURL_DISABLE_GOPHER) -_add_if("GOPHERS" NOT CURL_DISABLE_GOPHER AND SSL_ENABLED) -_add_if("POP3" NOT CURL_DISABLE_POP3) -_add_if("POP3S" NOT CURL_DISABLE_POP3 AND SSL_ENABLED) -_add_if("IMAP" NOT CURL_DISABLE_IMAP) -_add_if("IMAPS" NOT CURL_DISABLE_IMAP AND SSL_ENABLED) -_add_if("SMB" NOT CURL_DISABLE_SMB AND - use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4)) -_add_if("SMBS" NOT CURL_DISABLE_SMB AND SSL_ENABLED AND - use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4)) -_add_if("SMTP" NOT CURL_DISABLE_SMTP) -_add_if("SMTPS" NOT CURL_DISABLE_SMTP AND SSL_ENABLED) -_add_if("SCP" USE_LIBSSH2 OR USE_LIBSSH) -_add_if("SFTP" USE_LIBSSH2 OR USE_LIBSSH) -_add_if("RTSP" NOT CURL_DISABLE_RTSP) -_add_if("RTMP" USE_LIBRTMP) -_add_if("MQTT" NOT CURL_DISABLE_MQTT) -_add_if("WS" USE_WEBSOCKETS) -_add_if("WSS" USE_WEBSOCKETS) -if(_items) - list(SORT _items) -endif() -string(REPLACE ";" " " SUPPORT_PROTOCOLS "${_items}") -message(STATUS "Enabled protocols: ${SUPPORT_PROTOCOLS}") - -# Clear list and collect SSL backends -set(_items) -_add_if("Schannel" SSL_ENABLED AND USE_SCHANNEL) -_add_if("OpenSSL" SSL_ENABLED AND USE_OPENSSL) -_add_if("Secure Transport" SSL_ENABLED AND USE_SECTRANSP) -_add_if("mbedTLS" SSL_ENABLED AND USE_MBEDTLS) -_add_if("BearSSL" SSL_ENABLED AND USE_BEARSSL) -_add_if("wolfSSL" SSL_ENABLED AND USE_WOLFSSL) -_add_if("GnuTLS" SSL_ENABLED AND USE_GNUTLS) - -if(_items) - list(SORT _items) -endif() -string(REPLACE ";" " " SSL_BACKENDS "${_items}") -message(STATUS "Enabled SSL backends: ${SSL_BACKENDS}") -if(CURL_DEFAULT_SSL_BACKEND) - message(STATUS "Default SSL backend: ${CURL_DEFAULT_SSL_BACKEND}") -endif() - -# curl-config needs the following options to be set. -set(CC "${CMAKE_C_COMPILER}") -# TODO probably put a -D... options here? -set(CONFIGURE_OPTIONS "") -set(CURLVERSION "${CURL_VERSION}") -set(exec_prefix "\${prefix}") -set(includedir "\${prefix}/include") -set(LDFLAGS "${CMAKE_SHARED_LINKER_FLAGS}") -set(LIBCURL_LIBS "") -set(libdir "${CMAKE_INSTALL_PREFIX}/lib") -foreach(_lib ${CMAKE_C_IMPLICIT_LINK_LIBRARIES} ${CURL_LIBS}) - if(TARGET "${_lib}") - set(_libname "${_lib}") - get_target_property(_imported "${_libname}" IMPORTED) - if(NOT _imported) - # Reading the LOCATION property on non-imported target will error out. - # Assume the user won't need this information in the .pc file. - continue() + # Clear list and try to detect available features + set(_items) + _add_if("SSL" SSL_ENABLED) + _add_if("IPv6" ENABLE_IPV6) + _add_if("UnixSockets" USE_UNIX_SOCKETS) + _add_if("libz" HAVE_LIBZ) + _add_if("brotli" HAVE_BROTLI) + _add_if("zstd" HAVE_ZSTD) + _add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX OR USE_THREADS_WIN32) + _add_if("IDN" HAVE_LIBIDN2 OR USE_WIN32_IDN) + _add_if("Largefile" (SIZEOF_CURL_OFF_T GREATER 4) AND + ((SIZEOF_OFF_T GREATER 4) OR USE_WIN32_LARGE_FILES)) + _add_if("SSPI" USE_WINDOWS_SSPI) + _add_if("GSS-API" HAVE_GSSAPI) + _add_if("alt-svc" NOT CURL_DISABLE_ALTSVC) + _add_if("HSTS" NOT CURL_DISABLE_HSTS) + _add_if("SPNEGO" NOT CURL_DISABLE_NEGOTIATE_AUTH AND + (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) + _add_if("Kerberos" NOT CURL_DISABLE_KERBEROS_AUTH AND + (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) + _add_if("NTLM" NOT (CURL_DISABLE_NTLM) AND + (use_curl_ntlm_core OR USE_WINDOWS_SSPI)) + _add_if("NTLM_WB" NOT (CURL_DISABLE_NTLM) AND + (use_curl_ntlm_core OR USE_WINDOWS_SSPI) AND + NOT CURL_DISABLE_HTTP AND NTLM_WB_ENABLED) + _add_if("TLS-SRP" USE_TLS_SRP) + _add_if("HTTP2" USE_NGHTTP2) + _add_if("HTTP3" USE_NGTCP2 OR USE_QUICHE) + _add_if("MultiSSL" CURL_WITH_MULTI_SSL) + # TODO wolfSSL only support this from v5.0.0 onwards + _add_if("HTTPS-proxy" SSL_ENABLED AND (USE_OPENSSL OR USE_GNUTLS + OR USE_SCHANNEL OR USE_RUSTLS OR USE_BEARSSL OR + USE_MBEDTLS OR USE_SECTRANSP)) + _add_if("unicode" ENABLE_UNICODE) + _add_if("threadsafe" HAVE_ATOMIC OR + (USE_THREADS_POSIX AND HAVE_PTHREAD_H) OR + (WIN32 AND HAVE_WIN32_WINNT GREATER_EQUAL 0x600)) + _add_if("PSL" USE_LIBPSL) + string(REPLACE ";" " " SUPPORT_FEATURES "${_items}") + message(STATUS "Enabled features: ${SUPPORT_FEATURES}") + + # Clear list and try to detect available protocols + set(_items) + _add_if("HTTP" NOT CURL_DISABLE_HTTP) + _add_if("IPFS" NOT CURL_DISABLE_HTTP) + _add_if("IPNS" NOT CURL_DISABLE_HTTP) + _add_if("HTTPS" NOT CURL_DISABLE_HTTP AND SSL_ENABLED) + _add_if("FTP" NOT CURL_DISABLE_FTP) + _add_if("FTPS" NOT CURL_DISABLE_FTP AND SSL_ENABLED) + _add_if("FILE" NOT CURL_DISABLE_FILE) + _add_if("TELNET" NOT CURL_DISABLE_TELNET) + _add_if("LDAP" NOT CURL_DISABLE_LDAP) + # CURL_DISABLE_LDAP implies CURL_DISABLE_LDAPS + _add_if("LDAPS" NOT CURL_DISABLE_LDAPS AND + ((USE_OPENLDAP AND SSL_ENABLED) OR + (NOT USE_OPENLDAP AND HAVE_LDAP_SSL))) + _add_if("DICT" NOT CURL_DISABLE_DICT) + _add_if("TFTP" NOT CURL_DISABLE_TFTP) + _add_if("GOPHER" NOT CURL_DISABLE_GOPHER) + _add_if("GOPHERS" NOT CURL_DISABLE_GOPHER AND SSL_ENABLED) + _add_if("POP3" NOT CURL_DISABLE_POP3) + _add_if("POP3S" NOT CURL_DISABLE_POP3 AND SSL_ENABLED) + _add_if("IMAP" NOT CURL_DISABLE_IMAP) + _add_if("IMAPS" NOT CURL_DISABLE_IMAP AND SSL_ENABLED) + _add_if("SMB" NOT CURL_DISABLE_SMB AND + use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4)) + _add_if("SMBS" NOT CURL_DISABLE_SMB AND SSL_ENABLED AND + use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4)) + _add_if("SMTP" NOT CURL_DISABLE_SMTP) + _add_if("SMTPS" NOT CURL_DISABLE_SMTP AND SSL_ENABLED) + _add_if("SCP" USE_LIBSSH2 OR USE_LIBSSH) + _add_if("SFTP" USE_LIBSSH2 OR USE_LIBSSH) + _add_if("RTSP" NOT CURL_DISABLE_RTSP) + _add_if("RTMP" USE_LIBRTMP) + _add_if("MQTT" NOT CURL_DISABLE_MQTT) + _add_if("WS" USE_WEBSOCKETS) + _add_if("WSS" USE_WEBSOCKETS) + if(_items) + list(SORT _items) + endif() + string(REPLACE ";" " " SUPPORT_PROTOCOLS "${_items}") + message(STATUS "Enabled protocols: ${SUPPORT_PROTOCOLS}") + + # Clear list and collect SSL backends + set(_items) + _add_if("Schannel" SSL_ENABLED AND USE_SCHANNEL) + _add_if("OpenSSL" SSL_ENABLED AND USE_OPENSSL) + _add_if("Secure Transport" SSL_ENABLED AND USE_SECTRANSP) + _add_if("mbedTLS" SSL_ENABLED AND USE_MBEDTLS) + _add_if("BearSSL" SSL_ENABLED AND USE_BEARSSL) + _add_if("wolfSSL" SSL_ENABLED AND USE_WOLFSSL) + _add_if("GnuTLS" SSL_ENABLED AND USE_GNUTLS) + + if(_items) + list(SORT _items) + endif() + string(REPLACE ";" " " SSL_BACKENDS "${_items}") + message(STATUS "Enabled SSL backends: ${SSL_BACKENDS}") + if(CURL_DEFAULT_SSL_BACKEND) + message(STATUS "Default SSL backend: ${CURL_DEFAULT_SSL_BACKEND}") + endif() + + # curl-config needs the following options to be set. + set(CC "${CMAKE_C_COMPILER}") + # TODO probably put a -D... options here? + set(CONFIGURE_OPTIONS "") + set(CURLVERSION "${CURL_VERSION}") + set(exec_prefix "\${prefix}") + set(includedir "\${prefix}/include") + set(LDFLAGS "${CMAKE_SHARED_LINKER_FLAGS}") + set(LIBCURL_LIBS "") + set(libdir "${CMAKE_INSTALL_PREFIX}/lib") + foreach(_lib ${CMAKE_C_IMPLICIT_LINK_LIBRARIES} ${CURL_LIBS}) + if(TARGET "${_lib}") + set(_libname "${_lib}") + get_target_property(_imported "${_libname}" IMPORTED) + if(NOT _imported) + # Reading the LOCATION property on non-imported target will error out. + # Assume the user won't need this information in the .pc file. + continue() + endif() + get_target_property(_lib "${_libname}" LOCATION) + if(NOT _lib) + message(WARNING "Bad lib in library list: ${_libname}") + continue() + endif() endif() - get_target_property(_lib "${_libname}" LOCATION) - if(NOT _lib) - message(WARNING "Bad lib in library list: ${_libname}") - continue() + if(_lib MATCHES ".*/.*" OR _lib MATCHES "^-") + set(LIBCURL_LIBS "${LIBCURL_LIBS} ${_lib}") + else() + set(LIBCURL_LIBS "${LIBCURL_LIBS} -l${_lib}") endif() + endforeach() + if(BUILD_SHARED_LIBS) + set(ENABLE_SHARED "yes") + set(LIBCURL_NO_SHARED "") + set(CPPFLAG_CURL_STATICLIB "") + else() + set(ENABLE_SHARED "no") + set(LIBCURL_NO_SHARED "${LIBCURL_LIBS}") + set(CPPFLAG_CURL_STATICLIB "-DCURL_STATICLIB") endif() - if(_lib MATCHES ".*/.*" OR _lib MATCHES "^-") - set(LIBCURL_LIBS "${LIBCURL_LIBS} ${_lib}") + if(BUILD_STATIC_LIBS) + set(ENABLE_STATIC "yes") else() - set(LIBCURL_LIBS "${LIBCURL_LIBS} -l${_lib}") + set(ENABLE_STATIC "no") endif() -endforeach() -if(BUILD_SHARED_LIBS) - set(ENABLE_SHARED "yes") - set(LIBCURL_NO_SHARED "") - set(CPPFLAG_CURL_STATICLIB "") -else() - set(ENABLE_SHARED "no") - set(LIBCURL_NO_SHARED "${LIBCURL_LIBS}") - set(CPPFLAG_CURL_STATICLIB "-DCURL_STATICLIB") -endif() -if(BUILD_STATIC_LIBS) - set(ENABLE_STATIC "yes") -else() - set(ENABLE_STATIC "no") -endif() -# "a" (Linux) or "lib" (Windows) -string(REPLACE "." "" libext "${CMAKE_STATIC_LIBRARY_SUFFIX}") -set(prefix "${CMAKE_INSTALL_PREFIX}") -# Set this to "yes" to append all libraries on which -lcurl is dependent -set(REQUIRE_LIB_DEPS "no") -# SUPPORT_FEATURES -# SUPPORT_PROTOCOLS -set(VERSIONNUM "${CURL_VERSION_NUM}") - -# Finally generate a "curl-config" matching this config -# Use: -# * ENABLE_SHARED -# * ENABLE_STATIC -configure_file("${CURL_SOURCE_DIR}/curl-config.in" - "${CURL_BINARY_DIR}/curl-config" @ONLY) -install(FILES "${CURL_BINARY_DIR}/curl-config" - DESTINATION ${CMAKE_INSTALL_BINDIR} - PERMISSIONS - OWNER_READ OWNER_WRITE OWNER_EXECUTE - GROUP_READ GROUP_EXECUTE - WORLD_READ WORLD_EXECUTE) - -# Finally generate a pkg-config file matching this config -configure_file("${CURL_SOURCE_DIR}/libcurl.pc.in" - "${CURL_BINARY_DIR}/libcurl.pc" @ONLY) -install(FILES "${CURL_BINARY_DIR}/libcurl.pc" - DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) - -# install headers -install(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/include/curl" - DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} - FILES_MATCHING PATTERN "*.h") - -include(CMakePackageConfigHelpers) -write_basic_package_version_file( - "${version_config}" - VERSION ${CURL_VERSION} - COMPATIBILITY SameMajorVersion -) -file(READ "${version_config}" generated_version_config) -file(WRITE "${version_config}" -"if(NOT PACKAGE_FIND_VERSION_RANGE AND PACKAGE_FIND_VERSION_MAJOR STREQUAL \"7\") - # Version 8 satisfies version 7... requirements - set(PACKAGE_FIND_VERSION_MAJOR 8) - set(PACKAGE_FIND_VERSION_COUNT 1) -endif() -${generated_version_config}" -) + # "a" (Linux) or "lib" (Windows) + string(REPLACE "." "" libext "${CMAKE_STATIC_LIBRARY_SUFFIX}") + set(prefix "${CMAKE_INSTALL_PREFIX}") + # Set this to "yes" to append all libraries on which -lcurl is dependent + set(REQUIRE_LIB_DEPS "no") + # SUPPORT_FEATURES + # SUPPORT_PROTOCOLS + set(VERSIONNUM "${CURL_VERSION_NUM}") + + # Finally generate a "curl-config" matching this config + # Use: + # * ENABLE_SHARED + # * ENABLE_STATIC + configure_file("${CURL_SOURCE_DIR}/curl-config.in" + "${CURL_BINARY_DIR}/curl-config" @ONLY) + install(FILES "${CURL_BINARY_DIR}/curl-config" + DESTINATION ${CMAKE_INSTALL_BINDIR} + PERMISSIONS + OWNER_READ OWNER_WRITE OWNER_EXECUTE + GROUP_READ GROUP_EXECUTE + WORLD_READ WORLD_EXECUTE) + + # Finally generate a pkg-config file matching this config + configure_file("${CURL_SOURCE_DIR}/libcurl.pc.in" + "${CURL_BINARY_DIR}/libcurl.pc" @ONLY) + install(FILES "${CURL_BINARY_DIR}/libcurl.pc" + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + + # install headers + install(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/include/curl" + DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} + FILES_MATCHING PATTERN "*.h") + + include(CMakePackageConfigHelpers) + write_basic_package_version_file( + "${version_config}" + VERSION ${CURL_VERSION} + COMPATIBILITY SameMajorVersion + ) + file(READ "${version_config}" generated_version_config) + file(WRITE "${version_config}" + "if(NOT PACKAGE_FIND_VERSION_RANGE AND PACKAGE_FIND_VERSION_MAJOR STREQUAL \"7\") + # Version 8 satisfies version 7... requirements + set(PACKAGE_FIND_VERSION_MAJOR 8) + set(PACKAGE_FIND_VERSION_COUNT 1) + endif() + ${generated_version_config}" + ) -# Use: -# * TARGETS_EXPORT_NAME -# * PROJECT_NAME -configure_package_config_file(CMake/curl-config.cmake.in - "${project_config}" - INSTALL_DESTINATION ${CURL_INSTALL_CMAKE_DIR} -) + # Use: + # * TARGETS_EXPORT_NAME + # * PROJECT_NAME + configure_package_config_file(CMake/curl-config.cmake.in + "${project_config}" + INSTALL_DESTINATION ${CURL_INSTALL_CMAKE_DIR} + ) + + if(CURL_ENABLE_EXPORT_TARGET) + install( + EXPORT "${TARGETS_EXPORT_NAME}" + NAMESPACE "${PROJECT_NAME}::" + DESTINATION ${CURL_INSTALL_CMAKE_DIR} + ) + endif() -if(CURL_ENABLE_EXPORT_TARGET) install( - EXPORT "${TARGETS_EXPORT_NAME}" - NAMESPACE "${PROJECT_NAME}::" + FILES ${version_config} ${project_config} DESTINATION ${CURL_INSTALL_CMAKE_DIR} ) -endif() - -install( - FILES ${version_config} ${project_config} - DESTINATION ${CURL_INSTALL_CMAKE_DIR} -) -# Workaround for MSVS10 to avoid the Dialog Hell -# FIXME: This could be removed with future version of CMake. -if(MSVC_VERSION EQUAL 1600) - set(CURL_SLN_FILENAME "${CMAKE_CURRENT_BINARY_DIR}/CURL.sln") - if(EXISTS "${CURL_SLN_FILENAME}") - file(APPEND "${CURL_SLN_FILENAME}" "\n# This should be regenerated!\n") + # Workaround for MSVS10 to avoid the Dialog Hell + # FIXME: This could be removed with future version of CMake. + if(MSVC_VERSION EQUAL 1600) + set(CURL_SLN_FILENAME "${CMAKE_CURRENT_BINARY_DIR}/CURL.sln") + if(EXISTS "${CURL_SLN_FILENAME}") + file(APPEND "${CURL_SLN_FILENAME}" "\n# This should be regenerated!\n") + endif() endif() -endif() -if(NOT TARGET curl_uninstall) - configure_file( - ${CMAKE_CURRENT_SOURCE_DIR}/CMake/cmake_uninstall.cmake.in - ${CMAKE_CURRENT_BINARY_DIR}/CMake/cmake_uninstall.cmake - IMMEDIATE @ONLY) + if(NOT TARGET curl_uninstall) + configure_file( + ${CMAKE_CURRENT_SOURCE_DIR}/CMake/cmake_uninstall.cmake.in + ${CMAKE_CURRENT_BINARY_DIR}/CMake/cmake_uninstall.cmake + IMMEDIATE @ONLY) - add_custom_target(curl_uninstall - COMMAND ${CMAKE_COMMAND} -P - ${CMAKE_CURRENT_BINARY_DIR}/CMake/cmake_uninstall.cmake) + add_custom_target(curl_uninstall + COMMAND ${CMAKE_COMMAND} -P + ${CMAKE_CURRENT_BINARY_DIR}/CMake/cmake_uninstall.cmake) + endif() endif() diff --git a/COPYING b/COPYING index 59711bc92..d9e7e0bef 100644 --- a/COPYING +++ b/COPYING @@ -1,51 +1,22 @@ -Apache License -Version 2.0, January 2004 -http://www.apache.org/licenses/ +COPYRIGHT AND PERMISSION NOTICE -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION +Copyright (c) 1996 - 2024, Daniel Stenberg, , and many +contributors, see the THANKS file. -1. Definitions. +All rights reserved. -"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. +Permission to use, copy, modify, and distribute this software for any purpose +with or without fee is hereby granted, provided that the above copyright +notice and this permission notice appear in all copies. -"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN +NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE +OR OTHER DEALINGS IN THE SOFTWARE. -"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. - -"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. - -"Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. - -"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. - -"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). - -"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. - -"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." - -"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. - -2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. - -3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. - -4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: - -You must give any other recipients of the Work or Derivative Works a copy of this License; and -You must cause any modified files to carry prominent notices stating that You changed the files; and -You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and -If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. -You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. - -5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. - -6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. - -7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. - -8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. - -9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. - -END OF TERMS AND CONDITIONS \ No newline at end of file +Except as contained in this notice, the name of a copyright holder shall not +be used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization of the copyright holder. diff --git a/Makefile.am b/Makefile.am index 6c780a849..b56ca1a1e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -53,27 +53,6 @@ CMAKE_DIST = \ CMake/Utilities.cmake \ CMakeLists.txt -VC10_LIBTMPL = projects/Windows/VC10/lib/libcurl.tmpl -VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj.dist -VC10_LIBVCXPROJ_DEPS = $(VC10_LIBTMPL) Makefile.am lib/Makefile.inc -VC10_SRCTMPL = projects/Windows/VC10/src/curl.tmpl -VC10_SRCVCXPROJ = projects/Windows/VC10/src/curl.vcxproj.dist -VC10_SRCVCXPROJ_DEPS = $(VC10_SRCTMPL) Makefile.am src/Makefile.inc - -VC11_LIBTMPL = projects/Windows/VC11/lib/libcurl.tmpl -VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj.dist -VC11_LIBVCXPROJ_DEPS = $(VC11_LIBTMPL) Makefile.am lib/Makefile.inc -VC11_SRCTMPL = projects/Windows/VC11/src/curl.tmpl -VC11_SRCVCXPROJ = projects/Windows/VC11/src/curl.vcxproj.dist -VC11_SRCVCXPROJ_DEPS = $(VC11_SRCTMPL) Makefile.am src/Makefile.inc - -VC12_LIBTMPL = projects/Windows/VC12/lib/libcurl.tmpl -VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj.dist -VC12_LIBVCXPROJ_DEPS = $(VC12_LIBTMPL) Makefile.am lib/Makefile.inc -VC12_SRCTMPL = projects/Windows/VC12/src/curl.tmpl -VC12_SRCVCXPROJ = projects/Windows/VC12/src/curl.vcxproj.dist -VC12_SRCVCXPROJ_DEPS = $(VC12_SRCTMPL) Makefile.am src/Makefile.inc - VC14_LIBTMPL = projects/Windows/VC14/lib/libcurl.tmpl VC14_LIBVCXPROJ = projects/Windows/VC14/lib/libcurl.vcxproj.dist VC14_LIBVCXPROJ_DEPS = $(VC14_LIBTMPL) Makefile.am lib/Makefile.inc @@ -88,6 +67,13 @@ VC14_10_SRCTMPL = projects/Windows/VC14.10/src/curl.tmpl VC14_10_SRCVCXPROJ = projects/Windows/VC14.10/src/curl.vcxproj.dist VC14_10_SRCVCXPROJ_DEPS = $(VC14_10_SRCTMPL) Makefile.am src/Makefile.inc +VC14_20_LIBTMPL = projects/Windows/VC14.20/lib/libcurl.tmpl +VC14_20_LIBVCXPROJ = projects/Windows/VC14.20/lib/libcurl.vcxproj.dist +VC14_20_LIBVCXPROJ_DEPS = $(VC14_20_LIBTMPL) Makefile.am lib/Makefile.inc +VC14_20_SRCTMPL = projects/Windows/VC14.20/src/curl.tmpl +VC14_20_SRCVCXPROJ = projects/Windows/VC14.20/src/curl.vcxproj.dist +VC14_20_SRCVCXPROJ_DEPS = $(VC14_20_SRCTMPL) Makefile.am src/Makefile.inc + VC14_30_LIBTMPL = projects/Windows/VC14.30/lib/libcurl.tmpl VC14_30_LIBVCXPROJ = projects/Windows/VC14.30/lib/libcurl.vcxproj.dist VC14_30_LIBVCXPROJ_DEPS = $(VC14_30_LIBTMPL) Makefile.am lib/Makefile.inc @@ -99,21 +85,6 @@ VC_DIST = projects/README.md \ projects/build-openssl.bat \ projects/build-wolfssl.bat \ projects/checksrc.bat \ - projects/Windows/VC10/curl-all.sln \ - projects/Windows/VC10/lib/libcurl.sln \ - projects/Windows/VC10/lib/libcurl.vcxproj.filters \ - projects/Windows/VC10/src/curl.sln \ - projects/Windows/VC10/src/curl.vcxproj.filters \ - projects/Windows/VC11/curl-all.sln \ - projects/Windows/VC11/lib/libcurl.sln \ - projects/Windows/VC11/lib/libcurl.vcxproj.filters \ - projects/Windows/VC11/src/curl.sln \ - projects/Windows/VC11/src/curl.vcxproj.filters \ - projects/Windows/VC12/curl-all.sln \ - projects/Windows/VC12/lib/libcurl.sln \ - projects/Windows/VC12/lib/libcurl.vcxproj.filters \ - projects/Windows/VC12/src/curl.sln \ - projects/Windows/VC12/src/curl.vcxproj.filters \ projects/Windows/VC14/curl-all.sln \ projects/Windows/VC14/lib/libcurl.sln \ projects/Windows/VC14/lib/libcurl.vcxproj.filters \ @@ -124,6 +95,11 @@ VC_DIST = projects/README.md \ projects/Windows/VC14.10/lib/libcurl.vcxproj.filters \ projects/Windows/VC14.10/src/curl.sln \ projects/Windows/VC14.10/src/curl.vcxproj.filters \ + projects/Windows/VC14.20/curl-all.sln \ + projects/Windows/VC14.20/lib/libcurl.sln \ + projects/Windows/VC14.20/lib/libcurl.vcxproj.filters \ + projects/Windows/VC14.20/src/curl.sln \ + projects/Windows/VC14.20/src/curl.vcxproj.filters \ projects/Windows/VC14.30/curl-all.sln \ projects/Windows/VC14.30/lib/libcurl.sln \ projects/Windows/VC14.30/lib/libcurl.vcxproj.filters \ @@ -151,9 +127,9 @@ EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in \ $(VC_DIST) $(WINBUILD_DIST) $(PLAN9_DIST) lib/libcurl.vers.in buildconf.bat \ libcurl.def -CLEANFILES = $(VC10_LIBVCXPROJ) $(VC10_SRCVCXPROJ) $(VC11_LIBVCXPROJ) \ - $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ) $(VC14_LIBVCXPROJ) \ - $(VC14_SRCVCXPROJ) $(VC14_10_LIBVCXPROJ) $(VC14_10_SRCVCXPROJ) \ +CLEANFILES = $(VC14_LIBVCXPROJ) $(VC14_SRCVCXPROJ) \ + $(VC14_10_LIBVCXPROJ) $(VC14_10_SRCVCXPROJ) \ + $(VC14_20_LIBVCXPROJ) $(VC14_20_SRCVCXPROJ) \ $(VC14_30_LIBVCXPROJ) $(VC14_30_SRCVCXPROJ) bin_SCRIPTS = curl-config @@ -177,12 +153,6 @@ dist-hook: cp -p $$file $(distdir)$$strip; \ done) -html: - cd docs && $(MAKE) html - -pdf: - cd docs && $(MAKE) pdf - check: test examples check-docs if CROSSCOMPILING @@ -300,10 +270,9 @@ checksrc: .PHONY: vc-ide -vc-ide: $(VC10_LIBVCXPROJ_DEPS) $(VC10_SRCVCXPROJ_DEPS) \ - $(VC11_LIBVCXPROJ_DEPS) $(VC11_SRCVCXPROJ_DEPS) $(VC12_LIBVCXPROJ_DEPS) \ - $(VC12_SRCVCXPROJ_DEPS) $(VC14_LIBVCXPROJ_DEPS) $(VC14_SRCVCXPROJ_DEPS) \ - $(VC14_10_LIBVCXPROJ_DEPS) $(VC14_10_SRCVCXPROJ_DEPS) \ +vc-ide: $(VC14_LIBVCXPROJ_DEPS) $(VC14_SRCVCXPROJ_DEPS) \ + $(VC14_10_LIBVCXPROJ_DEPS) $(VC14_10_SRCVCXPROJ_DEPS) \ + $(VC14_20_LIBVCXPROJ_DEPS) $(VC14_20_SRCVCXPROJ_DEPS) \ $(VC14_30_LIBVCXPROJ_DEPS) $(VC14_30_SRCVCXPROJ_DEPS) @(win32_lib_srcs='$(LIB_CFILES)'; \ win32_lib_hdrs='$(LIB_HFILES) config-win32.h'; \ @@ -465,55 +434,7 @@ function gen_element(type, dir, file)\ printf("%s\r\n", $$0);\ }';\ \ - echo "generating '$(VC10_LIBVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC10_LIBTMPL) > $(VC10_LIBVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC10_SRCVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC10_SRCTMPL) > $(VC10_SRCVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC11_LIBVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC11_LIBTMPL) > $(VC11_LIBVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC11_SRCVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC11_SRCTMPL) > $(VC11_SRCVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC12_LIBVCXPROJ)'"; \ + echo "generating '$(VC14_LIBVCXPROJ)'"; \ awk -v proj_type=vcxproj \ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ @@ -526,18 +447,18 @@ function gen_element(type, dir, file)\ -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC12_LIBTMPL) > $(VC12_LIBVCXPROJ) || { exit 1; }; \ + "$$awk_code" $(srcdir)/$(VC14_LIBTMPL) > $(VC14_LIBVCXPROJ) || { exit 1; }; \ \ - echo "generating '$(VC12_SRCVCXPROJ)'"; \ + echo "generating '$(VC14_SRCVCXPROJ)'"; \ awk -v proj_type=vcxproj \ -v src_srcs="$$sorted_src_srcs" \ -v src_hdrs="$$sorted_src_hdrs" \ -v src_rc="$$win32_src_rc" \ -v src_x_srcs="$$sorted_src_x_srcs" \ -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; }; \ + "$$awk_code" $(srcdir)/$(VC14_SRCTMPL) > $(VC14_SRCVCXPROJ) || { exit 1; }; \ \ - echo "generating '$(VC14_LIBVCXPROJ)'"; \ + echo "generating '$(VC14_10_LIBVCXPROJ)'"; \ awk -v proj_type=vcxproj \ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ @@ -550,18 +471,18 @@ function gen_element(type, dir, file)\ -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC14_LIBTMPL) > $(VC14_LIBVCXPROJ) || { exit 1; }; \ + "$$awk_code" $(srcdir)/$(VC14_10_LIBTMPL) > $(VC14_10_LIBVCXPROJ) || { exit 1; }; \ \ - echo "generating '$(VC14_SRCVCXPROJ)'"; \ + echo "generating '$(VC14_10_SRCVCXPROJ)'"; \ awk -v proj_type=vcxproj \ -v src_srcs="$$sorted_src_srcs" \ -v src_hdrs="$$sorted_src_hdrs" \ -v src_rc="$$win32_src_rc" \ -v src_x_srcs="$$sorted_src_x_srcs" \ -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC14_SRCTMPL) > $(VC14_SRCVCXPROJ) || { exit 1; }; \ + "$$awk_code" $(srcdir)/$(VC14_10_SRCTMPL) > $(VC14_10_SRCVCXPROJ) || { exit 1; }; \ \ - echo "generating '$(VC14_10_LIBVCXPROJ)'"; \ + echo "generating '$(VC14_20_LIBVCXPROJ)'"; \ awk -v proj_type=vcxproj \ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ @@ -574,16 +495,16 @@ function gen_element(type, dir, file)\ -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC14_10_LIBTMPL) > $(VC14_10_LIBVCXPROJ) || { exit 1; }; \ + "$$awk_code" $(srcdir)/$(VC14_20_LIBTMPL) > $(VC14_20_LIBVCXPROJ) || { exit 1; }; \ \ - echo "generating '$(VC14_10_SRCVCXPROJ)'"; \ + echo "generating '$(VC14_20_SRCVCXPROJ)'"; \ awk -v proj_type=vcxproj \ -v src_srcs="$$sorted_src_srcs" \ -v src_hdrs="$$sorted_src_hdrs" \ -v src_rc="$$win32_src_rc" \ -v src_x_srcs="$$sorted_src_x_srcs" \ -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC14_10_SRCTMPL) > $(VC14_10_SRCVCXPROJ) || { exit 1; }; \ + "$$awk_code" $(srcdir)/$(VC14_20_SRCTMPL) > $(VC14_20_SRCVCXPROJ) || { exit 1; }; \ \ echo "generating '$(VC14_30_LIBVCXPROJ)'"; \ awk -v proj_type=vcxproj \ diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 0b331a484..0bb5a8d43 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,155 +1,178 @@ -curl and libcurl 8.4.0 +curl and libcurl 8.6.0 - Public curl releases: 252 + Public curl releases: 254 Command line options: 258 - curl_easy_setopt() options: 303 + curl_easy_setopt() options: 304 Public functions in libcurl: 93 - Contributors: 2995 + Contributors: 3078 This release includes the following changes: - o curl: add support for the IPFS protocols via HTTP gateway [46] - o curl_multi_get_handles: get easy handles from a multi handle [20] - o mingw: delete support for legacy mingw.org toolchain [45] + o add CURLE_TOO_LARGE [48] + o add CURLINFO_QUEUE_TIME_T [76] + o add CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add [39] + o asyn-thread: use GetAddrInfoExW on >= Windows 8 [55] + o configure: make libpsl detection failure cause error [109] + o docs/cmdline: change to .md for cmdline docs [77] + o docs: introduce "curldown" for libcurl man page format [102] + o runtests: support -gl. Like -g but for lldb. [47] This release includes the following bugfixes: - o acinclude.m4: Document proper system truststore on FreeBSD [83] - o appveyor: fix yamlint issues, indent [67] - o appveyor: rewrite batch in PowerShell + CI improvements [109] - o autotools: adjust `CURL_CA_PATH` value to CMake [53] - o autotools: restore `HAVE_IOCTL_*` detections [111] - o base64: also build for curl [78] - o bufq: remove Curl_bufq_skip_and_shift (unused) [47] - o build: delete checks for C89 standard headers [65] - o build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros [114] - o cf-socket: simulate slow/blocked receives in debug [120] - o cmake, configure: also link with CoreServices [32] - o cmake: add check for suseconds_t [91] - o cmake: add feature checks for `memrchr` and `getifaddrs` [57] - o cmake: add missing checks [86] - o cmake: delete old `HAVE_LDAP_URL_PARSE` logic [105] - o cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW` [75] - o cmake: detect `HAVE_GETADDRINFO_THREADSAFE` [76] - o cmake: detect `sys/wait.h` and `netinet/udp.h` [61] - o cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS [93] - o cmake: disable unity mode with Windows Unicode + TrackMemory [108] - o cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows [110] - o cmake: fix `HAVE_WRITABLE_ARGV` detection [77] - o cmake: fix duplicate symbols when linking tests [73] - o cmake: fix missing `zlib.h` when compiling `libcurltool` [72] - o cmake: fix stderr initialization in unity builds [71] - o cmake: fix the help text to the static build option in CMakeLists.txt [10] - o cmake: fix unity builds for more build combinations [96] - o cmake: fix unity symbol collisions in h2 builds [48] - o cmake: fix unity with Windows Unicode + TrackMemory [107] - o cmake: improve OpenLDAP builds [92] - o cmake: lib `CURL_STATICLIB` fixes (Windows) [74] - o cmake: move global headers to specific checks [58] - o cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC [85] - o cmake: pre-cache `HAVE_POLL_FINE` on Windows [36] - o cmake: tidy-up `NOT_NEED_LBER_H` detection - o cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value [50] - o configure: check for the capath by default [63] - o configure: remove unused checks [87] - o configure: replace adhoc domain with `localhost` in tests [79] - o configure: sort AC_CHECK_FUNCS - o connect: expire the timeout when trying next [54] - o connect: only start the happy eyeballs timer when needed [95] - o cookie: do not store the expire or max-age strings [16] - o cookie: remove unnecessary struct fields [17] - o cookie: set ->running in cookie_init even if data is NULL [5] - o create-dirs.d: clarify it also uses --output-dirs [66] - o curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0 [18] - o curl_easy_pause.3: mention h2/h3 buffering [113] - o curl_easy_pause.3: mention it works within callbacks [112] - o curl_easy_pause: set "in callback" true on exit if true [100] - o CURLOPT_DEBUGFUNCTION.3: warn about internal handles [122] - o docs/libcurl/opts/Makefile.inc: add missing manpage files - o docs: adapt SEE ALSO sections to new requirements [52] - o docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER [68] - o docs: replace made up domains with example.com [82] - o docs: update curl man page references [89] - o docs: use CURLSSLBACKEND_NONE [19] - o doh: inherit DEBUGFUNCTION/DATA [12] - o escape: replace Curl_isunreserved with ISUNRESERVED [2] - o FAQ: How do I upgrade curl.exe in Windows? [84] - o GHA/linux: run singleuse to detect single-use global functions [35] - o GHA: add workflow to compare configure vs cmake outputs [102] - o h2-proxy: remove left-over mistake in drain_tunnel() [7] - o h2: testcase and fix for pausing h2 streams [49] - o h3: add support for ngtcp2 with AWS-LC builds [103] - o http2: refused stream handling for retry [121] - o http: fix CURL_DISABLE_BEARER_AUTH breakage [28] - o http: h1/h2 proxy unification [21] - o http: remove wrong comment for http_should_fail [55] - o http: use per-request counter to check too large headers [6] - o http_aws_sigv4: fix sorting with empty parts [13] - o idn: fix WinIDN null ptr deref on bad host [90] - o idn: if idn2_check_version returns NULL, return error [27] - o inet_ntop: add typecast to silence Coverity [51] - o lib: disambiguate Curl_client_write flag semantics [24] - o lib: enable hmac for digest as well [26] - o lib: failf/infof compiler warnings [8] - o lib: let the max filesize option stop too big transfers too [44] - o lib: move handling of `data->req.writer_stack` into Curl_client_write() [97] - o lib: provide and use Curl_hexencode [62] - o lib: remove TIME_WITH_SYS_TIME [88] - o lib: use wrapper for curl_mime_data fseek callback [30] - o libssh2: fix error message on failed pubkey-from-file [22] - o libssh: cap SFTP packet size sent [14] - o Makefile.mk: always set `CURL_STATICLIB` for lib (Windows) [42] - o MANUAL.md: change domain to example.com [11] - o misc: better random strings [15] - o MQTT: improve receive of ACKs [125] - o multi: do CURLM_CALL_MULTI_PERFORM at two more places [99] - o multi: fix small timeouts [70] - o multi: remove Curl_multi_dump [37] - o multi: round the timeout up to prevent early wakeups [98] - o multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE [115] - o openssl: improve ssl shutdown handling [69] - o openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR [104] - o pytest: exclude test_03_goaway in CI runs due to timing dependency [23] - o quic: set ciphers/curves the same way regular TLS does [43] - o quiche: fix build error with --with-ca-fallback [1] - o RELEASE-PROCEDURE.md: updated coming release dates - o runtests: display the test status if tests appear hung [81] - o runtests: eliminate a warning on old perl versions - o socks: return error if hostname too long for remote resolve [118] - o src/mkhelp: make generated code pass `checksrc` [59] - o test1056: disable on Windows - o test1474: disable test on NetBSD, OpenBSD and Solaris 10 [31] - o test1592: greatly increase the maximum test timeout - o test1903: actually verify the cookies after the test [116] - o test1906: set a lower timeout since it's hit on Windows [117] - o test2600: remove special case handling for USE_ALARM_TIMEOUT [3] - o test650: fix an end tag typo - o test661: return from test early in case of curl error - o test: add missing s - o tests: close the shell used to start sshd [41] - o tests: fix a race condition in ftp server disconnect [101] - o tests: fix compiler warnings [38] - o tests: Fix zombie processes left behind by FTP tests. [80] - o tests: improve SLOWDOWN test reliability by reducing sent data - o tests: increase lib571 timeout from 3s to 30s [106] - o tests: log the test result code after each libtest - o tests: propagate errors in libtests - o tests: set --expect100-timeout to improve test reliability - o tests: show which curl tool `runtests.pl` is using [60] - o tests: stop overriding the lock timeout - o tftpd: always use curl's own tftp.h [25] - o tool: use our own stderr variable [94] - o tool_cb_wrt: fix debug assertion [4] - o tool_getparam: accept variable expansion on file names too [123] - o tool_setopt: remove unused function tool_setopt_flags [56] - o upload-file.d: describe the file name slash/backslash handling [9] - o url: fall back to http/https proxy env-variable if ws/wss not set [119] - o url: fix netrc info message [39] - o warnless: remove unused functions [33] - o wolfssh: do cleanup in Curl_ssh_cleanup [40] - o wolfssl: allow capath with CURLOPT_CAINFO_BLOB [29] - o wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files [34] - o wolfssl: ignore errors in CA path [64] + o altsvc: free 'as' when returning error [23] + o appveyor: replace PowerShell with bash + parallel autotools [54] + o appveyor: switch to out-of-tree builds [29] + o asyn-ares: with modern c-ares, use its default timeout [127] + o build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}` [4] + o build: delete/replace clang warning pragmas [111] + o build: enable missing OpenSSF-recommended warnings, with fixes [11] + o build: fix `-Wconversion`/`-Wsign-conversion` warnings [26] + o build: fix Windows ADDRESS_FAMILY detection [35] + o build: more `-Wformat` fixes [40] + o build: remove redundant `CURL_PULL_*` settings [8] + o cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper [133] + o cf-socket: show errno in tcpkeepalive error messages [120] + o CI/distcheck: run full tests [31] + o cmake: add option to disable building docs + o cmake: fix generation for system name iOS [53] + o cmake: fix typo [5] + o cmake: freshen up docs/INSTALL.cmake [101] + o cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE` [45] + o cmake: rework options to enable curl and libcurl docs [161] + o cmake: when USE_MANUAL=YES, build the curl.1 man page [113] + o cmdline-opts/write-out.d: remove spurious double quotes + o cmdline-opts: update availability for the *-ca-native options [66] + o cmdline/gen: fix the sorting of the man page options [33] + o configure: add libngtcp2_crypto_boringssl detection [155] + o configure: fix no default int compile error in ipv6 detection [69] + o configure: when enabling QUIC, check that TLS supports QUIC [87] + o connect: remove margin from eyeballer alloc [79] + o content_encoding: change return code to typedef'ed enum [94] + o cookie.d: document use of empty string to enable cookie engine [106] + o cookie: avoid fopen with empty file name [24] + o curl.h: CURLOPT_DNS_SERVERS is only available with c-ares [131] + o curl: show ipfs and ipns as supported "protocols" [15] + o curl_easy_getinfo.3: remove the wrong time value count [116] + o curl_multi_fdset.3: remove mention of null pointer support [134] + o CURLINFO_REFERER.3: clarify that it is the *request* header [70] + o CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER + o CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example [27] + o CURLOPT_SSH_*_KEYFILE: clarify [57] + o dist: add tests/errorcodes.pl to the tarball [6] + o docs: clean up Protocols: for cmdline options [32] + o docs: describe and highlight super cookies [80] + o docs: do not start lines/sentences with So, But nor And [140] + o docs: install curl.1 with cmake [166] + o docs: mention env vars not used by schannel [124] + o doh: remove unused local variable [34] + o examples: add four new examples [99] + o file+ftp: use stack buffers instead of data->state.buffer [138] + o ftp: handle the PORT parsing without allocation [44] + o ftp: use dynbuf to store entrypath [83] + o ftp: use memdup0 to store the OS from a SYST 215 response [82] + o ftpserver.pl: send 213 SIZE response without spurious newline + o gen.pl: support ## for doing .IP in table-like lists [105] + o gen: do italics/bold for a range of letters, not just single word [78] + o GHA: add a job scanning for "bad words" in markdown [164] + o GHA: bump ngtcp2, gnutls, mod_h2, quiche [158] + o gnutls: fix build with --disable-verbose [3] + o haproxy-clientip.d: document the arg [68] + o headers: make sure the trailing newline is not stored [97] + o headers: remove assert from Curl_headers_push [115] + o hostip: return error immediately when Curl_ip2addr() fails [19] + o hsts: remove assert for zero length domain [96] + o http2: improved on_stream_close/data_done handling [49] + o http3/quiche: fix result code on a stream reset [91] + o http3: initial support for OpenSSL 3.2 QUIC stack [110] + o http: adjust_pollset fix [85] + o http: check for "Host:" case insensitively [154] + o http: fix off-by-one error in request method length check [14] + o http: only act on 101 responses when they are HTTP/1.1 [98] + o http: remove comment reference to a removed solution [156] + o http: use stack scratch buffer [150] + o http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT [90] + o krb5: add prototype to silence clang warnings on mvsnprintf() [119] + o lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT [62] + o lib: error out on multissl + http3 [13] + o lib: fix variable undeclared error caused by `infof` changes [2] + o lib: reduce use of strncpy [30] + o lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding [36] + o lib: replace readwrite with write_resp [137] + o lib: strndup/memdup instead of malloc, memcpy and null-terminate [42] + o libssh2: use `libssh2_session_callback_set2()` with v1.11.1 [103] + o libssh: improve the deprecation warning dismissal [20] + o libssh: supress warnings without version check [18] + o Makefile.am: fix the MSVC project generation [22] + o Makefile.mk: drop Windows support [12] + o mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls` [117] + o mbedtls: free the entropy when threaded [46] + o mime: use memdup0 instead of malloc + memcpy [63] + o mksymbolsmanpage.pl: provide references to where the symbol is used + o mprintf: overhaul and bugfixes [52] + o mqtt: use stack scratch buffer for recv+publish [148] + o multi: remove total timer reset in file_do() while fetching file:// [89] + o ngtcp2: put h3 at the front of alpn [58] + o ntlm_wb: do not use data->state.buffer any longer [151] + o openldap: fix an LDAP crash [75] + o openldap: fix STARTTLS [67] + o openssl: re-match LibreSSL deinit with init [17] + o openssl: when verifystatus fails, remove session id from cache [100] + o OS400: sync ILE/RPG binding [114] + o pingpong: stop using the download buffer [159] + o pop3: replace calloc + memcpy with memdup0 [60] + o pytest: scorecard tracking CPU and RSS [157] + o quiche: return CURLE_HTTP3 on send to invalid stream [65] + o readwrite_data: loop less [21] + o Revert "urldata: move async resolver state from easy handle to connectdata" [16] + o rtsp: deal with borked server responses [129] + o runtests: for mode="text" on , fix newlines on both parts [64] + o sasl: make login option string override http auth [142] + o schannel: fix `-Warith-conversion` gcc 13 warning [28] + o sectransp: do verify_cert without memdup for blobs [93] + o sectransp_ make TLSCipherNameForNumber() available in non-verbose config [1] + o sendf: fix compiler warning with CURL_DISABLE_HEADERS_API [38] + o setopt: clear mimepost when formp is freed [92] + o setopt: use memdup0 when cloning COPYPOSTFIELDS [107] + o socks: fix generic output string to say SOCKS instead of SOCKS4 [144] + o socks: use own buffer instead of data->state.buffer [143] + o ssh: fix namespace of two local macros [51] + o ssh: use stack scratch buffer for seeks [146] + o strerror: repair get_winsock_error() [56] + o system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers [9] + o system_win32: fix a function pointer assignment warning [71] + o telnet: use dynbuf instad of malloc for escape buffer [108] + o telnet: use stack scratch buffer for do [149] + o tests/server: delete workaround for old-mingw [25] + o tests: avoid int/size_t conversion size/sign warnings [163] + o tests: respect $TMPDIR when creating unix domain sockets [50] + o tool: make parser reject blank arguments if not supported [86] + o tool: prepend output_dir in header callback [95] + o tool_getparam: bsearch cmdline options [74] + o tool_getparam: do not try to expand without an argument [59] + o tool_getparam: stop supporting `@filename` style for --cookie [121] + o tool_listhelp: regenerate after recent .d updates [61] + o tool_operate: make --remove-on-error only remove "real" files [125] + o tool_operate: stop setting the file comment on Amiga [128] + o transfer: adjust_pollset improvements [81] + o transfer: fix upload rate limiting, add test cases [37] + o transfer: make the select_bits_paused condition check both directions [104] + o transfer: remove warning: Value stored to 'blen' is never read [136] + o url: don't set default CA paths for Secure Transport backend [126] + o url: for disabled protocols, mention if found in redirect [7] + o urlapi: remove assert [162] + o verify-examples.pl: fail verification on unescaped backslash [72] + o version: show only the libpsl version, not its dependencies [130] + o vquic: extract TLS setup into own source [88] + o vtls: fix missing multissl version info [73] + o vtls: receive max buffer [139] + o vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY [41] + o websockets: check for negative payload lengths [123] + o websockets: refactor decode chain [122] + o windows: delete redundant headers [43] + o windows: simplify detecting and using system headers [10] + o wolfssl: load certificate *chain* for PEM client certs [84] + o x509asn1: remove code for WANT_VERIFYHOST [132] + o x509asn1: switch from malloc to dynbuf [112] This release includes the following known bugs: @@ -164,143 +187,179 @@ Planned upcoming removals include: This release would not have looked like this without help, code, reports and advice from friends like these: - Aleksander Mazur, black-desk on github, calvin2021y on github, - Christian Schmitz, Christian Weisgerber, claudiusaiz on github, - consulion on github, Craig Andrews, Dan Fandrich, Daniel Stenberg, - David Benjamin, Douglas R. Reno, Eduard Strehlau, Elliot Killick, - Gisle Vanem, Hakan Sunay Halil, Harry Sintonen, Jakub Jelen, John Haugabook, - Joshix-1 on github, Juliusz Sosinowicz, Junho Choi, - Karthikdasari0423 on github, Lars Francke, Loïc Yhuel, Marc Hörsken, - Mark Gaiser, Mathias Fuchs, Maxim Dzhura, Michael Osipov, Natanael Copa, - Patrick Monnerat, PBudmark on github, Peter Wang, Philip Heiduck, Ray Satiro, - Robert Simpson, Ryan Schmidt, s0urc3_ on hackerone, Samuel Henrique, - Stefan Eissing, Ted Lyngmo, Viktor Szakats, vvb2060, w0x42 on hackerone, - å—å®«é›ªçŠ - (46 contributors) + Andy Alt, annalee, Baruch Siach, Ben, Boris Verkhovskiy, Brad Harder, + bubbleguuum on github, Cajus Pollmeier, calvin2021y on github, Chara White, + Chris Sauer, Dan Fandrich, Daniel Gustafsson, Daniel Stenberg, + dependabot[bot], Dmitry Karpov, Gabe, Geeknik Labs, Gisle Vanem, + Graham Campbell, Hans-Christian Egtvedt, Harry Sintonen, Haydar Alaidrus, + hgdagon on github, Hiroki Kurosawa, iAroc on github, ivanfywang, + janko-js on github, Jay Wu, Jess Lowe, Karthikdasari0423 on github, + Lealem Amedie, Lin Sun, Marcel Raad, Mark Huang, Mark Sinkovics, + Mauricio Scheffer, MichaÅ‚ Antoniak, Mike Hommey, Mohammadreza Hendiani, + Ozan Cansel, Patrick Monnerat, Pavel Pavlov, promptfuzz_ on hackerone, + Ray Satiro, RevaliQaQ on github, Richard Levitte, Scarlett McAllister, + Sergey Bronnikov, Sergey Markelov, sfan5 on github, Stefan Eissing, + Tatsuhiko Miyagawa, Tatsuhiro Tsujikawa, Theo, Thomas Ferguson, + Viktor Szakats, Xi Ruoyao, Yadhu Krishna M, Yedaya Katsman, Yifei Kong, + YX Hao, zengwei, zengwei2000, ウã•ã‚“ + (65 contributors) References to bug reports and discussions on issues: - [1] = https://curl.se/bug/?i=11850 - [2] = https://curl.se/bug/?i=11846 - [3] = https://curl.se/bug/?i=11767 - [4] = https://github.com/curl/curl/commit/af3f4e41#r127212213 - [5] = https://curl.se/bug/?i=11875 - [6] = https://curl.se/bug/?i=11871 - [7] = https://curl.se/bug/?i=11877 - [8] = https://curl.se/bug/?i=11874 - [9] = https://curl.se/bug/?i=11911 - [10] = https://curl.se/bug/?i=11843 - [11] = https://curl.se/bug/?i=11866 - [12] = https://curl.se/bug/?i=11864 - [13] = https://curl.se/bug/?i=11855 - [14] = https://curl.se/bug/?i=11804 - [15] = https://curl.se/bug/?i=11838 - [16] = https://curl.se/bug/?i=11862 - [17] = https://curl.se/bug/?i=11862 - [18] = https://curl.se/bug/?i=11905 - [19] = https://curl.se/bug/?i=11909 - [20] = https://curl.se/bug/?i=11750 - [21] = https://curl.se/bug/?i=11808 - [22] = https://curl.se/bug/?i=11837 - [23] = https://curl.se/bug/?i=11860 - [24] = https://curl.se/bug/?i=11885 - [25] = https://curl.se/bug/?i=11897 - [26] = https://curl.se/bug/?i=11890 - [27] = https://curl.se/bug/?i=11898 - [28] = https://curl.se/bug/?i=11892 - [29] = https://curl.se/bug/?i=11886 - [30] = https://curl.se/bug/?i=11882 - [31] = https://curl.se/bug/?i=11888 - [32] = https://curl.se/bug/?i=11893 - [33] = https://curl.se/bug/?i=11932 - [34] = https://curl.se/bug/?i=11884 - [35] = https://curl.se/bug/?i=11932 - [36] = https://curl.se/bug/?i=12003 - [37] = https://curl.se/bug/?i=11931 - [38] = https://curl.se/bug/?i=11925 - [39] = https://curl.se/bug/?i=11904 - [40] = https://curl.se/bug/?i=11921 - [41] = https://curl.se/bug/?i=12032 - [42] = https://curl.se/bug/?i=11924 - [43] = https://curl.se/bug/?i=11796 - [44] = https://curl.se/bug/?i=11810 - [45] = https://curl.se/bug/?i=11625 - [46] = https://curl.se/bug/?i=8805 - [47] = https://curl.se/bug/?i=11915 - [48] = https://curl.se/bug/?i=11912 - [49] = https://curl.se/bug/?i=11982 - [50] = https://curl.se/bug/?i=11998 - [51] = https://curl.se/bug/?i=11960 - [52] = https://curl.se/bug/?i=11957 - [53] = https://curl.se/bug/?i=11997 - [54] = https://curl.se/bug/?i=11920 - [55] = https://curl.se/bug/?i=11941 - [56] = https://curl.se/bug/?i=11943 - [57] = https://curl.se/bug/?i=11954 - [58] = https://curl.se/bug/?i=11951 - [59] = https://curl.se/bug/?i=11955 - [60] = https://curl.se/bug/?i=11953 - [61] = https://curl.se/bug/?i=11996 - [62] = https://curl.se/bug/?i=11990 - [63] = https://curl.se/bug/?i=11987 - [64] = https://curl.se/bug/?i=11987 - [65] = https://curl.se/bug/?i=11940 - [66] = https://curl.se/bug/?i=11991 - [67] = https://curl.se/bug/?i=11994 - [68] = https://curl.se/bug/?i=2935 - [69] = https://curl.se/bug/?i=11858 - [70] = https://curl.se/bug/?i=11937 - [71] = https://curl.se/bug/?i=11929 - [72] = https://curl.se/bug/?i=11927 - [73] = https://curl.se/bug/?i=11926 - [74] = https://curl.se/bug/?i=11914 - [75] = https://curl.se/bug/?i=11981 - [76] = https://curl.se/bug/?i=11979 - [77] = https://curl.se/bug/?i=11978 - [78] = https://curl.se/bug/?i=12010 - [79] = https://curl.se/bug/?i=11988 - [80] = https://curl.se/bug/?i=12018 - [81] = https://curl.se/bug/?i=11980 - [82] = https://curl.se/bug/?i=11986 - [83] = https://curl.se/bug/?i=11985 - [84] = https://curl.se/bug/?i=11984 - [85] = https://curl.se/bug/?i=11974 - [86] = https://curl.se/bug/?i=11973 - [87] = https://curl.se/bug/?i=11973 - [88] = https://curl.se/bug/?i=11975 - [89] = https://curl.se/bug/?i=11963 - [90] = https://curl.se/bug/?i=11983 - [91] = https://curl.se/bug/?i=11977 - [92] = https://curl.se/bug/?i=12024 - [93] = https://curl.se/bug/?i=11967 - [94] = https://curl.se/bug/?i=11958 - [95] = https://curl.se/bug/?i=11939 - [96] = https://curl.se/bug/?i=12027 - [97] = https://curl.se/bug/?i=11908 - [98] = https://curl.se/bug/?i=11938 - [99] = https://curl.se/bug/?i=12033 - [100] = https://curl.se/bug/?i=12059 - [101] = https://curl.se/bug/?i=12002 - [102] = https://curl.se/bug/?i=11964 - [103] = https://curl.se/bug/?i=12066 - [104] = https://curl.se/bug/?i=12038 - [105] = https://curl.se/bug/?i=12015 - [106] = https://curl.se/bug/?i=12013 - [107] = https://curl.se/bug/?i=11928 - [108] = https://curl.se/bug/?i=12005 - [109] = https://curl.se/bug/?i=11999 - [110] = https://curl.se/bug/?i=12006 - [111] = https://curl.se/bug/?i=12008 - [112] = https://curl.se/mail/lib-2023-10/0010.html - [113] = https://curl.se/bug/?i=12045 - [114] = https://curl.se/bug/?i=12065 - [115] = https://curl.se/bug/?i=12042 - [116] = https://curl.se/bug/?i=12041 - [117] = https://curl.se/bug/?i=12036 - [118] = https://curl.se/docs/CVE-2023-38545.html - [119] = https://curl.se/bug/?i=12031 - [120] = https://curl.se/bug/?i=12035 - [121] = https://curl.se/bug/?i=12054 - [122] = https://curl.se/bug/?i=12034 - [123] = https://curl.se/bug/?i=12048 - [125] = https://curl.se/bug/?i=12071 + [1] = https://curl.se/bug/?i=12474 + [2] = https://curl.se/bug/?i=12470 + [3] = https://curl.se/bug/?i=12505 + [4] = https://curl.se/bug/?i=12506 + [5] = https://curl.se/bug/?i=12464 + [6] = https://curl.se/bug/?i=12462 + [7] = https://curl.se/bug/?i=12466 + [8] = https://curl.se/bug/?i=12502 + [9] = https://curl.se/bug/?i=12501 + [10] = https://curl.se/bug/?i=12495 + [11] = https://curl.se/bug/?i=12489 + [12] = https://curl.se/bug/?i=12224 + [13] = https://curl.se/bug/?i=12807 + [14] = https://curl.se/bug/?i=12534 + [15] = https://curl.se/mail/archive-2023-12/0026.html + [16] = https://curl.se/bug/?i=12524 + [17] = https://curl.se/bug/?i=12525 + [18] = https://curl.se/bug/?i=12523 + [19] = https://curl.se/bug/?i=12522 + [20] = https://curl.se/bug/?i=12519 + [21] = https://curl.se/bug/?i=12504 + [22] = https://curl.se/bug/?i=12564 + [23] = https://curl.se/bug/?i=12570 + [24] = https://curl.se/bug/?i=12514 + [25] = https://curl.se/bug/?i=12510 + [26] = https://curl.se/bug/?i=12557 + [27] = https://curl.se/bug/?i=12588 + [28] = https://curl.se/bug/?i=12616 + [29] = https://curl.se/bug/?i=12550 + [30] = https://curl.se/bug/?i=12499 + [31] = https://curl.se/bug/?i=12503 + [32] = https://curl.se/bug/?i=12496 + [33] = https://curl.se/mail/archive-2023-12/0014.html + [34] = https://curl.se/bug/?i=12491 + [35] = https://curl.se/bug/?i=12441 + [36] = https://curl.se/bug/?i=12490 + [37] = https://curl.se/bug/?i=12559 + [38] = https://curl.se/bug/?i=12485 + [39] = https://curl.se/bug/?i=12369 + [40] = https://curl.se/bug/?i=12540 + [41] = https://curl.se/bug/?i=12459 + [42] = https://curl.se/bug/?i=12453 + [43] = https://curl.se/bug/?i=12539 + [44] = https://curl.se/bug/?i=12456 + [45] = https://curl.se/bug/?i=12537 + [46] = https://curl.se/bug/?i=12584 + [47] = https://curl.se/bug/?i=12547 + [48] = https://curl.se/bug/?i=12269 + [49] = https://curl.se/bug/?i=10936 + [50] = https://curl.se/bug/?i=12545 + [51] = https://curl.se/bug/?i=12544 + [52] = https://curl.se/bug/?i=12561 + [53] = https://curl.se/bug/?i=12515 + [54] = https://curl.se/bug/?i=12560 + [55] = https://curl.se/bug/?i=12481 + [56] = https://curl.se/bug/?i=12578 + [57] = https://curl.se/bug/?i=12554 + [58] = https://curl.se/bug/?i=12576 + [59] = https://curl.se/bug/?i=12565 + [60] = https://curl.se/bug/?i=12650 + [61] = https://curl.se/bug/?i=12612 + [62] = https://curl.se/bug/?i=12658 + [63] = https://curl.se/bug/?i=12649 + [64] = https://curl.se/bug/?i=12612 + [65] = https://curl.se/bug/?i=12590 + [66] = https://curl.se/bug/?i=12613 + [67] = https://curl.se/bug/?i=12610 + [68] = https://curl.se/bug/?i=12611 + [69] = https://curl.se/bug/?i=12607 + [70] = https://curl.se/bug/?i=12605 + [71] = https://curl.se/bug/?i=12581 + [72] = https://curl.se/bug/?i=12589 + [73] = https://curl.se/bug/?i=12599 + [74] = https://curl.se/bug/?i=12631 + [75] = https://curl.se/bug/?i=12593 + [76] = https://curl.se/bug/?i=12368 + [77] = https://curl.se/bug/?i=12751 + [78] = https://curl.se/bug/?i=12689 + [79] = https://curl.se/bug/?i=12647 + [80] = https://curl.se/bug/?i=12687 + [81] = https://curl.se/bug/?i=12640 + [82] = https://curl.se/bug/?i=12639 + [83] = https://curl.se/bug/?i=12638 + [84] = https://curl.se/bug/?i=12634 + [85] = https://curl.se/bug/?i=12632 + [86] = https://curl.se/bug/?i=12620 + [87] = https://curl.se/bug/?i=12683 + [88] = https://curl.se/bug/?i=12678 + [89] = https://curl.se/bug/?i=12682 + [90] = https://curl.se/bug/?i=12680 + [91] = https://curl.se/bug/?i=12629 + [92] = https://curl.se/bug/?i=12608 + [93] = https://curl.se/bug/?i=12679 + [94] = https://curl.se/bug/?i=12618 + [95] = https://curl.se/bug/?i=12614 + [96] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65661 + [97] = https://curl.se/mail/lib-2024-01/0019.html + [98] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66184 + [99] = https://curl.se/bug/?i=12671 + [100] = https://curl.se/bug/?i=12760 + [101] = https://curl.se/bug/?i=12772 + [102] = https://curl.se/bug/?i=12730 + [103] = https://curl.se/bug/?i=12754 + [104] = https://curl.se/mail/lib-2024-01/0049.html + [105] = https://curl.se/bug/?i=12667 + [106] = https://curl.se/bug/?i=12643 + [107] = https://curl.se/bug/?i=12651 + [108] = https://curl.se/bug/?i=12652 + [109] = https://curl.se/bug/?i=12661 + [110] = https://curl.se/bug/?i=12734 + [111] = https://curl.se/bug/?i=12812 + [112] = https://curl.se/bug/?i=12808 + [113] = https://curl.se/bug/?i=12742 + [114] = https://curl.se/bug/?i=12815 + [115] = https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65839 + [116] = https://curl.se/bug/?i=12727 + [117] = https://curl.se/bug/?i=12720 + [119] = https://curl.se/bug/?i=12803 + [120] = https://curl.se/bug/?i=12726 + [121] = https://curl.se/bug/?i=12645 + [122] = https://curl.se/bug/?i=12713 + [123] = https://curl.se/bug/?i=12707 + [124] = https://curl.se/bug/?i=12711 + [125] = https://curl.se/bug/?i=12710 + [126] = https://curl.se/bug/?i=12704 + [127] = https://curl.se/bug/?i=12703 + [128] = https://curl.se/bug/?i=12709 + [129] = https://curl.se/bug/?i=12701 + [130] = https://curl.se/bug/?i=12700 + [131] = https://curl.se/bug/?i=12695 + [132] = https://curl.se/bug/?i=12804 + [133] = https://curl.se/bug/?i=12697 + [134] = https://curl.se/bug/?i=12691 + [136] = https://curl.se/bug/?i=12693 + [137] = https://curl.se/bug/?i=12480 + [138] = https://curl.se/bug/?i=12789 + [139] = https://curl.se/bug/?i=12801 + [140] = https://curl.se/bug/?i=12802 + [142] = https://curl.se/bug/?i=10259 + [143] = https://curl.se/bug/?i=12788 + [144] = https://curl.se/bug/?i=12797 + [146] = https://curl.se/bug/?i=12794 + [148] = https://curl.se/bug/?i=12792 + [149] = https://curl.se/bug/?i=12793 + [150] = https://curl.se/bug/?i=12791 + [151] = https://curl.se/bug/?i=12787 + [154] = https://curl.se/bug/?i=12784 + [155] = https://curl.se/bug/?i=12724 + [156] = https://curl.se/bug/?i=12785 + [157] = https://curl.se/bug/?i=12765 + [158] = https://curl.se/bug/?i=12778 + [159] = https://curl.se/bug/?i=12757 + [161] = https://curl.se/bug/?i=12773 + [162] = https://curl.se/bug/?i=12775 + [163] = https://curl.se/bug/?i=12768 + [164] = https://curl.se/bug/?i=12764 + [166] = https://curl.se/bug/?i=12759 diff --git a/acinclude.m4 b/acinclude.m4 index 5fdd51e52..a44ae350e 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -156,7 +156,6 @@ AC_DEFUN([CURL_CHECK_AIX_ALL_SOURCE], [ #endif]) AC_BEFORE([$0], [AC_SYS_LARGEFILE])dnl AC_BEFORE([$0], [CURL_CONFIGURE_REENTRANT])dnl - AC_BEFORE([$0], [CURL_CONFIGURE_PULL_SYS_POLL])dnl AC_MSG_CHECKING([if OS is AIX (to define _ALL_SOURCE)]) AC_EGREP_CPP([yes_this_is_aix],[ #ifdef _AIX @@ -171,144 +170,28 @@ AC_DEFUN([CURL_CHECK_AIX_ALL_SOURCE], [ ]) -dnl CURL_CHECK_HEADER_WINDOWS -dnl ------------------------------------------------- -dnl Check for compilable and valid windows.h header - -AC_DEFUN([CURL_CHECK_HEADER_WINDOWS], [ - AC_CACHE_CHECK([for windows.h], [curl_cv_header_windows_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include - ]],[[ -#if defined(__CYGWIN__) || defined(__CEGCC__) - HAVE_WINDOWS_H shall not be defined. -#else - int dummy=2*WINVER; -#endif - ]]) - ],[ - curl_cv_header_windows_h="yes" - ],[ - curl_cv_header_windows_h="no" - ]) - ]) - case "$curl_cv_header_windows_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_WINDOWS_H, 1, - [Define to 1 if you have the windows.h header file.]) - ;; - esac -]) - - dnl CURL_CHECK_NATIVE_WINDOWS dnl ------------------------------------------------- dnl Check if building a native Windows target AC_DEFUN([CURL_CHECK_NATIVE_WINDOWS], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl AC_CACHE_CHECK([whether build target is a native Windows one], [curl_cv_native_windows], [ - if test "$curl_cv_header_windows_h" = "no"; then - curl_cv_native_windows="no" - else - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ - ]],[[ -#if defined(__MINGW32__) || defined(__MINGW32CE__) || \ - (defined(_MSC_VER) && (defined(_WIN32) || defined(_WIN64))) - int dummy=1; -#else - Not a native Windows build target. -#endif - ]]) - ],[ - curl_cv_native_windows="yes" - ],[ - curl_cv_native_windows="no" - ]) - fi - ]) - AM_CONDITIONAL(DOING_NATIVE_WINDOWS, test "x$curl_cv_native_windows" = xyes) -]) - - -dnl CURL_CHECK_HEADER_WINSOCK2 -dnl ------------------------------------------------- -dnl Check for compilable and valid winsock2.h header - -AC_DEFUN([CURL_CHECK_HEADER_WINSOCK2], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl - AC_CACHE_CHECK([for winsock2.h], [curl_cv_header_winsock2_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#include - ]],[[ -#if defined(__CYGWIN__) || defined(__CEGCC__) || defined(__MINGW32CE__) - HAVE_WINSOCK2_H shall not be defined. -#else - int dummy=2*IPPROTO_ESP; -#endif - ]]) - ],[ - curl_cv_header_winsock2_h="yes" - ],[ - curl_cv_header_winsock2_h="no" - ]) - ]) - case "$curl_cv_header_winsock2_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_WINSOCK2_H, 1, - [Define to 1 if you have the winsock2.h header file.]) - ;; - esac -]) - - -dnl CURL_CHECK_HEADER_WS2TCPIP -dnl ------------------------------------------------- -dnl Check for compilable and valid ws2tcpip.h header - -AC_DEFUN([CURL_CHECK_HEADER_WS2TCPIP], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl - AC_CACHE_CHECK([for ws2tcpip.h], [curl_cv_header_ws2tcpip_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#include -#include ]],[[ -#if defined(__CYGWIN__) || defined(__CEGCC__) || defined(__MINGW32CE__) - HAVE_WS2TCPIP_H shall not be defined. +#ifdef _WIN32 + int dummy=1; #else - int dummy=2*IP_PKTINFO; + Not a native Windows build target. #endif ]]) ],[ - curl_cv_header_ws2tcpip_h="yes" + curl_cv_native_windows="yes" ],[ - curl_cv_header_ws2tcpip_h="no" + curl_cv_native_windows="no" ]) ]) - case "$curl_cv_header_ws2tcpip_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_WS2TCPIP_H, 1, - [Define to 1 if you have the ws2tcpip.h header file.]) - ;; - esac + AM_CONDITIONAL(DOING_NATIVE_WINDOWS, test "x$curl_cv_native_windows" = xyes) ]) @@ -318,12 +201,12 @@ dnl Check for compilable and valid lber.h header, dnl and check if it is needed even with ldap.h AC_DEFUN([CURL_CHECK_HEADER_LBER], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl AC_CACHE_CHECK([for lber.h], [curl_cv_header_lber_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif @@ -355,7 +238,7 @@ AC_DEFUN([CURL_CHECK_HEADER_LBER], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif @@ -403,7 +286,7 @@ AC_DEFUN([CURL_CHECK_HEADER_LDAP], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif @@ -449,7 +332,7 @@ AC_DEFUN([CURL_CHECK_HEADER_LDAP_SSL], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif @@ -534,7 +417,7 @@ AC_DEFUN([CURL_CHECK_LIBS_WINLDAP], [ AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif @@ -632,7 +515,7 @@ AC_DEFUN([CURL_CHECK_LIBS_LDAP], [ AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif @@ -701,14 +584,11 @@ AC_DEFUN([TYPE_SOCKADDR_STORAGE], [if struct sockaddr_storage is defined]), , [ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else #ifdef HAVE_SYS_TYPES_H #include @@ -731,7 +611,7 @@ dnl ------------------------------------------------- dnl Test if the socket recv() function is available, AC_DEFUN([CURL_CHECK_FUNC_RECV], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl AC_REQUIRE([CURL_INCLUDES_BSDSOCKET])dnl AC_CHECK_HEADERS(sys/types.h sys/socket.h) # @@ -739,14 +619,11 @@ AC_DEFUN([CURL_CHECK_FUNC_RECV], [ AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else $curl_includes_bsdsocket #ifdef HAVE_SYS_TYPES_H @@ -782,7 +659,7 @@ dnl ------------------------------------------------- dnl Test if the socket send() function is available, AC_DEFUN([CURL_CHECK_FUNC_SEND], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl AC_REQUIRE([CURL_INCLUDES_BSDSOCKET])dnl AC_CHECK_HEADERS(sys/types.h sys/socket.h) # @@ -790,14 +667,11 @@ AC_DEFUN([CURL_CHECK_FUNC_SEND], [ AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else $curl_includes_bsdsocket #ifdef HAVE_SYS_TYPES_H @@ -837,14 +711,11 @@ AC_DEFUN([CURL_CHECK_MSG_NOSIGNAL], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else #ifdef HAVE_SYS_TYPES_H #include @@ -876,21 +747,18 @@ dnl ------------------------------------------------- dnl Check for timeval struct AC_DEFUN([CURL_CHECK_STRUCT_TIMEVAL], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl AC_CHECK_HEADERS(sys/types.h sys/time.h sys/socket.h) AC_CACHE_CHECK([for struct timeval], [curl_cv_struct_timeval], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include #endif -#endif #ifdef HAVE_SYS_TYPES_H #include #endif @@ -937,14 +805,11 @@ AC_DEFUN([TYPE_IN_ADDR_T], [ AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else #ifdef HAVE_SYS_TYPES_H #include @@ -979,14 +844,11 @@ AC_DEFUN([TYPE_IN_ADDR_T], [ esac ],[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else #ifdef HAVE_SYS_TYPES_H #include @@ -1197,7 +1059,7 @@ AC_DEFUN([CURL_CHECK_LIBS_CONNECT], [ AC_LANG_PROGRAM([[ $curl_includes_winsock2 $curl_includes_bsdsocket - #if !defined(HAVE_WINDOWS_H) && !defined(HAVE_PROTO_BSDSOCKET_H) + #if !defined(_WIN32) && !defined(HAVE_PROTO_BSDSOCKET_H) int connect(int, void*, int); #endif ]],[[ @@ -1246,40 +1108,6 @@ cat >>confdefs.h <<_EOF _EOF ]) -dnl CURL_CONFIGURE_PULL_SYS_POLL -dnl ------------------------------------------------- -dnl The need for the sys/poll.h inclusion arises mainly to properly -dnl interface AIX systems which define macros 'events' and 'revents'. - -AC_DEFUN([CURL_CONFIGURE_PULL_SYS_POLL], [ - AC_REQUIRE([CURL_INCLUDES_POLL])dnl - # - tst_poll_events_macro_defined="unknown" - # - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ - $curl_includes_poll - ]],[[ -#if defined(events) || defined(revents) - return 0; -#else - force compilation error -#endif - ]]) - ],[ - tst_poll_events_macro_defined="yes" - ],[ - tst_poll_events_macro_defined="no" - ]) - # - if test "$tst_poll_events_macro_defined" = "yes"; then - if test "x$ac_cv_header_sys_poll_h" = "xyes"; then - CURL_DEFINE_UNQUOTED([CURL_PULL_SYS_POLL_H]) - fi - fi - # -]) - dnl CURL_CHECK_FUNC_SELECT dnl ------------------------------------------------- @@ -1294,15 +1122,12 @@ AC_DEFUN([CURL_CHECK_FUNC_SELECT], [ AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include #endif -#endif #ifdef HAVE_SYS_TYPES_H #include #endif @@ -1310,7 +1135,7 @@ AC_DEFUN([CURL_CHECK_FUNC_SELECT], [ #include #endif #include -#ifndef HAVE_WINDOWS_H +#ifndef _WIN32 #ifdef HAVE_SYS_SELECT_H #include #elif defined(HAVE_UNISTD_H) @@ -1374,70 +1199,6 @@ int main() ]) -dnl CURL_CHECK_VARIADIC_MACROS -dnl ------------------------------------------------- -dnl Check compiler support of variadic macros - -AC_DEFUN([CURL_CHECK_VARIADIC_MACROS], [ - AC_CACHE_CHECK([for compiler support of C99 variadic macro style], - [curl_cv_variadic_macros_c99], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#define c99_vmacro3(first, ...) fun3(first, __VA_ARGS__) -#define c99_vmacro2(first, ...) fun2(first, __VA_ARGS__) - int fun3(int arg1, int arg2, int arg3); - int fun2(int arg1, int arg2); - int fun3(int arg1, int arg2, int arg3) - { return arg1 + arg2 + arg3; } - int fun2(int arg1, int arg2) - { return arg1 + arg2; } - ]],[[ - int res3 = c99_vmacro3(1, 2, 3); - int res2 = c99_vmacro2(1, 2); - ]]) - ],[ - curl_cv_variadic_macros_c99="yes" - ],[ - curl_cv_variadic_macros_c99="no" - ]) - ]) - case "$curl_cv_variadic_macros_c99" in - yes) - AC_DEFINE_UNQUOTED(HAVE_VARIADIC_MACROS_C99, 1, - [Define to 1 if compiler supports C99 variadic macro style.]) - ;; - esac - AC_CACHE_CHECK([for compiler support of old gcc variadic macro style], - [curl_cv_variadic_macros_gcc], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#define gcc_vmacro3(first, args...) fun3(first, args) -#define gcc_vmacro2(first, args...) fun2(first, args) - int fun3(int arg1, int arg2, int arg3); - int fun2(int arg1, int arg2); - int fun3(int arg1, int arg2, int arg3) - { return arg1 + arg2 + arg3; } - int fun2(int arg1, int arg2) - { return arg1 + arg2; } - ]],[[ - int res3 = gcc_vmacro3(1, 2, 3); - int res2 = gcc_vmacro2(1, 2); - ]]) - ],[ - curl_cv_variadic_macros_gcc="yes" - ],[ - curl_cv_variadic_macros_gcc="no" - ]) - ]) - case "$curl_cv_variadic_macros_gcc" in - yes) - AC_DEFINE_UNQUOTED(HAVE_VARIADIC_MACROS_GCC, 1, - [Define to 1 if compiler supports old gcc variadic macro style.]) - ;; - esac -]) - - dnl CURL_CHECK_CA_BUNDLE dnl ------------------------------------------------- dnl Check if a default ca-bundle should be used @@ -1611,17 +1372,15 @@ dnl ------------------------------------------------- dnl Check if curl's WIN32 large file will be used AC_DEFUN([CURL_CHECK_WIN32_LARGEFILE], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl AC_MSG_CHECKING([whether build target supports WIN32 file API]) curl_win32_file_api="no" - if test "$curl_cv_header_windows_h" = "yes"; then + if test "$curl_cv_native_windows" = "yes"; then if test x"$enable_largefile" != "xno"; then AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ ]],[[ -#if !defined(_WIN32_WCE) && \ - (defined(__MINGW32__) || \ - (defined(_MSC_VER) && (defined(_WIN32) || defined(_WIN64)))) +#if !defined(_WIN32_WCE) && (defined(__MINGW32__) || defined(_MSC_VER)) int dummy=1; #else WIN32 large file API not supported. @@ -1670,10 +1429,10 @@ dnl ------------------------------------------------- dnl Check if curl's WIN32 crypto lib can be used AC_DEFUN([CURL_CHECK_WIN32_CRYPTO], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl AC_MSG_CHECKING([whether build target supports WIN32 crypto API]) curl_win32_crypto_api="no" - if test "$curl_cv_header_windows_h" = "yes"; then + if test "$curl_cv_native_windows" = "yes"; then AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline diff --git a/appveyor.sh b/appveyor.sh new file mode 100644 index 000000000..87c9d572a --- /dev/null +++ b/appveyor.sh @@ -0,0 +1,160 @@ +#!/usr/bin/env bash +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +# shellcheck disable=SC3040,SC2039 +set -eux; [ -n "${BASH:-}${ZSH_NAME:-}" ] && set -o pipefail + +# build + +if [ "${APPVEYOR_BUILD_WORKER_IMAGE}" = 'Visual Studio 2022' ]; then + openssl_root_win='C:/OpenSSL-v30-Win64' +else + openssl_root_win='C:/OpenSSL-v111-Win64' +fi +openssl_root="$(cygpath -u "${openssl_root_win}")" + +if [ "${BUILD_SYSTEM}" = 'CMake' ]; then + options='' + [[ "${TARGET:-}" = *'ARM64'* ]] && SKIP_RUN='ARM64 architecture' + [ "${OPENSSL}" = 'ON' ] && options+=" -DOPENSSL_ROOT_DIR=${openssl_root_win}" + [ "${OPENSSL}" = 'ON' ] && options+=" -DOPENSSL_ROOT_DIR=${openssl_root_win}" + [ "${PRJ_CFG}" = 'Debug' ] && options+=' -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_DEBUG=' + [ "${PRJ_CFG}" = 'Release' ] && options+=' -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_RELEASE=' + [[ "${PRJ_GEN}" = *'Visual Studio'* ]] && options+=' -DCMAKE_VS_GLOBALS=TrackFileAccess=false' + # Fails to run without this run due to missing MSVCR90.dll + [ "${PRJ_GEN}" = 'Visual Studio 9 2008' ] && options+=' -DCURL_STATIC_CRT=ON' + # shellcheck disable=SC2086 + cmake -B _bld "-G${PRJ_GEN}" ${TARGET:-} ${options} \ + "-DCURL_USE_OPENSSL=${OPENSSL}" \ + "-DCURL_USE_SCHANNEL=${SCHANNEL}" \ + "-DHTTP_ONLY=${HTTP_ONLY}" \ + "-DBUILD_SHARED_LIBS=${SHARED}" \ + "-DBUILD_TESTING=${TESTING}" \ + "-DENABLE_WEBSOCKETS=${WEBSOCKETS:-}" \ + "-DCMAKE_UNITY_BUILD=${UNITY}" \ + '-DCURL_WERROR=ON' \ + "-DENABLE_DEBUG=${DEBUG}" \ + "-DENABLE_UNICODE=${ENABLE_UNICODE}" \ + '-DCMAKE_INSTALL_PREFIX=C:/CURL' \ + "-DCMAKE_BUILD_TYPE=${PRJ_CFG}" + # shellcheck disable=SC2086 + cmake --build _bld --config "${PRJ_CFG}" --parallel 2 --clean-first -- ${BUILD_OPT:-} + if [ "${SHARED}" = 'ON' ]; then + cp -f -p _bld/lib/*.dll _bld/src/ + fi + if [ "${OPENSSL}" = 'ON' ]; then + cp -f -p "${openssl_root}"/*.dll _bld/src/ + fi + curl='_bld/src/curl.exe' +elif [ "${BUILD_SYSTEM}" = 'VisualStudioSolution' ]; then + ( + cd projects + ./generate.bat "${VC_VERSION}" + msbuild.exe -maxcpucount "-property:Configuration=${PRJ_CFG}" "Windows/${VC_VERSION}/curl-all.sln" + ) + curl="build/Win32/${VC_VERSION}/${PRJ_CFG}/curld.exe" +elif [ "${BUILD_SYSTEM}" = 'winbuild_vs2015' ]; then + ./buildconf.bat + ( + cd winbuild + cat << EOF > _make.bat + call "C:/Program Files/Microsoft SDKs/Windows/v7.1/Bin/SetEnv.cmd" /x64 + call "C:/Program Files (x86)/Microsoft Visual Studio 14.0/VC/vcvarsall.bat" x86_amd64 + nmake -f Makefile.vc mode=dll VC=14 "SSL_PATH=${openssl_root_win}" WITH_SSL=dll MACHINE=x64 DEBUG=${DEBUG} ENABLE_UNICODE=${ENABLE_UNICODE} +EOF + ./_make.bat + rm _make.bat + ) + curl="builds/libcurl-vc14-x64-${PATHPART}-dll-ssl-dll-ipv6-sspi/bin/curl.exe" +elif [ "${BUILD_SYSTEM}" = 'winbuild_vs2017' ]; then + ./buildconf.bat + ( + cd winbuild + cat << EOF > _make.bat + call "C:/Program Files (x86)/Microsoft Visual Studio/2017/Community/VC/Auxiliary/Build/vcvars64.bat" + nmake -f Makefile.vc mode=dll VC=14.10 "SSL_PATH=${openssl_root_win}" WITH_SSL=dll MACHINE=x64 DEBUG=${DEBUG} ENABLE_UNICODE=${ENABLE_UNICODE} +EOF + ./_make.bat + rm _make.bat + ) + curl="builds/libcurl-vc14.10-x64-${PATHPART}-dll-ssl-dll-ipv6-sspi/bin/curl.exe" +elif [ "${BUILD_SYSTEM}" = 'autotools' ]; then + autoreconf -fi + ( + mkdir _bld + cd _bld + # shellcheck disable=SC2086 + ../configure ${CONFIG_ARGS:-} + make -j2 V=1 + make -j2 V=1 examples + cd tests + make -j2 V=1 + ) + curl='_bld/src/curl.exe' +fi + +find . -name '*.exe' -o -name '*.dll' +if [ -z "${SKIP_RUN:-}" ]; then + "${curl}" --version +else + echo "Skip running curl.exe. Reason: ${SKIP_RUN}" +fi + +if false; then + for log in CMakeFiles/CMakeConfigureLog.yaml CMakeFiles/CMakeOutput.log CMakeFiles/CMakeError.log; do + [ -r "_bld/${log}" ] && cat "_bld/${log}" + done +fi + +if [ "${TESTING}" = 'ON' ] && [ "${BUILD_SYSTEM}" = 'CMake' ]; then + cmake --build _bld --config "${PRJ_CFG}" --parallel 2 --target testdeps +fi + +# test + +if [ "${TESTING}" = 'ON' ]; then + export TFLAGS='' + if [ -x "$(cygpath -u "${WINDIR}/System32/curl.exe")" ]; then + TFLAGS+=" -ac $(cygpath -u "${WINDIR}/System32/curl.exe")" + elif [ -x "$(cygpath -u "C:/msys64/usr/bin/curl.exe")" ]; then + TFLAGS+=" -ac $(cygpath -u "C:/msys64/usr/bin/curl.exe")" + fi + TFLAGS+=" ${DISABLED_TESTS:-}" + if [ "${BUILD_SYSTEM}" = 'CMake' ]; then + ls _bld/lib/*.dll >/dev/null 2>&1 && cp -f -p _bld/lib/*.dll _bld/tests/libtest/ + cmake --build _bld --config "${PRJ_CFG}" --target test-ci + elif [ "${BUILD_SYSTEM}" = 'autotools' ]; then + ( + cd _bld + make -j2 V=1 test-ci + ) + else + ( + TFLAGS="-a -p !flaky -r -rm ${TFLAGS}" + cd _bld/tests + ./runtests.pl + ) + fi +fi diff --git a/configure.ac b/configure.ac index 2d71c838f..be66be9e9 100644 --- a/configure.ac +++ b/configure.ac @@ -174,8 +174,8 @@ curl_headers_msg="enabled (--disable-headers-api)" curl_ws_msg="no (--enable-websockets)" ssl_backends= curl_h1_msg="enabled (internal)" - curl_h2_msg="no (--with-nghttp2, --with-hyper)" - curl_h3_msg="no (--with-ngtcp2 --with-nghttp3, --with-quiche, --with-msh3)" + curl_h2_msg="no (--with-nghttp2)" + curl_h3_msg="no (--with-ngtcp2 --with-nghttp3, --with-quiche, --with-openssl-quic, --with-msh3)" enable_altsvc="yes" hsts="yes" @@ -503,6 +503,7 @@ dnl platform/compiler/architecture specific checks/flags dnl ********************************************************************** CURL_CHECK_COMPILER +CURL_CHECK_NATIVE_WINDOWS CURL_SET_COMPILER_BASIC_OPTS CURL_SET_COMPILER_DEBUG_OPTS CURL_SET_COMPILER_OPTIMIZE_OPTS @@ -583,25 +584,6 @@ dnl ********************************************************************** dnl Compilation based checks should not be done before this point. dnl ********************************************************************** -dnl ********************************************************************** -dnl Make sure that our checks for headers windows.h winsock2.h -dnl and ws2tcpip.h take precedence over any other further checks which -dnl could be done later using AC_CHECK_HEADER or AC_CHECK_HEADERS for -dnl this specific header files. And do them before its results are used. -dnl ********************************************************************** - -CURL_CHECK_HEADER_WINDOWS -CURL_CHECK_NATIVE_WINDOWS -case X-"$curl_cv_native_windows" in - X-yes) - CURL_CHECK_HEADER_WINSOCK2 - CURL_CHECK_HEADER_WS2TCPIP - ;; - *) - curl_cv_header_winsock2_h="no" - curl_cv_header_ws2tcpip_h="no" - ;; -esac CURL_CHECK_WIN32_LARGEFILE CURL_CHECK_WIN32_CRYPTO @@ -803,7 +785,6 @@ if test X"$want_hyper" != Xno; then experimental="$experimental Hyper" AC_MSG_NOTICE([Hyper support is experimental]) curl_h1_msg="enabled (Hyper)" - curl_h2_msg=$curl_h1_msg HYPER_ENABLED=1 AC_DEFINE(USE_HYPER, 1, [if hyper is in use]) AC_SUBST(USE_HYPER, [1]) @@ -1131,24 +1112,19 @@ fi if test "$HAVE_GETHOSTBYNAME" != "1" then dnl This is for winsock systems - if test "$curl_cv_header_windows_h" = "yes"; then - if test "$curl_cv_header_winsock2_h" = "yes"; then - winsock_LIB="-lws2_32" - fi + if test "$curl_cv_native_windows" = "yes"; then + winsock_LIB="-lws2_32" if test ! -z "$winsock_LIB"; then my_ac_save_LIBS=$LIBS LIBS="$winsock_LIB $LIBS" AC_MSG_CHECKING([for gethostbyname in $winsock_LIB]) AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #endif ]],[[ gethostbyname("localhost"); @@ -1669,7 +1645,7 @@ AS_HELP_STRING([--disable-ipv6],[Disable IPv6 support]), AC_RUN_IFELSE([AC_LANG_SOURCE([[ /* are AF_INET6 and sockaddr_in6 available? */ #include -#ifdef HAVE_WINSOCK2_H +#ifdef _WIN32 #include #include #else @@ -1679,15 +1655,12 @@ AS_HELP_STRING([--disable-ipv6],[Disable IPv6 support]), # include #endif #endif -#include /* for exit() */ -main() + +int main(void) { struct sockaddr_in6 s; (void)s; - if (socket(AF_INET6, SOCK_STREAM, 0) < 0) - exit(1); - else - exit(0); + return socket(AF_INET6, SOCK_STREAM, 0) < 0; } ]]) ], @@ -1708,7 +1681,7 @@ if test "$ipv6" = yes; then AC_MSG_CHECKING([if struct sockaddr_in6 has sin6_scope_id member]) AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #include -#ifdef HAVE_WINSOCK2_H +#ifdef _WIN32 #include #include #else @@ -1851,10 +1824,7 @@ AC_INCLUDES_DEFAULT if test "x$not_mit" = "x1"; then dnl MIT not found, check for Heimdal AC_CHECK_HEADER(gssapi.h, - [ - dnl found - AC_DEFINE(HAVE_GSSHEIMDAL, 1, [if you have Heimdal]) - ], + [], [ dnl no header found, disabling GSS want_gss=no @@ -1863,7 +1833,6 @@ AC_INCLUDES_DEFAULT ) else dnl MIT found - AC_DEFINE(HAVE_GSSMIT, 1, [if you have MIT Kerberos]) dnl check if we have a really old MIT Kerberos version (<= 1.2) AC_MSG_CHECKING([if GSS-API headers declare GSS_C_NT_HOSTBASED_SERVICE]) AC_COMPILE_IFELSE([ @@ -2085,17 +2054,16 @@ dnl ********************************************************************** AC_ARG_WITH(libpsl, AS_HELP_STRING([--without-libpsl], - [disable support for libpsl cookie checking]), + [disable support for libpsl]), with_libpsl=$withval, with_libpsl=yes) +curl_psl_msg="no (libpsl disabled)" if test $with_libpsl != "no"; then AC_SEARCH_LIBS(psl_builtin, psl, [curl_psl_msg="enabled"; AC_DEFINE([USE_LIBPSL], [1], [PSL support enabled]) ], - [curl_psl_msg="no (libpsl not found)"; - AC_MSG_WARN([libpsl was not found]) - ] + [AC_MSG_ERROR([libpsl was not found]) ] ) fi AM_CONDITIONAL([USE_LIBPSL], [test "$curl_psl_msg" = "enabled"]) @@ -2808,6 +2776,11 @@ esac curl_tcp2_msg="no (--with-ngtcp2)" if test X"$want_tcp2" != Xno; then + + if test "$QUIC_ENABLED" != "yes"; then + AC_MSG_ERROR([the detected TLS library does not support QUIC, making --with-ngtcp2 a no-no]) + fi + dnl backup the pre-ngtcp2 variables CLEANLDFLAGS="$LDFLAGS" CLEANCPPFLAGS="$CPPFLAGS" @@ -2863,7 +2836,7 @@ if test X"$want_tcp2" != Xno; then fi -if test "x$NGTCP2_ENABLED" = "x1" -a "x$OPENSSL_ENABLED" = "x1"; then +if test "x$NGTCP2_ENABLED" = "x1" -a "x$OPENSSL_ENABLED" = "x1" -a "x$OPENSSL_IS_BORINGSSL" != "x1"; then dnl backup the pre-ngtcp2_crypto_quictls variables CLEANLDFLAGS="$LDFLAGS" CLEANCPPFLAGS="$CPPFLAGS" @@ -2918,6 +2891,61 @@ if test "x$NGTCP2_ENABLED" = "x1" -a "x$OPENSSL_ENABLED" = "x1"; then fi fi +if test "x$NGTCP2_ENABLED" = "x1" -a "x$OPENSSL_ENABLED" = "x1" -a "x$OPENSSL_IS_BORINGSSL" = "x1"; then + dnl backup the pre-ngtcp2_crypto_boringssl variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + CURL_CHECK_PKGCONFIG(libngtcp2_crypto_boringssl, $want_tcp2_path) + + if test "$PKGCONFIG" != "no" ; then + LIB_NGTCP2_CRYPTO_BORINGSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) + $PKGCONFIG --libs-only-l libngtcp2_crypto_boringssl` + AC_MSG_NOTICE([-l is $LIB_NGTCP2_CRYPTO_BORINGSSL]) + + CPP_NGTCP2_CRYPTO_BORINGSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) dnl + $PKGCONFIG --cflags-only-I libngtcp2_crypto_boringssl` + AC_MSG_NOTICE([-I is $CPP_NGTCP2_CRYPTO_BORINGSSL]) + + LD_NGTCP2_CRYPTO_BORINGSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) + $PKGCONFIG --libs-only-L libngtcp2_crypto_boringssl` + AC_MSG_NOTICE([-L is $LD_NGTCP2_CRYPTO_BORINGSSL]) + + LDFLAGS="$LDFLAGS $LD_NGTCP2_CRYPTO_BORINGSSL" + CPPFLAGS="$CPPFLAGS $CPP_NGTCP2_CRYPTO_BORINGSSL" + LIBS="$LIB_NGTCP2_CRYPTO_BORINGSSL $LIBS" + + if test "x$cross_compiling" != "xyes"; then + DIR_NGTCP2_CRYPTO_BORINGSSL=`echo $LD_NGTCP2_CRYPTO_BORINGSSL | $SED -e 's/^-L//'` + fi + AC_CHECK_LIB(ngtcp2_crypto_boringssl, ngtcp2_crypto_recv_client_initial_cb, + [ + AC_CHECK_HEADERS(ngtcp2/ngtcp2_crypto.h, + NGTCP2_ENABLED=1 + AC_DEFINE(USE_NGTCP2_CRYPTO_BORINGSSL, 1, [if ngtcp2_crypto_boringssl is in use]) + AC_SUBST(USE_NGTCP2_CRYPTO_BORINGSSL, [1]) + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_BORINGSSL" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_NGTCP2_CRYPTO_BORINGSSL to CURL_LIBRARY_PATH]) + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) + + else + dnl no ngtcp2_crypto_boringssl pkg-config found, deal with it + if test X"$want_tcp2" != Xdefault; then + dnl To avoid link errors, we do not allow --with-ngtcp2 without + dnl a pkgconfig file + AC_MSG_ERROR([--with-ngtcp2 was specified but could not find ngtcp2_crypto_boringssl pkg-config file.]) + fi + fi +fi + if test "x$NGTCP2_ENABLED" = "x1" -a "x$GNUTLS_ENABLED" = "x1"; then dnl backup the pre-ngtcp2_crypto_gnutls variables CLEANLDFLAGS="$LDFLAGS" @@ -3028,14 +3056,53 @@ if test "x$NGTCP2_ENABLED" = "x1" -a "x$WOLFSSL_ENABLED" = "x1"; then fi fi +dnl ********************************************************************** +dnl Check for OpenSSL QUIC +dnl ********************************************************************** + +OPT_OPENSSL_QUIC="no" + +if test "x$disable_http" = "xyes" -o "x$OPENSSL_ENABLED" != "x1"; then + # without HTTP or without openssl, no use + OPT_OPENSSL_QUIC="no" +fi + +AC_ARG_WITH(openssl-quic, +AS_HELP_STRING([--with-openssl-quic],[Enable OpenSSL QUIC usage]) +AS_HELP_STRING([--without-openssl-quic],[Disable OpenSSL QUIC usage]), + [OPT_OPENSSL_QUIC=$withval]) +case "$OPT_OPENSSL_QUIC" in + no) + dnl --without-openssl-quic option used + want_openssl_quic="no" + ;; + yes) + dnl --with-openssl-quic option used + want_openssl_quic="yes" + ;; +esac + +curl_openssl_quic_msg="no (--with-openssl-quic)" +if test "x$want_openssl_quic" = "xyes"; then + + if test "$NGTCP2_ENABLED" = 1; then + AC_MSG_ERROR([--with-openssl-quic and --with-ngtcp2 are mutually exclusive]) + fi + if test "$HAVE_OPENSSL_QUIC" != 1; then + AC_MSG_ERROR([--with-openssl-quic requires quic support in OpenSSL]) + fi + AC_DEFINE(USE_OPENSSL_QUIC, 1, [if openssl QUIC is in use]) + AC_SUBST(USE_OPENSSL_QUIC, [1]) +fi + dnl ********************************************************************** dnl Check for nghttp3 (HTTP/3 with ngtcp2) dnl ********************************************************************** OPT_NGHTTP3="yes" -if test "x$NGTCP2_ENABLED" = "x"; then - # without ngtcp2, nghttp3 is of no use for us +if test "x$USE_NGTCP2" = "x" -a "$USE_OPENSSL_QUIC" = "x"; then + # without ngtcp2 or openssl quic, nghttp3 is of no use for us OPT_NGHTTP3="no" fi @@ -3062,6 +3129,7 @@ esac curl_http3_msg="no (--with-nghttp3)" if test X"$want_nghttp3" != Xno; then + dnl backup the pre-nghttp3 variables CLEANLDFLAGS="$LDFLAGS" CLEANCPPFLAGS="$CPPFLAGS" @@ -3092,14 +3160,11 @@ if test X"$want_nghttp3" != Xno; then AC_CHECK_LIB(nghttp3, nghttp3_conn_client_new_versioned, [ AC_CHECK_HEADERS(nghttp3/nghttp3.h, - curl_h3_msg="enabled (ngtcp2 + nghttp3)" - NGHTTP3_ENABLED=1 AC_DEFINE(USE_NGHTTP3, 1, [if nghttp3 is in use]) AC_SUBST(USE_NGHTTP3, [1]) CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGHTTP3" export CURL_LIBRARY_PATH AC_MSG_NOTICE([Added $DIR_NGHTTP3 to CURL_LIBRARY_PATH]) - experimental="$experimental HTTP3" ) ], dnl not found, revert back to clean variables @@ -3119,6 +3184,29 @@ if test X"$want_nghttp3" != Xno; then fi +dnl ********************************************************************** +dnl Check for ngtcp2 and nghttp3 (HTTP/3 with ngtcp2 + nghttp3) +dnl ********************************************************************** + +if test "x$NGTCP2_ENABLED" = "x1" -a "x$USE_NGHTTP3" = "x1"; then + AC_DEFINE(USE_NGTCP2_H3, 1, [if ngtcp2 + nghttp3 is in use]) + AC_SUBST(USE_NGTCP2_H3, [1]) + AC_MSG_NOTICE([HTTP3 support is experimental]) + curl_h3_msg="enabled (ngtcp2 + nghttp3)" +fi + +dnl ********************************************************************** +dnl Check for OpenSSL and nghttp3 (HTTP/3 with nghttp3 using OpenSSL QUIC) +dnl ********************************************************************** + +if test "x$USE_OPENSSL_QUIC" = "x1" -a "x$USE_NGHTTP3" = "x1"; then + experimental="$experimental HTTP3" + AC_DEFINE(USE_OPENSSL_H3, 1, [if openssl quic + nghttp3 is in use]) + AC_SUBST(USE_OPENSSL_H3, [1]) + AC_MSG_NOTICE([HTTP3 support is experimental]) + curl_h3_msg="enabled (openssl + nghttp3)" +fi + dnl ********************************************************************** dnl Check for quiche (QUIC) dnl ********************************************************************** @@ -3153,6 +3241,10 @@ esac if test X"$want_quiche" != Xno; then + if test "$QUIC_ENABLED" != "yes"; then + AC_MSG_ERROR([the detected TLS library does not support QUIC, making --with-quiche a no-no]) + fi + if test "$NGHTTP3_ENABLED" = 1; then AC_MSG_ERROR([--with-quiche and --with-ngtcp2 are mutually exclusive]) fi @@ -3251,9 +3343,22 @@ esac if test X"$want_msh3" != Xno; then + dnl msh3 on non-Windows needs an OpenSSL with the QUIC API + if test "$curl_cv_native_windows" != "yes"; then + if test "$QUIC_ENABLED" != "yes"; then + AC_MSG_ERROR([the detected TLS library does not support QUIC, making --with-msh3 a no-no]) + fi + if test "$OPENSSL_ENABLED" != "1"; then + AC_MSG_ERROR([msh3 requires OpenSSL]) + fi + fi + if test "$NGHTTP3_ENABLED" = 1; then AC_MSG_ERROR([--with-msh3 and --with-ngtcp2 are mutually exclusive]) fi + if test "$QUICHE_ENABLED" = 1; then + AC_MSG_ERROR([--with-msh3 and --with-quiche are mutually exclusive]) + fi dnl backup the pre-msh3 variables CLEANLDFLAGS="$LDFLAGS" @@ -3418,7 +3523,6 @@ dnl default includes dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST -CURL_CHECK_VARIADIC_MACROS AC_TYPE_SIZE_T CURL_CHECK_STRUCT_TIMEVAL @@ -3476,6 +3580,12 @@ AC_CHECK_TYPE(sa_family_t, AC_DEFINE(CURL_SA_FAMILY_T, ADDRESS_FAMILY, [IP address type in sockaddr]), AC_DEFINE(CURL_SA_FAMILY_T, unsigned short, [IP address type in sockaddr]), [ +#ifdef _WIN32 +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#endif #ifdef HAVE_SYS_SOCKET_H #include #endif @@ -3519,8 +3629,6 @@ CURL_RUN_IFELSE( AC_MSG_RESULT([no]) ]) -CURL_CONFIGURE_PULL_SYS_POLL - TYPE_IN_ADDR_T TYPE_SOCKADDR_STORAGE @@ -3581,11 +3689,9 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se [[#include #include ]]) - AC_CHECK_FUNCS([\ _fseeki64 \ arc4random \ - fchmod \ fnmatch \ fseeko \ geteuid \ @@ -3628,6 +3734,15 @@ AC_CHECK_FUNCS([\ fi ]) +dnl On Android, the only way to know if fseeko can be used is to see if it is +dnl declared or not (for this API level), as the symbol always exists in the +dnl lib. +AC_CHECK_DECL([fseeko], + [AC_DEFINE([HAVE_DECL_FSEEKO], [1], + [Define to 1 if you have the fseeko declaration])], + [], + [[#include ]]) + CURL_CHECK_NONBLOCKING_SOCKET dnl ************************************************************ @@ -4570,12 +4685,15 @@ if test "x$USE_TLS_SRP" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES TLS-SRP" fi -if test "x$USE_NGHTTP2" = "x1" -o "x$USE_HYPER" = "x1"; then +if test "x$USE_NGHTTP2" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP2" fi -if test "x$USE_NGTCP2" = "x1" -o "x$USE_QUICHE" = "x1" \ - -o "x$USE_MSH3" = "x1"; then +if test "x$USE_NGTCP2_H3" = "x1" -o "x$USE_QUICHE" = "x1" \ + -o "x$USE_OPENSSL_H3" = "x1" -o "x$USE_MSH3" = "x1"; then + if test "x$CURL_WITH_MULTI_SSL" = "x1"; then + AC_MSG_ERROR([MultiSSL cannot be enabled with HTTP/3 and vice versa]) + fi SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP3" fi @@ -4583,20 +4701,31 @@ if test "x$CURL_WITH_MULTI_SSL" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES MultiSSL" fi +AC_MSG_CHECKING([if this build supports HTTPS-proxy]) dnl if not explicitly turned off, HTTPS-proxy comes with some TLS backends -if test "x$https_proxy" != "xno"; then - if test "x$OPENSSL_ENABLED" = "x1" \ - -o "x$GNUTLS_ENABLED" = "x1" \ - -o "x$SECURETRANSPORT_ENABLED" = "x1" \ - -o "x$RUSTLS_ENABLED" = "x1" \ - -o "x$BEARSSL_ENABLED" = "x1" \ - -o "x$SCHANNEL_ENABLED" = "x1" \ - -o "x$GNUTLS_ENABLED" = "x1" \ - -o "x$MBEDTLS_ENABLED" = "x1"; then - SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" - elif test "x$WOLFSSL_ENABLED" = "x1" -a "x$WOLFSSL_FULL_BIO" = "x1"; then - SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" +if test "x$CURL_DISABLE_HTTP" != "x1"; then + if test "x$https_proxy" != "xno"; then + if test "x$OPENSSL_ENABLED" = "x1" \ + -o "x$GNUTLS_ENABLED" = "x1" \ + -o "x$SECURETRANSPORT_ENABLED" = "x1" \ + -o "x$RUSTLS_ENABLED" = "x1" \ + -o "x$BEARSSL_ENABLED" = "x1" \ + -o "x$SCHANNEL_ENABLED" = "x1" \ + -o "x$GNUTLS_ENABLED" = "x1" \ + -o "x$MBEDTLS_ENABLED" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" + AC_MSG_RESULT([yes]) + elif test "x$WOLFSSL_ENABLED" = "x1" -a "x$WOLFSSL_FULL_BIO" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + fi + else + AC_MSG_RESULT([no]) fi +else + AC_MSG_RESULT([no]) fi if test "x$ECH_ENABLED" = "x1"; then @@ -4612,6 +4741,9 @@ fi if test "$tst_atomic" = "yes"; then SUPPORT_FEATURES="$SUPPORT_FEATURES threadsafe" +elif test "x$USE_THREADS_POSIX" = "x1" -a \ + "x$ac_cv_header_pthread_h" = "xyes"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES threadsafe" else AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ @@ -4635,7 +4767,7 @@ AC_SUBST(SUPPORT_FEATURES) dnl For supported protocols in pkg-config file if test "x$CURL_DISABLE_HTTP" != "x1"; then - SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS HTTP" + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS HTTP IPFS IPNS" if test "x$SSL_ENABLED" = "x1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS HTTPS" fi diff --git a/docs/ALTSVC.md b/docs/ALTSVC.md index b9117e4d4..18d2d2ad9 100644 --- a/docs/ALTSVC.md +++ b/docs/ALTSVC.md @@ -24,16 +24,16 @@ space separated fields. ## Fields 1. The ALPN id for the source origin -2. The host name for the source origin +2. The hostname for the source origin 3. The port number for the source origin 4. The ALPN id for the destination host -5. The host name for the destination host +5. The hostname for the destination host 6. The host number for the destination host 7. The expiration date and time of this entry within double quotes. The date format is "YYYYMMDD HH:MM:SS" and the time zone is GMT. 8. Boolean (1 or 0) if "persist" was set for this entry 9. Integer priority value (not currently used) -If the host name is an IPv6 numerical address, it is stored with brackets such +If the hostname is an IPv6 numerical address, it is stored with brackets such as `[::1]`. # TODO diff --git a/docs/BINDINGS.md b/docs/BINDINGS.md index 57f87a5f8..7f5da4219 100644 --- a/docs/BINDINGS.md +++ b/docs/BINDINGS.md @@ -125,6 +125,8 @@ Ruby: [curb](https://github.com/taf2/curb) written by Ross Bamford, [Tcl](https://web.archive.org/web/20160826011806/mirror.yellow5.com/tclcurl/) Tclcurl by Andrés García +[Vibe](https://github.com/ttytm/vibe) HTTP requests through libcurl in V + [Visual Basic](https://sourceforge.net/projects/libcurl-vb/) libcurl-vb by Jeffrey Phillips [Visual Foxpro](https://web.archive.org/web/20130730181523/www.ctl32.com.ar/libcurl.asp) by Carlos Alloatti diff --git a/docs/BUGS.md b/docs/BUGS.md index 2a8c56fe6..7333baafe 100644 --- a/docs/BUGS.md +++ b/docs/BUGS.md @@ -5,7 +5,7 @@ Curl and libcurl keep being developed. Adding features and changing code means that bugs will sneak in, no matter how hard we try to keep them out. - Of course there are lots of bugs left. And lots of misfeatures. + Of course there are lots of bugs left. Not to mention misfeatures. To help us make curl the stable and solid product we want it to be, we need bug reports and bug fixes. diff --git a/docs/CIPHERS.md b/docs/CIPHERS.md index 27de94036..f616f4972 100644 --- a/docs/CIPHERS.md +++ b/docs/CIPHERS.md @@ -363,10 +363,10 @@ individual TLS 1.3 cipher suites since Schannel does not support it directly. `TLS_AES_128_CCM_8_SHA256` `TLS_AES_128_CCM_SHA256` -Note if you set TLS 1.3 ciphers without also setting the minimum TLS version to -1.3 then it's possible Schannel may negotiate an earlier TLS version and cipher -suite if your libcurl and OS settings allow it. You can set the minimum TLS -version by using `CURLOPT_SSLVERSION` or `--tlsv1.3`. +Note if you set TLS 1.3 ciphers without also setting the minimum TLS version +to 1.3 then it is possible Schannel may negotiate an earlier TLS version and +cipher suite if your libcurl and OS settings allow it. You can set the minimum +TLS version by using `CURLOPT_SSLVERSION` or `--tlsv1.3`. ## BearSSL diff --git a/docs/CLIENT-WRITERS.md b/docs/CLIENT-WRITERS.md new file mode 100644 index 000000000..7a928826c --- /dev/null +++ b/docs/CLIENT-WRITERS.md @@ -0,0 +1,104 @@ +# curl client writers + +Client writers is a design in the internals of libcurl, not visible in its public API. They were started +in curl v8.5.0. This document describes the concepts, its high level implementation and the motivations. + +## Naming + +`libcurl` operates between clients and servers. A *client* is the application using libcurl, like the command line tool `curl` itself. Data to be uploaded to a server is **read** from the client and **send** to the server, the servers response is **received** by `libcurl` and then **written** to the client. + +With this naming established, client writers are concerned with writing responses from the server to the application. Applications register callbacks via `CURLOPT_WRITEFUNCTION` and `CURLOPT_HEADERFUNCTION` to be invoked by `libcurl` when the response is received. + +## Invoking + +All code in `libcurl` that handles response data is ultimately expected to forward this data via `Curl_client_write()` to the application. The exact prototype of this function is: + +``` +CURLcode Curl_client_write(struct Curl_easy *data, int type, char *buf, size_t blen); +``` +The `type` argument specifies what the bytes in `buf` actually are. The following bits are defined: + +``` +#define CLIENTWRITE_BODY (1<<0) /* non-meta information, BODY */ +#define CLIENTWRITE_INFO (1<<1) /* meta information, not a HEADER */ +#define CLIENTWRITE_HEADER (1<<2) /* meta information, HEADER */ +#define CLIENTWRITE_STATUS (1<<3) /* a special status HEADER */ +#define CLIENTWRITE_CONNECT (1<<4) /* a CONNECT related HEADER */ +#define CLIENTWRITE_1XX (1<<5) /* a 1xx response related HEADER */ +#define CLIENTWRITE_TRAILER (1<<6) /* a trailer HEADER */ +``` + +The main types here are `CLIENTWRITE_BODY` and `CLIENTWRITE_HEADER`. They are +mutually exclusive. The other bits are enhancements to `CLIENTWRITE_HEADER` to +specify what the header is about. They are only used in HTTP and related +protocols (RTSP and WebSocket). + +The implementation of `Curl_client_write()` uses a chain of *client writer* instances to process the call and make sure that the bytes reach the proper application callbacks. This is similar to the design of connection filters: client writers can be chained to process the bytes written through them. The definition is: + +``` +struct Curl_cwtype { + const char *name; + CURLcode (*do_init)(struct Curl_easy *data, + struct Curl_cwriter *writer); + CURLcode (*do_write)(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, + const char *buf, size_t nbytes); + void (*do_close)(struct Curl_easy *data, + struct Curl_cwriter *writer); +}; + +struct Curl_cwriter { + const struct Curl_cwtype *cwt; /* type implementation */ + struct Curl_cwriter *next; /* Downstream writer. */ + Curl_cwriter_phase phase; /* phase at which it operates */ +}; +``` + +`Curl_cwriter` is a writer instance with a `next` pointer to form the chain. It has a type `cwt` which provides the implementation. The main callback is `do_write()` that processes the data and calls then the `next` writer. The others are for setup and tear down. + +## Phases and Ordering + +Since client writers may transform the bytes written through them, the order in which the are called is relevant for the outcome. When a writer is created, one property it gets is the `phase` in which it operates. Writer phases are defined like: + +``` +typedef enum { + CURL_CW_RAW, /* raw data written, before any decoding */ + CURL_CW_TRANSFER_DECODE, /* remove transfer-encodings */ + CURL_CW_PROTOCOL, /* after transfer, but before content decoding */ + CURL_CW_CONTENT_DECODE, /* remove content-encodings */ + CURL_CW_CLIENT /* data written to client */ +} Curl_cwriter_phase; +``` + +If a writer for phase `PROTOCOL` is added to the chain, it is always added *after* any `RAW` or `TRANSFER_DECODE` and *before* any `CONTENT_DECODE` and `CLIENT` phase writer. If there is already a writer for the same phase present, the new writer is inserted just before that one. + +All transfers have a chain of 3 writers by default. A specific protocol handler may alter that by adding additional writers. The 3 standard writers are (name, phase): + +1. `"raw", CURL_CW_RAW `: if the transfer is verbose, it forwards the body data to the debug function. +1. `"download", CURL_CW_PROTOCOL`: checks that protocol limits are kept and updates progress counters. When a download has a known length, it checks that it is not exceeded and errors otherwise. +1. `"client", CURL_CW_CLIENT`: the main work horse. It invokes the application callbacks or writes to the configured file handles. It chops large writes into smaller parts, as documented for `CURLOPT_WRITEFUNCTION`. If also handles *pausing* of transfers when the application callback returns `CURL_WRITEFUNC_PAUSE`. + +With these writers always in place, libcurl's protocol handlers automatically have these implemented. + +## Enhanced Use + +HTTP is the protocol in curl that makes use of the client writer chain by adding writers to it. When the `libcurl` application set `CURLOPT_ACCEPT_ENCODING` (as `curl` does with `--compressed`), the server is offered an `Accept-Encoding` header with the algorithms supported. The server then may choose to send the response body compressed. For example using `gzip` or `brotli` or even both. + +In the server's response, there then will be a `Content-Encoding` header listing the encoding applied. If supported by `libcurl` it will then decompress the content before writing it out to the client. How does it do that? + +The HTTP protocol will add client writers in phase `CURL_CW_CONTENT_DECODE` on seeing such a header. For each encoding listed, it will add the corresponding writer. The response from the server is then passed through `Curl_client_write()` to the writers that decode it. If several encodings had been applied the writer chain decodes them in the proper order. + +When the server provides a `Content-Length` header, that value applies to the *compressed* content. So length checks on the response bytes must happen *before* it gets decoded. That is why this check happens in phase `CURL_CW_PROTOCOL` which always is ordered before writers in phase `CURL_CW_CONTENT_DECODE`. + +What else? + +Well, HTTP servers may also apply a `Transfer-Encoding` to the body of a response. The most well-known one is `chunked`, but algorithms like `gzip` and friends could also be applied. The difference to content encodings is that decoding needs to happen *before* protocol checks, for example on length, are done. + +That is why transfer decoding writers are added for phase `CURL_CW_TRANSFER_DECODE`. Which makes their operation happen *before* phase `CURL_CW_PROTOCOL` where length may be checked. + +## Summary + +By adding the common behavior of all protocols into `Curl_client_write()` we make sure that they do apply everywhere. Protocol handler have less to worry about. Changes to default behavior can be done without affecting handler implementations. + +Having a writer chain as implementation allows protocol handlers with extra needs, like HTTP, to add to this for special behavior. The common way of writing the actual response data stays the same. + diff --git a/docs/CMakeLists.txt b/docs/CMakeLists.txt index dd2c6dc74..9c0b37691 100644 --- a/docs/CMakeLists.txt +++ b/docs/CMakeLists.txt @@ -22,5 +22,9 @@ # ########################################################################### #add_subdirectory(examples) -add_subdirectory(libcurl) -add_subdirectory(cmdline-opts) +if(BUILD_LIBCURL_DOCS) + add_subdirectory(libcurl) +endif() +if(ENABLE_CURL_MANUAL AND BUILD_CURL_EXE) + add_subdirectory(cmdline-opts) +endif() diff --git a/docs/CODE_STYLE.md b/docs/CODE_STYLE.md index 9cdf0d17e..e6af36093 100644 --- a/docs/CODE_STYLE.md +++ b/docs/CODE_STYLE.md @@ -221,7 +221,7 @@ too long, the statement too hard to read, or due to other style guidelines above. In such a case the statement will span multiple lines. If a continuation line is part of an expression or sub-expression then you -should align on the appropriate column so that it's easy to tell what part of +should align on the appropriate column so that it is easy to tell what part of the statement it is. Operators should not start continuation lines. In other cases follow the 2-space indent guideline. Here are some examples from libcurl: diff --git a/docs/CONNECTION-FILTERS.md b/docs/CONNECTION-FILTERS.md index c4b11dbb0..a145d42c0 100644 --- a/docs/CONNECTION-FILTERS.md +++ b/docs/CONNECTION-FILTERS.md @@ -1,16 +1,26 @@ # curl connection filters -Connection filters is a design in the internals of curl, not visible in its public API. They were added -in curl v7.xx.x. This document describes the concepts, its high level implementation and the motivations. +Connection filters is a design in the internals of curl, not visible in its +public API. They were added in curl v7.87.0. This document describes the +concepts, its high level implementation and the motivations. ## Filters -A "connection filter" is a piece of code that is responsible for handling a range of operations -of curl's connections: reading, writing, waiting on external events, connecting and closing down - to name the most important ones. +A "connection filter" is a piece of code that is responsible for handling a +range of operations of curl's connections: reading, writing, waiting on +external events, connecting and closing down - to name the most important +ones. -The most important feat of connection filters is that they can be stacked on top of each other (or "chained" if you prefer that metaphor). In the common scenario that you want to retrieve a `https:` url with curl, you need 2 basic things to send the request and get the response: a TCP connection, represented by a `socket` and a SSL instance en- and decrypt over that socket. You write your request to the SSL instance, which encrypts and writes that data to the socket, which then sends the bytes over the network. +The most important feat of connection filters is that they can be stacked on +top of each other (or "chained" if you prefer that metaphor). In the common +scenario that you want to retrieve a `https:` URL with curl, you need 2 basic +things to send the request and get the response: a TCP connection, represented +by a `socket` and a SSL instance en- and decrypt over that socket. You write +your request to the SSL instance, which encrypts and writes that data to the +socket, which then sends the bytes over the network. -With connection filters, curl's internal setup will look something like this (cf for connection filter): +With connection filters, curl's internal setup will look something like this +(cf for connection filter): ``` Curl_easy *data connectdata *conn cf-ssl cf-socket @@ -27,7 +37,7 @@ While connection filters all do different things, they look the same from the "o Same is true for filters. Each filter has a pointer to the `next` filter. When SSL has encrypted the data, it does not write to a socket, it writes to the next filter. If that is indeed a socket, or a file, or an HTTP/2 connection is of no concern to the SSL filter. -And this allows the stacking, as in: +This allows stacking, as in: ``` Direct: @@ -110,18 +120,123 @@ The `recv` implementation is equivalent. ## Filter Types -The (currently) existing filter types are: SOCKET, SOCKET-ACCEPT, SSL, HTTP-PROXY and SOCKS-PROXY. Vital to establishing and read/writing a connection. But filters are also a good way to implement tasks for *managing* a connection: +The currently existing filter types (curl 8.5.0) are: -* **Statistics**: a filter that counts the number of bytes sent/received. Place one in front of SOCKET and one higher up and get the number of raw and "easy" bytes transferred. They may track the speed as well, or number of partial writes, etc. -* **Timeout**: enforce timeouts, e.g. fail if a connection cannot be established in a certain amount of time. -* **Progress**: report progress on a connection. -* **Pacing**: limit read/write rates. -* **Testing**: simulate network condition or failures. +* `TCP`, `UDP`, `UNIX`: filters that operate on a socket, providing raw I/O. +* `SOCKET-ACCEPT`: special TCP socket that has a socket that has been `accept()`ed in a `listen()` +* `SSL`: filter that applies TLS en-/decryption and handshake. Manages the underlying TLS backend implementation. +* `HTTP-PROXY`, `H1-PROXY`, `H2-PROXY`: the first manages the connection to an + HTTP proxy server and uses the other depending on which ALPN protocol has + been negotiated. +* `SOCKS-PROXY`: filter for the various SOCKS proxy protocol variations +* `HAPROXY`: filter for the protocol of the same name, providing client IP information to a server. +* `HTTP/2`: filter for handling multiplexed transfers over an HTTP/2 connection +* `HTTP/3`: filter for handling multiplexed transfers over an HTTP/3+QUIC connection +* `HAPPY-EYEBALLS`: meta filter that implements IPv4/IPv6 "happy eyeballing". It creates up to 2 sub-filters that race each other for a connection. +* `SETUP`: meta filter that manages the creation of sub-filter chains for a specific transport (e.g. TCP or QUIC). +* `HTTPS-CONNECT`: meta filter that races a TCP+TLS and a QUIC connection against each other to determine if HTTP/1.1, HTTP/2 or HTTP/3 shall be used for a transfer. -As you see, filters are a good way to add functionality to curl's internal handling of transfers without impact on other code. +Meta filters are combining other filters for a specific purpose, mostly during connection establishment. Other filters like `TCP`, `UDP` and `UNIX` are only to be found at the end of filter chains. SSL filters provide encryption, of course. Protocol filters change the bytes sent and received. -## Easy Filters? +## Filter Flags -Some things that curl needs to manage are not directly tied to a specific connection but the property of the `Curl_easy` handle, e.g. a particular transfer. When using HTTP/2 or HTTP/3, many transfers can use the same connection. If one wants to monitor of the transfer itself or restricting its speed alone, a connection filter is not the right place to do this. +Filter types carry flags that inform what they do. These are (for now): + +* `CF_TYPE_IP_CONNECT`: this filter type talks directly to a server. This does not have to be the server the transfer wants to talk to. For example when a proxy server is used. +* `CF_TYPE_SSL`: this filter type provides encryption. +* `CF_TYPE_MULTIPLEX`: this filter type can manage multiple transfers in parallel. + +Filter types can combine these flags. For example, the HTTP/3 filter types have `CF_TYPE_IP_CONNECT`, `CF_TYPE_SSL` and `CF_TYPE_MULTIPLEX` set. + +Flags are useful to extrapolate properties of a connection. To check if a connection is encrypted, libcurl inspect the filter chain in place, top down, for `CF_TYPE_SSL`. If it finds `CF_TYPE_IP_CONNECT` before any `CF_TYPE_SSL`, the connection is not encrypted. + +For example, `conn1` is for a `http:` request using a tunnel through a HTTP/2 `https:` proxy. `conn2` is a `https:` HTTP/2 connection to the same proxy. `conn3` uses HTTP/3 without proxy. The filter chains would look like this (simplified): + +``` +conn1 --> `HTTP-PROXY` --> `H2-PROXY` --> `SSL` --> `TCP` +flags: `IP_CONNECT` `SSL` `IP_CONNECT` + +conn2 --> `HTTP/2` --> `SSL` --> `HTTP-PROXY` --> `H2-PROXY` --> `SSL` --> `TCP` +flags: `SSL` `IP_CONNECT` `SSL` `IP_CONNECT` + +conn3 --> `HTTP/3` +flags: `SSL|IP_CONNECT` +``` + +Inspecting the filter chains, `conn1` is seen as unencrypted, since it contains an `IP_CONNECT` filter before any `SSL`. `conn2` is clearly encrypted as an `SSL` flagged filter is seen first. `conn3` is also encrypted as the `SSL` flag is checked before the presence of `IP_CONNECT`. + +Similar checks can determine if a connection is multiplexed or not. + +## Filter Tracing + +Filters may make use of special trace macros like `CURL_TRC_CF(data, cf, msg, ...)`. With `data` being the transfer and `cf` being the filter instance. These traces are normally not active and their execution is guarded so that they are cheap to ignore. + +Users of `curl` may activate them by adding the name of the filter type to the +`--trace-config` argument. For example, in order to get more detailed tracing +of an HTTP/2 request, invoke curl with: + +``` +> curl -v --trace-config ids,time,http/2 https://curl.se +``` +Which will give you trace output with time information, transfer+connection ids and details from the `HTTP/2` filter. Filter type names in the trace config are case insensitive. You may use `all` to enable tracing for all filter types. When using `libcurl` you may call `curl_global_trace(config_string)` at the start of your application to enable filter details. + +## Meta Filters + +Meta filters is a catch-all name for filter types that do not change the transfer data in any way but provide other important services to curl. In general, it is possible to do all sorts of silly things with them. One of the commonly used, important things is "eyeballing". + +The `HAPPY-EYEBALLS` filter is involved in the connect phase. Its job is to +try the various IPv4 and IPv6 addresses that are known for a server. If only +one address family is known (or configured), it tries the addresses one after +the other with timeouts calculated from the amount of addresses and the +overall connect timeout. + +When more than one address family is to be tried, it splits the address list into IPv4 and IPv6 and makes parallel attempts. The connection filter chain will look like this: + +``` +* create connection for http://curl.se +conn[curl.se] --> SETUP[TCP] --> HAPPY-EYEBALLS --> NULL +* start connect +conn[curl.se] --> SETUP[TCP] --> HAPPY-EYEBALLS --> NULL + - ballerv4 --> TCP[151.101.1.91]:443 + - ballerv6 --> TCP[2a04:4e42:c00::347]:443 +* v6 answers, connected +conn[curl.se] --> SETUP[TCP] --> HAPPY-EYEBALLS --> TCP[2a04:4e42:c00::347]:443 +* transfer +``` + +The modular design of connection filters and that we can plug them into each other is used to control the parallel attempts. When a `TCP` filter does not connect (in time), it is torn down and another one is created for the next address. This keeps the `TCP` filter simple. + +The `HAPPY-EYEBALLS` on the other hand stays focused on its side of the problem. We can use it also to make other type of connection by just giving it another filter type to try and have happy eyeballing for QUIC: + +``` +* create connection for --http3-only https://curl.se +conn[curl.se] --> SETUP[QUIC] --> HAPPY-EYEBALLS --> NULL +* start connect +conn[curl.se] --> SETUP[QUIC] --> HAPPY-EYEBALLS --> NULL + - ballerv4 --> HTTP/3[151.101.1.91]:443 + - ballerv6 --> HTTP/3[2a04:4e42:c00::347]:443 +* v6 answers, connected +conn[curl.se] --> SETUP[QUIC] --> HAPPY-EYEBALLS --> HTTP/3[2a04:4e42:c00::347]:443 +* transfer +``` + +When we plug these two variants together, we get the `HTTPS-CONNECT` filter +type that is used for `--http3` when **both** HTTP/3 and HTTP/2 or HTTP/1.1 +shall be attempted: + +``` +* create connection for --http3 https://curl.se +conn[curl.se] --> HTTPS-CONNECT --> NULL +* start connect +conn[curl.se] --> HTTPS-CONNECT --> NULL + - SETUP[QUIC] --> HAPPY-EYEBALLS --> NULL + - ballerv4 --> HTTP/3[151.101.1.91]:443 + - ballerv6 --> HTTP/3[2a04:4e42:c00::347]:443 + - SETUP[TCP] --> HAPPY-EYEBALLS --> NULL + - ballerv4 --> TCP[151.101.1.91]:443 + - ballerv6 --> TCP[2a04:4e42:c00::347]:443 +* v4 QUIC answers, connected +conn[curl.se] --> HTTPS-CONNECT --> SETUP[QUIC] --> HAPPY-EYEBALLS --> HTTP/3[151.101.1.91]:443 +* transfer +``` -So we might add "easy filters" one day. Who knows? diff --git a/docs/CONTRIBUTE.md b/docs/CONTRIBUTE.md index 72d319001..29d98cf10 100644 --- a/docs/CONTRIBUTE.md +++ b/docs/CONTRIBUTE.md @@ -101,9 +101,9 @@ archive is quite OK as well. ### Documentation Writing docs is dead boring and one of the big problems with many open source -projects. But someone's gotta do it. It makes things a lot easier if you -submit a small description of your fix or your new features with every -contribution so that it can be swiftly added to the package documentation. +projects but someone's gotta do it. It makes things a lot easier if you submit +a small description of your fix or your new features with every contribution +so that it can be swiftly added to the package documentation. The documentation is always made in man pages (nroff formatted) or plain ASCII files. All HTML files on the website and in the release archives are @@ -116,7 +116,7 @@ features are working as they are supposed to. To maintain this situation and improve it, all new features and functions that are added need to be tested in the test suite. Every feature that is added should get at least one valid test case that verifies that it works as documented. If every submitter also -posts a few test cases, it will not end up as a heavy burden on a single person! +posts a few test cases, it will not end up as a heavy burden on a single person. If you do not have test cases or perhaps you have done something that is hard to write tests for, do explain exactly how you have otherwise tested and @@ -240,10 +240,10 @@ make sure that you have your own user and email setup correctly in git before you commit. Add whichever header lines as appropriate, with one line per person if more -than one person was involved. There is no need to credit yourself unless you are -using --author=... which hides your identity. Do not include people's e-mail -addresses in headers to avoid spam, unless they are already public from a -previous commit; saying `{userid} on github` is OK. +than one person was involved. There is no need to credit yourself unless you +are using --author=... which hides your identity. Do not include people's +email addresses in headers to avoid spam, unless they are already public from +a previous commit; saying `{userid} on github` is OK. ### Write Access to git Repository diff --git a/docs/CURLDOWN.md b/docs/CURLDOWN.md new file mode 100644 index 000000000..2e89eed6a --- /dev/null +++ b/docs/CURLDOWN.md @@ -0,0 +1,125 @@ +# curldown + +A markdown-like syntax for libcurl man pages. + +## Purpose + +A text format for writing libcurl documentation in the shape of man pages. + +Make it easier for users to contribute and write documentation. A format that +is easier on the eye in its source format. + +Make it harder to do syntactical mistakes. + +Use a format that allows creating man pages that end up looking exactly like +the man pages did when we wrote them in nroff format. + +Take advantage of the fact that people these days are accustomed to markdown +by using a markdown-like syntax. + +This allows us to fix issues in the nroff format easier since now we generate +them. For example: escaping minus to prevent them from being turned into +Unicode by man. + +Generate nroff output that looks (next to) *identical* to the previous files, +so that the look, existing test cases, HTML conversions, existing +infrastructure etc remain mostly intact. + +Contains meta-data in a structured way to allow better output (for example the +see also information) and general awareness of what the file is about. + +## File extension + +Since curldown looks similar to markdown, we use `.md` extensions on the +files. + +## Conversion + +Convert **from curldown to nroff** with `cd2nroff`. Generates nroff man pages. + +Convert **from nroff to curldown** with `nroff2cd`. This is only meant to be +used for the initial conversion to curldown and should ideally never be needed +again. + +Convert, check or clean up an existing curldown to nicer, better, cleaner +curldown with **cd2cd**. + +Mass-convert all curldown files to nroff in specified directories with +`cdall`: + + cdall [dir1] [dir2] [dir3] .. + +## Known issues + +The `cd2nroff` tool does not yet handle *italics* or **bold** where the start +and the end markers are used on separate lines. + +The `nroff2cd` tool generates code style quotes for all `.fi` sections since +the nroff format does not carry a distinction. + +# Format + +Each curldown starts with a header with meta-data: + + --- + c: Copyright (C) Daniel Stenberg, , et al. + SPDX-License-Identifier: curl + Title: CURLOPT_AWS_SIGV4 + Section: 3 + Source: libcurl + See-also: + - CURLOPT_HEADEROPT (3) + - CURLOPT_HTTPAUTH (3) + --- + +All curldown files *must* have all the headers present and at least one +`See-also:` entry specified. + +Following the header in the file, is the manual page using markdown-like +syntax: + +~~~ + # NAME + a page - this is a page descriving something + + # SYNOPSIS + ~~~c + #include + + CURLcode curl_easy_setopt(CURL *handle, CURLOPT_AWS_SIGV4, char *param); + ~~~ +~~~ + +Quoted source code should start with `~~~c` and end with `~~~` while regular +quotes can start with `~~~` or just be indented with 4 spaces. + +Headers at top-level `#` get converted to `.SH`. + +`nroff2cd` supports the `##` next level header which gets converted to `.IP`. + +Write bold words or phrases within `**` like: + + This is a **bold** word. + +Write italics like: + + This is *italics*. + +Due to how man pages do not support backticks especially formatted, such +occurrences in the source will instead just use italics in the generated +output: + + This `word` appears in italics. + +When generating the nroff output, the tooling will remove superfluous newlines, +meaning they can be used freely in the source file to make the text more +readable. + +All mentioned curl symbols that have their own man pages, like +`curl_easy_perform(3)` will automatically be rendered using italics in the +output without having to enclose it with asterisks. This helps ensuring that +they get converted to links properly later in the HTML version on the website, +as converted with `roffit`. This makes the curldown text easier to read even +when mentioning many curl symbols. + +This auto-linking works for patterns matching `(lib|)curl[^ ]*(3)`. diff --git a/docs/DEPRECATE.md b/docs/DEPRECATE.md index c932fadbc..fcbd92a31 100644 --- a/docs/DEPRECATE.md +++ b/docs/DEPRECATE.md @@ -6,6 +6,21 @@ email the as soon as possible and explain to us why this is a problem for you and how your use case cannot be satisfied properly using a workaround. +## NTLM_WB auth + +This NTLM authentication method is powered by a separate tool, +`ntlm_auth`. Barely anyone uses this method. It was always a quirky +implementation (including fork + exec), it has limited portability and we do +not test it in the test suite and CI. + +We keep the native NTLM implementation. + +Due to a mistake, the `NTLM_WB` functionality is missing in builds since 8.4.0 +(October 2023). It needs to be manually patched to work. See [PR +12479](https://github.com/curl/curl/pull/12479). + +curl will remove the support for NTLM_WB auth in April 2024. + ## space-separated `NOPROXY` patterns When specifying patterns/domain names for curl that should *not* go through a diff --git a/docs/EXPERIMENTAL.md b/docs/EXPERIMENTAL.md index 6b7145df6..de694013d 100644 --- a/docs/EXPERIMENTAL.md +++ b/docs/EXPERIMENTAL.md @@ -19,6 +19,6 @@ Experimental support in curl means: ## Experimental features right now - The Hyper HTTP backend - - HTTP/3 support and options + - HTTP/3 support (using the quiche or msh3 backends) - The rustls backend - WebSocket diff --git a/docs/FEATURES.md b/docs/FEATURES.md index 9f763d3a7..4a589e164 100644 --- a/docs/FEATURES.md +++ b/docs/FEATURES.md @@ -12,11 +12,11 @@ ## libcurl - - full URL syntax with no length limit + - URL RFC 3986 syntax - custom maximum download time - custom least download speed acceptable - custom output result after completion - - guesses protocol from host name unless specified + - guesses protocol from hostname unless specified - uses .netrc - progress bar with time statistics while downloading - "standard" proxy environment variables support @@ -82,8 +82,8 @@ - active/passive using PORT, EPRT, PASV or EPSV - single file size information (compare to HTTP HEAD) - 'type=' URL support - - dir listing - - dir listing names-only + - directory listing + - directory listing names-only - upload - upload append - upload via http-proxy as HTTP PUT @@ -94,7 +94,7 @@ - via HTTP proxy, HTTPS proxy or SOCKS proxy - all operations can be tunneled through proxy - customizable to retrieve file modification date - - no dir depth limit + - no directory depth limit ## FTPS (1) diff --git a/docs/GOVERNANCE.md b/docs/GOVERNANCE.md index dd09de456..0f7029e82 100644 --- a/docs/GOVERNANCE.md +++ b/docs/GOVERNANCE.md @@ -179,4 +179,4 @@ this. ### Stop being a maintainer If you (appear to) not be active in the project anymore, you may be removed as -a maintainer. Thank you for your service! +a maintainer. Thank you for your service. diff --git a/docs/HISTORY.md b/docs/HISTORY.md index f39c45ea1..d28217ca6 100644 --- a/docs/HISTORY.md +++ b/docs/HISTORY.md @@ -327,7 +327,7 @@ April: added the cyassl backend (later renamed to WolfSSL) January: the curl tool defaults to HTTP/2 for HTTPS URLs - December: curl 7.52.0 introduced support for HTTPS-proxy! + December: curl 7.52.0 introduced support for HTTPS-proxy First TLS 1.3 support diff --git a/docs/HSTS.md b/docs/HSTS.md index e54102493..5f0e62459 100644 --- a/docs/HSTS.md +++ b/docs/HSTS.md @@ -10,13 +10,13 @@ HTTP Strict-Transport-Security. Added as experimental in curl ## Behavior libcurl features an in-memory cache for HSTS hosts, so that subsequent -HTTP-only requests to a host name present in the cache will get internally +HTTP-only requests to a hostname present in the cache will get internally "redirected" to the HTTPS version. ## `curl_easy_setopt()` options: - `CURLOPT_HSTS_CTRL` - enable HSTS for this easy handle - - `CURLOPT_HSTS` - specify file name where to store the HSTS cache on close + - `CURLOPT_HSTS` - specify filename where to store the HSTS cache on close (and possibly read from at startup) ## curl command line options diff --git a/docs/HTTP-COOKIES.md b/docs/HTTP-COOKIES.md index d6fd87d20..a91e824d5 100644 --- a/docs/HTTP-COOKIES.md +++ b/docs/HTTP-COOKIES.md @@ -34,6 +34,25 @@ over plain HTTP for this host. curl does this to match how popular browsers work with secure cookies. +## Super cookies + + A single cookie can be set for a domain that matches multiple hosts. Like if + set for `example.com` it gets sent to both `aa.example.com` as well as + `bb.example.com`. + + A challenge with this concept is that there are certain domains for which + cookies should not be allowed at all, because they are *Public + Suffixes*. Similarly, a client never accepts cookies set directly for the + top-level domain like for example `.com`. Cookies set for *too broad* + domains are generally referred to as *super cookies*. + + If curl is built with PSL (**Public Suffix List**) support, it detects and + discards cookies that are specified for such suffix domains that should not + be allowed to have cookies. + + if curl is *not* built with PSL support, it has no ability to stop super + cookies. + ## Cookies saved to disk Netscape once created a file format for storing cookies on disk so that they diff --git a/docs/HTTP3.md b/docs/HTTP3.md index 41d757f05..851a0c468 100644 --- a/docs/HTTP3.md +++ b/docs/HTTP3.md @@ -9,18 +9,21 @@ book describing the protocols involved. ## QUIC libraries -QUIC libraries we are experimenting with: +QUIC libraries we are using: [ngtcp2](https://github.com/ngtcp2/ngtcp2) -[quiche](https://github.com/cloudflare/quiche) +[quiche](https://github.com/cloudflare/quiche) - **EXPERIMENTAL** -[msh3](https://github.com/nibanks/msh3) (with [msquic](https://github.com/microsoft/msquic)) +[OpenSSL 3.2+ QUIC](https://github.com/openssl/openssl) - **EXPERIMENTAL** + +[msh3](https://github.com/nibanks/msh3) (with [msquic](https://github.com/microsoft/msquic)) - **EXPERIMENTAL** ## Experimental -HTTP/3 and QUIC support in curl is considered **EXPERIMENTAL** until further -notice. It needs to be enabled at build-time. +HTTP/3 support in curl is considered **EXPERIMENTAL** until further notice +when built to use *quiche* or *msh3*. Only the *ngtcp2* backend is not +experimental. Further development and tweaking of the HTTP/3 support in curl will happen in the master branch using pull-requests, just like ordinary changes. @@ -28,22 +31,23 @@ the master branch using pull-requests, just like ordinary changes. To fix before we remove the experimental label: - the used QUIC library needs to consider itself non-beta - - it's fine to "leave" individual backends as experimental if necessary + - it is fine to "leave" individual backends as experimental if necessary # ngtcp2 version Building curl with ngtcp2 involves 3 components: `ngtcp2` itself, `nghttp3` and a QUIC supporting TLS library. The supported TLS libraries are covered below. -For now, `ngtcp2` and `nghttp3` are still *experimental* which means their evolution bring breaking changes. Therefore, the proper version of both libraries need to be used when building curl. These are + * `ngtcp2`: v1.2.0 + * `nghttp3`: v1.1.0 - * `ngtcp2`: v0.19.1 - * `nghttp3`: v0.15.0 +## Build with quictls -## Build with OpenSSL +OpenSSL does not offer the required APIs for building a QUIC client. You need +to use a TLS library that has such APIs and that works with *ngtcp2*. -Build (patched) OpenSSL +Build quictls - % git clone --depth 1 -b openssl-3.0.10+quic https://github.com/quictls/openssl + % git clone --depth 1 -b openssl-3.1.4+quic https://github.com/quictls/openssl % cd openssl % ./config enable-tls1_3 --prefix= % make @@ -52,7 +56,7 @@ Build (patched) OpenSSL Build nghttp3 % cd .. - % git clone -b v0.15.0 https://github.com/ngtcp2/nghttp3 + % git clone -b v1.1.0 https://github.com/ngtcp2/nghttp3 % cd nghttp3 % autoreconf -fi % ./configure --prefix= --enable-lib-only @@ -62,7 +66,7 @@ Build nghttp3 Build ngtcp2 % cd .. - % git clone -b v0.19.1 https://github.com/ngtcp2/ngtcp2 + % git clone -b v1.2.0 https://github.com/ngtcp2/ngtcp2 % cd ngtcp2 % autoreconf -fi % ./configure PKG_CONFIG_PATH=/lib/pkgconfig:/lib/pkgconfig LDFLAGS="-Wl,-rpath,/lib" --prefix= --enable-lib-only @@ -95,7 +99,7 @@ Build GnuTLS Build nghttp3 % cd .. - % git clone -b v0.15.0 https://github.com/ngtcp2/nghttp3 + % git clone -b v1.1.0 https://github.com/ngtcp2/nghttp3 % cd nghttp3 % autoreconf -fi % ./configure --prefix= --enable-lib-only @@ -105,7 +109,7 @@ Build nghttp3 Build ngtcp2 % cd .. - % git clone -b v0.19.1 https://github.com/ngtcp2/ngtcp2 + % git clone -b v1.2.0 https://github.com/ngtcp2/ngtcp2 % cd ngtcp2 % autoreconf -fi % ./configure PKG_CONFIG_PATH=/lib/pkgconfig:/lib/pkgconfig LDFLAGS="-Wl,-rpath,/lib" --prefix= --enable-lib-only --with-gnutls @@ -136,7 +140,7 @@ Build wolfSSL Build nghttp3 % cd .. - % git clone -b v0.15.0 https://github.com/ngtcp2/nghttp3 + % git clone -b v1.1.0 https://github.com/ngtcp2/nghttp3 % cd nghttp3 % autoreconf -fi % ./configure --prefix= --enable-lib-only @@ -146,7 +150,7 @@ Build nghttp3 Build ngtcp2 % cd .. - % git clone -b v0.19.1 https://github.com/ngtcp2/ngtcp2 + % git clone -b v1.2.0 https://github.com/ngtcp2/ngtcp2 % cd ngtcp2 % autoreconf -fi % ./configure PKG_CONFIG_PATH=/lib/pkgconfig:/lib/pkgconfig LDFLAGS="-Wl,-rpath,/lib" --prefix= --enable-lib-only --with-wolfssl @@ -165,13 +169,15 @@ Build curl # quiche version +quiche support is **EXPERIMENTAL** + Since the quiche build manages its dependencies, curl can be built against the latest version. You are *probably* able to build against their main branch, but in case of problems, we recommend their latest release tag. ## build Build quiche and BoringSSL: - % git clone --recursive https://github.com/cloudflare/quiche + % git clone --recursive -b 0.20.0 https://github.com/cloudflare/quiche % cd quiche % cargo build --package quiche --release --features ffi,pkg-config-meta,qlog % mkdir quiche/deps/boringssl/src/lib @@ -189,12 +195,48 @@ Build curl: If `make install` results in `Permission denied` error, you will need to prepend it with `sudo`. +# OpenSSL version + +quiche QUIC support is **EXPERIMENTAL** + +Build OpenSSL 3.2.0 + + % cd .. + % git clone -b openssl-3.2.0 https://github.com/openssl/openssl + % cd openssl + % ./config enable-tls1_3 --prefix= --libdir=/lib + % make install + +Build nghttp3 + + % cd .. + % git clone -b v1.1.0 https://github.com/ngtcp2/nghttp3 + % cd nghttp3 + % autoreconf -fi + % ./configure --prefix= --enable-lib-only + % make + % make install + +Build curl: + + % cd .. + % git clone https://github.com/curl/curl + % cd curl + % autoreconf -fi + % ./configure --with-openssl= --with-openssl-quic --with-nghttp3= + % make + % make install + + If `make install` results in `Permission denied` error, you will need to prepend it with `sudo`. + # msh3 (msquic) version **Note**: The msquic HTTP/3 backend is immature and is not properly functional one as of September 2023. Feel free to help us test it and improve it, but there is no point in filing bugs about it just yet. +msh3 support is **EXPERIMENTAL** + ## Build Linux (with quictls fork of OpenSSL) Build msh3: @@ -299,9 +341,9 @@ handshake or time out. Note that all this happens in addition to IP version happy eyeballing. If the name resolution for the server gives more than one IP address, curl will try -all those until one succeeds - just as with all other protocols. And if those -IP addresses contain both IPv6 and IPv4, those attempts will happen, delayed, -in parallel (the actual eyeballing). +all those until one succeeds - just as with all other protocols. If those IP +addresses contain both IPv6 and IPv4, those attempts will happen, delayed, in +parallel (the actual eyeballing). ## Known Bugs diff --git a/docs/HYPER.md b/docs/HYPER.md index 1c3b0dded..9932c1bbf 100644 --- a/docs/HYPER.md +++ b/docs/HYPER.md @@ -57,6 +57,10 @@ The hyper backend does not support - leading whitespace in first HTTP/1 response header - HTTP/0.9 - HTTP/2 upgrade using HTTP:// URLs. Aka 'h2c' +- HTTP/2 in general. Hyper has support for HTTP/2 but the curl side + needs changes so that a `hyper_clientconn` can last for the duration + of a connection. Probably this means turning the Hyper HTTP/2 backend + into a connection filter. ## Remaining issues diff --git a/docs/INSTALL-CMAKE.md b/docs/INSTALL-CMAKE.md new file mode 100644 index 000000000..6dad38740 --- /dev/null +++ b/docs/INSTALL-CMAKE.md @@ -0,0 +1,133 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + + How To Compile with CMake + +# Building with CMake + +This document describes how to configure, build and install curl and libcurl +from source code using the CMake build tool. To build with CMake, you will +of course have to first install CMake. The minimum required version of CMake +is specified in the file `CMakeLists.txt` found in the top of the curl +source tree. Once the correct version of CMake is installed you can follow +the instructions below for the platform you are building on. + +CMake builds can be configured either from the command line, or from one of +CMake's GUIs. + +# Current flaws in the curl CMake build + +Missing features in the CMake build: + + - Builds libcurl without large file support + - Does not support all SSL libraries (only OpenSSL, Schannel, Secure + Transport, and mbedTLS, WolfSSL) + - Does not allow different resolver backends (no c-ares build support) + - No RTMP support built + - Does not allow build curl and libcurl debug enabled + - Does not allow a custom CA bundle path + - Does not allow you to disable specific protocols from the build + - Does not find or use krb4 or GSS + - Rebuilds test files too eagerly, but still cannot run the tests + - Does not detect the correct `strerror_r` flavor when cross-compiling + (issue #1123) + +# Configuring + +A CMake configuration of curl is similar to the autotools build of curl. +It consists of the following steps after you have unpacked the source. + +## Using `cmake` + +You can configure for in source tree builds or for a build tree +that is apart from the source tree. + + - Build in the source tree. + + $ cmake -B . + + - Build in a separate directory (parallel to the curl source tree in this + example). The build directory will be created for you. + + $ cmake -B ../curl-build + +### Fallback for CMake before version 3.13 + +CMake before version 3.13 does not support the `-B` option. In that case, +you must create the build directory yourself, `cd` to it and run `cmake` +from there: + + $ mkdir ../curl-build + $ cd ../curl-build + $ cmake ../curl + +If you want to build in the source tree, it is enough to do this: + + $ cmake . + +## Using `ccmake` + +CMake comes with a curses based interface called `ccmake`. To run `ccmake` +on a curl use the instructions for the command line cmake, but substitute +`ccmake` for `cmake`. + +This will bring up a curses interface with instructions on the bottom of the +screen. You can press the "c" key to configure the project, and the "g" key +to generate the project. After the project is generated, you can run make. + +## Using `cmake-gui` + +CMake also comes with a Qt based GUI called `cmake-gui`. To configure with +`cmake-gui`, you run `cmake-gui` and follow these steps: + + 1. Fill in the "Where is the source code" combo box with the path to + the curl source tree. + 2. Fill in the "Where to build the binaries" combo box with the path to + the directory for your build tree, ideally this should not be the same + as the source tree, but a parallel directory called curl-build or + something similar. + 3. Once the source and binary directories are specified, press the + "Configure" button. + 4. Select the native build tool that you want to use. + 5. At this point you can change any of the options presented in the GUI. + Once you have selected all the options you want, click the "Generate" + button. + +# Building + +Build (you have to specify the build directory). + + $ cmake --build ../curl-build + +### Fallback for CMake before version 3.13 + +CMake before version 3.13 does not support the `--build` option. In that +case, you have to `cd` to the build directory and use the building tool that +corresponds to the build files that CMake generated for you. This example +assumes that CMake generates `Makefile`: + + $ cd ../curl-build + $ make + +# Testing + +(The test suite does not yet work with the cmake build) + +# Installing + +Install to default location (you have to specify the build directory). + + $ cmake --install ../curl-build + +### Fallback for CMake before version 3.15 + +CMake before version 3.15 does not support the `--install` option. In that +case, you have to `cd` to the build directory and use the building tool that +corresponds to the build files that CMake generated for you. This example +assumes that CMake generates `Makefile`: + + $ cd ../curl-build + $ make install diff --git a/docs/INSTALL.cmake b/docs/INSTALL.cmake deleted file mode 100644 index 4e7f706a9..000000000 --- a/docs/INSTALL.cmake +++ /dev/null @@ -1,89 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - How To Compile with CMake - -Building with CMake -========================== - This document describes how to compile, build and install curl and libcurl - from source code using the CMake build tool. To build with CMake, you will - of course have to first install CMake. The minimum required version of - CMake is specified in the file CMakeLists.txt found in the top of the curl - source tree. Once the correct version of CMake is installed you can follow - the instructions below for the platform you are building on. - - CMake builds can be configured either from the command line, or from one - of CMake's GUI's. - -Current flaws in the curl CMake build -===================================== - - Missing features in the cmake build: - - - Builds libcurl without large file support - - Does not support all SSL libraries (only OpenSSL, Schannel, - Secure Transport, and mbedTLS, WolfSSL) - - Does not allow different resolver backends (no c-ares build support) - - No RTMP support built - - Does not allow build curl and libcurl debug enabled - - Does not allow a custom CA bundle path - - Does not allow you to disable specific protocols from the build - - Does not find or use krb4 or GSS - - Rebuilds test files too eagerly, but still cannot run the tests - - Does not detect the correct strerror_r flavor when cross-compiling (issue #1123) - - -Command Line CMake -================== - A CMake build of curl is similar to the autotools build of curl. It - consists of the following steps after you have unpacked the source. - - 1. Create an out of source build tree parallel to the curl source - tree and change into that directory - - $ mkdir curl-build - $ cd curl-build - - 2. Run CMake from the build tree, giving it the path to the top of - the curl source tree. CMake will pick a compiler for you. If you - want to specify the compile, you can set the CC environment - variable prior to running CMake. - - $ cmake ../curl - $ make - - 3. Install to default location: - - $ make install - - (The test suite does not work with the cmake build) - -ccmake -========= - CMake comes with a curses based interface called ccmake. To run ccmake on - a curl use the instructions for the command line cmake, but substitute - ccmake ../curl for cmake ../curl. This will bring up a curses interface - with instructions on the bottom of the screen. You can press the "c" key - to configure the project, and the "g" key to generate the project. After - the project is generated, you can run make. - -cmake-gui -========= - CMake also comes with a Qt based GUI called cmake-gui. To configure with - cmake-gui, you run cmake-gui and follow these steps: - 1. Fill in the "Where is the source code" combo box with the path to - the curl source tree. - 2. Fill in the "Where to build the binaries" combo box with the path - to the directory for your build tree, ideally this should not be the - same as the source tree, but a parallel directory called curl-build or - something similar. - 3. Once the source and binary directories are specified, press the - "Configure" button. - 4. Select the native build tool that you want to use. - 5. At this point you can change any of the options presented in the - GUI. Once you have selected all the options you want, click the - "Generate" button. - 6. Run the native build tool that you used CMake to generate. diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 7e3a2698d..336d654e0 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -123,8 +123,8 @@ If you are a curl developer and use gcc, you might want to enable more debug options with the `--enable-debug` option. curl can be built to use a whole range of libraries to provide various useful -services, and configure will try to auto-detect a decent default. But if you -want to alter it, you can select how to deal with each individual library. +services, and configure will try to auto-detect a decent default. If you want +to alter it, you can select how to deal with each individual library. ## Select TLS backend @@ -146,7 +146,7 @@ you cannot add another OpenSSL fork (or wolfSSL) simply because they have conflicting identical symbol names. When you build with multiple TLS backends, you can select the active one at -run-time when curl starts up. +runtime when curl starts up. ## configure finding libs in wrong directory @@ -162,6 +162,8 @@ library check. # Windows +Building for Windows XP is required as a minimum. + ## Building Windows DLLs and C runtime (CRT) linkage issues As a general rule, building a DLL with static CRT linkage is highly @@ -172,8 +174,8 @@ library check. KB140584 is a must for any Windows developer. Especially important is full understanding if you are not going to follow the advice given above. - - [How To Use the C Run-Time](https://support.microsoft.com/help/94248/how-to-use-the-c-run-time) - - [Run-Time Library Compiler Options](https://docs.microsoft.com/cpp/build/reference/md-mt-ld-use-run-time-library) + - [How To Use the C Runtime](https://support.microsoft.com/help/94248/how-to-use-the-c-run-time) + - [Runtime Library Compiler Options](https://docs.microsoft.com/cpp/build/reference/md-mt-ld-use-run-time-library) - [Potential Errors Passing CRT Objects Across DLL Boundaries](https://docs.microsoft.com/cpp/c-runtime-library/potential-errors-passing-crt-objects-across-dll-boundaries) If your app is misbehaving in some strange way, or it is suffering from memory @@ -183,54 +185,6 @@ multi-threaded dynamic C runtime. If you get linkage errors read section 5.7 of the FAQ document. -## mingw-w64 - -Make sure that mingw-w64's bin directory is in the search path, for example: - -```cmd -set PATH=c:\mingw-w64\bin;%PATH% -``` - -then run `mingw32-make mingw32` in the root dir. There are other -make targets available to build libcurl with more features, use: - - - `mingw32-make mingw32-zlib` to build with Zlib support; - - `mingw32-make mingw32-ssl-zlib` to build with SSL and Zlib enabled; - - `mingw32-make mingw32-ssh2-ssl-zlib` to build with SSH2, SSL, Zlib; - - `mingw32-make mingw32-ssh2-ssl-sspi-zlib` to build with SSH2, SSL, Zlib - and SSPI support. - -If you have any problems linking libraries or finding header files, be sure -to verify that the provided `Makefile.mk` files use the proper paths, and -adjust as necessary. It is also possible to override these paths with -environment variables, for example: - -```cmd -set ZLIB_PATH=c:\zlib-1.2.12 -set OPENSSL_PATH=c:\openssl-3.0.5 -set LIBSSH2_PATH=c:\libssh2-1.10.0 -``` - -It is also possible to build with other LDAP installations than MS LDAP; -currently it is possible to build with native Win32 OpenLDAP, or with the -*Novell CLDAP* SDK. If you want to use these you need to set these vars: - -```cmd -set CPPFLAGS=-Ic:/openldap/include -DCURL_HAS_OPENLDAP_LDAPSDK -set LDFLAGS=-Lc:/openldap/lib -set LIBS=-lldap -llber -``` - -or for using the Novell SDK: - -```cmd -set CPPFLAGS=-Ic:/openldapsdk/inc -DCURL_HAS_NOVELL_LDAPSDK -set LDFLAGS=-Lc:/openldapsdk/lib/mscvc -set LIBS=-lldapsdk -lldapssl -lldapx -``` - -If you want to enable LDAPS support then append `-ldaps` to the make target. - ## Cygwin Almost identical to the Unix installation. Run the configure script in the @@ -386,14 +340,14 @@ In all above, the built libraries and executables can be found in the # Android -When building curl for Android it's recommended to use a Linux/macOS environment -since using curl's `configure` script is the easiest way to build curl -for Android. Before you can build curl for Android, you need to install the -Android NDK first. This can be done using the SDK Manager that is part of -Android Studio. Once you have installed the Android NDK, you need to figure out -where it has been installed and then set up some environment variables before -launching `configure`. On macOS, those variables could look like this to compile -for `aarch64` and API level 29: +When building curl for Android it is recommended to use a Linux/macOS +environment since using curl's `configure` script is the easiest way to build +curl for Android. Before you can build curl for Android, you need to install +the Android NDK first. This can be done using the SDK Manager that is part of +Android Studio. Once you have installed the Android NDK, you need to figure +out where it has been installed and then set up some environment variables +before launching `configure`. On macOS, those variables could look like this +to compile for `aarch64` and API level 29: ```bash export ANDROID_NDK_HOME=~/Library/Android/sdk/ndk/25.1.8937393 # Point into your NDK. @@ -413,13 +367,13 @@ to adjust those variables accordingly. After that you can build curl like this: ./configure --host aarch64-linux-android --with-pic --disable-shared -Note that this will not give you SSL/TLS support. If you need SSL/TLS, you have -to build curl against a SSL/TLS layer, e.g. OpenSSL, because it's impossible for -curl to access Android's native SSL/TLS layer. To build curl for Android using -OpenSSL, follow the OpenSSL build instructions and then install `libssl.a` and -`libcrypto.a` to `$TOOLCHAIN/sysroot/usr/lib` and copy `include/openssl` to -`$TOOLCHAIN/sysroot/usr/include`. Now you can build curl for Android using -OpenSSL like this: +Note that this will not give you SSL/TLS support. If you need SSL/TLS, you +have to build curl against a SSL/TLS layer, e.g. OpenSSL, because it is +impossible for curl to access Android's native SSL/TLS layer. To build curl +for Android using OpenSSL, follow the OpenSSL build instructions and then +install `libssl.a` and `libcrypto.a` to `$TOOLCHAIN/sysroot/usr/lib` and copy +`include/openssl` to `$TOOLCHAIN/sysroot/usr/include`. Now you can build curl +for Android using OpenSSL like this: ```bash LIBS="-lssl -lcrypto -lc++" # For OpenSSL/BoringSSL. In general, you will need to the SSL/TLS layer's transitive dependencies if you are linking statically. @@ -524,7 +478,12 @@ disabling support for some feature: - `--disable-alt-svc` (HTTP Alt-Svc) - `--disable-ares` (the C-ARES DNS library) - `--disable-cookies` (HTTP cookies) - - `--disable-crypto-auth` (cryptographic authentication) + - `--disable-basic-auth` (cryptographic authentication) + - `--disable-bearer-auth` (cryptographic authentication) + - `--disable-digest-auth` (cryptographic authentication) + - `--disable-kerberos-auth` (cryptographic authentication) + - `--disable-negotiate-auth` (cryptographic authentication) + - `--disable-aws` (cryptographic authentication) - `--disable-dateparse` (date parsing for time conditionals) - `--disable-dnsshuffle` (internal server load spreading) - `--disable-doh` (DNS-over-HTTP) @@ -589,29 +548,29 @@ that are not automatically detected: - `--disable-libcurl-option` !`--libcurl` - `--disable-verbose` !verbose\ logs -# PORTS +# Ports This is a probably incomplete list of known CPU architectures and operating systems that curl has been compiled for. If you know a system curl compiles and runs on, that is not listed, please let us know! -## 92 Operating Systems +## 101 Operating Systems - AIX, AmigaOS, Android, Aros, BeOS, Blackberry 10, Blackberry Tablet OS, - Cell OS, Chrome OS, Cisco IOS, Cygwin, DG/UX, Dragonfly BSD, DR DOS, eCOS, - FreeBSD, FreeDOS, FreeRTOS, Fuchsia, Garmin OS, Genode, Haiku, HardenedBSD, - HP-UX, Hurd, Illumos, Integrity, iOS, ipadOS, IRIX, Linux, Lua RTOS, - Mac OS 9, macOS, Mbed, Micrium, MINIX, MorphOS, MPE/iX, MS-DOS, NCR MP-RAS, - NetBSD, Netware, Nintendo Switch, NonStop OS, NuttX, Omni OS, OpenBSD, - OpenStep, Orbis OS, OS/2, OS/400, OS21, Plan 9, PlayStation Portable, QNX, - Qubes OS, ReactOS, Redox, RICS OS, RTEMS, Sailfish OS, SCO Unix, Serenity, - SINIX-Z, Solaris, SunOS, Syllable OS, Symbian, Tizen, TPF, Tru64, tvOS, - ucLinux, Ultrix, UNICOS, UnixWare, VMS, vxWorks, watchOS, WebOS, - Wii system software, Windows, Windows CE, Xbox System, Xenix, Zephyr, - z/OS, z/TPF, z/VM, z/VSE + AIX, AmigaOS, Android, ArcoOS, Aros, Atari FreeMiNT, BeOS, Blackberry 10, + Blackberry Tablet OS, Cell OS, CheriBSD, Chrome OS, Cisco IOS, DG/UX, + Dragonfly BSD, DR DOS, eCOS, FreeBSD, FreeDOS, FreeRTOS, Fuchsia, Garmin OS, + Genode, Haiku, HardenedBSD, HP-UX, Hurd, Illumos, Integrity, iOS, ipadOS, IRIX, + Linux, Lua RTOS, Mac OS 9, macOS, Mbed, Meego, Micrium, MINIX, Moblin, MorphOS, + MPE/iX, MS-DOS, NCR MP-RAS, NetBSD, Netware, NextStep, Nintendo Switch, + NonStop OS, NuttX, OpenBSD, OpenStep, Orbis OS, OS/2, OS/400, OS21, Plan 9, + PlayStation Portable, QNX, Qubes OS, ReactOS, Redox, RICS OS, ROS, RTEMS, + Sailfish OS, SCO Unix, Serenity, SINIX-Z, SkyOS, Solaris, Sortix, SunOS, + Syllable OS, Symbian, Tizen, TPF, Tru64, tvOS, ucLinux, Ultrix, UNICOS, + UnixWare, VMS, vxWorks, watchOS, Wear OS, WebOS, Wii system software, Wii U, + Windows, Windows CE, Xbox System, Xenix, Zephyr, z/OS, z/TPF, z/VM, z/VSE -## 26 CPU Architectures +## 28 CPU Architectures - Alpha, ARC, ARM, AVR32, CompactRISC, Elbrus, ETRAX, HP-PA, Itanium, + Alpha, ARC, ARM, AVR32, C-SKY, CompactRISC, Elbrus, ETRAX, HP-PA, Itanium, LoongArch, m68k, m88k, MicroBlaze, MIPS, Nios, OpenRISC, POWER, PowerPC, - RISC-V, s390, SH4, SPARC, Tilera, VAX, x86, Xtensa + RISC-V, s390, SH4, SPARC, Tilera, VAX, x86, Xtensa, z/arch diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS index 395426b4d..f91ff63bb 100644 --- a/docs/KNOWN_BUGS +++ b/docs/KNOWN_BUGS @@ -12,7 +12,6 @@ check the changelog of the current development status, as one or more of these problems may have been fixed or changed somewhat since this was written. 1. HTTP - 1.1 hyper memory-leaks 1.2 hyper is slow 1.5 Expect-100 meets 417 @@ -93,7 +92,6 @@ problems may have been fixed or changed somewhat since this was written. 15.1 cmake outputs: no version information available 15.2 support build with GnuTLS 15.3 unusable tool_hugehelp.c with MinGW - 15.4 build docs/curl.1 15.6 uses -lpthread instead of Threads::Threads 15.7 generated .pc file contains strange entries 15.8 libcurl.pc uses absolute library paths @@ -102,10 +100,6 @@ problems may have been fixed or changed somewhat since this was written. 16. aws-sigv4 16.1 aws-sigv4 does not sign requests with * correctly - 16.2 aws-sigv4 does not sign requests with valueless queries correctly - 16.3 aws-sigv4 is missing the amz-content-sha256 header - 16.4 aws-sigv4 does not sort query string parameters before signing - 16.5 aws-sigv4 does not sign requests with empty URL query correctly 16.6 aws-sigv4 does not behave well with AWS VPC Lattice 17. HTTP/2 @@ -115,6 +109,9 @@ problems may have been fixed or changed somewhat since this was written. 18. HTTP/3 18.1 connection migration does not work + 19. RTSP + 19.1 Some methods do not support response bodies + ============================================================================== 1. HTTP @@ -530,12 +527,6 @@ problems may have been fixed or changed somewhat since this was written. see https://github.com/curl/curl/issues/3125 -15.4 build docs/curl.1 - - The cmake build does not create the docs/curl.1 file and therefore must rely on - it being there already. This makes the --manual option not work and test - cases like 1139 cannot function. - 15.6 uses -lpthread instead of Threads::Threads See https://github.com/curl/curl/issues/6166 @@ -579,22 +570,6 @@ problems may have been fixed or changed somewhat since this was written. https://github.com/curl/curl/issues/7559 -16.2 aws-sigv4 does not sign requests with valueless queries correctly - - https://github.com/curl/curl/issues/8107 - -16.3 aws-sigv4 is missing the amz-content-sha256 header - - https://github.com/curl/curl/issues/8810 - -16.4 aws-sigv4 does not sort query string parameters before signing - - https://github.com/curl/curl/issues/9717 - -16.5 aws-sigv4 does not sign requests with empty URL query correctly - - https://github.com/curl/curl/issues/10129 - 16.6 aws-sigv4 does not behave well with AWS VPC Lattice https://github.com/curl/curl/issues/11007 @@ -623,3 +598,13 @@ problems may have been fixed or changed somewhat since this was written. 18.1 connection migration does not work https://github.com/curl/curl/issues/7695 + +19. RTSP + +19.1 Some methods do not support response bodies + + The RTSP implementation is written to assume that a number of RTSP methods + will always get responses without bodies, even though there seems to be no + indication in the RFC that this is always the case. + + https://github.com/curl/curl/issues/12414 diff --git a/docs/Makefile.am b/docs/Makefile.am index 5454e8330..fbe94c40e 100644 --- a/docs/Makefile.am +++ b/docs/Makefile.am @@ -26,24 +26,21 @@ AUTOMAKE_OPTIONS = foreign no-dependencies # EXTRA_DIST breaks with $(abs_builddir) so build it using this variable # but distribute it (using the relative file name) in the next variable -man_MANS = $(abs_builddir)/curl.1 +man_MANS = $(abs_builddir)/curl.1 mk-ca-bundle.1 noinst_man_MANS = curl.1 mk-ca-bundle.1 dist_man_MANS = curl-config.1 -GENHTMLPAGES = curl.html curl-config.html mk-ca-bundle.html -PDFPAGES = curl.pdf curl-config.pdf mk-ca-bundle.pdf -MANDISTPAGES = curl.1.dist curl-config.1.dist - -HTMLPAGES = $(GENHTMLPAGES) +CURLPAGES = curl-config.md mk-ca-bundle.md # Build targets in this file (.) before cmdline-opts to ensure that # the curl.1 rule below runs first -SUBDIRS = . cmdline-opts -DIST_SUBDIRS = $(SUBDIRS) examples libcurl +SUBDIRS = . cmdline-opts libcurl +DIST_SUBDIRS = $(SUBDIRS) examples -CLEANFILES = $(GENHTMLPAGES) $(PDFPAGES) $(MANDISTPAGES) curl.1 +CLEANFILES = $(man_MANS) curl.1 curl-config.1 mk-ca-bundle.1 +nodist_MANS = $(CLEANFILES) EXTRA_DIST = \ - $(noinst_man_MANS) \ + $(CURLPAGES) \ ALTSVC.md \ BINDINGS.md \ BUFREF.md \ @@ -55,9 +52,11 @@ EXTRA_DIST = \ CODE_OF_CONDUCT.md \ CODE_REVIEW.md \ CODE_STYLE.md \ + CLIENT-WRITERS.md \ CONNECTION-FILTERS.md \ CONTRIBUTE.md \ CURL-DISABLE.md \ + CURLDOWN.md \ DEPRECATE.md \ DYNBUF.md \ EARLY-RELEASE.md \ @@ -73,7 +72,7 @@ EXTRA_DIST = \ HTTP3.md \ HYPER.md \ INSTALL \ - INSTALL.cmake \ + INSTALL-CMAKE.md \ INSTALL.md \ INTERNALS.md \ KNOWN_BUGS \ @@ -97,9 +96,14 @@ EXTRA_DIST = \ VULN-DISCLOSURE-POLICY.md \ WEBSOCKET.md -MAN2HTML= roffit $< >$@ +CD2NROFF = $(top_srcdir)/scripts/cd2nroff $< >$@ + +CD2 = $(CD2_$(V)) +CD2_0 = @echo " RENDER " $@; +CD2_1 = +CD2_ = $(CD2_0) -SUFFIXES = .1 .html .pdf +SUFFIXES = .1 .md # $(abs_builddir) is to disable VPATH when searching for this file, which # would otherwise find the copy in $(srcdir) which breaks the $(HUGE) @@ -111,24 +115,14 @@ SUFFIXES = .1 .html .pdf # have changed. $(abs_builddir)/curl.1: if test "$(top_builddir)x" != "$(top_srcdir)x" -a -e "$(srcdir)/curl.1"; then \ - $(INSTALL_DATA) "$(srcdir)/curl.1" $@; fi + $(INSTALL_DATA) "$(srcdir)/curl.1" $@ \ + && touch -r "$(srcdir)/curl.1" $@; fi cd cmdline-opts && $(MAKE) -html: $(HTMLPAGES) - cd libcurl && $(MAKE) html - -pdf: $(PDFPAGES) - cd libcurl && $(MAKE) pdf - -.1.html: - $(MAN2HTML) +.md.1: + $(CD2)$(CD2NROFF) -.1.pdf: - @(foo=`echo $@ | sed -e 's/\.[0-9]$$//g'`; \ - groff -Tps -man $< >$$foo.ps; \ - ps2pdf $$foo.ps $@; \ - rm $$foo.ps; \ - echo "converted $< to $@") +curl-config.1: curl-config.md distclean: rm -f $(CLEANFILES) diff --git a/docs/NEW-PROTOCOL.md b/docs/NEW-PROTOCOL.md index a8b227d3c..223815b6d 100644 --- a/docs/NEW-PROTOCOL.md +++ b/docs/NEW-PROTOCOL.md @@ -7,7 +7,7 @@ protocols and it is the Internet transfer machine for the world. In the curl project we love protocols and we love supporting many protocols and doing it well. -So how do you proceed to add a new protocol and what are the requirements? +How do you proceed to add a new protocol and what are the requirements? ## No fixed set of requirements diff --git a/docs/PARALLEL-TRANSFERS.md b/docs/PARALLEL-TRANSFERS.md index 337fab5fa..03ceb8f82 100644 --- a/docs/PARALLEL-TRANSFERS.md +++ b/docs/PARALLEL-TRANSFERS.md @@ -38,9 +38,9 @@ Example: ## Behavior differences Connections are shared fine between different easy handles, but the -"authentication contexts" are not. So for example doing HTTP Digest auth with -one handle for a particular transfer and then continue on with another handle -that reuses the same connection, the second handle cannot send the necessary +"authentication contexts" are not. For example doing HTTP Digest auth with one +handle for a particular transfer and then continue on with another handle that +reuses the same connection, the second handle cannot send the necessary Authorization header at once since the context is only kept in the original easy handle. diff --git a/docs/SECURITY-ADVISORY.md b/docs/SECURITY-ADVISORY.md index 0ddc38b90..6344d2222 100644 --- a/docs/SECURITY-ADVISORY.md +++ b/docs/SECURITY-ADVISORY.md @@ -35,7 +35,7 @@ The eleven fields for each CVE in `vuln.pm` are, in order: ### `Makefile` -The new CVE web page file name needs to be added in the `Makefile`'s `CVELIST` +The new CVE webpage filename needs to be added in the `Makefile`'s `CVELIST` macro. When the markdown is in place and the `Makefile` and `vuln.pm` are updated, diff --git a/docs/SSLCERTS.md b/docs/SSLCERTS.md index 4094e2fec..7087e1eaf 100644 --- a/docs/SSLCERTS.md +++ b/docs/SSLCERTS.md @@ -103,9 +103,9 @@ server, do one of the following: certificate store or use it stand-alone as described. Just remember that the security is no better than the way you obtained the certificate. - 4. If you are using the curl command line tool, you can specify your own CA - cert file by setting the environment variable `CURL_CA_BUNDLE` to the path - of your choice. + 4. If you are using the curl command line tool and the TLS backend is not + Schannel then you can specify your own CA cert file by setting the + environment variable `CURL_CA_BUNDLE` to the path of your choice. If you are using the curl command line tool on Windows, curl will search for a CA cert file named "curl-ca-bundle.crt" in these directories and in @@ -116,10 +116,10 @@ server, do one of the following: 4. Windows Directory (e.g. C:\windows) 5. all directories along %PATH% - 5. Get a better/different/newer CA cert bundle! One option is to extract the - one a recent Firefox browser uses by running 'make ca-bundle' in the curl - build tree root, or possibly download a version that was generated this - way for you: [CA Extract](https://curl.se/docs/caextract.html) + 5. Get another CA cert bundle. One option is to extract the one a recent + Firefox browser uses by running 'make ca-bundle' in the curl build tree + root, or possibly download a version that was generated this way for you: + [CA Extract](https://curl.se/docs/caextract.html) Neglecting to use one of the above methods when dealing with a server using a certificate that is not signed by one of the certificates in the installed CA diff --git a/docs/THANKS b/docs/THANKS index 0bf9474a4..eee2ec51a 100644 --- a/docs/THANKS +++ b/docs/THANKS @@ -71,6 +71,7 @@ Alessandro Vesely Alex aka WindEagle Alex Baines Alex Bligh +Alex Bozarth Alex Chan Alex Crichton Alex Fishman @@ -78,6 +79,7 @@ Alex Gaynor Alex Grebenschikov Alex Gruz Alex Kiernan +Alex Klyubin Alex Konev Alex Malinovich Alex Mayorga @@ -90,6 +92,7 @@ Alex Samorukov Alex Suykov Alex Vinnik Alex Xu +Alexander Bartel Alexander Beedie Alexander Chuykov Alexander Dyagilev @@ -111,6 +114,7 @@ Alexandre Ferrieux Alexandre Pion Alexey Borzov Alexey Eremikhin +Alexey Larikov Alexey Melnichuk Alexey Pesternikov Alexey Savchuk @@ -130,6 +134,7 @@ Alona Rossen Amaury Denoyelle amishmm on github Amit Katyal +Ammar Faizi Amol Pattekar Amr Shahin Anatol Belski @@ -202,6 +207,7 @@ Andy Stamp Andy Tsouladze Angus Mackay anio on github +annalee anon00000000 on github anshnd on github Anssi Kolehmainen @@ -227,6 +233,7 @@ Antoni Villalonga Antonio Larrosa Antony74 on github Antti Hätälä +Anubhav Rai apparentorder on github April King arainchik on github @@ -285,6 +292,7 @@ Basuke Suzuki baumanj on github bdry on github beckenc on github +Ben Ben Boeckel Ben Darnell Ben Fritz @@ -349,6 +357,7 @@ Bob Schader bobmitchell1956 on github Bodo Bergmann Bogdan Nicula +boilingoden Boris Kuschel Boris Okunskiy Boris Rasin @@ -367,6 +376,7 @@ Brandon Dong Brandon Wang BratSinot on github Brendan Jurd +Brennan Kinney Brent Beardsley Brian Akins Brian Bergeron @@ -398,11 +408,13 @@ Bryan Henderson Bryan Kemp bsammon on github bsergean on github +bubbleguuum on github Bubu on github buzo-ffm on github bxac on github Bylon2 on github Byrial Jensen +Cajus Pollmeier Caleb Raitto Calvin Buckley calvin2021y on github @@ -422,6 +434,7 @@ Carlo Cannas Carlo Marcelo Arenas Belón Carlo Teubner Carlo Wood +Carlos Henrique Lima Melara Carlos ORyan Carsten Lange Casey Bodley @@ -434,9 +447,11 @@ Cering on github Cesar Eduardo Barros Chad Monroe Chandrakant Bagul +Chara White Charles Cazabon Charles Kerr Charles Romestant +Charlie C Chen Prog Cherish98 on github Chester Liu @@ -457,6 +472,7 @@ Chris Maltby Chris Mumford Chris Paulson-Ellis Chris Roberts +Chris Sauer Chris Smowton Chris Talbot Chris Young @@ -649,6 +665,7 @@ David Sanderson David Schweikert David Shaw David Strauss +David Suter David Tarendash David Thiel David Walser @@ -672,6 +689,7 @@ Denis Laxalde Denis Ollier Dennis Clarke Dennis Felsing +dependabot[bot] Derek Higgins Derzsi Dániel Desmond O. Chang @@ -780,6 +798,7 @@ Edward Sheldrake Edward Thomson Eelco Dolstra Eetu Ojanen +eeverettrbx on github Egon Eckert Egor Pugin Ehren Bendler @@ -806,8 +825,10 @@ Emiliano Ida Emilio Cobos Ãlvarez Emilio López Emmanuel Tychon +Enno Boland Enrico Scholz Enrik Berkhan +enWILLYado on github eppesuig Eramoto Masaya Eric Cooper @@ -868,6 +889,7 @@ Fabrice Fontaine Fabrizio Ammollo Fahim Chandurwala Faizur Rahman +Faraz Fallahi Farzin on github Fata Nugraha Fawad Mirza @@ -930,6 +952,7 @@ FuccDucc on github Fujii Hironori fullincome on github fundawang on github +Gabe Gabriel Corona Gabriel Kuri Gabriel Simmer @@ -1042,16 +1065,19 @@ Hannes Magnusson Hanno Böck Hanno Kranzhoff Hans Steegers +Hans-Christian Egtvedt Hans-Christian Noren Egtvedt Hans-Jurgen May Hao Wu Hardeep Singh Haris Okanovic Harold Stuart +Harry Mallon Harry Sarson Harry Sintonen Harshal Pradhan Hauke Duden +Haydar Alaidrus Hayden Roche He Qin Heikki Korpela @@ -1070,6 +1096,7 @@ Henry Ludemann Henry Roeland Herve Amblard HexTheDragon +hgdagon on github Hide Ishikawa Hidemoto Nakada highmtworks on github @@ -1103,6 +1130,9 @@ Ian Lynagh Ian Spence Ian Turner Ian Wilkes +iAroc on github +iconoclasthero +icy17 on github Ignacio Vazquez-Abrams Igor Franchuk Igor Khristophorov @@ -1139,6 +1169,7 @@ Ishan SinghLevett Ithubg on github Ivan Avdeev Ivan Tsybulin +ivanfywang IvanoG on github Ivo Bellin Salarin iz8mbw on github @@ -1198,6 +1229,7 @@ Jan Venekamp Jan Verbeek Jan-Piet Mens JanB on github +janko-js on github Janne Blomqvist Janne Johansson Jared Jennings @@ -1219,6 +1251,7 @@ Javier Navarro Javier Sixto Jay Austin Jay Dommaschk +Jay Wu Jayesh A Shah Jaz Fresh JazJas on github @@ -1273,12 +1306,14 @@ Jerry Krinock Jerry Wu Jes Badwal Jesper Jensen +Jess Lowe Jesse Chisholm Jesse Noller Jesse Tan jethrogb on github jhoyla on github Jie He +Jiehong on github Jilayne Lovejoy Jim Beveridge Jim Drash @@ -1467,10 +1502,12 @@ Kane York Kang Lin Kang-Jin Lee Kantanat Wannapaka +Kareem Kari Pahula Karl Chen Karl Moerder Karol Pietrzak +Kartatz on Github Karthikdasari0423 Karthikdasari0423 on github Kartik Mahajan @@ -1512,6 +1549,7 @@ Kim Minjoong Kim Rinnewitz Kim Vandry Kimmo Kinnunen +kirbyn17 on hackerone Kirill Efimov Kirill Marchuk Kjell Ericson @@ -1570,6 +1608,7 @@ Lars J. Aas Lars Johannesen Lars Nilsson Lars Torben Wilson +Lau Laurent Bonnans Laurent Dufresne Laurent Rabret @@ -1579,6 +1618,7 @@ Lawrence Gripper Lawrence Matthews Lawrence Wagerfield Leah Neukirchen +Lealem Amedie Leandro Coutinho Legoff Vincent Lehel Bernadt @@ -1602,6 +1642,7 @@ LigH-de on github lijian996 on github Lijo Antony lilongyan-huawei on github +Lin Sun Linas Vepstas Lindley French Ling Thio @@ -1615,15 +1656,18 @@ Litter White Liviu Chircu Liza Alenchery lizhuang0630 on github +lkordos on github lllaffer on github Lloyd Fournier Lluís Batlle i Rossell locpyl-tidnyd on github Loganaden Velvindron Loic Dachary +LoRd_MuldeR Loren Kirkby Lorenzo Miniero Loïc Yhuel +lRoccoon on github Luan Cestari Luca Altea Luca Boccassi @@ -1667,6 +1711,7 @@ Maksim Arhipov Maksim Kuzevanov Maksim Sciepanienka Maksim Stsepanenka +Maksymilian Arciemowicz Malik Idrees Hasan Khan Mamoru Tasaka Mamta Upadhyay @@ -1693,6 +1738,7 @@ Marcelo Juchem Marcin Adamski Marcin Gryszkalis Marcin Konicki +Marcin Rataj Marco Deckel Marco G. Salvagno Marco Kamner @@ -1713,6 +1759,7 @@ Mark Davies Mark Dodgson Mark Gaiser Mark Hamilton +Mark Huang Mark Incley Mark Itzcovitz Mark Karpeles @@ -1721,6 +1768,7 @@ Mark Nottingham Mark Roszko Mark Salisbury Mark Seuffert +Mark Sinkovics Mark Snelling Mark Swaanenburg Mark Tully @@ -1756,6 +1804,7 @@ Martin Jansen Martin Kammerhofer Martin Kepplinger Martin Lemke +Martin Schmatz Martin Skinner Martin Staael Martin Storsjö @@ -1808,6 +1857,7 @@ Matthias Naegler Mattias Fornander Matus Uzak Maurice Barnum +Mauricio Scheffer Mauro Iorio Mauro Rappa Maurício Meneghini Fauth @@ -1931,6 +1981,7 @@ Mohamed Lrhazi Mohamed Osama Mohammad AlSaleh Mohammad Hasbini +Mohammadreza Hendiani Mohammed Naser Mohun Biswas momala454 on github @@ -1995,6 +2046,7 @@ Nick Zitzmann nick-telia on github Nicklas Avén Nico Baggus +Nico Rieck nico-abram on github Nicolas Berloquin Nicolas Croiset @@ -2018,6 +2070,7 @@ nimaje on github niner on github Ning Dong Nir Soffer +Niracler Li Niranjan Hasabnis Nis Jorgensen nk @@ -2037,6 +2090,7 @@ Nuru on github Octavio Schroeder odek86 on github Ofer +ohyeaah on github Okhin Vasilij Ola Mork Olaf Flebbe @@ -2063,6 +2117,7 @@ omau on github OndÅ™ej KoláÄek opensignature on github opensslonzos-github on github +Ophir Lojkine Orange Tsai Oren Souroujon Oren Tirosh @@ -2078,6 +2133,7 @@ Oskar Liljeblad Oskar Sigvardsson Oumph on github ovidiu-benea on github +Ozan Cansel P R Schaffner Pablo Busse Palo Markovic @@ -2230,6 +2286,7 @@ Prithvi MK privetryan on github Priyanka Shah ProceduralMan on github +promptfuzz_ on hackerone Pronyushkin Petr PrzemysÅ‚aw Tomaszewski pszemus on github @@ -2299,6 +2356,7 @@ Renaud Lehoux Rene Bernhardt Rene Rebe Reuven Wachtfogel +RevaliQaQ on github Reza Arbab Rianov Viacheslav Ricardo Cadime @@ -2324,6 +2382,7 @@ Richard Gorton Richard Gray Richard Hosking Richard Hsu +Richard Levitte Richard Marion Richard Michael Richard Moore @@ -2346,6 +2405,7 @@ Ricky-Tigg on github Rider Linden RiderALT on github Rikard Falkeborn +rilysh rl1987 on github Rob Boeckermann Rob Cotrone @@ -2373,6 +2433,7 @@ Robert Prag Robert Ronto Robert Schumann Robert Simpson +Robert Southee Robert Weaver Robert Wruck Robin A. Meade @@ -2448,6 +2509,7 @@ Salvador Dávila Salvatore Sorrentino Sam Deane Sam Hurst +Sam James Sam Roth Sam Schanken Samanta Navarro @@ -2477,11 +2539,13 @@ Saul good Saurav Babu sayrer on github SBKarr on github +Scarlett McAllister Scott Bailey Scott Barrett Scott Cantor Scott Davis Scott McCreary +sd0 on hackerone Sean Boudreau Sean Burford Sean MacLennan @@ -2521,6 +2585,7 @@ SerusDev on github Seshubabu Pasam Seth Mos Sevan Janiyan +sfan5 on github Sgharat on github Sh Diao Shachaf Ben-Kiki @@ -2559,10 +2624,12 @@ Simon Warta simplerobot on github Siva Sivaraman SLDiggie on github +Smackd0wn Smackd0wn on github smuellerDD on github sn on hackerone sofaboss on github +Sohom Datta Somnath Kundu Song Ma Sonia Subramanian @@ -2629,6 +2696,7 @@ Steve Marx Steve Oliphant Steve Roskowski Steve Walch +Steven Allen Steven Bazyl Steven G. Johnson Steven Gu @@ -2667,6 +2735,7 @@ Taneli Vähäkangas Tanguy Fautre Taras Kushnir tarek112 on github +Tatsuhiko Miyagawa Tatsuhiro Tsujikawa tawmoto on github tbugfinder on github @@ -2679,6 +2748,7 @@ thanhchungbtc on github The Infinnovation team TheAssassin on github TheKnarf on github +Theo Theodore Dubois therealhirudo on github Thiago Suchorski @@ -2686,6 +2756,7 @@ tholin on github Thomas Bouzerar Thomas Braun Thomas Danielsson +Thomas Ferguson Thomas Gamper Thomas Glanzmann Thomas Guillem @@ -2714,6 +2785,7 @@ Tim Chen Tim Costello Tim Harder Tim Heckman +Tim Hill Tim Mcdonough Tim Newsome Tim Rühsen @@ -2793,6 +2865,7 @@ tonystz on Github Toon Verwaest Tor Arntsen Torben Dannhauer +Torben Dury Torsten Foertsch Toshio Kuratomi Toshiyuki Maezawa @@ -2809,6 +2882,7 @@ Tseng Jun Tuomas Siipola Tuomo Rinne Tupone Alfredo +Turiiya Tyler Hall Török Edwin u20221022 on github @@ -2920,6 +2994,7 @@ x2018 on github Xavier Bouchoux XhmikosR on github XhstormR on github +Xi Ruoyao Xiang Xiao Xiangbin Li xianghongai on github @@ -2931,6 +3006,7 @@ xtonik on github xwxbug on github Xì Gà Yaakov Selkowitz +Yadhu Krishna M Yair Lenga Yang Tse Yaobin Wen @@ -2938,10 +3014,12 @@ Yarram Sunil Yasuharu Yamada Yasuhiro Matsumoto Yechiel Kalmenson +Yedaya Katsman Yehezkel Horowitz Yehoshua Hershberg ygthien on github Yi Huang +Yifei Kong Yiming Jing Yingwei Liu yiyuaner on github @@ -2969,6 +3047,8 @@ Zachary Seguin Zdenek Pavlas Zekun Ni zelinchen on github +zengwei +zengwei2000 Zenju on github Zero King Zespre Schmidt @@ -2976,6 +3056,7 @@ Zhang Xiuhua zhanghu on xiaomi Zhao Yisha Zhaoyang Wu +zhengqwe on github Zhibiao Wu zhihaoy on github Zhouyihai Ding diff --git a/docs/TODO b/docs/TODO index f487f88aa..162944360 100644 --- a/docs/TODO +++ b/docs/TODO @@ -122,6 +122,7 @@ 13.8 Support DANE 13.9 TLS record padding 13.10 Support Authority Information Access certificate extension (AIA) + 13.11 Some TLS options are not offered for HTTPS proxies 13.12 Reduce CA certificate bundle reparsing 13.13 Make sure we forbid TLS 1.3 post-handshake authentication 13.14 Support the clienthello extension @@ -195,6 +196,9 @@ 21. MQTT 21.1 Support rate-limiting + 22. TFTP + 22.1 TFTP doesn't convert LF to CRLF for mode=netascii + ============================================================================== 1. libcurl @@ -884,6 +888,14 @@ See https://github.com/curl/curl/issues/2793 +13.11 Some TLS options are not offered for HTTPS proxies + + Some TLS related options to the command line tool and libcurl are only + provided for the server and not for HTTPS proxies. --proxy-tls-max, + --proxy-tlsv1.3, --proxy-curves and a few more.a + + https://github.com/curl/curl/issues/12286 + 13.12 Reduce CA certificate bundle reparsing When using the OpenSSL backend, curl will load and reparse the CA bundle at @@ -1104,7 +1116,7 @@ slow, potentially with a (random) wait between transfers. There is also a proposed set of standard HTTP headers to let servers let the client adapt to its rate limits: - https://www.ietf.org/id/draft-polli-ratelimit-headers-02.html + https://datatracker.ietf.org/doc/draft-ietf-httpapi-ratelimit-headers/ See https://github.com/curl/curl/issues/5406 @@ -1383,3 +1395,14 @@ The rate-limiting logic is done in the PERFORMING state in multi.c but MQTT is not (yet) implemented to use that. + +22. TFTP + +22.1 TFTP doesn't convert LF to CRLF for mode=netascii + + RFC 3617 defines that an TFTP transfer can be done using "netascii" + mode. curl does not support extracting that mode from the URL nor does it treat + such transfers specifically. It should probably do LF to CRLF translations + for them. + + See https://github.com/curl/curl/issues/12655 diff --git a/docs/TheArtOfHttpScripting.md b/docs/TheArtOfHttpScripting.md index 43f13e2af..8607642f7 100644 --- a/docs/TheArtOfHttpScripting.md +++ b/docs/TheArtOfHttpScripting.md @@ -87,16 +87,16 @@ The Uniform Resource Locator format is how you specify the address of a particular resource on the Internet. You know these, you have seen URLs like https://curl.se or https://example.com a million times. RFC 3986 is the - canonical spec. And yeah, the formal name is not URL, it is URI. + canonical spec. The formal name is not URL, it is **URI**. ## Host - The host name is usually resolved using DNS or your /etc/hosts file to an IP + The hostname is usually resolved using DNS or your /etc/hosts file to an IP address and that is what curl will communicate with. Alternatively you specify the IP address directly in the URL instead of a name. For development and other trying out situations, you can point to a different - IP address for a host name than what would otherwise be used, by using curl's + IP address for a hostname than what would otherwise be used, by using curl's [`--resolve`](https://curl.se/docs/manpage.html#--resolve) option: curl --resolve www.example.org:80:127.0.0.1 http://www.example.org/ @@ -107,7 +107,7 @@ or in some cases UDP. Normally you do not have to take that into consideration, but at times you run test servers on other ports or similar. Then you can specify the port number in the URL with a colon and a - number immediately following the host name. Like when doing HTTP to port + number immediately following the hostname. Like when doing HTTP to port 1234: curl http://www.example.org:1234/ @@ -142,20 +142,20 @@ The path part is just sent off to the server to request that it sends back the associated response. The path is what is to the right side of the slash - that follows the host name and possibly port number. + that follows the hostname and possibly port number. # Fetch a page ## GET The simplest and most common request/operation made using HTTP is to GET a - URL. The URL could itself refer to a web page, an image or a file. The client + URL. The URL could itself refer to a webpage, an image or a file. The client issues a GET request to the server and receives the document it asked for. If you issue the command line curl https://curl.se - you get a web page returned in your terminal window. The entire HTML document + you get a webpage returned in your terminal window. The entire HTML document that that URL holds. All HTTP replies contain a set of response headers that are normally hidden, @@ -309,12 +309,10 @@ This method is mainly designed to better support file uploads. A form that allows a user to upload a file could be written like this in HTML: -```html -
- - -
-``` +
+ + +
This clearly shows that the Content-Type about to be sent is `multipart/form-data`. @@ -500,7 +498,7 @@ The way the web browsers do "client side state control" is by using cookies. Cookies are just names with associated contents. The cookies are sent to the client by the server. The server tells the client for what path - and host name it wants the cookie sent back, and it also sends an expiration + and hostname it wants the cookie sent back, and it also sends an expiration date and a few more properties. When a client communicates with a server with a name and path as previously @@ -630,18 +628,17 @@ It should be noted that curl selects which methods to use on its own depending on what action to ask for. `-d` will do POST, `-I` will do HEAD and - so on. If you use the - [`--request`](https://curl.se/docs/manpage.html#-X) / `-X` option you - can change the method keyword curl selects, but you will not modify curl's - behavior. This means that if you for example use -d "data" to do a POST, you - can modify the method to a `PROPFIND` with `-X` and curl will still think it - sends a POST . You can change the normal GET to a POST method by simply - adding `-X POST` in a command line like: + so on. If you use the [`--request`](https://curl.se/docs/manpage.html#-X) / + `-X` option you can change the method keyword curl selects, but you will not + modify curl's behavior. This means that if you for example use -d "data" to + do a POST, you can modify the method to a `PROPFIND` with `-X` and curl will + still think it sends a POST. You can change the normal GET to a POST method + by simply adding `-X POST` in a command line like: curl -X POST http://example.org/ - ... but curl will still think and act as if it sent a GET so it will not send - any request body etc. + curl will however still act as if it sent a GET so it will not send any + request body etc. # Web Login diff --git a/docs/URL-SYNTAX.md b/docs/URL-SYNTAX.md index ddd99454f..011a32c38 100644 --- a/docs/URL-SYNTAX.md +++ b/docs/URL-SYNTAX.md @@ -28,7 +28,7 @@ Due to the inherent differences between URL parser implementations, it is considered a security risk to mix different implementations and assume the same behavior! -For example, if you use one parser to check if a URL uses a good host name or +For example, if you use one parser to check if a URL uses a good hostname or the correct auth field, and then pass on that same URL to a *second* parser, there will always be a risk it treats the same URL differently. There is no right and wrong in URL land, only differences of opinions. @@ -92,7 +92,7 @@ curl supports "URLs" that do not start with a scheme. This is not supported by any of the specifications. This is a shortcut to entering URLs that was supported by browsers early on and has been mimicked by curl. -Based on what the host name starts with, curl will "guess" what protocol to +Based on what the hostname starts with, curl will "guess" what protocol to use: - `ftp.` means FTP @@ -367,9 +367,9 @@ curl supports SMB version 1 (only) ## SMTP -The path part of a SMTP request specifies the host name to present during +The path part of a SMTP request specifies the hostname to present during communication with the mail server. If the path is omitted, then libcurl will -attempt to resolve the local computer's host name. However, this may not +attempt to resolve the local computer's hostname. However, this may not return the fully qualified domain name that is required by some mail servers and specifying this path allows you to set an alternative name, such as your machine's fully qualified domain name, which you might have obtained from an diff --git a/docs/VULN-DISCLOSURE-POLICY.md b/docs/VULN-DISCLOSURE-POLICY.md index 3ce220329..a0086634a 100644 --- a/docs/VULN-DISCLOSURE-POLICY.md +++ b/docs/VULN-DISCLOSURE-POLICY.md @@ -59,8 +59,7 @@ announcement. [SECURITY-ADVISORY](https://curl.se/dev/advisory.html) for help on creating the advisory. -- Request a CVE number from - [HackerOne](https://docs.hackerone.com/programs/cve-requests.html) +- Request a CVE number from HackerOne - Update the "security advisory" with the CVE number. @@ -93,7 +92,7 @@ announcement. the same manner we always announce releases. It gets sent to the curl-announce, curl-library and curl-users mailing lists. -- The security web page on the website should get the new vulnerability +- The security webpage on the website should get the new vulnerability mentioned. ## security (at curl dot se) @@ -283,3 +282,12 @@ and if an attacker can trick the user to run a specifically crafted curl command line, all bets are off. Such an attacker can just as well have the user run a much worse command that can do something fatal (like `sudo rm -rf /`). + +## Terminal output and escape sequences + +Content that is transferred from a server and gets displayed in a terminal by +curl may contain escape sequences or use other tricks to fool the user. This +is curl working as designed and is not a curl security problem. Escape +sequences, moving cursor, changing color etc, is also frequently used for +good. To reduce the risk of getting fooled, save files and browse them after +download using a display method that minimizes risks. diff --git a/docs/WEBSOCKET.md b/docs/WEBSOCKET.md index ba84c2284..c3967b8ea 100644 --- a/docs/WEBSOCKET.md +++ b/docs/WEBSOCKET.md @@ -109,10 +109,9 @@ Ideas: ## Why not libWebSocket -[libWebSocket](https://libWebSockets.org/) is said to be a solid, fast and -efficient WebSocket library with a vast amount of users. My plan was -originally to build upon it to skip having to implement the low level parts of -WebSocket myself. +libWebSocket is said to be a solid, fast and efficient WebSocket library with +a vast amount of users. My plan was originally to build upon it to skip having +to implement the low level parts of WebSocket myself. Here are the reasons why I have decided to move forward with WebSocket in curl **without using libWebSocket**: diff --git a/docs/cmdline-opts/CMakeLists.txt b/docs/cmdline-opts/CMakeLists.txt index 3dd8be49b..ee158df99 100644 --- a/docs/cmdline-opts/CMakeLists.txt +++ b/docs/cmdline-opts/CMakeLists.txt @@ -28,8 +28,10 @@ transform_makefile_inc("Makefile.inc" "${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc. include("${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake") add_custom_command(OUTPUT "${MANPAGE}" - COMMAND "${PERL_EXECUTABLE}" "${CMAKE_CURRENT_SOURCE_DIR}/gen.pl" mainpage "${CMAKE_CURRENT_SOURCE_DIR}" > "${MANPAGE}" - DEPENDS ${DPAGES} ${OTHERPAGES} + COMMAND cd ${CMAKE_CURRENT_SOURCE_DIR} && "${PERL_EXECUTABLE}" "./gen.pl" mainpage ${DPAGES} > "${MANPAGE}" VERBATIM ) -add_custom_target(generate-curl.1 DEPENDS "${MANPAGE}") +add_custom_target(generate-curl.1 ALL DEPENDS "${MANPAGE}") +if(NOT CURL_DISABLE_INSTALL) + install(FILES "${MANPAGE}" DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) +endif() diff --git a/docs/cmdline-opts/MANPAGE.md b/docs/cmdline-opts/MANPAGE.md index 6de32dab9..951cbe859 100644 --- a/docs/cmdline-opts/MANPAGE.md +++ b/docs/cmdline-opts/MANPAGE.md @@ -9,24 +9,38 @@ This is the curl man page generator. It generates a single nroff man page output from the set of sources files in this directory. -There is one source file for each supported command line option. The output -gets `page-header` prepended and `page-footer` appended. The format is -described below. +The `mainpage.idx` file lists all files that are rendered in that order to +produce the output. The magic `%options` keyword inserts all command line +options documented. + +The `%options` documentation is created with one source file for each +supported command line option. + +The documentation file format is described below. It is meant to look similar +to markdown which is why it uses `.md` file extensions. ## Option files Each command line option is described in a file named `.d`, where option name is written without any prefixing dashes. Like the file name for -the -v, --verbose option is named `verbose.d`. +the `-v, --verbose` option is named `verbose.d`. + +Each file has a set of meta-data in the top of the file, followed by a body of +text. -Each file has a set of meta-data and a body of text. +The documentation files that do not document options have no meta-data part. + +A line that starts with ``. ### Meta-data + --- (start of meta-data) Added: (version number in which this was added) Arg: (the argument the option takes) c: (copyright line) - Example: (example command line, without "curl" and can use `$URL`) + Example: + - (an example command line, without "curl" and can use `$URL`) + - (another example) Experimental: yes (if so) Help: (short text for the --help output for this option) Long: (long form name, without dashes) @@ -36,7 +50,9 @@ Each file has a set of meta-data and a body of text. Protocols: (space separated list for which protocols this option works) Requires: (space separated list of features this requires, no dashes) Scope: global (if the option is global) - See-also: (space separated list of related options, no dashes) + See-also: + - (a related option, no dashes) + - (another related option, no dashes) Short: (single letter, without dash) SPDX-License-Identifier: curl Tags: (space separated list) @@ -54,12 +70,33 @@ Text written within `*asterisks*` is shown using italics. Text within two Text that is prefixed with a space is treated like an "example" and gets output in monospace. -## Header and footer +Within the body, describe a list of items like this: + + ## item 1 + description + + ## item 2 + second description + +The list is automatically terminated at end of file, or you can do it +explicitly with an empty "header": + + ## + +### Headers + +The `#` header can be used by non-option files and it produces produces a +`.SH` output. + +If the `#` header is used for a command line option file, that header is +simply ignored in the generated output. It can still serve a purpose in the +source file as it helps the user identify what option the file is for. -`page-header` is the file that is output before the generated options output -for the master man page. +### Variables -`page-footer` is appended after all the individual options. +There are three different "variables" that can be used when creating the +output. They need to be written within backticks in the source file (to escape +getting spellchecked by CI jobs): `%DATE`, `%VERSION` and `%GLOBALS`. ## Generate diff --git a/docs/cmdline-opts/Makefile.am b/docs/cmdline-opts/Makefile.am index 5a8996bc2..e9b35ac05 100644 --- a/docs/cmdline-opts/Makefile.am +++ b/docs/cmdline-opts/Makefile.am @@ -28,7 +28,7 @@ MANPAGE = $(top_builddir)/docs/curl.1 include Makefile.inc -EXTRA_DIST = $(DPAGES) MANPAGE.md gen.pl $(OTHERPAGES) CMakeLists.txt +EXTRA_DIST = $(DPAGES) MANPAGE.md gen.pl $(SUPPORT) CMakeLists.txt mainpage.idx GEN = $(GN_$(V)) GN_0 = @echo " GENERATE" $@; @@ -37,5 +37,8 @@ GN_ = $(GN_0) all: $(MANPAGE) -$(MANPAGE): $(DPAGES) $(OTHERPAGES) Makefile.inc gen.pl +$(MANPAGE): $(DPAGES) $(SUPPORT) mainpage.idx Makefile.inc gen.pl $(GEN)(rm -f $(MANPAGE) && cd $(srcdir) && @PERL@ ./gen.pl mainpage $(DPAGES) > $(builddir)/manpage.tmp && mv $(builddir)/manpage.tmp $(MANPAGE)) + +listhelp: + ./gen.pl listhelp $(DPAGES) > $(top_builddir)/src/tool_listhelp.c diff --git a/docs/cmdline-opts/Makefile.inc b/docs/cmdline-opts/Makefile.inc index a7c92f264..428cc3bab 100644 --- a/docs/cmdline-opts/Makefile.inc +++ b/docs/cmdline-opts/Makefile.inc @@ -23,264 +23,283 @@ ########################################################################### # Shared between Makefile.am and CMakeLists.txt -DPAGES = \ - abstract-unix-socket.d \ - alt-svc.d \ - anyauth.d \ - append.d \ - aws-sigv4.d \ - basic.d \ - ca-native.d \ - cacert.d \ - capath.d \ - cert-status.d \ - cert-type.d \ - cert.d \ - ciphers.d \ - compressed-ssh.d \ - compressed.d \ - config.d \ - connect-timeout.d \ - connect-to.d \ - continue-at.d \ - cookie-jar.d \ - cookie.d \ - create-dirs.d \ - create-file-mode.d \ - crlf.d \ - crlfile.d \ - curves.d \ - data-ascii.d \ - data-binary.d \ - data-raw.d \ - data-urlencode.d \ - data.d \ - delegation.d \ - digest.d \ - disable-eprt.d \ - disable-epsv.d \ - disable.d \ - disallow-username-in-url.d \ - dns-interface.d \ - dns-ipv4-addr.d \ - dns-ipv6-addr.d \ - dns-servers.d \ - doh-cert-status.d \ - doh-insecure.d \ - doh-url.d \ - dump-header.d \ - egd-file.d \ - engine.d \ - etag-compare.d \ - etag-save.d \ - expect100-timeout.d \ - fail-early.d \ - fail-with-body.d \ - fail.d \ - false-start.d \ - form-escape.d \ - form-string.d \ - form.d \ - ftp-account.d \ - ftp-alternative-to-user.d \ - ftp-create-dirs.d \ - ftp-method.d \ - ftp-pasv.d \ - ftp-port.d \ - ftp-pret.d \ - ftp-skip-pasv-ip.d \ - ftp-ssl-ccc-mode.d \ - ftp-ssl-ccc.d \ - ftp-ssl-control.d \ - get.d \ - globoff.d \ - happy-eyeballs-timeout-ms.d \ - haproxy-protocol.d \ - haproxy-clientip.d \ - head.d \ - header.d \ - help.d \ - hostpubmd5.d \ - hostpubsha256.d \ - hsts.d \ - http0.9.d \ - http1.0.d \ - http1.1.d \ - http2-prior-knowledge.d \ - http2.d \ - http3.d \ - http3-only.d \ - ignore-content-length.d \ - include.d \ - insecure.d \ - interface.d \ - ipfs-gateway.d \ - ipv4.d \ - ipv6.d \ - json.d \ - junk-session-cookies.d \ - keepalive-time.d \ - key-type.d \ - key.d \ - krb.d \ - libcurl.d \ - limit-rate.d \ - list-only.d \ - local-port.d \ - location-trusted.d \ - location.d \ - login-options.d \ - mail-auth.d \ - mail-from.d \ - mail-rcpt-allowfails.d \ - mail-rcpt.d \ - manual.d \ - max-filesize.d \ - max-redirs.d \ - max-time.d \ - metalink.d \ - negotiate.d \ - netrc-file.d \ - netrc-optional.d \ - netrc.d \ - next.d \ - no-alpn.d \ - no-buffer.d \ - no-clobber.d \ - no-keepalive.d \ - no-npn.d \ - no-progress-meter.d \ - no-sessionid.d \ - noproxy.d \ - ntlm-wb.d \ - ntlm.d \ - oauth2-bearer.d \ - output-dir.d \ - output.d \ - parallel-immediate.d \ - parallel-max.d \ - parallel.d \ - pass.d \ - path-as-is.d \ - pinnedpubkey.d \ - post301.d \ - post302.d \ - post303.d \ - preproxy.d \ - progress-bar.d \ - proto-default.d \ - proto-redir.d \ - proto.d \ - proxy-anyauth.d \ - proxy-basic.d \ - proxy-ca-native.d \ - proxy-cacert.d \ - proxy-capath.d \ - proxy-cert-type.d \ - proxy-cert.d \ - proxy-ciphers.d \ - proxy-crlfile.d \ - proxy-digest.d \ - proxy-header.d \ - proxy-http2.d \ - proxy-insecure.d \ - proxy-key-type.d \ - proxy-key.d \ - proxy-negotiate.d \ - proxy-ntlm.d \ - proxy-pass.d \ - proxy-pinnedpubkey.d \ - proxy-service-name.d \ - proxy-ssl-allow-beast.d \ - proxy-ssl-auto-client-cert.d \ - proxy-tls13-ciphers.d \ - proxy-tlsauthtype.d \ - proxy-tlspassword.d \ - proxy-tlsuser.d \ - proxy-tlsv1.d \ - proxy-user.d \ - proxy.d \ - proxy1.0.d \ - proxytunnel.d \ - pubkey.d \ - quote.d \ - random-file.d \ - range.d \ - rate.d \ - raw.d \ - referer.d \ - remote-header-name.d \ - remote-name-all.d \ - remote-name.d \ - remote-time.d \ - remove-on-error.d \ - request-target.d \ - request.d \ - resolve.d \ - retry-all-errors.d \ - retry-connrefused.d \ - retry-delay.d \ - retry-max-time.d \ - retry.d \ - sasl-authzid.d \ - sasl-ir.d \ - service-name.d \ - show-error.d \ - silent.d \ - socks4.d \ - socks4a.d \ - socks5-basic.d \ - socks5-gssapi-nec.d \ - socks5-gssapi-service.d \ - socks5-gssapi.d \ - socks5-hostname.d \ - socks5.d \ - speed-limit.d \ - speed-time.d \ - ssl-allow-beast.d \ - ssl-auto-client-cert.d \ - ssl-no-revoke.d \ - ssl-reqd.d \ - ssl-revoke-best-effort.d \ - ssl.d \ - sslv2.d \ - sslv3.d \ - stderr.d \ - styled-output.d \ - suppress-connect-headers.d \ - tcp-fastopen.d \ - tcp-nodelay.d \ - telnet-option.d \ - tftp-blksize.d \ - tftp-no-options.d \ - time-cond.d \ - tls-max.d \ - tls13-ciphers.d \ - tlsauthtype.d \ - tlspassword.d \ - tlsuser.d \ - tlsv1.0.d \ - tlsv1.1.d \ - tlsv1.2.d \ - tlsv1.3.d \ - tlsv1.d \ - tr-encoding.d \ - trace-ascii.d \ - trace-config.d \ - trace-ids.d \ - trace-time.d \ - trace.d \ - unix-socket.d \ - upload-file.d \ - url.d \ - url-query.d \ - use-ascii.d \ - user-agent.d \ - user.d \ - variable.d \ - verbose.d \ - version.d \ - write-out.d \ - xattr.d +SUPPORT = \ + _AUTHORS.md \ + _BUGS.md \ + _DESCRIPTION.md \ + _ENVIRONMENT.md \ + _EXITCODES.md \ + _FILES.md \ + _GLOBBING.md \ + _NAME.md \ + _OPTIONS.md \ + _OUTPUT.md \ + _PROGRESS.md \ + _PROTOCOLS.md \ + _PROXYPREFIX.md \ + _SEEALSO.md \ + _SYNOPSIS.md \ + _URL.md \ + _VARIABLES.md \ + _VERSION.md \ + _WWW.md -OTHERPAGES = page-footer page-header +DPAGES = \ + abstract-unix-socket.md \ + alt-svc.md \ + anyauth.md \ + append.md \ + aws-sigv4.md \ + basic.md \ + ca-native.md \ + cacert.md \ + capath.md \ + cert-status.md \ + cert-type.md \ + cert.md \ + ciphers.md \ + compressed-ssh.md \ + compressed.md \ + config.md \ + connect-timeout.md \ + connect-to.md \ + continue-at.md \ + cookie-jar.md \ + cookie.md \ + create-dirs.md \ + create-file-mode.md \ + crlf.md \ + crlfile.md \ + curves.md \ + data-ascii.md \ + data-binary.md \ + data-raw.md \ + data-urlencode.md \ + data.md \ + delegation.md \ + digest.md \ + disable-eprt.md \ + disable-epsv.md \ + disable.md \ + disallow-username-in-url.md \ + dns-interface.md \ + dns-ipv4-addr.md \ + dns-ipv6-addr.md \ + dns-servers.md \ + doh-cert-status.md \ + doh-insecure.md \ + doh-url.md \ + dump-header.md \ + egd-file.md \ + engine.md \ + etag-compare.md \ + etag-save.md \ + expect100-timeout.md \ + fail-early.md \ + fail-with-body.md \ + fail.md \ + false-start.md \ + form-escape.md \ + form-string.md \ + form.md \ + ftp-account.md \ + ftp-alternative-to-user.md \ + ftp-create-dirs.md \ + ftp-method.md \ + ftp-pasv.md \ + ftp-port.md \ + ftp-pret.md \ + ftp-skip-pasv-ip.md \ + ftp-ssl-ccc-mode.md \ + ftp-ssl-ccc.md \ + ftp-ssl-control.md \ + get.md \ + globoff.md \ + happy-eyeballs-timeout-ms.md \ + haproxy-protocol.md \ + haproxy-clientip.md \ + head.md \ + header.md \ + help.md \ + hostpubmd5.md \ + hostpubsha256.md \ + hsts.md \ + http0.9.md \ + http1.0.md \ + http1.1.md \ + http2-prior-knowledge.md \ + http2.md \ + http3.md \ + http3-only.md \ + ignore-content-length.md \ + include.md \ + insecure.md \ + interface.md \ + ipfs-gateway.md \ + ipv4.md \ + ipv6.md \ + json.md \ + junk-session-cookies.md \ + keepalive-time.md \ + key-type.md \ + key.md \ + krb.md \ + libcurl.md \ + limit-rate.md \ + list-only.md \ + local-port.md \ + location-trusted.md \ + location.md \ + login-options.md \ + mail-auth.md \ + mail-from.md \ + mail-rcpt-allowfails.md \ + mail-rcpt.md \ + manual.md \ + max-filesize.md \ + max-redirs.md \ + max-time.md \ + metalink.md \ + negotiate.md \ + netrc-file.md \ + netrc-optional.md \ + netrc.md \ + next.md \ + no-alpn.md \ + no-buffer.md \ + no-clobber.md \ + no-keepalive.md \ + no-npn.md \ + no-progress-meter.md \ + no-sessionid.md \ + noproxy.md \ + ntlm-wb.md \ + ntlm.md \ + oauth2-bearer.md \ + output-dir.md \ + output.md \ + parallel-immediate.md \ + parallel-max.md \ + parallel.md \ + pass.md \ + path-as-is.md \ + pinnedpubkey.md \ + post301.md \ + post302.md \ + post303.md \ + preproxy.md \ + progress-bar.md \ + proto-default.md \ + proto-redir.md \ + proto.md \ + proxy-anyauth.md \ + proxy-basic.md \ + proxy-ca-native.md \ + proxy-cacert.md \ + proxy-capath.md \ + proxy-cert-type.md \ + proxy-cert.md \ + proxy-ciphers.md \ + proxy-crlfile.md \ + proxy-digest.md \ + proxy-header.md \ + proxy-http2.md \ + proxy-insecure.md \ + proxy-key-type.md \ + proxy-key.md \ + proxy-negotiate.md \ + proxy-ntlm.md \ + proxy-pass.md \ + proxy-pinnedpubkey.md \ + proxy-service-name.md \ + proxy-ssl-allow-beast.md \ + proxy-ssl-auto-client-cert.md \ + proxy-tls13-ciphers.md \ + proxy-tlsauthtype.md \ + proxy-tlspassword.md \ + proxy-tlsuser.md \ + proxy-tlsv1.md \ + proxy-user.md \ + proxy.md \ + proxy1.0.md \ + proxytunnel.md \ + pubkey.md \ + quote.md \ + random-file.md \ + range.md \ + rate.md \ + raw.md \ + referer.md \ + remote-header-name.md \ + remote-name-all.md \ + remote-name.md \ + remote-time.md \ + remove-on-error.md \ + request-target.md \ + request.md \ + resolve.md \ + retry-all-errors.md \ + retry-connrefused.md \ + retry-delay.md \ + retry-max-time.md \ + retry.md \ + sasl-authzid.md \ + sasl-ir.md \ + service-name.md \ + show-error.md \ + silent.md \ + socks4.md \ + socks4a.md \ + socks5-basic.md \ + socks5-gssapi-nec.md \ + socks5-gssapi-service.md \ + socks5-gssapi.md \ + socks5-hostname.md \ + socks5.md \ + speed-limit.md \ + speed-time.md \ + ssl-allow-beast.md \ + ssl-auto-client-cert.md \ + ssl-no-revoke.md \ + ssl-reqd.md \ + ssl-revoke-best-effort.md \ + ssl.md \ + sslv2.md \ + sslv3.md \ + stderr.md \ + styled-output.md \ + suppress-connect-headers.md \ + tcp-fastopen.md \ + tcp-nodelay.md \ + telnet-option.md \ + tftp-blksize.md \ + tftp-no-options.md \ + time-cond.md \ + tls-max.md \ + tls13-ciphers.md \ + tlsauthtype.md \ + tlspassword.md \ + tlsuser.md \ + tlsv1.0.md \ + tlsv1.1.md \ + tlsv1.2.md \ + tlsv1.3.md \ + tlsv1.md \ + tr-encoding.md \ + trace-ascii.md \ + trace-config.md \ + trace-ids.md \ + trace-time.md \ + trace.md \ + unix-socket.md \ + upload-file.md \ + url.md \ + url-query.md \ + use-ascii.md \ + user-agent.md \ + user.md \ + variable.md \ + verbose.md \ + version.md \ + write-out.md \ + xattr.md diff --git a/docs/cmdline-opts/_AUTHORS.md b/docs/cmdline-opts/_AUTHORS.md new file mode 100644 index 000000000..0c9bfb953 --- /dev/null +++ b/docs/cmdline-opts/_AUTHORS.md @@ -0,0 +1,5 @@ + + +# AUTHORS +Daniel Stenberg is the main author, but the whole list of contributors is +found in the separate THANKS file. diff --git a/docs/cmdline-opts/_BUGS.md b/docs/cmdline-opts/_BUGS.md new file mode 100644 index 000000000..45630d435 --- /dev/null +++ b/docs/cmdline-opts/_BUGS.md @@ -0,0 +1,5 @@ + + +# BUGS +If you experience any problems with curl, submit an issue in the project's bug +tracker on GitHub: https://github.com/curl/curl/issues diff --git a/docs/cmdline-opts/_DESCRIPTION.md b/docs/cmdline-opts/_DESCRIPTION.md new file mode 100644 index 000000000..3e06c1b38 --- /dev/null +++ b/docs/cmdline-opts/_DESCRIPTION.md @@ -0,0 +1,11 @@ + + +# DESCRIPTION + +**curl** is a tool for transferring data from or to a server using URLs. It +supports these protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, +IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, +SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. + +curl is powered by libcurl for all transfer-related features. See +*libcurl(3)* for details. diff --git a/docs/cmdline-opts/_ENVIRONMENT.md b/docs/cmdline-opts/_ENVIRONMENT.md new file mode 100644 index 000000000..cf30d4740 --- /dev/null +++ b/docs/cmdline-opts/_ENVIRONMENT.md @@ -0,0 +1,114 @@ + + +# ENVIRONMENT +The environment variables can be specified in lower case or upper case. The +lower case version has precedence. `http_proxy` is an exception as it is only +available in lower case. + +Using an environment variable to set the proxy has the same effect as using +the --proxy option. + +## `http_proxy` [protocol://][:port] +Sets the proxy server to use for HTTP. + +## `HTTPS_PROXY` [protocol://][:port] +Sets the proxy server to use for HTTPS. + +## `[url-protocol]_PROXY` [protocol://][:port] +Sets the proxy server to use for [url-protocol], where the protocol is a +protocol that curl supports and as specified in a URL. FTP, FTPS, POP3, IMAP, +SMTP, LDAP, etc. + +## `ALL_PROXY` [protocol://][:port] +Sets the proxy server to use if no protocol-specific proxy is set. + +## `NO_PROXY` +list of host names that should not go through any proxy. If set to an asterisk +'*' only, it matches all hosts. Each name in this list is matched as either +a domain name which contains the hostname, or the hostname itself. + +This environment variable disables use of the proxy even when specified with +the --proxy option. That is + + NO_PROXY=direct.example.com curl -x http://proxy.example.com + http://direct.example.com + +accesses the target URL directly, and + + NO_PROXY=direct.example.com curl -x http://proxy.example.com + http://somewhere.example.com + +accesses the target URL through the proxy. + +The list of host names can also be include numerical IP addresses, and IPv6 +versions should then be given without enclosing brackets. + +IP addresses can be specified using CIDR notation: an appended slash and +number specifies the number of "network bits" out of the address to use in the +comparison (added in 7.86.0). For example "192.168.0.0/16" would match all +addresses starting with "192.168". + +## `APPDATA` +On Windows, this variable is used when trying to find the home directory. If +the primary home variable are all unset. + +## `COLUMNS` +If set, the specified number of characters is used as the terminal width when +the alternative progress-bar is shown. If not set, curl tries to figure it out +using other ways. + +## `CURL_CA_BUNDLE` +If set, it is used as the --cacert value. This environment variable is ignored +if Schannel is used as the TLS backend. + +## `CURL_HOME` +If set, is the first variable curl checks when trying to find its home +directory. If not set, it continues to check *XDG_CONFIG_HOME* + +## `CURL_SSL_BACKEND` +If curl was built with support for "MultiSSL", meaning that it has built-in +support for more than one TLS backend, this environment variable can be set to +the case insensitive name of the particular backend to use when curl is +invoked. Setting a name that is not a built-in alternative makes curl stay +with the default. + +SSL backend names (case-insensitive): **bearssl**, **gnutls**, **mbedtls**, +**openssl**, **rustls**, **schannel**, **secure-transport**, **wolfssl** + +## `HOME` +If set, this is used to find the home directory when that is needed. Like when +looking for the default .curlrc. *CURL_HOME* and *XDG_CONFIG_HOME* +have preference. + +## `QLOGDIR` +If curl was built with HTTP/3 support, setting this environment variable to a +local directory makes curl produce **qlogs** in that directory, using file +names named after the destination connection id (in hex). Do note that these +files can become rather large. Works with the ngtcp2 and quiche QUIC backends. + +## `SHELL` +Used on VMS when trying to detect if using a **DCL** or a **unix** shell. + +## `SSL_CERT_DIR` +If set, it is used as the --capath value. This environment variable is ignored +if Schannel is used as the TLS backend. + +## `SSL_CERT_FILE` +If set, it is used as the --cacert value. This environment variable is ignored +if Schannel is used as the TLS backend. + +## `SSLKEYLOGFILE` +If you set this environment variable to a file name, curl stores TLS secrets +from its connections in that file when invoked to enable you to analyze the +TLS traffic in real time using network analyzing tools such as Wireshark. This +works with the following TLS backends: OpenSSL, libressl, BoringSSL, GnuTLS +and wolfSSL. + +## `USERPROFILE` +On Windows, this variable is used when trying to find the home directory. If +the other, primary, variable are all unset. If set, curl uses the path +**"$USERPROFILE\Application Data"**. + +## `XDG_CONFIG_HOME` +If *CURL_HOME* is not set, this variable is checked when looking for a +default .curlrc file. diff --git a/docs/cmdline-opts/page-footer b/docs/cmdline-opts/_EXITCODES.md similarity index 47% rename from docs/cmdline-opts/page-footer rename to docs/cmdline-opts/_EXITCODES.md index beae49ac1..ac7ab5ca1 100644 --- a/docs/cmdline-opts/page-footer +++ b/docs/cmdline-opts/_EXITCODES.md @@ -1,322 +1,201 @@ -.SH FILES -.I ~/.curlrc -.RS -Default config file, see --config for details. -.SH ENVIRONMENT -The environment variables can be specified in lower case or upper case. The -lower case version has precedence. http_proxy is an exception as it is only -available in lower case. - -Using an environment variable to set the proxy has the same effect as using -the --proxy option. - -.IP "http_proxy [protocol://][:port]" -Sets the proxy server to use for HTTP. -.IP "HTTPS_PROXY [protocol://][:port]" -Sets the proxy server to use for HTTPS. -.IP "[url-protocol]_PROXY [protocol://][:port]" -Sets the proxy server to use for [url-protocol], where the protocol is a -protocol that curl supports and as specified in a URL. FTP, FTPS, POP3, IMAP, -SMTP, LDAP, etc. -.IP "ALL_PROXY [protocol://][:port]" -Sets the proxy server to use if no protocol-specific proxy is set. -.IP "NO_PROXY " -list of host names that should not go through any proxy. If set to an asterisk -'*' only, it matches all hosts. Each name in this list is matched as either -a domain name which contains the hostname, or the hostname itself. - -This environment variable disables use of the proxy even when specified with -the --proxy option. That is -.B NO_PROXY=direct.example.com curl -x http://proxy.example.com -.B http://direct.example.com -accesses the target URL directly, and -.B NO_PROXY=direct.example.com curl -x http://proxy.example.com -.B http://somewhere.example.com -accesses the target URL through the proxy. - -The list of host names can also be include numerical IP addresses, and IPv6 -versions should then be given without enclosing brackets. - -IP addresses can be specified using CIDR notation: an appended slash and -number specifies the number of "network bits" out of the address to use in the -comparison (added in 7.86.0). For example "192.168.0.0/16" would match all -addresses starting with "192.168". -.IP "APPDATA " -On Windows, this variable is used when trying to find the home directory. If -the primary home variable are all unset. -.IP "COLUMNS " -If set, the specified number of characters is used as the terminal width when -the alternative progress-bar is shown. If not set, curl tries to figure it out -using other ways. -.IP "CURL_CA_BUNDLE " -If set, it is used as the --cacert value. -.IP "CURL_HOME " -If set, is the first variable curl checks when trying to find its home -directory. If not set, it continues to check *XDG_CONFIG_HOME* -.IP "CURL_SSL_BACKEND " -If curl was built with support for "MultiSSL", meaning that it has built-in -support for more than one TLS backend, this environment variable can be set to -the case insensitive name of the particular backend to use when curl is -invoked. Setting a name that is not a built-in alternative makes curl stay -with the default. - -SSL backend names (case-insensitive): **bearssl**, **gnutls**, **mbedtls**, -**openssl**, **rustls**, **schannel**, **secure-transport**, **wolfssl** -.IP "HOME " -If set, this is used to find the home directory when that is needed. Like when -looking for the default .curlrc. *CURL_HOME* and *XDG_CONFIG_HOME* -have preference. -.IP "QLOGDIR " -If curl was built with HTTP/3 support, setting this environment variable to a -local directory makes curl produce **qlogs** in that directory, using file -names named after the destination connection id (in hex). Do note that these -files can become rather large. Works with the ngtcp2 and quiche QUIC backends. -.IP SHELL -Used on VMS when trying to detect if using a **DCL** or a **unix** shell. -.IP "SSL_CERT_DIR " -If set, it is used as the --capath value. -.IP "SSL_CERT_FILE " -If set, it is used as the --cacert value. -.IP "SSLKEYLOGFILE " -If you set this environment variable to a file name, curl stores TLS secrets -from its connections in that file when invoked to enable you to analyze the -TLS traffic in real time using network analyzing tools such as Wireshark. This -works with the following TLS backends: OpenSSL, libressl, BoringSSL, GnuTLS -and wolfSSL. -.IP "USERPROFILE " -On Windows, this variable is used when trying to find the home directory. If -the other, primary, variable are all unset. If set, curl uses the path -**"$USERPROFILE\\Application Data"**. -.IP "XDG_CONFIG_HOME " -If *CURL_HOME* is not set, this variable is checked when looking for a -default .curlrc file. -.SH "PROXY PROTOCOL PREFIXES" -The proxy string may be specified with a protocol:// prefix to specify -alternative proxy protocols. (Added in 7.21.7) - -If no protocol is specified in the proxy string or if the string does not -match a supported one, the proxy is treated as an HTTP proxy. - -The supported proxy protocol prefixes are as follows: -.IP "http://" -Makes it use it as an HTTP proxy. The default if no scheme prefix is used. -.IP "https://" -Makes it treated as an **HTTPS** proxy. -.IP "socks4://" -Makes it the equivalent of --socks4 -.IP "socks4a://" -Makes it the equivalent of --socks4a -.IP "socks5://" -Makes it the equivalent of --socks5 -.IP "socks5h://" -Makes it the equivalent of --socks5-hostname -.SH EXIT CODES + + +# EXIT CODES There are a bunch of different error codes and their corresponding error messages that may appear under error conditions. At the time of this writing, the exit codes are: -.IP 0 +## 0 Success. The operation completed successfully according to the instructions. -.IP 1 +## 1 Unsupported protocol. This build of curl has no support for this protocol. -.IP 2 +## 2 Failed to initialize. -.IP 3 +## 3 URL malformed. The syntax was not correct. -.IP 4 +## 4 A feature or option that was needed to perform the desired request was not enabled or was explicitly disabled at build-time. To make curl able to do this, you probably need another build of libcurl. -.IP 5 +## 5 Could not resolve proxy. The given proxy host could not be resolved. -.IP 6 +## 6 Could not resolve host. The given remote host could not be resolved. -.IP 7 +## 7 Failed to connect to host. -.IP 8 +## 8 Weird server reply. The server sent data curl could not parse. -.IP 9 +## 9 FTP access denied. The server denied login or denied access to the particular resource or directory you wanted to reach. Most often you tried to change to a directory that does not exist on the server. -.IP 10 +## 10 FTP accept failed. While waiting for the server to connect back when an active FTP session is used, an error code was sent over the control connection or similar. -.IP 11 +## 11 FTP weird PASS reply. Curl could not parse the reply sent to the PASS request. -.IP 12 +## 12 During an active FTP session while waiting for the server to connect back to curl, the timeout expired. -.IP 13 +## 13 FTP weird PASV reply, Curl could not parse the reply sent to the PASV request. -.IP 14 +## 14 FTP weird 227 format. Curl could not parse the 227-line the server sent. -.IP 15 +## 15 FTP cannot use host. Could not resolve the host IP we got in the 227-line. -.IP 16 +## 16 HTTP/2 error. A problem was detected in the HTTP2 framing layer. This is somewhat generic and can be one out of several problems, see the error message for details. -.IP 17 +## 17 FTP could not set binary. Could not change transfer method to binary. -.IP 18 +## 18 Partial file. Only a part of the file was transferred. -.IP 19 +## 19 FTP could not download/access the given file, the RETR (or similar) command failed. -.IP 21 +## 21 FTP quote error. A quote command returned error from the server. -.IP 22 +## 22 HTTP page not retrieved. The requested URL was not found or returned another error with the HTTP error code being 400 or above. This return code only appears if --fail is used. -.IP 23 +## 23 Write error. Curl could not write data to a local filesystem or similar. -.IP 25 -FTP could not STOR file. The server denied the STOR operation, used for FTP -uploading. -.IP 26 +## 25 +Failed starting the upload. For FTP, the server typically denied the STOR +command. +## 26 Read error. Various reading problems. -.IP 27 +## 27 Out of memory. A memory allocation request failed. -.IP 28 +## 28 Operation timeout. The specified time-out period was reached according to the conditions. -.IP 30 +## 30 FTP PORT failed. The PORT command failed. Not all FTP servers support the PORT -command, try doing a transfer using PASV instead! -.IP 31 +command, try doing a transfer using PASV instead. +## 31 FTP could not use REST. The REST command failed. This command is used for resumed FTP transfers. -.IP 33 +## 33 HTTP range error. The range "command" did not work. -.IP 34 +## 34 HTTP post error. Internal post-request generation error. -.IP 35 +## 35 SSL connect error. The SSL handshaking failed. -.IP 36 +## 36 Bad download resume. Could not continue an earlier aborted download. -.IP 37 +## 37 FILE could not read file. Failed to open the file. Permissions? -.IP 38 +## 38 LDAP cannot bind. LDAP bind operation failed. -.IP 39 +## 39 LDAP search failed. -.IP 41 +## 41 Function not found. A required LDAP function was not found. -.IP 42 +## 42 Aborted by callback. An application told curl to abort the operation. -.IP 43 +## 43 Internal error. A function was called with a bad parameter. -.IP 45 +## 45 Interface error. A specified outgoing interface could not be used. -.IP 47 +## 47 Too many redirects. When following redirects, curl hit the maximum amount. -.IP 48 +## 48 Unknown option specified to libcurl. This indicates that you passed a weird option to curl that was passed on to libcurl and rejected. Read up in the manual! -.IP 49 +## 49 Malformed telnet option. -.IP 52 +## 52 The server did not reply anything, which here is considered an error. -.IP 53 +## 53 SSL crypto engine not found. -.IP 54 +## 54 Cannot set SSL crypto engine as default. -.IP 55 +## 55 Failed sending network data. -.IP 56 +## 56 Failure in receiving network data. -.IP 58 +## 58 Problem with the local certificate. -.IP 59 +## 59 Could not use specified SSL cipher. -.IP 60 +## 60 Peer certificate cannot be authenticated with known CA certificates. -.IP 61 +## 61 Unrecognized transfer encoding. -.IP 63 +## 63 Maximum file size exceeded. -.IP 64 +## 64 Requested FTP SSL level failed. -.IP 65 +## 65 Sending the data requires a rewind that failed. -.IP 66 +## 66 Failed to initialize SSL Engine. -.IP 67 +## 67 The user name, password, or similar was not accepted and curl failed to log in. -.IP 68 +## 68 File not found on TFTP server. -.IP 69 +## 69 Permission problem on TFTP server. -.IP 70 +## 70 Out of disk space on TFTP server. -.IP 71 +## 71 Illegal TFTP operation. -.IP 72 +## 72 Unknown TFTP transfer ID. -.IP 73 +## 73 File already exists (TFTP). -.IP 74 +## 74 No such user (TFTP). -.IP 77 +## 77 Problem reading the SSL CA cert (path? access rights?). -.IP 78 +## 78 The resource referenced in the URL does not exist. -.IP 79 +## 79 An unspecified error occurred during the SSH session. -.IP 80 +## 80 Failed to shut down the SSL connection. -.IP 82 +## 82 Could not load CRL file, missing or wrong format (added in 7.19.0). -.IP 83 +## 83 Issuer check failed (added in 7.19.0). -.IP 84 +## 84 The FTP PRET command failed. -.IP 85 +## 85 Mismatch of RTSP CSeq numbers. -.IP 86 +## 86 Mismatch of RTSP Session Identifiers. -.IP 87 +## 87 Unable to parse FTP file list. -.IP 88 +## 88 FTP chunk callback reported error. -.IP 89 +## 89 No connection available, the session is queued. -.IP 90 +## 90 SSL public key does not matched pinned public key. -.IP 91 +## 91 Invalid SSL certificate status. -.IP 92 +## 92 Stream error in HTTP/2 framing layer. -.IP 93 +## 93 An API function was called from inside a callback. -.IP 94 +## 94 An authentication function returned an error. -.IP 95 +## 95 A problem was detected in the HTTP/3 layer. This is somewhat generic and can be one out of several problems, see the error message for details. -.IP 96 +## 96 QUIC connection error. This error may be caused by an SSL library error. QUIC is the protocol used for HTTP/3 transfers. -.IP 97 +## 97 Proxy handshake error. -.IP 98 +## 98 A client-side certificate is required to complete the TLS handshake. -.IP 99 +## 99 Poll or select returned fatal error. -.IP XX +## XX More error codes might appear here in future releases. The existing ones are meant to never change. -.SH BUGS -If you experience any problems with curl, submit an issue in the project's bug -tracker on GitHub: https://github.com/curl/curl/issues -.SH AUTHORS / CONTRIBUTORS -Daniel Stenberg is the main author, but the whole list of contributors is -found in the separate THANKS file. -.SH WWW -https://curl.se -.SH "SEE ALSO" -.BR ftp (1), -.BR wget (1) diff --git a/docs/cmdline-opts/_FILES.md b/docs/cmdline-opts/_FILES.md new file mode 100644 index 000000000..8c5d3faa7 --- /dev/null +++ b/docs/cmdline-opts/_FILES.md @@ -0,0 +1,6 @@ + + +# FILES +*~/.curlrc* + +Default config file, see --config for details. diff --git a/docs/cmdline-opts/_GLOBBING.md b/docs/cmdline-opts/_GLOBBING.md new file mode 100644 index 000000000..282356c3e --- /dev/null +++ b/docs/cmdline-opts/_GLOBBING.md @@ -0,0 +1,40 @@ + + +# GLOBBING +You can specify multiple URLs or parts of URLs by writing lists within braces +or ranges within brackets. We call this "globbing". + +Provide a list with three different names like this: + + "http://site.{one,two,three}.com" + +Do sequences of alphanumeric series by using [] as in: + + "ftp://ftp.example.com/file[1-100].txt" + +With leading zeroes: + + "ftp://ftp.example.com/file[001-100].txt" + +With letters through the alphabet: + + "ftp://ftp.example.com/file[a-z].txt" + +Nested sequences are not supported, but you can use several ones next to each +other: + + "http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html" + +You can specify a step counter for the ranges to get every Nth number or +letter: + + "http://example.com/file[1-100:10].txt" + + "http://example.com/file[a-z:2].txt" + +When using [] or {} sequences when invoked from a command line prompt, you +probably have to put the full URL within double quotes to avoid the shell from +interfering with it. This also goes for other characters treated special, like +for example '&', '?' and '*'. + +Switch off globbing with --globoff. diff --git a/docs/cmdline-opts/_NAME.md b/docs/cmdline-opts/_NAME.md new file mode 100644 index 000000000..b0d891614 --- /dev/null +++ b/docs/cmdline-opts/_NAME.md @@ -0,0 +1,4 @@ + + +# NAME +curl - transfer a URL diff --git a/docs/cmdline-opts/_OPTIONS.md b/docs/cmdline-opts/_OPTIONS.md new file mode 100644 index 000000000..1b2556659 --- /dev/null +++ b/docs/cmdline-opts/_OPTIONS.md @@ -0,0 +1,26 @@ + + +# OPTIONS +Options start with one or two dashes. Many of the options require an +additional value next to them. If provided text does not start with a dash, it +is presumed to be and treated as a URL. + +The short "single-dash" form of the options, -d for example, may be used with +or without a space between it and its value, although a space is a recommended +separator. The long "double-dash" form, --data for example, requires a space +between it and its value. + +Short version options that do not need any additional values can be used +immediately next to each other, like for example you can specify all the +options *-O*, *-L* and *-v* at once as *-OLv*. + +In general, all boolean options are enabled with --**option** and yet again +disabled with --**no-**option. That is, you use the same option name but +prefix it with "no-". However, in this list we mostly only list and show the +*--option* version of them. + +When --next is used, it resets the parser state and you start again with a +clean option state, except for the options that are "global". Global options +retain their values and meaning even after --next. + +The following options are global: `%GLOBALS`. diff --git a/docs/cmdline-opts/_OUTPUT.md b/docs/cmdline-opts/_OUTPUT.md new file mode 100644 index 000000000..32a5457af --- /dev/null +++ b/docs/cmdline-opts/_OUTPUT.md @@ -0,0 +1,11 @@ + + +# OUTPUT +If not told otherwise, curl writes the received data to stdout. It can be +instructed to instead save that data into a local file, using the --output or +--remote-name options. If curl is given multiple URLs to transfer on the +command line, it similarly needs multiple options for where to save them. + +curl does not parse or otherwise "understand" the content it gets or writes as +output. It does no encoding or decoding, unless explicitly asked to with +dedicated command line options. diff --git a/docs/cmdline-opts/_PROGRESS.md b/docs/cmdline-opts/_PROGRESS.md new file mode 100644 index 000000000..80e36f102 --- /dev/null +++ b/docs/cmdline-opts/_PROGRESS.md @@ -0,0 +1,25 @@ + + +# "PROGRESS METER" + +curl normally displays a progress meter during operations, indicating the +amount of transferred data, transfer speeds and estimated time left, etc. The +progress meter displays the transfer rate in bytes per second. The suffixes +(k, M, G, T, P) are 1024 based. For example 1k is 1024 bytes. 1M is 1048576 +bytes. + +curl displays this data to the terminal by default, so if you invoke curl to +do an operation and it is about to write data to the terminal, it *disables* +the progress meter as otherwise it would mess up the output mixing progress +meter and response data. + +If you want a progress meter for HTTP POST or PUT requests, you need to +redirect the response output to a file, using shell redirect (>), --output or +similar. + +This does not apply to FTP upload as that operation does not spit out any +response data to the terminal. + +If you prefer a progress "bar" instead of the regular meter, --progress-bar is +your friend. You can also disable the progress meter completely with the +--silent option. diff --git a/docs/cmdline-opts/_PROTOCOLS.md b/docs/cmdline-opts/_PROTOCOLS.md new file mode 100644 index 000000000..b834f9ae3 --- /dev/null +++ b/docs/cmdline-opts/_PROTOCOLS.md @@ -0,0 +1,51 @@ + + +# PROTOCOLS +curl supports numerous protocols, or put in URL terms: schemes. Your +particular build may not support them all. +## DICT +Lets you lookup words using online dictionaries. +## FILE +Read or write local files. curl does not support accessing file:// URL +remotely, but when running on Microsoft Windows using the native UNC approach +works. +## FTP(S) +curl supports the File Transfer Protocol with a lot of tweaks and levers. With +or without using TLS. +## GOPHER(S) +Retrieve files. +## HTTP(S) +curl supports HTTP with numerous options and variations. It can speak HTTP +version 0.9, 1.0, 1.1, 2 and 3 depending on build options and the correct +command line options. +## IMAP(S) +Using the mail reading protocol, curl can "download" emails for you. With or +without using TLS. +## LDAP(S) +curl can do directory lookups for you, with or without TLS. +## MQTT +curl supports MQTT version 3. Downloading over MQTT equals "subscribe" to a +topic while uploading/posting equals "publish" on a topic. MQTT over TLS is +not supported (yet). +## POP3(S) +Downloading from a pop3 server means getting a mail. With or without using +TLS. +## RTMP(S) +The **Realtime Messaging Protocol** is primarily used to serve streaming media +and curl can download it. +## RTSP +curl supports RTSP 1.0 downloads. +## SCP +curl supports SSH version 2 scp transfers. +## SFTP +curl supports SFTP (draft 5) done over SSH version 2. +## SMB(S) +curl supports SMB version 1 for upload and download. +## SMTP(S) +Uploading contents to an SMTP server means sending an email. With or without +TLS. +## TELNET +Telling curl to fetch a telnet URL starts an interactive session where it +sends what it reads on stdin and outputs what the server sends it. +## TFTP +curl can do TFTP downloads and uploads. diff --git a/docs/cmdline-opts/_PROXYPREFIX.md b/docs/cmdline-opts/_PROXYPREFIX.md new file mode 100644 index 000000000..297b56c4b --- /dev/null +++ b/docs/cmdline-opts/_PROXYPREFIX.md @@ -0,0 +1,22 @@ + + +# PROXY PROTOCOL PREFIXES +The proxy string may be specified with a protocol:// prefix to specify +alternative proxy protocols. (Added in 7.21.7) + +If no protocol is specified in the proxy string or if the string does not +match a supported one, the proxy is treated as an HTTP proxy. + +The supported proxy protocol prefixes are as follows: +## http:// +Makes it use it as an HTTP proxy. The default if no scheme prefix is used. +## https:// +Makes it treated as an **HTTPS** proxy. +## socks4:// +Makes it the equivalent of --socks4 +## socks4a:// +Makes it the equivalent of --socks4a +## socks5:// +Makes it the equivalent of --socks5 +## socks5h:// +Makes it the equivalent of --socks5-hostname diff --git a/docs/cmdline-opts/_SEEALSO.md b/docs/cmdline-opts/_SEEALSO.md new file mode 100644 index 000000000..f4d0b55cf --- /dev/null +++ b/docs/cmdline-opts/_SEEALSO.md @@ -0,0 +1,5 @@ + + +# SEE ALSO + +**ftp (1)**, **wget (1)** diff --git a/docs/cmdline-opts/_SYNOPSIS.md b/docs/cmdline-opts/_SYNOPSIS.md new file mode 100644 index 000000000..381587744 --- /dev/null +++ b/docs/cmdline-opts/_SYNOPSIS.md @@ -0,0 +1,5 @@ + + +# SYNOPSIS + +**curl [options / URLs]** diff --git a/docs/cmdline-opts/_URL.md b/docs/cmdline-opts/_URL.md new file mode 100644 index 000000000..0084ec612 --- /dev/null +++ b/docs/cmdline-opts/_URL.md @@ -0,0 +1,28 @@ + + +# URL +The URL syntax is protocol-dependent. You find a detailed description in +RFC 3986. + +If you provide a URL without a leading **protocol://** scheme, curl guesses +what protocol you want. It then defaults to HTTP but assumes others based on +often-used host name prefixes. For example, for host names starting with +"ftp." curl assumes you want FTP. + +You can specify any amount of URLs on the command line. They are fetched in a +sequential manner in the specified order unless you use --parallel. You can +specify command line options and URLs mixed and in any order on the command +line. + +curl attempts to reuse connections when doing multiple transfers, so that +getting many files from the same server do not use multiple connects and setup +handshakes. This improves speed. Connection reuse can only be done for URLs +specified for a single command line invocation and cannot be performed between +separate curl runs. + +Provide an IPv6 zone id in the URL with an escaped percentage sign. Like in + + "http://[fe80::3%25eth0]/" + +Everything provided on the command line that is not a command line option or +its argument, curl assumes is a URL and treats it as such. diff --git a/docs/cmdline-opts/_VARIABLES.md b/docs/cmdline-opts/_VARIABLES.md new file mode 100644 index 000000000..3e17bfdae --- /dev/null +++ b/docs/cmdline-opts/_VARIABLES.md @@ -0,0 +1,44 @@ + + +# VARIABLES +curl supports command line variables (added in 8.3.0). Set variables with +--variable name=content or --variable name@file (where "file" can be stdin if +set to a single dash (-)). + +Variable contents can be expanded in option parameters using "{{name}}" (without +the quotes) if the option name is prefixed with "--expand-". This gets the +contents of the variable "name" inserted, or a blank if the name does not +exist as a variable. Insert "{{" verbatim in the string by prefixing it with a +backslash, like "\{{". + +You an access and expand environment variables by first importing them. You +can select to either require the environment variable to be set or you can +provide a default value in case it is not already set. Plain --variable %name +imports the variable called 'name' but exits with an error if that environment +variable is not already set. To provide a default value if it is not set, use +--variable %name=content or --variable %name@content. + +Example. Get the USER environment variable into the URL, fail if USER is not +set: + + --variable '%USER' + --expand-url = "https://example.com/api/{{USER}}/method" + +When expanding variables, curl supports a set of functions that can make the +variable contents more convenient to use. It can trim leading and trailing +white space with *trim*, it can output the contents as a JSON quoted string +with *json*, URL encode the string with *url* or base64 encode it with +*b64*. You apply function to a variable expansion, add them colon separated to +the right side of the variable. Variable content holding null bytes that are +not encoded when expanded cause error. + +Example: get the contents of a file called $HOME/.secret into a variable +called "fix". Make sure that the content is trimmed and percent-encoded sent +as POST data: + + --variable %HOME + --expand-variable fix@{{HOME}}/.secret + --expand-data "{{fix:trim:url}}" + https://example.com/ + +Command line variables and expansions were added in in 8.3.0. diff --git a/docs/cmdline-opts/_VERSION.md b/docs/cmdline-opts/_VERSION.md new file mode 100644 index 000000000..4c759f147 --- /dev/null +++ b/docs/cmdline-opts/_VERSION.md @@ -0,0 +1,15 @@ + + +# VERSION + +This man page describes curl %VERSION. If you use a later version, chances are +this man page does not fully document it. If you use an earlier version, this +document tries to include version information about which specific version +that introduced changes. + +You can always learn which the latest curl version is by running + + curl https://curl.se/info + +The online version of this man page is always showing the latest incarnation: +https://curl.se/docs/manpage.html diff --git a/docs/cmdline-opts/_WWW.md b/docs/cmdline-opts/_WWW.md new file mode 100644 index 000000000..35d946697 --- /dev/null +++ b/docs/cmdline-opts/_WWW.md @@ -0,0 +1,4 @@ + + +# WWW +https://curl.se diff --git a/docs/cmdline-opts/abstract-unix-socket.d b/docs/cmdline-opts/abstract-unix-socket.md similarity index 80% rename from docs/cmdline-opts/abstract-unix-socket.d rename to docs/cmdline-opts/abstract-unix-socket.md index 5c2fd4a47..27bc8cad6 100644 --- a/docs/cmdline-opts/abstract-unix-socket.d +++ b/docs/cmdline-opts/abstract-unix-socket.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: abstract-unix-socket @@ -6,10 +7,15 @@ Help: Connect via abstract Unix domain socket Added: 7.53.0 Protocols: HTTP Category: connection -See-also: unix-socket -Example: --abstract-unix-socket socketpath $URL Multi: single +See-also: + - unix-socket +Example: + - --abstract-unix-socket socketpath $URL --- + +# `--abstract-unix-socket` + Connect through an abstract Unix domain socket, instead of using the network. Note: netstat shows the path of an abstract socket prefixed with '@', however the argument should not have this leading character. diff --git a/docs/cmdline-opts/alt-svc.d b/docs/cmdline-opts/alt-svc.md similarity index 87% rename from docs/cmdline-opts/alt-svc.d rename to docs/cmdline-opts/alt-svc.md index 276ac1b66..0a0f17df5 100644 --- a/docs/cmdline-opts/alt-svc.d +++ b/docs/cmdline-opts/alt-svc.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: alt-svc @@ -6,10 +7,16 @@ Protocols: HTTPS Help: Enable alt-svc with this cache file Added: 7.64.1 Category: http -See-also: resolve connect-to -Example: --alt-svc svc.txt $URL Multi: append +See-also: + - resolve + - connect-to +Example: + - --alt-svc svc.txt $URL --- + +# `--alt-svc` + This option enables the alt-svc parser in curl. If the file name points to an existing alt-svc cache file, that gets used. After a completed transfer, the cache is saved to the file name again if it has been modified. diff --git a/docs/cmdline-opts/anyauth.d b/docs/cmdline-opts/anyauth.md similarity index 88% rename from docs/cmdline-opts/anyauth.d rename to docs/cmdline-opts/anyauth.md index 2498bdcd8..150e069e8 100644 --- a/docs/cmdline-opts/anyauth.d +++ b/docs/cmdline-opts/anyauth.md @@ -1,14 +1,22 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: anyauth Help: Pick any authentication method Protocols: HTTP -See-also: proxy-anyauth basic digest Category: http proxy auth -Example: --anyauth --user me:pwd $URL Added: 7.10.6 Multi: mutex +See-also: + - proxy-anyauth + - basic + - digest +Example: + - --anyauth --user me:pwd $URL --- + +# `--anyauth` + Tells curl to figure out authentication method by itself, and use the most secure one the remote site claims to support. This is done by first doing a request and checking the response-headers, thus possibly inducing an extra diff --git a/docs/cmdline-opts/append.d b/docs/cmdline-opts/append.md similarity index 79% rename from docs/cmdline-opts/append.d rename to docs/cmdline-opts/append.md index 7561c951c..3d0030d6a 100644 --- a/docs/cmdline-opts/append.d +++ b/docs/cmdline-opts/append.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Short: a @@ -5,11 +6,17 @@ Long: append Help: Append to target file when uploading Protocols: FTP SFTP Category: ftp sftp -See-also: range continue-at -Example: --upload-file local --append ftp://example.com/ Added: 4.8 Multi: boolean +See-also: + - range + - continue-at +Example: + - --upload-file local --append ftp://example.com/ --- + +# `--append` + When used in an upload, this option makes curl append to the target file instead of overwriting it. If the remote file does not exist, it is created. Note that this flag is ignored by some SFTP servers (including diff --git a/docs/cmdline-opts/aws-sigv4.d b/docs/cmdline-opts/aws-sigv4.md similarity index 83% rename from docs/cmdline-opts/aws-sigv4.d rename to docs/cmdline-opts/aws-sigv4.md index b771eee6a..1b3909244 100644 --- a/docs/cmdline-opts/aws-sigv4.d +++ b/docs/cmdline-opts/aws-sigv4.md @@ -1,14 +1,22 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: aws-sigv4 +Protocols: HTTP Arg: Help: Use AWS V4 signature authentication Category: auth http Added: 7.75.0 -See-also: basic user -Example: --aws-sigv4 "aws:amz:us-east-2:es" --user "key:secret" $URL Multi: single +See-also: + - basic + - user +Example: + - --aws-sigv4 "aws:amz:us-east-2:es" --user "key:secret" $URL --- + +# `--aws-sigv4` + Use AWS V4 signature authentication in the transfer. The provider argument is a string that is used by the algorithm when creating diff --git a/docs/cmdline-opts/basic.d b/docs/cmdline-opts/basic.md similarity index 85% rename from docs/cmdline-opts/basic.d rename to docs/cmdline-opts/basic.md index cb0642620..34b019175 100644 --- a/docs/cmdline-opts/basic.d +++ b/docs/cmdline-opts/basic.md @@ -1,14 +1,20 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: basic Help: Use HTTP Basic Authentication -See-also: proxy-basic Protocols: HTTP Category: auth -Example: -u name:password --basic $URL Added: 7.10.6 Multi: mutex +See-also: + - proxy-basic +Example: + - -u name:password --basic $URL --- + +# `--basic` + Tells curl to use HTTP Basic authentication with the remote host. This is the default and this option is usually pointless, unless you use it to override a previously set option that sets a different authentication method (such as diff --git a/docs/cmdline-opts/ca-native.d b/docs/cmdline-opts/ca-native.md similarity index 57% rename from docs/cmdline-opts/ca-native.d rename to docs/cmdline-opts/ca-native.md index 51e36918a..d0b4bfa5a 100644 --- a/docs/cmdline-opts/ca-native.d +++ b/docs/cmdline-opts/ca-native.md @@ -1,21 +1,28 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: ca-native Help: Use CA certificates from the native OS Protocols: TLS Category: tls -See-also: cacert capath insecure -Example: --ca-native $URL Added: 8.2.0 Multi: boolean +See-also: + - cacert + - capath + - insecure +Example: + - --ca-native $URL --- + +# `--ca-native` + Tells curl to use the CA store from the native operating system to verify the peer. By default, curl otherwise uses a CA store provided in a single file or directory, but when using this option it interfaces the operating system's own vault. -This option only works for curl on Windows when built to use OpenSSL. When -curl on Windows is built to use Schannel, this feature is implied and curl -then only uses the native CA store. - -curl built with wolfSSL also supports this option (added in 8.3.0). +This option works for curl on Windows when built to use OpenSSL, wolfSSL +(added in 8.3.0) or GnuTLS (added in 8.5.0). When curl on Windows is built to +use Schannel, this feature is implied and curl then only uses the native CA +store. diff --git a/docs/cmdline-opts/cacert.d b/docs/cmdline-opts/cacert.md similarity index 85% rename from docs/cmdline-opts/cacert.d rename to docs/cmdline-opts/cacert.md index 5e4e74901..7b1b2174b 100644 --- a/docs/cmdline-opts/cacert.d +++ b/docs/cmdline-opts/cacert.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: cacert @@ -5,19 +6,25 @@ Arg: Help: CA certificate to verify peer against Protocols: TLS Category: tls -See-also: capath insecure -Example: --cacert CA-file.txt $URL Added: 7.5 Multi: single +See-also: + - capath + - insecure +Example: + - --cacert CA-file.txt $URL --- + +# `--cacert` + Tells curl to use the specified certificate file to verify the peer. The file may contain multiple CA certificates. The certificate(s) must be in PEM format. Normally curl is built to use a default file for this, so this option is typically used to alter that default file. -curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is -set, and uses the given path as a path to a CA cert bundle. This option -overrides that variable. +curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is set +and the TLS backend is not Schannel, and uses the given path as a path to a CA +cert bundle. This option overrides that variable. The windows version of curl automatically looks for a CA certs file named 'curl-ca-bundle.crt', either in the same directory as curl.exe, or in the diff --git a/docs/cmdline-opts/capath.d b/docs/cmdline-opts/capath.md similarity index 88% rename from docs/cmdline-opts/capath.d rename to docs/cmdline-opts/capath.md index 75e9f2e40..ecd28df24 100644 --- a/docs/cmdline-opts/capath.d +++ b/docs/cmdline-opts/capath.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: capath @@ -5,11 +6,17 @@ Arg: Help: CA directory to verify peer against Protocols: TLS Category: tls -See-also: cacert insecure -Example: --capath /local/directory $URL Added: 7.9.8 Multi: single +See-also: + - cacert + - insecure +Example: + - --capath /local/directory $URL --- + +# `--capath` + Tells curl to use the specified certificate directory to verify the peer. Multiple paths can be provided by separating them with ":" (e.g. "path1:path2:path3"). The certificates must be in PEM format, and if curl is diff --git a/docs/cmdline-opts/cert-status.d b/docs/cmdline-opts/cert-status.md similarity index 88% rename from docs/cmdline-opts/cert-status.d rename to docs/cmdline-opts/cert-status.md index e2d1d7aa2..bfbd3af83 100644 --- a/docs/cmdline-opts/cert-status.d +++ b/docs/cmdline-opts/cert-status.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: cert-status @@ -5,10 +6,15 @@ Protocols: TLS Added: 7.41.0 Help: Verify the status of the server cert via OCSP-staple Category: tls -See-also: pinnedpubkey -Example: --cert-status $URL Multi: boolean +See-also: + - pinnedpubkey +Example: + - --cert-status $URL --- + +# `--cert-status` + Tells curl to verify the status of the server certificate by using the Certificate Status Request (aka. OCSP stapling) TLS extension. diff --git a/docs/cmdline-opts/cert-type.d b/docs/cmdline-opts/cert-type.md similarity index 82% rename from docs/cmdline-opts/cert-type.d rename to docs/cmdline-opts/cert-type.md index cf9f17b7d..a0030a59d 100644 --- a/docs/cmdline-opts/cert-type.d +++ b/docs/cmdline-opts/cert-type.md @@ -1,15 +1,23 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: cert-type Protocols: TLS Arg: Help: Certificate type (DER/PEM/ENG/P12) -See-also: cert key key-type Category: tls -Example: --cert-type PEM --cert file $URL Added: 7.9.3 Multi: single +See-also: + - cert + - key + - key-type +Example: + - --cert-type PEM --cert file $URL --- + +# `--cert-type` + Tells curl what type the provided client certificate is using. PEM, DER, ENG and P12 are recognized types. diff --git a/docs/cmdline-opts/cert.d b/docs/cmdline-opts/cert.md similarity index 65% rename from docs/cmdline-opts/cert.d rename to docs/cmdline-opts/cert.md index 56d0df7fd..6df5d0ebf 100644 --- a/docs/cmdline-opts/cert.d +++ b/docs/cmdline-opts/cert.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Short: E @@ -5,12 +6,19 @@ Long: cert Arg: Help: Client certificate file and password Protocols: TLS -See-also: cert-type key key-type Category: tls -Example: --cert certfile --key keyfile $URL Added: 5.0 Multi: single +See-also: + - cert-type + - key + - key-type +Example: + - --cert certfile --key keyfile $URL --- + +# `--cert` + Tells curl to use the specified client certificate file when getting a file with HTTPS, FTPS or another SSL-based protocol. The certificate must be in PKCS#12 format if using Secure Transport, or PEM format if using any other @@ -19,10 +27,10 @@ the terminal. Note that this option assumes a certificate file that is the private key and the client certificate concatenated. See --cert and --key to specify them independently. -In the portion of the argument, you must escape the character ":" -as "\\:" so that it is not recognized as the password delimiter. Similarly, you -must escape the character "\\" as "\\\\" so that it is not recognized as an -escape character. +In the portion of the argument, you must escape the character +":" as "\:" so that it is not recognized as the password delimiter. Similarly, +you must escape the double quote character as \" so that it is not recognized +as an escape character. If curl is built against OpenSSL library, and the engine pkcs11 is available, then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in @@ -37,13 +45,12 @@ system or user keychain, or the path to a PKCS#12-encoded certificate and private key. If you want to use a file from the current directory, please precede it with "./" prefix, in order to avoid confusion with a nickname. -(Schannel only) Client certificates must be specified by a path -expression to a certificate store. (Loading *PFX* is not supported; you can -import it to a store first). You can use -"\\\\" to refer to a certificate -in the system certificates store, for example, -*"CurrentUser\\MY\\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a"*. Thumbprint is +(Schannel only) Client certificates must be specified by a path expression to +a certificate store. (Loading *PFX* is not supported; you can import it to a +store first). You can use "\\" to +refer to a certificate in the system certificates store, for example, +*"CurrentUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a"*. Thumbprint is usually a SHA-1 hex string which you can see in certificate details. Following -store locations are supported: *CurrentUser*, *LocalMachine*, *CurrentService*, -*Services*, *CurrentUserGroupPolicy*, *LocalMachineGroupPolicy* and -*LocalMachineEnterprise*. +store locations are supported: *CurrentUser*, *LocalMachine*, +*CurrentService*, *Services*, *CurrentUserGroupPolicy*, +*LocalMachineGroupPolicy* and *LocalMachineEnterprise*. diff --git a/docs/cmdline-opts/ciphers.d b/docs/cmdline-opts/ciphers.md similarity index 75% rename from docs/cmdline-opts/ciphers.d rename to docs/cmdline-opts/ciphers.md index a30902bdb..9d7e0c6fe 100644 --- a/docs/cmdline-opts/ciphers.d +++ b/docs/cmdline-opts/ciphers.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: ciphers @@ -5,11 +6,18 @@ Arg: Help: SSL ciphers to use Protocols: TLS Category: tls -See-also: tlsv1.3 tls13-ciphers proxy-ciphers -Example: --ciphers ECDHE-ECDSA-AES256-CCM8 $URL Added: 7.9 Multi: single +See-also: + - tlsv1.3 + - tls13-ciphers + - proxy-ciphers +Example: + - --ciphers ECDHE-ECDSA-AES256-CCM8 $URL --- + +# `--ciphers` + Specifies which ciphers to use in the connection. The list of ciphers must specify valid ciphers. Read up on SSL cipher list details on this URL: diff --git a/docs/cmdline-opts/compressed-ssh.d b/docs/cmdline-opts/compressed-ssh.md similarity index 75% rename from docs/cmdline-opts/compressed-ssh.d rename to docs/cmdline-opts/compressed-ssh.md index 897395677..c52e5a7a3 100644 --- a/docs/cmdline-opts/compressed-ssh.d +++ b/docs/cmdline-opts/compressed-ssh.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: compressed-ssh @@ -5,9 +6,14 @@ Help: Enable SSH compression Protocols: SCP SFTP Added: 7.56.0 Category: scp ssh -See-also: compressed -Example: --compressed-ssh sftp://example.com/ Multi: boolean +See-also: + - compressed +Example: + - --compressed-ssh sftp://example.com/ --- + +# `--compressed-ssh` + Enables built-in SSH compression. This is a request, not an order; the server may or may not do it. diff --git a/docs/cmdline-opts/compressed.d b/docs/cmdline-opts/compressed.md similarity index 89% rename from docs/cmdline-opts/compressed.d rename to docs/cmdline-opts/compressed.md index bb1d3baa7..35bbab813 100644 --- a/docs/cmdline-opts/compressed.d +++ b/docs/cmdline-opts/compressed.md @@ -1,14 +1,20 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: compressed Help: Request compressed response Protocols: HTTP Category: http -Example: --compressed $URL -See-also: compressed-ssh Added: 7.10 Multi: boolean +See-also: + - compressed-ssh +Example: + - --compressed $URL --- + +# `--compressed` + Request a compressed response using one of the algorithms curl supports, and automatically decompress the content. diff --git a/docs/cmdline-opts/config.d b/docs/cmdline-opts/config.md similarity index 73% rename from docs/cmdline-opts/config.d rename to docs/cmdline-opts/config.md index c22a827f6..2f393e27e 100644 --- a/docs/cmdline-opts/config.d +++ b/docs/cmdline-opts/config.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: config @@ -5,11 +6,16 @@ Arg: Help: Read config from a file Short: K Category: curl -Example: --config file.txt $URL Added: 4.10 -See-also: disable Multi: append +See-also: + - disable +Example: + - --config file.txt $URL --- + +# `--config` + Specify a text file to read curl arguments from. The command line arguments found in the text file are used as if they were provided on the command line. @@ -22,9 +28,9 @@ is specified with one or two dashes, there can be no colon or equals character between the option and its parameter. If the parameter contains whitespace or starts with a colon (:) or equals sign -(=), it must be specified enclosed within double quotes (\&"). Within double -quotes the following escape sequences are available: \\\\, \\", \\t, \\n, \\r -and \\v. A backslash preceding any other letter is ignored. +(=), it must be specified enclosed within double quotes ("). Within double +quotes the following escape sequences are available: \\, \", \t, \n, \r and +\v. A backslash preceding any other letter is ignored. If the first non-blank column of a config line is a '#' character, that line is treated as a comment. @@ -38,19 +44,19 @@ Note that to be able to specify a URL in the config file, you need to specify it using the --url option, and not by simply writing the URL on its own line. So, it could look similar to this: -url = "https://curl.se/docs/" + url = "https://curl.se/docs/" - # --- Example file --- - # this is a comment - url = "example.com" - output = "curlhere.html" - user-agent = "superagent/1.0" + # --- Example file --- + # this is a comment + url = "example.com" + output = "curlhere.html" + user-agent = "superagent/1.0" - # and fetch another URL too - url = "example.com/docs/manpage.html" - -O - referer = "http://nowhereatall.example.com/" - # --- End of example file --- + # and fetch another URL too + url = "example.com/docs/manpage.html" + -O + referer = "http://nowhereatall.example.com/" + # --- End of example file --- When curl is invoked, it (unless --disable is used) checks for a default config file and uses it if found, even when --config is used. The default @@ -62,11 +68,11 @@ config file is checked for in the following places in this order: 3) **"$HOME/.curlrc"** -4) Windows: **"%USERPROFILE%\\.curlrc"** +4) Windows: **"%USERPROFILE%\.curlrc"** -5) Windows: **"%APPDATA%\\.curlrc"** +5) Windows: **"%APPDATA%\.curlrc"** -6) Windows: **"%USERPROFILE%\\Application Data\\.curlrc"** +6) Windows: **"%USERPROFILE%\Application Data\.curlrc"** 7) Non-Windows: use getpwuid to find the home directory diff --git a/docs/cmdline-opts/connect-timeout.d b/docs/cmdline-opts/connect-timeout.md similarity index 84% rename from docs/cmdline-opts/connect-timeout.d rename to docs/cmdline-opts/connect-timeout.md index b3d19b3c3..f7281b09a 100644 --- a/docs/cmdline-opts/connect-timeout.d +++ b/docs/cmdline-opts/connect-timeout.md @@ -1,16 +1,22 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: connect-timeout Arg: Help: Maximum time allowed for connection -See-also: max-time Category: connection -Example: --connect-timeout 20 $URL -Example: --connect-timeout 3.14 $URL Added: 7.7 Multi: single +See-also: + - max-time +Example: + - --connect-timeout 20 $URL + - --connect-timeout 3.14 $URL --- -Maximum time in seconds that you allow curl's connection to take. This only + +# `--connect-timeout` + +Maximum time in seconds that you allow curl's connection to take. This only limits the connection phase, so if curl connects within the given period it continues - if not it exits. diff --git a/docs/cmdline-opts/connect-to.d b/docs/cmdline-opts/connect-to.d deleted file mode 100644 index 95fab9112..000000000 --- a/docs/cmdline-opts/connect-to.d +++ /dev/null @@ -1,24 +0,0 @@ -c: Copyright (C) Daniel Stenberg, , et al. -SPDX-License-Identifier: curl -Long: connect-to -Arg: -Help: Connect to host -Added: 7.49.0 -See-also: resolve header -Category: connection -Example: --connect-to example.com:443:example.net:8443 $URL -Multi: append ---- - -For a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead. -This option is suitable to direct requests at a specific server, e.g. at a -specific cluster node in a cluster of servers. This option is only used to -establish the network connection. It does NOT affect the hostname/port that is -used for TLS/SSL (e.g. SNI, certificate verification) or for the application -protocols. "HOST1" and "PORT1" may be the empty string, meaning "any -host/port". "HOST2" and "PORT2" may also be the empty string, meaning "use the -request's original host/port". - -A "host" specified to this option is compared as a string, so it needs to -match the name used in request URL. It can be either numerical such as -"127.0.0.1" or the full host name such as "example.org". diff --git a/docs/cmdline-opts/connect-to.md b/docs/cmdline-opts/connect-to.md new file mode 100644 index 000000000..7cd0aa857 --- /dev/null +++ b/docs/cmdline-opts/connect-to.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: connect-to +Arg: +Help: Connect to host +Added: 7.49.0 +Category: connection +Multi: append +See-also: + - resolve + - header +Example: + - --connect-to example.com:443:example.net:8443 $URL +--- + +# `--connect-to` + +For a request to the given `HOST1:PORT1` pair, connect to `HOST2:PORT2` +instead. This option is suitable to direct requests at a specific server, +e.g. at a specific cluster node in a cluster of servers. This option is only +used to establish the network connection. It does NOT affect the hostname/port +that is used for TLS/SSL (e.g. SNI, certificate verification) or for the +application protocols. `HOST1` and `PORT1` may be the empty string, meaning +"any host/port". `HOST2` and `PORT2` may also be the empty string, meaning +"use the request's original host/port". + +A hostname specified to this option is compared as a string, so it needs to +match the name used in request URL. It can be either numerical such as +`127.0.0.1` or the full host name such as `example.org`. diff --git a/docs/cmdline-opts/continue-at.d b/docs/cmdline-opts/continue-at.md similarity index 88% rename from docs/cmdline-opts/continue-at.d rename to docs/cmdline-opts/continue-at.md index a4fc1a969..67a79fd70 100644 --- a/docs/cmdline-opts/continue-at.d +++ b/docs/cmdline-opts/continue-at.md @@ -1,16 +1,22 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Short: C Long: continue-at Arg: Help: Resumed transfer offset -See-also: range Category: connection -Example: -C - $URL -Example: -C 400 $URL Added: 4.8 Multi: single +See-also: + - range +Example: + - -C - $URL + - -C 400 $URL --- + +# `--continue-at` + Continue/Resume a previous file transfer at the given offset. The given offset is the exact number of bytes that are skipped, counting from the beginning of the source file before it is transferred to the destination. If used with diff --git a/docs/cmdline-opts/cookie-jar.d b/docs/cmdline-opts/cookie-jar.md similarity index 90% rename from docs/cmdline-opts/cookie-jar.d rename to docs/cmdline-opts/cookie-jar.md index 28738cac9..5453152e4 100644 --- a/docs/cmdline-opts/cookie-jar.d +++ b/docs/cmdline-opts/cookie-jar.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Short: c @@ -6,12 +7,17 @@ Arg: Protocols: HTTP Help: Write cookies to after operation Category: http -Example: -c store-here.txt $URL -Example: -c store-here.txt -b read-these $URL Added: 7.9 -See-also: cookie Multi: single +See-also: + - cookie +Example: + - -c store-here.txt $URL + - -c store-here.txt -b read-these $URL --- + +# `--cookie-jar` + Specify to which file you want curl to write all cookies after a completed operation. Curl writes all cookies from its in-memory cookie storage to the given file at the end of operations. If no cookies are known, no data is diff --git a/docs/cmdline-opts/cookie.d b/docs/cmdline-opts/cookie.md similarity index 71% rename from docs/cmdline-opts/cookie.d rename to docs/cmdline-opts/cookie.md index 0f858d661..d0a6d3539 100644 --- a/docs/cmdline-opts/cookie.d +++ b/docs/cmdline-opts/cookie.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Short: b @@ -6,12 +7,19 @@ Arg: Protocols: HTTP Help: Send cookies from string/file Category: http -Example: -b cookiefile $URL -Example: -b cookiefile -c cookiefile $URL -See-also: cookie-jar junk-session-cookies Added: 4.9 Multi: append +See-also: + - cookie-jar + - junk-session-cookies +Example: + - -b "" $URL + - -b cookiefile $URL + - -b cookiefile -c cookiefile $URL --- + +# `--cookie` + Pass the data to the HTTP server in the Cookie header. It is supposedly the data previously received from the server in a "Set-Cookie:" line. The data should be in the format "NAME1=VALUE1; NAME2=VALUE2". This makes curl use the @@ -23,8 +31,11 @@ If no '=' symbol is used in the argument, it is instead treated as a filename to read previously stored cookie from. This option also activates the cookie engine which makes curl record incoming cookies, which may be handy if you are using this in combination with the --location option or do multiple URL -transfers on the same invoke. If the file name is exactly a minus ("-"), curl -instead reads the contents from stdin. +transfers on the same invoke. + +If the file name is exactly a minus ("-"), curl instead reads the contents from +stdin. If the file name is an empty string ("") and is the only cookie input, +curl will activate the cookie engine without any cookies. The file format of the file to read cookies from should be plain HTTP headers (Set-Cookie style) or the Netscape/Mozilla cookie file format. @@ -40,3 +51,8 @@ the Netscape format. Users often want to both read cookies from a file and write updated cookies back to a file, so using both --cookie and --cookie-jar in the same command line is common. + +If curl is built with PSL (**Public Suffix List**) support, it detects and +discards cookies that are specified for such suffix domains that should not be +allowed to have cookies. If curl is *not* built with PSL support, it has no +ability to stop super cookies. diff --git a/docs/cmdline-opts/create-dirs.d b/docs/cmdline-opts/create-dirs.md similarity index 85% rename from docs/cmdline-opts/create-dirs.d rename to docs/cmdline-opts/create-dirs.md index 966b70384..de48807d4 100644 --- a/docs/cmdline-opts/create-dirs.d +++ b/docs/cmdline-opts/create-dirs.md @@ -1,13 +1,20 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: create-dirs Help: Create necessary local directory hierarchy Category: curl -Example: --create-dirs --output local/dir/file $URL Added: 7.10.3 -See-also: ftp-create-dirs output-dir Multi: boolean +See-also: + - ftp-create-dirs + - output-dir +Example: + - --create-dirs --output local/dir/file $URL --- + +# `--create-dirs` + When used in conjunction with the --output option, curl creates the necessary local directory hierarchy as needed. This option creates the directories mentioned with the --output option combined with the path possibly set with diff --git a/docs/cmdline-opts/create-file-mode.d b/docs/cmdline-opts/create-file-mode.md similarity index 78% rename from docs/cmdline-opts/create-file-mode.d rename to docs/cmdline-opts/create-file-mode.md index c0ebc08d4..c6467d15a 100644 --- a/docs/cmdline-opts/create-file-mode.d +++ b/docs/cmdline-opts/create-file-mode.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: create-file-mode @@ -5,11 +6,16 @@ Arg: Help: File mode for created files Protocols: SFTP SCP FILE Category: sftp scp file upload -See-also: ftp-create-dirs Added: 7.75.0 -Example: --create-file-mode 0777 -T localfile sftp://example.com/new Multi: single +See-also: + - ftp-create-dirs +Example: + - --create-file-mode 0777 -T localfile sftp://example.com/new --- + +# `--create-file-mode` + When curl is used to create files remotely using one of the supported protocols, this option allows the user to set which 'mode' to set on the file at creation time, instead of the default 0644. diff --git a/docs/cmdline-opts/crlf.d b/docs/cmdline-opts/crlf.md similarity index 78% rename from docs/cmdline-opts/crlf.d rename to docs/cmdline-opts/crlf.md index ea7fb1526..81a14ef6f 100644 --- a/docs/cmdline-opts/crlf.d +++ b/docs/cmdline-opts/crlf.md @@ -1,14 +1,20 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: crlf Help: Convert LF to CRLF in upload Protocols: FTP SMTP Category: ftp smtp -Example: --crlf -T file ftp://example.com/ Added: 5.7 -See-also: use-ascii Multi: boolean +See-also: + - use-ascii +Example: + - --crlf -T file ftp://example.com/ --- + +# `--crlf` + Convert line feeds to carriage return plus line feeds in upload. Useful for **MVS (OS/390)**. diff --git a/docs/cmdline-opts/crlfile.d b/docs/cmdline-opts/crlfile.md similarity index 78% rename from docs/cmdline-opts/crlfile.d rename to docs/cmdline-opts/crlfile.md index da0d239ba..16bd7b35b 100644 --- a/docs/cmdline-opts/crlfile.d +++ b/docs/cmdline-opts/crlfile.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: crlfile @@ -6,9 +7,15 @@ Protocols: TLS Help: Use this CRL list Added: 7.19.7 Category: tls -Example: --crlfile rejects.txt $URL -See-also: cacert capath Multi: single +See-also: + - cacert + - capath +Example: + - --crlfile rejects.txt $URL --- + +# `--crlfile` + Provide a file using PEM format with a Certificate Revocation List that may specify peer certificates that are to be considered revoked. diff --git a/docs/cmdline-opts/curves.d b/docs/cmdline-opts/curves.md similarity index 66% rename from docs/cmdline-opts/curves.d rename to docs/cmdline-opts/curves.md index 58d472d20..99f1ad48a 100644 --- a/docs/cmdline-opts/curves.d +++ b/docs/cmdline-opts/curves.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: curves @@ -6,14 +7,19 @@ Help: (EC) TLS key exchange algorithm(s) to request Protocols: TLS Added: 7.73.0 Category: tls -Example: --curves X25519 $URL -See-also: ciphers Multi: single +See-also: + - ciphers +Example: + - --curves X25519 $URL --- + +# `--curves` + Tells curl to request specific curves to use during SSL session establishment -according to RFC 8422, 5.1. Multiple algorithms can be provided by separating -them with ":" (e.g. "X25519:P-521"). The parameter is available identically -in the "openssl s_client/s_server" utilities. +according to RFC 8422, 5.1. Multiple algorithms can be provided by separating +them with `:` (e.g. `X25519:P-521`). The parameter is available identically in +the OpenSSL `s_client` and `s_server` utilities. --curves allows a OpenSSL powered curl to make SSL-connections with exactly the (EC) curve requested by the client, avoiding nontransparent client/server diff --git a/docs/cmdline-opts/data-ascii.d b/docs/cmdline-opts/data-ascii.md similarity index 68% rename from docs/cmdline-opts/data-ascii.d rename to docs/cmdline-opts/data-ascii.md index 5c7840bbc..124dee13c 100644 --- a/docs/cmdline-opts/data-ascii.d +++ b/docs/cmdline-opts/data-ascii.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: data-ascii @@ -5,9 +6,16 @@ Arg: Help: HTTP POST ASCII data Protocols: HTTP Category: http post upload -Example: --data-ascii @file $URL Added: 7.2 -See-also: data-binary data-raw data-urlencode Multi: append +See-also: + - data-binary + - data-raw + - data-urlencode +Example: + - --data-ascii @file $URL --- + +# `--data-ascii` + This is just an alias for --data. diff --git a/docs/cmdline-opts/data-binary.d b/docs/cmdline-opts/data-binary.md similarity index 90% rename from docs/cmdline-opts/data-binary.d rename to docs/cmdline-opts/data-binary.md index 2cedda97b..3d563fbdd 100644 --- a/docs/cmdline-opts/data-binary.d +++ b/docs/cmdline-opts/data-binary.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: data-binary @@ -5,11 +6,16 @@ Arg: Help: HTTP POST binary data Protocols: HTTP Category: http post upload -Example: --data-binary @filename $URL Added: 7.2 -See-also: data-ascii Multi: append +See-also: + - data-ascii +Example: + - --data-binary @filename $URL --- + +# `--data-binary` + This posts data exactly as specified with no extra processing whatsoever. If you start the data with the letter @, the rest should be a filename. Data diff --git a/docs/cmdline-opts/data-raw.d b/docs/cmdline-opts/data-raw.md similarity index 74% rename from docs/cmdline-opts/data-raw.d rename to docs/cmdline-opts/data-raw.md index e6a5a5b2b..2cb46938b 100644 --- a/docs/cmdline-opts/data-raw.d +++ b/docs/cmdline-opts/data-raw.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: data-raw @@ -5,11 +6,16 @@ Arg: Protocols: HTTP Help: HTTP POST data, '@' allowed Added: 7.43.0 -See-also: data Category: http post upload -Example: --data-raw "hello" $URL -Example: --data-raw "@at@at@" $URL Multi: append +See-also: + - data +Example: + - --data-raw "hello" $URL + - --data-raw "@at@at@" $URL --- + +# `--data-raw` + This posts data similarly to --data but without the special interpretation of the @ character. diff --git a/docs/cmdline-opts/data-urlencode.d b/docs/cmdline-opts/data-urlencode.md similarity index 82% rename from docs/cmdline-opts/data-urlencode.d rename to docs/cmdline-opts/data-urlencode.md index 3c436b26b..4d3f29813 100644 --- a/docs/cmdline-opts/data-urlencode.d +++ b/docs/cmdline-opts/data-urlencode.md @@ -1,42 +1,51 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: data-urlencode Arg: Help: HTTP POST data URL encoded Protocols: HTTP -See-also: data data-raw Added: 7.18.0 Category: http post upload -Example: --data-urlencode name=val $URL -Example: --data-urlencode =encodethis $URL -Example: --data-urlencode name@file $URL -Example: --data-urlencode @fileonly $URL Multi: append +See-also: + - data + - data-raw +Example: + - --data-urlencode name=val $URL + - --data-urlencode =encodethis $URL + - --data-urlencode name@file $URL + - --data-urlencode @fileonly $URL --- + +# `--data-urlencode` + This posts data, similar to the other --data options with the exception that this performs URL-encoding. To be CGI-compliant, the part should begin with a *name* followed by a separator and a content specification. The part can be passed to curl using one of the following syntaxes: -.RS -.IP "content" + +## content This makes curl URL-encode the content and pass that on. Just be careful so that the content does not contain any = or @ symbols, as that makes the syntax match one of the other cases below! -.IP "=content" + +## =content This makes curl URL-encode the content and pass that on. The preceding = symbol is not included in the data. -.IP "name=content" + +## name=content This makes curl URL-encode the content part and pass that on. Note that the name part is expected to be URL-encoded already. -.IP "@filename" + +## @filename This makes curl load data from the given file (including any newlines), URL-encode that data and pass it on in the POST. -.IP "name@filename" + +## name@filename This makes curl load data from the given file (including any newlines), URL-encode that data and pass it on in the POST. The name part gets an equal sign appended, resulting in *name=urlencoded-file-content*. Note that the name is expected to be URL-encoded already. -.RE -.IP diff --git a/docs/cmdline-opts/data.d b/docs/cmdline-opts/data.md similarity index 90% rename from docs/cmdline-opts/data.d rename to docs/cmdline-opts/data.md index f1d67b950..fb3b84872 100644 --- a/docs/cmdline-opts/data.d +++ b/docs/cmdline-opts/data.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: data @@ -5,15 +6,22 @@ Short: d Arg: Help: HTTP POST data Protocols: HTTP MQTT -See-also: data-binary data-urlencode data-raw Mutexed: form head upload-file Category: important http post upload -Example: -d "name=curl" $URL -Example: -d "name=curl" -d "tool=cmdline" $URL -Example: -d @filename $URL Added: 4.0 Multi: append +See-also: + - data-binary + - data-urlencode + - data-raw +Example: + - -d "name=curl" $URL + - -d "name=curl" -d "tool=cmdline" $URL + - -d @filename $URL --- + +# `--data` + Sends the specified data in a POST request to the HTTP server, in the same way that a browser does when a user has filled in an HTML form and presses the submit button. This makes curl pass the data to the server using the diff --git a/docs/cmdline-opts/delegation.d b/docs/cmdline-opts/delegation.md similarity index 80% rename from docs/cmdline-opts/delegation.d rename to docs/cmdline-opts/delegation.md index 794184934..3d6cff899 100644 --- a/docs/cmdline-opts/delegation.d +++ b/docs/cmdline-opts/delegation.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: delegation @@ -5,20 +6,26 @@ Arg: Help: GSS-API delegation permission Protocols: GSS/kerberos Category: auth -Example: --delegation "none" $URL Added: 7.22.0 -See-also: insecure ssl Multi: single +See-also: + - insecure + - ssl +Example: + - --delegation "none" $URL --- + +# `--delegation` + Set LEVEL to tell the server what it is allowed to delegate when it comes to user credentials. -.RS -.IP "none" + +## none Do not allow any delegation. -.IP "policy" + +## policy Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos service ticket, which is a matter of realm policy. -.IP "always" + +## always Unconditionally allow the server to delegate. -.RE -.IP diff --git a/docs/cmdline-opts/digest.d b/docs/cmdline-opts/digest.md similarity index 80% rename from docs/cmdline-opts/digest.d rename to docs/cmdline-opts/digest.md index f2ee551c5..f05c01fed 100644 --- a/docs/cmdline-opts/digest.d +++ b/docs/cmdline-opts/digest.md @@ -1,15 +1,23 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: digest Help: Use HTTP Digest Authentication Protocols: HTTP Mutexed: basic ntlm negotiate -See-also: user proxy-digest anyauth Category: proxy auth http -Example: -u name:password --digest $URL Added: 7.10.6 Multi: boolean +See-also: + - user + - proxy-digest + - anyauth +Example: + - -u name:password --digest $URL --- + +# `--digest` + Enables HTTP Digest authentication. This is an authentication scheme that prevents the password from being sent over the wire in clear text. Use this in combination with the normal --user option to set user name and password. diff --git a/docs/cmdline-opts/disable-eprt.d b/docs/cmdline-opts/disable-eprt.md similarity index 89% rename from docs/cmdline-opts/disable-eprt.d rename to docs/cmdline-opts/disable-eprt.md index b6d382baf..80ae05691 100644 --- a/docs/cmdline-opts/disable-eprt.d +++ b/docs/cmdline-opts/disable-eprt.md @@ -1,14 +1,21 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: disable-eprt Help: Inhibit using EPRT or LPRT Protocols: FTP Category: ftp -Example: --disable-eprt ftp://example.com/ Added: 7.10.5 -See-also: disable-epsv ftp-port Multi: boolean +See-also: + - disable-epsv + - ftp-port +Example: + - --disable-eprt ftp://example.com/ --- + +# `--disable-eprt` + Tell curl to disable the use of the EPRT and LPRT commands when doing active FTP transfers. Curl normally first attempts to use EPRT before using PORT, but with this option, it uses PORT right away. EPRT is an extension to the diff --git a/docs/cmdline-opts/disable-epsv.d b/docs/cmdline-opts/disable-epsv.md similarity index 85% rename from docs/cmdline-opts/disable-epsv.d rename to docs/cmdline-opts/disable-epsv.md index f02df763d..f4a8de8c0 100644 --- a/docs/cmdline-opts/disable-epsv.d +++ b/docs/cmdline-opts/disable-epsv.md @@ -1,14 +1,21 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: disable-epsv Help: Inhibit using EPSV Protocols: FTP Category: ftp -Example: --disable-epsv ftp://example.com/ Added: 7.9.2 -See-also: disable-eprt ftp-port Multi: boolean +See-also: + - disable-eprt + - ftp-port +Example: + - --disable-epsv ftp://example.com/ --- + +# `--disable-epsv` + Tell curl to disable the use of the EPSV command when doing passive FTP transfers. Curl normally first attempts to use EPSV before PASV, but with this option, it does not try EPSV. diff --git a/docs/cmdline-opts/disable.d b/docs/cmdline-opts/disable.md similarity index 87% rename from docs/cmdline-opts/disable.d rename to docs/cmdline-opts/disable.md index 979c03991..e22a2bb4a 100644 --- a/docs/cmdline-opts/disable.d +++ b/docs/cmdline-opts/disable.md @@ -1,14 +1,20 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: disable Short: q Help: Disable .curlrc Category: curl -Example: -q $URL Added: 5.0 -See-also: config Multi: boolean +See-also: + - config +Example: + - -q $URL --- + +# `--disable` + If used as the **first** parameter on the command line, the *curlrc* config file is not read or used. See the --config for details on the default config file search path. diff --git a/docs/cmdline-opts/disallow-username-in-url.d b/docs/cmdline-opts/disallow-username-in-url.md similarity index 73% rename from docs/cmdline-opts/disallow-username-in-url.d rename to docs/cmdline-opts/disallow-username-in-url.md index d0537db97..faa4d8834 100644 --- a/docs/cmdline-opts/disallow-username-in-url.d +++ b/docs/cmdline-opts/disallow-username-in-url.md @@ -1,13 +1,18 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: disallow-username-in-url Help: Disallow username in URL -Protocols: HTTP Added: 7.61.0 -See-also: proto -Category: curl http -Example: --disallow-username-in-url $URL +Category: curl Multi: boolean +See-also: + - proto +Example: + - --disallow-username-in-url $URL --- + +# `--disallow-username-in-url` + This tells curl to exit if passed a URL containing a username. This is probably most useful when the URL is being provided at runtime or similar. diff --git a/docs/cmdline-opts/dns-interface.d b/docs/cmdline-opts/dns-interface.md similarity index 79% rename from docs/cmdline-opts/dns-interface.d rename to docs/cmdline-opts/dns-interface.md index fd924b897..afc5573e5 100644 --- a/docs/cmdline-opts/dns-interface.d +++ b/docs/cmdline-opts/dns-interface.md @@ -1,16 +1,23 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: dns-interface Arg: Help: Interface to use for DNS requests Protocols: DNS -See-also: dns-ipv4-addr dns-ipv6-addr Added: 7.33.0 Requires: c-ares Category: dns -Example: --dns-interface eth0 $URL Multi: single +See-also: + - dns-ipv4-addr + - dns-ipv6-addr +Example: + - --dns-interface eth0 $URL --- + +# `--dns-interface` + Tell curl to send outgoing DNS requests through . This option is a counterpart to --interface (which does not affect DNS). The supplied string must be an interface name (not an address). diff --git a/docs/cmdline-opts/dns-ipv4-addr.d b/docs/cmdline-opts/dns-ipv4-addr.md similarity index 78% rename from docs/cmdline-opts/dns-ipv4-addr.d rename to docs/cmdline-opts/dns-ipv4-addr.md index 593055739..ff4163bc1 100644 --- a/docs/cmdline-opts/dns-ipv4-addr.d +++ b/docs/cmdline-opts/dns-ipv4-addr.md @@ -1,16 +1,23 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: dns-ipv4-addr Arg:
Help: IPv4 address to use for DNS requests Protocols: DNS -See-also: dns-interface dns-ipv6-addr Added: 7.33.0 Requires: c-ares Category: dns -Example: --dns-ipv4-addr 10.1.2.3 $URL Multi: single +See-also: + - dns-interface + - dns-ipv6-addr +Example: + - --dns-ipv4-addr 10.1.2.3 $URL --- + +# `--dns-ipv4-addr` + Tell curl to bind to a specific IP address when making IPv4 DNS requests, so that the DNS requests originate from this address. The argument should be a single IPv4 address. diff --git a/docs/cmdline-opts/dns-ipv6-addr.d b/docs/cmdline-opts/dns-ipv6-addr.md similarity index 77% rename from docs/cmdline-opts/dns-ipv6-addr.d rename to docs/cmdline-opts/dns-ipv6-addr.md index a76120cdc..7d4d1c1f5 100644 --- a/docs/cmdline-opts/dns-ipv6-addr.d +++ b/docs/cmdline-opts/dns-ipv6-addr.md @@ -1,16 +1,23 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: dns-ipv6-addr Arg:
Help: IPv6 address to use for DNS requests Protocols: DNS -See-also: dns-interface dns-ipv4-addr Added: 7.33.0 Requires: c-ares Category: dns -Example: --dns-ipv6-addr 2a04:4e42::561 $URL Multi: single +See-also: + - dns-interface + - dns-ipv4-addr +Example: + - --dns-ipv6-addr 2a04:4e42::561 $URL --- + +# `--dns-ipv6-addr` + Tell curl to bind to a specific IP address when making IPv6 DNS requests, so that the DNS requests originate from this address. The argument should be a single IPv6 address. diff --git a/docs/cmdline-opts/dns-servers.d b/docs/cmdline-opts/dns-servers.md similarity index 75% rename from docs/cmdline-opts/dns-servers.d rename to docs/cmdline-opts/dns-servers.md index bec23a3c3..3eab6668d 100644 --- a/docs/cmdline-opts/dns-servers.d +++ b/docs/cmdline-opts/dns-servers.md @@ -1,15 +1,23 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: dns-servers Arg: Help: DNS server addrs to use +Protocols: DNS Requires: c-ares Added: 7.33.0 Category: dns -Example: --dns-servers 192.168.0.1,192.168.0.2 $URL -See-also: dns-interface dns-ipv4-addr Multi: single +See-also: + - dns-interface + - dns-ipv4-addr +Example: + - --dns-servers 192.168.0.1,192.168.0.2 $URL --- + +# `--dns-servers` + Set the list of DNS servers to be used instead of the system default. The list of IP addresses should be separated with commas. Port numbers may also optionally be given as *:* after each IP diff --git a/docs/cmdline-opts/doh-cert-status.d b/docs/cmdline-opts/doh-cert-status.md similarity index 69% rename from docs/cmdline-opts/doh-cert-status.d rename to docs/cmdline-opts/doh-cert-status.md index 37ae0f827..efa9da75c 100644 --- a/docs/cmdline-opts/doh-cert-status.d +++ b/docs/cmdline-opts/doh-cert-status.md @@ -1,11 +1,17 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: doh-cert-status Help: Verify the status of the DoH server cert via OCSP-staple Added: 7.76.0 Category: dns tls -Example: --doh-cert-status --doh-url https://doh.example $URL -See-also: doh-insecure Multi: boolean +See-also: + - doh-insecure +Example: + - --doh-cert-status --doh-url https://doh.example $URL --- + +# `--doh-cert-status` + Same as --cert-status but used for DoH (DNS-over-HTTPS). diff --git a/docs/cmdline-opts/doh-insecure.d b/docs/cmdline-opts/doh-insecure.md similarity index 70% rename from docs/cmdline-opts/doh-insecure.d rename to docs/cmdline-opts/doh-insecure.md index dcc65fb6c..684428ddf 100644 --- a/docs/cmdline-opts/doh-insecure.d +++ b/docs/cmdline-opts/doh-insecure.md @@ -1,11 +1,17 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: doh-insecure Help: Allow insecure DoH server connections Added: 7.76.0 Category: dns tls -Example: --doh-insecure --doh-url https://doh.example $URL -See-also: doh-url Multi: boolean +See-also: + - doh-url +Example: + - --doh-insecure --doh-url https://doh.example $URL --- + +# `--doh-insecure` + Same as --insecure but used for DoH (DNS-over-HTTPS). diff --git a/docs/cmdline-opts/doh-url.d b/docs/cmdline-opts/doh-url.md similarity index 87% rename from docs/cmdline-opts/doh-url.d rename to docs/cmdline-opts/doh-url.md index 6d0dd1605..d12bf5194 100644 --- a/docs/cmdline-opts/doh-url.d +++ b/docs/cmdline-opts/doh-url.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: doh-url @@ -5,10 +6,15 @@ Arg: Help: Resolve host names over DoH Added: 7.62.0 Category: dns -Example: --doh-url https://doh.example $URL -See-also: doh-insecure Multi: single +See-also: + - doh-insecure +Example: + - --doh-url https://doh.example $URL --- + +# `--doh-url` + Specifies which DNS-over-HTTPS (DoH) server to use to resolve hostnames, instead of using the default name resolver mechanism. The URL must be HTTPS. diff --git a/docs/cmdline-opts/dump-header.d b/docs/cmdline-opts/dump-header.md similarity index 87% rename from docs/cmdline-opts/dump-header.d rename to docs/cmdline-opts/dump-header.md index 42a79e7dd..42d3e85ed 100644 --- a/docs/cmdline-opts/dump-header.d +++ b/docs/cmdline-opts/dump-header.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: dump-header @@ -5,12 +6,17 @@ Short: D Arg: Help: Write the received headers to Protocols: HTTP FTP -See-also: output Category: http ftp -Example: --dump-header store.txt $URL Added: 5.7 Multi: single +See-also: + - output +Example: + - --dump-header store.txt $URL --- + +# `--dump-header` + Write the received protocol headers to the specified file. If no headers are received, the use of this option creates an empty file. diff --git a/docs/cmdline-opts/egd-file.d b/docs/cmdline-opts/egd-file.md similarity index 83% rename from docs/cmdline-opts/egd-file.d rename to docs/cmdline-opts/egd-file.md index 4543ecf15..b68b7d496 100644 --- a/docs/cmdline-opts/egd-file.d +++ b/docs/cmdline-opts/egd-file.md @@ -1,15 +1,21 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: egd-file Arg: Help: EGD socket path for random data Protocols: TLS -See-also: random-file Category: tls -Example: --egd-file /random/here $URL Added: 7.7 Multi: single +See-also: + - random-file +Example: + - --egd-file /random/here $URL --- + +# `--egd-file` + Deprecated option (added in 7.84.0). Prior to that it only had an effect on curl if built to use old versions of OpenSSL. diff --git a/docs/cmdline-opts/engine.d b/docs/cmdline-opts/engine.md similarity index 82% rename from docs/cmdline-opts/engine.d rename to docs/cmdline-opts/engine.md index 1ebc779c0..511190023 100644 --- a/docs/cmdline-opts/engine.d +++ b/docs/cmdline-opts/engine.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: engine @@ -5,11 +6,17 @@ Arg: Help: Crypto engine to use Protocols: TLS Category: tls -Example: --engine flavor $URL Added: 7.9.3 -See-also: ciphers curves Multi: single +See-also: + - ciphers + - curves +Example: + - --engine flavor $URL --- + +# `--engine` + Select the OpenSSL crypto engine to use for cipher operations. Use --engine list to print a list of build-time supported engines. Note that not all (and possibly none) of the engines may be available at runtime. diff --git a/docs/cmdline-opts/etag-compare.d b/docs/cmdline-opts/etag-compare.md similarity index 86% rename from docs/cmdline-opts/etag-compare.d rename to docs/cmdline-opts/etag-compare.md index d3c48d17a..11c1d0e87 100644 --- a/docs/cmdline-opts/etag-compare.d +++ b/docs/cmdline-opts/etag-compare.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: etag-compare @@ -6,10 +7,16 @@ Help: Pass an ETag from a file as a custom header Protocols: HTTP Added: 7.68.0 Category: http -Example: --etag-compare etag.txt $URL -See-also: etag-save time-cond Multi: single +See-also: + - etag-save + - time-cond +Example: + - --etag-compare etag.txt $URL --- + +# `--etag-compare` + This option makes a conditional HTTP request for the specific ETag read from the given file by sending a custom If-None-Match header using the stored ETag. diff --git a/docs/cmdline-opts/etag-save.d b/docs/cmdline-opts/etag-save.md similarity index 81% rename from docs/cmdline-opts/etag-save.d rename to docs/cmdline-opts/etag-save.md index 6295a9e31..f6fb14a51 100644 --- a/docs/cmdline-opts/etag-save.d +++ b/docs/cmdline-opts/etag-save.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: etag-save @@ -6,10 +7,15 @@ Help: Parse ETag from a request and save it to a file Protocols: HTTP Added: 7.68.0 Category: http -Example: --etag-save storetag.txt $URL -See-also: etag-compare Multi: single +See-also: + - etag-compare +Example: + - --etag-save storetag.txt $URL --- + +# `--etag-save` + This option saves an HTTP ETag to the specified file. An ETag is a caching related header, usually returned in a response. diff --git a/docs/cmdline-opts/expect100-timeout.d b/docs/cmdline-opts/expect100-timeout.md similarity index 85% rename from docs/cmdline-opts/expect100-timeout.d rename to docs/cmdline-opts/expect100-timeout.md index f9a119bd9..9554568a7 100644 --- a/docs/cmdline-opts/expect100-timeout.d +++ b/docs/cmdline-opts/expect100-timeout.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: expect100-timeout @@ -5,11 +6,16 @@ Arg: Help: How long to wait for 100-continue Protocols: HTTP Added: 7.47.0 -See-also: connect-timeout Category: http -Example: --expect100-timeout 2.5 -T file $URL Multi: single +See-also: + - connect-timeout +Example: + - --expect100-timeout 2.5 -T file $URL --- + +# `--expect100-timeout` + Maximum time in seconds that you allow curl to wait for a 100-continue response when curl emits an Expects: 100-continue header in its request. By default curl waits one second. This option accepts decimal values! When diff --git a/docs/cmdline-opts/fail-early.d b/docs/cmdline-opts/fail-early.md similarity index 90% rename from docs/cmdline-opts/fail-early.d rename to docs/cmdline-opts/fail-early.md index 36b330999..b68160c20 100644 --- a/docs/cmdline-opts/fail-early.d +++ b/docs/cmdline-opts/fail-early.md @@ -1,14 +1,21 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: fail-early Help: Fail on first transfer error, do not continue Added: 7.52.0 Category: curl -Example: --fail-early $URL https://two.example -See-also: fail fail-with-body Multi: boolean Scope: global +See-also: + - fail + - fail-with-body +Example: + - --fail-early $URL https://two.example --- + +# `--fail-early` + Fail and exit on the first detected transfer error. When curl is used to do multiple transfers on the command line, it attempts to diff --git a/docs/cmdline-opts/fail-with-body.d b/docs/cmdline-opts/fail-with-body.md similarity index 87% rename from docs/cmdline-opts/fail-with-body.d rename to docs/cmdline-opts/fail-with-body.md index dddb86e22..e340cb034 100644 --- a/docs/cmdline-opts/fail-with-body.d +++ b/docs/cmdline-opts/fail-with-body.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: fail-with-body @@ -5,11 +6,17 @@ Protocols: HTTP Help: Fail on HTTP errors but save the body Category: http output Added: 7.76.0 -See-also: fail fail-early Mutexed: fail -Example: --fail-with-body $URL Multi: boolean +See-also: + - fail + - fail-early +Example: + - --fail-with-body $URL --- + +# `--fail-with-body` + Return an error on server errors where the HTTP response code is 400 or greater). In normal cases when an HTTP server fails to deliver a document, it returns an HTML document stating so (which often also describes why and diff --git a/docs/cmdline-opts/fail.d b/docs/cmdline-opts/fail.md similarity index 89% rename from docs/cmdline-opts/fail.d rename to docs/cmdline-opts/fail.md index 8196a908d..b8de4ebb2 100644 --- a/docs/cmdline-opts/fail.d +++ b/docs/cmdline-opts/fail.md @@ -1,16 +1,23 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: fail Short: f Protocols: HTTP Help: Fail fast with no output on HTTP errors -See-also: fail-with-body fail-early Category: important http -Example: --fail $URL Mutexed: fail-with-body Added: 4.0 Multi: boolean +See-also: + - fail-with-body + - fail-early +Example: + - --fail $URL --- + +# `--fail` + Fail fast with no output at all on server errors. This is useful to enable scripts and users to better deal with failed attempts. In normal cases when an HTTP server fails to deliver a document, it returns an HTML document stating diff --git a/docs/cmdline-opts/false-start.d b/docs/cmdline-opts/false-start.md similarity index 86% rename from docs/cmdline-opts/false-start.d rename to docs/cmdline-opts/false-start.md index 73240492b..d2697da53 100644 --- a/docs/cmdline-opts/false-start.d +++ b/docs/cmdline-opts/false-start.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: false-start @@ -5,10 +6,15 @@ Help: Enable TLS False Start Protocols: TLS Added: 7.42.0 Category: tls -Example: --false-start $URL -See-also: tcp-fastopen Multi: boolean +See-also: + - tcp-fastopen +Example: + - --false-start $URL --- + +# `--false-start` + Tells curl to use false start during the TLS handshake. False start is a mode where a TLS client starts sending application data before verifying the server's Finished message, thus saving a round trip when performing a full diff --git a/docs/cmdline-opts/form-escape.d b/docs/cmdline-opts/form-escape.md similarity index 75% rename from docs/cmdline-opts/form-escape.d rename to docs/cmdline-opts/form-escape.md index 304bfe814..62973f172 100644 --- a/docs/cmdline-opts/form-escape.d +++ b/docs/cmdline-opts/form-escape.md @@ -1,13 +1,19 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: form-escape Help: Escape multipart form field/file names using backslash Protocols: HTTP -See-also: form Added: 7.81.0 Category: http upload -Example: --form-escape -F 'field\\name=curl' -F 'file=@load"this' $URL Multi: single +See-also: + - form +Example: + - --form-escape -F 'field\name=curl' -F 'file=@load"this' $URL --- + +# `--form-escape` + Tells curl to pass on names of multipart form fields and files using backslash-escaping instead of percent-encoding. diff --git a/docs/cmdline-opts/form-string.d b/docs/cmdline-opts/form-string.md similarity index 87% rename from docs/cmdline-opts/form-string.d rename to docs/cmdline-opts/form-string.md index 6d7a500a4..d26c47142 100644 --- a/docs/cmdline-opts/form-string.d +++ b/docs/cmdline-opts/form-string.md @@ -1,15 +1,21 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: form-string Help: Specify multipart MIME data Protocols: HTTP SMTP IMAP Arg: -See-also: form Category: http upload -Example: --form-string "data" $URL Added: 7.13.2 Multi: append +See-also: + - form +Example: + - --form-string "data" $URL --- + +# `--form-string` + Similar to --form except that the value string for the named parameter is used literally. Leading '@' and '<' characters, and the ';type=' string in the value have no special meaning. Use this in preference to --form if diff --git a/docs/cmdline-opts/form.d b/docs/cmdline-opts/form.md similarity index 75% rename from docs/cmdline-opts/form.d rename to docs/cmdline-opts/form.md index e53e93ae0..0ba552136 100644 --- a/docs/cmdline-opts/form.d +++ b/docs/cmdline-opts/form.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: form @@ -7,11 +8,18 @@ Help: Specify multipart MIME data Protocols: HTTP SMTP IMAP Mutexed: data head upload-file Category: http upload -Example: --form "name=curl" --form "file=@loadthis" $URL Added: 5.0 -See-also: data form-string form-escape Multi: append +See-also: + - data + - form-string + - form-escape +Example: + - --form "name=curl" --form "file=@loadthis" $URL --- + +# `--form` + For HTTP protocol family, this lets curl emulate a filled-in form in which a user has pressed the submit button. This causes curl to POST data using the Content-Type multipart/form-data according to RFC 2388. @@ -37,38 +45,38 @@ such data is sent as chunks by HTTP and rejected by IMAP. Example: send an image to an HTTP server, where 'profile' is the name of the form-field to which the file **portrait.jpg** is the input: - curl -F profile=@portrait.jpg https://example.com/upload.cgi + curl -F profile=@portrait.jpg https://example.com/upload.cgi Example: send your name and shoe size in two text fields to the server: - curl -F name=John -F shoesize=11 https://example.com/ + curl -F name=John -F shoesize=11 https://example.com/ Example: send your essay in a text field to the server. Send it as a plain text field, but get the contents for it from a local file: - curl -F "story=HTML message;type=text/html' \\ - -F '=)' -F '=@textfile.txt' ... smtp://example.com + curl -F '=(;type=multipart/alternative' \ + -F '=plain text message' \ + -F '= HTML message;type=text/html' \ + -F '=)' -F '=@textfile.txt' ... smtp://example.com Data can be encoded for transfer using encoder=. Available encodings are *binary* and *8bit* that do nothing else than adding the corresponding @@ -128,7 +136,7 @@ characters. Example: send multipart mail with a quoted-printable text message and a base64 attached file: - curl -F '=text message;encoder=quoted-printable' \\ - -F '=@localfile;encoder=base64' ... smtp://example.com + curl -F '=text message;encoder=quoted-printable' \ + -F '=@localfile;encoder=base64' ... smtp://example.com See further examples and details in the MANUAL. diff --git a/docs/cmdline-opts/ftp-account.d b/docs/cmdline-opts/ftp-account.md similarity index 77% rename from docs/cmdline-opts/ftp-account.d rename to docs/cmdline-opts/ftp-account.md index eb669c562..2f3363943 100644 --- a/docs/cmdline-opts/ftp-account.d +++ b/docs/cmdline-opts/ftp-account.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: ftp-account @@ -6,9 +7,14 @@ Help: Account data string Protocols: FTP Added: 7.13.0 Category: ftp auth -Example: --ftp-account "mr.robot" ftp://example.com/ -See-also: user Multi: single +See-also: + - user +Example: + - --ftp-account "mr.robot" ftp://example.com/ --- + +# `--ftp-account` + When an FTP server asks for "account data" after user name and password has been provided, this data is sent off using the ACCT command. diff --git a/docs/cmdline-opts/ftp-alternative-to-user.d b/docs/cmdline-opts/ftp-alternative-to-user.md similarity index 78% rename from docs/cmdline-opts/ftp-alternative-to-user.d rename to docs/cmdline-opts/ftp-alternative-to-user.md index f030bcf59..9bd368600 100644 --- a/docs/cmdline-opts/ftp-alternative-to-user.d +++ b/docs/cmdline-opts/ftp-alternative-to-user.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: ftp-alternative-to-user @@ -6,10 +7,16 @@ Help: String to replace USER [name] Protocols: FTP Added: 7.15.5 Category: ftp -Example: --ftp-alternative-to-user "U53r" ftp://example.com -See-also: ftp-account user Multi: single +See-also: + - ftp-account + - user +Example: + - --ftp-alternative-to-user "U53r" ftp://example.com --- + +# `--ftp-alternative-to-user` + If authenticating with the USER and PASS commands fails, send this command. When connecting to Tumbleweed's Secure Transport server over FTPS using a client certificate, using "SITE AUTH" tells the server to retrieve the diff --git a/docs/cmdline-opts/ftp-create-dirs.d b/docs/cmdline-opts/ftp-create-dirs.md similarity index 77% rename from docs/cmdline-opts/ftp-create-dirs.d rename to docs/cmdline-opts/ftp-create-dirs.md index 7c64f0e21..5151e336c 100644 --- a/docs/cmdline-opts/ftp-create-dirs.d +++ b/docs/cmdline-opts/ftp-create-dirs.md @@ -1,14 +1,20 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: ftp-create-dirs Protocols: FTP SFTP Help: Create the remote dirs if not present -See-also: create-dirs Category: ftp sftp curl -Example: --ftp-create-dirs -T file ftp://example.com/remote/path/file Added: 7.10.7 Multi: boolean +See-also: + - create-dirs +Example: + - --ftp-create-dirs -T file ftp://example.com/remote/path/file --- + +# `--ftp-create-dirs` + When an FTP or SFTP URL/operation uses a path that does not currently exist on the server, the standard behavior of curl is to fail. Using this option, curl instead attempts to create missing directories. diff --git a/docs/cmdline-opts/ftp-method.d b/docs/cmdline-opts/ftp-method.md similarity index 77% rename from docs/cmdline-opts/ftp-method.d rename to docs/cmdline-opts/ftp-method.md index 8061d2b68..e4e346858 100644 --- a/docs/cmdline-opts/ftp-method.d +++ b/docs/cmdline-opts/ftp-method.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: ftp-method @@ -6,25 +7,30 @@ Help: Control CWD usage Protocols: FTP Added: 7.15.1 Category: ftp -Example: --ftp-method multicwd ftp://example.com/dir1/dir2/file -Example: --ftp-method nocwd ftp://example.com/dir1/dir2/file -Example: --ftp-method singlecwd ftp://example.com/dir1/dir2/file -See-also: list-only Multi: single +See-also: + - list-only +Example: + - --ftp-method multicwd ftp://example.com/dir1/dir2/file + - --ftp-method nocwd ftp://example.com/dir1/dir2/file + - --ftp-method singlecwd ftp://example.com/dir1/dir2/file --- + +# `--ftp-method` + Control what method curl should use to reach a file on an FTP(S) server. The method argument should be one of the following alternatives: -.RS -.IP multicwd + +## multicwd curl does a single CWD operation for each path part in the given URL. For deep hierarchies this means many commands. This is how RFC 1738 says it should be done. This is the default but the slowest behavior. -.IP nocwd + +## nocwd curl does no CWD at all. curl does SIZE, RETR, STOR etc and give a full path to the server for all these commands. This is the fastest behavior. -.IP singlecwd + +## singlecwd curl does one CWD with the full target directory and then operates on the file "normally" (like in the multicwd case). This is somewhat more standards compliant than 'nocwd' but without the full penalty of 'multicwd'. -.RE -.IP diff --git a/docs/cmdline-opts/ftp-pasv.d b/docs/cmdline-opts/ftp-pasv.md similarity index 86% rename from docs/cmdline-opts/ftp-pasv.d rename to docs/cmdline-opts/ftp-pasv.md index c43bf2bee..265a8e453 100644 --- a/docs/cmdline-opts/ftp-pasv.d +++ b/docs/cmdline-opts/ftp-pasv.md @@ -1,14 +1,20 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: ftp-pasv Help: Use PASV/EPSV instead of PORT Protocols: FTP Added: 7.11.0 -See-also: disable-epsv Category: ftp -Example: --ftp-pasv ftp://example.com/ Multi: boolean +See-also: + - disable-epsv +Example: + - --ftp-pasv ftp://example.com/ --- + +# `--ftp-pasv` + Use passive mode for the data connection. Passive is the internal default behavior, but using this option can be used to override a previous --ftp-port option. diff --git a/docs/cmdline-opts/ftp-port.d b/docs/cmdline-opts/ftp-port.md similarity index 65% rename from docs/cmdline-opts/ftp-port.d rename to docs/cmdline-opts/ftp-port.md index e1f4a1dba..e9ec59146 100644 --- a/docs/cmdline-opts/ftp-port.d +++ b/docs/cmdline-opts/ftp-port.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: ftp-port @@ -5,36 +6,45 @@ Arg:
Help: Use PORT instead of PASV Short: P Protocols: FTP -See-also: ftp-pasv disable-eprt Category: ftp -Example: -P - ftp:/example.com -Example: -P eth0 ftp:/example.com -Example: -P 192.168.0.2 ftp:/example.com Added: 4.0 Multi: single +See-also: + - ftp-pasv + - disable-eprt +Example: + - -P - ftp:/example.com + - -P eth0 ftp:/example.com + - -P 192.168.0.2 ftp:/example.com --- + +# `--ftp-port` + Reverses the default initiator/listener roles when connecting with FTP. This option makes curl use active mode. curl then tells the server to connect back to the client's specified address and port, while passive mode asks the server to setup an IP address and port for it to connect to.
should be one of: -.RS -.IP interface -e.g. "eth0" to specify which interface's IP address you want to use (Unix only) -.IP "IP address" -e.g. "192.168.10.1" to specify the exact IP address -.IP "host name" -e.g. "my.host.domain" to specify the machine -.IP "-" + +## interface +e.g. **eth0** to specify which interface's IP address you want to use (Unix only) + +## IP address +e.g. **192.168.10.1** to specify the exact IP address + +## host name +e.g. **my.host.domain** to specify the machine + +## - make curl pick the same IP address that is already used for the control -connection -.RE -.IP +connection. This is the recommended choice. + +## Disable the use of PORT with --ftp-pasv. Disable the attempt to use the EPRT command instead of PORT by using --disable-eprt. EPRT is really PORT++. -You can also append ":[start]-[end]\&" to the right of the address, to tell +You can also append ":[start]-[end]" to the right of the address, to tell curl what TCP port range to use. That means you specify a port range, from a lower to a higher number. A single number works as well, but do note that it increases the risk of failure since the port may not be available. diff --git a/docs/cmdline-opts/ftp-pret.d b/docs/cmdline-opts/ftp-pret.md similarity index 79% rename from docs/cmdline-opts/ftp-pret.d rename to docs/cmdline-opts/ftp-pret.md index 4bea99e6d..accbc226d 100644 --- a/docs/cmdline-opts/ftp-pret.d +++ b/docs/cmdline-opts/ftp-pret.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: ftp-pret @@ -5,10 +6,16 @@ Help: Send PRET before PASV Protocols: FTP Added: 7.20.0 Category: ftp -Example: --ftp-pret ftp://example.com/ -See-also: ftp-port ftp-pasv Multi: boolean +See-also: + - ftp-port + - ftp-pasv +Example: + - --ftp-pret ftp://example.com/ --- + +# `--ftp-pret` + Tell curl to send a PRET command before PASV (and EPSV). Certain FTP servers, mainly drftpd, require this non-standard command for directory listings as well as up and downloads in PASV mode. diff --git a/docs/cmdline-opts/ftp-skip-pasv-ip.d b/docs/cmdline-opts/ftp-skip-pasv-ip.md similarity index 84% rename from docs/cmdline-opts/ftp-skip-pasv-ip.d rename to docs/cmdline-opts/ftp-skip-pasv-ip.md index 3af9c6de4..ef94b34af 100644 --- a/docs/cmdline-opts/ftp-skip-pasv-ip.d +++ b/docs/cmdline-opts/ftp-skip-pasv-ip.md @@ -1,14 +1,20 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: ftp-skip-pasv-ip Help: Skip the IP address for PASV Protocols: FTP Added: 7.14.2 -See-also: ftp-pasv Category: ftp -Example: --ftp-skip-pasv-ip ftp://example.com/ Multi: boolean +See-also: + - ftp-pasv +Example: + - --ftp-skip-pasv-ip ftp://example.com/ --- + +# `--ftp-skip-pasv-ip` + Tell curl to not use the IP address the server suggests in its response to curl's PASV command when curl connects the data connection. Instead curl reuses the same IP address it already uses for the control connection. diff --git a/docs/cmdline-opts/ftp-ssl-ccc-mode.d b/docs/cmdline-opts/ftp-ssl-ccc-mode.md similarity index 78% rename from docs/cmdline-opts/ftp-ssl-ccc-mode.d rename to docs/cmdline-opts/ftp-ssl-ccc-mode.md index ae9af9429..5f428dc0f 100644 --- a/docs/cmdline-opts/ftp-ssl-ccc-mode.d +++ b/docs/cmdline-opts/ftp-ssl-ccc-mode.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: ftp-ssl-ccc-mode @@ -5,11 +6,16 @@ Arg: Help: Set CCC mode Protocols: FTP Added: 7.16.2 -See-also: ftp-ssl-ccc Category: ftp tls -Example: --ftp-ssl-ccc-mode active --ftp-ssl-ccc ftps://example.com/ Multi: boolean +See-also: + - ftp-ssl-ccc +Example: + - --ftp-ssl-ccc-mode active --ftp-ssl-ccc ftps://example.com/ --- + +# `--ftp-ssl-ccc-mode` + Sets the CCC mode. The passive mode does not initiate the shutdown, but instead waits for the server to do it, and does not reply to the shutdown from the server. The active mode initiates the shutdown and waits for a reply from diff --git a/docs/cmdline-opts/ftp-ssl-ccc.d b/docs/cmdline-opts/ftp-ssl-ccc.md similarity index 80% rename from docs/cmdline-opts/ftp-ssl-ccc.d rename to docs/cmdline-opts/ftp-ssl-ccc.md index 33ae83b1c..d477606fe 100644 --- a/docs/cmdline-opts/ftp-ssl-ccc.d +++ b/docs/cmdline-opts/ftp-ssl-ccc.md @@ -1,14 +1,21 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: ftp-ssl-ccc Help: Send CCC after authenticating Protocols: FTP -See-also: ssl ftp-ssl-ccc-mode Added: 7.16.1 Category: ftp tls -Example: --ftp-ssl-ccc ftps://example.com/ Multi: boolean +See-also: + - ssl + - ftp-ssl-ccc-mode +Example: + - --ftp-ssl-ccc ftps://example.com/ --- + +# `--ftp-ssl-ccc` + Use CCC (Clear Command Channel) Shuts down the SSL/TLS layer after authenticating. The rest of the control channel communication is be unencrypted. This allows NAT routers to follow the FTP transaction. The diff --git a/docs/cmdline-opts/ftp-ssl-control.d b/docs/cmdline-opts/ftp-ssl-control.md similarity index 66% rename from docs/cmdline-opts/ftp-ssl-control.d rename to docs/cmdline-opts/ftp-ssl-control.md index b89577927..ace1ab29f 100644 --- a/docs/cmdline-opts/ftp-ssl-control.d +++ b/docs/cmdline-opts/ftp-ssl-control.md @@ -1,3 +1,4 @@ +--- c: Copyright (C) Daniel Stenberg, , et al. SPDX-License-Identifier: curl Long: ftp-ssl-control @@ -5,10 +6,15 @@ Help: Require SSL/TLS for FTP login, clear for transfer Protocols: FTP Added: 7.16.0 Category: ftp tls -Example: --ftp-ssl-control ftp://example.com -See-also: ssl Multi: boolean +See-also: + - ssl +Example: + - --ftp-ssl-control ftp://example.com --- -Require SSL/TLS for the FTP login, clear for transfer. Allows secure -authentication, but non-encrypted data transfers for efficiency. Fails the + +# `--ftp-ssl-control` + +Require SSL/TLS for the FTP login, clear for transfer. Allows secure +authentication, but non-encrypted data transfers for efficiency. Fails the transfer if the server does not support SSL/TLS. diff --git a/docs/cmdline-opts/gen.pl b/docs/cmdline-opts/gen.pl index 8b9b98bb2..f4dcce8ae 100644 --- a/docs/cmdline-opts/gen.pl +++ b/docs/cmdline-opts/gen.pl @@ -48,8 +48,14 @@ my %protolong; my %catlong; use POSIX qw(strftime); -my $date = strftime "%B %d %Y", localtime; -my $year = strftime "%Y", localtime; +my @ts; +if (defined($ENV{SOURCE_DATE_EPOCH})) { + @ts = localtime($ENV{SOURCE_DATE_EPOCH}); +} else { + @ts = localtime; +} +my $date = strftime "%B %d %Y", @ts; +my $year = strftime "%Y", @ts; my $version = "unknown"; my $globals; @@ -84,52 +90,8 @@ sub printdesc { my @desc = @_; my $exam = 0; for my $d (@desc) { - if($d =~ /\(Added in ([0-9.]+)\)/i) { - my $ver = $1; - if(too_old($ver)) { - $d =~ s/ *\(Added in $ver\)//gi; - } - } - if($d !~ /^.\\"/) { - # **bold** - $d =~ s/\*\*([^ ]*)\*\*/\\fB$1\\fP/g; - # *italics* - $d =~ s/\*([^ ]*)\*/\\fI$1\\fP/g; - } - if(!$exam && ($d =~ /^ /)) { - # start of example - $exam = 1; - print ".nf\n"; # no-fill - } - elsif($exam && ($d !~ /^ /)) { - # end of example - $exam = 0; - print ".fi\n"; # fill-in - } - # skip lines starting with space (examples) - if($d =~ /^[^ ]/ && $d =~ /--/) { - # scan for options in longest-names first order - for my $k (sort {length($b) <=> length($a)} keys %optlong) { - # --tlsv1 is complicated since --tlsv1.2 etc are also - # acceptable options! - if(($k eq "tlsv1") && ($d =~ /--tlsv1\.[0-9]\\f/)) { - next; - } - my $l = manpageify($k); - $d =~ s/\-\-$k([^a-z0-9-])/$l$1/g; - } - } - # quote minuses in the output - $d =~ s/([^\\])-/$1\\-/g; - # replace single quotes - $d =~ s/\'/\\(aq/g; - # handle double quotes first on the line - $d =~ s/^(\s*)\"/$1\\(dq/; print $d; } - if($exam) { - print ".fi\n"; # fill-in - } } sub seealso { @@ -194,9 +156,173 @@ sub added { } } +sub render { + my ($fh, $f, $line) = @_; + my @desc; + my $tablemode = 0; + my $header = 0; + # if $top is TRUE, it means a top-level page and not a command line option + my $top = ($line == 1); + my $quote; + $start = 0; + + while(<$fh>) { + my $d = $_; + $line++; + if($d =~ /^\.(SH|BR|IP|B)/) { + print STDERR "$f:$line:1:ERROR: nroff instruction in input: \".$1\"\n"; + return 4; + } + if(/^ * +# NAME + +libcurl-security - security considerations when using libcurl + +# Security + The libcurl project takes security seriously. The library is written with caution and precautions are taken to mitigate many kinds of risks encountered while operating with potentially malicious servers on the Internet. It is a @@ -43,17 +30,21 @@ classes of attacks that robust applications should consider. The Common Weakness Enumeration project at https://cwe.mitre.org/ is a good reference for many of these and similar types of weaknesses of which application writers should be aware. -.SH "Command Lines" + +# Command Lines + If you use a command line tool (such as curl) that uses libcurl, and you give options to the tool on the command line those options can get read by other -users of your system when they use \fIps\fP or other tools to list currently +users of your system when they use *ps* or other tools to list currently running processes. To avoid these problems, never feed sensitive things to programs using command -line options. Write them to a protected file and use the \-K option to avoid +line options. Write them to a protected file and use the -K option to avoid this. -.SH ".netrc" -\&.netrc is a pretty handy file/feature that allows you to login quickly and + +# .netrc + +.netrc is a pretty handy file/feature that allows you to login quickly and automatically to frequently visited sites. The file contains passwords in clear text and is a real security risk. In some cases, your .netrc is also stored in a home directory that is NFS mounted or used on another network @@ -65,11 +56,13 @@ URL might then be possible to pass on passwords. To avoid these problems, do not use .netrc files and never store passwords in plain text anywhere. -.SH "Clear Text Passwords" + +# Clear Text Passwords + Many of the protocols libcurl supports send name and password unencrypted as clear text (HTTP Basic authentication, FTP, TELNET etc). It is easy for anyone on your network or a network nearby yours to just fire up a network analyzer -tool and eavesdrop on your passwords. do not let the fact that HTTP Basic uses +tool and eavesdrop on your passwords. Do not let the fact that HTTP Basic uses base64 encoded passwords fool you. They may not look readable at a first glance, but they are easily "deciphered" by anyone within seconds. @@ -77,11 +70,13 @@ To avoid this problem, use an authentication mechanism or other protocol that does not let snoopers see your password: Digest, CRAM-MD5, Kerberos, SPNEGO or NTLM authentication. Or even better: use authenticated protocols that protect the entire connection and everything sent over it. -.SH "Unauthenticated Connections" + +# Unauthenticated Connections + Protocols that do not have any form of cryptographic authentication cannot with any certainty know that they communicate with the right remote server. -If your application is using a fixed scheme or fixed host name, it is not safe +If your application is using a fixed scheme or fixed hostname, it is not safe as long as the connection is unauthenticated. There can be a man-in-the-middle or in fact the whole server might have been replaced by an evil actor. @@ -91,12 +86,18 @@ before it reaches the intended server. If it even reaches the intended server at all. Remedies: -.IP "Restrict operations to authenticated transfers" + +## Restrict operations to authenticated transfers + Use authenticated protocols protected with HTTPS or SSH. -.IP "Make sure the server's certificate etc is verified" + +## Make sure the server's certificate etc is verified + Never ever switch off certificate verification. -.SH "Redirects" -The \fICURLOPT_FOLLOWLOCATION(3)\fP option automatically follows HTTP + +# Redirects + +The CURLOPT_FOLLOWLOCATION(3) option automatically follows HTTP redirects sent by a remote server. These redirects can refer to any kind of URL, not just HTTP. libcurl restricts the protocols allowed to be used in redirects for security reasons: only HTTP, HTTPS, FTP and FTPS are @@ -106,64 +107,68 @@ A redirect to a file: URL would cause the libcurl to read (or write) arbitrary files from the local filesystem. If the application returns the data back to the user (as would happen in some kinds of CGI scripts), an attacker could leverage this to read otherwise forbidden data (e.g. -\fBfile://localhost/etc/passwd\fP). +**file://localhost/etc/passwd**). If authentication credentials are stored in the ~/.netrc file, or Kerberos is in use, any other URL type (not just file:) that requires authentication is -also at risk. A redirect such as ftp://some-internal-server/private-file would +also at risk. A redirect such as **ftp://some-internal-server/private-file** would then return data even when the server is password protected. In the same way, if an unencrypted SSH private key has been configured for the user running the libcurl application, SCP: or SFTP: URLs could access password or private-key protected resources, -e.g. \fBsftp://user@some-internal-server/etc/passwd\fP +e.g. **sftp://user@some-internal-server/etc/passwd** -The \fICURLOPT_REDIR_PROTOCOLS(3)\fP and \fICURLOPT_NETRC(3)\fP options can be +The CURLOPT_REDIR_PROTOCOLS(3) and CURLOPT_NETRC(3) options can be used to mitigate against this kind of attack. A redirect can also specify a location available only on the machine running libcurl, including servers hidden behind a firewall from the attacker. -e.g. http://127.0.0.1/ or http://intranet/delete-stuff.cgi?delete=all or -tftp://bootp-server/pc-config-data +E.g. **http://127.0.0.1/** or **http://intranet/delete-stuff.cgi?delete=all** or +**tftp://bootp-server/pc-config-data** Applications can mitigate against this by disabling -\fICURLOPT_FOLLOWLOCATION(3)\fP and handling redirects itself, sanitizing URLs -as necessary. Alternately, an app could leave \fICURLOPT_FOLLOWLOCATION(3)\fP -enabled but set \fICURLOPT_REDIR_PROTOCOLS(3)\fP and install a -\fICURLOPT_OPENSOCKETFUNCTION(3)\fP or \fICURLOPT_PREREQFUNCTION(3)\fP callback +CURLOPT_FOLLOWLOCATION(3) and handling redirects itself, sanitizing URLs +as necessary. Alternately, an app could leave CURLOPT_FOLLOWLOCATION(3) +enabled but set CURLOPT_REDIR_PROTOCOLS(3) and install a +CURLOPT_OPENSOCKETFUNCTION(3) or CURLOPT_PREREQFUNCTION(3) callback function in which addresses are sanitized before use. -.SH "CRLF in Headers" + +# CRLF in Headers + For all options in libcurl which specify headers, including but not limited to -\fICURLOPT_HTTPHEADER(3)\fP, \fICURLOPT_PROXYHEADER(3)\fP, -\fICURLOPT_COOKIE(3)\fP, \fICURLOPT_USERAGENT(3)\fP, \fICURLOPT_REFERER(3)\fP -and \fICURLOPT_RANGE(3)\fP, libcurl sends the headers as-is and does not apply +CURLOPT_HTTPHEADER(3), CURLOPT_PROXYHEADER(3), +CURLOPT_COOKIE(3), CURLOPT_USERAGENT(3), CURLOPT_REFERER(3) +and CURLOPT_RANGE(3), libcurl sends the headers as-is and does not apply any special sanitation or normalization to them. If you allow untrusted user input into these options without sanitizing CRLF sequences in them, someone malicious may be able to modify the request in a way you did not intend such as injecting new headers. -.SH "Local Resources" + +# Local Resources + A user who can control the DNS server of a domain being passed in within a URL can change the address of the host to a local, private address which a -server-side libcurl-using application could then use. e.g. the innocuous URL -\fBhttp://fuzzybunnies.example.com/\fP could actually resolve to the IP +server-side libcurl-using application could then use. E.g. the innocuous URL +**http://fuzzybunnies.example.com/** could actually resolve to the IP address of a server behind a firewall, such as 127.0.0.1 or 10.1.2.3. Applications can mitigate against this by setting a -\fICURLOPT_OPENSOCKETFUNCTION(3)\fP or \fICURLOPT_PREREQFUNCTION(3)\fP and +CURLOPT_OPENSOCKETFUNCTION(3) or CURLOPT_PREREQFUNCTION(3) and checking the address before a connection. All the malicious scenarios regarding redirected URLs apply just as well to non-redirected URLs, if the user is allowed to specify an arbitrary URL that could point to a private resource. For example, a web app providing a -translation service might happily translate \fBfile://localhost/etc/passwd\fP +translation service might happily translate **file://localhost/etc/passwd** and display the result. Applications can mitigate against this with the -\fICURLOPT_PROTOCOLS(3)\fP option as well as by similar mitigation techniques +CURLOPT_PROTOCOLS(3) option as well as by similar mitigation techniques for redirections. A malicious FTP server could in response to the PASV command return an IP address and port number for a server local to the app running libcurl but behind a firewall. Applications can mitigate against this by using the -\fICURLOPT_FTP_SKIP_PASV_IP(3)\fP option or \fICURLOPT_FTPPORT(3)\fP. +CURLOPT_FTP_SKIP_PASV_IP(3) option or CURLOPT_FTPPORT(3). Local servers sometimes assume local access comes from friends and trusted users. An application that expects https://example.com/file_to_read that and @@ -174,61 +179,75 @@ Allowing your application to connect to local hosts, be it the same machine that runs the application or a machine on the same local network, might be possible to exploit by an attacker who then perhaps can "port-scan" the particular hosts - depending on how the application and servers acts. -.SH "IPv4 Addresses" + +# IPv4 Addresses + Some users might be tempted to filter access to local resources or similar based on numerical IPv4 addresses used in URLs. This is a bad and error-prone idea because of the many different ways a numerical IPv4 address can be specified and libcurl accepts: one to four dot-separated fields using one of or a mix of decimal, octal or hexadecimal encoding. -.SH "IPv6 Addresses" + +# IPv6 Addresses + libcurl handles IPv6 addresses transparently and just as easily as IPv4 addresses. That means that a sanitizing function that filters out addresses -like 127.0.0.1 is not sufficient - the equivalent IPv6 addresses \fB::1\fP, -\fB::\fP, \fB0:00::0:1\fP, \fB::127.0.0.1\fP and \fB::ffff:7f00:1\fP supplied +like 127.0.0.1 is not sufficient - the equivalent IPv6 addresses **::1**, +**::**, **0:00::0:1**, **::127.0.0.1** and **::ffff:7f00:1** supplied somehow by an attacker would all bypass a naive filter and could allow access to undesired local resources. IPv6 also has special address blocks like link-local and site-local that generally should not be accessed by a server-side libcurl-using application. A poorly configured firewall installed in a data center, organization or server may also be configured to limit IPv4 connections but leave IPv6 connections wide open. In some cases, setting -\fICURLOPT_IPRESOLVE(3)\fP to CURL_IPRESOLVE_V4 can be used to limit resolved +CURLOPT_IPRESOLVE(3) to CURL_IPRESOLVE_V4 can be used to limit resolved addresses to IPv4 only and bypass these issues. -.SH Uploads + +# Uploads + When uploading, a redirect can cause a local (or remote) file to be overwritten. Applications must not allow any unsanitized URL to be passed in -for uploads. Also, \fICURLOPT_FOLLOWLOCATION(3)\fP should not be used on +for uploads. Also, CURLOPT_FOLLOWLOCATION(3) should not be used on uploads. Instead, the applications should consider handling redirects itself, sanitizing each URL first. -.SH Authentication -Use of \fICURLOPT_UNRESTRICTED_AUTH(3)\fP could cause authentication + +# Authentication + +Use of CURLOPT_UNRESTRICTED_AUTH(3) could cause authentication information to be sent to an unknown second server. Applications can mitigate -against this by disabling \fICURLOPT_FOLLOWLOCATION(3)\fP and handling +against this by disabling CURLOPT_FOLLOWLOCATION(3) and handling redirects itself, sanitizing where necessary. -Use of the CURLAUTH_ANY option to \fICURLOPT_HTTPAUTH(3)\fP could result in +Use of the CURLAUTH_ANY option to CURLOPT_HTTPAUTH(3) could result in user name and password being sent in clear text to an HTTP server. Instead, use CURLAUTH_ANYSAFE which ensures that the password is encrypted over the network, or else fail the request. -Use of the CURLUSESSL_TRY option to \fICURLOPT_USE_SSL(3)\fP could result in +Use of the CURLUSESSL_TRY option to CURLOPT_USE_SSL(3) could result in user name and password being sent in clear text to an FTP server. Instead, use CURLUSESSL_CONTROL to ensure that an encrypted connection is used or else fail the request. -.SH Cookies + +# Cookies + If cookies are enabled and cached, then a user could craft a URL which performs some malicious action to a site whose authentication is already -stored in a cookie. e.g. http://mail.example.com/delete-stuff.cgi?delete=all -Applications can mitigate against this by disabling cookies or clearing them -between requests. -.SH "Dangerous SCP URLs" +stored in a cookie. E.g. +**http://mail.example.com/delete-stuff.cgi?delete=all** Applications can +mitigate against this by disabling cookies or clearing them between requests. + +# Dangerous SCP URLs + SCP URLs can contain raw commands within the scp: URL, which is a side effect -of how the SCP protocol is designed. e.g. -.nf +of how the SCP protocol is designed. E.g. +~~~ scp://user:pass@host/a;date >/tmp/test; -.fi +~~~ Applications must not allow unsanitized SCP: URLs to be passed in for downloads. -.SH "file://" + +# file:// + By default curl and libcurl support file:// URLs. Such a URL is always an access, or attempted access, to a local resource. If your application wants to avoid that, keep control of what URLs to use and/or prevent curl/libcurl from @@ -236,7 +255,8 @@ using the protocol. By default, libcurl prohibits redirects to file:// URLs. -.SH "Warning: file:// on Windows" +# Warning: file:// on Windows + The Windows operating system tries automatically, and without any way for applications to disable it, to establish a connection to another host over the network and access it (over SMB or other protocols), if only the correct file @@ -261,7 +281,9 @@ If you use curl or libcurl on Windows (any version), disable the use of the FILE protocol in curl or be prepared that accesses to a range of "magic paths" potentially make your system access other hosts on your network. curl cannot protect you against this. -.SH "What if the user can set the URL" + +# What if the user can set the URL + Applications may find it tempting to let users set the URL that it can work on. That is probably fine, but opens up for mischief and trickery that you as an application author may want to address or take precautions against. @@ -279,14 +301,22 @@ particular scheme in the URL but point to a server doing a different protocol on a non-standard port. Remedies: -.IP "Use --proto" -curl command lines can use \fI--proto\fP to limit what URL schemes it accepts -.IP "Use CURLOPT_PROTOCOLS" -libcurl programs can use \fICURLOPT_PROTOCOLS(3)\fP to limit what URL schemes it accepts -.IP "consider not allowing the user to set the full URL" + +## Use --proto + +curl command lines can use *--proto* to limit what URL schemes it accepts + +## Use CURLOPT_PROTOCOLS + +libcurl programs can use CURLOPT_PROTOCOLS(3) to limit what URL schemes it accepts + +## consider not allowing the user to set the full URL + Maybe just let the user provide data for parts of it? Or maybe filter input to only allow specific choices? -.SH "RFC 3986 vs WHATWG URL" + +# RFC 3986 vs WHATWG URL + curl supports URLs mostly according to how they are defined in RFC 3986, and has done so since the beginning. @@ -299,9 +329,11 @@ assumptions about a link. This can mislead users into getting the wrong thing, connecting to the wrong host or otherwise not working identically. Within an application, this can be mitigated by always using the -\fIcurl_url(3)\fP API to parse URLs, ensuring that they are parsed the same way +curl_url(3) API to parse URLs, ensuring that they are parsed the same way as within libcurl itself. -.SH "FTP uses two connections" + +# FTP uses two connections + When performing an FTP transfer, two TCP connections are used: one for setting up the transfer and one for the actual data. @@ -330,46 +362,55 @@ instead of back to curl. The fact that FTP uses two connections makes it vulnerable in a way that is hard to avoid. -.SH "Denial of Service" + +# Denial of Service + A malicious server could cause libcurl to effectively hang by sending data slowly, or even no data at all but just keeping the TCP connection open. This could effectively result in a denial-of-service attack. The -\fICURLOPT_TIMEOUT(3)\fP and/or \fICURLOPT_LOW_SPEED_LIMIT(3)\fP options can +CURLOPT_TIMEOUT(3) and/or CURLOPT_LOW_SPEED_LIMIT(3) options can be used to mitigate against this. A malicious server could cause libcurl to download an infinite amount of data, potentially causing all of memory or disk to be filled. Setting the -\fICURLOPT_MAXFILESIZE_LARGE(3)\fP option is not sufficient to guard against +CURLOPT_MAXFILESIZE_LARGE(3) option is not sufficient to guard against this. Instead, applications should monitor the amount of data received within the write or progress callback and abort once the limit is reached. A malicious HTTP server could cause an infinite redirection loop, causing a denial-of-service. This can be mitigated by using the -\fICURLOPT_MAXREDIRS(3)\fP option. -.SH "Arbitrary Headers" +CURLOPT_MAXREDIRS(3) option. + +# Arbitrary Headers + User-supplied data must be sanitized when used in options like -\fICURLOPT_USERAGENT(3)\fP, \fICURLOPT_HTTPHEADER(3)\fP, -\fICURLOPT_POSTFIELDS(3)\fP and others that are used to generate structured +CURLOPT_USERAGENT(3), CURLOPT_HTTPHEADER(3), +CURLOPT_POSTFIELDS(3) and others that are used to generate structured data. Characters like embedded carriage returns or ampersands could allow the user to create additional headers or fields that could cause malicious transactions. -.SH "Server-supplied Names" + +# Server-supplied Names + A server can supply data which the application may, in some cases, use as a -file name. The curl command-line tool does this with -\fI--remote-header-name\fP, using the Content-disposition: header to generate -a file name. An application could also use \fICURLINFO_EFFECTIVE_URL(3)\fP to -generate a file name from a server-supplied redirect URL. Special care must be -taken to sanitize such names to avoid the possibility of a malicious server -supplying one like \fB"/etc/passwd"\fP, \fB"\\autoexec.bat"\fP, \fB"prn:"\fP -or even \fB".bashrc"\fP. -.SH "Server Certificates" -A secure application should never use the \fICURLOPT_SSL_VERIFYPEER(3)\fP +filename. The curl command-line tool does this with *--remote-header-name*, +using the Content-disposition: header to generate a filename. An application +could also use CURLINFO_EFFECTIVE_URL(3) to generate a filename from a +server-supplied redirect URL. Special care must be taken to sanitize such +names to avoid the possibility of a malicious server supplying one like +**"/etc/passwd"**, **"autoexec.bat"**, **"prn:"** or even **".bashrc"**. + +# Server Certificates + +A secure application should never use the CURLOPT_SSL_VERIFYPEER(3) option to disable certificate validation. There are numerous attacks that are enabled by applications that fail to properly validate server TLS/SSL certificates, thus enabling a malicious server to spoof a legitimate one. HTTPS without validated certificates is potentially as insecure as a plain HTTP connection. -.SH "Showing What You Do" + +# Showing What You Do + Relatedly, be aware that in situations when you have problems with libcurl and ask someone for help, everything you reveal in order to get best possible help might also impose certain security related risks. Host names, user names, @@ -385,7 +426,9 @@ sensitive data. To avoid this problem, you must of course use your common sense. Often, you can just edit out the sensitive data or just search/replace your true information with faked data. -.SH "setuid applications using libcurl" + +# setuid applications using libcurl + libcurl-using applications that set the 'setuid' bit to run with elevated or modified rights also implicitly give that extra power to libcurl and this should only be done after careful considerations. @@ -397,16 +440,20 @@ that the user is otherwise not able to view (like credentials for a login etc), it should be noted that libcurl still might understand proxy environment variables that allow the user to redirect libcurl operations to use a proxy controlled by the user. -.SH "File descriptors, fork and NTLM" -An application that uses libcurl and invokes \fIfork()\fP gets all file + +# File descriptors, fork and NTLM + +An application that uses libcurl and invokes *fork()* gets all file descriptors duplicated in the child process, including the ones libcurl created. -libcurl itself uses \fIfork()\fP and \fIexecl()\fP if told to use the -\fBCURLAUTH_NTLM_WB\fP authentication method which then invokes the helper +libcurl itself uses *fork()* and *execl()* if told to use the +**CURLAUTH_NTLM_WB** authentication method which then invokes the helper command in a child process with file descriptors duplicated. Make sure that only the trusted and reliable helper program is invoked! -.SH "Secrets in memory" + +# Secrets in memory + When applications pass user names, passwords or other sensitive data to libcurl to be used for upcoming transfers, those secrets are kept around as-is in memory. In many cases they are stored in the heap for as long as the handle @@ -418,10 +465,23 @@ core dump file, such data might be accessible. Further, when eventually closing a handle and the secrets are no longer needed, libcurl does not explicitly clear memory before freeing it, so credentials may be left in freed data. -.SH "Saving files" + +# Saving files + libcurl cannot protect against attacks where an attacker has write access to the same directory where libcurl is directed to save files. -.SH "Report Security Problems" + +# Cookies + +If libcurl is built with PSL (**Public Suffix List**) support, it detects and +discards cookies that are specified for such suffix domains that should not be +allowed to have cookies. + +if libcurl is *not* built with PSL support, it has no ability to stop super +cookies. + +# Report Security Problems + Should you detect or just suspect a security problem in libcurl or curl, contact the project curl security team immediately. See https://curl.se/dev/secprocess.html for details. diff --git a/docs/libcurl/libcurl-share.md b/docs/libcurl/libcurl-share.md new file mode 100644 index 000000000..e244b9726 --- /dev/null +++ b/docs/libcurl/libcurl-share.md @@ -0,0 +1,62 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: libcurl-share +Section: 3 +Source: libcurl +See-also: + - curl_share_cleanup (3) + - curl_share_init (3) + - curl_share_setopt (3) + - libcurl-easy (3) + - libcurl-errors (3) + - libcurl-multi (3) +--- + +# NAME + +libcurl-share - how to use the share interface + +# DESCRIPTION + +This is an overview on how to use the libcurl share interface in your C +programs. There are specific man pages for each function mentioned in +here. + +All functions in the share interface are prefixed with curl_share. + +# OBJECTIVES + +The share interface was added to enable sharing of data between curl handles. + +# ONE SET OF DATA - MANY TRANSFERS + +You can have multiple easy handles share data between them. Have them update +and use the **same** cookie database, DNS cache, TLS session cache and/or +connection cache! This way, each single transfer takes advantage from data +updates made by the other transfer(s). + +# SHARE OBJECT + +You create a shared object with curl_share_init(3). It returns a handle +for a newly created one. + +You tell the shared object what data you want it to share by using +curl_share_setopt(3). + +Since you can use this share from multiple threads, and libcurl has no +internal thread synchronization, you must provide mutex callbacks if you are +using this multi-threaded. You set lock and unlock functions with +curl_share_setopt(3) too. + +Then, you make an easy handle to use this share, you set the +CURLOPT_SHARE(3) option with curl_easy_setopt(3), and pass in +share handle. You can make any number of easy handles share the same share +handle. + +To make an easy handle stop using that particular share, you set +CURLOPT_SHARE(3) to NULL for that easy handle. To make a handle stop +sharing a particular data, you can CURLSHOPT_UNSHARE(3) it. + +When you are done using the share, make sure that no easy handle is still using +it, and call curl_share_cleanup(3) on the handle. diff --git a/docs/libcurl/libcurl-thread.md b/docs/libcurl/libcurl-thread.md new file mode 100644 index 000000000..b3e9ecf82 --- /dev/null +++ b/docs/libcurl/libcurl-thread.md @@ -0,0 +1,99 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: libcurl-thread +Section: 3 +Source: libcurl +See-also: + - libcurl-security (3) +--- + +# NAME + +libcurl-thread - libcurl thread safety + +# Multi-threading with libcurl + +libcurl is thread safe but has no internal thread synchronization. You may have +to provide your own locking should you meet any of the thread safety exceptions +below. + +# Handles + +You must **never** share the same handle in multiple threads. You can pass the +handles around among threads, but you must never use a single handle from more +than one thread at any given time. + +# Shared objects + +You can share certain data between multiple handles by using the share +interface but you must provide your own locking and set +curl_share_setopt(3) CURLSHOPT_LOCKFUNC and CURLSHOPT_UNLOCKFUNC. + +Note that some items are specifically documented as not thread-safe in the +share API (the connection pool and HSTS cache for example). + +# TLS + +All current TLS libraries libcurl supports are thread-safe. OpenSSL 1.1.0+ can +be safely used in multi-threaded applications provided that support for the +underlying OS threading API is built-in. For older versions of OpenSSL, the +user must set mutex callbacks. + +# Signals + +Signals are used for timing out name resolves (during DNS lookup) - when built +without using either the c-ares or threaded resolver backends. On systems that +have a signal concept. + +When using multiple threads you should set the CURLOPT_NOSIGNAL(3) +option to 1L for all handles. Everything works fine except that timeouts +cannot be honored during DNS lookups - which you can work around by building +libcurl with c-ares or threaded-resolver support. c-ares is a library that +provides asynchronous name resolves. On some platforms, libcurl simply cannot +function properly multi-threaded unless the CURLOPT_NOSIGNAL(3) option +is set. + +When CURLOPT_NOSIGNAL(3) is set to 1L, your application needs to deal +with the risk of a SIGPIPE (that at least the OpenSSL backend can +trigger). Note that setting CURLOPT_NOSIGNAL(3) to 0L does not work in a +threaded situation as there is a race condition where libcurl risks restoring +the former signal handler while another thread should still ignore it. + +# Name resolving + +The **gethostbyname** or **getaddrinfo** and other name resolving system +calls used by libcurl are provided by your operating system and must be thread +safe. It is important that libcurl can find and use thread safe versions of +these and other system calls, as otherwise it cannot function fully thread +safe. Some operating systems are known to have faulty thread +implementations. We have previously received problem reports on *BSD (at least +in the past, they may be working fine these days). Some operating systems that +are known to have solid and working thread support are Linux, Solaris and +Windows. + +# curl_global_* functions + +These functions are thread-safe since libcurl 7.84.0 if +curl_version_info(3) has the **CURL_VERSION_THREADSAFE** feature bit +set (most platforms). + +If these functions are not thread-safe and you are using libcurl with multiple +threads it is especially important that before use you call +curl_global_init(3) or curl_global_init_mem(3) to explicitly +initialize the library and its dependents, rather than rely on the "lazy" +fail-safe initialization that takes place the first time +curl_easy_init(3) is called. For an in-depth explanation refer to +libcurl(3) section **GLOBAL CONSTANTS**. + +# Memory functions + +These functions, provided either by your operating system or your own +replacements, must be thread safe. You can use curl_global_init_mem(3) +to set your own replacement memory functions. + +# Non-safe functions + +CURLOPT_DNS_USE_GLOBAL_CACHE(3) is not thread-safe. + +curl_version_info(3) is not thread-safe before libcurl initialization. diff --git a/docs/libcurl/libcurl-tutorial.3 b/docs/libcurl/libcurl-tutorial.md similarity index 76% rename from docs/libcurl/libcurl-tutorial.3 rename to docs/libcurl/libcurl-tutorial.md index a0cf79637..2bf5f0547 100644 --- a/docs/libcurl/libcurl-tutorial.3 +++ b/docs/libcurl/libcurl-tutorial.md @@ -1,39 +1,29 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.\" -.TH libcurl-tutorial 3 "September 27, 2023" "libcurl 8.4.0" "libcurl" - -.SH NAME -libcurl-tutorial \- libcurl programming tutorial -.SH "Objective" +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: libcurl-tutorial +Section: 3 +Source: libcurl +See-also: + - libcurl-easy (3) + - libcurl-errors (3) + - libcurl-multi (3) + - libcurl-url (3) +--- + +# NAME + +libcurl-tutorial - libcurl programming tutorial + +# Objective + This document attempts to describe the general principles and some basic approaches to consider when programming with libcurl. The text focuses on the C interface but should apply fairly well on other language bindings as well as they usually follow the C API pretty closely. This document refers to 'the user' as the person writing the source code that -uses libcurl. That would probably be you or someone in your position. What is +uses libcurl. That would probably be you or someone in your position. What is generally referred to as 'the program' is the collected source code that you write that is using libcurl for transfers. The program is outside libcurl and libcurl is outside of the program. @@ -41,48 +31,60 @@ libcurl is outside of the program. To get more details on all options and functions described herein, please refer to their respective man pages. -.SH "Building" +# Building + There are many different ways to build C programs. This chapter assumes a Unix style build process. If you use a different build system, you can still read this to get general information that may apply to your environment as well. -.IP "Compiling the Program" + +## Compiling the Program + Your compiler needs to know where the libcurl headers are located. Therefore you must set your compiler's include path to point to the directory where you installed them. The 'curl-config'[3] tool can be used to get this information: -.nf +~~~c $ curl-config --cflags -.fi -.IP "Linking the Program with libcurl" +~~~ + +## Linking the Program with libcurl + When having compiled the program, you need to link your object files to create a single executable. For that to succeed, you need to link with libcurl and possibly also with other libraries that libcurl itself depends on. Like the OpenSSL libraries, but even some standard OS libraries may be needed on the command line. To figure out which flags to use, once again the 'curl-config' tool comes to the rescue: -.nf +~~~c $ curl-config --libs -.fi -.IP "SSL or Not" +~~~ + +## SSL or Not + libcurl can be built and customized in many ways. One of the things that varies from different libraries and builds is the support for SSL-based transfers, like HTTPS and FTPS. If a supported SSL library was detected properly at build-time, libcurl is built with SSL support. To figure out if an -installed libcurl has been built with SSL support enabled, use \&'curl-config' +installed libcurl has been built with SSL support enabled, use *curl-config* like this: -.nf + +~~~c $ curl-config --feature -.fi -And if SSL is supported, the keyword \fISSL\fP is written to stdout, possibly -together with a other features that could be either on or off on for different +~~~ + +If SSL is supported, the keyword *SSL* is written to stdout, possibly together +with a other features that could be either on or off on for different libcurls. See also the "Features libcurl Provides" further down. -.IP "autoconf macro" + +## autoconf macro + When you write your configure script to detect libcurl and setup variables accordingly, we offer a macro that probably does everything you need in this area. See docs/libcurl/libcurl.m4 file - it includes docs on how to use it. -.SH "Portable Code in a Portable World" +# Portable Code in a Portable World + The people behind libcurl have put a considerable effort to make libcurl work on a large amount of different operating systems and environments. @@ -91,54 +93,59 @@ are only a few minor details that differ. If you just make sure to write your code portable enough, you can create a portable program. libcurl should not stop you from that. -.SH "Global Preparation" +# Global Preparation + The program must initialize some of the libcurl functionality globally. That means it should be done exactly once, no matter how many times you intend to use the library. Once for your program's entire life time. This is done using -.nf +~~~c curl_global_init() -.fi +~~~ and it takes one parameter which is a bit pattern that tells libcurl what to -initialize. Using \fICURL_GLOBAL_ALL\fP makes it initialize all known internal +initialize. Using *CURL_GLOBAL_ALL* makes it initialize all known internal sub modules, and might be a good default option. The current two bits that are specified are: -.RS -.IP "CURL_GLOBAL_WIN32" + +## CURL_GLOBAL_WIN32 + which only does anything on Windows machines. When used on a Windows machine, it makes libcurl initialize the win32 socket stuff. Without having that initialized properly, your program cannot use sockets properly. You should only do this once for each application, so if your program already does this or of another library in use does it, you should not tell libcurl to do this as well. -.IP CURL_GLOBAL_SSL + +## CURL_GLOBAL_SSL + which only does anything on libcurls compiled and built SSL-enabled. On these systems, this makes libcurl initialize the SSL library properly for this application. This only needs to be done once for each application so if your program or another library already does this, this bit should not be needed. -.RE libcurl has a default protection mechanism that detects if -\fIcurl_global_init(3)\fP has not been called by the time -\fIcurl_easy_perform(3)\fP is called and if that is the case, libcurl runs the +curl_global_init(3) has not been called by the time +curl_easy_perform(3) is called and if that is the case, libcurl runs the function itself with a guessed bit pattern. Please note that depending solely on this is not considered nice nor good. When the program no longer uses libcurl, it should call -\fIcurl_global_cleanup(3)\fP, which is the opposite of the init call. It +curl_global_cleanup(3), which is the opposite of the init call. It performs the reversed operations to cleanup the resources the -\fIcurl_global_init(3)\fP call initialized. +curl_global_init(3) call initialized. -Repeated calls to \fIcurl_global_init(3)\fP and \fIcurl_global_cleanup(3)\fP +Repeated calls to curl_global_init(3) and curl_global_cleanup(3) should be avoided. They should only be called once each. -.SH "Features libcurl Provides" +# Features libcurl Provides + It is considered best-practice to determine libcurl features at runtime rather than at build-time (if possible of course). By calling -\fIcurl_version_info(3)\fP and checking out the details of the returned +curl_version_info(3) and checking out the details of the returned struct, your program can figure out exactly what the currently running libcurl supports. -.SH "Two Interfaces" +# Two Interfaces + libcurl first introduced the so called easy interface. All operations in the easy interface are prefixed with 'curl_easy'. The easy interface lets you do single transfers with a synchronous and blocking function call. @@ -148,102 +155,106 @@ transfers in a single thread, the so called multi interface. More about that interface is detailed in a separate chapter further down. You still need to understand the easy interface first, so please continue reading for better understanding. -.SH "Handle the Easy libcurl" + +# Handle the Easy libcurl + To use the easy interface, you must first create yourself an easy handle. You need one handle for each easy session you want to perform. Basically, you should use one handle for every thread you plan to use for transferring. You must never share the same handle in multiple threads. Get an easy handle with -.nf +~~~c handle = curl_easy_init(); -.fi +~~~ It returns an easy handle. Using that you proceed to the next step: setting up your preferred actions. A handle is just a logic entity for the upcoming transfer or series of transfers. You set properties and options for this handle using -\fIcurl_easy_setopt(3)\fP. They control how the subsequent transfer or +curl_easy_setopt(3). They control how the subsequent transfer or transfers using this handle are made. Options remain set in the handle until set again to something different. They are sticky. Multiple requests using the same handle use the same options. If you at any point would like to blank all previously set options for a -single easy handle, you can call \fIcurl_easy_reset(3)\fP and you can also +single easy handle, you can call curl_easy_reset(3) and you can also make a clone of an easy handle (with all its set options) using -\fIcurl_easy_duphandle(3)\fP. +curl_easy_duphandle(3). Many of the options you set in libcurl are "strings", pointers to data terminated with a zero byte. When you set strings with -\fIcurl_easy_setopt(3)\fP, libcurl makes its own copy so that they do not need +curl_easy_setopt(3), libcurl makes its own copy so that they do not need to be kept around in your application after being set[4]. One of the most basic properties to set in the handle is the URL. You set your -preferred URL to transfer with \fICURLOPT_URL(3)\fP in a manner similar to: +preferred URL to transfer with CURLOPT_URL(3) in a manner similar to: -.nf +~~~c curl_easy_setopt(handle, CURLOPT_URL, "http://domain.com/"); -.fi +~~~ Let's assume for a while that you want to receive data as the URL identifies a remote resource you want to get here. Since you write a sort of application that needs this transfer, I assume that you would like to get the data passed to you directly instead of simply getting it passed to stdout. So, you write your own function that matches this prototype: -.nf +~~~c size_t write_data(void *buffer, size_t size, size_t nmemb, void *userp); -.fi +~~~ You tell libcurl to pass all data to this function by issuing a function similar to this: -.nf +~~~c curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, write_data); -.fi +~~~ You can control what data your callback function gets in the fourth argument by setting another property: -.nf +~~~c curl_easy_setopt(handle, CURLOPT_WRITEDATA, &internal_struct); -.fi +~~~ Using that property, you can easily pass local data between your application and the function that gets invoked by libcurl. libcurl itself does not touch -the data you pass with \fICURLOPT_WRITEDATA(3)\fP. +the data you pass with CURLOPT_WRITEDATA(3). libcurl offers its own default internal callback that takes care of the data -if you do not set the callback with \fICURLOPT_WRITEFUNCTION(3)\fP. It simply +if you do not set the callback with CURLOPT_WRITEFUNCTION(3). It simply outputs the received data to stdout. You can have the default callback write the data to a different file handle by passing a 'FILE *' to a file opened for -writing with the \fICURLOPT_WRITEDATA(3)\fP option. +writing with the CURLOPT_WRITEDATA(3) option. Now, we need to take a step back and take a deep breath. Here is one of those rare platform-dependent nitpicks. Did you spot it? On some platforms[2], libcurl is not able to operate on file handles opened by the program. Therefore, if you use the default callback and pass in an open file -handle with \fICURLOPT_WRITEDATA(3)\fP, libcurl crashes. You should avoid this +handle with CURLOPT_WRITEDATA(3), libcurl crashes. You should avoid this to make your program run fine virtually everywhere. -(\fICURLOPT_WRITEDATA(3)\fP was formerly known as \fICURLOPT_FILE\fP. Both -names still work and do the same thing). +(CURLOPT_WRITEDATA(3) was formerly known as *CURLOPT_FILE*. Both names still +work and do the same thing). If you are using libcurl as a win32 DLL, you MUST use the -\fICURLOPT_WRITEFUNCTION(3)\fP if you set \fICURLOPT_WRITEDATA(3)\fP - or -experience crashes. +CURLOPT_WRITEFUNCTION(3) if you set CURLOPT_WRITEDATA(3) - or experience +crashes. There are of course many more options you can set, and we get back to a few of them later. Let's instead continue to the actual transfer: -.nf + +~~~c success = curl_easy_perform(handle); -.fi -\fIcurl_easy_perform(3)\fP connects to the remote site, does the necessary -commands and performs the transfer. Whenever it receives data, it calls the -callback function we previously set. The function may get one byte at a time, -or it may get many kilobytes at once. libcurl delivers as much as possible as -often as possible. Your callback function should return the number of bytes it -\&"took care of". If that is not the same amount of bytes that was passed to -it, libcurl aborts the operation and returns with an error code. +~~~ + +curl_easy_perform(3) connects to the remote site, does the necessary commands +and performs the transfer. Whenever it receives data, it calls the callback +function we previously set. The function may get one byte at a time, or it may +get many kilobytes at once. libcurl delivers as much as possible as often as +possible. Your callback function should return the number of bytes it "took +care of". If that is not the same amount of bytes that was passed to it, +libcurl aborts the operation and returns with an error code. When the transfer is complete, the function returns a return code that informs you if it succeeded in its mission or not. If a return code is not enough for -you, you can use the \fICURLOPT_ERRORBUFFER(3)\fP to point libcurl to a buffer -of yours where it stores a human readable error message as well. +you, you can use the CURLOPT_ERRORBUFFER(3) to point libcurl to a buffer of +yours where it stores a human readable error message as well. If you then want to transfer another file, the handle is ready to be used again. It is even preferred and encouraged that you reuse an existing handle @@ -256,39 +267,42 @@ finally transferring the file data. libcurl takes care of all that complication for you. Given simply the URL to a file, libcurl takes care of all the details needed to get the file moved from one machine to another. -.SH "Multi-threading Issues" +# Multi-threading Issues + libcurl is thread safe but there are a few exceptions. Refer to -\fIlibcurl-thread(3)\fP for more information. +libcurl-thread(3) for more information. + +# When It does not Work -.SH "When It does not Work" There are times when the transfer fails for some reason. You might have set the wrong libcurl option or misunderstood what the libcurl option actually does, or the remote server might return non-standard replies that confuse the library which then confuses your program. There is one golden rule when these things occur: set the -\fICURLOPT_VERBOSE(3)\fP option to 1. it causes the library to spew out the +CURLOPT_VERBOSE(3) option to 1. it causes the library to spew out the entire protocol details it sends, some internal info and some received protocol data as well (especially when using FTP). If you are using HTTP, adding the headers in the received output to study is also a clever way to get a better understanding why the server behaves the way it does. Include headers -in the normal body output with \fICURLOPT_HEADER(3)\fP set 1. +in the normal body output with CURLOPT_HEADER(3) set 1. Of course, there are bugs left. We need to know about them to be able to fix them, so we are quite dependent on your bug reports. When you do report suspected bugs in libcurl, please include as many details as you possibly can: -a protocol dump that \fICURLOPT_VERBOSE(3)\fP produces, library version, as +a protocol dump that CURLOPT_VERBOSE(3) produces, library version, as much as possible of your code that uses libcurl, operating system name and version, compiler name and version etc. -If \fICURLOPT_VERBOSE(3)\fP is not enough, you increase the level of debug -data your application receive by using the \fICURLOPT_DEBUGFUNCTION(3)\fP. +If CURLOPT_VERBOSE(3) is not enough, you increase the level of debug +data your application receive by using the CURLOPT_DEBUGFUNCTION(3). Getting some in-depth knowledge about the protocols involved is never wrong, and if you are trying to do funny things, you might understand libcurl and how to use it better if you study the appropriate RFC documents at least briefly. -.SH "Upload Data to a Remote Site" +# Upload Data to a Remote Site + libcurl tries to keep a protocol independent approach to most transfers, thus uploading to a remote FTP site is similar to uploading data to an HTTP server with a PUT request. @@ -301,40 +315,41 @@ Since we write an application, we most likely want libcurl to get the upload data by asking us for it. To make it do that, we set the read callback and the custom pointer libcurl passes to our read callback. The read callback should have a prototype similar to: -.nf +~~~c size_t function(char *bufptr, size_t size, size_t nitems, void *userp); -.fi -Where \fIbufptr\fP is the pointer to a buffer we fill in with data to upload -and \fIsize*nitems\fP is the size of the buffer and therefore also the maximum -amount of data we can return to libcurl in this call. The \fIuserp\fP pointer +~~~ +Where *bufptr* is the pointer to a buffer we fill in with data to upload +and *size*nitems* is the size of the buffer and therefore also the maximum +amount of data we can return to libcurl in this call. The *userp* pointer is the custom pointer we set to point to a struct of ours to pass private data between the application and the callback. -.nf +~~~c curl_easy_setopt(handle, CURLOPT_READFUNCTION, read_function); curl_easy_setopt(handle, CURLOPT_READDATA, &filedata); -.fi +~~~ Tell libcurl that we want to upload: -.nf +~~~c curl_easy_setopt(handle, CURLOPT_UPLOAD, 1L); -.fi +~~~ A few protocols do not behave properly when uploads are done without any prior knowledge of the expected file size. So, set the upload file size using the -\fICURLOPT_INFILESIZE_LARGE(3)\fP for all known file sizes like this[1]: +CURLOPT_INFILESIZE_LARGE(3) for all known file sizes like this[1]: -.nf +~~~c /* in this example, file_size must be an curl_off_t variable */ curl_easy_setopt(handle, CURLOPT_INFILESIZE_LARGE, file_size); -.fi +~~~ -When you call \fIcurl_easy_perform(3)\fP this time, it performs all the +When you call curl_easy_perform(3) this time, it performs all the necessary operations and when it has invoked the upload it calls your supplied callback to get the data to upload. The program should return as much data as possible in every invoke, as that is likely to make the upload perform as fast as possible. The callback should return the number of bytes it wrote in the buffer. Returning 0 signals the end of the upload. -.SH "Passwords" +# Passwords + Many protocols use or even require that user name and password are provided to be able to download or upload the data of your choice. libcurl offers several ways to specify them. @@ -342,46 +357,52 @@ several ways to specify them. Most protocols support that you specify the name and password in the URL itself. libcurl detects this and use them accordingly. This is written like this: -.nf +~~~c protocol://user:password@example.com/path/ -.fi +~~~ If you need any odd letters in your user name or password, you should enter them URL encoded, as %XX where XX is a two-digit hexadecimal number. libcurl also provides options to set various passwords. The user name and password as shown embedded in the URL can instead get set with the -\fICURLOPT_USERPWD(3)\fP option. The argument passed to libcurl should be a +CURLOPT_USERPWD(3) option. The argument passed to libcurl should be a char * to a string in the format "user:password". In a manner like this: -.nf + +~~~c curl_easy_setopt(handle, CURLOPT_USERPWD, "myname:thesecret"); -.fi +~~~ + Another case where name and password might be needed at times, is for those users who need to authenticate themselves to a proxy they use. libcurl offers -another option for this, the \fICURLOPT_PROXYUSERPWD(3)\fP. It is used quite -similar to the \fICURLOPT_USERPWD(3)\fP option like this: -.nf +another option for this, the CURLOPT_PROXYUSERPWD(3). It is used quite similar +to the CURLOPT_USERPWD(3) option like this: + +~~~c curl_easy_setopt(handle, CURLOPT_PROXYUSERPWD, "myname:thesecret"); -.fi +~~~ + There is a long time Unix "standard" way of storing FTP user names and passwords, namely in the $HOME/.netrc file (on Windows, libcurl also checks -the \fI%USERPROFILE% environment\fP variable if \fI%HOME%\fP is unset, and -tries "_netrc" as name). The file should be made private so that only the user -may read it (see also the "Security Considerations" chapter), as it might -contain the password in plain text. libcurl has the ability to use this file -to figure out what set of user name and password to use for a particular -host. As an extension to the normal functionality, libcurl also supports this -file for non-FTP protocols such as HTTP. To make curl use this file, use the -\fICURLOPT_NETRC(3)\fP option: -.nf +the *%USERPROFILE% environment* variable if *%HOME%* is unset, and tries +"_netrc" as name). The file should be made private so that only the user may +read it (see also the "Security Considerations" chapter), as it might contain +the password in plain text. libcurl has the ability to use this file to figure +out what set of user name and password to use for a particular host. As an +extension to the normal functionality, libcurl also supports this file for +non-FTP protocols such as HTTP. To make curl use this file, use the +CURLOPT_NETRC(3) option: + +~~~c curl_easy_setopt(handle, CURLOPT_NETRC, 1L); -.fi -And a basic example of how such a .netrc file may look like: +~~~ + +A basic example of how such a .netrc file may look like: -.nf +~~~c machine myhost.mydomain.com login userlogin password secretword -.fi +~~~ All these examples have been cases where the password has been optional, or at least you could leave it out and have libcurl attempt to do its job @@ -389,10 +410,12 @@ without it. There are times when the password is not optional, like when you are using an SSL private key for secure transfers. To pass the known private key password to libcurl: -.nf +~~~c curl_easy_setopt(handle, CURLOPT_KEYPASSWD, "keypassword"); -.fi -.SH "HTTP Authentication" +~~~ + +# HTTP Authentication + The previous chapter showed how to set user name and password for getting URLs that require authentication. When using the HTTP protocol, there are many different ways a client can provide those credentials to the server and you @@ -401,30 +424,38 @@ method is called 'Basic', which is sending the name and password in clear-text in the HTTP request, base64-encoded. This is insecure. At the time of this writing, libcurl can be built to use: Basic, Digest, NTLM, -Negotiate (SPNEGO). You can tell libcurl which one to use -with \fICURLOPT_HTTPAUTH(3)\fP as in: -.nf +Negotiate (SPNEGO). You can tell libcurl which one to use with +CURLOPT_HTTPAUTH(3) as in: + +~~~c curl_easy_setopt(handle, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST); -.fi -And when you send authentication to a proxy, you can also set authentication -type the same way but instead with \fICURLOPT_PROXYAUTH(3)\fP: -.nf + +~~~ + +When you send authentication to a proxy, you can also set authentication type +the same way but instead with CURLOPT_PROXYAUTH(3): + +~~~c curl_easy_setopt(handle, CURLOPT_PROXYAUTH, CURLAUTH_NTLM); -.fi +~~~ + Both these options allow you to set multiple types (by ORing them together), to make libcurl pick the most secure one out of the types the server/proxy claims to support. This method does however add a round-trip since libcurl must first ask the server what it supports: -.nf + +~~~c curl_easy_setopt(handle, CURLOPT_HTTPAUTH, CURLAUTH_DIGEST|CURLAUTH_BASIC); -.fi -For convenience, you can use the \fICURLAUTH_ANY\fP define (instead of a list -with specific types) which allows libcurl to use whatever method it wants. +~~~ + +For convenience, you can use the *CURLAUTH_ANY* define (instead of a list with +specific types) which allows libcurl to use whatever method it wants. When asking for multiple types, libcurl picks the available one it considers "best" in its own internal order of preference. -.SH "HTTP POSTing" +# HTTP POSTing + We get many questions regarding how to issue HTTP POSTs with libcurl the proper way. This chapter thus includes examples using both different versions of HTTP POST that libcurl supports. @@ -433,16 +464,16 @@ The first version is the simple POST, the most common version, that most HTML pages using the
tag uses. We provide a pointer to the data and tell libcurl to post it all to the remote site: -.nf +~~~c char *data="name=daniel&project=curl"; curl_easy_setopt(handle, CURLOPT_POSTFIELDS, data); curl_easy_setopt(handle, CURLOPT_URL, "http://posthere.com/"); curl_easy_perform(handle); /* post away! */ -.fi +~~~ Simple enough, huh? Since you set the POST options with the -\fICURLOPT_POSTFIELDS(3)\fP, this automatically switches the handle to use +CURLOPT_POSTFIELDS(3), this automatically switches the handle to use POST in the upcoming request. What if you want to post binary data that also requires you to set the @@ -452,7 +483,7 @@ tell libcurl the size of the post data. Setting headers in libcurl requests are done in a generic way, by building a list of our own headers and then passing that list to libcurl. -.nf +~~~c struct curl_slist *headers=NULL; headers = curl_slist_append(headers, "Content-Type: text/xml"); @@ -468,34 +499,35 @@ that list to libcurl. curl_easy_perform(handle); /* post away! */ curl_slist_free_all(headers); /* free the header list */ -.fi +~~~ While the simple examples above cover the majority of all cases where HTTP POST operations are required, they do not do multi-part formposts. Multi-part formposts were introduced as a better way to post (possibly large) binary data -and were first documented in the RFC 1867 (updated in RFC 2388). they are +and were first documented in the RFC 1867 (updated in RFC 2388). They are called multi-part because they are built by a chain of parts, each part being a single unit of data. Each part has its own name and contents. You can in fact create and post a multi-part formpost with the regular libcurl POST support described above, but that would require that you build a formpost -yourself and provide to libcurl. To make that easier, libcurl provides a MIME -API consisting in several functions: using those, you can create and fill a -multi-part form. Function \fIcurl_mime_init(3)\fP creates a multi-part body; -you can then append new parts to a multi-part body using -\fIcurl_mime_addpart(3)\fP. There are three possible data sources for a part: -memory using \fIcurl_mime_data(3)\fP, file using \fIcurl_mime_filedata(3)\fP -and user-defined data read callback using \fIcurl_mime_data_cb(3)\fP. -\fIcurl_mime_name(3)\fP sets a part's (i.e.: form field) name, while -\fIcurl_mime_filename(3)\fP fills in the remote file name. With -\fIcurl_mime_type(3)\fP, you can tell the MIME type of a part, -\fIcurl_mime_headers(3)\fP allows defining the part's headers. When a -multi-part body is no longer needed, you can destroy it using -\fIcurl_mime_free(3)\fP. +yourself and provide to libcurl. + +To make that easier, libcurl provides a MIME API consisting in several +functions: using those, you can create and fill a multi-part form. Function +curl_mime_init(3) creates a multi-part body; you can then append new parts +to a multi-part body using curl_mime_addpart(3). + +There are three possible data sources for a part: memory using +curl_mime_data(3), file using curl_mime_filedata(3) and user-defined data +read callback using curl_mime_data_cb(3). curl_mime_name(3) sets a part's +(i.e.: form field) name, while curl_mime_filename(3) fills in the remote +filename. With curl_mime_type(3), you can tell the MIME type of a part, +curl_mime_headers(3) allows defining the part's headers. When a multi-part +body is no longer needed, you can destroy it using curl_mime_free(3). The following example sets two simple text parts with plain textual contents, and then a file with binary contents and uploads the whole thing. -.nf +~~~c curl_mime *multipart = curl_mime_init(handle); curl_mimepart *part = curl_mime_addpart(multipart); curl_mime_name(part, "name"); @@ -514,31 +546,31 @@ and then a file with binary contents and uploads the whole thing. /* free the post data again */ curl_mime_free(multipart); -.fi +~~~ To post multiple files for a single form field, you must supply each file in a separate part, all with the same field name. Although function -\fIcurl_mime_subparts(3)\fP implements nested multi-parts, this way of +curl_mime_subparts(3) implements nested multi-parts, this way of multiple files posting is deprecated by RFC 7578, chapter 4.3. To set the data source from an already opened FILE pointer, use: -.nf +~~~c curl_mime_data_cb(part, filesize, (curl_read_callback) fread, (curl_seek_callback) fseek, NULL, filepointer); -.fi +~~~ -A deprecated \fIcurl_formadd(3)\fP function is still supported in libcurl. +A deprecated curl_formadd(3) function is still supported in libcurl. It should however not be used anymore for new designs and programs using it ought to be converted to the MIME API. It is however described here as an aid to conversion. -Using \fIcurl_formadd\fP, you add parts to the form. When you are done adding +Using *curl_formadd*, you add parts to the form. When you are done adding parts, you post the whole form. The MIME API example above is expressed as follows using this function: -.nf +~~~c struct curl_httppost *post=NULL; struct curl_httppost *last=NULL; curl_formadd(&post, &last, @@ -558,7 +590,7 @@ The MIME API example above is expressed as follows using this function: /* free the post data again */ curl_formfree(post); -.fi +~~~ Multipart formposts are chains of parts using MIME-style separators and headers. It means that each one of these separate parts get a few headers set @@ -569,7 +601,7 @@ of course supply headers to as many parts as you like, but this little example shows how you set headers to one specific part when you add that to the post handle: -.nf +~~~c struct curl_slist *headers=NULL; headers = curl_slist_append(headers, "Content-Type: text/xml"); @@ -583,91 +615,92 @@ handle: curl_formfree(post); /* free post */ curl_slist_free_all(headers); /* free custom header list */ -.fi +~~~ Since all options on an easy handle are "sticky", they remain the same until -changed even if you do call \fIcurl_easy_perform(3)\fP, you may need to tell +changed even if you do call curl_easy_perform(3), you may need to tell curl to go back to a plain GET request if you intend to do one as your next request. You force an easy handle to go back to GET by using the -\fICURLOPT_HTTPGET(3)\fP option: -.nf +CURLOPT_HTTPGET(3) option: +~~~c curl_easy_setopt(handle, CURLOPT_HTTPGET, 1L); -.fi -Just setting \fICURLOPT_POSTFIELDS(3)\fP to "" or NULL does *not* stop libcurl +~~~ +Just setting CURLOPT_POSTFIELDS(3) to "" or NULL does *not* stop libcurl from doing a POST. It just makes it POST without any data to send! -.SH "Converting from deprecated form API to MIME API" +# Converting from deprecated form API to MIME API + Four rules have to be respected in building the multi-part: -.br + - The easy handle must be created before building the multi-part. -.br + - The multi-part is always created by a call to curl_mime_init(handle). -.br + - Each part is created by a call to curl_mime_addpart(multipart). -.br + - When complete, the multi-part must be bound to the easy handle using -\fICURLOPT_MIMEPOST(3)\fP instead of \fICURLOPT_HTTPPOST(3)\fP. +CURLOPT_MIMEPOST(3) instead of CURLOPT_HTTPPOST(3). -Here are some example of \fIcurl_formadd\fP calls to MIME API sequences: +Here are some example of *curl_formadd* calls to MIME API sequences: -.nf +~~~c curl_formadd(&post, &last, CURLFORM_COPYNAME, "id", CURLFORM_COPYCONTENTS, "daniel", CURLFORM_END); CURLFORM_CONTENTHEADER, headers, CURLFORM_END); -.fi +~~~ becomes: -.nf +~~~c part = curl_mime_addpart(multipart); curl_mime_name(part, "id"); curl_mime_data(part, "daniel", CURL_ZERO_TERMINATED); curl_mime_headers(part, headers, FALSE); -.fi +~~~ -Setting the last \fIcurl_mime_headers(3)\fP argument to TRUE would have caused +Setting the last curl_mime_headers(3) argument to TRUE would have caused the headers to be automatically released upon destroyed the multi-part, thus -saving a clean-up call to \fIcurl_slist_free_all(3)\fP. +saving a clean-up call to curl_slist_free_all(3). -.nf +~~~c curl_formadd(&post, &last, CURLFORM_PTRNAME, "logotype-image", CURLFORM_FILECONTENT, "-", CURLFORM_END); -.fi +~~~ becomes: -.nf +~~~c part = curl_mime_addpart(multipart); curl_mime_name(part, "logotype-image"); curl_mime_data_cb(part, (curl_off_t) -1, fread, fseek, NULL, stdin); -.fi +~~~ -\fIcurl_mime_name(3)\fP always copies the field name. The special file name -"-" is not supported by \fIcurl_mime_filename(3)\fP: to read an open file, use +curl_mime_name(3) always copies the field name. The special file name +"-" is not supported by curl_mime_filename(3): to read an open file, use a callback source using fread(). The transfer is be chunk-encoded since the data size is unknown. -.nf +~~~c curl_formadd(&post, &last, CURLFORM_COPYNAME, "datafile[]", CURLFORM_FILE, "file1", CURLFORM_FILE, "file2", CURLFORM_END); -.fi +~~~ becomes: -.nf +~~~c part = curl_mime_addpart(multipart); curl_mime_name(part, "datafile[]"); curl_mime_filedata(part, "file1"); part = curl_mime_addpart(multipart); curl_mime_name(part, "datafile[]"); curl_mime_filedata(part, "file2"); -.fi +~~~ The deprecated multipart/mixed implementation of multiple files field is translated to two distinct parts with the same name. -.nf +~~~c curl_easy_setopt(handle, CURLOPT_READFUNCTION, myreadfunc); curl_formadd(&post, &last, CURLFORM_COPYNAME, "stream", @@ -676,87 +709,86 @@ translated to two distinct parts with the same name. CURLFORM_FILENAME, "archive.zip", CURLFORM_CONTENTTYPE, "application/zip", CURLFORM_END); -.fi +~~~ becomes: -.nf +~~~c part = curl_mime_addpart(multipart); curl_mime_name(part, "stream"); curl_mime_data_cb(part, (curl_off_t) datasize, myreadfunc, NULL, NULL, arg); curl_mime_filename(part, "archive.zip"); curl_mime_type(part, "application/zip"); -.fi +~~~ -\fICURLOPT_READFUNCTION(3)\fP callback is not used: it is replace by directly +CURLOPT_READFUNCTION(3) callback is not used: it is replace by directly setting the part source data from the callback read function. -.nf +~~~c curl_formadd(&post, &last, CURLFORM_COPYNAME, "memfile", CURLFORM_BUFFER, "memfile.bin", CURLFORM_BUFFERPTR, databuffer, CURLFORM_BUFFERLENGTH, (long) sizeof databuffer, CURLFORM_END); -.fi +~~~ becomes: -.nf +~~~c part = curl_mime_addpart(multipart); curl_mime_name(part, "memfile"); curl_mime_data(part, databuffer, (curl_off_t) sizeof databuffer); curl_mime_filename(part, "memfile.bin"); -.fi +~~~ -\fIcurl_mime_data(3)\fP always copies the initial data: data buffer is thus +curl_mime_data(3) always copies the initial data: data buffer is thus free for immediate reuse. -.nf +~~~c curl_formadd(&post, &last, CURLFORM_COPYNAME, "message", CURLFORM_FILECONTENT, "msg.txt", CURLFORM_END); -.fi +~~~ becomes: -.nf +~~~c part = curl_mime_addpart(multipart); curl_mime_name(part, "message"); curl_mime_filedata(part, "msg.txt"); curl_mime_filename(part, NULL); -.fi +~~~ -Use of \fIcurl_mime_filedata(3)\fP sets the remote file name as a side effect: -it is therefore necessary to clear it for \fICURLFORM_FILECONTENT\fP -emulation. +Use of curl_mime_filedata(3) sets the remote filename as a side effect: it is +therefore necessary to clear it for *CURLFORM_FILECONTENT* emulation. -.SH "Showing Progress" +# Showing Progress For historical and traditional reasons, libcurl has a built-in progress meter that can be switched on and then makes it present a progress meter in your terminal. Switch on the progress meter by, oddly enough, setting -\fICURLOPT_NOPROGRESS(3)\fP to zero. This option is set to 1 by default. +CURLOPT_NOPROGRESS(3) to zero. This option is set to 1 by default. For most applications however, the built-in progress meter is useless and what instead is interesting is the ability to specify a progress callback. The function pointer you pass to libcurl is then called on irregular intervals with information about the current transfer. -Set the progress callback by using \fICURLOPT_PROGRESSFUNCTION(3)\fP. And pass -a pointer to a function that matches this prototype: +Set the progress callback by using CURLOPT_PROGRESSFUNCTION(3). Pass a pointer +to a function that matches this prototype: -.nf +~~~c int progress_callback(void *clientp, double dltotal, double dlnow, double ultotal, double ulnow); -.fi +~~~ If any of the input arguments is unknown, a 0 is provided. The first argument, the 'clientp' is the pointer you pass to libcurl with -\fICURLOPT_PROGRESSDATA(3)\fP. libcurl does not touch it. +CURLOPT_PROGRESSDATA(3). libcurl does not touch it. -.SH "libcurl with C++" +# libcurl with C++ There is basically only one thing to keep in mind when using C++ instead of C when interfacing libcurl: @@ -765,7 +797,7 @@ The callbacks CANNOT be non-static class member functions Example C++ code: -.nf +~~~c class AClass { static size_t write_data(void *ptr, size_t size, size_t nmemb, void *ourpointer) @@ -773,9 +805,9 @@ class AClass { /* do what you want with the data */ } } -.fi +~~~ -.SH "Proxies" +# Proxies What "proxy" means according to Merriam-Webster: "a person authorized to act for another" but also "the agency, function, or office of a deputy who acts as @@ -801,53 +833,54 @@ at times it is important to understand that all operations over an HTTP proxy use the HTTP protocol. For example, you cannot invoke your own custom FTP commands or even proper FTP directory listings. -.IP "Proxy Options" +## Proxy Options To tell libcurl to use a proxy at a given port number: -.nf +~~~c curl_easy_setopt(handle, CURLOPT_PROXY, "proxy-host.com:8080"); -.fi +~~~ Some proxies require user authentication before allowing a request, and you pass that information similar to this: -.nf +~~~c curl_easy_setopt(handle, CURLOPT_PROXYUSERPWD, "user:password"); -.fi -If you want to, you can specify the host name only in the -\fICURLOPT_PROXY(3)\fP option, and set the port number separately with -\fICURLOPT_PROXYPORT(3)\fP. +~~~ +If you want to, you can specify the hostname only in the +CURLOPT_PROXY(3) option, and set the port number separately with +CURLOPT_PROXYPORT(3). -Tell libcurl what kind of proxy it is with \fICURLOPT_PROXYTYPE(3)\fP (if not, +Tell libcurl what kind of proxy it is with CURLOPT_PROXYTYPE(3) (if not, it defaults to assuming an HTTP proxy): -.nf +~~~c curl_easy_setopt(handle, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4); -.fi -.IP "Environment Variables" +~~~ + +## Environment Variables libcurl automatically checks and uses a set of environment variables to know what proxies to use for certain protocols. The names of the variables are following an old tradition and are built up as "[protocol]_proxy" (note the -lower casing). Which makes the variable \&'http_proxy' checked for a name of a +lower casing). Which makes the variable 'http_proxy' checked for a name of a proxy to use when the input URL is HTTP. Following the same rule, the variable named 'ftp_proxy' is checked for FTP URLs. Again, the proxies are always HTTP proxies, the different names of the variables simply allows different HTTP proxies to be used. The proxy environment variable contents should be in the format -\&"[protocol://][user:password@]machine[:port]". Where the protocol:// part +"[protocol://][user:password@]machine[:port]". Where the protocol:// part specifies which type of proxy it is, and the optional port number specifies on which port the proxy operates. If not specified, the internal default port number is used and that is most likely not the one you would like it to be. There are two special environment variables. 'all_proxy' is what sets proxy -for any URL in case the protocol specific variable was not set, and -\&'no_proxy' defines a list of hosts that should not use a proxy even though a -variable may say so. If 'no_proxy' is a plain asterisk ("*") it matches all -hosts. +for any URL in case the protocol specific variable was not set, and 'no_proxy' +defines a list of hosts that should not use a proxy even though a variable may +say so. If 'no_proxy' is a plain asterisk ("*") it matches all hosts. To explicitly disable libcurl's checking for and using the proxy environment variables, set the proxy name to "" - an empty string - with -\fICURLOPT_PROXY(3)\fP. -.IP "SSL and Proxies" +CURLOPT_PROXY(3). + +## SSL and Proxies SSL is for secure point-to-point connections. This involves strong encryption and similar things, which effectively makes it impossible for a proxy to @@ -867,7 +900,8 @@ few advantages that come from using a proxy, such as caching. Many organizations prevent this kind of tunneling to other destination port numbers than 443 (which is the default HTTPS port number). -.IP "Tunneling Through Proxy" +## Tunneling Through Proxy + As explained above, tunneling is required for SSL to work and often even restricted to the operation intended for SSL; HTTPS. @@ -883,18 +917,18 @@ Again, this is often prevented by the administrators of proxies and is rarely allowed. Tell libcurl to use proxy tunneling like this: -.nf +~~~c curl_easy_setopt(handle, CURLOPT_HTTPPROXYTUNNEL, 1L); -.fi +~~~ In fact, there might even be times when you want to do plain HTTP operations using a tunnel like this, as it then enables you to operate on the remote server instead of asking the proxy to do so. libcurl does not stand in the way for such innovative actions either! -.IP "Proxy Auto-Config" +## Proxy Auto-Config -Netscape first came up with this. It is basically a web page (usually using a -\&.pac extension) with a JavaScript that when executed by the browser with the +Netscape first came up with this. It is basically a webpage (usually using a +.pac extension) with a JavaScript that when executed by the browser with the requested URL as input, returns information to the browser on how to connect to the URL. The returned information might be "DIRECT" (which means no proxy should be used), "PROXY host:port" (to tell the browser where the proxy for @@ -915,12 +949,12 @@ Mozilla JavaScript engine in the past. - Ask your admins to stop this, for a static proxy setup or similar. -.SH "Persistence Is The Way to Happiness" +# Persistence Is The Way to Happiness Re-cycling the same easy handle several times when doing multiple requests is the way to go. -After each single \fIcurl_easy_perform(3)\fP operation, libcurl keeps the +After each single curl_easy_perform(3) operation, libcurl keeps the connection alive and open. A subsequent request using the same easy handle to the same host might just be able to use the already open connection! This reduces network impact a lot. @@ -942,36 +976,41 @@ may also be added in the future. Each easy handle attempts to keep the last few connections alive for a while in case they are to be used again. You can set the size of this "cache" with -the \fICURLOPT_MAXCONNECTS(3)\fP option. Default is 5. There is rarely any +the CURLOPT_MAXCONNECTS(3) option. Default is 5. There is rarely any point in changing this value, and if you think of changing this it is often just a matter of thinking again. To force your upcoming request to not use an already existing connection, you -can do that by setting \fICURLOPT_FRESH_CONNECT(3)\fP to 1. In a similar +can do that by setting CURLOPT_FRESH_CONNECT(3) to 1. In a similar spirit, you can also forbid the upcoming request to be "lying" around and possibly get reused after the request by setting -\fICURLOPT_FORBID_REUSE(3)\fP to 1. +CURLOPT_FORBID_REUSE(3) to 1. + +# HTTP Headers Used by libcurl -.SH "HTTP Headers Used by libcurl" When you use libcurl to do HTTP requests, it passes along a series of headers automatically. It might be good for you to know and understand these. You can -replace or remove them by using the \fICURLOPT_HTTPHEADER(3)\fP option. +replace or remove them by using the CURLOPT_HTTPHEADER(3) option. + +## Host -.IP "Host" This header is required by HTTP 1.1 and even many 1.0 servers and should be the name of the server we want to talk to. This includes the port number if anything but default. -.IP "Accept" -\&"*/*". +## Accept + +"*/*" + +## Expect -.IP "Expect" -When doing POST requests, libcurl sets this header to \&"100-continue" to ask +When doing POST requests, libcurl sets this header to "100-continue" to ask the server for an "OK" message before it proceeds with sending the data part of the post. If the posted data amount is deemed "small", libcurl does not use this header. -.SH "Customizing Operations" +# Customizing Operations + There is an ongoing development today where more and more protocols are built upon HTTP for transport. This has obvious benefits as HTTP is a tested and reliable protocol that is widely deployed and has excellent proxy-support. @@ -982,50 +1021,53 @@ manners. You may need to change words, headers or various data. libcurl is your friend here too. -.IP CUSTOMREQUEST +## CUSTOMREQUEST + If just changing the actual HTTP request keyword is what you want, like when -GET, HEAD or POST is not good enough for you, \fICURLOPT_CUSTOMREQUEST(3)\fP +GET, HEAD or POST is not good enough for you, CURLOPT_CUSTOMREQUEST(3) is there for you. It is simple to use: -.nf - curl_easy_setopt(handle, CURLOPT_CUSTOMREQUEST, "MYOWNREQUEST"); -.fi +~~~c +curl_easy_setopt(handle, CURLOPT_CUSTOMREQUEST, "MYOWNREQUEST"); +~~~ When using the custom request, you change the request keyword of the actual -request you are performing. Thus, by default you make a GET request but you can -also make a POST operation (as described before) and then replace the POST -keyword if you want to. you are the boss. +request you are performing. Thus, by default you make a GET request but you +can also make a POST operation (as described before) and then replace the POST +keyword if you want to. You are the boss. + +## Modify Headers -.IP "Modify Headers" HTTP-like protocols pass a series of headers to the server when doing the request, and you are free to pass any amount of extra headers that you think fit. Adding headers is this easy: -.nf - struct curl_slist *headers=NULL; /* init to NULL is important */ +~~~c +struct curl_slist *headers=NULL; /* init to NULL is important */ - headers = curl_slist_append(headers, "Hey-server-hey: how are you?"); - headers = curl_slist_append(headers, "X-silly-content: yes"); +headers = curl_slist_append(headers, "Hey-server-hey: how are you?"); +headers = curl_slist_append(headers, "X-silly-content: yes"); - /* pass our list of custom made headers */ - curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers); +/* pass our list of custom made headers */ +curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers); - curl_easy_perform(handle); /* transfer http */ +curl_easy_perform(handle); /* transfer http */ - curl_slist_free_all(headers); /* free the header list */ -.fi +curl_slist_free_all(headers); /* free the header list */ +~~~ + +... and if you think some of the internally generated headers, such as Accept: +or Host: do not contain the data you want them to contain, you can replace +them by simply setting them too: -\&... and if you think some of the internally generated headers, such as -Accept: or Host: do not contain the data you want them to contain, you can -replace them by simply setting them too: +~~~c +headers = curl_slist_append(headers, "Accept: Agent-007"); +headers = curl_slist_append(headers, "Host: munged.host.line"); +~~~ -.nf - headers = curl_slist_append(headers, "Accept: Agent-007"); - headers = curl_slist_append(headers, "Host: munged.host.line"); -.fi +## Delete Headers -.IP "Delete Headers" If you replace an existing header with one with no contents, you prevent the header from being sent. For instance, if you want to completely prevent the -\&"Accept:" header from being sent, you can disable it with code similar to +"Accept:" header from being sent, you can disable it with code similar to this: headers = curl_slist_append(headers, "Accept:"); @@ -1034,7 +1076,7 @@ Both replacing and canceling internal headers should be done with careful consideration and you should be aware that you may violate the HTTP protocol when doing so. -.IP "Enforcing chunked transfer-encoding" +## Enforcing chunked transfer-encoding By making sure a request uses the custom header "Transfer-Encoding: chunked" when doing a non-GET HTTP operation, libcurl switches over to "chunked" @@ -1042,7 +1084,7 @@ upload, even though the size of the data to upload might be known. By default, libcurl usually switches over to chunked upload automatically if the upload data size is unknown. -.IP "HTTP Version" +## HTTP Version All HTTP requests includes the version number to tell the server which version we support. libcurl speaks HTTP 1.1 by default. Some old servers do not like @@ -1051,7 +1093,7 @@ can tell libcurl to use 1.0 instead by doing something like this: curl_easy_setopt(handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); -.IP "FTP Custom Commands" +## FTP Custom Commands Not all protocols are HTTP-like, and thus the above may not help you when you want to make, for example, your FTP transfers to behave differently. @@ -1068,7 +1110,7 @@ correct remote directory. A little example that deletes a given file before an operation: -.nf +~~~c headers = curl_slist_append(headers, "DELE file-to-remove"); /* pass the list of custom commands to the handle */ @@ -1077,35 +1119,37 @@ A little example that deletes a given file before an operation: curl_easy_perform(handle); /* transfer ftp data! */ curl_slist_free_all(headers); /* free the header list */ -.fi +~~~ If you would instead want this operation (or chain of operations) to happen -_after_ the data transfer took place the option to \fIcurl_easy_setopt(3)\fP -would instead be called \fICURLOPT_POSTQUOTE(3)\fP and used the exact same +_after_ the data transfer took place the option to curl_easy_setopt(3) +would instead be called CURLOPT_POSTQUOTE(3) and used the exact same way. The custom FTP commands are issued to the server in the same order they are added to the list, and if a command gets an error code returned back from the server, no more commands are issued and libcurl bails out with an error code -(CURLE_QUOTE_ERROR). Note that if you use \fICURLOPT_QUOTE(3)\fP to send +(CURLE_QUOTE_ERROR). Note that if you use CURLOPT_QUOTE(3) to send commands before a transfer, no transfer actually takes place when a quote command has failed. -If you set the \fICURLOPT_HEADER(3)\fP to 1, you tell libcurl to get +If you set the CURLOPT_HEADER(3) to 1, you tell libcurl to get information about the target file and output "headers" about it. The headers are in "HTTP-style", looking like they do in HTTP. The option to enable headers or to run custom FTP commands may be useful to -combine with \fICURLOPT_NOBODY(3)\fP. If this option is set, no actual file +combine with CURLOPT_NOBODY(3). If this option is set, no actual file content transfer is performed. -.IP "FTP Custom CUSTOMREQUEST" +## FTP Custom CUSTOMREQUEST + If you do want to list the contents of an FTP directory using your own defined -FTP command, \fICURLOPT_CUSTOMREQUEST(3)\fP does just that. "NLST" is the +FTP command, CURLOPT_CUSTOMREQUEST(3) does just that. "NLST" is the default one for listing directories but you are free to pass in your idea of a good alternative. -.SH "Cookies Without Chocolate Chips" +# Cookies Without Chocolate Chips + In the HTTP sense, a cookie is a name with an associated value. A server sends the name and value to the client, and expects it to get sent back on every subsequent request to the server that matches the particular conditions @@ -1119,10 +1163,10 @@ Cookies are sent from server to clients with the header Set-Cookie: and they are sent from clients to servers with the Cookie: header. To just send whatever cookie you want to a server, you can use -\fICURLOPT_COOKIE(3)\fP to set a cookie string like this: -.nf +CURLOPT_COOKIE(3) to set a cookie string like this: +~~~c curl_easy_setopt(handle, CURLOPT_COOKIE, "name1=var1; name2=var2;"); -.fi +~~~ In many cases, that is not enough. You might want to dynamically save whatever cookies the remote server passes to you, and make sure those cookies are then used accordingly on later requests. @@ -1130,33 +1174,33 @@ are then used accordingly on later requests. One way to do this, is to save all headers you receive in a plain file and when you make a request, you tell libcurl to read the previous headers to figure out which cookies to use. Set the header file to read cookies from with -\fICURLOPT_COOKIEFILE(3)\fP. +CURLOPT_COOKIEFILE(3). -The \fICURLOPT_COOKIEFILE(3)\fP option also automatically enables the cookie +The CURLOPT_COOKIEFILE(3) option also automatically enables the cookie parser in libcurl. Until the cookie parser is enabled, libcurl does not parse or understand incoming cookies and they are just be ignored. However, when the parser is enabled the cookies are understood and the cookies are kept in memory and used properly in subsequent requests when the same handle is used. Many times this is enough, and you may not have to save the cookies to -disk at all. Note that the file you specify to \fICURLOPT_COOKIEFILE(3)\fP +disk at all. Note that the file you specify to CURLOPT_COOKIEFILE(3) does not have to exist to enable the parser, so a common way to just enable the parser and not read any cookies is to use the name of a file you know does not exist. If you would rather use existing cookies that you have previously received with your Netscape or Mozilla browsers, you can make libcurl use that cookie -file as input. The \fICURLOPT_COOKIEFILE(3)\fP is used for that too, as +file as input. The CURLOPT_COOKIEFILE(3) is used for that too, as libcurl automatically finds out what kind of file it is and acts accordingly. Perhaps the most advanced cookie operation libcurl offers, is saving the entire internal cookie state back into a Netscape/Mozilla formatted cookie -file. We call that the cookie-jar. When you set a file name with -\fICURLOPT_COOKIEJAR(3)\fP, that file name is created and all received cookies -get stored in it when \fIcurl_easy_cleanup(3)\fP is called. This enables -cookies to get passed on properly between multiple handles without any -information getting lost. +file. We call that the cookie-jar. When you set a filename with +CURLOPT_COOKIEJAR(3), that filename is created and all received cookies get +stored in it when curl_easy_cleanup(3) is called. This enables cookies to get +passed on properly between multiple handles without any information getting +lost. -.SH "FTP Peculiarities We Need" +# FTP Peculiarities We Need FTP transfers use a second TCP/IP connection for the data transfer. This is usually a fact you can forget and ignore but at times this detail comes back @@ -1172,22 +1216,23 @@ work it tries PASV instead. (EPSV is an extension to the original FTP spec and does not exist nor work on all FTP servers.) You can prevent libcurl from first trying the EPSV command by setting -\fICURLOPT_FTP_USE_EPSV(3)\fP to zero. +CURLOPT_FTP_USE_EPSV(3) to zero. In some cases, you want to have the server connect back to you for the second connection. This might be when the server is perhaps behind a firewall or something and only allows connections on a single port. libcurl then informs -the remote server which IP address and port number to connect to. This is -made with the \fICURLOPT_FTPPORT(3)\fP option. If you set it to "-", libcurl -uses your system's "default IP address". If you want to use a particular IP, -you can set the full IP address, a host name to resolve to an IP address or -even a local network interface name that libcurl gets the IP address from. +the remote server which IP address and port number to connect to. This is made +with the CURLOPT_FTPPORT(3) option. If you set it to "-", libcurl uses your +system's "default IP address". If you want to use a particular IP, you can set +the full IP address, a hostname to resolve to an IP address or even a local +network interface name that libcurl gets the IP address from. When doing the "PORT" approach, libcurl attempts to use the EPRT and the LPRT before trying PORT, as they work with more protocols. You can disable this -behavior by setting \fICURLOPT_FTP_USE_EPRT(3)\fP to zero. +behavior by setting CURLOPT_FTP_USE_EPRT(3) to zero. + +# MIME API revisited for SMTP and IMAP -.SH "MIME API revisited for SMTP and IMAP" In addition to support HTTP multi-part form fields, the MIME API can be used to build structured email messages and send them via SMTP or append such messages to IMAP directories. @@ -1199,26 +1244,26 @@ text formats alternatives. This can be nested to any level. To build such a message, you prepare the nth-level multi-part and then include it as a source to the parent multi-part using function -\fIcurl_mime_subparts(3)\fP. Once it has been +curl_mime_subparts(3). Once it has been bound to its parent multi-part, a nth-level multi-part belongs to it and should not be freed explicitly. Email messages data is not supposed to be non-ascii and line length is limited: fortunately, some transfer encodings are defined by the standards to support the transmission of such incompatible data. Function -\fIcurl_mime_encoder(3)\fP tells a part that its source data must be encoded +curl_mime_encoder(3) tells a part that its source data must be encoded before being sent. It also generates the corresponding header for that part. If the part data you want to send is already encoded in such a scheme, do not use this function (this would over-encode it), but explicitly set the corresponding part header. Upon sending such a message, libcurl prepends it with the header list -set with \fICURLOPT_HTTPHEADER(3)\fP, as zero level mime part headers. +set with CURLOPT_HTTPHEADER(3), as zero level mime part headers. Here is an example building an email message with an inline plain/html text alternative and a file attachment encoded in base64: -.nf +~~~c curl_mime *message = curl_mime_init(handle); /* The inline part is an alternative proposing the html and the text @@ -1256,37 +1301,40 @@ alternative and a file attachment encoded in base64: /* Set these into the easy handle. */ curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(handle, CURLOPT_MIMEPOST, mime); -.fi +~~~ It should be noted that appending a message to an IMAP directory requires the message size to be known prior upload. It is therefore not possible to include parts with unknown data size in this context. -.SH "Headers Equal Fun" +# Headers Equal Fun Some protocols provide "headers", meta-data separated from the normal data. These headers are by default not included in the normal data stream, but -you can make them appear in the data stream by setting \fICURLOPT_HEADER(3)\fP +you can make them appear in the data stream by setting CURLOPT_HEADER(3) to 1. What might be even more useful, is libcurl's ability to separate the headers from the data and thus make the callbacks differ. You can for example set a different pointer to pass to the ordinary write callback by setting -\fICURLOPT_HEADERDATA(3)\fP. +CURLOPT_HEADERDATA(3). Or, you can set an entirely separate function to receive the headers, by using -\fICURLOPT_HEADERFUNCTION(3)\fP. +CURLOPT_HEADERFUNCTION(3). The headers are passed to the callback function one by one, and you can depend on that fact. It makes it easier for you to add custom header parsers etc. -\&"Headers" for FTP transfers equal all the FTP server responses. They are not +"Headers" for FTP transfers equal all the FTP server responses. They are not actually true headers, but in this case we pretend they are! ;-) -.SH "Post Transfer Information" -See \fIcurl_easy_getinfo(3)\fP. -.SH "The multi Interface" +# Post Transfer Information + +See curl_easy_getinfo(3). + +# The multi Interface + The easy interface as described in detail in this document is a synchronous interface that transfers one file at a time and does not return until it is done. @@ -1313,14 +1361,14 @@ a "multi stack". You create the easy handles you want, one for each concurrent transfer, and you set all the options just like you learned above, and then you create a -multi handle with \fIcurl_multi_init(3)\fP and add all those easy handles to -that multi handle with \fIcurl_multi_add_handle(3)\fP. +multi handle with curl_multi_init(3) and add all those easy handles to +that multi handle with curl_multi_add_handle(3). When you have added the handles you have for the moment (you can still add new ones at any time), you start the transfers by calling -\fIcurl_multi_perform(3)\fP. +curl_multi_perform(3). -\fIcurl_multi_perform(3)\fP is asynchronous. It only performs what can be done +curl_multi_perform(3) is asynchronous. It only performs what can be done now and then return control to your program. It is designed to never block. You need to keep calling the function until all transfers are completed. @@ -1329,37 +1377,38 @@ The best usage of this interface is when you do a select() on all possible file descriptors or sockets to know when to call libcurl again. This also makes it easy for you to wait and respond to actions on your own application's sockets/handles. You figure out what to select() for by using -\fIcurl_multi_fdset(3)\fP, that fills in a set of \fIfd_set\fP variables for +curl_multi_fdset(3), that fills in a set of *fd_set* variables for you with the particular file descriptors libcurl uses for the moment. When you then call select(), it returns when one of the file handles signal -action and you then call \fIcurl_multi_perform(3)\fP to allow libcurl to do +action and you then call curl_multi_perform(3) to allow libcurl to do what it wants to do. Take note that libcurl does also feature some time-out code so we advise you to never use long timeouts on select() before you call -\fIcurl_multi_perform(3)\fP again. \fIcurl_multi_timeout(3)\fP is provided to +curl_multi_perform(3) again. curl_multi_timeout(3) is provided to help you get a suitable timeout period. -Another precaution you should use: always call \fIcurl_multi_fdset(3)\fP +Another precaution you should use: always call curl_multi_fdset(3) immediately before the select() call since the current set of file descriptors may change in any curl function invoke. If you want to stop the transfer of one of the easy handles in the stack, you -can use \fIcurl_multi_remove_handle(3)\fP to remove individual easy -handles. Remember that easy handles should be \fIcurl_easy_cleanup(3)\fPed. +can use curl_multi_remove_handle(3) to remove individual easy +handles. Remember that easy handles should be curl_easy_cleanup(3)ed. When a transfer within the multi stack has finished, the counter of running -transfers (as filled in by \fIcurl_multi_perform(3)\fP) decreases. When the +transfers (as filled in by curl_multi_perform(3)) decreases. When the number reaches zero, all transfers are done. -\fIcurl_multi_info_read(3)\fP can be used to get information about completed +curl_multi_info_read(3) can be used to get information about completed transfers. It then returns the CURLcode for each easy transfer, to allow you to figure out success on each individual transfer. -.SH "SSL, Certificates and Other Tricks" +# SSL, Certificates and Other Tricks [ seeding, passwords, keys, certificates, ENGINE, ca certs ] -.SH "Sharing Data Between Easy Handles" +# Sharing Data Between Easy Handles + You can share some data between easy handles when the easy interface is used, and some data is share automatically when you use the multi interface. @@ -1371,29 +1420,32 @@ The DNS cache is shared between handles within a multi handle, making subsequent name resolving faster, and the connection pool that is kept to better allow persistent connections and connection reuse is also shared. If you are using the easy interface, you can still share these between specific -easy handles by using the share interface, see \fIlibcurl-share(3)\fP. +easy handles by using the share interface, see libcurl-share(3). Some things are never shared automatically, not within multi handles, like for example cookies so the only way to share that is with the share interface. -.SH "Footnotes" -.IP "[1]" +# Footnotes + +## [1] + libcurl 7.10.3 and later have the ability to switch over to chunked Transfer-Encoding in cases where HTTP uploads are done with data of an unknown size. -.IP "[2]" + +## [2] + This happens on Windows machines when libcurl is built and used as a DLL. However, you can still do this on Windows if you link with a static library. -.IP "[3]" + +## [3] + The curl-config tool is generated at build-time (on Unix-like systems) and should be installed with the 'make install' or similar instruction that installs the library, header files, man pages etc. -.IP "[4]" + +## [4] + This behavior was different in versions before 7.17.0, where strings had to -remain valid past the end of the \fIcurl_easy_setopt(3)\fP call. -.SH "SEE ALSO" -.BR libcurl-easy (3), -.BR libcurl-errors (3), -.BR libcurl-multi (3), -.BR libcurl-url (3) +remain valid past the end of the curl_easy_setopt(3) call. diff --git a/docs/libcurl/libcurl-url.3 b/docs/libcurl/libcurl-url.md similarity index 58% rename from docs/libcurl/libcurl-url.3 rename to docs/libcurl/libcurl-url.md index 364452f64..a2948001a 100644 --- a/docs/libcurl/libcurl-url.3 +++ b/docs/libcurl/libcurl-url.md @@ -1,81 +1,91 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.TH libcurl 3 "September 26, 2023" "libcurl 8.4.0" "libcurl" - -.SH NAME -libcurl-url \- URL interface overview -.SH DESCRIPTION +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: libcurl +Section: 3 +Source: libcurl +See-also: + - CURLOPT_URL (3) + - curl_url (3) + - curl_url_cleanup (3) + - curl_url_dup (3) + - curl_url_get (3) + - curl_url_set (3) + - curl_url_strerror (3) +--- + +# NAME + +libcurl-url - URL interface overview + +# DESCRIPTION + The URL interface provides functions for parsing and generating URLs. -.SH INCLUDE + +# INCLUDE + You still only include in your code. -.SH CREATE -Create a handle that holds URL info and resources with \fIcurl_url(3)\fP: -.nf + +# CREATE + +Create a handle that holds URL info and resources with curl_url(3): +~~~c CURLU *h = curl_url(); -.fi -.SH CLEANUP -When done with it, clean it up with \fIcurl_url_cleanup(3)\fP -.nf +~~~ + +# CLEANUP + +When done with it, clean it up with curl_url_cleanup(3) +~~~c curl_url_cleanup(h); -.fi -.SH DUPLICATE -When you need a copy of a handle, just duplicate it with \fIcurl_url_dup(3)\fP: -.nf +~~~ + +# DUPLICATE + +When you need a copy of a handle, just duplicate it with curl_url_dup(3): +~~~c CURLU *nh = curl_url_dup(h); -.fi -.SH PARSING -By setting a URL to the handle with \fIcurl_url_set(3)\fP, the URL is parsed +~~~ + +# PARSING + +By setting a URL to the handle with curl_url_set(3), the URL is parsed and stored in the handle. If the URL is not syntactically correct it returns an error instead. -.nf +~~~c rc = curl_url_set(h, CURLUPART_URL, "https://example.com:449/foo/bar?name=moo", 0); -.fi +~~~ The zero in the fourth argument is a bitmask for changing specific features. If successful, this stores the URL in its individual parts within the handle. -.SH REDIRECT + +# REDIRECT + When a handle already contains info about a URL, setting a relative URL makes it "redirect" to that. -.nf +~~~c rc = curl_url_set(h, CURLUPART_URL, "../test?another", 0); -.fi -.SH "GET URL" -The \fBCURLU\fP handle represents a URL and you can easily extract that with -\fIcurl_url_get(3)\fP: -.nf +~~~ + +# GET URL + +The **CURLU** handle represents a URL and you can easily extract that with +curl_url_get(3): +~~~c char *url; rc = curl_url_get(h, CURLUPART_URL, &url, 0); curl_free(url); -.fi +~~~ The zero in the fourth argument is a bitmask for changing specific features. -.SH "GET PARTS" + +# GET PARTS + When a URL has been parsed or parts have been set, you can extract those pieces from the handle at any time. -.nf +~~~c rc = curl_url_get(h, CURLUPART_FRAGMENT, &fragment, 0); rc = curl_url_get(h, CURLUPART_HOST, &host, 0); rc = curl_url_get(h, CURLUPART_PASSWORD, &password, 0); @@ -85,18 +95,20 @@ pieces from the handle at any time. rc = curl_url_get(h, CURLUPART_SCHEME, &scheme, 0); rc = curl_url_get(h, CURLUPART_USER, &user, 0); rc = curl_url_get(h, CURLUPART_ZONEID, &zoneid, 0); -.fi +~~~ Extracted parts are not URL decoded unless the user also asks for it with the -\fICURLU_URLDECODE\fP flag set in the fourth bitmask argument. +*CURLU_URLDECODE* flag set in the fourth bitmask argument. -Remember to free the returned string with \fIcurl_free(3)\fP when you are done +Remember to free the returned string with curl_free(3) when you are done with it! -.SH "SET PARTS" + +# SET PARTS + A user set individual URL parts, either after having parsed a full URL or instead of parsing such. -.nf +~~~c rc = curl_url_set(urlp, CURLUPART_FRAGMENT, "anchor", 0); rc = curl_url_set(urlp, CURLUPART_HOST, "www.example.com", 0); rc = curl_url_set(urlp, CURLUPART_PASSWORD, "doe", 0); @@ -106,20 +118,22 @@ instead of parsing such. rc = curl_url_set(urlp, CURLUPART_SCHEME, "https", 0); rc = curl_url_set(urlp, CURLUPART_USER, "john", 0); rc = curl_url_set(urlp, CURLUPART_ZONEID, "eth0", 0); -.fi +~~~ Set parts are not URL encoded unless the user asks for it with the -\fICURLU_URLENCODE\fP flag. -.SH "CURLU_APPENDQUERY" +*CURLU_URLENCODE* flag. + +# CURLU_APPENDQUERY + An application can append a string to the right end of the query part with the -\fICURLU_APPENDQUERY\fP flag to \fIcurl_url_set(3)\fP. +*CURLU_APPENDQUERY* flag to curl_url_set(3). Imagine a handle that holds the URL "https://example.com/?shoes=2". An application can then add the string "hat=1" to the query part like this: -.nf +~~~c rc = curl_url_set(urlp, CURLUPART_QUERY, "hat=1", CURLU_APPENDQUERY); -.fi +~~~ It notices the lack of an ampersand (&) separator and injects one, and the handle's full URL then equals "https://example.com/?shoes=2&hat=1". @@ -128,25 +142,21 @@ The appended string can of course also get URL encoded on add, and if asked to URL encode, the encoding process skips the '=' character. For example, append "candy=N&N" to what we already have, and URL encode it to deal with the ampersand in the data: -.nf + +~~~c rc = curl_url_set(urlp, CURLUPART_QUERY, "candy=N&N", CURLU_APPENDQUERY | CURLU_URLENCODE); -.fi +~~~ Now the URL looks like -.nf + +~~~c https://example.com/?shoes=2&hat=1&candy=N%26N -.fi -.SH AVAILABILITY +~~~ + +# AVAILABILITY + The URL API was introduced in libcurl 7.62.0. A URL with a literal IPv6 address can be parsed even when IPv6 support is not enabled. -.SH "SEE ALSO" -.BR curl_url (3), -.BR curl_url_cleanup (3), -.BR curl_url_dup (3), -.BR curl_url_get (3), -.BR curl_url_set (3), -.BR curl_url_strerror (3), -.BR CURLOPT_URL (3) diff --git a/docs/libcurl/libcurl-ws.3 b/docs/libcurl/libcurl-ws.md similarity index 59% rename from docs/libcurl/libcurl-ws.3 rename to docs/libcurl/libcurl-ws.md index 7b4b1dd49..40f7c039c 100644 --- a/docs/libcurl/libcurl-ws.3 +++ b/docs/libcurl/libcurl-ws.md @@ -1,37 +1,35 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.TH libcurl 3 "September 26, 2023" "libcurl 8.4.0" "libcurl" - -.SH NAME -libcurl-ws \- WebSocket interface overview -.SH DESCRIPTION +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: libcurl +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CONNECT_ONLY (3) + - CURLOPT_WRITEFUNCTION (3) + - CURLOPT_WS_OPTIONS (3) + - curl_easy_init (3) + - curl_ws_meta (3) + - curl_ws_recv (3) + - curl_ws_send (3) +--- + +# NAME + +libcurl-ws - WebSocket interface overview + +# DESCRIPTION + The WebSocket interface provides functions for receiving and sending WebSocket data. -.SH INCLUDE + +# INCLUDE + You still only include in your code. -.SH SETUP -WebSocket is also often known as \fIWebSockets\fP, in plural. It is done by + +# SETUP + +WebSocket is also often known as *WebSockets*, in plural. It is done by upgrading a regular HTTP(S) GET request to a WebSocket connection. WebSocket is a TCP-like message-based communication protocol done over HTTP, @@ -45,7 +43,9 @@ A WebSocket request is done as an HTTP/1 GET request with an "Upgrade WebSocket" request header field. When the upgrade is accepted by the server, it responds with a 101 Switching and then the client can speak WebSocket with the server. The communication can happen in both directions at the same time. -.SH MESSAGES + +# MESSAGES + WebSocket communication is message based. That means that both ends send and receive entire messages, not streams like TCP. A WebSocket message is sent over the wire in one or more frames. Each frame in a message can have a size @@ -59,9 +59,11 @@ arrive for the same frame. A message has an unknown size until the last frame header for the message has been received since only frames have set sizes. -.SH "Raw mode" + +# Raw mode + libcurl can be told to speak WebSocket in "raw mode" by setting the -\fBCURLWS_RAW_MODE\fP bit to the \fICURLOPT_WS_OPTIONS(3)\fP option. +**CURLWS_RAW_MODE** bit to the CURLOPT_WS_OPTIONS(3) option. Raw WebSocket means that libcurl passes on the data from the network without parsing it leaving that entirely to the application. This mode assumes that @@ -70,50 +72,52 @@ itself. This mode is intended for applications that already have a WebSocket parser/engine that want to switch over to use libcurl for enabling WebSocket, -but keep parts of the existing software architecture. -.SH PING +and keep parts of the existing software architecture. + +# PING + WebSocket is designed to allow long-lived sessions and in order to keep the connections alive, both ends can send PING messages for the other end to respond with a PONG. libcurl automatically responds to server PING messages with a PONG. It does not send any PING messages automatically. -.SH MODELS + +# MODELS + Because of the many different ways WebSocket can be used, which is much more flexible than limited to plain downloads or uploads, libcurl offers two different API models to use it: -1. Using a write callback with \fICURLOPT_WRITEFUNCTION(3)\fP much like other +1. Using a write callback with CURLOPT_WRITEFUNCTION(3) much like other downloads for when the traffic is download oriented. -2. Using \fICURLOPT_CONNECT_ONLY(3)\fP and use the WebSocket recv/send +2. Using CURLOPT_CONNECT_ONLY(3) and use the WebSocket recv/send functions. -.SH "Callback model" + +# Callback model + When a write callback is set and a WebSocket transfer is performed, the callback is called to deliver all WebSocket data that arrives. -The callback can then call \fIcurl_ws_meta(3)\fP to learn about the details of +The callback can then call curl_ws_meta(3) to learn about the details of the incoming data fragment. -.SH "CONNECT_ONLY model" -By setting \fICURLOPT_CONNECT_ONLY(3)\fP to \fB2L\fP, the transfer only + +# CONNECT_ONLY model + +By setting CURLOPT_CONNECT_ONLY(3) to **2L**, the transfer only establishes and setups the WebSocket communication and then returns control back to the application. Once such a setup has been successfully performed, the application can proceed -and use \fIcurl_ws_recv(3)\fP and \fIcurl_ws_send(3)\fP freely to exchange +and use curl_ws_recv(3) and curl_ws_send(3) freely to exchange WebSocket messages with the server. -.SH AVAILABILITY + +# AVAILABILITY + The WebSocket API was introduced as experimental in 7.86.0 and is still experimental today. It is only built-in if explicitly opted in at build time. We discourage use of the WebSocket API in production because of its experimental state. We might change API, ABI and behavior before this "goes live". -.SH "SEE ALSO" -.BR curl_easy_init (3), -.BR curl_ws_meta (3), -.BR curl_ws_recv (3), -.BR curl_ws_send (3), -.BR CURLOPT_CONNECT_ONLY (3), -.BR CURLOPT_WRITEFUNCTION (3), -.BR CURLOPT_WS_OPTIONS (3) diff --git a/docs/libcurl/libcurl.3 b/docs/libcurl/libcurl.md similarity index 60% rename from docs/libcurl/libcurl.3 rename to docs/libcurl/libcurl.md index 5328ac88a..1f7c97eaa 100644 --- a/docs/libcurl/libcurl.3 +++ b/docs/libcurl/libcurl.md @@ -1,88 +1,97 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.TH libcurl 3 "August 22, 2023" "libcurl 8.4.0" "libcurl" - -.SH NAME -libcurl \- client-side URL transfers -.SH DESCRIPTION +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: libcurl +Section: 3 +Source: libcurl +See-also: + - libcurl-easy (3) + - libcurl-multi (3) + - libcurl-security (3) + - libcurl-thread (3) +--- + +# NAME + +libcurl - client-side URL transfers + +# DESCRIPTION + This is a short overview on how to use libcurl in your C programs. There are specific man pages for each function mentioned in here. See -\fIlibcurl-easy(3)\fP, \fIlibcurl-multi(3)\fP, \fIlibcurl-share(3)\fP, -\fIlibcurl-url(3)\fP, \fIlibcurl-ws(3)\fP and \fIlibcurl-tutorial(3)\fP for +libcurl-easy(3), libcurl-multi(3), libcurl-share(3), +libcurl-url(3), libcurl-ws(3) and libcurl-tutorial(3) for in-depth understanding on how to program with libcurl. There are many bindings available that bring libcurl access to your favorite language. Look elsewhere for documentation on those. -.SH TRANSFERS -To transfer files, you create an "easy handle" using \fIcurl_easy_init(3)\fP + +# TRANSFERS + +To transfer files, you create an "easy handle" using curl_easy_init(3) for a single individual transfer (in either direction). You then set your -desired set of options in that handle with \fIcurl_easy_setopt(3)\fP. Options -you set with \fIcurl_easy_setopt(3)\fP stick. They are then used for every +desired set of options in that handle with curl_easy_setopt(3). Options +you set with curl_easy_setopt(3) stick. They are then used for every repeated use of this handle until you either change the option, or you reset -them all with \fIcurl_easy_reset(3)\fP. +them all with curl_easy_reset(3). To actually transfer data you have the option of using the "easy" interface, or the "multi" interface. The easy interface is a synchronous interface with which you call -\fIcurl_easy_perform(3)\fP and let it perform the transfer. When it is +curl_easy_perform(3) and let it perform the transfer. When it is completed, the function returns and you can continue. More details are found in -the \fIlibcurl-easy(3)\fP man page. +the libcurl-easy(3) man page. The multi interface on the other hand is an asynchronous interface, that you call and that performs only a little piece of the transfer on each invoke. It is perfect if you want to do things while the transfer is in progress, or similar. The multi interface allows you to select() on libcurl action, and even to easily download multiple files simultaneously using a single -thread. See further details in the \fIlibcurl-multi(3)\fP man page. +thread. See further details in the libcurl-multi(3) man page. + +# SUPPORT INTERFACES -.SH "SUPPORT INTERFACES" There is also a series of other helpful functions and interface families to use, including these: -.RS -.IP curl_version_info() + +## curl_version_info() + gets detailed libcurl (and other used libraries) version info. See -\fIcurl_version_info(3)\fP -.IP curl_getdate() -converts a date string to time_t. See \fIcurl_getdate(3)\fP -.IP curl_easy_getinfo() -get information about a performed transfer. See \fIcurl_easy_getinfo(3)\fP -.IP curl_mime_addpart() -helps building an HTTP form POST. See \fIcurl_mime_addpart(3)\fP -.IP curl_slist_append() -builds a linked list. See \fIcurl_slist_append(3)\fP -.IP Sharing data between transfers +curl_version_info(3) + +## curl_getdate() + +converts a date string to time_t. See curl_getdate(3) + +## curl_easy_getinfo() + +get information about a performed transfer. See curl_easy_getinfo(3) + +## curl_mime_addpart() + +helps building an HTTP form POST. See curl_mime_addpart(3) + +## curl_slist_append() + +builds a linked list. See curl_slist_append(3) + +## Sharing data between transfers + You can have multiple easy handles share certain data, even if they are used in different threads. This magic is setup using the share interface, as -described in the \fIlibcurl-share(3)\fP man page. -.IP "URL Parsing" -URL parsing and manipulations. See \fIlibcurl-url(3)\fP -.IP "WebSocket communication" -See \fIlibcurl-ws(3)\fP -.RE - -.SH "LINKING WITH LIBCURL" +described in the libcurl-share(3) man page. + +## URL Parsing + +URL parsing and manipulations. See libcurl-url(3) + +## WebSocket communication + +See libcurl-ws(3) + +# LINKING WITH LIBCURL + On unix-like machines, there is a tool named curl-config that gets installed with the rest of the curl stuff when 'make install' is performed. @@ -91,7 +100,7 @@ and developers to learn about libcurl and how to use it. Run 'curl-config --libs' to get the (additional) linker options you need to link with the particular version of libcurl you have installed. See the -\fIcurl-config(1)\fP man page for further details. +*curl-config(1)* man page for further details. Unix-like operating system that ship libcurl as part of their distributions often do not provide the curl-config tool, but simply install the library and @@ -99,42 +108,51 @@ headers in the common path for this purpose. Many Linux and similar systems use pkg-config to provide build and link options about libraries and libcurl supports that as well. -.SH "LIBCURL SYMBOL NAMES" + +# LIBCURL SYMBOL NAMES + All public functions in the libcurl interface are prefixed with 'curl_' (with a lowercase c). You can find other functions in the library source code, but other prefixes indicate that the functions are private and may change without further notice in the next release. Only use documented functions and functionality! -.SH "PORTABILITY" + +# PORTABILITY + libcurl works -.B exactly +**exactly** the same, on any of the platforms it compiles and builds on. -.SH "THREADS" + +# THREADS + libcurl is thread safe but there are a few exceptions. Refer to -\fIlibcurl-thread(3)\fP for more information. +libcurl-thread(3) for more information. + +# PERSISTENT CONNECTIONS -.SH "PERSISTENT CONNECTIONS" Persistent connections means that libcurl can reuse the same connection for several transfers, if the conditions are right. libcurl always attempts to use persistent connections. Whenever you use -\fIcurl_easy_perform(3)\fP or \fIcurl_multi_perform(3)\fP etc, libcurl +curl_easy_perform(3) or curl_multi_perform(3) etc, libcurl attempts to use an existing connection to do the transfer, and if none exists it opens a new one that is subject for reuse on a possible following call to -\fIcurl_easy_perform(3)\fP or \fIcurl_multi_perform(3)\fP. +curl_easy_perform(3) or curl_multi_perform(3). To allow libcurl to take full advantage of persistent connections, you should do as many of your file transfers as possible using the same handle. -If you use the easy interface, and you call \fIcurl_easy_cleanup(3)\fP, all +If you use the easy interface, and you call curl_easy_cleanup(3), all the possibly open connections held by libcurl are closed and forgotten. When you have created a multi handle and are using the multi interface, the connection pool is instead kept in the multi handle so closing and creating new easy handles to do transfers do not affect them. Instead all added easy handles can take advantage of the single shared pool. -.SH "GLOBAL CONSTANTS" + +# GLOBAL CONSTANTS + There are a variety of constants that libcurl uses, mainly through its internal use of other libraries, which are too complicated for the library loader to set up. Therefore, a program must call a library @@ -143,19 +161,19 @@ the library code. For example, when libcurl is built for SSL capability via the GNU TLS library, there is an elaborate tree inside that library that describes the SSL protocol. -\fIcurl_global_init(3)\fP is the function that you must call. This may +curl_global_init(3) is the function that you must call. This may allocate resources (e.g. the memory for the GNU TLS tree mentioned above), so -the companion function \fIcurl_global_cleanup(3)\fP releases them. +the companion function curl_global_cleanup(3) releases them. If libcurl was compiled with support for multiple SSL backends, the function -\fIcurl_global_sslset(3)\fP can be called before \fIcurl_global_init(3)\fP +curl_global_sslset(3) can be called before curl_global_init(3) to select the active SSL backend. The global constant functions are thread-safe since libcurl 7.84.0 if -\fIcurl_version_info(3)\fP has the CURL_VERSION_THREADSAFE feature bit set -(most platforms). Read \fIlibcurl-thread(3)\fP for thread safety guidelines. +curl_version_info(3) has the CURL_VERSION_THREADSAFE feature bit set +(most platforms). Read libcurl-thread(3) for thread safety guidelines. -If the global constant functions are \fInot thread safe\fP, then you must +If the global constant functions are *not thread safe*, then you must not call them when any other thread in the program is running. It is not good enough that no other thread is using libcurl at the time, because these functions internally call similar functions of other @@ -163,11 +181,11 @@ libraries, and those functions are similarly thread-unsafe. You cannot generally know what these libraries are, or whether other threads are using them. -If the global constant functions are \fInot thread safe\fP, then the basic rule +If the global constant functions are *not thread safe*, then the basic rule for constructing a program that uses libcurl is this: Call -\fIcurl_global_init(3)\fP, with a \fICURL_GLOBAL_ALL\fP argument, immediately +curl_global_init(3), with a *CURL_GLOBAL_ALL* argument, immediately after the program starts, while it is still only one thread and before it uses -libcurl at all. Call \fIcurl_global_cleanup(3)\fP immediately before the +libcurl at all. Call curl_global_cleanup(3) immediately before the program exits, when the program is again only one thread and after its last use of libcurl. @@ -177,19 +195,19 @@ and end of the program -- that is just usually the easiest way to do it. You can call both of these multiple times, as long as all calls meet these requirements and the number of calls to each is the same. -The global constant situation merits special consideration when the -code you are writing to use libcurl is not the main program, but rather -a modular piece of a program, e.g. another library. As a module, -your code does not know about other parts of the program -- it does not -know whether they use libcurl or not. And its code does not necessarily -run at the start and end of the whole program. +The global constant situation merits special consideration when the code you +are writing to use libcurl is not the main program, but rather a modular piece +of a program, e.g. another library. As a module, your code does not know about +other parts of the program -- it does not know whether they use libcurl or +not. Its code does not necessarily run at the start and end of the whole +program. A module like this must have global constant functions of its own, just like -\fIcurl_global_init(3)\fP and \fIcurl_global_cleanup(3)\fP. The module thus +curl_global_init(3) and curl_global_cleanup(3). The module thus has control at the beginning and end of the program and has a place to call the libcurl functions. If multiple modules in the program use libcurl, they all separately call the libcurl functions, and that is OK because only the -first \fIcurl_global_init(3)\fP and the last \fIcurl_global_cleanup(3)\fP in a +first curl_global_init(3) and the last curl_global_cleanup(3) in a program change anything. (libcurl uses a reference count in static memory). In a C++ module, it is common to deal with the global constant situation by @@ -198,28 +216,28 @@ the module. A program always has exactly one object of the class, in static storage. That way, the program automatically calls the constructor of the object as the program starts up and the destructor as it terminates. As the author of this libcurl-using module, you can make the constructor call -\fIcurl_global_init(3)\fP and the destructor call \fIcurl_global_cleanup(3)\fP +curl_global_init(3) and the destructor call curl_global_cleanup(3) and satisfy libcurl's requirements without your user having to think about it. (Caveat: If you are initializing libcurl from a Windows DLL you should not -initialize it from \fIDllMain\fP or a static initializer because Windows holds +initialize it from *DllMain* or a static initializer because Windows holds the loader lock during that time and it could cause a deadlock.) -\fIcurl_global_init(3)\fP has an argument that tells what particular parts of +curl_global_init(3) has an argument that tells what particular parts of the global constant environment to set up. In order to successfully use any -value except \fICURL_GLOBAL_ALL\fP (which says to set up the whole thing), you +value except *CURL_GLOBAL_ALL* (which says to set up the whole thing), you must have specific knowledge of internal workings of libcurl and all other parts of the program of which it is part. A special part of the global constant environment is the identity of the -memory allocator. \fIcurl_global_init(3)\fP selects the system default memory -allocator, but you can use \fIcurl_global_init_mem(3)\fP to supply one of your -own. However, there is no way to use \fIcurl_global_init_mem(3)\fP in a +memory allocator. curl_global_init(3) selects the system default memory +allocator, but you can use curl_global_init_mem(3) to supply one of your +own. However, there is no way to use curl_global_init_mem(3) in a modular program -- all modules in the program that might use libcurl would have to agree on one allocator. There is a failsafe in libcurl that makes it usable in simple situations without you having to worry about the global constant environment at all: -\fIcurl_easy_init(3)\fP sets up the environment itself if it has not been done +curl_easy_init(3) sets up the environment itself if it has not been done yet. The resources it acquires to do so get released by the operating system automatically when the program exits. diff --git a/docs/libcurl/mksymbolsmanpage.pl b/docs/libcurl/mksymbolsmanpage.pl index a8cb10d82..d7b9a77e3 100644 --- a/docs/libcurl/mksymbolsmanpage.pl +++ b/docs/libcurl/mksymbolsmanpage.pl @@ -23,40 +23,32 @@ # * # *************************************************************************** -my $version="7.41.0"; - use POSIX qw(strftime); -my $date = strftime "%b %e, %Y", localtime; -my $year = strftime "%Y", localtime; +my @ts; +if (defined($ENV{SOURCE_DATE_EPOCH})) { + @ts = localtime($ENV{SOURCE_DATE_EPOCH}); +} else { + @ts = localtime; +} +my $date = strftime "%b %e, %Y", @ts; +my $year = strftime "%Y", @ts; print <
, et al. -.\\" * -.\\" * This software is licensed as described in the file COPYING, which -.\\" * you should have received as part of this distribution. The terms -.\\" * are also available at https://curl.se/docs/copyright.html. -.\\" * -.\\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\\" * copies of the Software, and permit persons to whom the Software is -.\\" * furnished to do so, under the terms of the COPYING file. -.\\" * -.\\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\\" * KIND, either express or implied. -.\\" * -.\\" * SPDX-License-Identifier: curl -.\\" * -.\\" ************************************************************************** -.TH libcurl-symbols 3 "$date" "libcurl" "libcurl" -.SH NAME -libcurl-symbols \\- libcurl symbol version information -.SH "libcurl symbols" +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: libcurl-symbols +Section: 3 +Source: libcurl +See-also: + - libcurl (3) + - libcurl-easy (3) + - libcurl-multi (3) + - libcurl-security (3) + - libcurl-thread (3) +--- +# libcurl symbols + This man page details version information for public symbols provided in the libcurl header files. This lists the first version in which the symbol was introduced and for some symbols two additional information pieces: @@ -72,6 +64,224 @@ This man page is automatically generated from the symbols-in-versions file. HEADER ; +sub nameref { + my ($n)=@_; + if($n =~ /^CURLOPT_/) { + if($n eq "CURLOPT_RTSPHEADER") { + $n = "CURLOPT_HTTPHEADER"; + } + elsif($n eq "CURLOPT_WRITEHEADER") { + $n = "CURLOPT_HEADERDATA"; + } + elsif($n eq "CURLOPT_WRITEINFO") { + ; # now obsolete + } + else { + return "$n(3)"; + } + } + elsif($n =~ /^CURLMOPT_/) { + return "$n(3)"; + } + elsif($n =~ /^CURLINFO_/) { + my %infotypes = ( + 'CURLINFO_TEXT' => 1, + 'CURLINFO_HEADER_IN' => 1, + 'CURLINFO_HEADER_OUT' => 1, + 'CURLINFO_DATA_IN' => 1, + 'CURLINFO_DATA_OUT' => 1, + 'CURLINFO_SSL_DATA_IN' => 1, + 'CURLINFO_SSL_DATA_OUT' => 1, + ); + if($infotypes{$n}) { + return "CURLOPT_DEBUGFUNCTION(3)"; + } + } + elsif($n =~ /^CURLALTSVC_/) { + return "CURLOPT_ALTSVC_CTRL(3)"; + } + elsif($n =~ /^CURLAUTH_/) { + return "CURLOPT_HTTPAUTH(3)"; + } + elsif($n =~ /^CURLFORM_/) { + return "curl_formadd(3)"; + } + elsif($n =~ /^CURLKH/) { + return "CURLOPT_SSH_KEYFUNCTION(3)"; + } + elsif($n =~ /^CURLE_/) { + return "libcurl-errors(3)"; + } + elsif($n =~ /^CURLM_/) { + return "libcurl-errors(3)"; + } + elsif($n =~ /^CURLUE_/) { + return "libcurl-errors(3)"; + } + elsif($n =~ /^CURLHE_/) { + return "libcurl-errors(3)"; + } + elsif($n =~ /^CURLSHE_/) { + return "libcurl-errors(3)"; + } + elsif($n =~ /^CURLPROTO_/) { + return "CURLINFO_PROTOCOL(3)"; + } + elsif($n =~ /^CURLPX_/) { + return "CURLINFO_PROXY_ERROR(3)"; + } + elsif($n =~ /^CURLPROXY_/) { + return "CURLOPT_PROXYTYPE(3)"; + } + elsif($n =~ /^CURLSSLBACKEND_/) { + return "curl_global_sslset(3)"; + } + elsif($n =~ /^CURLSSLOPT_/) { + return "CURLOPT_SSL_OPTIONS(3)"; + } + elsif($n =~ /^CURLSSLSET_/) { + return "curl_global_sslset(3)"; + } + elsif($n =~ /^CURLUPART_/) { + return "curl_url_get(3)"; + } + elsif($n =~ /^CURLU_/) { + return "curl_url_get(3)"; + } + elsif($n =~ /^CURLVERSION_/) { + return "curl_version_info(3)"; + } + elsif($n =~ /^CURLSHOPT_/) { + if($n eq "CURLSHOPT_NONE") { + $n = "curl_share_setopt"; + } + return "$n(3)"; + } + elsif($n =~ /^CURLWS_/) { + return "curl_ws_send(3)"; + } + elsif($n =~ /^CURL_FORMADD_/) { + return "curl_formadd(3)"; + } + elsif($n =~ /^CURL_HTTPPOST_/) { + return "curl_formadd(3)"; + } + elsif($n =~ /^CURL_GLOBAL_/) { + return "curl_global_init(3)"; + } + elsif($n =~ /^CURL_HTTP_VERSION_/) { + return "CURLOPT_HTTP_VERSION(3)"; + } + elsif($n =~ /^CURL_LOCK_/) { + return "CURLSHOPT_SHARE(3)"; + } + elsif($n =~ /^CURL_SSLVERSION_/) { + return "CURLOPT_SSLVERSION(3)"; + } + elsif($n =~ /^CURL_VERSION_/) { + return "curl_version_info(3)"; + } + elsif($n =~ /^CURL_RTSPREQ_/) { + return "CURLOPT_RTSP_REQUEST(3)"; + } + elsif($n =~ /^CURLH_/) { + return "curl_easy_header(3)"; + } + elsif($n =~ /^CURL_TRAILERFUNC_/) { + return "CURLOPT_TRAILERFUNCTION(3)"; + } + elsif($n =~ /^CURLOT_/) { + return "curl_easy_option_next(3)"; + } + elsif($n =~ /^CURLFINFOFLAG_/) { + return "CURLOPT_CHUNK_BGN_FUNCTION(3)"; + } + elsif($n =~ /^CURLFILETYPE_/) { + return "CURLOPT_CHUNK_BGN_FUNCTION(3)"; + } + elsif($n =~ /^CURL_CHUNK_BGN_FUNC_/) { + return "CURLOPT_CHUNK_BGN_FUNCTION(3)"; + } + elsif($n =~ /^CURL_CHUNK_END_FUNC_/) { + return "CURLOPT_CHUNK_END_FUNCTION(3)"; + } + elsif($n =~ /^CURLSSH_AUTH_/) { + return "CURLOPT_SSH_AUTH_TYPES(3)"; + } + elsif($n =~ /^CURL_POLL_/) { + return "CURLMOPT_SOCKETFUNCTION(3)"; + } + elsif($n =~ /^CURLMSG_/) { + return "curl_multi_info_read(3)"; + } + elsif($n =~ /^CURLFTPAUTH_/) { + return "CURLOPT_FTPSSLAUTH(3)"; + } + elsif($n =~ /^CURLFTPMETHOD_/) { + return "CURLOPT_FTP_FILEMETHOD(3)"; + } + elsif($n =~ /^CURLFTPSSL_/) { + return "CURLOPT_USE_SSL(3)"; + } + elsif($n =~ /^CURLFTP_CREATE_/) { + return "CURLOPT_FTP_CREATE_MISSING_DIRS(3)"; + } + elsif($n =~ /^CURLGSSAPI_DELEGATION_/) { + return "CURLOPT_GSSAPI_DELEGATION(3)"; + } + elsif($n =~ /^CURLHEADER_/) { + return "CURLOPT_HEADEROPT(3)"; + } + elsif($n =~ /^CURLHSTS_/) { + return "CURLOPT_HSTS_CTRL(3)"; + } + elsif($n =~ /^CURLIOCMD_/) { + return "CURLOPT_IOCTLFUNCTION(3)"; + } + elsif($n =~ /^CURLIOE_/) { + return "CURLOPT_IOCTLFUNCTION(3)"; + } + elsif($n =~ /^CURLMIMEOPT_/) { + return "CURLOPT_MIME_OPTIONS(3)"; + } + elsif($n =~ /^CURLPAUSE_/) { + return "curl_easy_pause(3)"; + } + elsif($n =~ /^CURLPIPE_/) { + return "CURLMOPT_PIPELINING(3)"; + } + elsif($n =~ /^CURLSOCKTYPE_/) { + return "CURLOPT_SOCKOPTFUNCTION(3)"; + } + elsif($n =~ /^CURLSTS_/) { + return "CURLOPT_HSTSREADFUNCTION(3)"; + } + elsif($n =~ /^CURLUSESSL_/) { + return "CURLOPT_USE_SSL(3)"; + } + elsif($n =~ /^CURL_CSELECT_/) { + return "curl_multi_socket_action(3)"; + } + elsif($n =~ /^CURL_FNMATCHFUNC_/) { + return "CURLOPT_FNMATCH_FUNCTION(3)"; + } + elsif($n =~ /^CURL_HET_/) { + return "CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS(3)"; + } + elsif($n =~ /^CURL_IPRESOLVE_/) { + return "CURLOPT_IPRESOLVE(3)"; + } + elsif($n =~ /^CURL_SEEKFUNC_/) { + return "CURLOPT_SEEKFUNCTION(3)"; + } + elsif($n =~ /^CURL_TIMECOND_/) { + return "CURLOPT_TIMECONDITION(3)"; + } + elsif($n =~ /^CURL_REDIR_POST_/) { + return "CURLOPT_POSTREDIR(3)"; + } +} + while() { if($_ =~ /^(CURL[A-Z0-9_.]*) *(.*)/i) { my ($symbol, $rest)=($1,$2); @@ -82,16 +292,20 @@ while() { if($rest =~ s/^([0-9.]*) *//) { $dep = $1; } - if($rest =~ s/^([0-9.]*) *//) { + if($rest =~ s/^- *([0-9.]*)//) { $rem = $1; } - print ".IP $symbol\nIntroduced in $intro\n"; + print "\n## $symbol\nIntroduced in $intro."; if($dep) { - print "Deprecated since $dep\n"; + print " Deprecated since $dep."; } if($rem) { - print "Last used in $rem\n"; + print " Last used in $rem."; } + my $see = $rem || $dep ? "" : nameref($symbol); + if($see) { + print " See $see."; + } + print "\n"; } - } diff --git a/docs/libcurl/opts/CMakeLists.txt b/docs/libcurl/opts/CMakeLists.txt index 152a08a35..82844a225 100644 --- a/docs/libcurl/opts/CMakeLists.txt +++ b/docs/libcurl/opts/CMakeLists.txt @@ -26,10 +26,9 @@ transform_makefile_inc("Makefile.inc" "${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc. include("${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake") add_manual_pages(man_MANS) - -string(REPLACE ".3" ".html" HTMLPAGES "${man_MANS}") -string(REPLACE ".3" ".pdf" PDFPAGES "${man_MANS}") -add_custom_target(opts-html DEPENDS ${HTMLPAGES}) -add_custom_target(opts-pdf DEPENDS ${PDFPAGES}) -add_dependencies(html opts-html) -add_dependencies(pdf opts-pdf) +add_custom_target(opts-man DEPENDS ${man_MANS}) +add_dependencies(man opts-man) +if(NOT CURL_DISABLE_INSTALL) + install(FILES "$" + DESTINATION ${CMAKE_INSTALL_MANDIR}/man3) +endif() diff --git a/docs/libcurl/opts/CURLINFO_ACTIVESOCKET.md b/docs/libcurl/opts/CURLINFO_ACTIVESOCKET.md new file mode 100644 index 000000000..7e106ed0b --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_ACTIVESOCKET.md @@ -0,0 +1,77 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_ACTIVESOCKET +Section: 3 +Source: libcurl +See-also: + - CURLINFO_LASTSOCKET (3) + - CURLOPT_CONNECT_ONLY (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_ACTIVESOCKET - get the active socket + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_ACTIVESOCKET, + curl_socket_t *socket); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_socket_t to receive the most recently active socket +used for the transfer connection by this curl session. If the socket is no +longer valid, *CURL_SOCKET_BAD* is returned. When you are finished working +with the socket, you must call curl_easy_cleanup(3) as usual on the easy +handle and let libcurl close the socket and cleanup other resources associated +with the handle. This option returns the active socket only after the transfer +is complete, and is typically used in combination with +CURLOPT_CONNECT_ONLY(3), which skips the transfer phase. + +CURLINFO_ACTIVESOCKET(3) was added as a replacement for +CURLINFO_LASTSOCKET(3) since that one is not working on all platforms. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_socket_t sockfd; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Do not do the transfer - only connect to host */ + curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L); + res = curl_easy_perform(curl); + + /* Extract the socket from the curl handle */ + res = curl_easy_getinfo(curl, CURLINFO_ACTIVESOCKET, &sockfd); + + if(res != CURLE_OK) { + printf("Error: %s\n", curl_easy_strerror(res)); + return 1; + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.45.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME.md b/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME.md new file mode 100644 index 000000000..17fb46580 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_APPCONNECT_TIME +Section: 3 +Source: libcurl +See-also: + - CURLINFO_APPCONNECT_TIME_T (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_APPCONNECT_TIME - get the time until the SSL/SSH handshake is completed + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_APPCONNECT_TIME, + double *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a double to receive the time, in seconds, it took from the +start until the SSL/SSH connect/handshake to the remote host was completed. +This time is most often close to the CURLINFO_PRETRANSFER_TIME(3) time, +except for cases such as HTTP pipelining where the pretransfer time can be +delayed due to waits in line for the pipeline and more. + +When a redirect is followed, the time from each request is added together. + +See also the TIMES overview in the curl_easy_getinfo(3) man page. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + double connect; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + res = curl_easy_getinfo(curl, CURLINFO_APPCONNECT_TIME, &connect); + if(CURLE_OK == res) { + printf("Time: %.1f", connect); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.19.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME_T.md b/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME_T.md new file mode 100644 index 000000000..cc4f2b858 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_APPCONNECT_TIME_T.md @@ -0,0 +1,73 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_APPCONNECT_TIME_T +Section: 3 +Source: libcurl +See-also: + - CURLINFO_APPCONNECT_TIME (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_APPCONNECT_TIME_T - time until the SSL/SSH handshake completed + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_APPCONNECT_TIME_T, + curl_off_t *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_off_t to receive the time, in microseconds, it took +from the start until the SSL/SSH connect/handshake to the remote host was +completed. This time is most often close to the +CURLINFO_PRETRANSFER_TIME_T(3) time, except for cases such as HTTP +pipelining where the pretransfer time can be delayed due to waits in line for +the pipeline and more. + +When a redirect is followed, the time from each request is added together. + +See also the TIMES overview in the curl_easy_getinfo(3) man page. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_off_t connect; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + res = curl_easy_getinfo(curl, CURLINFO_APPCONNECT_TIME_T, &connect); + if(CURLE_OK == res) { + printf("Time: %" CURL_FORMAT_CURL_OFF_T ".%06ld", connect / 1000000, + (long)(connect % 1000000)); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.61.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_CAINFO.md b/docs/libcurl/opts/CURLINFO_CAINFO.md new file mode 100644 index 000000000..44b253967 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_CAINFO.md @@ -0,0 +1,66 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_CAINFO +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CAPATH (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_CAINFO - get the default built-in CA certificate path + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_CAINFO, char **path); +~~~ + +# DESCRIPTION + +Pass a pointer to a char pointer to receive the pointer to a null-terminated +string holding the default built-in path used for the CURLOPT_CAINFO(3) +option unless set by the user. + +Note that in a situation where libcurl has been built to support multiple TLS +libraries, this option might return a string even if the specific TLS library +currently set to be used does not support CURLOPT_CAINFO(3). + +This is a path identifying a single file containing CA certificates. + +The **path** pointer is set to NULL if there is no default path. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + char *cainfo = NULL; + curl_easy_getinfo(curl, CURLINFO_CAINFO, &cainfo); + if(cainfo) { + printf("default ca info path: %s\n", cainfo); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.84.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_CAPATH.md b/docs/libcurl/opts/CURLINFO_CAPATH.md new file mode 100644 index 000000000..46499e7f6 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_CAPATH.md @@ -0,0 +1,66 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_CAPATH +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CAINFO (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_CAPATH - get the default built-in CA path string + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_CAPATH, char **path); +~~~ + +# DESCRIPTION + +Pass a pointer to a char pointer to receive the pointer to a null-terminated +string holding the default built-in path used for the CURLOPT_CAPATH(3) +option unless set by the user. + +Note that in a situation where libcurl has been built to support multiple TLS +libraries, this option might return a string even if the specific TLS library +currently set to be used does not support CURLOPT_CAPATH(3). + +This is a path identifying a directory. + +The **path** pointer is set to NULL if there is no default path. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + char *capath = NULL; + curl_easy_getinfo(curl, CURLINFO_CAPATH, &capath); + if(capath) { + printf("default ca path: %s\n", capath); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.84.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_CERTINFO.md b/docs/libcurl/opts/CURLINFO_CERTINFO.md new file mode 100644 index 000000000..d9cbc9306 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_CERTINFO.md @@ -0,0 +1,101 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_CERTINFO +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CAPATH (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_CERTINFO - get the TLS certificate chain + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_CERTINFO, + struct curl_certinfo **chainp); +~~~ + +# DESCRIPTION + +Pass a pointer to a *struct curl_certinfo ** and it is set to point to a +struct that holds info about the server's certificate chain, assuming you had +CURLOPT_CERTINFO(3) enabled when the request was made. + +~~~c +struct curl_certinfo { + int num_of_certs; + struct curl_slist **certinfo; +}; +~~~ + +The *certinfo* struct member is an array of linked lists of certificate +information. The *num_of_certs* struct member is the number of certificates +which is the number of elements in the array. Each certificate's list has +items with textual information in the format "name:content" such as +"Subject:Foo", "Issuer:Bar", etc. The items in each list varies depending on +the SSL backend and the certificate. + +# PROTOCOLS + +All TLS-based + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://www.example.com/"); + + /* connect to any HTTPS site, trusted or not */ + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + + curl_easy_setopt(curl, CURLOPT_CERTINFO, 1L); + + res = curl_easy_perform(curl); + + if(!res) { + int i; + struct curl_certinfo *ci; + res = curl_easy_getinfo(curl, CURLINFO_CERTINFO, &ci); + + if(!res) { + printf("%d certs!\n", ci->num_of_certs); + + for(i = 0; i < ci->num_of_certs; i++) { + struct curl_slist *slist; + + for(slist = ci->certinfo[i]; slist; slist = slist->next) + printf("%s\n", slist->data); + } + } + } + curl_easy_cleanup(curl); + } +} +~~~ + +See also the *certinfo.c* example. + +# AVAILABILITY + +This option is only working in libcurl built with OpenSSL, GnuTLS, Schannel or +Secure Transport. GnuTLS support added in 7.42.0. Schannel support added in +7.50.0. Secure Transport support added in 7.79.0. + +Added in 7.19.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_CONDITION_UNMET.md b/docs/libcurl/opts/CURLINFO_CONDITION_UNMET.md new file mode 100644 index 000000000..aca04f1c9 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_CONDITION_UNMET.md @@ -0,0 +1,80 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_CONDITION_UNMET +Section: 3 +Source: libcurl +See-also: + - CURLOPT_TIMECONDITION (3) + - CURLOPT_TIMEVALUE (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_CONDITION_UNMET - get info on unmet time conditional or 304 HTTP response. + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_CONDITION_UNMET, + long *unmet); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive the number 1 if the condition provided in +the previous request did not match (see CURLOPT_TIMECONDITION(3)). Alas, +if this returns a 1 you know that the reason you did not get data in return is +because it did not fulfill the condition. The long this argument points to +gets a zero stored if the condition instead was met. This can also return 1 if +the server responded with a 304 HTTP status code, for example after sending a +custom "If-Match-*" header. + +# PROTOCOLS + +HTTP and some + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* January 1, 2020 is 1577833200 */ + curl_easy_setopt(curl, CURLOPT_TIMEVALUE, 1577833200L); + + /* If-Modified-Since the above time stamp */ + curl_easy_setopt(curl, CURLOPT_TIMECONDITION, + (long)CURL_TIMECOND_IFMODSINCE); + + /* Perform the request */ + res = curl_easy_perform(curl); + + if(!res) { + /* check the time condition */ + long unmet; + res = curl_easy_getinfo(curl, CURLINFO_CONDITION_UNMET, &unmet); + if(!res) { + printf("The time condition was %sfulfilled\n", unmet?"NOT":""); + } + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.19.4 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_CONNECT_TIME.md b/docs/libcurl/opts/CURLINFO_CONNECT_TIME.md new file mode 100644 index 000000000..1fde76699 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_CONNECT_TIME.md @@ -0,0 +1,67 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_CONNECT_TIME +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CONNECT_TIME_T (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_CONNECT_TIME - get the time until connect + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_CONNECT_TIME, double *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a double to receive the total time in seconds from the start +until the connection to the remote host (or proxy) was completed. + +When a redirect is followed, the time from each request is added together. + +See also the TIMES overview in the curl_easy_getinfo(3) man page. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + double connect; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + res = curl_easy_getinfo(curl, CURLINFO_CONNECT_TIME, &connect); + if(CURLE_OK == res) { + printf("Time: %.1f", connect); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.4.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_CONNECT_TIME_T.md b/docs/libcurl/opts/CURLINFO_CONNECT_TIME_T.md new file mode 100644 index 000000000..cd72cdd07 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_CONNECT_TIME_T.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_CONNECT_TIME_T +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CONNECT_TIME (3) + - CURLOPT_CONNECTTIMEOUT (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_CONNECT_TIME_T - get the time until connect + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_CONNECT_TIME_T, + curl_off_t *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_off_t to receive the total time in microseconds from +the start until the connection to the remote host (or proxy) was completed. + +When a redirect is followed, the time from each request is added together. + +See also the TIMES overview in the curl_easy_getinfo(3) man page. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_off_t connect; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + res = curl_easy_getinfo(curl, CURLINFO_CONNECT_TIME_T, &connect); + if(CURLE_OK == res) { + printf("Time: %" CURL_FORMAT_CURL_OFF_T ".%06ld", connect / 1000000, + (long)(connect % 1000000)); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.61.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_CONN_ID.md b/docs/libcurl/opts/CURLINFO_CONN_ID.md new file mode 100644 index 000000000..d4791b42c --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_CONN_ID.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_CONN_ID +Section: 3 +Source: libcurl +See-also: + - CURLINFO_XFER_ID (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_CONN_ID - get the ID of the last connection used by the handle + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_CONN_ID, + curl_off_t *conn_id); +~~~ + +# DESCRIPTION + +Pass a pointer to a *curl_off_t* to receive the connection identifier last +used by the handle. Stores -1 if there was no connection used. + +The connection id is unique among all connections using the same +connection cache. This is implicitly the case for all connections in the +same multi handle. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Perform the request */ + res = curl_easy_perform(curl); + + if(!res) { + curl_off_t conn_id; + res = curl_easy_getinfo(curl, CURLINFO_CONN_ID, &conn_id); + if(!res) { + printf("Connection used: %" CURL_FORMAT_CURL_OFF_T "\n", conn_id); + } + } + } +} +~~~ + +# AVAILABILITY + +Added in 8.2.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD.md b/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD.md new file mode 100644 index 000000000..1e01419bd --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_CONTENT_LENGTH_DOWNLOAD +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CONTENT_LENGTH_UPLOAD (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_CONTENT_LENGTH_DOWNLOAD - get content-length of download + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_CONTENT_LENGTH_DOWNLOAD, + double *content_length); +~~~ + +# DESCRIPTION + +Pass a pointer to a double to receive the content-length of the download. This +is the value read from the Content-Length: field. Since 7.19.4, this returns +-1 if the size is not known. + +CURLINFO_CONTENT_LENGTH_DOWNLOAD_T(3) is a newer replacement that returns a more +sensible variable type. + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Perform the request */ + res = curl_easy_perform(curl); + + if(!res) { + /* check the size */ + double cl; + res = curl_easy_getinfo(curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &cl); + if(!res) { + printf("Size: %.0f\n", cl); + } + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.6.1. Deprecated since 7.55.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md b/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md new file mode 100644 index 000000000..15016c84c --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md @@ -0,0 +1,67 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_CONTENT_LENGTH_DOWNLOAD_T +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CONTENT_LENGTH_UPLOAD_T (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_CONTENT_LENGTH_DOWNLOAD_T - get content-length of download + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_CONTENT_LENGTH_DOWNLOAD_T, + curl_off_t *content_length); +~~~ + +# DESCRIPTION + +Pass a pointer to a *curl_off_t* to receive the content-length of the +download. This is the value read from the Content-Length: field. Stores -1 if +the size is not known. + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Perform the request */ + res = curl_easy_perform(curl); + + if(!res) { + /* check the size */ + curl_off_t cl; + res = curl_easy_getinfo(curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD_T, &cl); + if(!res) { + printf("Download size: %" CURL_FORMAT_CURL_OFF_T "\n", cl); + } + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.55.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD.md b/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD.md new file mode 100644 index 000000000..c90e19e72 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD.md @@ -0,0 +1,69 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_CONTENT_LENGTH_UPLOAD +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CONTENT_LENGTH_DOWNLOAD_T (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_CONTENT_LENGTH_UPLOAD - get the specified size of the upload + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_CONTENT_LENGTH_UPLOAD, + double *content_length); +~~~ + +# DESCRIPTION + +Pass a pointer to a double to receive the specified size of the upload. Since +7.19.4, this returns -1 if the size is not known. + +CURLINFO_CONTENT_LENGTH_UPLOAD_T(3) is a newer replacement that returns a +more sensible variable type. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Perform the upload */ + res = curl_easy_perform(curl); + + if(!res) { + /* check the size */ + double cl; + res = curl_easy_getinfo(curl, CURLINFO_CONTENT_LENGTH_UPLOAD, &cl); + if(!res) { + printf("Size: %.0f\n", cl); + } + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.6.1. Deprecated since 7.55.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD_T.md b/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD_T.md new file mode 100644 index 000000000..319a3345e --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_CONTENT_LENGTH_UPLOAD_T.md @@ -0,0 +1,66 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_CONTENT_LENGTH_UPLOAD_T +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CONTENT_LENGTH_DOWNLOAD_T (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_CONTENT_LENGTH_UPLOAD_T - get the specified size of the upload + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_CONTENT_LENGTH_UPLOAD_T, + curl_off_t *content_length); +~~~ + +# DESCRIPTION + +Pass a pointer to a *curl_off_t* to receive the specified size of the +upload. Stores -1 if the size is not known. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Perform the upload */ + res = curl_easy_perform(curl); + + if(!res) { + /* check the size */ + curl_off_t cl; + res = curl_easy_getinfo(curl, CURLINFO_CONTENT_LENGTH_UPLOAD_T, &cl); + if(!res) { + printf("Upload size: %" CURL_FORMAT_CURL_OFF_T "\n", cl); + } + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.55.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_CONTENT_TYPE.md b/docs/libcurl/opts/CURLINFO_CONTENT_TYPE.md new file mode 100644 index 000000000..b87457251 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_CONTENT_TYPE.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_CONTENT_TYPE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HEADERFUNCTION (3) + - curl_easy_getinfo (3) + - curl_easy_header (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_CONTENT_TYPE - get Content-Type + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_CONTENT_TYPE, char **ct); +~~~ + +# DESCRIPTION + +Pass a pointer to a char pointer to receive the content-type of the downloaded +object. This is the value read from the Content-Type: field. If you get NULL, +it means that the server did not send a valid Content-Type header or that the +protocol used does not support this. + +The **ct** pointer is set to NULL or pointing to private memory. You MUST +NOT free it - it gets freed when you call curl_easy_cleanup(3) on the +corresponding CURL handle. + +The modern way to get this header from a response is to instead use the +curl_easy_header(3) function. + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + res = curl_easy_perform(curl); + + if(!res) { + /* extract the content-type */ + char *ct = NULL; + res = curl_easy_getinfo(curl, CURLINFO_CONTENT_TYPE, &ct); + if(!res && ct) { + printf("Content-Type: %s\n", ct); + } + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.9.4 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_COOKIELIST.md b/docs/libcurl/opts/CURLINFO_COOKIELIST.md new file mode 100644 index 000000000..60ac0f036 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_COOKIELIST.md @@ -0,0 +1,82 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_COOKIELIST +Section: 3 +Source: libcurl +See-also: + - CURLOPT_COOKIELIST (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_COOKIELIST - get all known cookies + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_COOKIELIST, + struct curl_slist **cookies); +~~~ + +# DESCRIPTION + +Pass a pointer to a 'struct curl_slist *' to receive a linked-list of all +cookies curl knows (expired ones, too). Do not forget to call +curl_slist_free_all(3) on the list after it has been used. If there are no +cookies (cookies for the handle have not been enabled or simply none have been +received) the 'struct curl_slist *' is made a NULL pointer. + +Since 7.43.0 cookies that were imported in the Set-Cookie format without a +domain name are not exported by this option. + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* enable the cookie engine */ + curl_easy_setopt(curl, CURLOPT_COOKIEFILE, ""); + + res = curl_easy_perform(curl); + + if(!res) { + /* extract all known cookies */ + struct curl_slist *cookies = NULL; + res = curl_easy_getinfo(curl, CURLINFO_COOKIELIST, &cookies); + if(!res && cookies) { + /* a linked list of cookies in cookie file format */ + struct curl_slist *each = cookies; + while(each) { + printf("%s\n", each->data); + each = each->next; + } + /* we must free these cookies when we are done */ + curl_slist_free_all(cookies); + } + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.14.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_EFFECTIVE_METHOD.md b/docs/libcurl/opts/CURLINFO_EFFECTIVE_METHOD.md new file mode 100644 index 000000000..da2e2a016 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_EFFECTIVE_METHOD.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_EFFECTIVE_METHOD +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CUSTOMREQUEST (3) + - CURLOPT_FOLLOWLOCATION (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_EFFECTIVE_METHOD - get the last used HTTP method + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_EFFECTIVE_METHOD, + char **methodp); +~~~ + +# DESCRIPTION + +Pass in a pointer to a char pointer and get the last used effective HTTP +method. + +In cases when you have asked libcurl to follow redirects, the method may not be +the same method the first request would use. + +The **methodp** pointer is NULL or points to private memory. You MUST NOT +free - it gets freed when you call curl_easy_cleanup(3) on the +corresponding CURL handle. + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "data"); + curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + char *method = NULL; + curl_easy_getinfo(curl, CURLINFO_EFFECTIVE_METHOD, &method); + if(method) + printf("Redirected to method: %s\n", method); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.72.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_EFFECTIVE_URL.md b/docs/libcurl/opts/CURLINFO_EFFECTIVE_URL.md new file mode 100644 index 000000000..268ff2c67 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_EFFECTIVE_URL.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_EFFECTIVE_URL +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FOLLOWLOCATION (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_EFFECTIVE_URL - get the last used URL + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_EFFECTIVE_URL, char **urlp); +~~~ + +# DESCRIPTION + +Pass in a pointer to a char pointer and get the last used effective URL. + +In cases when you have asked libcurl to follow redirects, it may not be the same +value you set with CURLOPT_URL(3). + +The **urlp** pointer is NULL or points to private memory. You MUST NOT free +- it gets freed when you call curl_easy_cleanup(3) on the corresponding +CURL handle. + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + char *url = NULL; + curl_easy_getinfo(curl, CURLINFO_EFFECTIVE_URL, &url); + if(url) + printf("Redirect to: %s\n", url); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.4 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_FILETIME.md b/docs/libcurl/opts/CURLINFO_FILETIME.md new file mode 100644 index 000000000..77ef534b4 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_FILETIME.md @@ -0,0 +1,76 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_FILETIME +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FILETIME (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_FILETIME - get the remote time of the retrieved document + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_FILETIME, long *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive the remote time of the retrieved document +in number of seconds since January 1 1970 in the GMT/UTC time zone. If you get +-1, it can be because of many reasons (it might be unknown, the server might +hide it or the server does not support the command that tells document time +etc) and the time of the document is unknown. + +You must tell libcurl to collect this information before the transfer is made, +by using the CURLOPT_FILETIME(3) option to curl_easy_setopt(3) or +you this unconditionally gets a -1 back. + +Consider using CURLINFO_FILETIME_T(3) to be able to extract dates beyond +the year 2038 on systems using 32 bit longs (Windows). + +# PROTOCOLS + +HTTP(S), FTP(S), SFTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + /* Ask for filetime */ + curl_easy_setopt(curl, CURLOPT_FILETIME, 1L); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + long filetime = 0; + res = curl_easy_getinfo(curl, CURLINFO_FILETIME, &filetime); + if((CURLE_OK == res) && (filetime >= 0)) { + time_t file_time = (time_t)filetime; + printf("filetime: %s", ctime(&file_time)); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.5 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_FILETIME_T.md b/docs/libcurl/opts/CURLINFO_FILETIME_T.md new file mode 100644 index 000000000..62c5f3cb0 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_FILETIME_T.md @@ -0,0 +1,78 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_FILETIME +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FILETIME (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_FILETIME_T - get the remote time of the retrieved document + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_FILETIME_T, + curl_off_t *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_off_t to receive the remote time of the retrieved +document in number of seconds since January 1 1970 in the GMT/UTC time +zone. If you get -1, it can be because of many reasons (it might be unknown, +the server might hide it or the server does not support the command that tells +document time etc) and the time of the document is unknown. + +You must ask libcurl to collect this information before the transfer is made, +by using the CURLOPT_FILETIME(3) option to curl_easy_setopt(3) or +you unconditionally get a -1 back. + +This option is an alternative to CURLINFO_FILETIME(3) to allow systems +with 32 bit long variables to extract dates outside of the 32bit timestamp +range. + +# PROTOCOLS + +HTTP(S), FTP(S), SFTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* Ask for filetime */ + curl_easy_setopt(curl, CURLOPT_FILETIME, 1L); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + curl_off_t filetime; + res = curl_easy_getinfo(curl, CURLINFO_FILETIME_T, &filetime); + if((CURLE_OK == res) && (filetime >= 0)) { + time_t file_time = (time_t)filetime; + printf("filetime: %s", ctime(&file_time)); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.59.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_FTP_ENTRY_PATH.md b/docs/libcurl/opts/CURLINFO_FTP_ENTRY_PATH.md new file mode 100644 index 000000000..344e1f174 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_FTP_ENTRY_PATH.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_FTP_ENTRY_PATH +Section: 3 +Source: libcurl +See-also: + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_FTP_ENTRY_PATH - get entry path in FTP server + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_FTP_ENTRY_PATH, char **path); +~~~ + +# DESCRIPTION + +Pass a pointer to a char pointer to receive a pointer to a string holding the +path of the entry path. That is the initial path libcurl ended up in when +logging on to the remote FTP server. This stores a NULL as pointer if +something is wrong. + +The **path** pointer is NULL or points to private memory. You MUST NOT free +- it gets freed when you call curl_easy_cleanup(3) on the corresponding +CURL handle. + +# PROTOCOLS + +FTP(S) and SFTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com"); + + res = curl_easy_perform(curl); + + if(!res) { + /* extract the entry path */ + char *ep = NULL; + res = curl_easy_getinfo(curl, CURLINFO_FTP_ENTRY_PATH, &ep); + if(!res && ep) { + printf("Entry path was: %s\n", ep); + } + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.15.4. Works for SFTP since 7.21.4 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_HEADER_SIZE.md b/docs/libcurl/opts/CURLINFO_HEADER_SIZE.md new file mode 100644 index 000000000..67ccfc232 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_HEADER_SIZE.md @@ -0,0 +1,65 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_HEADER_SIZE +Section: 3 +Source: libcurl +See-also: + - CURLINFO_REQUEST_SIZE (3) + - CURLINFO_SIZE_DOWNLOAD (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_HEADER_SIZE - get size of retrieved headers + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_HEADER_SIZE, long *sizep); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive the total size of all the headers +received. Measured in number of bytes. + +The total includes the size of any received headers suppressed by +CURLOPT_SUPPRESS_CONNECT_HEADERS(3). + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + long size; + res = curl_easy_getinfo(curl, CURLINFO_HEADER_SIZE, &size); + if(!res) + printf("Header size: %ld bytes\n", size); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.4.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_HTTPAUTH_AVAIL.md b/docs/libcurl/opts/CURLINFO_HTTPAUTH_AVAIL.md new file mode 100644 index 000000000..574e0a52b --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_HTTPAUTH_AVAIL.md @@ -0,0 +1,77 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_HTTPAUTH_AVAIL +Section: 3 +Source: libcurl +See-also: + - CURLINFO_PROXYAUTH_AVAIL (3) + - CURLOPT_HTTPAUTH (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_HTTPAUTH_AVAIL - get available HTTP authentication methods + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_HTTPAUTH_AVAIL, long *authp); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive a bitmask indicating the authentication +method(s) available according to the previous response. The meaning of the +bits is explained in the CURLOPT_HTTPAUTH(3) option for +curl_easy_setopt(3). + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + res = curl_easy_perform(curl); + + if(!res) { + /* extract the available authentication types */ + long auth; + res = curl_easy_getinfo(curl, CURLINFO_HTTPAUTH_AVAIL, &auth); + if(!res) { + if(!auth) + printf("No auth available, perhaps no 401?\n"); + else { + printf("%s%s%s%s\n", + auth & CURLAUTH_BASIC ? "Basic ":"", + auth & CURLAUTH_DIGEST ? "Digest ":"", + auth & CURLAUTH_NEGOTIATE ? "Negotiate ":"", + auth % CURLAUTH_NTLM ? "NTLM ":""); + } + } + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added RFC 2617 in 7.10.8 +Added RFC 7616 in 7.57.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_HTTP_CONNECTCODE.md b/docs/libcurl/opts/CURLINFO_HTTP_CONNECTCODE.md new file mode 100644 index 000000000..ee3f0f65c --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_HTTP_CONNECTCODE.md @@ -0,0 +1,65 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_HTTP_CONNECTCODE +Section: 3 +Source: libcurl +See-also: + - CURLINFO_RESPONSE_CODE (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_HTTP_CONNECTCODE - get the CONNECT response code + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_HTTP_CONNECTCODE, long *p); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive the last received HTTP proxy response code +to a CONNECT request. The returned value is zero if no such response code was +available. + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* typically CONNECT is used to do HTTPS over HTTP proxies */ + curl_easy_setopt(curl, CURLOPT_PROXY, "http://127.0.0.1"); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + long code; + res = curl_easy_getinfo(curl, CURLINFO_HTTP_CONNECTCODE, &code); + if(!res && code) + printf("The CONNECT response code: %03ld\n", code); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.10.7 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_HTTP_VERSION.md b/docs/libcurl/opts/CURLINFO_HTTP_VERSION.md new file mode 100644 index 000000000..994d7712c --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_HTTP_VERSION.md @@ -0,0 +1,61 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_HTTP_VERSION +Section: 3 +Source: libcurl +See-also: + - CURLINFO_RESPONSE_CODE (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_HTTP_VERSION - get the http version used in the connection + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_HTTP_VERSION, long *p); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive the version used in the last http +connection done using this handle. The returned value is +CURL_HTTP_VERSION_1_0, CURL_HTTP_VERSION_1_1, CURL_HTTP_VERSION_2_0, +CURL_HTTP_VERSION_3 or 0 if the version cannot be determined. + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + long http_version; + curl_easy_getinfo(curl, CURLINFO_HTTP_VERSION, &http_version); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.50.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_LASTSOCKET.md b/docs/libcurl/opts/CURLINFO_LASTSOCKET.md new file mode 100644 index 000000000..b1619ebdb --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_LASTSOCKET.md @@ -0,0 +1,77 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_LASTSOCKET +Section: 3 +Source: libcurl +See-also: + - CURLINFO_ACTIVESOCKET (3) + - CURLOPT_CONNECT_ONLY (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_LASTSOCKET - get the last socket used + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_LASTSOCKET, long *socket); +~~~ + +# DESCRIPTION + +Deprecated since 7.45.0. Use CURLINFO_ACTIVESOCKET(3) instead. + +Pass a pointer to a long to receive the last socket used by this curl +session. If the socket is no longer valid, -1 is returned. When you finish +working with the socket, you must call curl_easy_cleanup(3) as usual and +let libcurl close the socket and cleanup other resources associated with the +handle. This is typically used in combination with +CURLOPT_CONNECT_ONLY(3). + +NOTE: this API is deprecated since it is not working on win64 where the SOCKET +type is 64 bits large while its 'long' is 32 bits. Use the +CURLINFO_ACTIVESOCKET(3) instead, if possible. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + long sockfd; /* does not work on win64! */ + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Do not do the transfer - only connect to host */ + curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L); + res = curl_easy_perform(curl); + + /* Extract the socket from the curl handle */ + res = curl_easy_getinfo(curl, CURLINFO_LASTSOCKET, &sockfd); + + if(res != CURLE_OK) { + printf("Error: %s\n", curl_easy_strerror(res)); + return 1; + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.15.2 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_LOCAL_IP.md b/docs/libcurl/opts/CURLINFO_LOCAL_IP.md new file mode 100644 index 000000000..e70d0cf04 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_LOCAL_IP.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_LOCAL_IP +Section: 3 +Source: libcurl +See-also: + - CURLINFO_LOCAL_PORT (3) + - CURLINFO_PRIMARY_IP (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_LOCAL_IP - get local IP address of last connection + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_LOCAL_IP, char **ip); +~~~ + +# DESCRIPTION + +Pass a pointer to a char pointer to receive the pointer to a null-terminated +string holding the IP address of the local end of most recent connection done +with this **curl** handle. This string may be IPv6 when that is +enabled. Note that you get a pointer to a memory area that is reused at next +request so you need to copy the string if you want to keep the information. + +The **ip** pointer is NULL or points to private memory. You MUST NOT free - +it gets freed when you call curl_easy_cleanup(3) on the corresponding +CURL handle. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + char *ip; + CURLcode res; + CURL *curl = curl_easy_init(); + + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Perform the transfer */ + res = curl_easy_perform(curl); + /* Check for errors */ + if((res == CURLE_OK) && + !curl_easy_getinfo(curl, CURLINFO_LOCAL_IP, &ip) && ip) { + printf("Local IP: %s\n", ip); + } + + /* always cleanup */ + curl_easy_cleanup(curl); +} +~~~ + +# AVAILABILITY + +Added in 7.21.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_LOCAL_PORT.md b/docs/libcurl/opts/CURLINFO_LOCAL_PORT.md new file mode 100644 index 000000000..055fc2ee0 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_LOCAL_PORT.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_LOCAL_PORT +Section: 3 +Source: libcurl +See-also: + - CURLINFO_LOCAL_IP (3) + - CURLINFO_PRIMARY_PORT (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_LOCAL_PORT - get the latest local port number + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_LOCAL_PORT, long *portp); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive the local port number of the most recent +connection done with this **curl** handle. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl; + CURLcode res; + + curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + res = curl_easy_perform(curl); + + if(CURLE_OK == res) { + long port; + res = curl_easy_getinfo(curl, CURLINFO_LOCAL_PORT, &port); + + if(CURLE_OK == res) { + printf("We used local port: %ld\n", port); + } + } + curl_easy_cleanup(curl); + } + return 0; +} +~~~ + +# AVAILABILITY + +Added in 7.21.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME.md b/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME.md new file mode 100644 index 000000000..8cf425e0f --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_NAMELOOKUP_TIME +Section: 3 +Source: libcurl +See-also: + - CURLINFO_NAMELOOKUP_TIME_T (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_NAMELOOKUP_TIME - get the name lookup time + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_NAMELOOKUP_TIME, + double *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a double to receive the total time in seconds from the start +until the name resolving was completed. + +When a redirect is followed, the time from each request is added together. + +See also the TIMES overview in the curl_easy_getinfo(3) man page. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + double namelookup; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + res = curl_easy_getinfo(curl, CURLINFO_NAMELOOKUP_TIME, &namelookup); + if(CURLE_OK == res) { + printf("Time: %.1f", namelookup); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.4.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME_T.md b/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME_T.md new file mode 100644 index 000000000..a3fd4dd84 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_NAMELOOKUP_TIME_T.md @@ -0,0 +1,69 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_NAMELOOKUP_TIME_T +Section: 3 +Source: libcurl +See-also: + - CURLINFO_NAMELOOKUP_TIME (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_NAMELOOKUP_TIME_T - get the name lookup time in microseconds + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_NAMELOOKUP_TIME_T, + curl_off_t *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_off_t to receive the total time in microseconds +from the start until the name resolving was completed. + +When a redirect is followed, the time from each request is added together. + +See also the TIMES overview in the curl_easy_getinfo(3) man page. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_off_t namelookup; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + res = curl_easy_getinfo(curl, CURLINFO_NAMELOOKUP_TIME_T, &namelookup); + if(CURLE_OK == res) { + printf("Time: %" CURL_FORMAT_CURL_OFF_T ".%06ld", namelookup / 1000000, + (long)(namelookup % 1000000)); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.61.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_NUM_CONNECTS.md b/docs/libcurl/opts/CURLINFO_NUM_CONNECTS.md new file mode 100644 index 000000000..5127a0a32 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_NUM_CONNECTS.md @@ -0,0 +1,65 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_NUM_CONNECTS +Section: 3 +Source: libcurl +See-also: + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_NUM_CONNECTS - get number of created connections + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_NUM_CONNECTS, long *nump); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive how many new connections libcurl had to +create to achieve the previous transfer (only the successful connects are +counted). Combined with CURLINFO_REDIRECT_COUNT(3) you are able to know how +many times libcurl successfully reused existing connection(s) or not. See the +connection options of curl_easy_setopt(3) to see how libcurl tries to make +persistent connections to save time. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + long connects; + res = curl_easy_getinfo(curl, CURLINFO_NUM_CONNECTS, &connects); + if(res) + printf("It needed %ld connects\n", connects); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.12.3 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_OS_ERRNO.md b/docs/libcurl/opts/CURLINFO_OS_ERRNO.md new file mode 100644 index 000000000..3fb69b43c --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_OS_ERRNO.md @@ -0,0 +1,62 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_OS_ERRNO +Section: 3 +Source: libcurl +See-also: + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_OS_ERRNO - get errno number from last connect failure + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_OS_ERRNO, long *errnop); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive the errno variable from a connect failure. +Note that the value is only set on failure, it is not reset upon a successful +operation. The number is OS and system specific. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(res != CURLE_OK) { + long error; + res = curl_easy_getinfo(curl, CURLINFO_OS_ERRNO, &error); + if(res && error) { + printf("Errno: %ld\n", error); + } + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.12.2 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME.md b/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME.md new file mode 100644 index 000000000..8eda23a3c --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME.md @@ -0,0 +1,73 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_PRETRANSFER_TIME +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CONNECT_TIME_T (3) + - CURLINFO_PRETRANSFER_TIME_T (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_PRETRANSFER_TIME - get the time until the file transfer start + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_PRETRANSFER_TIME, + double *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a double to receive the time, in seconds, it took from the +start until the file transfer is just about to begin. + +This time-stamp includes all pre-transfer commands and negotiations that are +specific to the particular protocol(s) involved. It includes the sending of +the protocol-specific instructions that trigger a transfer. + +When a redirect is followed, the time from each request is added together. + +See also the TIMES overview in the curl_easy_getinfo(3) man page. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + double pretransfer; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + res = curl_easy_getinfo(curl, CURLINFO_PRETRANSFER_TIME, &pretransfer); + if(CURLE_OK == res) { + printf("Time: %.1f", pretransfer); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.4.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME_T.md b/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME_T.md new file mode 100644 index 000000000..50c515f3a --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_PRETRANSFER_TIME_T.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_PRETRANSFER_TIME_T +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CONNECT_TIME (3) + - CURLINFO_PRETRANSFER_TIME_T (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_PRETRANSFER_TIME_T - get the time until the file transfer start + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_PRETRANSFER_TIME_T, + curl_off_t *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_off_t to receive the time, in microseconds, it took +from the start until the file transfer is just about to begin. + +This time-stamp includes all pre-transfer commands and negotiations that are +specific to the particular protocol(s) involved. It includes the sending of +the protocol-specific instructions that trigger a transfer. + +When a redirect is followed, the time from each request is added together. + +See also the TIMES overview in the curl_easy_getinfo(3) man page. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_off_t pretransfer; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + res = curl_easy_getinfo(curl, CURLINFO_PRETRANSFER_TIME_T, &pretransfer); + if(CURLE_OK == res) { + printf("Time: %" CURL_FORMAT_CURL_OFF_T ".%06ld\n", + pretransfer / 1000000, + (long)(pretransfer % 1000000)); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.61.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_PRIMARY_IP.md b/docs/libcurl/opts/CURLINFO_PRIMARY_IP.md new file mode 100644 index 000000000..115113f3f --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_PRIMARY_IP.md @@ -0,0 +1,73 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_PRIMARY_IP +Section: 3 +Source: libcurl +See-also: + - CURLINFO_LOCAL_IP (3) + - CURLINFO_LOCAL_PORT (3) + - CURLINFO_PRIMARY_PORT (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_PRIMARY_IP - get IP address of last connection + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_PRIMARY_IP, char **ip); +~~~ + +# DESCRIPTION + +Pass a pointer to a char pointer to receive the pointer to a null-terminated +string holding the IP address of the most recent connection done with this +**curl** handle. This string may be IPv6 when that is enabled. Note that you +get a pointer to a memory area that is reused at next request so you need to +copy the string if you want to keep the information. + +The **ip** pointer is NULL or points to private memory. You MUST NOT free - +it gets freed when you call curl_easy_cleanup(3) on the corresponding +CURL handle. + +# PROTOCOLS + +All network based ones + +# EXAMPLE + +~~~c +int main(void) +{ + char *ip; + CURLcode res; + CURL *curl = curl_easy_init(); + + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Perform the transfer */ + res = curl_easy_perform(curl); + /* Check for errors */ + if((res == CURLE_OK) && + !curl_easy_getinfo(curl, CURLINFO_PRIMARY_IP, &ip) && ip) { + printf("IP: %s\n", ip); + } + + /* always cleanup */ + curl_easy_cleanup(curl); +} +~~~ + +# AVAILABILITY + +Added in 7.19.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_PRIMARY_PORT.md b/docs/libcurl/opts/CURLINFO_PRIMARY_PORT.md new file mode 100644 index 000000000..3d90b64ed --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_PRIMARY_PORT.md @@ -0,0 +1,67 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_PRIMARY_PORT +Section: 3 +Source: libcurl +See-also: + - CURLINFO_LOCAL_PORT (3) + - CURLINFO_PRIMARY_IP (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_PRIMARY_PORT - get the latest destination port number + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_PRIMARY_PORT, long *portp); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive the destination port of the most recent +connection done with this **curl** handle. + +This is the destination port of the actual TCP or UDP connection libcurl used. +If a proxy was used for the most recent transfer, this is the port number of +the proxy, if no proxy was used it is the port number of the most recently +accessed URL. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + long port; + res = curl_easy_getinfo(curl, CURLINFO_PRIMARY_PORT, &port); + if(!res) + printf("Connected to remote port: %ld\n", port); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.21.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_PRIVATE.md b/docs/libcurl/opts/CURLINFO_PRIVATE.md new file mode 100644 index 000000000..127049f7e --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_PRIVATE.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_PRIVATE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PRIVATE (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_PRIVATE - get the private pointer + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_PRIVATE, char **private); +~~~ + +# DESCRIPTION + +Pass a pointer to a char pointer to receive the pointer to the private data +associated with the curl handle (set with the CURLOPT_PRIVATE(3)). +Please note that for internal reasons, the value is returned as a char +pointer, although effectively being a 'void *'. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + void *pointer = (void *)0x2345454; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + + /* set the private pointer */ + curl_easy_setopt(curl, CURLOPT_PRIVATE, pointer); + res = curl_easy_perform(curl); + + /* extract the private pointer again */ + res = curl_easy_getinfo(curl, CURLINFO_PRIVATE, &pointer); + + if(res) + printf("error: %s\n", curl_easy_strerror(res)); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.10.3 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_PROTOCOL.md b/docs/libcurl/opts/CURLINFO_PROTOCOL.md new file mode 100644 index 000000000..9dfb2970f --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_PROTOCOL.md @@ -0,0 +1,73 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_PROTOCOL +Section: 3 +Source: libcurl +See-also: + - CURLINFO_RESPONSE_CODE (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_PROTOCOL - get the protocol used in the connection + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_PROTOCOL, long *p); +~~~ + +# DESCRIPTION + +This option is deprecated. We strongly recommend using +CURLINFO_SCHEME(3) instead, because this option cannot return all +possible protocols! + +Pass a pointer to a long to receive the version used in the last http +connection. The returned value is set to one of the CURLPROTO_* values: + +~~~c +CURLPROTO_DICT, CURLPROTO_FILE, CURLPROTO_FTP, CURLPROTO_FTPS, +CURLPROTO_GOPHER, CURLPROTO_HTTP, CURLPROTO_HTTPS, CURLPROTO_IMAP, +CURLPROTO_IMAPS, CURLPROTO_LDAP, CURLPROTO_LDAPS, CURLPROTO_POP3, +CURLPROTO_POP3S, CURLPROTO_RTMP, CURLPROTO_RTMPE, CURLPROTO_RTMPS, +CURLPROTO_RTMPT, CURLPROTO_RTMPTE, CURLPROTO_RTMPTS, CURLPROTO_RTSP, +CURLPROTO_SCP, CURLPROTO_SFTP, CURLPROTO_SMB, CURLPROTO_SMBS, CURLPROTO_SMTP, +CURLPROTO_SMTPS, CURLPROTO_TELNET, CURLPROTO_TFTP, CURLPROTO_MQTT +~~~ + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + long protocol; + curl_easy_getinfo(curl, CURLINFO_PROTOCOL, &protocol); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0. Deprecated since 7.85.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_PROXYAUTH_AVAIL.md b/docs/libcurl/opts/CURLINFO_PROXYAUTH_AVAIL.md new file mode 100644 index 000000000..0e9dbdcb5 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_PROXYAUTH_AVAIL.md @@ -0,0 +1,78 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_PROXYAUTH_AVAIL +Section: 3 +Source: libcurl +See-also: + - CURLINFO_HTTPAUTH_AVAIL (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_PROXYAUTH_AVAIL - get available HTTP proxy authentication methods + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_PROXYAUTH_AVAIL, + long *authp); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive a bitmask indicating the authentication +method(s) available according to the previous response. The meaning of the +bits is explained in the CURLOPT_PROXYAUTH(3) option for +curl_easy_setopt(3). + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_PROXY, "http://127.0.0.1:80"); + + res = curl_easy_perform(curl); + + if(!res) { + /* extract the available proxy authentication types */ + long auth; + res = curl_easy_getinfo(curl, CURLINFO_PROXYAUTH_AVAIL, &auth); + if(!res) { + if(!auth) + printf("No proxy auth available, perhaps no 407?\n"); + else { + printf("%s%s%s%s\n", + auth & CURLAUTH_BASIC ? "Basic ":"", + auth & CURLAUTH_DIGEST ? "Digest ":"", + auth & CURLAUTH_NEGOTIATE ? "Negotiate ":"", + auth % CURLAUTH_NTLM ? "NTLM ":""); + } + } + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added RFC 2617 in 7.10.8 +Added RFC 7616 in 7.57.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_PROXY_ERROR.md b/docs/libcurl/opts/CURLINFO_PROXY_ERROR.md new file mode 100644 index 000000000..01113c740 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_PROXY_ERROR.md @@ -0,0 +1,105 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_PROXY_ERROR +Section: 3 +Source: libcurl +See-also: + - CURLINFO_RESPONSE_CODE (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) + - libcurl-errors (3) +--- + +# NAME + +CURLINFO_PROXY_ERROR - get the detailed (SOCKS) proxy error + +# SYNOPSIS + +~~~c +#include + +typedef enum { + CURLPX_OK, + CURLPX_BAD_ADDRESS_TYPE, + CURLPX_BAD_VERSION, + CURLPX_CLOSED, + CURLPX_GSSAPI, + CURLPX_GSSAPI_PERMSG, + CURLPX_GSSAPI_PROTECTION, + CURLPX_IDENTD, + CURLPX_IDENTD_DIFFER, + CURLPX_LONG_HOSTNAME, + CURLPX_LONG_PASSWD, + CURLPX_LONG_USER, + CURLPX_NO_AUTH, + CURLPX_RECV_ADDRESS, + CURLPX_RECV_AUTH, + CURLPX_RECV_CONNECT, + CURLPX_RECV_REQACK, + CURLPX_REPLY_ADDRESS_TYPE_NOT_SUPPORTED, + CURLPX_REPLY_COMMAND_NOT_SUPPORTED, + CURLPX_REPLY_CONNECTION_REFUSED, + CURLPX_REPLY_GENERAL_SERVER_FAILURE, + CURLPX_REPLY_HOST_UNREACHABLE, + CURLPX_REPLY_NETWORK_UNREACHABLE, + CURLPX_REPLY_NOT_ALLOWED, + CURLPX_REPLY_TTL_EXPIRED, + CURLPX_REPLY_UNASSIGNED, + CURLPX_REQUEST_FAILED, + CURLPX_RESOLVE_HOST, + CURLPX_SEND_AUTH, + CURLPX_SEND_CONNECT, + CURLPX_SEND_REQUEST, + CURLPX_UNKNOWN_FAIL, + CURLPX_UNKNOWN_MODE, + CURLPX_USER_REJECTED, + CURLPX_LAST /* never use */ +} CURLproxycode; + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_PROXY_ERROR, long *detail); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive a detailed error code when the most recent +transfer returned a **CURLE_PROXY** error. That error code matches the +**CURLproxycode** set. + +The error code is zero (**CURLPX_OK**) if no response code was available. + +# PROTOCOLS + +All that can be done over SOCKS + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + curl_easy_setopt(curl, CURLOPT_PROXY, "socks5://127.0.0.1"); + res = curl_easy_perform(curl); + if(res == CURLE_PROXY) { + long proxycode; + res = curl_easy_getinfo(curl, CURLINFO_PROXY_ERROR, &proxycode); + if(!res && proxycode) + printf("The detailed proxy error: %ld\n", proxycode); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.73.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_PROXY_SSL_VERIFYRESULT.md b/docs/libcurl/opts/CURLINFO_PROXY_SSL_VERIFYRESULT.md new file mode 100644 index 000000000..d97f5e78e --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_PROXY_SSL_VERIFYRESULT.md @@ -0,0 +1,64 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_PROXY_SSL_VERIFYRESULT +Section: 3 +Source: libcurl +See-also: + - CURLINFO_SSL_VERIFYRESULT (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_PROXY_SSL_VERIFYRESULT - get the result of the proxy certificate verification + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_PROXY_SSL_VERIFYRESULT, + long *result); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive the result of the certificate verification +that was requested (using the CURLOPT_PROXY_SSL_VERIFYPEER(3) +option. This is only used for HTTPS proxies. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + long verifyresult; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy:443"); + res = curl_easy_perform(curl); + if(res) + printf("error: %s\n", curl_easy_strerror(res)); + curl_easy_getinfo(curl, CURLINFO_PROXY_SSL_VERIFYRESULT, &verifyresult); + printf("The peer verification said %s\n", verifyresult? + "fine" : "bad"); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_QUEUE_TIME_T.md b/docs/libcurl/opts/CURLINFO_QUEUE_TIME_T.md new file mode 100644 index 000000000..00454e752 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_QUEUE_TIME_T.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_QUEUE_TIME_T +Section: 3 +Source: libcurl +See-also: + - CURLINFO_STARTTRANSFER_TIME_T (3) + - CURLOPT_TIMEOUT (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_QUEUE_TIME_T - time this transfer was queued + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_QUEUE_TIME_T, + curl_off_t *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_off_t to receive the time, in microseconds, this +transfer was held in a waiting queue before it started "for real". A transfer +might be put in a queue if after getting started, it cannot create a new +connection etc due to set conditions and limits imposed by the application. + +See also the TIMES overview in the curl_easy_getinfo(3) man page. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_off_t queue; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + res = curl_easy_getinfo(curl, CURLINFO_QUEUE_TIME_T, &queue); + if(CURLE_OK == res) { + printf("Queued: %" CURL_FORMAT_CURL_OFF_T ".%06ld us", queue / 1000000, + (long)(queue % 1000000)); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 8.6.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_REDIRECT_COUNT.md b/docs/libcurl/opts/CURLINFO_REDIRECT_COUNT.md new file mode 100644 index 000000000..aa75bdb22 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_REDIRECT_COUNT.md @@ -0,0 +1,62 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_REDIRECT_COUNT +Section: 3 +Source: libcurl +See-also: + - CURLINFO_REDIRECT_URL (3) + - CURLOPT_FOLLOWLOCATION (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_REDIRECT_COUNT - get the number of redirects + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_REDIRECT_COUNT, + long *countp); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive the total number of redirections that were +actually followed. + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + long redirects; + curl_easy_getinfo(curl, CURLINFO_REDIRECT_COUNT, &redirects); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.9.7 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_REDIRECT_TIME.md b/docs/libcurl/opts/CURLINFO_REDIRECT_TIME.md new file mode 100644 index 000000000..26d9af2a0 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_REDIRECT_TIME.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_REDIRECT_TIME +Section: 3 +Source: libcurl +See-also: + - CURLINFO_REDIRECT_COUNT (3) + - CURLINFO_REDIRECT_TIME_T (3) + - CURLINFO_REDIRECT_URL (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_REDIRECT_TIME - get the time for all redirection steps + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_REDIRECT_TIME, + double *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a double to receive the total time, in seconds, it took for +all redirection steps include name lookup, connect, pretransfer and transfer +before final transaction was started. CURLINFO_REDIRECT_TIME(3) contains +the complete execution time for multiple redirections. + +See also the TIMES overview in the curl_easy_getinfo(3) man page. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + double redirect; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + res = curl_easy_getinfo(curl, CURLINFO_REDIRECT_TIME, &redirect); + if(CURLE_OK == res) { + printf("Time: %.1f", redirect); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.9.7 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_REDIRECT_TIME_T.md b/docs/libcurl/opts/CURLINFO_REDIRECT_TIME_T.md new file mode 100644 index 000000000..f4ee71089 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_REDIRECT_TIME_T.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_REDIRECT_TIME_T +Section: 3 +Source: libcurl +See-also: + - CURLINFO_REDIRECT_COUNT (3) + - CURLINFO_REDIRECT_TIME (3) + - CURLINFO_REDIRECT_URL (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_REDIRECT_TIME_T - get the time for all redirection steps + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_REDIRECT_TIME_T, + curl_off_t *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_off_t to receive the total time, in microseconds, it +took for all redirection steps include name lookup, connect, pretransfer and +transfer before final transaction was started. +CURLINFO_REDIRECT_TIME_T(3) holds the complete execution time for +multiple redirections. + +See also the TIMES overview in the curl_easy_getinfo(3) man page. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_off_t redirect; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + res = curl_easy_getinfo(curl, CURLINFO_REDIRECT_TIME_T, &redirect); + if(CURLE_OK == res) { + printf("Time: %" CURL_FORMAT_CURL_OFF_T ".%06ld", redirect / 1000000, + (long)(redirect % 1000000)); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.61.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_REDIRECT_URL.md b/docs/libcurl/opts/CURLINFO_REDIRECT_URL.md new file mode 100644 index 000000000..8d7fc5c10 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_REDIRECT_URL.md @@ -0,0 +1,69 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_REDIRECT_URL +Section: 3 +Source: libcurl +See-also: + - CURLINFO_REDIRECT_COUNT (3) + - CURLINFO_REDIRECT_TIME_T (3) + - CURLOPT_FOLLOWLOCATION (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_REDIRECT_URL - get the URL a redirect would go to + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_REDIRECT_URL, char **urlp); +~~~ + +# DESCRIPTION + +Pass a pointer to a char pointer to receive the URL a redirect *would* +take you to if you would enable CURLOPT_FOLLOWLOCATION(3). This can come +handy if you think using the built-in libcurl redirect logic is not good enough +for you but you would still prefer to avoid implementing all the magic of +figuring out the new URL. + +This URL is also set if the CURLOPT_MAXREDIRS(3) limit prevented a +redirect to happen (since 7.54.1). + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + char *url = NULL; + curl_easy_getinfo(curl, CURLINFO_REDIRECT_URL, &url); + if(url) + printf("Redirect to: %s\n", url); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.18.2 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_REFERER.md b/docs/libcurl/opts/CURLINFO_REFERER.md new file mode 100644 index 000000000..fabc652a7 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_REFERER.md @@ -0,0 +1,67 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_REFERER +Section: 3 +Source: libcurl +See-also: + - CURLOPT_REFERER (3) + - curl_easy_getinfo (3) + - curl_easy_header (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_REFERER - get the used referrer request header + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_REFERER, char **hdrp); +~~~ + +# DESCRIPTION + +Pass in a pointer to a char pointer and get the referrer header used in the +most recent request. + +The **hdrp** pointer is NULL or points to private memory you MUST NOT free - +it gets freed when you call curl_easy_cleanup(3) on the corresponding +CURL handle. + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_REFERER, "https://example.org/referrer"); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + char *hdr = NULL; + curl_easy_getinfo(curl, CURLINFO_REFERER, &hdr); + if(hdr) + printf("Referrer header: %s\n", hdr); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.76.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_REQUEST_SIZE.md b/docs/libcurl/opts/CURLINFO_REQUEST_SIZE.md new file mode 100644 index 000000000..444f4ec23 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_REQUEST_SIZE.md @@ -0,0 +1,63 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_REQUEST_SIZE +Section: 3 +Source: libcurl +See-also: + - CURLINFO_HEADER_SIZE (3) + - CURLINFO_SIZE_DOWNLOAD_T (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_REQUEST_SIZE - get size of sent request + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_REQUEST_SIZE, long *sizep); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive the total size of the issued +requests. This is so far only for HTTP requests. Note that this may be more +than one request if CURLOPT_FOLLOWLOCATION(3) is enabled. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + long req; + res = curl_easy_getinfo(curl, CURLINFO_REQUEST_SIZE, &req); + if(!res) + printf("Request size: %ld bytes\n", req); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.4.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_RESPONSE_CODE.md b/docs/libcurl/opts/CURLINFO_RESPONSE_CODE.md new file mode 100644 index 000000000..43cf8378d --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_RESPONSE_CODE.md @@ -0,0 +1,65 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_RESPONSE_CODE +Section: 3 +Source: libcurl +See-also: + - CURLINFO_HTTP_CONNECTCODE (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_RESPONSE_CODE - get the last response code + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_RESPONSE_CODE, long *codep); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive the last received HTTP, FTP, SMTP or LDAP +(OpenLDAP only) response code. This option was previously known as +CURLINFO_HTTP_CODE in libcurl 7.10.7 and earlier. The stored value is zero if +no server response code has been received. + +Note that a proxy's CONNECT response should be read with +CURLINFO_HTTP_CONNECTCODE(3) and not this. + +# PROTOCOLS + +HTTP, FTP, SMTP and LDAP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + long response_code; + curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response_code); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.10.8. CURLINFO_HTTP_CODE was added in 7.4.1. +Support for SMTP responses added in 7.25.0, for OpenLDAP in 7.81.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_RETRY_AFTER.md b/docs/libcurl/opts/CURLINFO_RETRY_AFTER.md new file mode 100644 index 000000000..adc120077 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_RETRY_AFTER.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_RETRY_AFTER +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HEADERFUNCTION (3) + - CURLOPT_STDERR (3) + - curl_easy_header (3) +--- + +# NAME + +CURLINFO_RETRY_AFTER - returns the Retry-After retry delay + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_RETRY_AFTER, + curl_off_t *retry); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_off_t variable to receive the number of seconds the +HTTP server suggests the client should wait until the next request is +issued. The information from the "Retry-After:" header. + +While the HTTP header might contain a fixed date string, the +CURLINFO_RETRY_AFTER(3) always returns the number of seconds to wait - +or zero if there was no header or the header could not be parsed. + +# DEFAULT + +Returns zero delay if there was no header. + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + curl_off_t wait = 0; + curl_easy_getinfo(curl, CURLINFO_RETRY_AFTER, &wait); + if(wait) + printf("Wait for %" CURL_FORMAT_CURL_OFF_T " seconds\n", wait); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.66.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_RTSP_CLIENT_CSEQ.md b/docs/libcurl/opts/CURLINFO_RTSP_CLIENT_CSEQ.md new file mode 100644 index 000000000..8b515b427 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_RTSP_CLIENT_CSEQ.md @@ -0,0 +1,61 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_RTSP_CLIENT_CSEQ +Section: 3 +Source: libcurl +See-also: + - CURLINFO_RTSP_CSEQ_RECV (3) + - CURLINFO_RTSP_SERVER_CSEQ (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_RTSP_CLIENT_CSEQ - get the next RTSP client CSeq + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_RTSP_CLIENT_CSEQ, + long *cseq); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive the next CSeq that is expected to be used +by the application. + +# PROTOCOLS + +RTSP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "rtsp://rtsp.example.com"); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + long cseq; + curl_easy_getinfo(curl, CURLINFO_RTSP_CLIENT_CSEQ, &cseq); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.20.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_RTSP_CSEQ_RECV.md b/docs/libcurl/opts/CURLINFO_RTSP_CSEQ_RECV.md new file mode 100644 index 000000000..9eb813aa4 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_RTSP_CSEQ_RECV.md @@ -0,0 +1,61 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_RTSP_CSEQ_RECV +Section: 3 +Source: libcurl +See-also: + - CURLINFO_RTSP_SERVER_CSEQ (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_RTSP_CSEQ_RECV - get the recently received CSeq + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_RTSP_CSEQ_RECV, long *cseq); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive the most recently received CSeq from the +server. If your application encounters a *CURLE_RTSP_CSEQ_ERROR* then you +may wish to troubleshoot and/or fix the CSeq mismatch by peeking at this +value. + +# PROTOCOLS + +RTSP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "rtsp://rtsp.example.com"); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + long cseq; + curl_easy_getinfo(curl, CURLINFO_RTSP_CSEQ_RECV, &cseq); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.20.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_RTSP_SERVER_CSEQ.md b/docs/libcurl/opts/CURLINFO_RTSP_SERVER_CSEQ.md new file mode 100644 index 000000000..7826f8a3c --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_RTSP_SERVER_CSEQ.md @@ -0,0 +1,65 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_RTSP_SERVER_CSEQ +Section: 3 +Source: libcurl +See-also: + - CURLINFO_RTSP_CSEQ_RECV (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_RTSP_SERVER_CSEQ - get the next RTSP server CSeq + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_RTSP_SERVER_CSEQ, + long *cseq); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive the next CSeq that is expected to be used +by the application. + +Listening for server initiated requests is not implemented! + +Applications wishing to resume an RTSP session on another connection should +retrieve this info before closing the active connection. + +# PROTOCOLS + +RTSP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "rtsp://rtsp.example.com"); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + long cseq; + curl_easy_getinfo(curl, CURLINFO_RTSP_SERVER_CSEQ, &cseq); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.20.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_RTSP_SESSION_ID.md b/docs/libcurl/opts/CURLINFO_RTSP_SESSION_ID.md new file mode 100644 index 000000000..402a122f8 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_RTSP_SESSION_ID.md @@ -0,0 +1,66 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_RTSP_SESSION_ID +Section: 3 +Source: libcurl +See-also: + - CURLINFO_RTSP_CSEQ_RECV (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_RTSP_SESSION_ID - get RTSP session ID + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_RTSP_SESSION_ID, char **id); +~~~ + +# DESCRIPTION + +Pass a pointer to a char pointer to receive a pointer to a string holding the +most recent RTSP Session ID. + +Applications wishing to resume an RTSP session on another connection should +retrieve this info before closing the active connection. + +The **id** pointer is NULL or points to private memory. You MUST NOT free - +it gets freed when you call curl_easy_cleanup(3) on the corresponding +CURL handle. + +# PROTOCOLS + +RTSP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "rtsp://rtsp.example.com"); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + char *id; + curl_easy_getinfo(curl, CURLINFO_RTSP_SESSION_ID, &id); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.20.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_SCHEME.md b/docs/libcurl/opts/CURLINFO_SCHEME.md new file mode 100644 index 000000000..db567fc98 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_SCHEME.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_SCHEME +Section: 3 +Source: libcurl +See-also: + - CURLINFO_EFFECTIVE_URL (3) + - CURLINFO_PROTOCOL (3) + - CURLINFO_RESPONSE_CODE (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_SCHEME - get the URL scheme (sometimes called protocol) used in the connection + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_SCHEME, char **scheme); +~~~ + +# DESCRIPTION + +Pass a pointer to a char pointer to receive the pointer to a null-terminated +string holding the URL scheme used for the most recent connection done with +this CURL **handle**. + +The **scheme** pointer is NULL or points to private memory. You MUST NOT +free - it gets freed when you call curl_easy_cleanup(3) on the +corresponding CURL handle. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(res == CURLE_OK) { + char *scheme = NULL; + curl_easy_getinfo(curl, CURLINFO_SCHEME, &scheme); + if(scheme) + printf("scheme: %s\n", scheme); /* scheme: HTTP */ + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD.md b/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD.md new file mode 100644 index 000000000..ff19908cf --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD.md @@ -0,0 +1,73 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_SIZE_DOWNLOAD +Section: 3 +Source: libcurl +See-also: + - CURLINFO_SIZE_DOWNLOAD_T (3) + - CURLINFO_SIZE_UPLOAD_T (3) + - CURLOPT_MAXFILESIZE (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_SIZE_DOWNLOAD - get the number of downloaded bytes + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_SIZE_DOWNLOAD, double *dlp); +~~~ + +# DESCRIPTION + +Pass a pointer to a double to receive the total amount of bytes that were +downloaded. The amount is only for the latest transfer and gets reset again +for each new transfer. This counts actual payload data, what's also commonly +called body. All meta and header data is excluded and not included in this +number. + +CURLINFO_SIZE_DOWNLOAD_T(3) is a newer replacement that returns a more +sensible variable type. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Perform the request */ + res = curl_easy_perform(curl); + + if(!res) { + /* check the size */ + double dl; + res = curl_easy_getinfo(curl, CURLINFO_SIZE_DOWNLOAD, &dl); + if(!res) { + printf("Downloaded %.0f bytes\n", dl); + } + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.4.1. Deprecated since 7.55.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD_T.md b/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD_T.md new file mode 100644 index 000000000..f5468db9d --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_SIZE_DOWNLOAD_T.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_SIZE_DOWNLOAD_T +Section: 3 +Source: libcurl +See-also: + - CURLINFO_SIZE_DOWNLOAD (3) + - CURLINFO_SIZE_UPLOAD_T (3) + - CURLOPT_MAXFILESIZE (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_SIZE_DOWNLOAD_T - get the number of downloaded bytes + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_SIZE_DOWNLOAD_T, + curl_off_t *dlp); +~~~ + +# DESCRIPTION + +Pass a pointer to a *curl_off_t* to receive the total amount of bytes that +were downloaded. The amount is only for the latest transfer and gets reset +again for each new transfer. This counts actual payload data, what's also +commonly called body. All meta and header data is excluded from this amount. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Perform the request */ + res = curl_easy_perform(curl); + + if(!res) { + /* check the size */ + curl_off_t dl; + res = curl_easy_getinfo(curl, CURLINFO_SIZE_DOWNLOAD_T, &dl); + if(!res) { + printf("Downloaded %" CURL_FORMAT_CURL_OFF_T " bytes\n", dl); + } + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.55.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD.md b/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD.md new file mode 100644 index 000000000..175fe718d --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD.md @@ -0,0 +1,69 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_SIZE_UPLOAD +Section: 3 +Source: libcurl +See-also: + - CURLINFO_SIZE_DOWNLOAD_T (3) + - CURLINFO_SIZE_UPLOAD_T (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_SIZE_UPLOAD - get the number of uploaded bytes + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_SIZE_UPLOAD, + double *uploadp); +~~~ + +# DESCRIPTION + +Pass a pointer to a double to receive the total amount of bytes that were +uploaded. + +CURLINFO_SIZE_UPLOAD_T(3) is a newer replacement that returns a more +sensible variable type. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Perform the request */ + res = curl_easy_perform(curl); + + if(!res) { + double ul; + res = curl_easy_getinfo(curl, CURLINFO_SIZE_UPLOAD, &ul); + if(!res) { + printf("Uploaded %.0f bytes\n", ul); + } + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.4.1. Deprecated since 7.55.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD_T.md b/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD_T.md new file mode 100644 index 000000000..29874f9fd --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_SIZE_UPLOAD_T.md @@ -0,0 +1,66 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_SIZE_UPLOAD_T +Section: 3 +Source: libcurl +See-also: + - CURLINFO_SIZE_DOWNLOAD_T (3) + - CURLINFO_SIZE_UPLOAD (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_SIZE_UPLOAD_T - get the number of uploaded bytes + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_SIZE_UPLOAD_T, + curl_off_t *uploadp); +~~~ + +# DESCRIPTION + +Pass a pointer to a *curl_off_t* to receive the total amount of bytes that +were uploaded. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Perform the request */ + res = curl_easy_perform(curl); + + if(!res) { + curl_off_t ul; + res = curl_easy_getinfo(curl, CURLINFO_SIZE_UPLOAD_T, &ul); + if(!res) { + printf("Uploaded %" CURL_FORMAT_CURL_OFF_T " bytes\n", ul); + } + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.55.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD.md b/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD.md new file mode 100644 index 000000000..fe0766939 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD.md @@ -0,0 +1,67 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_SPEED_DOWNLOAD +Section: 3 +Source: libcurl +See-also: + - CURLINFO_SIZE_UPLOAD_T (3) + - CURLINFO_SPEED_UPLOAD (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_SPEED_DOWNLOAD - get download speed + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_SPEED_DOWNLOAD, + double *speed); +~~~ + +# DESCRIPTION + +Pass a pointer to a double to receive the average download speed that curl +measured for the complete download. Measured in bytes/second. + +CURLINFO_SPEED_DOWNLOAD_T(3) is a newer replacement that returns a more +sensible variable type. + +# PROTOCOLS + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Perform the request */ + res = curl_easy_perform(curl); + + if(!res) { + double speed; + res = curl_easy_getinfo(curl, CURLINFO_SPEED_DOWNLOAD, &speed); + if(!res) { + printf("Download speed %.0f bytes/sec\n", speed); + } + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.4.1. Deprecated since 7.55.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD_T.md b/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD_T.md new file mode 100644 index 000000000..c8bc2f867 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_SPEED_DOWNLOAD_T.md @@ -0,0 +1,65 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_SPEED_DOWNLOAD_T +Section: 3 +Source: libcurl +See-also: + - CURLINFO_SIZE_UPLOAD_T (3) + - CURLINFO_SPEED_UPLOAD_T (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_SPEED_DOWNLOAD_T - get download speed + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_SPEED_DOWNLOAD_T, + curl_off_t *speed); +~~~ + +# DESCRIPTION + +Pass a pointer to a *curl_off_t* to receive the average download speed +that curl measured for the complete download. Measured in bytes/second. + +# PROTOCOLS + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Perform the request */ + res = curl_easy_perform(curl); + + if(!res) { + curl_off_t speed; + res = curl_easy_getinfo(curl, CURLINFO_SPEED_DOWNLOAD_T, &speed); + if(!res) { + printf("Download speed %" CURL_FORMAT_CURL_OFF_T " bytes/sec\n", + speed); + } + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.55.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD.md b/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD.md new file mode 100644 index 000000000..11ce92923 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD.md @@ -0,0 +1,65 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_SPEED_UPLOAD +Section: 3 +Source: libcurl +See-also: + - CURLINFO_SPEED_DOWNLOAD_T (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_SPEED_UPLOAD - get upload speed + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_SPEED_UPLOAD, double *speed); +~~~ + +# DESCRIPTION + +Pass a pointer to a double to receive the average upload speed that curl +measured for the complete upload. Measured in bytes/second. + +CURLINFO_SPEED_UPLOAD_T(3) is a newer replacement that returns a more +sensible variable type. + +# PROTOCOLS + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Perform the request */ + res = curl_easy_perform(curl); + + if(!res) { + double speed; + res = curl_easy_getinfo(curl, CURLINFO_SPEED_UPLOAD, &speed); + if(!res) { + printf("Upload speed %.0f bytes/sec\n", speed); + } + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.4.1. Deprecated since 7.55.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD_T.md b/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD_T.md new file mode 100644 index 000000000..178e9a526 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_SPEED_UPLOAD_T.md @@ -0,0 +1,63 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_SPEED_UPLOAD_T +Section: 3 +Source: libcurl +See-also: + - CURLINFO_SPEED_DOWNLOAD_T (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_SPEED_UPLOAD_T - get upload speed + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_SPEED_UPLOAD_T, + curl_off_t *speed); +~~~ + +# DESCRIPTION + +Pass a pointer to a *curl_off_t* to receive the average upload speed that +curl measured for the complete upload. Measured in bytes/second. + +# PROTOCOLS + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Perform the request */ + res = curl_easy_perform(curl); + + if(!res) { + curl_off_t speed; + res = curl_easy_getinfo(curl, CURLINFO_SPEED_UPLOAD_T, &speed); + if(!res) { + printf("Upload speed %" CURL_FORMAT_CURL_OFF_T " bytes/sec\n", speed); + } + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.55.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_SSL_ENGINES.md b/docs/libcurl/opts/CURLINFO_SSL_ENGINES.md new file mode 100644 index 000000000..9dbb0a1d1 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_SSL_ENGINES.md @@ -0,0 +1,65 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_SSL_ENGINES +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSLENGINE (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_SSL_ENGINES - get an slist of OpenSSL crypto-engines + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_SSL_ENGINES, + struct curl_slist **engine_list); +~~~ + +# DESCRIPTION + +Pass the address of a 'struct curl_slist *' to receive a linked-list of +OpenSSL crypto-engines supported. Note that engines are normally implemented +in separate dynamic libraries. Hence not all the returned engines may be +available at runtime. **NOTE:** you must call curl_slist_free_all(3) +on the list pointer once you are done with it, as libcurl does not free this +data for you. + +# PROTOCOLS + +All TLS based ones. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + struct curl_slist *engines; + res = curl_easy_getinfo(curl, CURLINFO_SSL_ENGINES, &engines); + if((res == CURLE_OK) && engines) { + /* we have a list, free it when done using it */ + curl_slist_free_all(engines); + } + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.12.3. Available in OpenSSL builds with "engine" support. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_SSL_VERIFYRESULT.md b/docs/libcurl/opts/CURLINFO_SSL_VERIFYRESULT.md new file mode 100644 index 000000000..fdc38f016 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_SSL_VERIFYRESULT.md @@ -0,0 +1,65 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_SSL_VERIFYRESULT +Section: 3 +Source: libcurl +See-also: + - CURLINFO_PROXY_SSL_VERIFYRESULT (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_SSL_VERIFYRESULT - get the result of the certificate verification + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_SSL_VERIFYRESULT, + long *result); +~~~ + +# DESCRIPTION + +Pass a pointer to a long to receive the result of the server SSL certificate +verification that was requested (using the CURLOPT_SSL_VERIFYPEER(3) +option). + +0 is a positive result. Non-zero is an error. + +# PROTOCOLS + +All using TLS + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + long verifyresult; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(res) + printf("error: %s\n", curl_easy_strerror(res)); + curl_easy_getinfo(curl, CURLINFO_SSL_VERIFYRESULT, &verifyresult); + printf("The peer verification said %s\n", verifyresult? + "BAAAD":"fine"); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.5. Only set by the OpenSSL/libressl/boringssl and GnuTLS backends. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME.md b/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME.md new file mode 100644 index 000000000..d7c1f0884 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_STARTTRANSFER_TIME +Section: 3 +Source: libcurl +See-also: + - CURLINFO_STARTTRANSFER_TIME_T (3) + - CURLOPT_TIMEOUT (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_STARTTRANSFER_TIME - get the time until the first byte is received + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_STARTTRANSFER_TIME, + double *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a double to receive the time, in seconds, it took from the +start until the first byte is received by libcurl. This includes +CURLINFO_PRETRANSFER_TIME(3) and also the time the server needs to +calculate the result. + +When a redirect is followed, the time from each request is added together. + +See also the TIMES overview in the curl_easy_getinfo(3) man page. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + double start; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + res = curl_easy_getinfo(curl, CURLINFO_STARTTRANSFER_TIME, &start); + if(CURLE_OK == res) { + printf("Time: %.1f", start); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.9.2 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME_T.md b/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME_T.md new file mode 100644 index 000000000..481c7f5bd --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_STARTTRANSFER_TIME_T.md @@ -0,0 +1,73 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_STARTTRANSFER_TIME_T +Section: 3 +Source: libcurl +See-also: + - CURLINFO_STARTTRANSFER_TIME (3) + - CURLOPT_TIMEOUT (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_STARTTRANSFER_TIME_T - get the time until the first byte is received + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_STARTTRANSFER_TIME_T, + curl_off_t *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_off_t to receive the time, in microseconds, +it took from the +start until the first byte is received by libcurl. This includes +CURLINFO_PRETRANSFER_TIME_T(3) and also the time the server needs to +calculate the result. + +When a redirect is followed, the time from each request is added together. + +See also the TIMES overview in the curl_easy_getinfo(3) man page. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_off_t start; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + res = curl_easy_getinfo(curl, CURLINFO_STARTTRANSFER_TIME_T, &start); + if(CURLE_OK == res) { + printf("Time: %" CURL_FORMAT_CURL_OFF_T ".%06ld", start / 1000000, + (long)(start % 1000000)); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.61.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_TLS_SESSION.md b/docs/libcurl/opts/CURLINFO_TLS_SESSION.md new file mode 100644 index 000000000..98cc2d67c --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_TLS_SESSION.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_TLS_SESSION +Section: 3 +Source: libcurl +See-also: + - CURLINFO_TLS_SSL_PTR (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_TLS_SESSION - get TLS session info + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_TLS_SESSION, + struct curl_tlssessioninfo **session); +~~~ + +# DESCRIPTION + +**This option has been superseded** by CURLINFO_TLS_SSL_PTR(3) which +was added in 7.48.0. The only reason you would use this option instead is if +you could be using a version of libcurl earlier than 7.48.0. + +This option is exactly the same as CURLINFO_TLS_SSL_PTR(3) except in the +case of OpenSSL. If the session *backend* is CURLSSLBACKEND_OPENSSL the +session *internals* pointer varies depending on the option: + +CURLINFO_TLS_SESSION(3) OpenSSL session *internals* is **SSL_CTX ***. + +CURLINFO_TLS_SSL_PTR(3) OpenSSL session *internals* is **SSL ***. + +You can obtain an **SSL_CTX** pointer from an SSL pointer using OpenSSL +function *SSL_get_SSL_CTX(3)*. Therefore unless you need compatibility +with older versions of libcurl use CURLINFO_TLS_SSL_PTR(3). Refer to +that document for more information. + +# PROTOCOLS + +All TLS-based + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + struct curl_tlssessioninfo *tls; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(res) + printf("error: %s\n", curl_easy_strerror(res)); + curl_easy_getinfo(curl, CURLINFO_TLS_SESSION, &tls); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.34.0. Deprecated since 7.48.0 and supported OpenSSL, GnuTLS, and +NSS only up until this version was released. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 b/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.md similarity index 51% rename from docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 rename to docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.md index 5b9d1e005..4fc246adf 100644 --- a/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 +++ b/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.md @@ -1,33 +1,22 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.\" -.TH CURLINFO_TLS_SSL_PTR 3 "September 27, 2023" "ibcurl 8.4.0" libcurl - -.SH NAME -CURLINFO_TLS_SESSION, CURLINFO_TLS_SSL_PTR \- get TLS session info -.SH SYNOPSIS -.nf +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_TLS_SSL_PTR +Section: 3 +Source: libcurl +See-also: + - CURLINFO_TLS_SESSION (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_TLS_SESSION, CURLINFO_TLS_SSL_PTR - get TLS session info + +# SYNOPSIS + +~~~c #include CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_TLS_SSL_PTR, @@ -38,60 +27,75 @@ CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_TLS_SSL_PTR, CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_TLS_SESSION, struct curl_tlssessioninfo **session); -.SH DESCRIPTION -Pass a pointer to a \fIstruct curl_tlssessioninfo *\fP. The pointer is -initialized to refer to a \fIstruct curl_tlssessioninfo *\fP that contains an -enum indicating the SSL library used for the handshake and a pointer to the -respective internal TLS session structure of this underlying SSL library. +~~~ + +# DESCRIPTION + +Pass a pointer to a *struct curl_tlssessioninfo **. The pointer is initialized +to refer to a *struct curl_tlssessioninfo ** that contains an enum indicating +the SSL library used for the handshake and a pointer to the respective +internal TLS session structure of this underlying SSL library. This option may be useful for example to extract certificate information in a format convenient for further processing, such as manual validation. Refer to -the \fBLIMITATIONS\fP section. +the **LIMITATIONS** section. -.nf +~~~c struct curl_tlssessioninfo { curl_sslbackend backend; void *internals; }; -.fi +~~~ -The \fIbackend\fP struct member is one of the defines in the CURLSSLBACKEND_* +The *backend* struct member is one of the defines in the CURLSSLBACKEND_* series: CURLSSLBACKEND_NONE (when built without TLS support), CURLSSLBACKEND_WOLFSSL, CURLSSLBACKEND_SECURETRANSPORT, CURLSSLBACKEND_GNUTLS, CURLSSLBACKEND_MBEDTLS, CURLSSLBACKEND_NSS, CURLSSLBACKEND_OPENSSL, CURLSSLBACKEND_SCHANNEL or CURLSSLBACKEND_MESALINK. (Note that the OpenSSL forks are all reported as just OpenSSL here.) -The \fIinternals\fP struct member points to a TLS library specific pointer for +The *internals* struct member points to a TLS library specific pointer for the active ("in use") SSL connection, with the following underlying types: -.RS -.IP GnuTLS -\fBgnutls_session_t\fP -.IP NSS -\fBPRFileDesc *\fP -.IP OpenSSL -\fICURLINFO_TLS_SESSION(3)\fP: \fBSSL_CTX *\fP - -\fICURLINFO_TLS_SSL_PTR(3)\fP: \fBSSL *\fP -.RE -Since 7.48.0 the \fIinternals\fP member can point to these other SSL backends + +## GnuTLS + +**gnutls_session_t** + +## NSS + +**PRFileDesc *** + +## OpenSSL + +CURLINFO_TLS_SESSION(3): **SSL_CTX *** + +CURLINFO_TLS_SSL_PTR(3): **SSL *** +Since 7.48.0 the *internals* member can point to these other SSL backends as well: -.RS -.IP mbedTLS -\fBmbedTLS_ssl_context *\fP -.IP "Secure Channel" -\fBCtxtHandle *\fP -.IP "Secure Transport" -\fBSSLContext *\fP -.IP "wolfSSL" -\fBSSL *\fP -.RE - -If the \fIinternals\fP pointer is NULL then either the SSL backend is not + +## mbedTLS + +**mbedTLS_ssl_context *** + +## Secure Channel + +**CtxtHandle *** + +## Secure Transport + +**SSLContext *** + +## wolfSSL + +**SSL *** + +If the *internals* pointer is NULL then either the SSL backend is not supported, an SSL session has not yet been established or the connection is no -longer associated with the easy handle (e.g. \fIcurl_easy_perform(3)\fP has +longer associated with the easy handle (e.g. curl_easy_perform(3) has returned). -.SH LIMITATIONS + +# LIMITATIONS + This option has some limitations that could make it unsafe when it comes to the manual verification of certificates. @@ -103,9 +107,9 @@ retrieve a second in-use SSL session associated with an easy handle. This option has not been thoroughly tested with clear text protocols that can be upgraded/downgraded to/from SSL: FTP, SMTP, POP3, IMAP when used with -\fICURLOPT_USE_SSL(3)\fP. Though you can to retrieve the SSL pointer, it's -possible that before you can do that, data (including auth) may have already -been sent over a connection after it was upgraded. +CURLOPT_USE_SSL(3). Though you can to retrieve the SSL pointer, it is possible +that before you can do that, data (including auth) may have already been sent +over a connection after it was upgraded. Renegotiation. If unsafe renegotiation or renegotiation in a way that the certificate is allowed to change is allowed by your SSL library this may occur @@ -114,16 +118,20 @@ after renegotiation but before you are able to get the (possibly) changed SSL pointer, with the (possibly) changed certificate information. Instead of using this option to poll for certificate changes use -\fICURLOPT_SSL_CTX_FUNCTION(3)\fP to set a verification callback, if supported. +CURLOPT_SSL_CTX_FUNCTION(3) to set a verification callback, if supported. That is safer and does not suffer from any of the problems above. How are you using this option? Are you affected by any of these limitations? Please let us know by making a comment at https://github.com/curl/curl/issues/685 -.SH PROTOCOLS + +# PROTOCOLS + All TLS-based -.SH EXAMPLE -.nf + +# EXAMPLE + +~~~c #include #include @@ -134,13 +142,13 @@ static size_t wf(void *ptr, size_t size, size_t nmemb, void *stream) CURLcode res = curl_easy_getinfo(curl, CURLINFO_TLS_SSL_PTR, &info); if(info && !res) { if(CURLSSLBACKEND_OPENSSL == info->backend) { - printf("OpenSSL ver. %s\\n", SSL_get_version((SSL*)info->internals)); + printf("OpenSSL ver. %s\n", SSL_get_version((SSL*)info->internals)); } } return size * nmemb; } -int main(int argc, char** argv) +int main(int argc, char **argv) { CURLcode res; curl = curl_easy_init(); @@ -152,15 +160,15 @@ int main(int argc, char** argv) } return res; } -.fi -.SH AVAILABILITY +~~~ + +# AVAILABILITY + Added in 7.48.0. -This option supersedes \fICURLINFO_TLS_SESSION(3)\fP which was added in 7.34.0. +This option supersedes CURLINFO_TLS_SESSION(3) which was added in 7.34.0. This option is exactly the same as that option except in the case of OpenSSL. -.SH RETURN VALUE + +# RETURN VALUE + Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. -.SH "SEE ALSO" -.BR curl_easy_getinfo (3), -.BR curl_easy_setopt (3), -.BR CURLINFO_TLS_SESSION (3) diff --git a/docs/libcurl/opts/CURLINFO_TOTAL_TIME.md b/docs/libcurl/opts/CURLINFO_TOTAL_TIME.md new file mode 100644 index 000000000..c6af1694e --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_TOTAL_TIME.md @@ -0,0 +1,69 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_TOTAL_TIME +Section: 3 +Source: libcurl +See-also: + - CURLINFO_TOTAL_TIME_T (3) + - CURLOPT_TIMEOUT (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_TOTAL_TIME - get total time of previous transfer + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_TOTAL_TIME, double *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a double to receive the total time in seconds for the +previous transfer, including name resolving, TCP connect etc. The double +represents the time in seconds, including fractions. + +When a redirect is followed, the time from each request is added together. + +See also the TIMES overview in the curl_easy_getinfo(3) man page. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + double total; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + res = curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME, &total); + if(CURLE_OK == res) { + printf("Time: %.1f", total); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.4.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_TOTAL_TIME_T.md b/docs/libcurl/opts/CURLINFO_TOTAL_TIME_T.md new file mode 100644 index 000000000..488d5d3aa --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_TOTAL_TIME_T.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_TOTAL_TIME_T +Section: 3 +Source: libcurl +See-also: + - CURLINFO_TOTAL_TIME (3) + - CURLOPT_TIMEOUT (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_TOTAL_TIME_T - get total time of previous transfer in microseconds + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_TOTAL_TIME_T, + curl_off_t *timep); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_off_t to receive the total time in microseconds +for the previous transfer, including name resolving, TCP connect etc. +The curl_off_t represents the time in microseconds. + +When a redirect is followed, the time from each request is added together. + +See also the TIMES overview in the curl_easy_getinfo(3) man page. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_off_t total; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + res = curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME_T, &total); + if(CURLE_OK == res) { + printf("Time: %" CURL_FORMAT_CURL_OFF_T ".%06ld", total / 1000000, + (long)(total % 1000000)); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.61.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLINFO_XFER_ID.md b/docs/libcurl/opts/CURLINFO_XFER_ID.md new file mode 100644 index 000000000..b32a46b12 --- /dev/null +++ b/docs/libcurl/opts/CURLINFO_XFER_ID.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLINFO_XFER_ID +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CONN_ID (3) + - curl_easy_getinfo (3) + - curl_easy_setopt (3) +--- + +# NAME + +CURLINFO_XFER_ID - get the ID of a transfer + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_XFER_ID, + curl_off_t *xfer_id); +~~~ + +# DESCRIPTION + +Pass a pointer to a *curl_off_t* to receive the identifier of the +current/last transfer done with the handle. Stores -1 if no transfer +has been started yet for the handle. + +The transfer id is unique among all transfers performed using the same +connection cache. This is implicitly the case for all transfers in the +same multi handle. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Perform the request */ + res = curl_easy_perform(curl); + + if(!res) { + curl_off_t xfer_id; + res = curl_easy_getinfo(curl, CURLINFO_XFER_ID, &xfer_id); + if(!res) { + printf("Transfer ID: %" CURL_FORMAT_CURL_OFF_T "\n", xfer_id); + } + } + } +} +~~~ + +# AVAILABILITY + +Added in 8.2.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.md b/docs/libcurl/opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.md new file mode 100644 index 000000000..127f4dd06 --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.md @@ -0,0 +1,61 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE (3) + - CURLMOPT_MAX_PIPELINE_LENGTH (3) + - CURLMOPT_PIPELINING (3) +--- + +# NAME + +CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE - chunk length threshold for pipelining + +# SYNOPSIS + +~~~c +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, + long size); +~~~ + +# DESCRIPTION + +No function since pipelining was removed in 7.62.0. + +Pass a long with a **size** in bytes. If a transfer in a pipeline is +currently processing a chunked (Transfer-encoding: chunked) request with a +current chunk length larger than CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE(3), +that pipeline is not considered for additional requests, even if it is shorter +than CURLMOPT_MAX_PIPELINE_LENGTH(3). + +# DEFAULT + +The default value is 0, which means that the penalization is inactive. + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURLM *m = curl_multi_init(); + long maxchunk = 10000; + curl_multi_setopt(m, CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, maxchunk); +} +~~~ + +# AVAILABILITY + +Added in 7.30.0 + +# RETURN VALUE + +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.md b/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.md new file mode 100644 index 000000000..d3e7abaf0 --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.md @@ -0,0 +1,60 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE (3) + - CURLMOPT_PIPELINING (3) +--- + +# NAME + +CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE - size threshold for pipelining penalty + +# SYNOPSIS + +~~~c +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, + long size); +~~~ + +# DESCRIPTION + +No function since pipelining was removed in 7.62.0. + +Pass a long with a **size** in bytes. If a transfer in a pipeline is +currently processing a request with a Content-Length larger than this +CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE(3), that pipeline is not considered +for additional requests, even if it is shorter than +CURLMOPT_MAX_PIPELINE_LENGTH(3). + +# DEFAULT + +The default value is 0, which means that the size penalization is inactive. + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURLM *m = curl_multi_init(); + long maxlength = 10000; + curl_multi_setopt(m, CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, maxlength); +} +~~~ + +# AVAILABILITY + +Added in 7.30.0 + +# RETURN VALUE + +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.md b/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.md new file mode 100644 index 000000000..9a5457fa5 --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_MAXCONNECTS.md @@ -0,0 +1,69 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLMOPT_MAXCONNECTS +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_MAX_HOST_CONNECTIONS (3) + - CURLOPT_MAXCONNECTS (3) +--- + +# NAME + +CURLMOPT_MAXCONNECTS - size of connection cache + +# SYNOPSIS + +~~~c +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_MAXCONNECTS, long max); +~~~ + +# DESCRIPTION + +Pass a long indicating the **max**. The set number is used as the maximum +amount of simultaneously open connections that libcurl may keep in its +connection cache after completed use. By default libcurl enlarges the size for +each added easy handle to make it fit 4 times the number of added easy +handles. + +By setting this option, you can prevent the cache size from growing beyond the +limit set by you. + +When the cache is full, curl closes the oldest one in the cache to prevent the +number of open connections from increasing. + +This option is for the multi handle's use only, when using the easy interface +you should instead use the CURLOPT_MAXCONNECTS(3) option. + +See CURLMOPT_MAX_TOTAL_CONNECTIONS(3) for limiting the number of active +connections. + +# DEFAULT + +See DESCRIPTION + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURLM *m = curl_multi_init(); + /* only keep 10 connections in the cache */ + curl_multi_setopt(m, CURLMOPT_MAXCONNECTS, 10L); +} +~~~ + +# AVAILABILITY + +Added in 7.16.3 + +# RETURN VALUE + +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLMOPT_MAX_CONCURRENT_STREAMS.md b/docs/libcurl/opts/CURLMOPT_MAX_CONCURRENT_STREAMS.md new file mode 100644 index 000000000..247199444 --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_MAX_CONCURRENT_STREAMS.md @@ -0,0 +1,59 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLMOPT_MAX_CONCURRENT_STREAMS +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_MAXCONNECTS (3) + - CURLOPT_MAXCONNECTS (3) +--- + +# NAME + +CURLMOPT_MAX_CONCURRENT_STREAMS - max concurrent streams for http2 + +# SYNOPSIS + +~~~c +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_MAX_CONCURRENT_STREAMS, + long max); +~~~ + +# DESCRIPTION + +Pass a long indicating the **max**. The set number is used as the maximum +number of concurrent streams libcurl should support on connections done using +HTTP/2 or HTTP/3. + +Valid values range from 1 to 2147483647 (2^31 - 1) and defaults to 100. The +value passed here would be honored based on other system resources properties. + +# DEFAULT + +100 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURLM *m = curl_multi_init(); + /* max concurrent streams 200 */ + curl_multi_setopt(m, CURLMOPT_MAX_CONCURRENT_STREAMS, 200L); +} +~~~ + +# AVAILABILITY + +Added in 7.67.0 + +# RETURN VALUE + +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.md b/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.md new file mode 100644 index 000000000..75c4768f6 --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_MAX_HOST_CONNECTIONS.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLMOPT_MAX_HOST_CONNECTIONS +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_MAXCONNECTS (3) + - CURLMOPT_MAX_TOTAL_CONNECTIONS (3) +--- + +# NAME + +CURLMOPT_MAX_HOST_CONNECTIONS - max number of connections to a single host + +# SYNOPSIS + +~~~c +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_MAX_HOST_CONNECTIONS, + long max); +~~~ + +# DESCRIPTION + +Pass a long to indicate **max**. The set number is used as the maximum amount +of simultaneously open connections to a single host (a host being the same as +a hostname + port number pair). For each new session to a host, libcurl might +open a new connection up to the limit set by +CURLMOPT_MAX_HOST_CONNECTIONS(3). When the limit is reached, new sessions are +kept pending until a connection becomes available. + +The default **max** value is 0, unlimited. This set limit is also used for +proxy connections, and then the proxy is considered to be the host for which +this limit counts. + +When more transfers are added to the multi handle than what can be performed +due to the set limit, they are queued up waiting for their chance. When that +happens, the CURLOPT_TIMEOUT_MS(3) timeout is inclusive of the waiting +time, meaning that if you set a too narrow timeout in such a case the transfer +might never even start before it times out. + +Even in the queued up situation, the CURLOPT_CONNECTTIMEOUT_MS(3) +timeout is however treated as a per-connect timeout. + +# DEFAULT + +0 + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURLM *m = curl_multi_init(); + /* do no more than 2 connections per host */ + curl_multi_setopt(m, CURLMOPT_MAX_HOST_CONNECTIONS, 2L); +} +~~~ + +# AVAILABILITY + +Added in 7.30.0 + +# RETURN VALUE + +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.md b/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.md new file mode 100644 index 000000000..bad638e5f --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_MAX_PIPELINE_LENGTH.md @@ -0,0 +1,64 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLMOPT_MAX_PIPELINE_LENGTH +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_MAX_HOST_CONNECTIONS (3) + - CURLMOPT_PIPELINING (3) +--- + +# NAME + +CURLMOPT_MAX_PIPELINE_LENGTH - maximum number of requests in a pipeline + +# SYNOPSIS + +~~~c +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_MAX_PIPELINE_LENGTH, + long max); +~~~ + +# DESCRIPTION + +No function since pipelining was removed in 7.62.0. + +Pass a long. The set **max** number is used as the maximum amount of +outstanding requests in an HTTP/1.1 pipeline. This option is only used for +HTTP/1.1 pipelining, not for HTTP/2 multiplexing. + +When this limit is reached, libcurl creates another connection to the same +host (see CURLMOPT_MAX_HOST_CONNECTIONS(3)), or queue the request until one + of the pipelines to the host is ready to accept a request. Thus, the total +number of requests in-flight is CURLMOPT_MAX_HOST_CONNECTIONS(3) * +CURLMOPT_MAX_PIPELINE_LENGTH(3). + +# DEFAULT + +5 + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURLM *m = curl_multi_init(); + /* set a more conservative pipe length */ + curl_multi_setopt(m, CURLMOPT_MAX_PIPELINE_LENGTH, 3L); +} +~~~ + +# AVAILABILITY + +Added in 7.30.0 + +# RETURN VALUE + +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.md b/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.md new file mode 100644 index 000000000..859bb2ad5 --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_MAX_TOTAL_CONNECTIONS.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLMOPT_MAX_TOTAL_CONNECTIONS +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_MAXCONNECTS (3) + - CURLMOPT_MAX_HOST_CONNECTIONS (3) +--- + +# NAME + +CURLMOPT_MAX_TOTAL_CONNECTIONS - max simultaneously open connections + +# SYNOPSIS + +~~~c +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_MAX_TOTAL_CONNECTIONS, + long amount); +~~~ + +# DESCRIPTION + +Pass a long for the **amount**. The set number is used as the maximum number +of simultaneously open connections in total using this multi handle. For each +new session, libcurl might open a new connection up to the limit set by +CURLMOPT_MAX_TOTAL_CONNECTIONS(3). When the limit is reached, new +sessions are held pending until there are available connections. If +CURLMOPT_PIPELINING(3) is enabled, libcurl can try multiplexing if the +host is capable of it. + +When more transfers are added to the multi handle than what can be performed +due to the set limit, they get queued up waiting for their chance. When that +happens, the CURLOPT_TIMEOUT_MS(3) timeout is counted inclusive of the +waiting time, meaning that if you set a too narrow timeout in such a case the +transfer might never even start before it times out. + +Even in the queued up situation, the CURLOPT_CONNECTTIMEOUT_MS(3) +timeout is however treated as a per-connect timeout. + +# DEFAULT + +The default value is 0, which means that there is no limit. It is then simply +controlled by the number of easy handles added. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURLM *m = curl_multi_init(); + /* never do more than 15 connections */ + curl_multi_setopt(m, CURLMOPT_MAX_TOTAL_CONNECTIONS, 15L); +} +~~~ + +# AVAILABILITY + +Added in 7.30.0 + +# RETURN VALUE + +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLMOPT_PIPELINING.md b/docs/libcurl/opts/CURLMOPT_PIPELINING.md new file mode 100644 index 000000000..3df71b54f --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_PIPELINING.md @@ -0,0 +1,77 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLMOPT_PIPELINING +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE (3) + - CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE (3) + - CURLMOPT_MAXCONNECTS (3) + - CURLMOPT_MAX_HOST_CONNECTIONS (3) + - CURLMOPT_MAX_PIPELINE_LENGTH (3) + - CURLMOPT_PIPELINING_SITE_BL (3) +--- + +# NAME + +CURLMOPT_PIPELINING - enable HTTP pipelining and multiplexing + +# SYNOPSIS + +~~~c +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PIPELINING, long bitmask); +~~~ + +# DESCRIPTION + +Pass in the correct value in the **bitmask** parameter to instruct libcurl +to enable multiplexing for this multi handle. + +With multiplexing enabled, libcurl attempts to do multiple transfers over the +same connection when doing parallel transfers to the same hosts. + +## CURLPIPE_NOTHING (0) + +Default, which means doing no attempts at multiplexing. + +## CURLPIPE_HTTP1 (1) + +This bit is deprecated and has no effect since version 7.62.0. + +## CURLPIPE_MULTIPLEX (2) + +If this bit is set, libcurl tries to multiplex the new transfer over an +existing connection if possible. This requires HTTP/2 or HTTP/3. + +# DEFAULT + +Since 7.62.0, **CURLPIPE_MULTIPLEX** is enabled by default. + +Before that, default was **CURLPIPE_NOTHING**. + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURLM *m = curl_multi_init(); + /* try HTTP/2 multiplexing */ + curl_multi_setopt(m, CURLMOPT_PIPELINING, CURLPIPE_MULTIPLEX); +} +~~~ + +# AVAILABILITY + +Added in 7.16.0. Multiplex support bit added in 7.43.0. HTTP/1 Pipelining +support was disabled in 7.62.0. + +# RETURN VALUE + +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.md b/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.md new file mode 100644 index 000000000..226700806 --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_PIPELINING_SERVER_BL.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLMOPT_PIPELINING_SERVER_BL +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_PIPELINING (3) + - CURLMOPT_PIPELINING_SITE_BL (3) +--- + +# NAME + +CURLMOPT_PIPELINING_SERVER_BL - pipelining server block list + +# SYNOPSIS + +~~~c +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PIPELINING_SERVER_BL, + char **servers); +~~~ + +# DESCRIPTION + +No function since pipelining was removed in 7.62.0. + +Pass a **servers** array of char *, ending with a NULL entry. This is a list +of server types prefixes (in the Server: HTTP header) that are blocked from +pipelining, i.e server types that are known to not support HTTP +pipelining. The array is copied by libcurl. + +Note that the comparison matches if the Server: header begins with the string +in the block list, i.e "Server: Ninja 1.2.3" and "Server: Ninja 1.4.0" can +both be blocked by having "Ninja" in the list. + +Pass a NULL pointer to clear the block list. + +# DEFAULT + +The default value is NULL, which means that there is no block list. + +# PROTOCOLS + +# EXAMPLE + +~~~c +static char *server_block_list[] = +{ + "Microsoft-IIS/6.0", + "nginx/0.8.54", + NULL +}; +int main(void) +{ + CURLM *m = curl_multi_init(); + curl_multi_setopt(m, CURLMOPT_PIPELINING_SERVER_BL, server_block_list); +} +~~~ + +# AVAILABILITY + +Added in 7.30.0 + +# RETURN VALUE + +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.md b/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.md new file mode 100644 index 000000000..a212c4f63 --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_PIPELINING_SITE_BL.md @@ -0,0 +1,66 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLMOPT_PIPELINING_SITE_BL +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_PIPELINING (3) + - CURLMOPT_PIPELINING_SERVER_BL (3) +--- + +# NAME + +CURLMOPT_PIPELINING_SITE_BL - pipelining host block list + +# SYNOPSIS + +~~~c +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PIPELINING_SITE_BL, + char **hosts); +~~~ + +# DESCRIPTION + +No function since pipelining was removed in 7.62.0. + +Pass a **hosts** array of char *, ending with a NULL entry. This is a list +of sites that are blocked from pipelining, i.e sites that are known to not +support HTTP pipelining. The array is copied by libcurl. + +Pass a NULL pointer to clear the block list. + +# DEFAULT + +The default value is NULL, which means that there is no block list. + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +static char *site_block_list[] = +{ + "www.haxx.se", + "www.example.com:1234", + NULL +}; + +int main(void) +{ + CURLM *m = curl_multi_init(); + curl_multi_setopt(m, CURLMOPT_PIPELINING_SITE_BL, site_block_list); +} +~~~ + +# AVAILABILITY + +Added in 7.30.0 + +# RETURN VALUE + +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLMOPT_PUSHDATA.md b/docs/libcurl/opts/CURLMOPT_PUSHDATA.md new file mode 100644 index 000000000..23e8785f2 --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_PUSHDATA.md @@ -0,0 +1,87 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLMOPT_PUSHDATA +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_PIPELINING (3) + - CURLMOPT_PUSHFUNCTION (3) + - CURLOPT_PIPEWAIT (3) + - RFC 7540 +--- + +# NAME + +CURLMOPT_PUSHDATA - pointer to pass to push callback + +# SYNOPSIS + +~~~c +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PUSHDATA, void *pointer); +~~~ + +# DESCRIPTION + +Set a *pointer* to pass as the last argument to the +CURLMOPT_PUSHFUNCTION(3) callback. The pointer is not touched or used by +libcurl itself, only passed on to the callback function. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +#include + +/* only allow pushes for file names starting with "push-" */ +int push_callback(CURL *parent, + CURL *easy, + size_t num_headers, + struct curl_pushheaders *headers, + void *clientp) +{ + char *headp; + int *transfers = (int *)clientp; + FILE *out; + headp = curl_pushheader_byname(headers, ":path"); + if(headp && !strncmp(headp, "/push-", 6)) { + fprintf(stderr, "The PATH is %s\n", headp); + + /* save the push here */ + out = fopen("pushed-stream", "wb"); + + /* write to this file */ + curl_easy_setopt(easy, CURLOPT_WRITEDATA, out); + + (*transfers)++; /* one more */ + + return CURL_PUSH_OK; + } + return CURL_PUSH_DENY; +} + +int main(void) +{ + int counter; + CURLM *multi = curl_multi_init(); + curl_multi_setopt(multi, CURLMOPT_PUSHFUNCTION, push_callback); + curl_multi_setopt(multi, CURLMOPT_PUSHDATA, &counter); +} +~~~ + +# AVAILABILITY + +Added in 7.44.0 + +# RETURN VALUE + +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3 b/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.md similarity index 51% rename from docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3 rename to docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.md index 4a599d0cc..903ac06fb 100644 --- a/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3 +++ b/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.md @@ -1,33 +1,23 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.\" -.TH CURLMOPT_PUSHFUNCTION 3 "September 26, 2023" "ibcurl 8.4.0" libcurl - -.SH NAME -CURLMOPT_PUSHFUNCTION \- callback that approves or denies server pushes -.SH SYNOPSIS -.nf +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLMOPT_PUSHFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_PIPELINING (3) + - CURLMOPT_PUSHDATA (3) + - CURLOPT_PIPEWAIT (3) + - RFC 7540 +--- + +# NAME + +CURLMOPT_PUSHFUNCTION - callback that approves or denies server pushes + +# SYNOPSIS + +~~~c #include int curl_push_callback(CURL *parent, @@ -38,60 +28,81 @@ int curl_push_callback(CURL *parent, CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PUSHFUNCTION, curl_push_callback func); -.fi -.SH DESCRIPTION +~~~ + +# DESCRIPTION + This callback gets called when a new HTTP/2 stream is being pushed by the server (using the PUSH_PROMISE frame). If no push callback is set, all offered pushes are denied automatically. -.SH CALLBACK DESCRIPTION + +# CALLBACK DESCRIPTION + The callback gets its arguments like this: -\fIparent\fP is the handle of the stream on which this push arrives. The new +*parent* is the handle of the stream on which this push arrives. The new handle has been duplicated from the parent, meaning that it has gotten all its options inherited. It is then up to the application to alter any options if desired. -\fIeasy\fP is a newly created handle that represents this upcoming transfer. +*easy* is a newly created handle that represents this upcoming transfer. -\fInum_headers\fP is the number of name+value pairs that was received and can +*num_headers* is the number of name+value pairs that was received and can be accessed -\fIheaders\fP is a handle used to access push headers using the accessor +*headers* is a handle used to access push headers using the accessor functions described below. This only accesses and provides the PUSH_PROMISE headers, the normal response headers are provided in the header callback as usual. -\fIclientp\fP is the pointer set with \fICURLMOPT_PUSHDATA(3)\fP +*clientp* is the pointer set with CURLMOPT_PUSHDATA(3) If the callback returns CURL_PUSH_OK, the new easy handle is added to the multi handle, the callback must not do that by itself. The callback can access PUSH_PROMISE headers with two accessor functions. These functions can only be used from within this callback and they -can only access the PUSH_PROMISE headers: \fIcurl_pushheader_byname(3)\fP and -\fIcurl_pushheader_bynum(3)\fP. The normal response headers are passed to the +can only access the PUSH_PROMISE headers: curl_pushheader_byname(3) and +curl_pushheader_bynum(3). The normal response headers are passed to the header callback for pushed streams just as for normal streams. -The header fields can also be accessed with \fIcurl_easy_header(3)\fP, +The header fields can also be accessed with curl_easy_header(3), introduced in later libcurl versions. -.SH CALLBACK RETURN VALUE -.IP "CURL_PUSH_OK (0)" + +# CALLBACK RETURN VALUE + +## CURL_PUSH_OK (0) + The application has accepted the stream and it can now start receiving data, the ownership of the CURL handle has been taken over by the application. -.IP "CURL_PUSH_DENY (1)" + +## CURL_PUSH_DENY (1) + The callback denies the stream and no data reaches the application, the easy handle is destroyed by libcurl. -.IP "CURL_PUSH_ERROROUT (2)" + +## CURL_PUSH_ERROROUT (2) + Returning this code rejects the pushed stream and returns an error back on the parent stream making it get closed with an error. (Added in 7.72.0) -.IP * + +## * + All other return codes are reserved for future use. -.SH DEFAULT + +# DEFAULT + NULL, no callback -.SH PROTOCOLS + +# PROTOCOLS + HTTP(S) (HTTP/2 only) -.SH EXAMPLE -.nf + +# EXAMPLE + +~~~c +#include + /* only allow pushes for file names starting with "push-" */ int push_callback(CURL *parent, CURL *easy, @@ -104,7 +115,7 @@ int push_callback(CURL *parent, FILE *out; headp = curl_pushheader_byname(headers, ":path"); if(headp && !strncmp(headp, "/push-", 6)) { - fprintf(stderr, "The PATH is %s\\n", headp); + fprintf(stderr, "The PATH is %s\n", headp); /* save the push here */ out = fopen("pushed-stream", "wb"); @@ -119,15 +130,19 @@ int push_callback(CURL *parent, return CURL_PUSH_DENY; } -curl_multi_setopt(multi, CURLMOPT_PUSHFUNCTION, push_callback); -curl_multi_setopt(multi, CURLMOPT_PUSHDATA, &counter); -.fi -.SH AVAILABILITY +int main(void) +{ + int counter; + CURLM *multi = curl_multi_init(); + curl_multi_setopt(multi, CURLMOPT_PUSHFUNCTION, push_callback); + curl_multi_setopt(multi, CURLMOPT_PUSHDATA, &counter); +} +~~~ + +# AVAILABILITY + Added in 7.44.0 -.SH RETURN VALUE + +# RETURN VALUE + Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. -.SH "SEE ALSO" -.BR CURLMOPT_PUSHDATA (3), -.BR CURLMOPT_PIPELINING (3), -.BR CURLOPT_PIPEWAIT (3), -.BR RFC 7540 diff --git a/docs/libcurl/opts/CURLMOPT_SOCKETDATA.md b/docs/libcurl/opts/CURLMOPT_SOCKETDATA.md new file mode 100644 index 000000000..f4de8c331 --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_SOCKETDATA.md @@ -0,0 +1,82 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLMOPT_SOCKETDATA +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_SOCKETFUNCTION (3) + - CURLMOPT_TIMERFUNCTION (3) + - curl_multi_socket_action (3) +--- + +# NAME + +CURLMOPT_SOCKETDATA - custom pointer passed to the socket callback + +# SYNOPSIS + +~~~c +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_SOCKETDATA, void *pointer); +~~~ + +# DESCRIPTION + +A data *pointer* to pass to the socket callback set with the +CURLMOPT_SOCKETFUNCTION(3) option. + +This pointer is not touched by libcurl but is only passed in as the socket +callbacks's **clientp** argument. + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +struct priv { + void *ours; +}; + +static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp) +{ + struct priv *p = sockp; + printf("my ptr: %p\n", p->ours); + + if(what == CURL_POLL_REMOVE) { + /* remove the socket from our collection */ + } + if(what & CURL_POLL_IN) { + /* wait for read on this socket */ + } + if(what & CURL_POLL_OUT) { + /* wait for write on this socket */ + } + + return 0; +} + +int main(void) +{ + struct priv setup; + CURLM *multi = curl_multi_init(); + /* ... use socket callback and custom pointer */ + curl_multi_setopt(multi, CURLMOPT_SOCKETFUNCTION, sock_cb); + curl_multi_setopt(multi, CURLMOPT_SOCKETDATA, &setup); +} +~~~ + +# AVAILABILITY + +Added in 7.15.4 + +# RETURN VALUE + +Returns CURLM_OK. diff --git a/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.md b/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.md new file mode 100644 index 000000000..5b34db5f3 --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.md @@ -0,0 +1,135 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLMOPT_SOCKETFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_SOCKETDATA (3) + - CURLMOPT_TIMERFUNCTION (3) + - curl_multi_socket_action (3) +--- + +# NAME + +CURLMOPT_SOCKETFUNCTION - callback informed about what to wait for + +# SYNOPSIS + +~~~c +#include + +int socket_callback(CURL *easy, /* easy handle */ + curl_socket_t s, /* socket */ + int what, /* describes the socket */ + void *clientp, /* private callback pointer */ + void *socketp); /* private socket pointer */ + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_SOCKETFUNCTION, socket_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +When the curl_multi_socket_action(3) function is called, it uses this +callback to inform the application about updates in the socket (file +descriptor) status by doing none, one, or multiple calls to the +**socket_callback**. The callback function gets status updates with changes +since the previous time the callback was called. If the given callback pointer +is set to NULL, no callback is called. + +libcurl then expects the application to monitor the sockets for the specific +activities and tell libcurl again when something happens on one of them. Tell +libcurl by calling curl_multi_socket_action(3). + +# CALLBACK ARGUMENTS + +*easy* identifies the specific transfer for which this update is related. + +*s* is the specific socket this function invocation concerns. If the +**what** argument is not CURL_POLL_REMOVE then it holds information about +what activity on this socket the application is supposed to +monitor. Subsequent calls to this callback might update the **what** bits +for a socket that is already monitored. + +The socket callback should return 0 on success, and -1 on error. If this +callback returns error, **all** transfers currently in progress in this +multi handle are aborted and made to fail. + +**clientp** is set with CURLMOPT_SOCKETDATA(3). + +**socketp** is set with curl_multi_assign(3) or NULL. + +The **what** parameter informs the callback on the status of the given +socket. It can hold one of these values: + +## CURL_POLL_IN + +Wait for incoming data. For the socket to become readable. + +## CURL_POLL_OUT + +Wait for outgoing data. For the socket to become writable. + +## CURL_POLL_INOUT + +Wait for incoming and outgoing data. For the socket to become readable or +writable. + +## CURL_POLL_REMOVE + +The specified socket/file descriptor is no longer used by libcurl for any +active transfer. It might soon be added again. + +# DEFAULT + +NULL (no callback) + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +struct priv { + void *ours; +}; + +static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp) +{ + struct priv *p = sockp; + printf("our ptr: %p\n", p->ours); + + if(what == CURL_POLL_REMOVE) { + /* remove the socket from our collection */ + } + if(what & CURL_POLL_IN) { + /* wait for read on this socket */ + } + if(what & CURL_POLL_OUT) { + /* wait for write on this socket */ + } + + return 0; +} + +int main(void) +{ + struct priv setup; + CURLM *multi = curl_multi_init(); + /* ... use socket callback and custom pointer */ + curl_multi_setopt(multi, CURLMOPT_SOCKETFUNCTION, sock_cb); + curl_multi_setopt(multi, CURLMOPT_SOCKETDATA, &setup); +} +~~~ + +# AVAILABILITY + +Added in 7.15.4 + +# RETURN VALUE + +Returns CURLM_OK. diff --git a/docs/libcurl/opts/CURLMOPT_TIMERDATA.md b/docs/libcurl/opts/CURLMOPT_TIMERDATA.md new file mode 100644 index 000000000..13bbd925b --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_TIMERDATA.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLMOPT_TIMERDATA +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_SOCKETFUNCTION (3) + - CURLMOPT_TIMERFUNCTION (3) +--- + +# NAME + +CURLMOPT_TIMERDATA - custom pointer to pass to timer callback + +# SYNOPSIS + +~~~c +#include + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_TIMERDATA, void *pointer); +~~~ + +# DESCRIPTION + +A data **pointer** to pass to the timer callback set with the +CURLMOPT_TIMERFUNCTION(3) option. + +This pointer is not touched by libcurl but is only be passed in to the timer +callbacks's **clientp** argument. + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +struct priv { + void *custom; +}; + +static int timerfunc(CURLM *multi, long timeout_ms, void *clientp) +{ + struct priv *mydata = clientp; + printf("our ptr: %p\n", mydata->custom); + + if(timeout_ms) { + /* this is the new single timeout to wait for */ + } + else { + /* delete the timeout, nothing to wait for now */ + } +} + +int main(void) +{ + struct priv mydata; + CURLM *multi = curl_multi_init(); + curl_multi_setopt(multi, CURLMOPT_TIMERFUNCTION, timerfunc); + curl_multi_setopt(multi, CURLMOPT_TIMERDATA, &mydata); +} +~~~ + +# AVAILABILITY + +Added in 7.16.0 + +# RETURN VALUE + +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.md b/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.md new file mode 100644 index 000000000..83a8fe7e0 --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_TIMERFUNCTION.md @@ -0,0 +1,103 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLMOPT_TIMERFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_SOCKETFUNCTION (3) + - CURLMOPT_TIMERDATA (3) +--- + +# NAME + +CURLMOPT_TIMERFUNCTION - callback to receive timeout values + +# SYNOPSIS + +~~~c +#include + +int timer_callback(CURLM *multi, /* multi handle */ + long timeout_ms, /* timeout in number of ms */ + void *clientp); /* private callback pointer */ + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_TIMERFUNCTION, timer_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +Certain features, such as timeouts and retries, require you to call libcurl +even when there is no activity on the file descriptors. + +Your callback function **timer_callback** should install a non-repeating +timer with an expire time of **timeout_ms** milliseconds. When that timer +fires, call either curl_multi_socket_action(3) or +curl_multi_perform(3), depending on which interface you use. + +A **timeout_ms** value of -1 passed to this callback means you should delete +the timer. All other values are valid expire times in number of milliseconds. + +The **timer_callback** is called when the timeout expire time is changed. + +The **clientp** pointer is set with CURLMOPT_TIMERDATA(3). + +The timer callback should return 0 on success, and -1 on error. If this +callback returns error, **all** transfers currently in progress in this +multi handle are aborted and made to fail. + +This callback can be used instead of, or in addition to, +curl_multi_timeout(3). + +**WARNING:** do not call libcurl directly from within the callback itself +when the **timeout_ms** value is zero, since it risks triggering an +unpleasant recursive behavior that immediately calls another call to the +callback with a zero timeout... + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +struct priv { + void *custom; +}; + +static int timerfunc(CURLM *multi, long timeout_ms, void *clientp) +{ + struct priv *mydata = clientp; + printf("our ptr: %p\n", mydata->custom); + + if(timeout_ms) { + /* this is the new single timeout to wait for */ + } + else { + /* delete the timeout, nothing to wait for now */ + } +} + +int main(void) +{ + struct priv mydata; + CURLM *multi = curl_multi_init(); + curl_multi_setopt(multi, CURLMOPT_TIMERFUNCTION, timerfunc); + curl_multi_setopt(multi, CURLMOPT_TIMERDATA, &mydata); +} +~~~ + +# AVAILABILITY + +Added in 7.16.0 + +# RETURN VALUE + +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_ABSTRACT_UNIX_SOCKET.md b/docs/libcurl/opts/CURLOPT_ABSTRACT_UNIX_SOCKET.md new file mode 100644 index 000000000..33d2b7bcc --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_ABSTRACT_UNIX_SOCKET.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_ABSTRACT_UNIX_SOCKET +Section: 3 +Source: libcurl +See-also: + - CURLOPT_UNIX_SOCKET_PATH (3) + - unix (7) +--- + +# NAME + +CURLOPT_ABSTRACT_UNIX_SOCKET - abstract Unix domain socket + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ABSTRACT_UNIX_SOCKET, + char *path); +~~~ + +# DESCRIPTION + +Enables the use of an abstract Unix domain socket instead of establishing a +TCP connection to a host. The parameter should be a char * to a +null-terminated string holding the path of the socket. The path is set to +*path* prefixed by a NULL byte. This is the convention for abstract +sockets, however it should be stressed that the path passed to this function +should not contain a leading NULL byte. + +On non-supporting platforms, the abstract address is interpreted as an empty +string and fails gracefully, generating a runtime error. + +This option shares the same semantics as CURLOPT_UNIX_SOCKET_PATH(3) in +which documentation more details can be found. Internally, these two options +share the same storage and therefore only one of them can be set per handle. + +# DEFAULT + +Default is NULL. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_ABSTRACT_UNIX_SOCKET, "/tmp/foo.sock"); + curl_easy_setopt(curl, CURLOPT_URL, "http://localhost/"); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.53.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.md b/docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.md new file mode 100644 index 000000000..77615d886 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_ACCEPTTIMEOUT_MS.md @@ -0,0 +1,61 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_ACCEPTTIMEOUT_MS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CONNECTTIMEOUT_MS (3) + - CURLOPT_DEBUGFUNCTION (3) + - CURLOPT_STDERR (3) +--- + +# NAME + +CURLOPT_ACCEPTTIMEOUT_MS - timeout waiting for FTP server to connect back + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ACCEPTTIMEOUT_MS, long ms); +~~~ + +# DESCRIPTION + +Pass a long telling libcurl the maximum number of milliseconds to wait for a +server to connect back to libcurl when an active FTP connection is used. + +# DEFAULT + +60000 milliseconds + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/path/file"); + + /* wait no more than 5 seconds for FTP server responses */ + curl_easy_setopt(curl, CURLOPT_ACCEPTTIMEOUT_MS, 5000L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.24.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.md b/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.md new file mode 100644 index 000000000..9bba40d9d --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_ACCEPT_ENCODING.md @@ -0,0 +1,110 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_ACCEPT_ENCODING +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPHEADER (3) + - CURLOPT_HTTP_CONTENT_DECODING (3) + - CURLOPT_TRANSFER_ENCODING (3) +--- + +# NAME + +CURLOPT_ACCEPT_ENCODING - automatic decompression of HTTP downloads + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ACCEPT_ENCODING, char *enc); +~~~ + +# DESCRIPTION + +Pass a char pointer argument specifying what encoding you would like. + +Sets the contents of the Accept-Encoding: header sent in an HTTP request, and +enables decoding of a response when a Content-Encoding: header is received. + +libcurl potentially supports several different compressed encodings depending +on what support that has been built-in. + +To aid applications not having to bother about what specific algorithms this +particular libcurl build supports, libcurl allows a zero-length string to be +set ("") to ask for an Accept-Encoding: header to be used that contains all +built-in supported encodings. + +Alternatively, you can specify exactly the encoding or list of encodings you +want in the response. The following encodings are supported: *identity*, +meaning non-compressed, *deflate* which requests the server to compress +its response using the zlib algorithm, *gzip* which requests the gzip +algorithm, (since curl 7.57.0) *br* which is brotli and (since curl +7.72.0) *zstd* which is zstd. Provide them in the string as a +comma-separated list of accepted encodings, like: **"br, gzip, deflate"**. + +Set CURLOPT_ACCEPT_ENCODING(3) to NULL to explicitly disable it, which +makes libcurl not send an Accept-Encoding: header and not decompress received +contents automatically. + +You can also opt to just include the Accept-Encoding: header in your request +with CURLOPT_HTTPHEADER(3) but then there is no automatic decompressing +when receiving data. + +This is a request, not an order; the server may or may not do it. This option +must be set (to any non-NULL value) or else any unsolicited encoding done by +the server is ignored. + +Servers might respond with Content-Encoding even without getting a +Accept-Encoding: in the request. Servers might respond with a different +Content-Encoding than what was asked for in the request. + +The Content-Length: servers send for a compressed response is supposed to +indicate the length of the compressed content so when auto decoding is enabled +it may not match the sum of bytes reported by the write callbacks (although, +sending the length of the non-compressed content is a common server mistake). + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* enable all supported built-in compressions */ + curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, ""); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +This option was called CURLOPT_ENCODING before 7.21.6 + +The specific libcurl you are using must have been built with zlib to be able to +decompress gzip and deflate responses, with the brotli library to +decompress brotli responses and with the zstd library to decompress zstd +responses. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_ADDRESS_SCOPE.md b/docs/libcurl/opts/CURLOPT_ADDRESS_SCOPE.md new file mode 100644 index 000000000..78526bd39 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_ADDRESS_SCOPE.md @@ -0,0 +1,63 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_ADDRESS_SCOPE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DEBUGFUNCTION (3) + - CURLOPT_STDERR (3) +--- + +# NAME + +CURLOPT_ADDRESS_SCOPE - scope id for IPv6 addresses + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ADDRESS_SCOPE, long scope); +~~~ + +# DESCRIPTION + +Pass a long specifying the scope id value to use when connecting to IPv6 addresses. + +# DEFAULT + +0 + +# PROTOCOLS + +All, when using IPv6 + +# EXAMPLE + +~~~c +#include /* for if_nametoindex() */ + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + long my_scope_id; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + my_scope_id = if_nametoindex("eth0"); + curl_easy_setopt(curl, CURLOPT_ADDRESS_SCOPE, my_scope_id); + ret = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.19.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. +Returns CURLE_BAD_FUNCTION_ARGUMENT if set to a negative value. diff --git a/docs/libcurl/opts/CURLOPT_ALTSVC.md b/docs/libcurl/opts/CURLOPT_ALTSVC.md new file mode 100644 index 000000000..6f6408474 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_ALTSVC.md @@ -0,0 +1,111 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_ALTSVC +Section: 3 +Source: libcurl +See-also: + - CURLOPT_ALTSVC_CTRL (3) + - CURLOPT_CONNECT_TO (3) + - CURLOPT_COOKIEFILE (3) + - CURLOPT_RESOLVE (3) +--- + +# NAME + +CURLOPT_ALTSVC - alt-svc cache file name + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ALTSVC, char *filename); +~~~ + +# DESCRIPTION + +Pass in a pointer to a *filename* to instruct libcurl to use that file as +the Alt-Svc cache to read existing cache contents from and possibly also write +it back to after a transfer, unless **CURLALTSVC_READONLYFILE** is set in +CURLOPT_ALTSVC_CTRL(3). + +Specify a blank filename ("") to make libcurl not load from a file at all. + +# DEFAULT + +NULL. The alt-svc cache is not read nor written to file. + +# PROTOCOLS + +HTTPS + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_ALTSVC_CTRL, CURLALTSVC_H1); + curl_easy_setopt(curl, CURLOPT_ALTSVC, "altsvc-cache.txt"); + curl_easy_perform(curl); + } +} +~~~ + +# FILE FORMAT + +A text based file with one line per alt-svc entry and each line consists of +nine space-separated fields. + +An example line could look like + + h2 www.example.com 8443 h3 second.example.com 443 "20190808 06:18:37" 1 0 + +The fields of that line are: + +## h2 + +ALPN id for the source origin + +## www.example.comp + +Hostname for the source origin + +## 8443 + +Port number for the source origin + +## h3 + +ALPN id for the destination host + +## second.example.com + +Hostname for the destination host + +## 443 + +Port number for the destination host + +## 2019* + +Expiration date and time of this entry within double quotes. The date format +is "YYYYMMDD HH:MM:SS" and the time zone is GMT. + +## 1 + +Boolean (1 or 0) if "persist" was set for this entry + +## 0 + +Integer priority value (not currently used) + +# AVAILABILITY + +Added in 7.64.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.md b/docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.md new file mode 100644 index 000000000..538fc801a --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.md @@ -0,0 +1,97 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_ALTSVC_CTRL +Section: 3 +Source: libcurl +See-also: + - CURLOPT_ALTSVC (3) + - CURLOPT_CONNECT_TO (3) + - CURLOPT_RESOLVE (3) +--- + +# NAME + +CURLOPT_ALTSVC_CTRL - control alt-svc behavior + +# SYNOPSIS + +~~~c +#include + +#define CURLALTSVC_READONLYFILE (1<<2) +#define CURLALTSVC_H1 (1<<3) +#define CURLALTSVC_H2 (1<<4) +#define CURLALTSVC_H3 (1<<5) + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ALTSVC_CTRL, long bitmask); +~~~ + +# DESCRIPTION + +Populate the long *bitmask* with the correct set of features to instruct +libcurl how to handle Alt-Svc for the transfers using this handle. + +libcurl only accepts Alt-Svc headers over a secure transport, meaning +HTTPS. It also only completes a request to an alternative origin if that +origin is properly hosted over HTTPS. These requirements are there to make +sure both the source and the destination are legitimate. + +Alternative services are only used when setting up new connections. If there +exists an existing connection to the host in the connection pool, then that is +preferred. + +Setting any bit enables the alt-svc engine. + +## CURLALTSVC_READONLYFILE + +Do not write the alt-svc cache back to the file specified with +CURLOPT_ALTSVC(3) even if it gets updated. By default a file specified +with that option is read and written to as deemed necessary. + +## CURLALTSVC_H1 + +Accept alternative services offered over HTTP/1.1. + +## CURLALTSVC_H2 + +Accept alternative services offered over HTTP/2. This is only used if libcurl +was also built to actually support HTTP/2, otherwise this bit is ignored. + +## CURLALTSVC_H3 + +Accept alternative services offered over HTTP/3. This is only used if libcurl +was also built to actually support HTTP/3, otherwise this bit is ignored. + +# DEFAULT + +Alt-Svc handling is disabled by default. If CURLOPT_ALTSVC(3) is set, +CURLOPT_ALTSVC_CTRL(3) has a default value corresponding to +CURLALTSVC_H1 | CURLALTSVC_H2 | CURLALTSVC_H3 - the HTTP/2 and HTTP/3 bits are +only set if libcurl was built with support for those versions. + +# PROTOCOLS + +HTTPS + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_ALTSVC_CTRL, (long)CURLALTSVC_H1); + curl_easy_setopt(curl, CURLOPT_ALTSVC, "altsvc-cache.txt"); + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.64.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_APPEND.md b/docs/libcurl/opts/CURLOPT_APPEND.md new file mode 100644 index 000000000..d507c3812 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_APPEND.md @@ -0,0 +1,61 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_APPEND +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DIRLISTONLY (3) + - CURLOPT_RESUME_FROM (3) + - CURLOPT_UPLOAD (3) +--- + +# NAME + +CURLOPT_APPEND - append to the remote file + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_APPEND, long append); +~~~ + +# DESCRIPTION + +A long parameter set to 1 tells the library to append to the remote file +instead of overwrite it. This is only useful when uploading to an FTP site. + +# DEFAULT + +0 (disabled) + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/dir/to/newfile"); + curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); + curl_easy_setopt(curl, CURLOPT_APPEND, 1L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +This option was known as CURLOPT_FTPAPPEND up to 7.16.4 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_AUTOREFERER.md b/docs/libcurl/opts/CURLOPT_AUTOREFERER.md new file mode 100644 index 000000000..d201a71ad --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_AUTOREFERER.md @@ -0,0 +1,77 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_AUTOREFERER +Section: 3 +Source: libcurl +See-also: + - CURLINFO_EFFECTIVE_URL (3) + - CURLINFO_REDIRECT_URL (3) + - CURLINFO_REFERER (3) + - CURLOPT_FOLLOWLOCATION (3) + - CURLOPT_REFERER (3) +--- + +# NAME + +CURLOPT_AUTOREFERER - automatically update the referer header + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_AUTOREFERER, long autorefer); +~~~ + +# DESCRIPTION + +Pass a long parameter set to 1 to enable this. When enabled, libcurl +automatically sets the Referer: header field in HTTP requests to the full URL +when it follows a Location: redirect to a new destination. + +The automatic referer is set to the full previous URL even when redirects are +done cross-origin or following redirects to insecure protocols. This is +considered a minor privacy leak by some. + +With CURLINFO_REFERER(3), applications can extract the actually used +referer header after the transfer. + +# DEFAULT + +0, disabled + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + + /* follow redirects */ + curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); + + /* set Referer: automatically when following redirects */ + curl_easy_setopt(curl, CURLOPT_AUTOREFERER, 1L); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Along with HTTP + +# RETURN VALUE + +Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_AWS_SIGV4.md b/docs/libcurl/opts/CURLOPT_AWS_SIGV4.md new file mode 100644 index 000000000..e19741aa6 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_AWS_SIGV4.md @@ -0,0 +1,118 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_AWS_SIGV4 +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HEADEROPT (3) + - CURLOPT_HTTPAUTH (3) + - CURLOPT_HTTPHEADER (3) + - CURLOPT_PROXYAUTH (3) +--- + +# NAME + +CURLOPT_AWS_SIGV4 - V4 signature + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_AWS_SIGV4, char *param); +~~~ + +# DESCRIPTION + +Provides AWS V4 signature authentication on HTTP(S) header. + +Pass a char pointer that is the collection of specific arguments are used for +creating outgoing authentication headers. The format of the *param* option +is: + +## provider1[:provider2[:region[:service]]] + +## provider1, provider2 + +The providers arguments are used for generating some authentication parameters +such as "Algorithm", "date", "request type" and "signed headers". + +## region + +The argument is a geographic area of a resources collection. +It is extracted from the hostname specified in the URL if omitted. + +## service + +The argument is a function provided by a cloud. It is extracted from the +hostname specified in the URL if omitted. + +NOTE: This call set CURLOPT_HTTPAUTH(3) to CURLAUTH_AWS_SIGV4. +Calling CURLOPT_HTTPAUTH(3) with CURLAUTH_AWS_SIGV4 is the same +as calling this with **"aws:amz"** in parameter. + +Example with "Test:Try", when curl uses the algorithm, it generates +**"TEST-HMAC-SHA256"** for "Algorithm", **"x-try-date"** and +**"X-Try-Date"** for "date", **"test4_request"** for "request type", +**"SignedHeaders=content-type;host;x-try-date"** for "signed headers" + +If you use just "test", instead of "test:try", test is used for every +generated string. + +# DEFAULT + +By default, the value of this parameter is NULL. +Calling CURLOPT_HTTPAUTH(3) with CURLAUTH_AWS_SIGV4 is the same +as calling this with **"aws:amz"** in parameter. + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, + "https://service.region.example.com/uri"); + curl_easy_setopt(curl, CURLOPT_AWS_SIGV4, "provider1:provider2"); + + /* service and region can also be set in CURLOPT_AWS_SIGV4 */ + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/uri"); + curl_easy_setopt(curl, CURLOPT_AWS_SIGV4, + "provider1:provider2:region:service"); + + curl_easy_setopt(curl, CURLOPT_USERPWD, "MY_ACCESS_KEY:MY_SECRET_KEY"); + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.75.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. + +# NOTES + +This option overrides the other auth types you might have set in +CURLOPT_HTTPAUTH(3) which should be highlighted as this makes this auth +method special. This method cannot be combined with other auth types. + +A sha256 checksum of the request payload is used as input to the signature +calculation. For POST requests, this is a checksum of the provided +CURLOPT_POSTFIELDS(3). Otherwise, it is the checksum of an empty buffer. For +requests like PUT, you can provide your own checksum in an HTTP header named +**x-provider2-content-sha256**. + +For **aws:s3**, a **x-amz-content-sha256** header is added to every request +if not already present. For s3 requests with unknown payload, this header takes +the special value "UNSIGNED-PAYLOAD". diff --git a/docs/libcurl/opts/CURLOPT_BUFFERSIZE.md b/docs/libcurl/opts/CURLOPT_BUFFERSIZE.md new file mode 100644 index 000000000..1faebeef5 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_BUFFERSIZE.md @@ -0,0 +1,79 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_BUFFERSIZE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_MAXFILESIZE (3) + - CURLOPT_MAX_RECV_SPEED_LARGE (3) + - CURLOPT_UPLOAD_BUFFERSIZE (3) + - CURLOPT_WRITEFUNCTION (3) +--- + +# NAME + +CURLOPT_BUFFERSIZE - receive buffer size + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_BUFFERSIZE, long size); +~~~ + +# DESCRIPTION + +Pass a long specifying your preferred *size* (in bytes) for the receive buffer +in libcurl. The main point of this would be that the write callback gets +called more often and with smaller chunks. Secondly, for some protocols, there +is a benefit of having a larger buffer for performance. + +This is just treated as a request, not an order. You cannot be guaranteed to +actually get the given size. + +This buffer size is by default *CURL_MAX_WRITE_SIZE* (16kB). The maximum +buffer size allowed to be set is *CURL_MAX_READ_SIZE* (10MB). The minimum +buffer size allowed to be set is 1024. + +DO NOT set this option on a handle that is currently used for an active +transfer as that may lead to unintended consequences. + +The maximum size was 512kB until 7.88.0. + +# DEFAULT + +CURL_MAX_WRITE_SIZE (16kB) + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com/foo.bin"); + + /* ask libcurl to allocate a larger receive buffer */ + curl_easy_setopt(curl, CURLOPT_BUFFERSIZE, 120000L); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.10. Growing the buffer was added in 7.53.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_CAINFO.md b/docs/libcurl/opts/CURLOPT_CAINFO.md new file mode 100644 index 000000000..c46073ff8 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CAINFO.md @@ -0,0 +1,87 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CAINFO +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CAINFO (3) + - CURLOPT_CAINFO_BLOB (3) + - CURLOPT_CAPATH (3) + - CURLOPT_CA_CACHE_TIMEOUT (3) + - CURLOPT_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_CAINFO - path to Certificate Authority (CA) bundle + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CAINFO, char *path); +~~~ + +# DESCRIPTION + +Pass a char pointer to a null-terminated string naming a file holding one or +more certificates to verify the peer with. + +If CURLOPT_SSL_VERIFYPEER(3) is zero and you avoid verifying the +server's certificate, CURLOPT_CAINFO(3) need not even indicate an +accessible file. + +This option is by default set to the system path where libcurl's CA +certificate bundle is assumed to be stored, as established at build time. + +(iOS and macOS) When curl uses Secure Transport this option is supported. If +the option is not set, then curl uses the certificates in the system and user +Keychain to verify the peer. + +(Schannel) This option is supported for Schannel in Windows 7 or later but we +recommend not using it until Windows 8 since it works better starting then. +If the option is not set, then curl uses the certificates in the Windows' +store of root certificates (the default for Schannel). + +The application does not have to keep the string around after setting this +option. + +The default value for this can be figured out with CURLINFO_CAINFO(3). + +# DEFAULT + +Built-in system specific. When curl is built with Secure Transport or +Schannel, this option is not set by default. + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_CAINFO, "/etc/certs/cabundle.pem"); + curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +For the SSL engines that do not support certificate files the +CURLOPT_CAINFO(3) option is ignored. Schannel support added in libcurl +7.60. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_CAINFO_BLOB.md b/docs/libcurl/opts/CURLOPT_CAINFO_BLOB.md new file mode 100644 index 000000000..be30446ff --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CAINFO_BLOB.md @@ -0,0 +1,84 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CAINFO_BLOB +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CAINFO (3) + - CURLOPT_CAPATH (3) + - CURLOPT_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_CAINFO_BLOB - Certificate Authority (CA) bundle in PEM format + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CAINFO_BLOB, + struct curl_blob *stblob); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_blob structure, which contains information (pointer +and size) about a memory block with binary data of PEM encoded content holding +one or more certificates to verify the HTTPS server with. + +If the blob is initialized with the flags member of struct curl_blob set to +CURL_BLOB_COPY, the application does not have to keep the buffer around after +setting this. + +If CURLOPT_SSL_VERIFYPEER(3) is zero and you avoid verifying the +server's certificate, CURLOPT_CAINFO_BLOB(3) is not needed. + +This option overrides CURLOPT_CAINFO(3). + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +#include + +int main(void) +{ + char *strpem; /* strpem must point to a PEM string */ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + struct curl_blob blob; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + blob.data = strpem; + blob.len = strlen(strpem); + blob.flags = CURL_BLOB_COPY; + curl_easy_setopt(curl, CURLOPT_CAINFO_BLOB, &blob); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.77.0. + +This option is supported by the BearSSL (since 7.79.0), mbedTLS (since +7.81.0), rustls (since 7.82.0), wolfSSL (since 8.2.0), OpenSSL, Secure +Transport and Schannel backends. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_CAPATH.md b/docs/libcurl/opts/CURLOPT_CAPATH.md new file mode 100644 index 000000000..ff1362f52 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CAPATH.md @@ -0,0 +1,79 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CAPATH +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CAPATH (3) + - CURLOPT_CAINFO (3) + - CURLOPT_DEBUGFUNCTION (3) + - CURLOPT_STDERR (3) +--- + +# NAME + +CURLOPT_CAPATH - directory holding CA certificates + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CAPATH, char *capath); +~~~ + +# DESCRIPTION + +Pass a char pointer to a null-terminated string naming a directory holding +multiple CA certificates to verify the peer with. If libcurl is built against +OpenSSL, the certificate directory must be prepared using the OpenSSL c_rehash +utility. This makes sense only when used in combination with the +CURLOPT_SSL_VERIFYPEER(3) option. + +The CURLOPT_CAPATH(3) function apparently does not work in Windows due +to some limitation in OpenSSL. + +The application does not have to keep the string around after setting this +option. + +The default value for this can be figured out with CURLINFO_CAPATH(3). + +# DEFAULT + +A default path detected at build time. + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_CAPATH, "/etc/cert-dir"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +This option is supported by the OpenSSL, GnuTLS and mbedTLS (since 7.56.0) +backends. + +# RETURN VALUE + +CURLE_OK if supported; or an error such as: + +CURLE_NOT_BUILT_IN - Not supported by the SSL backend + +CURLE_UNKNOWN_OPTION + +CURLE_OUT_OF_MEMORY diff --git a/docs/libcurl/opts/CURLOPT_CA_CACHE_TIMEOUT.md b/docs/libcurl/opts/CURLOPT_CA_CACHE_TIMEOUT.md new file mode 100644 index 000000000..ef52f976d --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CA_CACHE_TIMEOUT.md @@ -0,0 +1,82 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CA_CACHE_TIMEOUT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CAINFO (3) + - CURLOPT_CAINFO_BLOB (3) + - CURLOPT_CAPATH (3) + - CURLOPT_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_CA_CACHE_TIMEOUT - life-time for cached certificate stores + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CA_CACHE_TIMEOUT, long age); +~~~ + +# DESCRIPTION + +Pass a long, this sets the timeout in seconds. This tells libcurl the maximum +time any cached certificate store it has in memory may be kept and reused for +new connections. Once the timeout has expired, a subsequent fetch requiring a +certificate has to reload it. + +Building a certificate store from a CURLOPT_CAINFO(3) file is a slow +operation so curl may cache the generated certificate store internally to speed +up future connections. + +Set to zero to completely disable caching, or set to -1 to retain the cached +store remain forever. By default, libcurl caches this info for 24 hours. + +# DEFAULT + +86400 (24 hours) + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + + /* only reuse certificate stores for a short time */ + curl_easy_setopt(curl, CURLOPT_CA_CACHE_TIMEOUT, 60L); + + res = curl_easy_perform(curl); + + /* in this second request, the cache is not used if more than + sixty seconds passed since the previous connection */ + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +This option was added in curl 7.87.0. + +This option is supported by OpenSSL and its forks (since 7.87.0) and Schannel +(since 8.5.0). + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_CERTINFO.md b/docs/libcurl/opts/CURLOPT_CERTINFO.md new file mode 100644 index 000000000..a69e1e950 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CERTINFO.md @@ -0,0 +1,90 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CERTINFO +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CAINFO (3) + - CURLINFO_CAPATH (3) + - CURLINFO_CERTINFO (3) + - CURLOPT_CAINFO (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_CERTINFO - request SSL certificate information + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CERTINFO, long certinfo); +~~~ + +# DESCRIPTION + +Pass a long set to 1 to enable libcurl's certificate chain info gatherer. With +this enabled, libcurl extracts lots of information and data about the +certificates in the certificate chain used in the SSL connection. This data +may then be retrieved after a transfer using curl_easy_getinfo(3) and +its option CURLINFO_CERTINFO(3). + +# DEFAULT + +0 + +# PROTOCOLS + +All TLS-based + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://www.example.com/"); + + /* connect to any HTTPS site, trusted or not */ + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); + + curl_easy_setopt(curl, CURLOPT_CERTINFO, 1L); + + res = curl_easy_perform(curl); + + if(!res) { + struct curl_certinfo *ci; + res = curl_easy_getinfo(curl, CURLINFO_CERTINFO, &ci); + + if(!res) { + int i; + printf("%d certs!\n", ci->num_of_certs); + + for(i = 0; i < ci->num_of_certs; i++) { + struct curl_slist *slist; + + for(slist = ci->certinfo[i]; slist; slist = slist->next) + printf("%s\n", slist->data); + } + } + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +This option is supported by the OpenSSL, GnuTLS, Schannel and Secure +Transport backends. Schannel support added in 7.50.0. Secure Transport support +added in 7.79.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.md similarity index 51% rename from docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.3 rename to docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.md index 4b04c6509..a208c9bbe 100644 --- a/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.3 +++ b/docs/libcurl/opts/CURLOPT_CHUNK_BGN_FUNCTION.md @@ -1,33 +1,21 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.\" -.TH CURLOPT_CHUNK_BGN_FUNCTION 3 "September 26, 2023" "ibcurl 8.4.0" libcurl - -.SH NAME -CURLOPT_CHUNK_BGN_FUNCTION \- callback before a transfer with FTP wildcard match -.SH SYNOPSIS -.nf +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CHUNK_BGN_FUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CHUNK_END_FUNCTION (3) + - CURLOPT_WILDCARDMATCH (3) +--- + +# NAME + +CURLOPT_CHUNK_BGN_FUNCTION - callback before a transfer with FTP wildcard match + +# SYNOPSIS + +~~~c #include struct curl_fileinfo { @@ -62,58 +50,74 @@ long chunk_bgn_callback(const void *transfer_info, void *ptr, CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CHUNK_BGN_FUNCTION, chunk_bgn_callback); -.SH DESCRIPTION +~~~ + +# DESCRIPTION + Pass a pointer to your callback function, which should match the prototype shown above. This callback function gets called by libcurl before a part of the stream is going to be transferred (if the transfer supports chunks). -The \fItransfer_info\fP pointer points to a \fBcurl_fileinfo\fP struct with +The *transfer_info* pointer points to a **curl_fileinfo** struct with details about the file that is about to get transferred. -This callback makes sense only when using the \fICURLOPT_WILDCARDMATCH(3)\fP +This callback makes sense only when using the CURLOPT_WILDCARDMATCH(3) option for now. The target of transfer_info parameter is a "feature depended" structure. For -the FTP wildcard download, the target is \fBcurl_fileinfo\fP structure (see -\fIcurl/curl.h\fP). The parameter \fIptr\fP is a pointer given by -\fICURLOPT_CHUNK_DATA(3)\fP. The parameter remains contains number of chunks +the FTP wildcard download, the target is **curl_fileinfo** structure (see +*curl/curl.h*). The parameter *ptr* is a pointer given by +CURLOPT_CHUNK_DATA(3). The parameter remains contains number of chunks remaining per the transfer. If the feature is not available, the parameter has zero value. -Return \fICURL_CHUNK_BGN_FUNC_OK\fP if everything is fine, -\fICURL_CHUNK_BGN_FUNC_SKIP\fP if you want to skip the concrete chunk or -\fICURL_CHUNK_BGN_FUNC_FAIL\fP to tell libcurl to stop if some error occurred. -.SH DEFAULT +Return *CURL_CHUNK_BGN_FUNC_OK* if everything is fine, +*CURL_CHUNK_BGN_FUNC_SKIP* if you want to skip the concrete chunk or +*CURL_CHUNK_BGN_FUNC_FAIL* to tell libcurl to stop if some error occurred. + +# DEFAULT + NULL -.SH PROTOCOLS + +# PROTOCOLS + FTP -.SH EXAMPLE -.nf + +# EXAMPLE + +~~~c +#include + +struct callback_data { + FILE *output; +}; + static long file_is_coming(struct curl_fileinfo *finfo, - struct callback_data *data, + void *ptr, int remains) { + struct callback_data *data = ptr; printf("%3d %40s %10luB ", remains, finfo->filename, (unsigned long)finfo->size); switch(finfo->filetype) { case CURLFILETYPE_DIRECTORY: - printf(" DIR\\n"); + printf(" DIR\n"); break; case CURLFILETYPE_FILE: printf("FILE "); break; default: - printf("OTHER\\n"); + printf("OTHER\n"); break; } if(finfo->filetype == CURLFILETYPE_FILE) { /* do not transfer files >= 50B */ if(finfo->size > 50) { - printf("SKIPPED\\n"); + printf("SKIPPED\n"); return CURL_CHUNK_BGN_FUNC_SKIP; } @@ -131,15 +135,18 @@ int main() /* data for callback */ struct callback_data callback_info; + CURL *curl = curl_easy_init(); + /* callback is called before download of concrete file started */ curl_easy_setopt(curl, CURLOPT_CHUNK_BGN_FUNCTION, file_is_coming); curl_easy_setopt(curl, CURLOPT_CHUNK_DATA, &callback_info); } -.fi -.SH AVAILABILITY +~~~ + +# AVAILABILITY + This was added in 7.21.0 -.SH RETURN VALUE + +# RETURN VALUE + Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. -.SH "SEE ALSO" -.BR CURLOPT_CHUNK_END_FUNCTION (3), -.BR CURLOPT_WILDCARDMATCH (3) diff --git a/docs/libcurl/opts/CURLOPT_CHUNK_DATA.md b/docs/libcurl/opts/CURLOPT_CHUNK_DATA.md new file mode 100644 index 000000000..3640ec8df --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CHUNK_DATA.md @@ -0,0 +1,102 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CHUNK_DATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CHUNK_BGN_FUNCTION (3) + - CURLOPT_WILDCARDMATCH (3) +--- + +# NAME + +CURLOPT_CHUNK_DATA - pointer passed to the FTP chunk callbacks + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CHUNK_DATA, void *pointer); +~~~ + +# DESCRIPTION + +Pass a *pointer* that is untouched by libcurl and passed as the ptr +argument to the CURLOPT_CHUNK_BGN_FUNCTION(3) and +CURLOPT_CHUNK_END_FUNCTION(3). + +# DEFAULT + +NULL + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +#include + +struct callback_data { + FILE *output; +}; + +static long file_is_coming(struct curl_fileinfo *finfo, + void *ptr, + int remains) +{ + struct callback_data *data = ptr; + printf("%3d %40s %10luB ", remains, finfo->filename, + (unsigned long)finfo->size); + + switch(finfo->filetype) { + case CURLFILETYPE_DIRECTORY: + printf(" DIR\n"); + break; + case CURLFILETYPE_FILE: + printf("FILE "); + break; + default: + printf("OTHER\n"); + break; + } + + if(finfo->filetype == CURLFILETYPE_FILE) { + /* do not transfer files >= 50B */ + if(finfo->size > 50) { + printf("SKIPPED\n"); + return CURL_CHUNK_BGN_FUNC_SKIP; + } + + data->output = fopen(finfo->filename, "wb"); + if(!data->output) { + return CURL_CHUNK_BGN_FUNC_FAIL; + } + } + + return CURL_CHUNK_BGN_FUNC_OK; +} + +int main() +{ + /* data for callback */ + struct callback_data callback_info; + + CURL *curl = curl_easy_init(); + + /* callback is called before download of concrete file started */ + curl_easy_setopt(curl, CURLOPT_CHUNK_BGN_FUNCTION, file_is_coming); + curl_easy_setopt(curl, CURLOPT_CHUNK_DATA, &callback_info); +} +~~~ + +# AVAILABILITY + +Added in 7.21.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.md b/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.md new file mode 100644 index 000000000..2d67afe20 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CHUNK_END_FUNCTION.md @@ -0,0 +1,82 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CHUNK_END_FUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CHUNK_BGN_FUNCTION (3) + - CURLOPT_WILDCARDMATCH (3) +--- + +# NAME + +CURLOPT_CHUNK_END_FUNCTION - callback after a transfer with FTP wildcard match + +# SYNOPSIS + +~~~c +#include + +long chunk_end_callback(void *ptr); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CHUNK_END_FUNCTION, + chunk_end_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +This function gets called by libcurl as soon as a part of the stream has been +transferred (or skipped). + +Return *CURL_CHUNK_END_FUNC_OK* if everything is fine or +**CURL_CHUNK_END_FUNC_FAIL** to tell the lib to stop if some error occurred. + +# DEFAULT + +NULL + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +#include + +struct callback_data { + FILE *output; +}; + +static long file_is_downloaded(struct callback_data *data) +{ + if(data->output) { + fclose(data->output); + data->output = 0x0; + } + return CURL_CHUNK_END_FUNC_OK; +} + +int main() +{ + /* data for callback */ + struct callback_data callback_info; + + CURL *curl = curl_easy_init(); + + curl_easy_setopt(curl, CURLOPT_CHUNK_END_FUNCTION, file_is_downloaded); + curl_easy_setopt(curl, CURLOPT_CHUNK_DATA, &callback_info); +} +~~~ + +# AVAILABILITY + +Added in 7.21.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_CLOSESOCKETDATA.md b/docs/libcurl/opts/CURLOPT_CLOSESOCKETDATA.md new file mode 100644 index 000000000..2dd74777b --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CLOSESOCKETDATA.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CLOSESOCKETDATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CLOSESOCKETFUNCTION (3) + - CURLOPT_OPENSOCKETFUNCTION (3) +--- + +# NAME + +CURLOPT_CLOSESOCKETDATA - pointer passed to the socket close callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CLOSESOCKETDATA, + void *pointer); +~~~ + +# DESCRIPTION + +Pass a *pointer* that remains untouched by libcurl and passed as the first +argument in the closesocket callback set with +CURLOPT_CLOSESOCKETFUNCTION(3). + +# DEFAULT + +The default value of this parameter is NULL. + +# PROTOCOLS + +All except file: + +# EXAMPLE + +~~~c +struct priv { + void *custom; +}; + +static int closesocket(void *clientp, curl_socket_t item) +{ + struct priv *my = clientp; + printf("our ptr: %p\n", my->custom); + + printf("libcurl wants to close %d now\n", (int)item); + return 0; +} + +int main(void) +{ + struct priv myown; + CURL *curl = curl_easy_init(); + + /* call this function to close sockets */ + curl_easy_setopt(curl, CURLOPT_CLOSESOCKETFUNCTION, closesocket); + curl_easy_setopt(curl, CURLOPT_CLOSESOCKETDATA, &myown); + + curl_easy_perform(curl); + curl_easy_cleanup(curl); +} +~~~ + +# AVAILABILITY + +Added in 7.21.7 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_CLOSESOCKETFUNCTION.md b/docs/libcurl/opts/CURLOPT_CLOSESOCKETFUNCTION.md new file mode 100644 index 000000000..e93e28c1e --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CLOSESOCKETFUNCTION.md @@ -0,0 +1,86 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CLOSESOCKETFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CLOSESOCKETDATA (3) + - CURLOPT_OPENSOCKETFUNCTION (3) +--- + +# NAME + +CURLOPT_CLOSESOCKETFUNCTION - callback to socket close replacement + +# SYNOPSIS + +~~~c +#include + +int closesocket_callback(void *clientp, curl_socket_t item); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CLOSESOCKETFUNCTION, + closesocket_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +This callback function gets called by libcurl instead of the *close(3)* or +*closesocket(3)* call when sockets are closed (not for any other file +descriptors). This is pretty much the reverse to the +CURLOPT_OPENSOCKETFUNCTION(3) option. Return 0 to signal success and 1 +if there was an error. + +The *clientp* pointer is set with +CURLOPT_CLOSESOCKETDATA(3). *item* is the socket libcurl wants to be +closed. + +# DEFAULT + +By default libcurl uses the standard socket close function. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +struct priv { + void *custom; +}; + +static int closesocket(void *clientp, curl_socket_t item) +{ + struct priv *my = clientp; + printf("our ptr: %p\n", my->custom); + + printf("libcurl wants to close %d now\n", (int)item); + return 0; +} + +int main(void) +{ + struct priv myown; + CURL *curl = curl_easy_init(); + + /* call this function to close sockets */ + curl_easy_setopt(curl, CURLOPT_CLOSESOCKETFUNCTION, closesocket); + curl_easy_setopt(curl, CURLOPT_CLOSESOCKETDATA, &myown); + + curl_easy_perform(curl); + curl_easy_cleanup(curl); +} +~~~ + +# AVAILABILITY + +Added in 7.21.7 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.md b/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.md new file mode 100644 index 000000000..07513fdee --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT.md @@ -0,0 +1,89 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CONNECTTIMEOUT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CONNECTTIMEOUT_MS (3) + - CURLOPT_LOW_SPEED_LIMIT (3) + - CURLOPT_MAX_RECV_SPEED_LARGE (3) + - CURLOPT_TIMEOUT (3) +--- + +# NAME + +CURLOPT_CONNECTTIMEOUT - timeout for the connect phase + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CONNECTTIMEOUT, long timeout); +~~~ + +# DESCRIPTION + +Pass a long. It should contain the maximum time in seconds that you allow the +connection phase to the server to take. This timeout only limits the +connection phase, it has no impact once it has connected. Set to zero to +switch to the default built-in connection timeout - 300 seconds. See also the +CURLOPT_TIMEOUT(3) option. + +CURLOPT_CONNECTTIMEOUT_MS(3) is the same function but set in milliseconds. + +If both CURLOPT_CONNECTTIMEOUT(3) and CURLOPT_CONNECTTIMEOUT_MS(3) +are set, the value set last is used. + +The "connection phase" is considered complete when the requested TCP, TLS or +QUIC handshakes are done. + +The connection timeout set with CURLOPT_CONNECTTIMEOUT(3) is included in +the general all-covering CURLOPT_TIMEOUT(3). + +With CURLOPT_CONNECTTIMEOUT(3) set to 3 and CURLOPT_TIMEOUT(3) set +to 5, the operation can never last longer than 5 seconds, and the connection +phase cannot last longer than 3 seconds. + +With CURLOPT_CONNECTTIMEOUT(3) set to 4 and CURLOPT_TIMEOUT(3) set +to 2, the operation can never last longer than 2 seconds. Including the +connection phase. + +This option may cause libcurl to use the SIGALRM signal to timeout system +calls on builds not using asynch DNS. In unix-like systems, this might cause +signals to be used unless CURLOPT_NOSIGNAL(3) is set. + +# DEFAULT + +300 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* complete connection within 10 seconds */ + curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 10L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK. Returns CURLE_BAD_FUNCTION_ARGUMENT if set to a negative +value or a value that when converted to milliseconds is too large. diff --git a/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.md b/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.md new file mode 100644 index 000000000..b8508e7de --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CONNECTTIMEOUT_MS.md @@ -0,0 +1,64 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CONNECTTIMEOUT_MS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CONNECTTIMEOUT (3) + - CURLOPT_LOW_SPEED_LIMIT (3) + - CURLOPT_TIMEOUT (3) +--- + +# NAME + +CURLOPT_CONNECTTIMEOUT_MS - timeout for the connect phase + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CONNECTTIMEOUT_MS, + long timeout); +~~~ + +# DESCRIPTION + +Pass a long. It should contain the maximum time in milliseconds that you allow +the connection phase to the server to take. + +See CURLOPT_CONNECTTIMEOUT(3) for details. + +# DEFAULT + +300000 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* complete connection within 10000 milliseconds */ + curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT_MS, 10000L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_CONNECT_ONLY.md b/docs/libcurl/opts/CURLOPT_CONNECT_ONLY.md new file mode 100644 index 000000000..3312936af --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CONNECT_ONLY.md @@ -0,0 +1,83 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CONNECT_ONLY +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPPROXYTUNNEL (3) + - CURLOPT_VERBOSE (3) + - curl_easy_recv (3) + - curl_easy_send (3) +--- + +# NAME + +CURLOPT_CONNECT_ONLY - stop when connected to target server + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CONNECT_ONLY, long only); +~~~ + +# DESCRIPTION + +Pass a long. If the parameter equals 1, it tells the library to perform all +the required proxy authentication and connection setup, but no data transfer, +and then return. + +The option can be used to simply test a connection to a server, but is more +useful when used with the CURLINFO_ACTIVESOCKET(3) option to +curl_easy_getinfo(3) as the library can set up the connection and then +the application can obtain the most recently used socket for special data +transfers. + +Since 7.86.0, this option can be set to '2' and if HTTP or WebSocket are used, +libcurl performs the request and reads all response headers before handing +over control to the application. + +Transfers marked connect only do not reuse any existing connections and +connections marked connect only are not allowed to get reused. + +If the connect only transfer is done using the multi interface, the particular +easy handle must remain added to the multi handle for as long as the +application wants to use it. Once it has been removed with +curl_multi_remove_handle(3), curl_easy_send(3) and +curl_easy_recv(3) do not function. + +# DEFAULT + +0 + +# PROTOCOLS + +HTTP, SMTP, POP3 and IMAP. For WS and WSS starting in 7.86.0. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L); + ret = curl_easy_perform(curl); + if(ret == CURLE_OK) { + /* only connected! */ + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.15.2 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_CONNECT_TO.md b/docs/libcurl/opts/CURLOPT_CONNECT_TO.md new file mode 100644 index 000000000..8aea3ffa9 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CONNECT_TO.md @@ -0,0 +1,114 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CONNECT_TO +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FOLLOWLOCATION (3) + - CURLOPT_HTTPPROXYTUNNEL (3) + - CURLOPT_RESOLVE (3) + - CURLOPT_URL (3) +--- + +# NAME + +CURLOPT_CONNECT_TO - connect to another host and port instead + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CONNECT_TO, + struct curl_slist *connect_to); +~~~ + +# DESCRIPTION + +Pass a pointer to a linked list of strings with "connect to" information to +use for establishing network connections with this handle. The linked list +should be a fully valid list of **struct curl_slist** structs properly filled +in. Use curl_slist_append(3) to create the list and curl_slist_free_all(3) to +clean up an entire list. + +Each single string should be written using the format +HOST:PORT:CONNECT-TO-HOST:CONNECT-TO-PORT where HOST is the host of the +request, PORT is the port of the request, CONNECT-TO-HOST is the hostname to +connect to, and CONNECT-TO-PORT is the port to connect to. + +The first string that matches the request's host and port is used. + +Dotted numerical IP addresses are supported for HOST and CONNECT-TO-HOST. +A numerical IPv6 address must be written within [brackets]. + +Any of the four values may be empty. When the HOST or PORT is empty, the host +or port always match (the request's host or port is ignored). When +CONNECT-TO-HOST or CONNECT-TO-PORT is empty, the "connect to" feature is +disabled for the host or port, and the request's host or port are used to +establish the network connection. + +This option is suitable to direct the request at a specific server, e.g. at a +specific cluster node in a cluster of servers. + +The "connect to" host and port are only used to establish the network +connection. They do NOT affect the host and port that are used for TLS/SSL +(e.g. SNI, certificate verification) or for the application protocols. + +In contrast to CURLOPT_RESOLVE(3), the option CURLOPT_CONNECT_TO(3) does not +pre-populate the DNS cache and therefore it does not affect future transfers +of other easy handles that have been added to the same multi handle. + +The "connect to" host and port are ignored if they are equal to the host and +the port in the request URL, because connecting to the host and the port in +the request URL is the default behavior. + +If an HTTP proxy is used for a request having a special "connect to" host or +port, and the "connect to" host or port differs from the request's host and +port, the HTTP proxy is automatically switched to tunnel mode for this +specific request. This is necessary because it is not possible to connect to a +specific host or port in normal (non-tunnel) mode. + +When this option is passed to curl_easy_setopt(3), libcurl does not copy the +list so you **must** keep it around until you no longer use this *handle* for +a transfer before you call curl_slist_free_all(3) on the list. + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl; + struct curl_slist *connect_to = NULL; + connect_to = curl_slist_append(NULL, "example.com::server1.example.com:"); + + curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_CONNECT_TO, connect_to); + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + curl_easy_perform(curl); + + /* always cleanup */ + curl_easy_cleanup(curl); + } + + curl_slist_free_all(connect_to); +} +~~~ + +# AVAILABILITY + +Added in 7.49.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.md b/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.md new file mode 100644 index 000000000..7460a1e90 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CONV_FROM_NETWORK_FUNCTION.md @@ -0,0 +1,114 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CONV_FROM_NETWORK_FUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CONV_FROM_UTF8_FUNCTION (3) + - CURLOPT_CONV_TO_NETWORK_FUNCTION (3) +--- + +# NAME + +CURLOPT_CONV_FROM_NETWORK_FUNCTION - convert data from network to host encoding + +# SYNOPSIS + +~~~c +#include + +CURLcode conv_callback(char *ptr, size_t length); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CONV_FROM_NETWORK_FUNCTION, + conv_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +Applies to non-ASCII platforms. curl_version_info(3) returns the +**CURL_VERSION_CONV** feature bit set if this option is provided. + +The data to be converted is in a buffer pointed to by the *ptr* parameter. +The amount of data to convert is indicated by the *length* parameter. The +converted data overlays the input data in the buffer pointed to by the ptr +parameter. *CURLE_OK* must be returned upon successful conversion. A +CURLcode return value defined by curl.h, such as *CURLE_CONV_FAILED*, +should be returned if an error was encountered. + +CURLOPT_CONV_FROM_NETWORK_FUNCTION(3) converts to host encoding from the +network encoding. It is used when commands or ASCII data are received over the +network. + +If you set a callback pointer to NULL, or do not set it at all, the built-in +libcurl iconv functions are used. If HAVE_ICONV was not defined when libcurl +was built, and no callback has been established, the conversion returns the +**CURLE_CONV_REQD** error code. + +If **HAVE_ICONV** is defined, **CURL_ICONV_CODESET_OF_HOST** must also be +defined. For example: + +~~~c +#define CURL_ICONV_CODESET_OF_HOST "IBM-1047" +~~~ + +The iconv code in libcurl defaults the network and UTF8 codeset names as +follows: + +~~~ +#define CURL_ICONV_CODESET_OF_NETWORK "ISO8859-1" + +#define CURL_ICONV_CODESET_FOR_UTF8 "UTF-8" +~~~ + +You need to override these definitions if they are different on your system. + +# DEFAULT + +NULL + +# PROTOCOLS + +FTP, SMTP, IMAP, POP3 + +# EXAMPLE + +~~~c +static CURLcode my_conv_from_ascii_to_ebcdic(char *buffer, size_t length) +{ + int rc = 0; + + /* in-place convert 'buffer' from ASCII to EBCDIC */ + + if(rc == 0) { + /* success */ + return CURLE_OK; + } + else { + return CURLE_CONV_FAILED; + } +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + + /* use platform-specific functions for codeset conversions */ + curl_easy_setopt(curl, CURLOPT_CONV_FROM_NETWORK_FUNCTION, + my_conv_from_ascii_to_ebcdic); +} +~~~ + +# AVAILABILITY + +Not available and deprecated since 7.82.0. + +Available only if **CURL_DOES_CONVERSIONS** was defined when libcurl was +built. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.md b/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.md new file mode 100644 index 000000000..1f7d704e9 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CONV_FROM_UTF8_FUNCTION.md @@ -0,0 +1,107 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CONV_FROM_UTF8_FUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CONV_FROM_NETWORK_FUNCTION (3) + - CURLOPT_CONV_TO_NETWORK_FUNCTION (3) +--- + +# NAME + +CURLOPT_CONV_FROM_UTF8_FUNCTION - convert data from UTF8 to host encoding + +# SYNOPSIS + +~~~c +#include + +CURLcode conv_callback(char *ptr, size_t length); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CONV_FROM_UTF8_FUNCTION, + conv_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +Applies to non-ASCII platforms. curl_version_info(3) returns the +CURL_VERSION_CONV feature bit set if this option is provided. + +The data to be converted is in a buffer pointed to by the *ptr* parameter. +The amount of data to convert is indicated by the *length* parameter. The +converted data overlays the input data in the buffer pointed to by the ptr +parameter. *CURLE_OK* must be returned upon successful conversion. A +CURLcode return value defined by curl.h, such as *CURLE_CONV_FAILED*, +should be returned if an error was encountered. + +CURLOPT_CONV_FROM_UTF8_FUNCTION(3) converts to host encoding from UTF8 +encoding. It is required only for SSL processing. + +If you set a callback pointer to NULL, or do not set it at all, the built-in +libcurl iconv functions are used. If HAVE_ICONV was not defined when libcurl +was built, and no callback has been established, the conversion returns the +CURLE_CONV_REQD error code. + +If HAVE_ICONV is defined, CURL_ICONV_CODESET_OF_HOST must also be defined. +For example: +~~~c + #define CURL_ICONV_CODESET_OF_HOST "IBM-1047" +~~~ + +The iconv code in libcurl defaults the network and UTF8 codeset names as +follows: +~~~c +#define CURL_ICONV_CODESET_OF_NETWORK "ISO8859-1" + +#define CURL_ICONV_CODESET_FOR_UTF8 "UTF-8" +~~~ + +You need to override these definitions if they are different on your system. + +# DEFAULT + +NULL + +# PROTOCOLS + +TLS-based protocols. + +# EXAMPLE + +~~~c +static CURLcode my_conv_from_utf8_to_ebcdic(char *buffer, size_t length) +{ + int rc = 0; + /* in-place convert 'buffer' from UTF-8 to EBCDIC */ + if(rc == 0) { + /* success */ + return CURLE_OK; + } + else { + return CURLE_CONV_FAILED; + } +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + curl_easy_setopt(curl, CURLOPT_CONV_FROM_UTF8_FUNCTION, + my_conv_from_utf8_to_ebcdic); +} +~~~ + +# AVAILABILITY + +Not available and deprecated since 7.82.0. + +Available only if **CURL_DOES_CONVERSIONS** was defined when libcurl was +built. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.md b/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.md new file mode 100644 index 000000000..13d9da867 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CONV_TO_NETWORK_FUNCTION.md @@ -0,0 +1,110 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CONV_TO_NETWORK_FUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CONV_FROM_NETWORK_FUNCTION (3) + - CURLOPT_CONV_FROM_UTF8_FUNCTION (3) +--- + +# NAME + +CURLOPT_CONV_TO_NETWORK_FUNCTION - convert data to network from host encoding + +# SYNOPSIS + +~~~c +#include + +CURLcode conv_callback(char *ptr, size_t length); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CONV_TO_NETWORK_FUNCTION, + conv_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +Applies to non-ASCII platforms. curl_version_info(3) returns the +CURL_VERSION_CONV feature bit set if this option is provided. + +The data to be converted is in a buffer pointed to by the *ptr* parameter. +The amount of data to convert is indicated by the *length* parameter. The +converted data overlays the input data in the buffer pointed to by the ptr +parameter. *CURLE_OK* must be returned upon successful conversion. A CURLcode +return value defined by curl.h, such as *CURLE_CONV_FAILED*, should be +returned if an error was encountered. + +CURLOPT_CONV_TO_NETWORK_FUNCTION(3) converts from host encoding to the +network encoding. It is used when commands or ASCII data are sent over the +network. + +If you set a callback pointer to NULL, or do not set it at all, the built-in +libcurl iconv functions are used. If HAVE_ICONV was not defined when libcurl +was built, and no callback has been established, the conversion returns the +CURLE_CONV_REQD error code. + +If HAVE_ICONV is defined, CURL_ICONV_CODESET_OF_HOST must also be defined. +For example: +~~~c +define CURL_ICONV_CODESET_OF_HOST "IBM-1047" +~~~ + +The iconv code in libcurl defaults the network and UTF8 codeset names as +follows: + +~~~c +#define CURL_ICONV_CODESET_OF_NETWORK "ISO8859-1" + +#define CURL_ICONV_CODESET_FOR_UTF8 "UTF-8" +~~~ + +You need to override these definitions if they are different on your system. + +# DEFAULT + +NULL + +# PROTOCOLS + +FTP, SMTP, IMAP, POP3 + +# EXAMPLE + +~~~c +static CURLcode my_conv_from_ebcdic_to_ascii(char *buffer, size_t length) +{ + int rc = 0; + /* in-place convert 'buffer' from EBCDIC to ASCII */ + if(rc == 0) { + /* success */ + return CURLE_OK; + } + else { + return CURLE_CONV_FAILED; + } +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + + curl_easy_setopt(curl, CURLOPT_CONV_TO_NETWORK_FUNCTION, + my_conv_from_ebcdic_to_ascii); +} +~~~ + +# AVAILABILITY + +Not available and deprecated since 7.82.0. + +Available only if **CURL_DOES_CONVERSIONS** was defined when libcurl was +built. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_COOKIE.md b/docs/libcurl/opts/CURLOPT_COOKIE.md new file mode 100644 index 000000000..4e2955d8a --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_COOKIE.md @@ -0,0 +1,97 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_COOKIE +Section: 3 +Source: libcurl +See-also: + - CURLINFO_COOKIELIST (3) + - CURLOPT_COOKIEFILE (3) + - CURLOPT_COOKIEJAR (3) + - CURLOPT_COOKIELIST (3) + - CURLOPT_HTTPHEADER (3) +--- + +# NAME + +CURLOPT_COOKIE - HTTP Cookie header + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_COOKIE, char *cookie); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. It is used to set one +or more cookies in the HTTP request. The format of the string should be +NAME=CONTENTS, where NAME is the cookie name and CONTENTS is what the cookie +should contain. + +To set multiple cookies, set them all using a single option concatenated like +this: "name1=content1; name2=content2;" etc. + +This option sets the cookie header explicitly in the outgoing request(s). If +multiple requests are done due to authentication, followed redirections or +similar, they all get this cookie passed on. + +The cookies set by this option are separate from the internal cookie storage +held by the cookie engine and they are not be modified by it. If you enable +the cookie engine and either you have imported a cookie of the same name +(e.g. 'foo') or the server has set one, it has no effect on the cookies you +set here. A request to the server sends both the 'foo' held by the cookie +engine and the 'foo' held by this option. To set a cookie that is instead held +by the cookie engine and can be modified by the server use +CURLOPT_COOKIELIST(3). + +Using this option multiple times makes the last set string override the +previous ones. + +This option does not enable the cookie engine. Use CURLOPT_COOKIEFILE(3) +or CURLOPT_COOKIEJAR(3) to enable parsing and sending cookies +automatically. + +The application does not have to keep the string around after setting this +option. + +If libcurl is built with PSL (*Public Suffix List*) support, it detects and +discards cookies that are specified for such suffix domains that should not be +allowed to have cookies. If libcurl is *not* built with PSL support, it has no +ability to stop super cookies. PSL support is identified by the +**CURL_VERSION_PSL** feature bit returned by curl_version_info(3). + +# DEFAULT + +NULL, no cookies + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + curl_easy_setopt(curl, CURLOPT_COOKIE, "tool=curl; fun=yes;"); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +If HTTP is enabled + +# RETURN VALUE + +Returns CURLE_OK if HTTP is enabled, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_COOKIEFILE.md b/docs/libcurl/opts/CURLOPT_COOKIEFILE.md new file mode 100644 index 000000000..87dce1b1a --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_COOKIEFILE.md @@ -0,0 +1,103 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_COOKIEFILE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_COOKIE (3) + - CURLOPT_COOKIEJAR (3) + - CURLOPT_COOKIESESSION (3) +--- + +# NAME + +CURLOPT_COOKIEFILE - filename to read cookies from + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_COOKIEFILE, char *filename); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. It should point to +the filename of your file holding cookie data to read. The cookie data can be +in either the old Netscape / Mozilla cookie data format or just regular HTTP +headers (Set-Cookie style) dumped to a file. + +It also enables the cookie engine, making libcurl parse and send cookies on +subsequent requests with this handle. + +By passing the empty string ("") to this option, you enable the cookie engine +without reading any initial cookies. If you tell libcurl the filename is "-" +(just a single minus sign), libcurl instead reads from stdin. + +This option only **reads** cookies. To make libcurl write cookies to file, +see CURLOPT_COOKIEJAR(3). + +If you read cookies from a plain HTTP headers file and it does not specify a +domain in the Set-Cookie line, then the cookie is not sent since the cookie +domain cannot match the target URL's. To address this, set a domain in +Set-Cookie line (doing that includes subdomains) or preferably: use the +Netscape format. + +If you use this option multiple times, you add more files to read cookies +from. + +The application does not have to keep the string around after setting this +option. + +Setting this option to NULL (since 7.77.0) explicitly disables the cookie +engine and clears the list of files to read cookies from. + +# SECURITY + +This document previously mentioned how specifying a non-existing file can also +enable the cookie engine. While true, we strongly advise against using that +method as it is too hard to be sure that files that stay that way in the long +run. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + + /* get cookies from an existing file */ + curl_easy_setopt(curl, CURLOPT_COOKIEFILE, "/tmp/cookies.txt"); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# Cookie file format + +The cookie file format and general cookie concepts in curl are described +online here: https://curl.se/docs/http-cookies.html + +# AVAILABILITY + +As long as HTTP is supported + +# RETURN VALUE + +Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_COOKIEJAR.md b/docs/libcurl/opts/CURLOPT_COOKIEJAR.md new file mode 100644 index 000000000..ec0d273eb --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_COOKIEJAR.md @@ -0,0 +1,86 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_COOKIEJAR +Section: 3 +Source: libcurl +See-also: + - CURLOPT_COOKIE (3) + - CURLOPT_COOKIEFILE (3) + - CURLOPT_COOKIELIST (3) +--- + +# NAME + +CURLOPT_COOKIEJAR - filename to store cookies to + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_COOKIEJAR, char *filename); +~~~ + +# DESCRIPTION + +Pass a *filename* as a char *, null-terminated. This makes libcurl write +all internally known cookies to the specified file when +curl_easy_cleanup(3) is called. If no cookies are kept in memory at that +time, no file is created. Specify "-" as filename to instead have the cookies +written to stdout. Using this option also enables cookies for this session, so +if you for example follow a redirect it makes matching cookies get sent +accordingly. + +Note that libcurl does not read any cookies from the cookie jar specified with +this option. To read cookies from a file, use CURLOPT_COOKIEFILE(3). + +If the cookie jar file cannot be created or written to (when the +curl_easy_cleanup(3) is called), libcurl does not and cannot report an +error for this. Using CURLOPT_VERBOSE(3) or +CURLOPT_DEBUGFUNCTION(3) displays a warning, but that is the only +visible feedback you get about this possibly lethal situation. + +Cookies are imported in the Set-Cookie format without a domain name are not +exported by this option. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + + /* export cookies to this file when closing the handle */ + curl_easy_setopt(curl, CURLOPT_COOKIEJAR, "/tmp/cookies.txt"); + + res = curl_easy_perform(curl); + + /* close the handle, write the cookies! */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Along with HTTP + +# RETURN VALUE + +Returns CURLE_OK if HTTP is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_COOKIELIST.md b/docs/libcurl/opts/CURLOPT_COOKIELIST.md new file mode 100644 index 000000000..4c17bd4bc --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_COOKIELIST.md @@ -0,0 +1,136 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_COOKIELIST +Section: 3 +Source: libcurl +See-also: + - CURLINFO_COOKIELIST (3) + - CURLOPT_COOKIE (3) + - CURLOPT_COOKIEFILE (3) + - CURLOPT_COOKIEJAR (3) +--- + +# NAME + +CURLOPT_COOKIELIST - add to or manipulate cookies held in memory + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_COOKIELIST, + char *cookie); +~~~ + +# DESCRIPTION + +Pass a char pointer to a *cookie* string. + +Such a cookie can be either a single line in Netscape / Mozilla format or just +regular HTTP-style header (Set-Cookie: ...) format. This option also enables +the cookie engine. This adds that single cookie to the internal cookie store. + +We strongly advice against loading cookies from an HTTP header file, as that +is an inferior data exchange format. + +Exercise caution if you are using this option and multiple transfers may +occur. If you use the Set-Cookie format and the string does not specify a +domain, then the cookie is sent for any domain (even after redirects are +followed) and cannot be modified by a server-set cookie. If a server sets a +cookie of the same name (or maybe you have imported one) then both are sent on +future transfers to that server, likely not what you intended. To address +these issues set a domain in Set-Cookie (doing that includes subdomains) or +much better: use the Netscape file format. + +Additionally, there are commands available that perform actions if you pass in +these exact strings: + +## ALL + +erases all cookies held in memory + +## SESS + +erases all session cookies held in memory + +## FLUSH + +writes all known cookies to the file specified by CURLOPT_COOKIEJAR(3) + +## RELOAD + +loads all cookies from the files specified by CURLOPT_COOKIEFILE(3) + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +/* an inline import of a cookie in Netscape format. */ + +#define SEP "\t" /* Tab separates the fields */ + +int main(void) +{ + char *my_cookie = + "example.com" /* Hostname */ + SEP "FALSE" /* Include subdomains */ + SEP "/" /* Path */ + SEP "FALSE" /* Secure */ + SEP "0" /* Expiry in epoch time format. 0 == Session */ + SEP "foo" /* Name */ + SEP "bar"; /* Value */ + + CURL *curl = curl_easy_init(); + if(curl) { + /* my_cookie is imported immediately via CURLOPT_COOKIELIST. */ + curl_easy_setopt(curl, CURLOPT_COOKIELIST, my_cookie); + + /* The list of cookies in cookies.txt are not be imported until right + before a transfer is performed. Cookies in the list that have the same + hostname, path and name as in my_cookie are skipped. That is because + libcurl has already imported my_cookie and it's considered a "live" + cookie. A live cookie is not replaced by one read from a file. + */ + curl_easy_setopt(curl, CURLOPT_COOKIEFILE, "cookies.txt"); /* import */ + + /* Cookies are exported after curl_easy_cleanup is called. The server + may have added, deleted or modified cookies by then. The cookies that + were skipped on import are not exported. + */ + curl_easy_setopt(curl, CURLOPT_COOKIEJAR, "cookies.txt"); /* export */ + + curl_easy_perform(curl); /* cookies imported from cookies.txt */ + + curl_easy_cleanup(curl); /* cookies exported to cookies.txt */ + } +} +~~~ + +# Cookie file format + +The cookie file format and general cookie concepts in curl are described +online here: https://curl.se/docs/http-cookies.html + +# AVAILABILITY + +**ALL** was added in 7.14.1 + +**SESS** was added in 7.15.4 + +**FLUSH** was added in 7.17.1 + +**RELOAD** was added in 7.39.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_COOKIESESSION.md b/docs/libcurl/opts/CURLOPT_COOKIESESSION.md new file mode 100644 index 000000000..6f49f025c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_COOKIESESSION.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_COOKIESESSION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_COOKIE (3) + - CURLOPT_COOKIEFILE (3) + - CURLOPT_COOKIEJAR (3) +--- + +# NAME + +CURLOPT_COOKIESESSION - start a new cookie session + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_COOKIESESSION, long init); +~~~ + +# DESCRIPTION + +Pass a long set to 1 to mark this as a new cookie "session". It forces libcurl +to ignore all cookies it is about to load that are "session cookies" from the +previous session. By default, libcurl always loads all cookies, independent if +they are session cookies or not. Session cookies are cookies without expiry +date and they are meant to be alive and existing for this "session" only. + +A "session" is usually defined in browser land for as long as you have your +browser up, more or less. libcurl needs the application to use this option to +tell it when a new session starts, otherwise it assumes everything is still in +the same session. + +# DEFAULT + +0 + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + + /* new "session", do not load session cookies */ + curl_easy_setopt(curl, CURLOPT_COOKIESESSION, 1L); + + /* get the (non session) cookies from this file */ + curl_easy_setopt(curl, CURLOPT_COOKIEFILE, "/tmp/cookies.txt"); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Along with HTTP + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.md b/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.md new file mode 100644 index 000000000..911e08181 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_COPYPOSTFIELDS.md @@ -0,0 +1,78 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_COPYPOSTFIELDS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_MIMEPOST (3) + - CURLOPT_POSTFIELDS (3) + - CURLOPT_POSTFIELDSIZE (3) + - CURLOPT_UPLOAD (3) +--- + +# NAME + +CURLOPT_COPYPOSTFIELDS - have libcurl copy data to POST + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_COPYPOSTFIELDS, char *data); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, which should be the full *data* to post in a +HTTP POST operation. It behaves as the CURLOPT_POSTFIELDS(3) option, but the +original data is instead copied by the library, allowing the application to +overwrite the original data after setting this option. + +Because data are copied, care must be taken when using this option in +conjunction with CURLOPT_POSTFIELDSIZE(3) or +CURLOPT_POSTFIELDSIZE_LARGE(3): If the size has not been set prior to +CURLOPT_COPYPOSTFIELDS(3), the data is assumed to be a null-terminated +string; else the stored size informs the library about the byte count to +copy. In any case, the size must not be changed after +CURLOPT_COPYPOSTFIELDS(3), unless another CURLOPT_POSTFIELDS(3) or +CURLOPT_COPYPOSTFIELDS(3) option is issued. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + char local_buffer[1024]="data to send"; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* size of the data to copy from the buffer and send in the request */ + curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, 12L); + + /* send data from the local stack */ + curl_easy_setopt(curl, CURLOPT_COPYPOSTFIELDS, local_buffer); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.17.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_CRLF.md b/docs/libcurl/opts/CURLOPT_CRLF.md new file mode 100644 index 000000000..1766c3312 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CRLF.md @@ -0,0 +1,62 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CRLF +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CONV_FROM_NETWORK_FUNCTION (3) + - CURLOPT_CONV_TO_NETWORK_FUNCTION (3) +--- + +# NAME + +CURLOPT_CRLF - CRLF conversion + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CRLF, long conv); +~~~ + +# DESCRIPTION + +Pass a long. If the value is set to 1 (one), libcurl converts Unix newlines to +CRLF newlines on transfers. Disable this option again by setting the value to +0 (zero). + +This is a legacy option of questionable use. + +# DEFAULT + +0 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/"); + curl_easy_setopt(curl, CURLOPT_CRLF, 1L); + ret = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +SMTP since 7.40.0, other protocols since they were introduced + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_CRLFILE.md b/docs/libcurl/opts/CURLOPT_CRLFILE.md new file mode 100644 index 000000000..b800f8ce3 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CRLFILE.md @@ -0,0 +1,82 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CRLFILE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_CRLFILE (3) + - CURLOPT_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_CRLFILE - Certificate Revocation List file + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CRLFILE, char *file); +~~~ + +# DESCRIPTION + +Pass a char pointer to a null-terminated string naming a *file* with the +concatenation of CRL (in PEM format) to use in the certificate validation that +occurs during the SSL exchange. + +When curl is built to use GnuTLS, there is no way to influence the use of CRL +passed to help in the verification process. + +When libcurl is built with OpenSSL support, X509_V_FLAG_CRL_CHECK and +X509_V_FLAG_CRL_CHECK_ALL are both set, requiring CRL check against all the +elements of the certificate chain if a CRL file is passed. Also note that +CURLOPT_CRLFILE(3) implies **CURLSSLOPT_NO_PARTIALCHAIN** (see +CURLOPT_SSL_OPTIONS(3)) since curl 7.71.0 due to an OpenSSL bug. + +This option makes sense only when used in combination with the +CURLOPT_SSL_VERIFYPEER(3) option. + +A specific error code (*CURLE_SSL_CRL_BADFILE*) is defined with the option. It +is returned when the SSL exchange fails because the CRL file cannot be +loaded. A failure in certificate verification due to a revocation information +found in the CRL does not trigger this specific error. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS-based protocols + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_CRLFILE, "/etc/certs/crl.pem"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.19.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_CURLU.md b/docs/libcurl/opts/CURLOPT_CURLU.md new file mode 100644 index 000000000..a3eeb5c9b --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CURLU.md @@ -0,0 +1,79 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CURLU +Section: 3 +Source: libcurl +See-also: + - CURLOPT_URL (3) + - curl_url (3) + - curl_url_cleanup (3) + - curl_url_dup (3) + - curl_url_get (3) + - curl_url_set (3) + - curl_url_strerror (3) +--- + +# NAME + +CURLOPT_CURLU - URL in URL handle format + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CURLU, CURLU *pointer); +~~~ + +# DESCRIPTION + +Pass in a pointer to the *URL* handle to work with. The parameter should be a +*CURLU pointer*. Setting CURLOPT_CURLU(3) explicitly overrides +CURLOPT_URL(3). + +CURLOPT_URL(3) or CURLOPT_CURLU(3) **must** be set before a +transfer is started. + +libcurl uses this handle and its contents read-only and does not change its +contents. An application can update the contents of the URL handle after a +transfer is done and if the same handle is used in a subsequent request the +updated contents is used. + +# DEFAULT + +The default value of this parameter is NULL. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + CURLU *urlp = curl_url(); + if(curl) { + CURLcode res; + CURLUcode ret; + ret = curl_url_set(urlp, CURLUPART_URL, "https://example.com", 0); + + curl_easy_setopt(curl, CURLOPT_CURLU, urlp); + + res = curl_easy_perform(curl); + + curl_url_cleanup(urlp); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.63.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.md b/docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.md new file mode 100644 index 000000000..c4d4ec210 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_CUSTOMREQUEST.md @@ -0,0 +1,130 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_CUSTOMREQUEST +Section: 3 +Source: libcurl +See-also: + - CURLINFO_EFFECTIVE_METHOD (3) + - CURLOPT_HTTPHEADER (3) + - CURLOPT_NOBODY (3) + - CURLOPT_REQUEST_TARGET (3) +--- + +# NAME + +CURLOPT_CUSTOMREQUEST - custom request method + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CUSTOMREQUEST, char *method); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. + +When changing the request *method* by setting CURLOPT_CUSTOMREQUEST(3), you +do not actually change how libcurl behaves or acts: you only change the actual +string sent in the request. + +libcurl passes on the verbatim string in its request without any filter or +other safe guards. That includes white space and control characters. + +Restore to the internal default by setting this to NULL. + +This option can be used to specify the request: + +## HTTP + +Instead of GET or HEAD when performing HTTP based requests. This is +particularly useful, for example, for performing an HTTP DELETE request. + +For example: + +When you tell libcurl to do a HEAD request, but then specify a GET though a +custom request libcurl still acts as if it sent a HEAD. To switch to a proper +HEAD use CURLOPT_NOBODY(3), to switch to a proper POST use +CURLOPT_POST(3) or CURLOPT_POSTFIELDS(3) and to switch to a proper +GET use CURLOPT_HTTPGET(3). + +Many people have wrongly used this option to replace the entire request with +their own, including multiple headers and POST contents. While that might work +in many cases, it might cause libcurl to send invalid requests and it could +possibly confuse the remote server badly. Use CURLOPT_POST(3) and +CURLOPT_POSTFIELDS(3) to set POST data. Use CURLOPT_HTTPHEADER(3) +to replace or extend the set of headers sent by libcurl. Use +CURLOPT_HTTP_VERSION(3) to change HTTP version. + +## FTP + +Instead of LIST and NLST when performing FTP directory listings. + +## IMAP + +Instead of LIST when issuing IMAP based requests. + +## POP3 + +Instead of LIST and RETR when issuing POP3 based requests. + +For example: + +When you tell libcurl to use a custom request it behaves like a LIST or RETR +command was sent where it expects data to be returned by the server. As such +CURLOPT_NOBODY(3) should be used when specifying commands such as +**DELE** and **NOOP** for example. + +## SMTP + +Instead of a **HELP** or **VRFY** when issuing SMTP based requests. + +For example: + +Normally a multi line response is returned which can be used, in conjunction +with CURLOPT_MAIL_RCPT(3), to specify an EXPN request. If the +CURLOPT_NOBODY(3) option is specified then the request can be used to +issue **NOOP** and **RSET** commands. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP, FTP, IMAP, POP3 and SMTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + + /* DELETE the given path */ + curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "DELETE"); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +IMAP is supported since 7.30.0, POP3 since 7.26.0 and SMTP since 7.34.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_DEBUGDATA.md b/docs/libcurl/opts/CURLOPT_DEBUGDATA.md new file mode 100644 index 000000000..cac58d99d --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_DEBUGDATA.md @@ -0,0 +1,86 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_DEBUGDATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DEBUGFUNCTION (3) + - CURLOPT_STDERR (3) +--- + +# NAME + +CURLOPT_DEBUGDATA - pointer passed to the debug callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DEBUGDATA, void *pointer); +~~~ + +# DESCRIPTION + +Pass a *pointer* to whatever you want passed in to your +CURLOPT_DEBUGFUNCTION(3) in the last void * argument. This pointer is +not used by libcurl, it is only passed to the callback. + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +struct data { + void *custom; +}; + +static int my_trace(CURL *handle, curl_infotype type, + char *data, size_t size, + void *clientp) +{ + struct data *mine = clientp; + printf("our ptr: %p\n", mine->custom); + + /* output debug info */ +} + +int main(void) +{ + CURL *curl; + CURLcode res; + struct data my_tracedata; + + curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_DEBUGFUNCTION, my_trace); + + curl_easy_setopt(curl, CURLOPT_DEBUGDATA, &my_tracedata); + + /* the DEBUGFUNCTION has no effect until we enable VERBOSE */ + curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); + + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + res = curl_easy_perform(curl); + + /* always cleanup */ + curl_easy_cleanup(curl); + } + return 0; +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.3 b/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.md similarity index 53% rename from docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.3 rename to docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.md index efcc4e896..1acf963ca 100644 --- a/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.3 +++ b/docs/libcurl/opts/CURLOPT_DEBUGFUNCTION.md @@ -1,33 +1,24 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.\" -.TH CURLOPT_DEBUGFUNCTION 3 "October 05, 2023" "ibcurl 8.4.0" libcurl - -.SH NAME -CURLOPT_DEBUGFUNCTION \- debug callback -.SH SYNOPSIS -.nf +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_DEBUGFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CONN_ID (3) + - CURLINFO_XFER_ID (3) + - CURLOPT_DEBUGDATA (3) + - CURLOPT_VERBOSE (3) + - curl_global_trace (3) +--- + +# NAME + +CURLOPT_DEBUGFUNCTION - debug callback + +# SYNOPSIS + +~~~c #include typedef enum { @@ -49,80 +40,101 @@ int debug_callback(CURL *handle, CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DEBUGFUNCTION, debug_callback); -.SH DESCRIPTION +~~~ + +# DESCRIPTION + Pass a pointer to your callback function, which should match the prototype shown above. -\fICURLOPT_DEBUGFUNCTION(3)\fP replaces the standard debug function used when -\fICURLOPT_VERBOSE(3)\fP is in effect. This callback receives debug -information, as specified in the \fItype\fP argument. This function must -return 0. The \fIdata\fP pointed to by the char * passed to this function is -not null-terminated, but is exactly of the \fIsize\fP as told by the -\fIsize\fP argument. +CURLOPT_DEBUGFUNCTION(3) replaces the standard debug function used when +CURLOPT_VERBOSE(3) is in effect. This callback receives debug +information, as specified in the *type* argument. This function must +return 0. The *data* pointed to by the char * passed to this function is +not null-terminated, but is exactly of the *size* as told by the +*size* argument. + +The *clientp* argument is the pointer set with CURLOPT_DEBUGDATA(3). + +Available **curl_infotype** values: -The \fIclientp\fP argument is the pointer set with \fICURLOPT_DEBUGDATA(3)\fP. +## CURLINFO_TEXT -Available \fBcurl_infotype\fP values: -.RS -.IP CURLINFO_TEXT The data is informational text. -.IP CURLINFO_HEADER_IN + +## CURLINFO_HEADER_IN + The data is header (or header-like) data received from the peer. -.IP CURLINFO_HEADER_OUT + +## CURLINFO_HEADER_OUT + The data is header (or header-like) data sent to the peer. -.IP CURLINFO_DATA_IN + +## CURLINFO_DATA_IN + The data is the unprocessed protocol data received from the peer. Even if the data is encoded or compressed, it is not not provided decoded nor decompressed to this callback. If you need the data in decoded and decompressed form, use -\fICURLOPT_WRITEFUNCTION(3)\fP. -.IP CURLINFO_DATA_OUT +CURLOPT_WRITEFUNCTION(3). + +## CURLINFO_DATA_OUT + The data is protocol data sent to the peer. -.IP CURLINFO_SSL_DATA_OUT + +## CURLINFO_SSL_DATA_OUT + The data is SSL/TLS (binary) data sent to the peer. -.IP CURLINFO_SSL_DATA_IN + +## CURLINFO_SSL_DATA_IN + The data is SSL/TLS (binary) data received from the peer. -.RE -WARNING: This callback may be called with the curl \fIhandle\fP set to an +WARNING: This callback may be called with the curl *handle* set to an internal handle. (Added in 8.4.0) -If you need to distinguish your curl \fIhandle\fP from internal handles then -set \fICURLOPT_PRIVATE(3)\fP on your handle. -.SH DEFAULT +If you need to distinguish your curl *handle* from internal handles then +set CURLOPT_PRIVATE(3) on your handle. + +# DEFAULT + NULL -.SH PROTOCOLS + +# PROTOCOLS + All -.SH EXAMPLE -.nf + +# EXAMPLE + +~~~c static void dump(const char *text, FILE *stream, unsigned char *ptr, size_t size) { size_t i; size_t c; - unsigned int width=0x10; + unsigned int width = 0x10; - fprintf(stream, "%s, %10.10ld bytes (0x%8.8lx)\\n", + fprintf(stream, "%s, %10.10ld bytes (0x%8.8lx)\n", text, (long)size, (long)size); - for(i=0; i= 0x20 && ptr[i+c] < 0x80) ? ptr[i+c] : '.'; + for(c = 0; (c < width) && (i + c < size); c++) { + char x = (ptr[i + c] >= 0x20 && ptr[i + c] < 0x80) ? ptr[i + c] : '.'; fputc(x, stream); } - fputc('\\n', stream); /* newline */ + fputc('\n', stream); /* newline */ } } @@ -135,7 +147,7 @@ int my_trace(CURL *handle, curl_infotype type, (void)handle; /* prevent compiler warning */ (void)clientp; - switch (type) { + switch(type) { case CURLINFO_TEXT: fputs("== Info: ", stderr); fwrite(data, size, 1, stderr); @@ -185,7 +197,7 @@ int main(void) res = curl_easy_perform(curl); /* Check for errors */ if(res != CURLE_OK) - fprintf(stderr, "curl_easy_perform() failed: %s\\n", + fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res)); /* always cleanup */ @@ -193,14 +205,12 @@ int main(void) } return 0; } -.fi -.SH AVAILABILITY +~~~ + +# AVAILABILITY + Always -.SH RETURN VALUE + +# RETURN VALUE + Returns CURLE_OK -.SH "SEE ALSO" -.BR curl_global_trace (3), -.BR CURLINFO_CONN_ID (3), -.BR CURLINFO_XFER_ID (3), -.BR CURLOPT_DEBUGDATA (3), -.BR CURLOPT_VERBOSE (3) diff --git a/docs/libcurl/opts/CURLOPT_DEFAULT_PROTOCOL.md b/docs/libcurl/opts/CURLOPT_DEFAULT_PROTOCOL.md new file mode 100644 index 000000000..88468f718 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_DEFAULT_PROTOCOL.md @@ -0,0 +1,89 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_DEFAULT_PROTOCOL +Section: 3 +Source: libcurl +See-also: + - CURLINFO_PROTOCOL (3) + - CURLINFO_SCHEME (3) + - CURLOPT_URL (3) +--- + +# NAME + +CURLOPT_DEFAULT_PROTOCOL - default protocol to use if the URL is missing a +scheme name + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DEFAULT_PROTOCOL, + char *protocol); +~~~ + +# DESCRIPTION + +This option tells libcurl to use *protocol* if the URL is missing a scheme +name. + +Use one of these protocol (scheme) names: + +dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, ldaps, pop3, +pop3s, rtsp, scp, sftp, smb, smbs, smtp, smtps, telnet, tftp + +An unknown or unsupported protocol causes error +*CURLE_UNSUPPORTED_PROTOCOL* when libcurl parses a URL without a +scheme. Parsing happens when curl_easy_perform(3) or +curl_multi_perform(3) is called. The protocol set supported by libcurl +vary depending on how it was built. Use curl_version_info(3) if you need +a list of protocol names supported by the build of libcurl that you are using. + +This option does not change the default proxy protocol (http). + +Without this option libcurl would make a guess based on the host, see +CURLOPT_URL(3) for details. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL (make a guess based on the host) + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + /* set a URL without a scheme */ + curl_easy_setopt(curl, CURLOPT_URL, "example.com"); + + /* set the default protocol (scheme) for schemeless URLs */ + curl_easy_setopt(curl, CURLOPT_DEFAULT_PROTOCOL, "https"); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.45.0 + +# RETURN VALUE + +CURLE_OK if the option is supported. + +CURLE_OUT_OF_MEMORY if there was insufficient heap space. + +CURLE_UNKNOWN_OPTION if the option is not supported. diff --git a/docs/libcurl/opts/CURLOPT_DIRLISTONLY.md b/docs/libcurl/opts/CURLOPT_DIRLISTONLY.md new file mode 100644 index 000000000..29635622c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_DIRLISTONLY.md @@ -0,0 +1,80 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_DIRLISTONLY +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CUSTOMREQUEST (3) + - CURLOPT_WILDCARDMATCH (3) +--- + +# NAME + +CURLOPT_DIRLISTONLY - ask for names only in a directory listing + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DIRLISTONLY, long listonly); +~~~ + +# DESCRIPTION + +For FTP and SFTP based URLs a parameter set to 1 tells the library to list the +names of files in a directory, rather than performing a full directory listing +that would normally include file sizes, dates etc. + +For POP3 a parameter of 1 tells the library to list the email message or +messages on the POP3 server. This can be used to change the default behavior +of libcurl, when combined with a URL that contains a message ID, to perform a +"scan listing" which can then be used to determine the size of an email. + +Note: For FTP this causes a NLST command to be sent to the FTP server. Beware +that some FTP servers list only files in their response to NLST; they might +not include subdirectories and symbolic links. + +Setting this option to 1 also implies a directory listing even if the URL +does not end with a slash, which otherwise is necessary. + +Do not use this option if you also use CURLOPT_WILDCARDMATCH(3) as it +effectively breaks that feature. + +# DEFAULT + +0, disabled + +# PROTOCOLS + +FTP, SFTP and POP3 + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/dir/"); + + /* list only */ + curl_easy_setopt(curl, CURLOPT_DIRLISTONLY, 1L); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +This option was known as CURLOPT_FTPLISTONLY up to 7.16.4. POP3 is supported +since 7.21.5. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_DISALLOW_USERNAME_IN_URL.md b/docs/libcurl/opts/CURLOPT_DISALLOW_USERNAME_IN_URL.md new file mode 100644 index 000000000..ddaaace89 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_DISALLOW_USERNAME_IN_URL.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_DISALLOW_USERNAME_IN_URL +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROTOCOLS (3) + - CURLOPT_URL (3) + - curl_url_set (3) + - libcurl-security (3) +--- + +# NAME + +CURLOPT_DISALLOW_USERNAME_IN_URL - disallow specifying username in the URL + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DISALLOW_USERNAME_IN_URL, + long disallow); +~~~ + +# DESCRIPTION + +A long parameter set to 1 tells the library to not allow URLs that include a +username. + +This is the equivalent to the *CURLU_DISALLOW_USER* flag for the +curl_url_set(3) function. + +# DEFAULT + +0 (disabled) - user names are allowed by default. + +# PROTOCOLS + +Several + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_DISALLOW_USERNAME_IN_URL, 1L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.61.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. + +curl_easy_perform(3) returns CURLE_LOGIN_DENIED if this option is +enabled and a URL containing a username is specified. diff --git a/docs/libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.md b/docs/libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.md new file mode 100644 index 000000000..0199f525a --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_DNS_CACHE_TIMEOUT.md @@ -0,0 +1,90 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_DNS_CACHE_TIMEOUT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CONNECTTIMEOUT_MS (3) + - CURLOPT_DNS_SERVERS (3) + - CURLOPT_DNS_USE_GLOBAL_CACHE (3) + - CURLOPT_MAXAGE_CONN (3) + - CURLOPT_RESOLVE (3) +--- + +# NAME + +CURLOPT_DNS_CACHE_TIMEOUT - life-time for DNS cache entries + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DNS_CACHE_TIMEOUT, long age); +~~~ + +# DESCRIPTION + +Pass a long, this sets the timeout in seconds. Name resolve results are kept +in memory and used for this number of seconds. Set to zero to completely +disable caching, or set to -1 to make the cached entries remain forever. By +default, libcurl caches this info for 60 seconds. + +We recommend users not to tamper with this option unless strictly necessary. +If you do, be careful of using large values that can make the cache size grow +significantly if many different host names are used within that timeout +period. + +The name resolve functions of various libc implementations do not re-read name +server information unless explicitly told so (for example, by calling +*res_init(3)*). This may cause libcurl to keep using the older server even +if DHCP has updated the server info, and this may look like a DNS cache issue +to the casual libcurl-app user. + +DNS entries have a "TTL" property but libcurl does not use that. This DNS +cache timeout is entirely speculative that a name resolves to the same address +for a small amount of time into the future. + +Since version 8.1.0, libcurl prunes entries from the DNS cache if it exceeds +30,000 entries no matter which timeout value is used. + +# DEFAULT + +60 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + + /* only reuse addresses for a short time */ + curl_easy_setopt(curl, CURLOPT_DNS_CACHE_TIMEOUT, 2L); + + res = curl_easy_perform(curl); + + /* in this second request, the cache is not be used if more than + two seconds have passed since the previous name resolve */ + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_DNS_INTERFACE.md b/docs/libcurl/opts/CURLOPT_DNS_INTERFACE.md new file mode 100644 index 000000000..070bdc5af --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_DNS_INTERFACE.md @@ -0,0 +1,69 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_DNS_INTERFACE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DNS_LOCAL_IP4 (3) + - CURLOPT_DNS_LOCAL_IP6 (3) + - CURLOPT_DNS_SERVERS (3) + - CURLOPT_INTERFACE (3) +--- + +# NAME + +CURLOPT_DNS_INTERFACE - interface to speak DNS over + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DNS_INTERFACE, char *ifname); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter. Set the name of the network interface that +the DNS resolver should bind to. This must be an interface name (not an +address). Set this option to NULL to use the default setting (do not bind to a +specific interface). + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All protocols except file:// - protocols that resolve host names. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + curl_easy_setopt(curl, CURLOPT_DNS_INTERFACE, "eth0"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.33.0. This option also requires that libcurl was built with a +resolver backend that supports this operation. The c-ares backend is the only +such one. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, +or CURLE_NOT_BUILT_IN if support was disabled at compile-time. diff --git a/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP4.md b/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP4.md new file mode 100644 index 000000000..69af83b6b --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP4.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_DNS_LOCAL_IP4 +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DNS_INTERFACE (3) + - CURLOPT_DNS_LOCAL_IP6 (3) + - CURLOPT_DNS_SERVERS (3) +--- + +# NAME + +CURLOPT_DNS_LOCAL_IP4 - IPv4 address to bind DNS resolves to + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DNS_LOCAL_IP4, char *address); +~~~ + +# DESCRIPTION + +Set the local IPv4 *address* that the resolver should bind to. The argument +should be of type char * and contain a single numerical IPv4 address as a +string. Set this option to NULL to use the default setting (do not bind to a +specific IP address). + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + curl_easy_setopt(curl, CURLOPT_DNS_LOCAL_IP4, "192.168.0.14"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +This option requires that libcurl was built with a resolver backend that +supports this operation. The c-ares backend is the only such one. + +Added in 7.33.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, +CURLE_NOT_BUILT_IN if support was disabled at compile-time, or +CURLE_BAD_FUNCTION_ARGUMENT when given a bad address. diff --git a/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP6.md b/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP6.md new file mode 100644 index 000000000..fb04ee899 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_DNS_LOCAL_IP6.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_DNS_LOCAL_IP6 +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DNS_INTERFACE (3) + - CURLOPT_DNS_LOCAL_IP4 (3) + - CURLOPT_DNS_SERVERS (3) +--- + +# NAME + +CURLOPT_DNS_LOCAL_IP6 - IPv6 address to bind DNS resolves to + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DNS_LOCAL_IP6, char *address); +~~~ + +# DESCRIPTION + +Set the local IPv6 *address* that the resolver should bind to. The argument +should be of type char * and contain a single IPv6 address as a string. Set +this option to NULL to use the default setting (do not bind to a specific IP +address). + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + curl_easy_setopt(curl, CURLOPT_DNS_LOCAL_IP6, "fe80::a9ff:fe46:b619"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +This option requires that libcurl was built with a resolver backend that +supports this operation. The c-ares backend is the only such one. + +Added in 7.33.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, +CURLE_NOT_BUILT_IN if support was disabled at compile-time, or +CURLE_BAD_FUNCTION_ARGUMENT when given a bad address. diff --git a/docs/libcurl/opts/CURLOPT_DNS_SERVERS.md b/docs/libcurl/opts/CURLOPT_DNS_SERVERS.md new file mode 100644 index 000000000..998257c79 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_DNS_SERVERS.md @@ -0,0 +1,76 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_DNS_SERVERS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DNS_CACHE_TIMEOUT (3) + - CURLOPT_DNS_LOCAL_IP4 (3) + - CURLOPT_DNS_LOCAL_IP6 (3) +--- + +# NAME + +CURLOPT_DNS_SERVERS - DNS servers to use + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DNS_SERVERS, char *servers); +~~~ + +# DESCRIPTION + +Pass a char pointer that is the list of DNS servers to be used instead of the +system default. The format of the dns servers option is: + +host[:port][,host[:port]]... + +For example: + +192.168.1.100,192.168.1.101,3.4.5.6 + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL - use system default + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + curl_easy_setopt(curl, CURLOPT_DNS_SERVERS, + "192.168.1.100:53,192.168.1.101"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +This option requires that libcurl was built with a resolver backend that +supports this operation. The c-ares backend is the only such one. + +Added in 7.24.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, +CURLE_NOT_BUILT_IN if support was disabled at compile-time, +CURLE_BAD_FUNCTION_ARGUMENT when given an invalid server list, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_DNS_SHUFFLE_ADDRESSES.md b/docs/libcurl/opts/CURLOPT_DNS_SHUFFLE_ADDRESSES.md new file mode 100644 index 000000000..f15abc9c7 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_DNS_SHUFFLE_ADDRESSES.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_DNS_SHUFFLE_ADDRESSES +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DNS_CACHE_TIMEOUT (3) + - CURLOPT_IPRESOLVE (3) +--- + +# NAME + +CURLOPT_DNS_SHUFFLE_ADDRESSES - shuffle IP addresses for hostname + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DNS_SHUFFLE_ADDRESSES, long onoff); +~~~ + +# DESCRIPTION + +Pass a long set to 1 to enable this option. + +When a name is resolved and more than one IP address is returned, this +function shuffles the order of all returned addresses so that they are used in +a random order. This is similar to the ordering behavior of the legacy +gethostbyname function which is no longer used on most platforms. + +Addresses are not reshuffled if name resolution is completed using the DNS +cache. CURLOPT_DNS_CACHE_TIMEOUT(3) can be used together with this +option to reduce DNS cache timeout or disable caching entirely if frequent +reshuffling is needed. + +Since the addresses returned are randomly reordered, the order is not in +accordance with RFC 3484 or any other deterministic order that may be +generated by the system's name resolution implementation. This may have +performance impacts and may cause IPv4 to be used before IPv6 or vice versa. + +# DEFAULT + +0 (disabled) + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_DNS_SHUFFLE_ADDRESSES, 1L); + + curl_easy_perform(curl); + + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.60.0 + +# RETURN VALUE + +CURLE_OK or an error such as CURLE_UNKNOWN_OPTION. diff --git a/docs/libcurl/opts/CURLOPT_DNS_USE_GLOBAL_CACHE.md b/docs/libcurl/opts/CURLOPT_DNS_USE_GLOBAL_CACHE.md new file mode 100644 index 000000000..dfbc22916 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_DNS_USE_GLOBAL_CACHE.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_DNS_USE_GLOBAL_CACHE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DNS_CACHE_TIMEOUT (3) + - CURLOPT_SHARE (3) +--- + +# NAME + +CURLOPT_DNS_USE_GLOBAL_CACHE - global DNS cache + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DNS_USE_GLOBAL_CACHE, + long enable); +~~~ + +# DESCRIPTION + +Has no function since 7.62.0. Do not use! + +Pass a long. If the *enable* value is 1, it tells curl to use a global DNS +cache that survives between easy handle creations and deletions. This is not +thread-safe and this uses a global variable. + +See CURLOPT_SHARE(3) and curl_share_init(3) for the correct way to +share DNS cache between transfers. + +# DEFAULT + +0 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* switch off the use of a global, thread unsafe, cache */ + curl_easy_setopt(curl, CURLOPT_DNS_USE_GLOBAL_CACHE, 0L); + ret = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} + +~~~ + +# AVAILABILITY + +Deprecated since 7.11.1. Function removed in 7.62.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYHOST.md b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYHOST.md new file mode 100644 index 000000000..051e6be53 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYHOST.md @@ -0,0 +1,90 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_DOH_SSL_VERIFYHOST +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DOH_SSL_VERIFYPEER (3) + - CURLOPT_PROXY_SSL_VERIFYHOST (3) + - CURLOPT_PROXY_SSL_VERIFYPEER (3) + - CURLOPT_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_DOH_SSL_VERIFYHOST - verify the hostname in the DoH SSL certificate + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DOH_SSL_VERIFYHOST, + long verify); +~~~ + +# DESCRIPTION + +Pass a long set to 2L as asking curl to *verify* the DoH (DNS-over-HTTPS) +server's certificate name fields against the hostname. + +This option is the DoH equivalent of CURLOPT_SSL_VERIFYHOST(3) and +only affects requests to the DoH server. + +When CURLOPT_DOH_SSL_VERIFYHOST(3) is 2, the SSL certificate provided by +the DoH server must indicate that the server name is the same as the server +name to which you meant to connect to, or the connection fails. + +Curl considers the DoH server the intended one when the Common Name field or a +Subject Alternate Name field in the certificate matches the hostname in the +DoH URL to which you told Curl to connect. + +When the *verify* value is set to 1L it is treated the same as 2L. However +for consistency with the other *VERIFYHOST* options we suggest use 2 and +not 1. + +When the *verify* value is set to 0L, the connection succeeds regardless of +the names used in the certificate. Use that ability with caution! + +See also CURLOPT_DOH_SSL_VERIFYPEER(3) to verify the digital signature +of the DoH server certificate. + +# DEFAULT + +2 + +# PROTOCOLS + +DoH + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + curl_easy_setopt(curl, CURLOPT_DOH_URL, + "https://cloudflare-dns.com/dns-query"); + + /* Disable host name verification of the DoH server */ + curl_easy_setopt(curl, CURLOPT_DOH_SSL_VERIFYHOST, 0L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.76.0 + +If built TLS enabled. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYPEER.md b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYPEER.md new file mode 100644 index 000000000..e2a5a5e69 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYPEER.md @@ -0,0 +1,102 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_DOH_SSL_VERIFYPEER +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CAINFO (3) + - CURLOPT_CAPATH (3) + - CURLOPT_DOH_SSL_VERIFYHOST (3) + - CURLOPT_PROXY_SSL_VERIFYHOST (3) + - CURLOPT_PROXY_SSL_VERIFYPEER (3) + - CURLOPT_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_DOH_SSL_VERIFYPEER - verify the DoH SSL certificate + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DOH_SSL_VERIFYPEER, + long verify); +~~~ + +# DESCRIPTION + +Pass a long as parameter set to 1L to enable or 0L to disable. + +This option tells curl to verify the authenticity of the DoH (DNS-over-HTTPS) +server's certificate. A value of 1 means curl verifies; 0 (zero) means it +does not. + +This option is the DoH equivalent of CURLOPT_SSL_VERIFYPEER(3) and +only affects requests to the DoH server. + +When negotiating a TLS or SSL connection, the server sends a certificate +indicating its identity. Curl verifies whether the certificate is authentic, +i.e. that you can trust that the server is who the certificate says it is. +This trust is based on a chain of digital signatures, rooted in certification +authority (CA) certificates you supply. curl uses a default bundle of CA +certificates (the path for that is determined at build time) and you can +specify alternate certificates with the CURLOPT_CAINFO(3) option or the +CURLOPT_CAPATH(3) option. + +When CURLOPT_DOH_SSL_VERIFYPEER(3) is enabled, and the verification fails to +prove that the certificate is authentic, the connection fails. When the option +is zero, the peer certificate verification succeeds regardless. + +Authenticating the certificate is not enough to be sure about the server. You +typically also want to ensure that the server is the server you mean to be +talking to. Use CURLOPT_DOH_SSL_VERIFYHOST(3) for that. The check that the +hostname in the certificate is valid for the hostname you are connecting to +is done independently of the CURLOPT_DOH_SSL_VERIFYPEER(3) option. + +WARNING: disabling verification of the certificate allows bad guys to +man-in-the-middle the communication without you knowing it. Disabling +verification makes the communication insecure. Just having encryption on a +transfer is not enough as you cannot be sure that you are communicating with +the correct end-point. + +# DEFAULT + +1 + +# PROTOCOLS + +DoH + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + curl_easy_setopt(curl, CURLOPT_DOH_URL, + "https://cloudflare-dns.com/dns-query"); + + /* Disable certificate verification of the DoH server */ + curl_easy_setopt(curl, CURLOPT_DOH_SSL_VERIFYPEER, 0L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.76.0 + +If built TLS enabled. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYSTATUS.md b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYSTATUS.md new file mode 100644 index 000000000..19489986b --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_DOH_SSL_VERIFYSTATUS.md @@ -0,0 +1,76 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_DOH_SSL_VERIFYSTATUS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DOH_SSL_VERIFYHOST (3) + - CURLOPT_DOH_SSL_VERIFYPEER (3) + - CURLOPT_SSL_VERIFYSTATUS (3) +--- + +# NAME + +CURLOPT_DOH_SSL_VERIFYSTATUS - verify the DoH SSL certificate's status + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DOH_SSL_VERIFYSTATUS, + long verify); +~~~ + +# DESCRIPTION + +Pass a long as parameter set to 1 to enable or 0 to disable. + +This option determines whether libcurl verifies the status of the DoH +(DNS-over-HTTPS) server cert using the "Certificate Status Request" TLS +extension (aka. OCSP stapling). + +This option is the DoH equivalent of CURLOPT_SSL_VERIFYSTATUS(3) and +only affects requests to the DoH server. + +If this option is enabled and the server does not support the TLS extension, +the verification fails. + +# DEFAULT + +0 + +# PROTOCOLS + +DoH + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + curl_easy_setopt(curl, CURLOPT_DOH_URL, + "https://cloudflare-dns.com/dns-query"); + + /* Ask for OCSP stapling when verifying the DoH server */ + curl_easy_setopt(curl, CURLOPT_DOH_SSL_VERIFYSTATUS, 1L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.76.0. This option is currently only supported by the OpenSSL, and +GnuTLS TLS backends. + +# RETURN VALUE + +Returns CURLE_OK if OCSP stapling is supported by the SSL backend, otherwise +returns CURLE_NOT_BUILT_IN. diff --git a/docs/libcurl/opts/CURLOPT_DOH_URL.md b/docs/libcurl/opts/CURLOPT_DOH_URL.md new file mode 100644 index 000000000..a2e46b4c0 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_DOH_URL.md @@ -0,0 +1,96 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_DOH_URL +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DNS_CACHE_TIMEOUT (3) + - CURLOPT_RESOLVE (3) + - CURLOPT_VERBOSE (3) +--- + +# NAME + +CURLOPT_DOH_URL - provide the DNS-over-HTTPS URL + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DOH_URL, char *URL); +~~~ + +# DESCRIPTION + +Pass in a pointer to a *URL* for the DoH server to use for name resolving. The +parameter should be a char pointer to a null-terminated string which must be a +valid and correct HTTPS URL. + +libcurl does not validate the syntax or use this variable until the transfer +is issued. Even if you set a crazy value here, curl_easy_setopt(3) still +returns *CURLE_OK*. + +curl sends POST requests to the given DNS-over-HTTPS URL. + +To find the DoH server itself, which might be specified using a name, libcurl +uses the default name lookup function. You can bootstrap that by providing the +address for the DoH server with CURLOPT_RESOLVE(3). + +Disable DoH use again by setting this option to NULL. + +# INHERIT OPTIONS + +DoH lookups use SSL and some SSL settings from your transfer are inherited, +like CURLOPT_SSL_CTX_FUNCTION(3). + +The hostname and peer certificate verification settings are not inherited but +can be controlled separately via CURLOPT_DOH_SSL_VERIFYHOST(3) and +CURLOPT_DOH_SSL_VERIFYPEER(3). + +A set CURLOPT_OPENSOCKETFUNCTION(3) callback is not inherited. + +# KNOWN BUGS + +Even when DoH is set to be used with this option, there are still some name +resolves that are performed without it, using the default name resolver +mechanism. This includes name resolves done for CURLOPT_INTERFACE(3), +CURLOPT_FTPPORT(3), a proxy type set to **CURLPROXY_SOCKS4** or +**CURLPROXY_SOCKS5** and probably some more. + +# DEFAULT + +NULL - there is no default DoH URL. If this option is not set, libcurl uses +the default name resolver. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_DOH_URL, "https://dns.example.com"); + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.62.0 + +# RETURN VALUE + +Returns CURLE_OK on success or CURLE_OUT_OF_MEMORY if there was insufficient +heap space. + +Note that curl_easy_setopt(3) does immediately parse the given string so +when given a bad DoH URL, libcurl might not detect the problem until it later +tries to resolve a name with it. diff --git a/docs/libcurl/opts/CURLOPT_EGDSOCKET.md b/docs/libcurl/opts/CURLOPT_EGDSOCKET.md new file mode 100644 index 000000000..a472f5ea5 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_EGDSOCKET.md @@ -0,0 +1,67 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_EGDSOCKET +Section: 3 +Source: libcurl +See-also: + - CURLOPT_RANDOM_FILE (3) +--- + +# NAME + +CURLOPT_EGDSOCKET - EGD socket path + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_EGDSOCKET, char *path); +~~~ + +# DESCRIPTION + +Deprecated option. It serves no purpose anymore. + +Pass a char pointer to the null-terminated path name to the Entropy Gathering +Daemon socket. It is used to seed the random engine for TLS. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_EGDSOCKET, "/var/egd.socket"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +If built with TLS enabled. Only the OpenSSL backend uses this, and only with +OpenSSL versions before 1.1.0. + +This option was deprecated in 7.84.0. + +# RETURN VALUE + +Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_ERRORBUFFER.md b/docs/libcurl/opts/CURLOPT_ERRORBUFFER.md new file mode 100644 index 000000000..ed5d361ef --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_ERRORBUFFER.md @@ -0,0 +1,101 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_ERRORBUFFER +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DEBUGFUNCTION (3) + - CURLOPT_VERBOSE (3) + - curl_easy_strerror (3) + - curl_multi_strerror (3) + - curl_share_strerror (3) + - curl_url_strerror (3) +--- + +# NAME + +CURLOPT_ERRORBUFFER - error buffer for error messages + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ERRORBUFFER, char *buf); +~~~ + +# DESCRIPTION + +Pass a char pointer to a buffer that libcurl may use to store human readable +error messages on failures or problems. This may be more helpful than just the +return code from curl_easy_perform(3) and related functions. The buffer must +be at least **CURL_ERROR_SIZE** bytes big. + +You must keep the associated buffer available until libcurl no longer needs +it. Failing to do so might cause odd behavior or even crashes. libcurl might +need it until you call curl_easy_cleanup(3) or you set the same option +again to use a different pointer. + +Do not rely on the contents of the buffer unless an error code was returned. +Since 7.60.0 libcurl initializes the contents of the error buffer to an empty +string before performing the transfer. For earlier versions if an error code +was returned but there was no error detail then the buffer was untouched. + +Consider CURLOPT_VERBOSE(3) and CURLOPT_DEBUGFUNCTION(3) to better +debug and trace why errors happen. + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +#include /* for strlen() */ +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + char errbuf[CURL_ERROR_SIZE]; + + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* provide a buffer to store errors in */ + curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errbuf); + + /* set the error buffer as empty before performing a request */ + errbuf[0] = 0; + + /* perform the request */ + res = curl_easy_perform(curl); + + /* if the request did not complete correctly, show the error + information. if no detailed error information was written to errbuf + show the more generic information from curl_easy_strerror instead. + */ + if(res != CURLE_OK) { + size_t len = strlen(errbuf); + fprintf(stderr, "\nlibcurl: (%d) ", res); + if(len) + fprintf(stderr, "%s%s", errbuf, + ((errbuf[len - 1] != '\n') ? "\n" : "")); + else + fprintf(stderr, "%s\n", curl_easy_strerror(res)); + } + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.md b/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.md new file mode 100644 index 000000000..9458cfc63 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_EXPECT_100_TIMEOUT_MS.md @@ -0,0 +1,64 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_EXPECT_100_TIMEOUT_MS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPPOST (3) + - CURLOPT_POST (3) +--- + +# NAME + +CURLOPT_EXPECT_100_TIMEOUT_MS - timeout for Expect: 100-continue response + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_EXPECT_100_TIMEOUT_MS, + long milliseconds); +~~~ + +# DESCRIPTION + +Pass a long to tell libcurl the number of *milliseconds* to wait for a +server response with the HTTP status 100 (Continue), 417 (Expectation Failed) +or similar after sending an HTTP request containing an Expect: 100-continue +header. If this times out before a response is received, the request body is +sent anyway. + +# DEFAULT + +1000 milliseconds + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* wait 3 seconds for 100-continue */ + curl_easy_setopt(curl, CURLOPT_EXPECT_100_TIMEOUT_MS, 3000L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.36.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_FAILONERROR.md b/docs/libcurl/opts/CURLOPT_FAILONERROR.md new file mode 100644 index 000000000..7ea5cedc6 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FAILONERROR.md @@ -0,0 +1,74 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FAILONERROR +Section: 3 +Source: libcurl +See-also: + - CURLINFO_RESPONSE_CODE (3) + - CURLOPT_HTTP200ALIASES (3) + - CURLOPT_KEEP_SENDING_ON_ERROR (3) +--- + +# NAME + +CURLOPT_FAILONERROR - request failure on HTTP response >= 400 + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FAILONERROR, long fail); +~~~ + +# DESCRIPTION + +A long parameter set to 1 tells the library to fail the request if the HTTP +code returned is equal to or larger than 400. The default action would be to +return the page normally, ignoring that code. + +This method is not fail-safe and there are occasions where non-successful +response codes slip through, especially when authentication is involved +(response codes 401 and 407). + +You might get some amounts of headers transferred before this situation is +detected, like when a "100-continue" is received as a response to a POST/PUT +and a 401 or 407 is received immediately afterwards. + +When this option is used and an error is detected, it causes the connection to +get closed and *CURLE_HTTP_RETURNED_ERROR* is returned. + +# DEFAULT + +0, do not fail on error + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_FAILONERROR, 1L); + ret = curl_easy_perform(curl); + if(ret == CURLE_HTTP_RETURNED_ERROR) { + /* an HTTP response error problem */ + } + } +} +~~~ + +# AVAILABILITY + +Along with HTTP. + +# RETURN VALUE + +Returns CURLE_OK if HTTP is enabled, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_FILETIME.md b/docs/libcurl/opts/CURLOPT_FILETIME.md new file mode 100644 index 000000000..013449105 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FILETIME.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FILETIME +Section: 3 +Source: libcurl +See-also: + - CURLINFO_FILETIME (3) + - curl_easy_getinfo (3) +--- + +# NAME + +CURLOPT_FILETIME - get the modification time of the remote resource + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FILETIME, long gettime); +~~~ + +# DESCRIPTION + +Pass a long. If it is 1, libcurl attempts to get the modification time of the +remote document in this operation. This requires that the remote server sends +the time or replies to a time querying command. The curl_easy_getinfo(3) +function with the CURLINFO_FILETIME(3) argument can be used after a +transfer to extract the received time (if any). + +# DEFAULT + +0 + +# PROTOCOLS + +HTTP(S), FTP(S), SFTP, FILE, SMB(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/path.html"); + /* Ask for filetime */ + curl_easy_setopt(curl, CURLOPT_FILETIME, 1L); + res = curl_easy_perform(curl); + if(CURLE_OK == res) { + long filetime; + res = curl_easy_getinfo(curl, CURLINFO_FILETIME, &filetime); + if((CURLE_OK == res) && (filetime >= 0)) { + time_t file_time = (time_t)filetime; + printf("filetime: %s", ctime(&file_time)); + } + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Always, for SFTP since 7.49.0 + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.md b/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.md new file mode 100644 index 000000000..48b60723a --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FNMATCH_DATA.md @@ -0,0 +1,80 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FNMATCH_DATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FNMATCH_FUNCTION (3) + - CURLOPT_WILDCARDMATCH (3) +--- + +# NAME + +CURLOPT_FNMATCH_DATA - pointer passed to the fnmatch callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FNMATCH_DATA, + void *pointer); +~~~ + +# DESCRIPTION + +Pass a pointer that is untouched by libcurl and passed as the ptr argument to +the CURLOPT_FNMATCH_FUNCTION(3). + +# DEFAULT + +NULL + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +extern int string_match(const char *s1, const char *s2); + +struct local_stuff { + void *custom; +}; + +static int my_fnmatch(void *clientp, + const char *pattern, const char *string) +{ + struct local_stuff *my = clientp; + printf("my ptr: %p\n", my->custom); + + if(string_match(pattern, string)) + return CURL_FNMATCHFUNC_MATCH; + else + return CURL_FNMATCHFUNC_NOMATCH; +} + +int main(void) +{ + struct local_stuff local_data; + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "ftp://ftp.example.com/file*"); + curl_easy_setopt(curl, CURLOPT_WILDCARDMATCH, 1L); + curl_easy_setopt(curl, CURLOPT_FNMATCH_FUNCTION, my_fnmatch); + curl_easy_setopt(curl, CURLOPT_FNMATCH_DATA, &local_data); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.21.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.md b/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.md new file mode 100644 index 000000000..8ed13bfe6 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FNMATCH_FUNCTION.md @@ -0,0 +1,88 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FNMATCH_FUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DEBUGFUNCTION (3) + - CURLOPT_FNMATCH_DATA (3) + - CURLOPT_WILDCARDMATCH (3) +--- + +# NAME + +CURLOPT_FNMATCH_FUNCTION - wildcard match callback + +# SYNOPSIS + +~~~c +#include + +int fnmatch_callback(void *ptr, + const char *pattern, + const char *string); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FNMATCH_FUNCTION, + fnmatch_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +This callback is used for wildcard matching. + +Return *CURL_FNMATCHFUNC_MATCH* if pattern matches the string, +*CURL_FNMATCHFUNC_NOMATCH* if not or *CURL_FNMATCHFUNC_FAIL* if an +error occurred. + +# DEFAULT + +NULL == an internal function for wildcard matching. + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +extern int string_match(const char *s1, const char *s2); + +struct local_stuff { + void *custom; +}; +static int my_fnmatch(void *clientp, + const char *pattern, const char *string) +{ + struct local_stuff *data = clientp; + printf("my pointer: %p\n", data->custom); + if(string_match(pattern, string)) + return CURL_FNMATCHFUNC_MATCH; + else + return CURL_FNMATCHFUNC_NOMATCH; +} + +int main(void) +{ + struct local_stuff local_data; + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "ftp://ftp.example.com/file*"); + curl_easy_setopt(curl, CURLOPT_WILDCARDMATCH, 1L); + curl_easy_setopt(curl, CURLOPT_FNMATCH_FUNCTION, my_fnmatch); + curl_easy_setopt(curl, CURLOPT_FNMATCH_DATA, &local_data); + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.21.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.md b/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.md new file mode 100644 index 000000000..9309dff21 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.md @@ -0,0 +1,93 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FOLLOWLOCATION +Section: 3 +Source: libcurl +See-also: + - CURLINFO_REDIRECT_COUNT (3) + - CURLINFO_REDIRECT_URL (3) + - CURLOPT_POSTREDIR (3) + - CURLOPT_PROTOCOLS (3) + - CURLOPT_REDIR_PROTOCOLS (3) +--- + +# NAME + +CURLOPT_FOLLOWLOCATION - follow HTTP 3xx redirects + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FOLLOWLOCATION, long enable); +~~~ + +# DESCRIPTION + +A long parameter set to 1 tells the library to follow any Location: header +redirects that an HTTP server sends in a 30x response. The Location: header +can specify a relative or an absolute URL to follow. + +libcurl issues another request for the new URL and follows subsequent new +Location: redirects all the way until no more such headers are returned or the +maximum limit is reached. CURLOPT_MAXREDIRS(3) is used to limit the +number of redirects libcurl follows. + +libcurl restricts what protocols it automatically follow redirects to. The +accepted target protocols are set with CURLOPT_REDIR_PROTOCOLS(3). By +default libcurl allows HTTP, HTTPS, FTP and FTPS on redirects. + +When following a redirect, the specific 30x response code also dictates which +request method libcurl uses in the subsequent request: For 301, 302 and 303 +responses libcurl switches method from POST to GET unless +CURLOPT_POSTREDIR(3) instructs libcurl otherwise. All other redirect +response codes make libcurl use the same method again. + +For users who think the existing location following is too naive, too simple +or just lacks features, it is easy to instead implement your own redirect +follow logic with the use of curl_easy_getinfo(3)'s +CURLINFO_REDIRECT_URL(3) option instead of using +CURLOPT_FOLLOWLOCATION(3). + +# NOTE + +Since libcurl changes method or not based on the specific HTTP response code, +setting CURLOPT_CUSTOMREQUEST(3) while following redirects may change +what libcurl would otherwise do and if not that carefully may even make it +misbehave since CURLOPT_CUSTOMREQUEST(3) overrides the method libcurl +would otherwise select internally. + +# DEFAULT + +0, disabled + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* example.com is redirected, so we tell libcurl to follow redirection */ + curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Along with HTTP + +# RETURN VALUE + +Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_FORBID_REUSE.md b/docs/libcurl/opts/CURLOPT_FORBID_REUSE.md new file mode 100644 index 000000000..0e8a20607 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FORBID_REUSE.md @@ -0,0 +1,69 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FORBID_REUSE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FRESH_CONNECT (3) + - CURLOPT_MAXCONNECTS (3) + - CURLOPT_MAXLIFETIME_CONN (3) +--- + +# NAME + +CURLOPT_FORBID_REUSE - make connection get closed at once after use + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FORBID_REUSE, long close); +~~~ + +# DESCRIPTION + +Pass a long. Set *close* to 1 to make libcurl explicitly close the +connection when done with the transfer. Normally, libcurl keeps all +connections alive when done with one transfer in case a succeeding one follows +that can reuse them. This option should be used with caution and only if you +understand what it does as it can seriously impact performance. + +Set to 0 to have libcurl keep the connection open for possible later reuse +(default behavior). + +# DEFAULT + +0 + +# PROTOCOLS + +Most + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_FORBID_REUSE, 1L); + curl_easy_perform(curl); + + /* this second transfer may not reuse the same connection */ + curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_FRESH_CONNECT.md b/docs/libcurl/opts/CURLOPT_FRESH_CONNECT.md new file mode 100644 index 000000000..ccb85270d --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FRESH_CONNECT.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FRESH_CONNECT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FORBID_REUSE (3) + - CURLOPT_MAXAGE_CONN (3) + - CURLOPT_MAXLIFETIME_CONN (3) +--- + +# NAME + +CURLOPT_FRESH_CONNECT - force a new connection to be used + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FRESH_CONNECT, long fresh); +~~~ + +# DESCRIPTION + +Pass a long. Set to 1 to make the next transfer use a new (fresh) connection +by force instead of trying to reuse an existing one. This option should be +used with caution and only if you understand what it does as it may impact +performance negatively. + +Related functionality is CURLOPT_FORBID_REUSE(3) which makes sure the +connection is closed after use so that it cannot be reused. + +Set *fresh* to 0 to have libcurl attempt reusing an existing connection +(default behavior). + +# DEFAULT + +0 + +# PROTOCOLS + +Most + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_FRESH_CONNECT, 1L); + /* this transfer must use a new connection, not reuse an existing */ + curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_FTPPORT.3 b/docs/libcurl/opts/CURLOPT_FTPPORT.md similarity index 51% rename from docs/libcurl/opts/CURLOPT_FTPPORT.3 rename to docs/libcurl/opts/CURLOPT_FTPPORT.md index c7ca197d5..8e8710b07 100644 --- a/docs/libcurl/opts/CURLOPT_FTPPORT.3 +++ b/docs/libcurl/opts/CURLOPT_FTPPORT.md @@ -1,44 +1,34 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.\" -.TH CURLOPT_FTPPORT 3 "September 26, 2023" "ibcurl 8.4.0" libcurl - -.SH NAME -CURLOPT_FTPPORT \- make FTP transfer active -.SH SYNOPSIS -.nf +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FTPPORT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FTP_USE_EPRT (3) + - CURLOPT_FTP_USE_EPSV (3) +--- + +# NAME + +CURLOPT_FTPPORT - make FTP transfer active + +# SYNOPSIS + +~~~c #include CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FTPPORT, char *spec); -.fi -.SH DESCRIPTION +~~~ + +# DESCRIPTION + Pass a pointer to a null-terminated string as parameter. It specifies that the FTP transfer should be made actively and the given string is used to get the IP address to use for the FTP PORT instruction. The PORT instruction tells the remote server to do a TCP connect to our -specified IP address. The string may be a plain IP address, a host name, a +specified IP address. The string may be a plain IP address, a hostname, a network interface name (under Unix) or just a '-' symbol to let the library use your system's default IP address. Default FTP operations are passive, and does not use the PORT command. @@ -53,17 +43,17 @@ specifier can be in brackets. Examples with specified ports: -.nf +~~~c eth0:0 192.168.1.2:32000-33000 curl.se:32123 [::1]:1234-4567 -.fi +~~~ We strongly advise against specifying the address with a name, as it causes libcurl to do a blocking name resolve call to retrieve the IP address. That -name resolve operation does \fBnot\fP use DNS-over-HTTPS even if -\fICURLOPT_DOH_URL(3)\fP is set. +name resolve operation does **not** use DNS-over-HTTPS even if +CURLOPT_DOH_URL(3) is set. Using anything else than "-" for this option should typically only be done if you have special knowledge and confirmation that it works. @@ -73,25 +63,37 @@ this option to NULL. The application does not have to keep the string around after setting this option. -.SH DEFAULT + +# DEFAULT + NULL -.SH PROTOCOLS + +# PROTOCOLS + FTP -.SH EXAMPLE -.nf -CURL *curl = curl_easy_init(); -if(curl) { - curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/old-server/file.txt"); - curl_easy_setopt(curl, CURLOPT_FTPPORT, "-"); - ret = curl_easy_perform(curl); - curl_easy_cleanup(curl); + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, + "ftp://example.com/old-server/file.txt"); + curl_easy_setopt(curl, CURLOPT_FTPPORT, "-"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } } -.fi -.SH AVAILABILITY +~~~ + +# AVAILABILITY + Port range support was added in 7.19.5 -.SH RETURN VALUE + +# RETURN VALUE + Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space. -.SH "SEE ALSO" -.BR CURLOPT_FTP_USE_EPRT (3), -.BR CURLOPT_FTP_USE_EPSV (3) diff --git a/docs/libcurl/opts/CURLOPT_FTPSSLAUTH.md b/docs/libcurl/opts/CURLOPT_FTPSSLAUTH.md new file mode 100644 index 000000000..a6ddf2f7a --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FTPSSLAUTH.md @@ -0,0 +1,76 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FTPSSLAUTH +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FTP_SSL_CCC (3) + - CURLOPT_USE_SSL (3) +--- + +# NAME + +CURLOPT_FTPSSLAUTH - order in which to attempt TLS vs SSL + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FTPSSLAUTH, long order); +~~~ + +# DESCRIPTION + +Pass a long using one of the values from below, to alter how libcurl issues +"AUTH TLS" or "AUTH SSL" when FTP over SSL is activated. This is only +interesting if CURLOPT_USE_SSL(3) is also set. + +Possible *order* values: + +## CURLFTPAUTH_DEFAULT + +Allow libcurl to decide. + +## CURLFTPAUTH_SSL + +Try "AUTH SSL" first, and only if that fails try "AUTH TLS". + +## CURLFTPAUTH_TLS + +Try "AUTH TLS" first, and only if that fails try "AUTH SSL". + +# DEFAULT + +CURLFTPAUTH_DEFAULT + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/file.txt"); + curl_easy_setopt(curl, CURLOPT_USE_SSL, CURLUSESSL_TRY); + /* funny server, ask for SSL before TLS */ + curl_easy_setopt(curl, CURLOPT_FTPSSLAUTH, (long)CURLFTPAUTH_SSL); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.12.2 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_FTP_ACCOUNT.md b/docs/libcurl/opts/CURLOPT_FTP_ACCOUNT.md new file mode 100644 index 000000000..f8941953b --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FTP_ACCOUNT.md @@ -0,0 +1,67 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FTP_ACCOUNT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PASSWORD (3) + - CURLOPT_USERNAME (3) +--- + +# NAME + +CURLOPT_FTP_ACCOUNT - account info for FTP + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FTP_ACCOUNT, char *account); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string (or NULL to disable). When an FTP +server asks for "account data" after user name and password has been provided, +this data is sent off using the ACCT command. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/foo.bin"); + + curl_easy_setopt(curl, CURLOPT_FTP_ACCOUNT, "human-resources"); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.13.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.md b/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.md new file mode 100644 index 000000000..70f451d84 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FTP_ALTERNATIVE_TO_USER.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FTP_ALTERNATIVE_TO_USER +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FTP_ACCOUNT (3) + - CURLOPT_FTP_SKIP_PASV_IP (3) + - CURLOPT_SERVER_RESPONSE_TIMEOUT (3) + - CURLOPT_USERNAME (3) +--- + +# NAME + +CURLOPT_FTP_ALTERNATIVE_TO_USER - command to use instead of USER with FTP + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FTP_ALTERNATIVE_TO_USER, + char *cmd); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, pointing to a string which is used to +authenticate if the usual FTP "USER user" and "PASS password" negotiation +fails. This is currently only known to be required when connecting to +Tumbleweed's Secure Transport FTPS server using client certificates for +authentication. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/foo.bin"); + curl_easy_setopt(curl, CURLOPT_FTP_ALTERNATIVE_TO_USER, "two users"); + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.15.5 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.md b/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.md new file mode 100644 index 000000000..07b6f68fd --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FTP_CREATE_MISSING_DIRS.md @@ -0,0 +1,88 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FTP_CREATE_MISSING_DIRS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FTP_FILEMETHOD (3) + - CURLOPT_FTP_USE_EPSV (3) +--- + +# NAME + +CURLOPT_FTP_CREATE_MISSING_DIRS - create missing directories for FTP and SFTP + +# SYNOPSIS + +~~~c +#include + +typedef enum { + CURLFTP_CREATE_DIR_NONE, + CURLFTP_CREATE_DIR, + CURLFTP_CREATE_DIR_RETRY +} curl_ftpcreatedir; + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FTP_CREATE_MISSING_DIRS, + long create); +~~~ + +# DESCRIPTION + +Pass a long telling libcurl to *create* the dir. If the value is +*CURLFTP_CREATE_DIR* (1), libcurl may create any remote directory that it +fails to "move" into. + +For FTP requests, that means a CWD command fails. CWD being the command that +changes working directory. + +For SFTP requests, libcurl may create the remote directory if it cannot obtain +a handle to the target-location. The creation fails if a file of the same name +as the directory to create already exists or lack of permissions prevents +creation. + +Setting *create* to *CURLFTP_CREATE_DIR_RETRY* (2), tells libcurl to +retry the CWD command again if the subsequent **MKD** command fails. This is +especially useful if you are doing many simultaneous connections against the +same server and they all have this option enabled, as then CWD may first fail +but then another connection does **MKD** before this connection and thus +**MKD** fails but trying CWD works! + +# DEFAULT + +CURLFTP_CREATE_DIR_NONE (0) + +# PROTOCOLS + +FTP and SFTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, + "ftp://example.com/non-existing/new.txt"); + curl_easy_setopt(curl, CURLOPT_FTP_CREATE_MISSING_DIRS, + (long)CURLFTP_CREATE_DIR_RETRY); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.10.7. SFTP support added in 7.16.3. The retry option was added in +7.19.4. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if the +create value is not. diff --git a/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.md b/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.md new file mode 100644 index 000000000..34b55d659 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FTP_FILEMETHOD.md @@ -0,0 +1,86 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FTP_FILEMETHOD +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DIRLISTONLY (3) + - CURLOPT_FTP_SKIP_PASV_IP (3) +--- + +# NAME + +CURLOPT_FTP_FILEMETHOD - select directory traversing method for FTP + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FTP_FILEMETHOD, + long method); +~~~ + +# DESCRIPTION + +Pass a long telling libcurl which *method* to use to reach a file on a +FTP(S) server. + +This option exists because some server implementations are not compliant to +what the standards say should work. + +The argument should be one of the following alternatives: + +## CURLFTPMETHOD_MULTICWD + +libcurl does a single CWD operation for each path part in the given URL. For +deep hierarchies this means many commands. This is how RFC 1738 says it should +be done. This is the default but the slowest behavior. + +## CURLFTPMETHOD_NOCWD + +libcurl makes no CWD at all. libcurl does SIZE, RETR, STOR etc and gives a +full path to the server for all these commands. This is the fastest behavior +since it skips having to change directories. + +## CURLFTPMETHOD_SINGLECWD + +libcurl does one CWD with the full target directory and then operates on the +file &"normally" (like in the multicwd case). This is somewhat more standards +compliant than 'nocwd' but without the full penalty of 'multicwd'. + +# DEFAULT + +CURLFTPMETHOD_MULTICWD + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/1/2/3/4/new.txt"); + curl_easy_setopt(curl, CURLOPT_FTP_FILEMETHOD, + (long)CURLFTPMETHOD_SINGLECWD); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.15.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.md b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.md new file mode 100644 index 000000000..bea622ac7 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FTP_SKIP_PASV_IP.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FTP_SKIP_PASV_IP +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FTPPORT (3) + - CURLOPT_FTP_USE_EPRT (3) +--- + +# NAME + +CURLOPT_FTP_SKIP_PASV_IP - ignore the IP address in the PASV response + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FTP_SKIP_PASV_IP, long skip); +~~~ + +# DESCRIPTION + +Pass a long. If *skip* is set to 1, it instructs libcurl to not use the IP +address the server suggests in its 227-response to libcurl's PASV command when +libcurl connects the data connection. Instead libcurl reuses the same IP +address it already uses for the control connection. It still uses the port +number from the 227-response. + +This option allows libcurl to work around broken server installations or funny +network setups that due to NATs, firewalls or incompetence report the wrong IP +address. Setting this option also reduces the risk for various sorts of client +abuse by malicious servers. + +This option has no effect if PORT, EPRT or EPSV is used instead of PASV. + +# DEFAULT + +1 since 7.74.0, was 0 before then. + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/file.txt"); + + /* please ignore the IP in the PASV response */ + curl_easy_setopt(curl, CURLOPT_FTP_SKIP_PASV_IP, 1L); + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.14.2 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_FTP_SSL_CCC.md b/docs/libcurl/opts/CURLOPT_FTP_SSL_CCC.md new file mode 100644 index 000000000..71947c36e --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FTP_SSL_CCC.md @@ -0,0 +1,78 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FTP_SSL_CCC +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FTPSSLAUTH (3) + - CURLOPT_PROTOCOLS_STR (3) + - CURLOPT_USE_SSL (3) +--- + +# NAME + +CURLOPT_FTP_SSL_CCC - switch off SSL again with FTP after auth + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FTP_SSL_CCC, + long how); +~~~ + +# DESCRIPTION + +If enabled, this option makes libcurl use CCC (Clear Command Channel). It +shuts down the SSL/TLS layer after authenticating. The rest of the control +channel communication remains unencrypted. This allows NAT routers to follow +the FTP transaction. Pass a long using one of the values below + +## CURLFTPSSL_CCC_NONE + +do not attempt to use CCC. + +## CURLFTPSSL_CCC_PASSIVE + +Do not initiate the shutdown, but wait for the server to do it. Do not send a +reply. + +## CURLFTPSSL_CCC_ACTIVE + +Initiate the shutdown and wait for a reply. + +# DEFAULT + +CURLFTPSSL_CCC_NONE + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/file.txt"); + curl_easy_setopt(curl, CURLOPT_USE_SSL, CURLUSESSL_CONTROL); + /* go back to clear-text FTP after authenticating */ + curl_easy_setopt(curl, CURLOPT_FTP_SSL_CCC, (long)CURLFTPSSL_CCC_ACTIVE); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.16.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_FTP_USE_EPRT.md b/docs/libcurl/opts/CURLOPT_FTP_USE_EPRT.md new file mode 100644 index 000000000..644f51aa9 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FTP_USE_EPRT.md @@ -0,0 +1,73 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FTP_USE_EPRT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FTPPORT (3) + - CURLOPT_FTP_USE_EPSV (3) +--- + +# NAME + +CURLOPT_FTP_USE_EPRT - use EPRT for FTP + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FTP_USE_EPRT, long enabled); +~~~ + +# DESCRIPTION + +Pass a long. If the value is 1, it tells curl to use the EPRT command when +doing active FTP downloads (which is enabled by +CURLOPT_FTPPORT(3)). Using EPRT means that libcurl first attempts to use +EPRT before using PORT, but if you pass zero to this option, it avoids using +EPRT, only plain PORT. + +The EPRT command is a slightly newer addition to the FTP protocol than PORT +and is the preferred command to use since it enables IPv6 to be used. Old FTP +servers might not support it, which is why libcurl has a fallback mechanism. +Sometimes that fallback is not enough and then this option might come handy. + +If the server is an IPv6 host, this option has no effect as EPRT is necessary +then. + +# DEFAULT + +# PROTOCOLS + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/file.txt"); + + /* contact us back, aka "active" FTP */ + curl_easy_setopt(curl, CURLOPT_FTPPORT, "-"); + + /* FTP the way the neanderthals did it */ + curl_easy_setopt(curl, CURLOPT_FTP_USE_EPRT, 0L); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.10.5 + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_FTP_USE_EPSV.md b/docs/libcurl/opts/CURLOPT_FTP_USE_EPSV.md new file mode 100644 index 000000000..985ca8ba3 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FTP_USE_EPSV.md @@ -0,0 +1,73 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FTP_USE_EPSV +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FTPPORT (3) + - CURLOPT_FTP_USE_EPRT (3) +--- + +# NAME + +CURLOPT_FTP_USE_EPSV - use EPSV for FTP + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FTP_USE_EPSV, long epsv); +~~~ + +# DESCRIPTION + +Pass *epsv* as a long. If the value is 1, it tells curl to use the EPSV +command when doing passive FTP downloads (which it does by default). Using +EPSV means that libcurl first attempts to use the EPSV command before using +PASV. If you pass zero to this option, it does not use EPSV, only plain PASV. + +The EPSV command is a slightly newer addition to the FTP protocol than PASV +and is the preferred command to use since it enables IPv6 to be used. Old FTP +servers might not support it, which is why libcurl has a fallback mechanism. +Sometimes that fallback is not enough and then this option might come handy. + +If the server is an IPv6 host, this option has no effect. + +# DEFAULT + +1 + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, + "ftp://example.com/old-server/file.txt"); + + /* let's shut off this modern feature */ + curl_easy_setopt(curl, CURLOPT_FTP_USE_EPSV, 0L); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Along with FTP + +# RETURN VALUE + +Returns CURLE_OK if FTP is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_FTP_USE_PRET.md b/docs/libcurl/opts/CURLOPT_FTP_USE_PRET.md new file mode 100644 index 000000000..f81ca4cf0 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_FTP_USE_PRET.md @@ -0,0 +1,66 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_FTP_USE_PRET +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FTP_USE_EPRT (3) + - CURLOPT_FTP_USE_EPSV (3) +--- + +# NAME + +CURLOPT_FTP_USE_PRET - use PRET for FTP + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_FTP_USE_PRET, long enable); +~~~ + +# DESCRIPTION + +Pass a long. If the value is 1, it tells curl to send a PRET command before +PASV (and EPSV). Certain FTP servers, mainly drftpd, require this non-standard +command for directory listings as well as up and downloads in PASV mode. Has +no effect when using the active FTP transfers mode. + +# DEFAULT + +0 + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, + "ftp://example.com/old-server/file.txt"); + + /* a drftpd server, do it! */ + curl_easy_setopt(curl, CURLOPT_FTP_USE_PRET, 1L); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.20.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_GSSAPI_DELEGATION.md b/docs/libcurl/opts/CURLOPT_GSSAPI_DELEGATION.md new file mode 100644 index 000000000..01c1d5062 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_GSSAPI_DELEGATION.md @@ -0,0 +1,65 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_GSSAPI_DELEGATION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPAUTH (3) + - CURLOPT_PROXYAUTH (3) +--- + +# NAME + +CURLOPT_GSSAPI_DELEGATION - allowed GSS-API delegation + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_GSSAPI_DELEGATION, long level); +~~~ + +# DESCRIPTION + +Set the long parameter *level* to **CURLGSSAPI_DELEGATION_FLAG** to allow +unconditional GSSAPI credential delegation. The delegation is disabled by +default since 7.21.7. Set the parameter to +**CURLGSSAPI_DELEGATION_POLICY_FLAG** to delegate only if the OK-AS-DELEGATE +flag is set in the service ticket in case this feature is supported by the +GSS-API implementation and the definition of *GSS_C_DELEG_POLICY_FLAG* was +available at compile-time. + +# DEFAULT + +CURLGSSAPI_DELEGATION_NONE + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* delegate if okayed by policy */ + curl_easy_setopt(curl, CURLOPT_GSSAPI_DELEGATION, + (long)CURLGSSAPI_DELEGATION_POLICY_FLAG); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.22.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.md b/docs/libcurl/opts/CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.md new file mode 100644 index 000000000..23299c736 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CONNECTTIMEOUT_MS (3) + - CURLOPT_LOW_SPEED_LIMIT (3) + - CURLOPT_TIMEOUT (3) +--- + +# NAME + +CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS - head start for IPv6 for happy eyeballs + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS, + long timeout); +~~~ + +# DESCRIPTION + +Happy eyeballs is an algorithm that attempts to connect to both IPv4 and IPv6 +addresses for dual-stack hosts, preferring IPv6 first for *timeout* +milliseconds. If the IPv6 address cannot be connected to within that time then +a connection attempt is made to the IPv4 address in parallel. The first +connection to be established is the one that is used. + +The range of suggested useful values for *timeout* is limited. Happy +Eyeballs RFC 6555 says "It is RECOMMENDED that connection attempts be paced +150-250 ms apart to balance human factors against network load." libcurl +currently defaults to 200 ms. Firefox and Chrome currently default to 300 ms. + +# DEFAULT + +CURL_HET_DEFAULT (currently defined as 200L) + +# PROTOCOLS + +All except FILE + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS, 300L); + + curl_easy_perform(curl); + + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.59.0 + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_HAPROXYPROTOCOL.md b/docs/libcurl/opts/CURLOPT_HAPROXYPROTOCOL.md new file mode 100644 index 000000000..51eb2656c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HAPROXYPROTOCOL.md @@ -0,0 +1,64 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HAPROXYPROTOCOL +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY (3) +--- + +# NAME + +CURLOPT_HAPROXYPROTOCOL - send HAProxy PROXY protocol v1 header + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HAPROXYPROTOCOL, + long haproxy_protocol); +~~~ + +# DESCRIPTION + +A long parameter set to 1 tells the library to send an HAProxy PROXY +protocol v1 header at beginning of the connection. The default action is not to +send this header. + +This option is primarily useful when sending test requests to a service that +expects this header. + +Most applications do not need this option. + +# DEFAULT + +0, do not send any HAProxy PROXY protocol header + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_HAPROXYPROTOCOL, 1L); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Along with HTTP. Added in 7.60.0. + +# RETURN VALUE + +Returns CURLE_OK if HTTP is enabled, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_HAPROXY_CLIENT_IP.md b/docs/libcurl/opts/CURLOPT_HAPROXY_CLIENT_IP.md new file mode 100644 index 000000000..ac0da3a1c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HAPROXY_CLIENT_IP.md @@ -0,0 +1,63 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HAPROXY_CLIENT_IP +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HAPROXYPROTOCOL (3) + - CURLOPT_PROXY (3) +--- + +# NAME + +CURLOPT_HAPROXY_CLIENT_IP - set HAProxy PROXY protocol client IP + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HAPROXY_CLIENT_IP, + char *client_ip); +~~~ + +# DESCRIPTION + +When this parameter is set to a valid IPv4 or IPv6 numerical address, the +library sends this address as client address in the HAProxy PROXY protocol v1 +header at beginning of the connection. + +This option is an alternative to CURLOPT_HAPROXYPROTOCOL(3) as that one +cannot use a specified address. + +# DEFAULT + +NULL, no HAProxy header is sent + +# PROTOCOLS + +HTTP, HAProxy PROTOCOL + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_HAPROXY_CLIENT_IP, "1.1.1.1"); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Along with HTTP. Added in 8.2.0. + +# RETURN VALUE + +Returns CURLE_OK if HTTP is enabled, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_HEADER.md b/docs/libcurl/opts/CURLOPT_HEADER.md new file mode 100644 index 000000000..d5e272ac5 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HEADER.md @@ -0,0 +1,76 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HEADER +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HEADERFUNCTION (3) + - CURLOPT_HTTPHEADER (3) +--- + +# NAME + +CURLOPT_HEADER - pass headers to the data stream + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HEADER, long onoff); +~~~ + +# DESCRIPTION + +Pass the long value *onoff* set to 1 to ask libcurl to include the headers +in the write callback (CURLOPT_WRITEFUNCTION(3)). This option is +relevant for protocols that actually have headers or other meta-data (like +HTTP and FTP). + +When asking to get the headers passed to the same callback as the body, it is +not possible to accurately separate them again without detailed knowledge +about the protocol in use. + +Further: the CURLOPT_WRITEFUNCTION(3) callback is limited to only ever +get a maximum of *CURL_MAX_WRITE_SIZE* bytes passed to it (16KB), while a +header can be longer and the CURLOPT_HEADERFUNCTION(3) supports getting +called with headers up to *CURL_MAX_HTTP_HEADER* bytes big (100KB). + +It is often better to use CURLOPT_HEADERFUNCTION(3) to get the header +data separately. + +While named confusingly similar, CURLOPT_HTTPHEADER(3) is used to set +custom HTTP headers! + +# DEFAULT + +0 + +# PROTOCOLS + +Most + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + curl_easy_setopt(curl, CURLOPT_HEADER, 1L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Provided in all libcurl versions. + +# RETURN VALUE + +Returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_HEADERDATA.md b/docs/libcurl/opts/CURLOPT_HEADERDATA.md new file mode 100644 index 000000000..7f056361f --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HEADERDATA.md @@ -0,0 +1,89 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HEADERDATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HEADERFUNCTION (3) + - CURLOPT_WRITEFUNCTION (3) + - curl_easy_header (3) +--- + +# NAME + +CURLOPT_HEADERDATA - pointer to pass to header callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HEADERDATA, void *pointer); +~~~ + +# DESCRIPTION + +Pass a *pointer* to be used to write the header part of the received data +to. + +If CURLOPT_WRITEFUNCTION(3) or CURLOPT_HEADERFUNCTION(3) is used, +*pointer* is passed in to the respective callback. + +If neither of those options are set, *pointer* must be a valid FILE * and +it is used by a plain fwrite() to write headers to. + +If you are using libcurl as a win32 DLL, you **MUST** use a +CURLOPT_WRITEFUNCTION(3) or CURLOPT_HEADERFUNCTION(3) if you set +this option or you might experience crashes. + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +struct my_info { + int shoesize; + char *secret; +}; + +static size_t header_callback(char *buffer, size_t size, + size_t nitems, void *userdata) +{ + struct my_info *i = userdata; + printf("shoe size: %d\n", i->shoesize); + /* now this callback can access the my_info struct */ + + return nitems * size; +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + struct my_info my = { 10, "the cookies are in the cupboard" }; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_callback); + + /* pass in custom data to the callback */ + curl_easy_setopt(curl, CURLOPT_HEADERDATA, &my); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.3 b/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.md similarity index 56% rename from docs/libcurl/opts/CURLOPT_HEADERFUNCTION.3 rename to docs/libcurl/opts/CURLOPT_HEADERFUNCTION.md index c74c92e20..eb14cdd6f 100644 --- a/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.3 +++ b/docs/libcurl/opts/CURLOPT_HEADERFUNCTION.md @@ -1,33 +1,22 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.\" -.TH CURLOPT_HEADERFUNCTION 3 "September 26, 2023" "ibcurl 8.4.0" libcurl - -.SH NAME -CURLOPT_HEADERFUNCTION \- callback that receives header data -.SH SYNOPSIS -.nf +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HEADERFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HEADERDATA (3) + - CURLOPT_WRITEFUNCTION (3) + - curl_easy_header (3) +--- + +# NAME + +CURLOPT_HEADERFUNCTION - callback that receives header data + +# SYNOPSIS + +~~~c #include size_t header_callback(char *buffer, @@ -37,38 +26,40 @@ size_t header_callback(char *buffer, CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HEADERFUNCTION, header_callback); -.fi -.SH DESCRIPTION +~~~ + +# DESCRIPTION + Pass a pointer to your callback function, which should match the prototype shown above. This callback function gets invoked by libcurl as soon as it has received header data. The header callback is called once for each header and only complete header lines are passed on to the callback. Parsing headers is easy -to do using this callback. \fIbuffer\fP points to the delivered data, and the -size of that data is \fInitems\fP; \fIsize\fP is always 1. The provide header +to do using this callback. *buffer* points to the delivered data, and the +size of that data is *nitems*; *size* is always 1. The provide header line is not null-terminated! -The pointer named \fIuserdata\fP is the one you set with the -\fICURLOPT_HEADERDATA(3)\fP option. +The pointer named *userdata* is the one you set with the +CURLOPT_HEADERDATA(3) option. Your callback should return the number of bytes actually taken care of. If that amount differs from the amount passed to your callback function, it signals an error condition to the library. This causes the transfer to get -aborted and the libcurl function used returns \fICURLE_WRITE_ERROR\fP. +aborted and the libcurl function used returns *CURLE_WRITE_ERROR*. You can also abort the transfer by returning CURL_WRITEFUNC_ERROR. (7.87.0) A complete HTTP header that is passed to this function can be up to -\fICURL_MAX_HTTP_HEADER\fP (100K) bytes and includes the final line terminator. +*CURL_MAX_HTTP_HEADER* (100K) bytes and includes the final line terminator. If this option is not set, or if it is set to NULL, but -\fICURLOPT_HEADERDATA(3)\fP is set to anything but NULL, the function used to +CURLOPT_HEADERDATA(3) is set to anything but NULL, the function used to accept response data is used instead. That is the function specified with -\fICURLOPT_WRITEFUNCTION(3)\fP, or if it is not specified or NULL - the +CURLOPT_WRITEFUNCTION(3), or if it is not specified or NULL - the default, stream-writing function. -It's important to note that the callback is invoked for the headers of all +It is important to note that the callback is invoked for the headers of all responses received after initiating a request and not just the final response. This includes all responses which occur during authentication negotiation. If you need to operate on only the headers from the final @@ -90,19 +81,27 @@ For non-HTTP protocols like FTP, POP3, IMAP and SMTP this function gets called with the server responses to the commands that libcurl sends. A more convenient way to get HTTP headers might be to use -\fIcurl_easy_header(3)\fP. -.SH LIMITATIONS +curl_easy_header(3). + +# LIMITATIONS + libcurl does not unfold HTTP "folded headers" (deprecated since RFC 7230). A folded header is a header that continues on a subsequent line and starts with a whitespace. Such folds are passed to the header callback as separate ones, although strictly they are just continuations of the previous lines. -.SH DEFAULT + +# DEFAULT + Nothing. -.SH PROTOCOLS + +# PROTOCOLS + Used for all protocols with headers or meta-data concept: HTTP, FTP, POP3, IMAP, SMTP and more. -.SH EXAMPLE -.nf + +# EXAMPLE + +~~~c static size_t header_callback(char *buffer, size_t size, size_t nitems, void *userdata) { @@ -111,20 +110,23 @@ static size_t header_callback(char *buffer, size_t size, return nitems * size; } -CURL *curl = curl_easy_init(); -if(curl) { - curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); - curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_callback); + curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_callback); - curl_easy_perform(curl); + curl_easy_perform(curl); + } } -.fi -.SH AVAILABILITY +~~~ + +# AVAILABILITY + Always -.SH RETURN VALUE + +# RETURN VALUE + Returns CURLE_OK -.SH "SEE ALSO" -.BR curl_easy_header (3), -.BR CURLOPT_HEADERDATA (3), -.BR CURLOPT_WRITEFUNCTION (3) diff --git a/docs/libcurl/opts/CURLOPT_HEADEROPT.md b/docs/libcurl/opts/CURLOPT_HEADEROPT.md new file mode 100644 index 000000000..bb3bcf41c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HEADEROPT.md @@ -0,0 +1,81 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HEADEROPT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPHEADER (3) + - CURLOPT_PROXYHEADER (3) +--- + +# NAME + +CURLOPT_HEADEROPT - send HTTP headers to both proxy and host or separately + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HEADEROPT, long bitmask); +~~~ + +# DESCRIPTION + +Pass a long that is a bitmask of options of how to deal with headers. The two +mutually exclusive options are: + +**CURLHEADER_UNIFIED** - the headers specified in +CURLOPT_HTTPHEADER(3) are used in requests both to servers and +proxies. With this option enabled, CURLOPT_PROXYHEADER(3) does not have +any effect. + +**CURLHEADER_SEPARATE** - makes CURLOPT_HTTPHEADER(3) headers only get +sent to a server and not to a proxy. Proxy headers must be set with +CURLOPT_PROXYHEADER(3) to get used. Note that if a non-CONNECT request +is sent to a proxy, libcurl sends both server headers and proxy headers. When +doing CONNECT, libcurl sends CURLOPT_PROXYHEADER(3) headers only to the +proxy and then CURLOPT_HTTPHEADER(3) headers only to the server. + +# DEFAULT + +CURLHEADER_SEPARATE (changed in 7.42.1, used CURLHEADER_UNIFIED before then) + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + struct curl_slist *list; + list = curl_slist_append(NULL, "Shoesize: 10"); + list = curl_slist_append(list, "Accept:"); + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY, "http://localhost:8080"); + curl_easy_setopt(curl, CURLOPT_HTTPHEADER, list); + + /* HTTPS over a proxy makes a separate CONNECT to the proxy, so tell + libcurl to not send the custom headers to the proxy. Keep them + separate! */ + curl_easy_setopt(curl, CURLOPT_HEADEROPT, CURLHEADER_SEPARATE); + ret = curl_easy_perform(curl); + curl_slist_free_all(list); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.37.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_HSTS.md b/docs/libcurl/opts/CURLOPT_HSTS.md new file mode 100644 index 000000000..83379f270 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HSTS.md @@ -0,0 +1,83 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HSTS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_ALTSVC (3) + - CURLOPT_HSTS_CTRL (3) + - CURLOPT_RESOLVE (3) +--- + +# NAME + +CURLOPT_HSTS - HSTS cache file name + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HSTS, char *filename); +~~~ + +# DESCRIPTION + +Make the *filename* point to a filename to load an existing HSTS cache +from, and to store the cache in when the easy handle is closed. Setting a file +name with this option also enables HSTS for this handle (the equivalent of +setting *CURLHSTS_ENABLE* with CURLOPT_HSTS_CTRL(3)). + +If the given file does not exist or contains no HSTS entries at startup, the +HSTS cache simply starts empty. Setting the filename to NULL or "" only +enables HSTS without reading from or writing to any file. + +If this option is set multiple times, libcurl loads cache entries from each +given file but only stores the last used name for later writing. + +# FILE FORMAT + +The HSTS cache is saved to and loaded from a text file with one entry per +physical line. Each line in the file has the following format: + +[host] [stamp] + +[host] is the domain name for the entry and the name is dot-prefixed if it is +an entry valid for all subdomains to the name as well or only for the exact +name. + +[stamp] is the time (in UTC) when the entry expires and it uses the format +"YYYYMMDD HH:MM:SS". + +Lines starting with "#" are treated as comments and are ignored. There is +currently no length or size limit. + +# DEFAULT + +NULL, no file name + +# PROTOCOLS + +HTTPS and HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_HSTS, "/home/user/.hsts-cache"); + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.74.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_HSTSREADDATA.md b/docs/libcurl/opts/CURLOPT_HSTSREADDATA.md new file mode 100644 index 000000000..8fbb888d3 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HSTSREADDATA.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HSTSREADDATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HSTS (3) + - CURLOPT_HSTSREADFUNCTION (3) + - CURLOPT_HSTSWRITEDATA (3) + - CURLOPT_HSTSWRITEFUNCTION (3) +--- + +# NAME + +CURLOPT_HSTSREADDATA - pointer passed to the HSTS read callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HSTSREADDATA, void *pointer); +~~~ + +# DESCRIPTION + +Data *pointer* to pass to the HSTS read function. If you use the +CURLOPT_HSTSREADFUNCTION(3) option, this is the pointer you get as input +in the 3rd argument to the callback. + +This option does not enable HSTS, you need to use CURLOPT_HSTS_CTRL(3) to +do that. + +# DEFAULT + +NULL + +# PROTOCOLS + +This feature is only used for HTTP(S) transfer. + +# EXAMPLE + +~~~c +struct MyData { + void *custom; +}; + +int main(void) +{ + CURL *curl = curl_easy_init(); + struct MyData this; + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); + + /* pass pointer that gets passed in to the + CURLOPT_HSTSREADFUNCTION callback */ + curl_easy_setopt(curl, CURLOPT_HSTSREADDATA, &this); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.74.0 + +# RETURN VALUE + +This returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_HSTSREADFUNCTION.md b/docs/libcurl/opts/CURLOPT_HSTSREADFUNCTION.md new file mode 100644 index 000000000..cc221638c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HSTSREADFUNCTION.md @@ -0,0 +1,106 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HSTSREADFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HSTS (3) + - CURLOPT_HSTSREADDATA (3) + - CURLOPT_HSTSWRITEFUNCTION (3) + - CURLOPT_HSTS_CTRL (3) +--- + +# NAME + +CURLOPT_HSTSREADFUNCTION - read callback for HSTS hosts + +# SYNOPSIS + +~~~c +#include + +struct curl_hstsentry { + char *name; + size_t namelen; + unsigned int includeSubDomains:1; + char expire[18]; /* YYYYMMDD HH:MM:SS [null-terminated] */ +}; + +CURLSTScode hstsread(CURL *easy, struct curl_hstsentry *sts, void *clientp); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HSTSREADFUNCTION, hstsread); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, as the prototype shows above. + +This callback function gets called by libcurl repeatedly when it populates the +in-memory HSTS cache. + +Set the *clientp* argument with the CURLOPT_HSTSREADDATA(3) option +or it is NULL. + +When this callback is invoked, the *sts* pointer points to a populated +struct: Copy the hostname to *name* (no longer than *namelen* +bytes). Make it null-terminated. Set *includeSubDomains* to TRUE or +FALSE. Set *expire* to a date stamp or a zero length string for *forever* +(wrong date stamp format might cause the name to not get accepted) + +The callback should return *CURLSTS_OK* if it returns a name and is +prepared to be called again (for another host) or *CURLSTS_DONE* if it has +no entry to return. It can also return *CURLSTS_FAIL* to signal +error. Returning *CURLSTS_FAIL* stops the transfer from being performed +and make *CURLE_ABORTED_BY_CALLBACK* get returned. + +This option does not enable HSTS, you need to use CURLOPT_HSTS_CTRL(3) to +do that. + +# DEFAULT + +NULL - no callback. + +# PROTOCOLS + +This feature is only used for HTTP(S) transfer. + +# EXAMPLE + +~~~c +struct priv { + void *custom; +}; + +static CURLSTScode hsts_cb(CURL *easy, struct curl_hstsentry *sts, + void *clientp) +{ + /* populate the struct as documented */ + return CURLSTS_OK; +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + struct priv my_stuff; + CURLcode res; + + /* set HSTS read callback */ + curl_easy_setopt(curl, CURLOPT_HSTSREADFUNCTION, hsts_cb); + + /* pass in suitable argument to the callback */ + curl_easy_setopt(curl, CURLOPT_HSTSREADDATA, &my_stuff); + + res = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.74.0 + +# RETURN VALUE + +This returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_HSTSWRITEDATA.md b/docs/libcurl/opts/CURLOPT_HSTSWRITEDATA.md new file mode 100644 index 000000000..b4486d7a3 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HSTSWRITEDATA.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HSTSWRITEDATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HSTS (3) + - CURLOPT_HSTSREADDATA (3) + - CURLOPT_HSTSREADFUNCTION (3) + - CURLOPT_HSTSWRITEFUNCTION (3) +--- + +# NAME + +CURLOPT_HSTSWRITEDATA - pointer passed to the HSTS write callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HSTSWRITEDATA, void *pointer); +~~~ + +# DESCRIPTION + +Data *pointer* to pass to the HSTS write function. If you use the +CURLOPT_HSTSWRITEFUNCTION(3) option, this is the pointer you get as +input in the fourth argument to the callback. + +This option does not enable HSTS, you need to use CURLOPT_HSTS_CTRL(3) to +do that. + +# DEFAULT + +NULL + +# PROTOCOLS + +This feature is only used for HTTP(S) transfer. + +# EXAMPLE + +~~~c +struct MyData { + void *custom; +}; + +int main(void) +{ + CURL *curl = curl_easy_init(); + struct MyData this; + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); + + /* pass pointer that gets passed in to the + CURLOPT_HSTSWRITEFUNCTION callback */ + curl_easy_setopt(curl, CURLOPT_HSTSWRITEDATA, &this); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.74.0 + +# RETURN VALUE + +This returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_HSTSWRITEFUNCTION.md b/docs/libcurl/opts/CURLOPT_HSTSWRITEFUNCTION.md new file mode 100644 index 000000000..ede35218c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HSTSWRITEFUNCTION.md @@ -0,0 +1,110 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HSTSWRITEFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HSTS (3) + - CURLOPT_HSTSWRITEDATA (3) + - CURLOPT_HSTSWRITEFUNCTION (3) + - CURLOPT_HSTS_CTRL (3) +--- + +# NAME + +CURLOPT_HSTSWRITEFUNCTION - write callback for HSTS hosts + +# SYNOPSIS + +~~~c +#include + +struct curl_hstsentry { + char *name; + size_t namelen; + unsigned int includeSubDomains:1; + char expire[18]; /* YYYYMMDD HH:MM:SS [null-terminated] */ +}; + +struct curl_index { + size_t index; /* the provided entry's "index" or count */ + size_t total; /* total number of entries to save */ +}; + +CURLSTScode hstswrite(CURL *easy, struct curl_hstsentry *sts, + struct curl_index *count, void *clientp); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HSTSWRITEFUNCTION, hstswrite); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, as the prototype shows above. + +This callback function gets called by libcurl repeatedly to allow the +application to store the in-memory HSTS cache when libcurl is about to discard +it. + +Set the *clientp* argument with the CURLOPT_HSTSWRITEDATA(3) option +or it is NULL. +When the callback is invoked, the *sts* pointer points to a populated +struct: Read the hostname to 'name' (it is *namelen* bytes long and null +terminated. The *includeSubDomains* field is non-zero if the entry matches +subdomains. The *expire* string is a date stamp null-terminated string +using the syntax YYYYMMDD HH:MM:SS. + +The callback should return *CURLSTS_OK* if it succeeded and is prepared to +be called again (for another host) or *CURLSTS_DONE* if there is nothing +more to do. It can also return *CURLSTS_FAIL* to signal error. + +This option does not enable HSTS, you need to use CURLOPT_HSTS_CTRL(3) to +do that. + +# DEFAULT + +NULL - no callback. + +# PROTOCOLS + +This feature is only used for HTTP(S) transfer. + +# EXAMPLE + +~~~c +struct priv { + void *custom; +}; + +static CURLSTScode hswr_cb(CURL *easy, struct curl_hstsentry *sts, + struct curl_index *count, void *clientp) +{ + /* save the passed in HSTS data somewhere */ + return CURLSTS_OK; +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + struct priv my_stuff; + CURLcode res; + + /* set HSTS read callback */ + curl_easy_setopt(curl, CURLOPT_HSTSWRITEFUNCTION, hswr_cb); + + /* pass in suitable argument to the callback */ + curl_easy_setopt(curl, CURLOPT_HSTSWRITEDATA, &my_stuff); + + res = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.74.0 + +# RETURN VALUE + +This returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_HSTS_CTRL.md b/docs/libcurl/opts/CURLOPT_HSTS_CTRL.md new file mode 100644 index 000000000..d60e58f0f --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HSTS_CTRL.md @@ -0,0 +1,78 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HSTS_CTRL +Section: 3 +Source: libcurl +See-also: + - CURLOPT_ALTSVC (3) + - CURLOPT_CONNECT_TO (3) + - CURLOPT_HSTS (3) + - CURLOPT_RESOLVE (3) +--- + +# NAME + +CURLOPT_HSTS_CTRL - control HSTS behavior + +# SYNOPSIS + +~~~c +#include + +#define CURLHSTS_ENABLE (1<<0) +#define CURLHSTS_READONLYFILE (1<<1) + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HSTS_CTRL, long bitmask); +~~~ + +# DESCRIPTION + +HSTS (HTTP Strict Transport Security) means that an HTTPS server can instruct +the client to not contact it again over clear-text HTTP for a certain period +into the future. libcurl then automatically redirects HTTP attempts to such +hosts to instead use HTTPS. This is done by libcurl retaining this knowledge +in an in-memory cache. + +Populate the long *bitmask* with the correct set of features to instruct +libcurl how to handle HSTS for the transfers using this handle. + +# BITS + +## CURLHSTS_ENABLE + +Enable the in-memory HSTS cache for this handle. + +## CURLHSTS_READONLYFILE + +Make the HSTS file (if specified) read-only - makes libcurl not save the cache +to the file when closing the handle. + +# DEFAULT + +0. HSTS is disabled by default. + +# PROTOCOLS + +HTTPS and HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_HSTS_CTRL, (long)CURLHSTS_ENABLE); + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.74.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_HTTP09_ALLOWED.md b/docs/libcurl/opts/CURLOPT_HTTP09_ALLOWED.md new file mode 100644 index 000000000..d3594926f --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HTTP09_ALLOWED.md @@ -0,0 +1,64 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HTTP09_ALLOWED +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTP_VERSION (3) + - CURLOPT_SSLVERSION (3) +--- + +# NAME + +CURLOPT_HTTP09_ALLOWED - allow HTTP/0.9 response + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTP09_ALLOWED, long allowed); +~~~ + +# DESCRIPTION + +Pass the long argument *allowed* set to 1L to allow HTTP/0.9 responses. + +An HTTP/0.9 response is a server response entirely without headers and only a +body. You can connect to lots of random TCP services and still get a response +that curl might consider to be HTTP/0.9! + +# DEFAULT + +curl allowed HTTP/0.9 responses by default before 7.66.0 + +Since 7.66.0, libcurl requires this option set to 1L to allow HTTP/0.9 +responses. + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_HTTP09_ALLOWED, 1L); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Option added in 7.64.0, present along with HTTP. + +# RETURN VALUE + +Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.md b/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.md new file mode 100644 index 000000000..b48faf603 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HTTP200ALIASES.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HTTP200ALIASES +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTP09_ALLOWED (3) + - CURLOPT_HTTP_VERSION (3) +--- + +# NAME + +CURLOPT_HTTP200ALIASES - alternative matches for HTTP 200 OK + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTP200ALIASES, + struct curl_slist *aliases); +~~~ + +# DESCRIPTION + +Pass a pointer to a linked list of *aliases* to be treated as valid HTTP 200 +responses. Some servers respond with a custom header response line. For +example, SHOUTcast servers respond with "ICY 200 OK". Also some old Icecast +1.3.x servers respond like that for certain user agent headers or in absence +of such. By including this string in your list of aliases, the response gets +treated as a valid HTTP header line such as "HTTP/1.0 200 OK". + +The linked list should be a fully valid list of struct curl_slist structs, and +be properly filled in. Use curl_slist_append(3) to create the list and +curl_slist_free_all(3) to clean up an entire list. + +The alias itself is not parsed for any version strings. The protocol is +assumed to match HTTP 1.0 when an alias match. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + struct curl_slist *list; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + list = curl_slist_append(NULL, "ICY 200 OK"); + list = curl_slist_append(list, "WEIRDO 99 FINE"); + + curl_easy_setopt(curl, CURLOPT_HTTP200ALIASES, list); + curl_easy_perform(curl); + curl_slist_free_all(list); /* free the list again */ + } +} +~~~ + +# AVAILABILITY + +Added in 7.10.3 + +# RETURN VALUE + +Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_HTTPAUTH.md b/docs/libcurl/opts/CURLOPT_HTTPAUTH.md new file mode 100644 index 000000000..ca92f5eb0 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HTTPAUTH.md @@ -0,0 +1,163 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HTTPAUTH +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PASSWORD (3) + - CURLOPT_PROXYAUTH (3) + - CURLOPT_USERNAME (3) +--- + +# NAME + +CURLOPT_HTTPAUTH - HTTP server authentication methods to try + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPAUTH, long bitmask); +~~~ + +# DESCRIPTION + +Pass a long as parameter, which is set to a bitmask, to tell libcurl which +authentication method(s) you want it to use speaking to the remote server. + +The available bits are listed below. If more than one bit is set, libcurl +first queries the host to see which authentication methods it supports and +then picks the best one you allow it to use. For some methods, this induces an +extra network round-trip. Set the actual name and password with the +CURLOPT_USERPWD(3) option or with the CURLOPT_USERNAME(3) and the +CURLOPT_PASSWORD(3) options. + +For authentication with a proxy, see CURLOPT_PROXYAUTH(3). + +## CURLAUTH_BASIC + +HTTP Basic authentication. This is the default choice, and the only method +that is in wide-spread use and supported virtually everywhere. This sends +the user name and password over the network in plain text, easily captured by +others. + +## CURLAUTH_DIGEST + +HTTP Digest authentication. Digest authentication is defined in RFC 2617 and +is a more secure way to do authentication over public networks than the +regular old-fashioned Basic method. + +## CURLAUTH_DIGEST_IE + +HTTP Digest authentication with an IE flavor. Digest authentication is defined +in RFC 2617 and is a more secure way to do authentication over public networks +than the regular old-fashioned Basic method. The IE flavor is simply that +libcurl uses a special "quirk" that IE is known to have used before version 7 +and that some servers require the client to use. + +## CURLAUTH_BEARER + +HTTP Bearer token authentication, used primarily in OAuth 2.0 protocol. + +You can set the Bearer token to use with CURLOPT_XOAUTH2_BEARER(3). + +## CURLAUTH_NEGOTIATE + +HTTP Negotiate (SPNEGO) authentication. Negotiate authentication is defined +in RFC 4559 and is the most secure way to perform authentication over HTTP. + +You need to build libcurl with a suitable GSS-API library or SSPI on Windows +for this to work. + +## CURLAUTH_NTLM + +HTTP NTLM authentication. A proprietary protocol invented and used by +Microsoft. It uses a challenge-response and hash concept similar to Digest, to +prevent the password from being eavesdropped. + +You need to build libcurl with either OpenSSL or GnuTLS support for this +option to work, or build libcurl on Windows with SSPI support. + +## CURLAUTH_NTLM_WB + +NTLM delegating to winbind helper. Authentication is performed by a separate +binary application that is executed when needed. The name of the application +is specified at compile time but is typically **/usr/bin/ntlm_auth**. + +Note that libcurl forks when necessary to run the winbind application and kill +it when complete, calling **waitpid()** to await its exit when done. On POSIX +operating systems, killing the process causes a SIGCHLD signal to be raised +(regardless of whether CURLOPT_NOSIGNAL(3) is set), which must be handled +intelligently by the application. In particular, the application must not +unconditionally call wait() in its SIGCHLD signal handler to avoid being +subject to a race condition. This behavior is subject to change in future +versions of libcurl. + +## CURLAUTH_ANY + +This is a convenience macro that sets all bits and thus makes libcurl pick any +it finds suitable. libcurl automatically selects the one it finds most secure. + +## CURLAUTH_ANYSAFE + +This is a convenience macro that sets all bits except Basic and thus makes +libcurl pick any it finds suitable. libcurl automatically selects the one it +finds most secure. + +## CURLAUTH_ONLY + +This is a meta symbol. OR this value together with a single specific auth +value to force libcurl to probe for unrestricted auth and if not, only that +single auth algorithm is acceptable. + +## CURLAUTH_AWS_SIGV4 + +provides AWS V4 signature authentication on HTTPS header +see CURLOPT_AWS_SIGV4(3). + +# DEFAULT + +CURLAUTH_BASIC + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* allow whatever auth the server speaks */ + curl_easy_setopt(curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_ANY); + curl_easy_setopt(curl, CURLOPT_USERPWD, "james:bond"); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Option Added in 7.10.6. + +CURLAUTH_DIGEST_IE was added in 7.19.3 + +CURLAUTH_ONLY was added in 7.21.3 + +CURLAUTH_NTLM_WB was added in 7.22.0 + +CURLAUTH_BEARER was added in 7.61.0 + +CURLAUTH_AWS_SIGV4 was added in 7.74.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_NOT_BUILT_IN if the bitmask specified no supported authentication +methods. diff --git a/docs/libcurl/opts/CURLOPT_HTTPGET.md b/docs/libcurl/opts/CURLOPT_HTTPGET.md new file mode 100644 index 000000000..d8b024d8e --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HTTPGET.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HTTPGET +Section: 3 +Source: libcurl +See-also: + - CURLOPT_NOBODY (3) + - CURLOPT_POST (3) + - CURLOPT_UPLOAD (3) + - curl_easy_reset (3) +--- + +# NAME + +CURLOPT_HTTPGET - ask for an HTTP GET request + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPGET, long useget); +~~~ + +# DESCRIPTION + +Pass a long. If *useget* is 1, this forces the HTTP request to get back to +using GET. Usable if a POST, HEAD, PUT, etc has been used previously using the +same curl *handle*. + +When setting CURLOPT_HTTPGET(3) to 1, libcurl automatically sets +CURLOPT_NOBODY(3) to 0 and CURLOPT_UPLOAD(3) to 0. + +Setting this option to zero has no effect. Applications need to explicitly +select which HTTP request method to use, they cannot deselect a method. To +reset a handle to default method, consider curl_easy_reset(3). + +# DEFAULT + +0 + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* use a GET to fetch this */ + curl_easy_setopt(curl, CURLOPT_HTTPGET, 1L); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Along with HTTP + +# RETURN VALUE + +Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 b/docs/libcurl/opts/CURLOPT_HTTPHEADER.md similarity index 52% rename from docs/libcurl/opts/CURLOPT_HTTPHEADER.3 rename to docs/libcurl/opts/CURLOPT_HTTPHEADER.md index e1c45b919..0ccda775e 100644 --- a/docs/libcurl/opts/CURLOPT_HTTPHEADER.3 +++ b/docs/libcurl/opts/CURLOPT_HTTPHEADER.md @@ -1,51 +1,45 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.\" -.TH CURLOPT_HTTPHEADER 3 "September 26, 2023" "ibcurl 8.4.0" libcurl - -.SH NAME -CURLOPT_HTTPHEADER \- set of HTTP headers -.SH SYNOPSIS -.nf +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HTTPHEADER +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CUSTOMREQUEST (3) + - CURLOPT_HEADER (3) + - CURLOPT_HEADEROPT (3) + - CURLOPT_MIMEPOST (3) + - CURLOPT_PROXYHEADER (3) + - curl_mime_init (3) +--- + +# NAME + +CURLOPT_HTTPHEADER - set of HTTP headers + +# SYNOPSIS + +~~~c #include CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPHEADER, struct curl_slist *headers); -.fi -.SH DESCRIPTION +~~~ + +# DESCRIPTION + Pass a pointer to a linked list of HTTP headers to pass to the server and/or proxy in your HTTP request. The same list can be used for both host and proxy requests! When used within an IMAP or SMTP request to upload a MIME mail, the given header list establishes the document-level MIME headers to prepend to the -uploaded document described by \fICURLOPT_MIMEPOST(3)\fP. This does not affect +uploaded document described by CURLOPT_MIMEPOST(3). This does not affect raw mail uploads. -The linked list should be a fully valid list of \fBstruct curl_slist\fP -structs properly filled in. Use \fIcurl_slist_append(3)\fP to create the list -and \fIcurl_slist_free_all(3)\fP to clean up an entire list. If you add a +The linked list should be a fully valid list of **struct curl_slist** +structs properly filled in. Use curl_slist_append(3) to create the list +and curl_slist_free_all(3) to clean up an entire list. If you add a header that is otherwise generated and used by libcurl internally, your added header is used instead. If you add a header with no content as in 'Accept:' (no data on the right side of the colon), the internally used header is @@ -54,113 +48,134 @@ headers and remove internal headers. To add a header with no content (nothing to the right side of the colon), use the form 'name;' (note the ending semicolon). -The headers included in the linked list \fBmust not\fP be CRLF-terminated, +The headers included in the linked list **must not** be CRLF-terminated, because libcurl adds CRLF after each header item itself. Failure to comply -with this might result in strange behavior. +with this might result in strange behavior. libcurl passes on the verbatim +strings you give it, without any filter or other safe guards. That includes +white space and control characters. The first line in an HTTP request (containing the method, usually a GET or POST) is not a header and cannot be replaced using this option. Only the lines following the request-line are headers. Adding this method line in this list of headers only causes your request to send an invalid header. Use -\fICURLOPT_CUSTOMREQUEST(3)\fP to change the method. +CURLOPT_CUSTOMREQUEST(3) to change the method. -When this option is passed to \fIcurl_easy_setopt(3)\fP, libcurl does not copy -the entire list so you \fBmust\fP keep it around until you no longer use this -\fIhandle\fP for a transfer before you call \fIcurl_slist_free_all(3)\fP on +When this option is passed to curl_easy_setopt(3), libcurl does not copy +the entire list so you **must** keep it around until you no longer use this +*handle* for a transfer before you call curl_slist_free_all(3) on the list. Pass a NULL to this option to reset back to no custom headers. The most commonly replaced HTTP headers have "shortcuts" in the options -\fICURLOPT_COOKIE(3)\fP, \fICURLOPT_USERAGENT(3)\fP and -\fICURLOPT_REFERER(3)\fP. We recommend using those. +CURLOPT_COOKIE(3), CURLOPT_USERAGENT(3) and +CURLOPT_REFERER(3). We recommend using those. There is an alternative option that sets or replaces headers only for requests -that are sent with CONNECT to a proxy: \fICURLOPT_PROXYHEADER(3)\fP. Use -\fICURLOPT_HEADEROPT(3)\fP to control the behavior. -.SH SPECIFIC HTTP HEADERS +that are sent with CONNECT to a proxy: CURLOPT_PROXYHEADER(3). Use +CURLOPT_HEADEROPT(3) to control the behavior. + +# SPECIFIC HTTP HEADERS + Setting some specific headers causes libcurl to act differently. -.IP "Host:" -The specified host name is used for cookie matching if the cookie engine is + +## Host: + +The specified hostname is used for cookie matching if the cookie engine is also enabled for this transfer. If the request is done over HTTP/2 or HTTP/3, -the custom host name is instead used in the ":authority" header field and +the custom hostname is instead used in the ":authority" header field and Host: is not sent at all over the wire. -.IP "Transfer-Encoding: chunked" + +## Transfer-Encoding: chunked + Tells libcurl the upload is to be done using this chunked encoding instead of providing the Content-Length: field in the request. -.SH SPECIFIC MIME HEADERS -When used to build a MIME e-mail for IMAP or SMTP, the following -document-level headers can be set to override libcurl-generated values: -.IP "Mime-Version:" + +# SPECIFIC MIME HEADERS + +When used to build a MIME email for IMAP or SMTP, the following document-level +headers can be set to override libcurl-generated values: + +## Mime-Version: + Tells the parser at the receiving site how to interpret the MIME framing. It defaults to "1.0" and should normally not be altered. -.IP "Content-Type:" + +## Content-Type: + Indicates the document's global structure type. By default, libcurl sets it to "multipart/mixed", describing a document made of independent parts. When a MIME mail is only composed of alternative representations of the same data (i.e.: HTML and plain text), this header must be set to "multipart/alternative". In all cases the value must be of the form "multipart/*" to respect the document structure and may not include the "boundary=" parameter. -.P + Other specific headers that do not have a libcurl default value but are strongly desired by mail delivery and user agents should also be included. These are "From:", "To:", "Date:" and "Subject:" among others and their presence and value is generally checked by anti-spam utilities. -.SH SECURITY CONCERNS + +# SECURITY CONCERNS + By default, this option makes libcurl send the given headers in all HTTP requests done by this handle. You should therefore use this option with caution if you for example connect to the remote site using a proxy and a CONNECT request, you should to consider if that proxy is supposed to also get the headers. They may be private or otherwise sensitive to leak. -Use \fICURLOPT_HEADEROPT(3)\fP to make the headers only get sent to where you +Use CURLOPT_HEADEROPT(3) to make the headers only get sent to where you intend them to get sent. Custom headers are sent in all requests done by the easy handle, which implies that if you tell libcurl to follow redirects -(\fICURLOPT_FOLLOWLOCATION(3)\fP), the same set of custom headers is sent in +(CURLOPT_FOLLOWLOCATION(3)), the same set of custom headers is sent in the subsequent request. Redirects can of course go to other hosts and thus those servers get all the contents of your custom headers too. Starting in 7.58.0, libcurl specifically prevents "Authorization:" headers from being sent to other hosts than the first used one, unless specifically -permitted with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option. +permitted with the CURLOPT_UNRESTRICTED_AUTH(3) option. Starting in 7.64.0, libcurl specifically prevents "Cookie:" headers from being sent to other hosts than the first used one, unless specifically permitted -with the \fICURLOPT_UNRESTRICTED_AUTH(3)\fP option. -.SH DEFAULT +with the CURLOPT_UNRESTRICTED_AUTH(3) option. + +# DEFAULT + NULL -.SH PROTOCOLS + +# PROTOCOLS + HTTP, IMAP and SMTP -.SH EXAMPLE -.nf -CURL *curl = curl_easy_init(); -struct curl_slist *list = NULL; +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + + struct curl_slist *list = NULL; -if(curl) { - curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); - list = curl_slist_append(list, "Shoesize: 10"); - list = curl_slist_append(list, "Accept:"); + list = curl_slist_append(list, "Shoesize: 10"); + list = curl_slist_append(list, "Accept:"); - curl_easy_setopt(curl, CURLOPT_HTTPHEADER, list); + curl_easy_setopt(curl, CURLOPT_HTTPHEADER, list); - curl_easy_perform(curl); + curl_easy_perform(curl); - curl_slist_free_all(list); /* free the list */ + curl_slist_free_all(list); /* free the list */ + } } -.fi +~~~ + +# AVAILABILITY -.SH AVAILABILITY As long as HTTP is enabled. Use in MIME mail added in 7.56.0. -.SH RETURN VALUE + +# RETURN VALUE + Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not. -.SH "SEE ALSO" -.BR curl_mime_init (3), -.BR CURLOPT_CUSTOMREQUEST (3), -.BR CURLOPT_HEADER (3), -.BR CURLOPT_HEADEROPT (3), -.BR CURLOPT_MIMEPOST (3), -.BR CURLOPT_PROXYHEADER (3) diff --git a/docs/libcurl/opts/CURLOPT_HTTPPOST.md b/docs/libcurl/opts/CURLOPT_HTTPPOST.md new file mode 100644 index 000000000..6fdfc1707 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HTTPPOST.md @@ -0,0 +1,100 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HTTPPOST +Section: 3 +Source: libcurl +See-also: + - CURLOPT_MIMEPOST (3) + - CURLOPT_POST (3) + - CURLOPT_POSTFIELDS (3) + - curl_formadd (3) + - curl_formfree (3) + - curl_mime_init (3) +--- + +# NAME + +CURLOPT_HTTPPOST - multipart formpost content + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPPOST, + struct curl_httppost *formpost); +~~~ + +# DESCRIPTION + +**This option is deprecated.** Use CURLOPT_MIMEPOST(3) instead. + +Tells libcurl you want a **multipart/formdata** HTTP POST to be made and you +instruct what data to pass on to the server in the *formpost* argument. +Pass a pointer to a linked list of *curl_httppost* structs as parameter. +The easiest way to create such a list, is to use curl_formadd(3) as +documented. The data in this list must remain intact as long as the curl +transfer is alive and is using it. + +Using POST with HTTP 1.1 implies the use of a "Expect: 100-continue" header. +You can disable this header with CURLOPT_HTTPHEADER(3). + +When setting CURLOPT_HTTPPOST(3), libcurl automatically sets +CURLOPT_NOBODY(3) to 0. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + struct curl_httppost *formpost; + struct curl_httppost *lastptr; + + /* Fill in the file upload field. This makes libcurl load data from + the given file name when curl_easy_perform() is called. */ + curl_formadd(&formpost, + &lastptr, + CURLFORM_COPYNAME, "sendfile", + CURLFORM_FILE, "postit2.c", + CURLFORM_END); + + /* Fill in the filename field */ + curl_formadd(&formpost, + &lastptr, + CURLFORM_COPYNAME, "filename", + CURLFORM_COPYCONTENTS, "postit2.c", + CURLFORM_END); + + /* Fill in the submit field too, even if this is rarely needed */ + curl_formadd(&formpost, + &lastptr, + CURLFORM_COPYNAME, "submit", + CURLFORM_COPYCONTENTS, "send", + CURLFORM_END); + + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost); + curl_easy_perform(curl); + curl_easy_cleanup(curl); + } + curl_formfree(formpost); +} +~~~ + +# AVAILABILITY + +As long as HTTP is enabled. Deprecated in 7.56.0. + +# RETURN VALUE + +Returns CURLE_OK if HTTP is enabled, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.md b/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.md new file mode 100644 index 000000000..bd67640b4 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HTTPPROXYTUNNEL.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HTTPPROXYTUNNEL +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY (3) + - CURLOPT_PROXYPORT (3) + - CURLOPT_PROXYTYPE (3) +--- + +# NAME + +CURLOPT_HTTPPROXYTUNNEL - tunnel through HTTP proxy + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTPPROXYTUNNEL, long tunnel); +~~~ + +# DESCRIPTION + +Set the **tunnel** parameter to 1L to make libcurl tunnel all operations +through the HTTP proxy (set with CURLOPT_PROXY(3)). There is a big +difference between using a proxy and to tunnel through it. + +Tunneling means that an HTTP CONNECT request is sent to the proxy, asking it +to connect to a remote host on a specific port number and then the traffic is +just passed through the proxy. Proxies tend to white-list specific port numbers +it allows CONNECT requests to and often only port 80 and 443 are allowed. + +To suppress proxy CONNECT response headers from user callbacks use +CURLOPT_SUPPRESS_CONNECT_HEADERS(3). + +HTTP proxies can generally only speak HTTP (for obvious reasons), which makes +libcurl convert non-HTTP requests to HTTP when using an HTTP proxy without +this tunnel option set. For example, asking for an FTP URL and specifying an +HTTP proxy makes libcurl send an FTP URL in an HTTP GET request to the +proxy. By instead tunneling through the proxy, you avoid that conversion (that +rarely works through the proxy anyway). + +# DEFAULT + +0 + +# PROTOCOLS + +All network protocols + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/file.txt"); + curl_easy_setopt(curl, CURLOPT_PROXY, "http://127.0.0.1:80"); + curl_easy_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L); + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.md b/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.md new file mode 100644 index 000000000..b48c0f9fb --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HTTP_CONTENT_DECODING.md @@ -0,0 +1,62 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HTTP_CONTENT_DECODING +Section: 3 +Source: libcurl +See-also: + - CURLOPT_ACCEPT_ENCODING (3) + - CURLOPT_DEBUGFUNCTION (3) + - CURLOPT_STDERR (3) +--- + +# NAME + +CURLOPT_HTTP_CONTENT_DECODING - HTTP content decoding control + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTP_CONTENT_DECODING, + long enabled); +~~~ + +# DESCRIPTION + +Pass a long to tell libcurl how to act on content decoding. If set to zero, +content decoding is disabled. If set to 1 it is enabled. Libcurl has no +default content decoding but requires you to use +CURLOPT_ACCEPT_ENCODING(3) for that. + +# DEFAULT + +1 + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_HTTP_CONTENT_DECODING, 0L); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.16.2 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.md b/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.md new file mode 100644 index 000000000..ba83acaae --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HTTP_TRANSFER_DECODING.md @@ -0,0 +1,61 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HTTP_TRANSFER_DECODING +Section: 3 +Source: libcurl +See-also: + - CURLOPT_ACCEPT_ENCODING (3) + - CURLOPT_HTTP_CONTENT_DECODING (3) +--- + +# NAME + +CURLOPT_HTTP_TRANSFER_DECODING - HTTP transfer decoding control + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTP_TRANSFER_DECODING, + long enabled); +~~~ + +# DESCRIPTION + +Pass a long to tell libcurl how to act on transfer decoding. If set to zero, +transfer decoding is disabled, if set to 1 it is enabled (default). libcurl +does chunked transfer decoding by default unless this option is set to zero. + +# DEFAULT + +1 + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_HTTP_TRANSFER_DECODING, 0L); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.16.2 Does not work with the hyper backend (it always has transfer +decoding enabled). + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_HTTP_VERSION.md b/docs/libcurl/opts/CURLOPT_HTTP_VERSION.md new file mode 100644 index 000000000..69dc48c61 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_HTTP_VERSION.md @@ -0,0 +1,119 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_HTTP_VERSION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_ALTSVC (3) + - CURLOPT_HTTP09_ALLOWED (3) + - CURLOPT_HTTP200ALIASES (3) + - CURLOPT_SSLVERSION (3) +--- + +# NAME + +CURLOPT_HTTP_VERSION - HTTP protocol version to use + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTP_VERSION, long version); +~~~ + +# DESCRIPTION + +Pass *version* a long, set to one of the values described below. They ask +libcurl to use the specific HTTP versions. + +Note that the HTTP version is just a request. libcurl still prioritizes to +reuse existing connections so it might then reuse a connection using an HTTP +version you have not asked for. + +## CURL_HTTP_VERSION_NONE + +We do not care about what version the library uses. libcurl uses whatever it +thinks fit. + +## CURL_HTTP_VERSION_1_0 + +Enforce HTTP 1.0 requests. + +## CURL_HTTP_VERSION_1_1 + +Enforce HTTP 1.1 requests. + +## CURL_HTTP_VERSION_2_0 + +Attempt HTTP 2 requests. libcurl falls back to HTTP 1.1 if HTTP 2 cannot be +negotiated with the server. (Added in 7.33.0) + +When libcurl uses HTTP/2 over HTTPS, it does not itself insist on TLS 1.2 or +higher even though that is required by the specification. A user can add this +version requirement with CURLOPT_SSLVERSION(3). + +The alias *CURL_HTTP_VERSION_2* was added in 7.43.0 to better reflect the +actual protocol name. + +## CURL_HTTP_VERSION_2TLS + +Attempt HTTP 2 over TLS (HTTPS) only. libcurl falls back to HTTP 1.1 if HTTP 2 +cannot be negotiated with the HTTPS server. For clear text HTTP servers, +libcurl uses 1.1. (Added in 7.47.0) + +## CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE + +Issue non-TLS HTTP requests using HTTP/2 without HTTP/1.1 Upgrade. It requires +prior knowledge that the server supports HTTP/2 straight away. HTTPS requests +still do HTTP/2 the standard way with negotiated protocol version in the TLS +handshake. (Added in 7.49.0) + +## CURL_HTTP_VERSION_3 + +(Added in 7.66.0) This option makes libcurl attempt to use HTTP/3 to the host +given in the URL, with fallback to earlier HTTP versions if needed. + +## CURL_HTTP_VERSION_3ONLY + +(Added in 7.88.0) Setting this makes libcurl attempt to use HTTP/3 directly to +server given in the URL and does not downgrade to earlier HTTP version if the +server does not support HTTP/3. + +# DEFAULT + +Since curl 7.62.0: CURL_HTTP_VERSION_2TLS + +Before that: CURL_HTTP_VERSION_1_1 + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, + (long)CURL_HTTP_VERSION_2TLS); + ret = curl_easy_perform(curl); + if(ret == CURLE_HTTP_RETURNED_ERROR) { + /* an HTTP response error problem */ + } + } +} +~~~ + +# AVAILABILITY + +Along with HTTP + +# RETURN VALUE + +Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.md b/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.md new file mode 100644 index 000000000..d12b49120 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.md @@ -0,0 +1,73 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_IGNORE_CONTENT_LENGTH +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTP_VERSION (3) + - CURLOPT_MAXFILESIZE_LARGE (3) +--- + +# NAME + +CURLOPT_IGNORE_CONTENT_LENGTH - ignore content length + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_IGNORE_CONTENT_LENGTH, + long ignore); +~~~ + +# DESCRIPTION + +If *ignore* is set to 1L, ignore the Content-Length header in the HTTP +response and ignore asking for or relying on it for FTP transfers. + +This is useful for doing HTTP transfers with ancient web servers which report +incorrect content length for files over 2 gigabytes. If this option is used, +curl cannot accurately report progress, and it instead stops the download when +the server ends the connection. + +It is also useful with FTP when for example the file is growing while the +transfer is in progress which otherwise unconditionally causes libcurl to +report error. + +Only use this option if strictly necessary. + +# DEFAULT + +0 + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* we know the server is silly, ignore content-length */ + curl_easy_setopt(curl, CURLOPT_IGNORE_CONTENT_LENGTH, 1L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.14.1. Support for FTP added in 7.46.0. This option is not working +for HTTP when libcurl is built to use the hyper backend. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_INFILESIZE.md b/docs/libcurl/opts/CURLOPT_INFILESIZE.md new file mode 100644 index 000000000..eab597ff4 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_INFILESIZE.md @@ -0,0 +1,85 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_INFILESIZE +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CONTENT_LENGTH_UPLOAD_T (3) + - CURLOPT_INFILESIZE_LARGE (3) + - CURLOPT_UPLOAD (3) +--- + +# NAME + +CURLOPT_INFILESIZE - size of the input file to send off + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_INFILESIZE, long filesize); +~~~ + +# DESCRIPTION + +When uploading a file to a remote site, *filesize* should be used to tell +libcurl what the expected size of the input file is. This value must be passed +as a long. See also CURLOPT_INFILESIZE_LARGE(3) for sending files larger +than 2GB. + +For uploading using SCP, this option or CURLOPT_INFILESIZE_LARGE(3) is +mandatory. + +To unset this value again, set it to -1. + +Using CURLOPT_UPLOAD(3) to an HTTP/1.1 server and this value set to -1, makes +libcurl do a chunked transfer-encoded upload. + +When sending emails using SMTP, this command can be used to specify the +optional SIZE parameter for the MAIL FROM command. + +This option does not limit how much data libcurl actually sends, as that is +controlled entirely by what the read callback returns, but telling one value +and sending a different amount may lead to errors. + +# DEFAULT + +Unset + +# PROTOCOLS + +Many + +# EXAMPLE + +~~~c + +#define FILE_SIZE 12345L + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + long uploadsize = FILE_SIZE; + + curl_easy_setopt(curl, CURLOPT_URL, + "ftp://example.com/destination.tar.gz"); + + curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); + + curl_easy_setopt(curl, CURLOPT_INFILESIZE, uploadsize); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +SMTP support added in 7.23.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.md b/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.md new file mode 100644 index 000000000..5f8a3386f --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_INFILESIZE_LARGE.md @@ -0,0 +1,81 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_INFILESIZE_LARGE +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CONTENT_LENGTH_UPLOAD_T (3) + - CURLOPT_INFILESIZE (3) + - CURLOPT_UPLOAD (3) +--- + +# NAME + +CURLOPT_INFILESIZE_LARGE - size of the input file to send off + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_INFILESIZE_LARGE, + curl_off_t filesize); +~~~ + +# DESCRIPTION + +When uploading a file to a remote site, *filesize* should be used to tell +libcurl what the expected size of the input file is. This value must be passed +as a **curl_off_t**. + +For uploading using SCP, this option or CURLOPT_INFILESIZE(3) is +mandatory. + +To unset this value again, set it to -1. + +When sending emails using SMTP, this command can be used to specify the +optional SIZE parameter for the MAIL FROM command. + +This option does not limit how much data libcurl actually sends, as that is +controlled entirely by what the read callback returns, but telling one value +and sending a different amount may lead to errors. + +# DEFAULT + +Unset + +# PROTOCOLS + +Many + +# EXAMPLE + +~~~c +#define FILE_SIZE 123456 + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_off_t uploadsize = FILE_SIZE; + + curl_easy_setopt(curl, CURLOPT_URL, + "ftp://example.com/destination.tar.gz"); + + curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); + + curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, uploadsize); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +SMTP support added in 7.23.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_INTERFACE.md b/docs/libcurl/opts/CURLOPT_INTERFACE.md new file mode 100644 index 000000000..24927fdf8 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_INTERFACE.md @@ -0,0 +1,83 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_INTERFACE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SOCKOPTFUNCTION (3) + - CURLOPT_TCP_NODELAY (3) +--- + +# NAME + +CURLOPT_INTERFACE - source interface for outgoing traffic + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_INTERFACE, char *interface); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter. This sets the *interface* name to use as +outgoing network interface. The name can be an interface name, an IP address, +or a hostname. + +If the parameter starts with "if!" then it is treated only as an interface +name. If the parameter starts with &"host!" it is treated as either an IP +address or a hostname. + +If "if!" is specified but the parameter does not match an existing interface, +*CURLE_INTERFACE_FAILED* is returned from the libcurl function used to +perform the transfer. + +libcurl does not support using network interface names for this option on +Windows. + +We strongly advise against specifying the interface with a hostname, as it +causes libcurl to do a blocking name resolve call to retrieve the IP +address. That name resolve operation does **not** use DNS-over-HTTPS even if +CURLOPT_DOH_URL(3) is set. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL, use whatever the TCP stack finds suitable + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + + curl_easy_setopt(curl, CURLOPT_INTERFACE, "eth0"); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +The "if!" and "host!" syntax was added in 7.24.0. + +# RETURN VALUE + +Returns CURLE_OK on success or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_INTERLEAVEDATA.md b/docs/libcurl/opts/CURLOPT_INTERLEAVEDATA.md new file mode 100644 index 000000000..64311f83c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_INTERLEAVEDATA.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_INTERLEAVEDATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_INTERLEAVEFUNCTION (3) + - CURLOPT_RTSP_REQUEST (3) +--- + +# NAME + +CURLOPT_INTERLEAVEDATA - pointer passed to RTSP interleave callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_INTERLEAVEDATA, void *pointer); +~~~ + +# DESCRIPTION + +This is the userdata *pointer* that is passed to +CURLOPT_INTERLEAVEFUNCTION(3) when interleaved RTP data is received. If +the interleave function callback is not set, this pointer is not used +anywhere. + +# DEFAULT + +NULL + +# PROTOCOLS + +RTSP + +# EXAMPLE + +~~~c +struct local { + void *custom; +}; +static size_t rtp_write(void *ptr, size_t size, size_t nmemb, void *userp) +{ + struct local *l = userp; + printf("my pointer: %p\n", l->custom); + /* take care of the packet in 'ptr', then return... */ + return size * nmemb; +} + +int main(void) +{ + struct local rtp_data; + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_INTERLEAVEFUNCTION, rtp_write); + curl_easy_setopt(curl, CURLOPT_INTERLEAVEDATA, &rtp_data); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.20.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.md b/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.md new file mode 100644 index 000000000..5f8e999df --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_INTERLEAVEFUNCTION.md @@ -0,0 +1,102 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_INTERLEAVEFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_INTERLEAVEDATA (3) + - CURLOPT_RTSP_REQUEST (3) +--- + +# NAME + +CURLOPT_INTERLEAVEFUNCTION - callback for RTSP interleaved data + +# SYNOPSIS + +~~~c +#include + +size_t interleave_callback(void *ptr, size_t size, size_t nmemb, + void *userdata); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_INTERLEAVEFUNCTION, + interleave_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +This callback function gets called by libcurl as soon as it has received +interleaved RTP data. This function gets called for each $ block and therefore +contains exactly one upper-layer protocol unit (e.g. one RTP packet). Curl +writes the interleaved header as well as the included data for each call. The +first byte is always an ASCII dollar sign. The dollar sign is followed by a +one byte channel identifier and then a 2 byte integer length in network byte +order. See RFC 2326 Section 10.12 for more information on how RTP interleaving +behaves. If unset or set to NULL, curl uses the default write function. + +Interleaved RTP poses some challenges for the client application. Since the +stream data is sharing the RTSP control connection, it is critical to service +the RTP in a timely fashion. If the RTP data is not handled quickly, +subsequent response processing may become unreasonably delayed and the +connection may close. The application may use *CURL_RTSPREQ_RECEIVE* to +service RTP data when no requests are desired. If the application makes a +request, (e.g. *CURL_RTSPREQ_PAUSE*) then the response handler processes +any pending RTP data before marking the request as finished. + +The CURLOPT_INTERLEAVEDATA(3) is passed in the *userdata* argument in +the callback. + +Your callback should return the number of bytes actually taken care of. If +that amount differs from the amount passed to your callback function, it +signals an error condition to the library. This causes the transfer to abort +and the libcurl function used returns *CURLE_WRITE_ERROR*. + +You can also abort the transfer by returning CURL_WRITEFUNC_ERROR. (7.87.0) + +# DEFAULT + +NULL, the interleave data is then passed to the regular write function: +CURLOPT_WRITEFUNCTION(3). + +# PROTOCOLS + +RTSP + +# EXAMPLE + +~~~c +struct local { + void *custom; +}; + +static size_t rtp_write(void *ptr, size_t size, size_t nmemb, void *userp) +{ + struct local *l = userp; + printf("our ptr: %p\n", l->custom); + /* take care of the packet in 'ptr', then return... */ + return size * nmemb; +} + +int main(void) +{ + struct local rtp_data; + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_INTERLEAVEFUNCTION, rtp_write); + curl_easy_setopt(curl, CURLOPT_INTERLEAVEDATA, &rtp_data); + } +} +~~~ + +# AVAILABILITY + +Added in 7.20.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_IOCTLDATA.md b/docs/libcurl/opts/CURLOPT_IOCTLDATA.md new file mode 100644 index 000000000..2490fbc7f --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_IOCTLDATA.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_IOCTLDATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_IOCTLFUNCTION (3) + - CURLOPT_SEEKFUNCTION (3) +--- + +# NAME + +CURLOPT_IOCTLDATA - pointer passed to I/O callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_IOCTLDATA, void *pointer); +~~~ + +# DESCRIPTION + +Pass the *pointer* that is untouched by libcurl and passed as the 3rd +argument in the ioctl callback set with CURLOPT_IOCTLFUNCTION(3). + +# DEFAULT + +By default, the value of this parameter is NULL. + +# PROTOCOLS + +Used with HTTP + +# EXAMPLE + +~~~c +#include /* for lseek */ + +struct data { + int fd; /* our file descriptor */ +}; + +static curlioerr ioctl_callback(CURL *handle, int cmd, void *clientp) +{ + struct data *io = (struct data *)clientp; + if(cmd == CURLIOCMD_RESTARTREAD) { + lseek(io->fd, 0, SEEK_SET); + return CURLIOE_OK; + } + return CURLIOE_UNKNOWNCMD; +} +int main(void) +{ + struct data ioctl_data; + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_IOCTLFUNCTION, ioctl_callback); + curl_easy_setopt(curl, CURLOPT_IOCTLDATA, &ioctl_data); + } +} +~~~ + +# AVAILABILITY + +Added in 7.12.3. Deprecated since 7.18.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.md b/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.md new file mode 100644 index 000000000..8804ae578 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_IOCTLFUNCTION.md @@ -0,0 +1,103 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_IOCTLFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_IOCTLDATA (3) + - CURLOPT_SEEKFUNCTION (3) +--- + +# NAME + +CURLOPT_IOCTLFUNCTION - callback for I/O operations + +# SYNOPSIS + +~~~c +#include + +typedef enum { + CURLIOE_OK, /* I/O operation successful */ + CURLIOE_UNKNOWNCMD, /* command was unknown to callback */ + CURLIOE_FAILRESTART, /* failed to restart the read */ + CURLIOE_LAST /* never use */ +} curlioerr; + +typedef enum { + CURLIOCMD_NOP, /* no operation */ + CURLIOCMD_RESTARTREAD, /* restart the read stream from start */ + CURLIOCMD_LAST /* never use */ +} curliocmd; + +curlioerr ioctl_callback(CURL *handle, int cmd, void *clientp); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_IOCTLFUNCTION, ioctl_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +This callback function gets called by libcurl when something special +I/O-related needs to be done that the library cannot do by itself. For now, +rewinding the read data stream is the only action it can request. The +rewinding of the read data stream may be necessary when doing an HTTP PUT or +POST with a multi-pass authentication method. + +The callback MUST return *CURLIOE_UNKNOWNCMD* if the input *cmd* is +not *CURLIOCMD_RESTARTREAD*. + +The *clientp* argument to the callback is set with the +CURLOPT_IOCTLDATA(3) option. + +**This option is deprecated**. Do not use it. Use CURLOPT_SEEKFUNCTION(3) +instead to provide seeking! If CURLOPT_SEEKFUNCTION(3) is set, this +parameter is ignored when seeking. + +# DEFAULT + +By default, this parameter is set to NULL. Not used. + +# PROTOCOLS + +Used with HTTP + +# EXAMPLE + +~~~c +#include /* for lseek */ + +struct data { + int fd; /* our file descriptor */ +}; + +static curlioerr ioctl_callback(CURL *handle, int cmd, void *clientp) +{ + struct data *io = (struct data *)clientp; + if(cmd == CURLIOCMD_RESTARTREAD) { + lseek(io->fd, 0, SEEK_SET); + return CURLIOE_OK; + } + return CURLIOE_UNKNOWNCMD; +} +int main(void) +{ + struct data ioctl_data; + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_IOCTLFUNCTION, ioctl_callback); + curl_easy_setopt(curl, CURLOPT_IOCTLDATA, &ioctl_data); + } +} +~~~ + +# AVAILABILITY + +Added in 7.12.3. Deprecated since 7.18.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_IPRESOLVE.md b/docs/libcurl/opts/CURLOPT_IPRESOLVE.md new file mode 100644 index 000000000..7d06405ec --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_IPRESOLVE.md @@ -0,0 +1,83 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_IPRESOLVE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTP_VERSION (3) + - CURLOPT_RESOLVE (3) + - CURLOPT_SSLVERSION (3) +--- + +# NAME + +CURLOPT_IPRESOLVE - IP protocol version to use + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_IPRESOLVE, long resolve); +~~~ + +# DESCRIPTION + +Allows an application to select what kind of IP addresses to use when +establishing a connection or choosing one from the connection pool. This is +interesting when using host names that resolve to more than one IP family. + +If the URL provided for a transfer contains a numerical IP version as a host +name, this option does not override or prohibit libcurl from using that IP +version. + +Available values for this option are: + +## CURL_IPRESOLVE_WHATEVER + +Default, can use addresses of all IP versions that your system allows. + +## CURL_IPRESOLVE_V4 + +Uses only IPv4 addresses. + +## CURL_IPRESOLVE_V6 + +Uses only IPv6 addresses. + +# DEFAULT + +CURL_IPRESOLVE_WHATEVER + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + + /* of all addresses example.com resolves to, only IPv6 ones are used */ + curl_easy_setopt(curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V6); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_ISSUERCERT.md b/docs/libcurl/opts/CURLOPT_ISSUERCERT.md new file mode 100644 index 000000000..9b35d5d79 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_ISSUERCERT.md @@ -0,0 +1,77 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_ISSUERCERT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CRLFILE (3) + - CURLOPT_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_ISSUERCERT - issuer SSL certificate filename + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ISSUERCERT, char *file); +~~~ + +# DESCRIPTION + +Pass a char pointer to a null-terminated string naming a *file* holding a CA +certificate in PEM format. If the option is set, an additional check against +the peer certificate is performed to verify the issuer is indeed the one +associated with the certificate provided by the option. This additional check +is useful in multi-level PKI where one needs to enforce that the peer +certificate is from a specific branch of the tree. + +This option makes sense only when used in combination with the +CURLOPT_SSL_VERIFYPEER(3) option. Otherwise, the result of the check is +not considered as failure. + +A specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the option, +which is returned if the setup of the SSL/TLS session has failed due to a +mismatch with the issuer of peer certificate (CURLOPT_SSL_VERIFYPEER(3) +has to be set too for the check to fail). (Added in 7.19.0) + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS-based protocols + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_ISSUERCERT, "/etc/certs/cacert.pem"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +If built TLS enabled + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_ISSUERCERT_BLOB.md b/docs/libcurl/opts/CURLOPT_ISSUERCERT_BLOB.md new file mode 100644 index 000000000..4832f4125 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_ISSUERCERT_BLOB.md @@ -0,0 +1,92 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_ISSUERCERT_BLOB +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CRLFILE (3) + - CURLOPT_ISSUERCERT (3) + - CURLOPT_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_ISSUERCERT_BLOB - issuer SSL certificate from memory blob + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ISSUERCERT_BLOB, + struct curl_blob *stblob); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_blob structure, which contains information (pointer +and size) about a memory block with binary data of a CA certificate in PEM +format. If the option is set, an additional check against the peer certificate +is performed to verify the issuer is indeed the one associated with the +certificate provided by the option. This additional check is useful in +multi-level PKI where one needs to enforce that the peer certificate is from a +specific branch of the tree. + +This option should be used in combination with the +CURLOPT_SSL_VERIFYPEER(3) option. Otherwise, the result of the check is +not considered as failure. + +A specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the option, +which is returned if the setup of the SSL/TLS session has failed due to a +mismatch with the issuer of peer certificate (CURLOPT_SSL_VERIFYPEER(3) +has to be set too for the check to fail). + +If the blob is initialized with the flags member of struct curl_blob set to +CURL_BLOB_COPY, the application does not have to keep the buffer around after +setting this. + +This option is an alternative to CURLOPT_ISSUERCERT(3) which instead +expects a filename as input. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS-based protocols + +# EXAMPLE + +~~~c + +extern char *certificateData; +extern size_t filesize; + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + struct curl_blob blob; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + blob.data = certificateData; + blob.len = filesize; + blob.flags = CURL_BLOB_COPY; + curl_easy_setopt(curl, CURLOPT_ISSUERCERT_BLOB, &blob); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.71.0. This option is supported by the OpenSSL backends. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_KEEP_SENDING_ON_ERROR.md b/docs/libcurl/opts/CURLOPT_KEEP_SENDING_ON_ERROR.md new file mode 100644 index 000000000..090a8fc2d --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_KEEP_SENDING_ON_ERROR.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_KEEP_SENDING_ON_ERROR +Section: 3 +Source: libcurl +See-also: + - CURLINFO_RESPONSE_CODE (3) + - CURLOPT_FAILONERROR (3) + - CURLOPT_HTTPHEADER (3) +--- + +# NAME + +CURLOPT_KEEP_SENDING_ON_ERROR - keep sending on early HTTP response >= 300 + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_KEEP_SENDING_ON_ERROR, + long keep_sending); +~~~ + +# DESCRIPTION + +A long parameter set to 1 tells the library to keep sending the request body +if the HTTP code returned is equal to or larger than 300. The default action +would be to stop sending and close the stream or connection. + +This option is suitable for manual NTLM authentication, i.e. if an application +does not use CURLOPT_HTTPAUTH(3), but instead sets "Authorization: NTLM ..." +headers manually using CURLOPT_HTTPHEADER(3). + +Most applications do not need this option. + +# DEFAULT + +0, stop sending on error + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "sending data"); + curl_easy_setopt(curl, CURLOPT_KEEP_SENDING_ON_ERROR, 1L); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Along with HTTP. Added in 7.51.0. + +# RETURN VALUE + +Returns CURLE_OK if HTTP is enabled, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_KEYPASSWD.md b/docs/libcurl/opts/CURLOPT_KEYPASSWD.md new file mode 100644 index 000000000..7407f0939 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_KEYPASSWD.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_KEYPASSWD +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSH_PRIVATE_KEYFILE (3) + - CURLOPT_SSLKEY (3) +--- + +# NAME + +CURLOPT_KEYPASSWD - passphrase to private key + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_KEYPASSWD, char *pwd); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. It is used as the +password required to use the CURLOPT_SSLKEY(3) or +CURLOPT_SSH_PRIVATE_KEYFILE(3) private key. You never need a pass phrase to +load a certificate but you need one to load your private key. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + curl_easy_setopt(curl, CURLOPT_SSLCERT, "client.pem"); + curl_easy_setopt(curl, CURLOPT_SSLKEY, "key.pem"); + curl_easy_setopt(curl, CURLOPT_KEYPASSWD, "superman"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +This option was known as CURLOPT_SSLKEYPASSWD up to 7.16.4 and +CURLOPT_SSLCERTPASSWD up to 7.9.2. + +# RETURN VALUE + +Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_KRBLEVEL.md b/docs/libcurl/opts/CURLOPT_KRBLEVEL.md new file mode 100644 index 000000000..cb8e27689 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_KRBLEVEL.md @@ -0,0 +1,66 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_KRBLEVEL +Section: 3 +Source: libcurl +See-also: + - CURLOPT_KRBLEVEL (3) + - CURLOPT_USE_SSL (3) +--- + +# NAME + +CURLOPT_KRBLEVEL - FTP kerberos security level + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_KRBLEVEL, char *level); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter. Set the kerberos security level for FTP; +this also enables kerberos awareness. This is a string that should match one +of the following: &'clear', &'safe', &'confidential' or &'private'. If the +string is set but does not match one of these, 'private' is used. Set the +string to NULL to disable kerberos support for FTP. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/foo.bin"); + curl_easy_setopt(curl, CURLOPT_KRBLEVEL, "private"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +This option was known as CURLOPT_KRB4LEVEL up to 7.16.3 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_LOCALPORT.md b/docs/libcurl/opts/CURLOPT_LOCALPORT.md new file mode 100644 index 000000000..25a21c15e --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_LOCALPORT.md @@ -0,0 +1,64 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_LOCALPORT +Section: 3 +Source: libcurl +See-also: + - CURLINFO_LOCAL_PORT (3) + - CURLOPT_INTERFACE (3) + - CURLOPT_LOCALPORTRANGE (3) +--- + +# NAME + +CURLOPT_LOCALPORT - local port number to use for socket + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_LOCALPORT, long port); +~~~ + +# DESCRIPTION + +Pass a long. This sets the local port number of the socket used for the +connection. This can be used in combination with CURLOPT_INTERFACE(3) +and you are recommended to use CURLOPT_LOCALPORTRANGE(3) as well when +this option is set. Valid port numbers are 1 - 65535. + +# DEFAULT + +0, disabled - use whatever the system thinks is fine + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + curl_easy_setopt(curl, CURLOPT_LOCALPORT, 49152L); + /* and try 20 more ports following that */ + curl_easy_setopt(curl, CURLOPT_LOCALPORTRANGE, 20L); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.15.2 + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_LOCALPORTRANGE.md b/docs/libcurl/opts/CURLOPT_LOCALPORTRANGE.md new file mode 100644 index 000000000..520020790 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_LOCALPORTRANGE.md @@ -0,0 +1,67 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_LOCALPORTRANGE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_INTERFACE (3) + - CURLOPT_LOCALPORT (3) +--- + +# NAME + +CURLOPT_LOCALPORTRANGE - number of additional local ports to try + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_LOCALPORTRANGE, + long range); +~~~ + +# DESCRIPTION + +Pass a long. The *range* argument is the number of attempts libcurl makes +to find a working local port number. It starts with the given +CURLOPT_LOCALPORT(3) and adds one to the number for each retry. Setting +this option to 1 or below makes libcurl only do one try for the exact port +number. Port numbers by nature are scarce resources that are busy at times so +setting this value to something too low might cause unnecessary connection +setup failures. + +# DEFAULT + +1 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + curl_easy_setopt(curl, CURLOPT_LOCALPORT, 49152L); + /* and try 20 more ports following that */ + curl_easy_setopt(curl, CURLOPT_LOCALPORTRANGE, 20L); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.15.2 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.md b/docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.md new file mode 100644 index 000000000..a57b44690 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_LOGIN_OPTIONS.md @@ -0,0 +1,76 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_LOGIN_OPTIONS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PASSWORD (3) + - CURLOPT_USERNAME (3) +--- + +# NAME + +CURLOPT_LOGIN_OPTIONS - login options + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_LOGIN_OPTIONS, char *options); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, which should be pointing to the +null-terminated *options* string to use for the transfer. + +For more information about the login options please see RFC 2384, RFC 5092 and +the IETF draft **draft-earhart-url-smtp-00.txt**. + +CURLOPT_LOGIN_OPTIONS(3) can be used to set protocol specific login options, +such as the preferred authentication mechanism via "AUTH=NTLM" or "AUTH=*", +and should be used in conjunction with the CURLOPT_USERNAME(3) option. + +Since 8.2.0, IMAP supports the login option "AUTH=+LOGIN". With this option, +curl uses the plain (not SASL) LOGIN IMAP command even if the server +advertises SASL authentication. Care should be taken in using this option, as +it sends your password in plain text. This does not work if the IMAP server +disables the plain LOGIN (e.g. to prevent password snooping). + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +Only IMAP, LDAP, POP3 and SMTP support login options. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "smtp://example.com/"); + curl_easy_setopt(curl, CURLOPT_LOGIN_OPTIONS, "AUTH=*"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.34.0. Support for OpenLDAP added in 7.82.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_LOW_SPEED_LIMIT.md b/docs/libcurl/opts/CURLOPT_LOW_SPEED_LIMIT.md new file mode 100644 index 000000000..99df9faed --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_LOW_SPEED_LIMIT.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_LOW_SPEED_LIMIT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_LOW_SPEED_TIME (3) + - CURLOPT_MAX_RECV_SPEED_LARGE (3) + - CURLOPT_MAX_SEND_SPEED_LARGE (3) + - CURLOPT_TIMEOUT (3) +--- + +# NAME + +CURLOPT_LOW_SPEED_LIMIT - low speed limit in bytes per second + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_LOW_SPEED_LIMIT, + long speedlimit); +~~~ + +# DESCRIPTION + +Pass a long as parameter. It contains the average transfer speed in bytes per +second that the transfer should be below during +CURLOPT_LOW_SPEED_TIME(3) seconds for libcurl to consider it to be too +slow and abort. + +# DEFAULT + +0, disabled + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + /* abort if slower than 30 bytes/sec during 60 seconds */ + curl_easy_setopt(curl, CURLOPT_LOW_SPEED_TIME, 60L); + curl_easy_setopt(curl, CURLOPT_LOW_SPEED_LIMIT, 30L); + res = curl_easy_perform(curl); + if(CURLE_OPERATION_TIMEDOUT == res) { + printf("Timeout!\n"); + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_LOW_SPEED_TIME.md b/docs/libcurl/opts/CURLOPT_LOW_SPEED_TIME.md new file mode 100644 index 000000000..a3a9ef1ff --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_LOW_SPEED_TIME.md @@ -0,0 +1,67 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_LOW_SPEED_TIME +Section: 3 +Source: libcurl +See-also: + - CURLOPT_LOW_SPEED_LIMIT (3) + - CURLOPT_TIMEOUT (3) +--- + +# NAME + +CURLOPT_LOW_SPEED_TIME - low speed limit time period + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_LOW_SPEED_TIME, + long speedtime); +~~~ + +# DESCRIPTION + +Pass a long as parameter. It contains the time in number seconds that the +transfer speed should be below the CURLOPT_LOW_SPEED_LIMIT(3) for the +library to consider it too slow and abort. + +# DEFAULT + +0, disabled + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + /* abort if slower than 30 bytes/sec during 60 seconds */ + curl_easy_setopt(curl, CURLOPT_LOW_SPEED_TIME, 60L); + curl_easy_setopt(curl, CURLOPT_LOW_SPEED_LIMIT, 30L); + res = curl_easy_perform(curl); + if(CURLE_OPERATION_TIMEDOUT == res) { + printf("Timeout!\n"); + } + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_MAIL_AUTH.md b/docs/libcurl/opts/CURLOPT_MAIL_AUTH.md new file mode 100644 index 000000000..a5dbc7d79 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_MAIL_AUTH.md @@ -0,0 +1,76 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_MAIL_AUTH +Section: 3 +Source: libcurl +See-also: + - CURLOPT_MAIL_FROM (3) + - CURLOPT_MAIL_RCPT (3) +--- + +# NAME + +CURLOPT_MAIL_AUTH - SMTP authentication address + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAIL_AUTH, char *auth); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. This is used to +specify the authentication address (identity) of a submitted message that is +being relayed to another server. + +This optional parameter allows co-operating agents in a trusted environment to +communicate the authentication of individual messages and should only be used +by the application program, using libcurl, if the application is itself a mail +server acting in such an environment. If the application is operating as such +and the AUTH address is not known or is invalid, then an empty string should +be used for this parameter. + +Unlike CURLOPT_MAIL_FROM(3) and CURLOPT_MAIL_RCPT(3), the address +should not be specified within a pair of angled brackets (<>). However, if an +empty string is used then a pair of brackets are sent by libcurl as required +by RFC 2554. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +SMTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "smtp://example.com/"); + curl_easy_setopt(curl, CURLOPT_MAIL_AUTH, ""); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.25.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_MAIL_FROM.md b/docs/libcurl/opts/CURLOPT_MAIL_FROM.md new file mode 100644 index 000000000..c4984b056 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_MAIL_FROM.md @@ -0,0 +1,69 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_MAIL_FROM +Section: 3 +Source: libcurl +See-also: + - CURLOPT_MAIL_AUTH (3) + - CURLOPT_MAIL_RCPT (3) +--- + +# NAME + +CURLOPT_MAIL_FROM - SMTP sender address + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAIL_FROM, char *from); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. This should be used +to specify the sender's email address when sending SMTP mail with libcurl. + +An originator email address should be specified with angled brackets (<>) +around it, which if not specified are added automatically. + +If this parameter is not specified then an empty address is sent to the SMTP +server which might cause the email to be rejected. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +blank + +# PROTOCOLS + +SMTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "smtp://example.com/"); + curl_easy_setopt(curl, CURLOPT_MAIL_FROM, "president@example.com"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.20.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_MAIL_RCPT.md b/docs/libcurl/opts/CURLOPT_MAIL_RCPT.md new file mode 100644 index 000000000..ce57074f0 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_MAIL_RCPT.md @@ -0,0 +1,80 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_MAIL_RCPT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_MAIL_AUTH (3) + - CURLOPT_MAIL_FROM (3) +--- + +# NAME + +CURLOPT_MAIL_RCPT - list of SMTP mail recipients + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAIL_RCPT, + struct curl_slist *rcpts); +~~~ + +# DESCRIPTION + +Pass a pointer to a linked list of recipients to pass to the server in your +SMTP mail request. The linked list should be a fully valid list of +**struct curl_slist** structs properly filled in. Use +curl_slist_append(3) to create the list and curl_slist_free_all(3) +to clean up an entire list. + +When performing a mail transfer, each recipient should be specified within a +pair of angled brackets (<>), however, should you not use an angled bracket as +the first character libcurl assumes you provided a single email address and +encloses that address within brackets for you. + +When performing an address verification (**VRFY** command), each recipient +should be specified as the user name or user name and domain (as per Section +3.5 of RFC 5321). + +When performing a mailing list expand (**EXPN** command), each recipient +should be specified using the mailing list name, such as "Friends" or +"London-Office". + +# DEFAULT + +NULL + +# PROTOCOLS + +SMTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + struct curl_slist *list; + list = curl_slist_append(NULL, "root@localhost"); + list = curl_slist_append(list, "person@example.com"); + curl_easy_setopt(curl, CURLOPT_URL, "smtp://example.com/"); + curl_easy_setopt(curl, CURLOPT_MAIL_RCPT, list); + res = curl_easy_perform(curl); + curl_slist_free_all(list); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.20.0. The **VRFY** and **EXPN** logic was added in 7.34.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_MAIL_RCPT_ALLOWFAILS.md b/docs/libcurl/opts/CURLOPT_MAIL_RCPT_ALLOWFAILS.md new file mode 100644 index 000000000..cf595e26b --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_MAIL_RCPT_ALLOWFAILS.md @@ -0,0 +1,81 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_MAIL_RCPT_ALLOWFAILS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_MAIL_FROM (3) + - CURLOPT_MAIL_RCPT (3) +--- + +# NAME + +CURLOPT_MAIL_RCPT_ALLOWFAILS - allow RCPT TO command to fail for some recipients + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAIL_RCPT_ALLOWFAILS, + long allow); +~~~ + +# DESCRIPTION + +If *allow* is set to 1L, allow RCPT TO command to fail for some recipients. + +When sending data to multiple recipients, by default curl aborts the SMTP +conversation if either one of the recipients causes the RCPT TO command to +return an error. + +The default behavior can be changed by setting *allow* to 1L which makes +libcurl ignore errors for individual recipients and proceed with the remaining +accepted recipients. + +If all recipients trigger RCPT TO failures and this flag is specified, curl +aborts the SMTP conversation and returns the error received from to the last +RCPT TO command. + +# DEFAULT + +0 + +# PROTOCOLS + +SMTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + struct curl_slist *list; + CURLcode res; + + /* Adding one valid and one invalid email address */ + list = curl_slist_append(NULL, "person@example.com"); + list = curl_slist_append(list, "invalidemailaddress"); + + curl_easy_setopt(curl, CURLOPT_URL, "smtp://example.com/"); + curl_easy_setopt(curl, CURLOPT_MAIL_RCPT_ALLOWFAILS, 1L); + + res = curl_easy_perform(curl); + curl_slist_free_all(list); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +This option was called CURLOPT_MAIL_RCPT_ALLLOWFAILS before 8.2.0 + +Added in 7.69.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_MAXAGE_CONN.md b/docs/libcurl/opts/CURLOPT_MAXAGE_CONN.md new file mode 100644 index 000000000..3d0a9cb2a --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_MAXAGE_CONN.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_MAXAGE_CONN +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FORBID_REUSE (3) + - CURLOPT_FRESH_CONNECT (3) + - CURLOPT_MAXLIFETIME_CONN (3) + - CURLOPT_TIMEOUT (3) +--- + +# NAME + +CURLOPT_MAXAGE_CONN - max idle time allowed for reusing a connection + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAXAGE_CONN, long age); +~~~ + +# DESCRIPTION + +Pass a long as parameter containing *age* - the maximum time in seconds +allowed for an existing connection to have been idle to be considered for +reuse for this request. + +The "connection cache" holds previously used connections. When a new request +is to be done, libcurl considers any connection that matches for reuse. The +CURLOPT_MAXAGE_CONN(3) limit prevents libcurl from trying too old +connections for reuse, since old connections have a higher risk of not working +and thus trying them is a performance loss and sometimes service loss due to +the difficulties to figure out the situation. If a connection is found in the +cache that is older than this set *age*, it is closed instead. + +# DEFAULT + +Default maximum age is set to 118 seconds. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* only allow 30 seconds idle time */ + curl_easy_setopt(curl, CURLOPT_MAXAGE_CONN, 30L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.65.0 + +# RETURN VALUE + +Returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_MAXCONNECTS.md b/docs/libcurl/opts/CURLOPT_MAXCONNECTS.md new file mode 100644 index 000000000..807df4da1 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_MAXCONNECTS.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_MAXCONNECTS +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_MAXCONNECTS (3) + - CURLMOPT_MAX_HOST_CONNECTIONS (3) + - CURLMOPT_MAX_TOTAL_CONNECTIONS (3) + - CURLOPT_MAXREDIRS (3) +--- + +# NAME + +CURLOPT_MAXCONNECTS - maximum connection cache size + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAXCONNECTS, long amount); +~~~ + +# DESCRIPTION + +Pass a long. The set *amount* is the maximum number of simultaneously open +persistent connections that libcurl may cache in the pool associated with this +handle. The default is 5, and there is not much point in changing this value +unless you are perfectly aware of how this works. This concerns connections +using any of the protocols that support persistent connections. + +When reaching the maximum limit, curl closes the oldest one in the cache to +prevent increasing the number of open connections. + +If you already have performed transfers with this curl handle, setting a +smaller CURLOPT_MAXCONNECTS(3) than before may cause open connections to +get closed unnecessarily. + +If you add this easy handle to a multi handle, this setting is not +acknowledged, and you must instead use curl_multi_setopt(3) and the +CURLMOPT_MAXCONNECTS(3) option. + +# DEFAULT + +5 + +# PROTOCOLS + +Most + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* limit the connection cache for this handle to no more than 3 */ + curl_easy_setopt(curl, CURLOPT_MAXCONNECTS, 3L); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_MAXFILESIZE.md b/docs/libcurl/opts/CURLOPT_MAXFILESIZE.md new file mode 100644 index 000000000..a90c94b7d --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_MAXFILESIZE.md @@ -0,0 +1,69 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_MAXFILESIZE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_MAXFILESIZE_LARGE (3) + - CURLOPT_MAX_RECV_SPEED_LARGE (3) +--- + +# NAME + +CURLOPT_MAXFILESIZE - maximum file size allowed to download + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAXFILESIZE, long size); +~~~ + +# DESCRIPTION + +Pass a long as parameter. This specifies the maximum accepted *size* (in +bytes) of a file to download. If the file requested is found larger than this +value, the transfer is aborted and *CURLE_FILESIZE_EXCEEDED* is returned. + +The file size is not always known prior to the download start, and for such +transfers this option has no effect - even if the file transfer eventually +ends up being larger than this given limit. + +If you want a limit above 2GB, use CURLOPT_MAXFILESIZE_LARGE(3). + +Since 8.4.0, this option also stops ongoing transfers if they reach this +threshold. + +# DEFAULT + +None + +# PROTOCOLS + +FTP, HTTP and MQTT + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* refuse to download if larger than 1000 bytes! */ + curl_easy_setopt(curl, CURLOPT_MAXFILESIZE, 1000L); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.md b/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.md new file mode 100644 index 000000000..041282f41 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_MAXFILESIZE_LARGE.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_MAXFILESIZE_LARGE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_MAXFILESIZE (3) + - CURLOPT_MAX_RECV_SPEED_LARGE (3) +--- + +# NAME + +CURLOPT_MAXFILESIZE_LARGE - maximum file size allowed to download + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAXFILESIZE_LARGE, + curl_off_t size); +~~~ + +# DESCRIPTION + +Pass a curl_off_t as parameter. This specifies the maximum accepted *size* +(in bytes) of a file to download. If the file requested is found larger than +this value, the transfer is aborted and *CURLE_FILESIZE_EXCEEDED* is +returned. + +The file size is not always known prior to the download start, and for such +transfers this option has no effect - even if the file transfer eventually +ends up being larger than this given limit. + +Since 8.4.0, this option also stops ongoing transfers if they reach this +threshold. + +# DEFAULT + +None + +# PROTOCOLS + +FTP, HTTP and MQTT + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_off_t ridiculous = (curl_off_t)1 << 48; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* refuse to download if larger than ridiculous */ + curl_easy_setopt(curl, CURLOPT_MAXFILESIZE_LARGE, ridiculous); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.11.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_MAXLIFETIME_CONN.md b/docs/libcurl/opts/CURLOPT_MAXLIFETIME_CONN.md new file mode 100644 index 000000000..f731ad999 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_MAXLIFETIME_CONN.md @@ -0,0 +1,73 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_MAXLIFETIME_CONN +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FORBID_REUSE (3) + - CURLOPT_FRESH_CONNECT (3) + - CURLOPT_MAXAGE_CONN (3) + - CURLOPT_TIMEOUT (3) +--- + +# NAME + +CURLOPT_MAXLIFETIME_CONN - max lifetime (since creation) allowed for reusing a connection + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAXLIFETIME_CONN, + long maxlifetime); +~~~ + +# DESCRIPTION + +Pass a long as parameter containing *maxlifetime* - the maximum time in +seconds, since the creation of the connection, that you allow an existing +connection to have to be considered for reuse for this request. + +libcurl features a connection cache that holds previously used connections. +When a new request is to be done, libcurl considers any connection that +matches for reuse. The CURLOPT_MAXLIFETIME_CONN(3) limit prevents +libcurl from trying too old connections for reuse. This can be used for +client-side load balancing. If a connection is found in the cache that is +older than this set *maxlifetime*, it is instead marked for closure. + +If set to 0, this behavior is disabled: all connections are eligible for reuse. + +# DEFAULT + +Default *maxlifetime* is 0 seconds (i.e., disabled). + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* only allow each connection to be reused for 30 seconds */ + curl_easy_setopt(curl, CURLOPT_MAXLIFETIME_CONN, 30L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.80.0 + +# RETURN VALUE + +Returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_MAXREDIRS.md b/docs/libcurl/opts/CURLOPT_MAXREDIRS.md new file mode 100644 index 000000000..5ace67e42 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_MAXREDIRS.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_MAXREDIRS +Section: 3 +Source: libcurl +See-also: + - CURLINFO_REDIRECT_COUNT (3) + - CURLINFO_REDIRECT_URL (3) + - CURLOPT_FOLLOWLOCATION (3) +--- + +# NAME + +CURLOPT_MAXREDIRS - maximum number of redirects allowed + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAXREDIRS, long amount); +~~~ + +# DESCRIPTION + +Pass a long. The set number is the redirection limit *amount*. If that +many redirections have been followed, the next redirect triggers the error +(*CURLE_TOO_MANY_REDIRECTS*). This option only makes sense if the +CURLOPT_FOLLOWLOCATION(3) is used at the same time. + +Setting the limit to 0 makes libcurl refuse any redirect. + +Set it to -1 for an infinite number of redirects. This allows your application +to get stuck in never-ending redirect loops. + +# DEFAULT + +30 (since 8.3.0), it was previously unlimited. + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + + /* enable redirect following */ + curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); + + /* allow three redirects */ + curl_easy_setopt(curl, CURLOPT_MAXREDIRS, 3L); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Along with HTTP + +# RETURN VALUE + +Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.md b/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.md new file mode 100644 index 000000000..646f301e4 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_MAX_RECV_SPEED_LARGE.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_MAX_RECV_SPEED_LARGE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_LOW_SPEED_LIMIT (3) + - CURLOPT_MAX_SEND_SPEED_LARGE (3) + - CURLOPT_TIMEOUT (3) +--- + +# NAME + +CURLOPT_MAX_RECV_SPEED_LARGE - rate limit data download speed + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAX_RECV_SPEED_LARGE, + curl_off_t maxspeed); +~~~ + +# DESCRIPTION + +Pass a curl_off_t as parameter. If a download exceeds this *maxspeed* +(counted in bytes per second) the transfer pauses to keep the average speed +less than or equal to the parameter value. Defaults to unlimited speed. + +This is not an exact science. libcurl attempts to keep the average speed below +the given threshold over a period time. + +If you set *maxspeed* to a value lower than CURLOPT_BUFFERSIZE(3), +libcurl might download faster than the set limit initially. + +This option does not affect transfer speeds done with FILE:// URLs. + +# DEFAULT + +0, disabled + +# PROTOCOLS + +All but file:// + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* cap the download speed to 31415 bytes/sec */ + curl_easy_setopt(curl, CURLOPT_MAX_RECV_SPEED_LARGE, (curl_off_t)31415); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.15.5 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.md b/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.md new file mode 100644 index 000000000..8b709ccb7 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_MAX_SEND_SPEED_LARGE.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_MAX_SEND_SPEED_LARGE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_LOW_SPEED_LIMIT (3) + - CURLOPT_MAX_RECV_SPEED_LARGE (3) +--- + +# NAME + +CURLOPT_MAX_SEND_SPEED_LARGE - rate limit data upload speed + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAX_SEND_SPEED_LARGE, + curl_off_t maxspeed); +~~~ + +# DESCRIPTION + +Pass a curl_off_t as parameter with the *maxspeed*. If an upload exceeds +this speed (counted in bytes per second) the transfer pauses to keep the +average speed less than or equal to the parameter value. Defaults to unlimited +speed. + +This is not an exact science. libcurl attempts to keep the average speed below +the given threshold over a period time. + +If you set *maxspeed* to a value lower than +CURLOPT_UPLOAD_BUFFERSIZE(3), libcurl might "shoot over" the limit on +its first send and still send off a full buffer. + +This option does not affect transfer speeds done with FILE:// URLs. + +# DEFAULT + +0, disabled + +# PROTOCOLS + +All except file:// + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* cap the upload speed to 1000 bytes/sec */ + curl_easy_setopt(curl, CURLOPT_MAX_SEND_SPEED_LARGE, (curl_off_t)1000); + /* (set some upload options as well!) */ + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.15.5 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_MIMEPOST.md b/docs/libcurl/opts/CURLOPT_MIMEPOST.md new file mode 100644 index 000000000..588b7e803 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_MIMEPOST.md @@ -0,0 +1,81 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_MIMEPOST +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPPOST (3) + - CURLOPT_POSTFIELDS (3) + - CURLOPT_PUT (3) + - curl_mime_init (3) +--- + +# NAME + +CURLOPT_MIMEPOST - send data from mime structure + +# SYNOPSIS + +~~~c +#include + +curl_mime *mime; + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MIMEPOST, mime); +~~~ + +# DESCRIPTION + +Pass a mime handle previously obtained from curl_mime_init(3). + +This setting is supported by the HTTP protocol to post forms and by the +SMTP and IMAP protocols to provide the email data to send/upload. + +This option is the preferred way of posting an HTTP form, replacing and +extending the CURLOPT_HTTPPOST(3) option. + +When setting CURLOPT_MIMEPOST(3) to NULL, libcurl resets the request +type for HTTP to the default to disable the POST. Typically that would mean it +is reset to GET. Instead you should set a desired request method explicitly. + +# PROTOCOLS + +HTTP, SMTP, IMAP. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_mime *multipart = curl_mime_init(curl); + if(multipart) { + curl_mimepart *part = curl_mime_addpart(multipart); + curl_mime_name(part, "name"); + curl_mime_data(part, "daniel", CURL_ZERO_TERMINATED); + part = curl_mime_addpart(multipart); + curl_mime_name(part, "project"); + curl_mime_data(part, "curl", CURL_ZERO_TERMINATED); + part = curl_mime_addpart(multipart); + curl_mime_name(part, "logotype-image"); + curl_mime_filedata(part, "curl.png"); + + /* Set the form info */ + curl_easy_setopt(curl, CURLOPT_MIMEPOST, multipart); + + curl_easy_perform(curl); /* post away! */ + curl_mime_free(multipart); /* free the post data */ + } + } +} +~~~ + +# AVAILABILITY + +Added in 7.56.0 + +# RETURN VALUE + +This returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_MIME_OPTIONS.md b/docs/libcurl/opts/CURLOPT_MIME_OPTIONS.md new file mode 100644 index 000000000..a8da7d7ab --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_MIME_OPTIONS.md @@ -0,0 +1,97 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_MIME_OPTIONS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPPOST (3) + - CURLOPT_MIMEPOST (3) +--- + +# NAME + +CURLOPT_MIME_OPTIONS - set MIME option flags + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MIME_OPTIONS, long options); +~~~ + +# DESCRIPTION + +Pass a long that holds a bitmask of CURLMIMEOPT_* defines. Each bit is a +Boolean flag used while encoding a MIME tree or multipart form data. + +Available bits are: + +## CURLMIMEOPT_FORMESCAPE + +Tells libcurl to escape multipart form field and file names using the +backslash-escaping algorithm rather than percent-encoding (HTTP only). + +Backslash-escaping consists in preceding backslashes and double quotes with +a backslash. Percent encoding maps all occurrences of double quote, +carriage return and line feed to %22, %0D and %0A respectively. + +Before version 7.81.0, percent-encoding was never applied. + +HTTP browsers used to do backslash-escaping in the past but have over time +transitioned to use percent-encoding. This option allows one to address +server-side applications that have not yet have been converted. + +As an example, consider field or filename *strangename"kind*. When the +containing multipart form is sent, this is normally transmitted as +*strangename%22kind*. When this option is set, it is sent as +*strangename"kind*. + +# DEFAULT + +0, meaning disabled. + +# PROTOCOLS + +HTTP, IMAP, SMTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + curl_mime *form = NULL; + + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_MIME_OPTIONS, CURLMIMEOPT_FORMESCAPE); + + form = curl_mime_init(curl); + if(form) { + curl_mimepart *part = curl_mime_addpart(form); + + if(part) { + curl_mime_filedata(part, "strange\\file\\name"); + curl_mime_name(part, "strange\"field\"name"); + curl_easy_setopt(curl, CURLOPT_MIMEPOST, form); + + /* Perform the request */ + curl_easy_perform(curl); + } + } + + curl_easy_cleanup(curl); + curl_mime_free(form); + } +} +~~~ + +# AVAILABILITY + +Option added in 7.81.0. + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_NETRC.md b/docs/libcurl/opts/CURLOPT_NETRC.md new file mode 100644 index 000000000..89a55b4d9 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_NETRC.md @@ -0,0 +1,141 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_NETRC +Section: 3 +Source: libcurl +See-also: + - CURLOPT_NETRC_FILE (3) + - CURLOPT_USERNAME (3) + - CURLOPT_USERPWD (3) +--- + +# NAME + +CURLOPT_NETRC - enable use of .netrc + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_NETRC, long level); +~~~ + +# DESCRIPTION + +This parameter controls the preference *level* of libcurl between using +user names and passwords from your *~/.netrc* file, relative to user names +and passwords in the URL supplied with CURLOPT_URL(3). + +On Windows, libcurl uses the file as *%HOME%/_netrc*. If *%HOME%* is +not set on Windows, libcurl falls back to *%USERPROFILE%*. + +You can also tell libcurl a different filename to use with +CURLOPT_NETRC_FILE(3). + +libcurl uses a user name (and supplied or prompted password) supplied with +CURLOPT_USERPWD(3) or CURLOPT_USERNAME(3) in preference to any of +the options controlled by this parameter. + +Only machine name, user name and password are taken into account (init macros +and similar things are not supported). + +libcurl does not verify that the file has the correct properties set (as the +standard Unix ftp client does). It should only be readable by user. + +*level* is a long that should be set to one of the values described below. + +## CURL_NETRC_IGNORED (0) + +libcurl ignores the *.netrc* file. This is the default. + +## CURL_NETRC_OPTIONAL (1) + +The use of the *.netrc* file is optional, and information in the URL is to +be preferred. The file is scanned for the host and user name (to find the +password only) or for the host only, to find the first user name and password +after that *machine*, which ever information is not specified. + +## CURL_NETRC_REQUIRED (2) + +The use of the *.netrc* file is required, and any credential information +present in the URL is ignored. The file is scanned for the host and user name +(to find the password only) or for the host only, to find the first user name +and password after that *machine*, which ever information is not +specified. + +# FILE FORMAT + +The **.netrc** file format is simple: you specify lines with a machine name +and follow the login and password that are associated with that machine. + +Each field is provided as a sequence of letters that ends with a space or +newline. Starting in 7.84.0, libcurl also supports quoted strings. They start +and end with double quotes and support the escaped special letters ", n, +r, and t. Quoted strings are the only way a space character can be used in +a user name or password. + +## machine + +Provides credentials for a host called **name**. libcurl searches the .netrc +file for a machine token that matches the hostname specified in the URL. Once +a match is made, the subsequent tokens are processed, stopping when the end of +file is reached or another "machine" is encountered. + +## default + +This is the same as "machine" name except that default matches any name. There +can be only one default token, and it must be after all machine tokens. To +provide a default anonymous login for hosts that are not otherwise matched, +add a line similar to this in the end: + + default login anonymous password user@domain + +## login + +The user name string for the remote machine. + +## password + +Supply a password. If this token is present, curl supplies the specified +string if the remote server requires a password as part of the login process. +Note that if this token is present in the .netrc file you really should make +sure the file is not readable by anyone besides the user. + +## macdef + +Define a macro. This feature is not supported by libcurl. In order for the +rest of the .netrc to still work fine, libcurl properly skips every definition +done with "macdef" that it finds. + +# DEFAULT + +CURL_NETRC_IGNORED + +# PROTOCOLS + +Most + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/"); + curl_easy_setopt(curl, CURLOPT_NETRC, CURL_NETRC_OPTIONAL); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_NETRC_FILE.md b/docs/libcurl/opts/CURLOPT_NETRC_FILE.md new file mode 100644 index 000000000..62fe7a521 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_NETRC_FILE.md @@ -0,0 +1,66 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_NETRC_FILE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_NETRC (3) + - CURLOPT_PASSWORD (3) + - CURLOPT_USERNAME (3) +--- + +# NAME + +CURLOPT_NETRC_FILE - filename to read .netrc info from + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_NETRC_FILE, char *file); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, pointing to a null-terminated string +containing the full path name to the *file* you want libcurl to use as .netrc +file. If this option is omitted, and CURLOPT_NETRC(3) is set, libcurl checks +for a .netrc file in the current user's home directory. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/"); + curl_easy_setopt(curl, CURLOPT_NETRC, CURL_NETRC_OPTIONAL); + curl_easy_setopt(curl, CURLOPT_NETRC_FILE, "/tmp/magic-netrc"); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.10.9 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.md b/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.md new file mode 100644 index 000000000..bb302d42b --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_NEW_DIRECTORY_PERMS.md @@ -0,0 +1,64 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_NEW_DIRECTORY_PERMS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FTP_CREATE_MISSING_DIRS (3) + - CURLOPT_NEW_FILE_PERMS (3) + - CURLOPT_UPLOAD (3) +--- + +# NAME + +CURLOPT_NEW_DIRECTORY_PERMS - permissions for remotely created directories + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_NEW_DIRECTORY_PERMS, + long mode); +~~~ + +# DESCRIPTION + +Pass a long as a parameter, containing the value of the permissions that is +set on newly created directories on the remote server. The default value is +*0755*, but any valid value can be used. The only protocols that can use +this are *sftp://*, *scp://*, and *file://*. + +# DEFAULT + +0755 + +# PROTOCOLS + +SFTP, SCP and FILE + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, + "sftp://upload.example.com/newdir/file.zip"); + curl_easy_setopt(curl, CURLOPT_FTP_CREATE_MISSING_DIRS, 1L); + curl_easy_setopt(curl, CURLOPT_NEW_DIRECTORY_PERMS, 0644L); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.16.4 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.md b/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.md new file mode 100644 index 000000000..dd12c0bbd --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_NEW_FILE_PERMS.md @@ -0,0 +1,60 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_NEW_FILE_PERMS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_NEW_DIRECTORY_PERMS (3) + - CURLOPT_UPLOAD (3) +--- + +# NAME + +CURLOPT_NEW_FILE_PERMS - permissions for remotely created files + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_NEW_FILE_PERMS, + long mode); +~~~ + +# DESCRIPTION + +Pass a long as a parameter, containing the value of the permissions that are +set on newly created files on the remote server. The default value is *0644*. +The only protocols that can use this are *sftp://*, *scp://*, and *file://*. + +# DEFAULT + +0644 + +# PROTOCOLS + +SFTP, SCP and FILE + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "sftp://upload.example.com/file.txt"); + curl_easy_setopt(curl, CURLOPT_NEW_FILE_PERMS, 0664L); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.16.4 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_NOBODY.md b/docs/libcurl/opts/CURLOPT_NOBODY.md new file mode 100644 index 000000000..9d63154c9 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_NOBODY.md @@ -0,0 +1,78 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_NOBODY +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPGET (3) + - CURLOPT_MIMEPOST (3) + - CURLOPT_POSTFIELDS (3) + - CURLOPT_REQUEST_TARGET (3) + - CURLOPT_UPLOAD (3) +--- + +# NAME + +CURLOPT_NOBODY - do the download request without getting the body + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_NOBODY, long opt); +~~~ + +# DESCRIPTION + +A long parameter set to 1 tells libcurl to not include the body-part in the +output when doing what would otherwise be a download. For HTTP(S), this makes +libcurl do a HEAD request. For most other protocols it means just not asking +to transfer the body data. + +For HTTP operations when CURLOPT_NOBODY(3) has been set, disabling this +option (with 0) makes it a GET again - only if the method is still set to be +HEAD. The proper way to get back to a GET request is to set +CURLOPT_HTTPGET(3) and for other methods, use the POST or UPLOAD +options. + +Enabling CURLOPT_NOBODY(3) means asking for a download without a body. + +If you do a transfer with HTTP that involves a method other than HEAD, you get +a body (unless the resource and server sends a zero byte body for the specific +URL you request). + +# DEFAULT + +0, the body is transferred + +# PROTOCOLS + +Most + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* get us the resource without a body - use HEAD! */ + curl_easy_setopt(curl, CURLOPT_NOBODY, 1L); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_NOPROGRESS.md b/docs/libcurl/opts/CURLOPT_NOPROGRESS.md new file mode 100644 index 000000000..e2845a96f --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_NOPROGRESS.md @@ -0,0 +1,65 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_NOPROGRESS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DEBUGFUNCTION (3) + - CURLOPT_PROGRESSFUNCTION (3) + - CURLOPT_VERBOSE (3) + - CURLOPT_XFERINFOFUNCTION (3) +--- + +# NAME + +CURLOPT_NOPROGRESS - switch off the progress meter + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_NOPROGRESS, long onoff); +~~~ + +# DESCRIPTION + +If *onoff* is to 1, it tells the library to shut off the progress meter +completely for requests done with this *handle*. It also prevents the +CURLOPT_XFERINFOFUNCTION(3) or CURLOPT_PROGRESSFUNCTION(3) from +getting called. + +# DEFAULT + +1, meaning it normally runs without a progress meter. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* enable progress meter */ + curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0L); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_NOPROXY.md b/docs/libcurl/opts/CURLOPT_NOPROXY.md new file mode 100644 index 000000000..91292e22e --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_NOPROXY.md @@ -0,0 +1,91 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_NOPROXY +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY (3) + - CURLOPT_PROXYAUTH (3) + - CURLOPT_PROXYTYPE (3) +--- + +# NAME + +CURLOPT_NOPROXY - disable proxy use for specific hosts + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_NOPROXY, char *noproxy); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string. The string consists of a comma +separated list of host names that do not require a proxy to get reached, even +if one is specified. The only wildcard available is a single * character, +which matches all hosts, and effectively disables the proxy. Each name in this +list is matched as either a domain which contains the hostname, or the +hostname itself. For example, "ample.com" would match ample.com, ample.com:80, +and www.ample.com, but not www.example.com or ample.com.org. + +Setting the *noproxy* string to "" (an empty string) explicitly enables +the proxy for all host names, even if there is an environment variable set for +it. + +Enter IPv6 numerical addresses in the list of host names without enclosing +brackets: + + "example.com,::1,localhost" + +Since 7.86.0, IP addresses specified to this option can be provided using CIDR +notation: an appended slash and number specifies the number of "network bits" +out of the address to use in the comparison. For example "192.168.0.0/16" +would match all addresses starting with "192.168". + +The application does not have to keep the string around after setting this +option. + +# Environment variables + +If there is an environment variable called **no_proxy** (or **NO_PROXY**), +it is used if the CURLOPT_NOPROXY(3) option is not set. It works exactly +the same way. + +# DEFAULT + +NULL + +# PROTOCOLS + +Most + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + /* accept various URLs */ + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* use this proxy */ + curl_easy_setopt(curl, CURLOPT_PROXY, "http://proxy:80"); + /* ... but make sure this host name is not proxied */ + curl_easy_setopt(curl, CURLOPT_NOPROXY, "www.example.com"); + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.19.4 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_NOSIGNAL.md b/docs/libcurl/opts/CURLOPT_NOSIGNAL.md new file mode 100644 index 000000000..50ae65cca --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_NOSIGNAL.md @@ -0,0 +1,78 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_NOSIGNAL +Section: 3 +Source: libcurl +See-also: + - CURLOPT_TIMEOUT (3) +--- + +# NAME + +CURLOPT_NOSIGNAL - skip all signal handling + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_NOSIGNAL, long onoff); +~~~ + +# DESCRIPTION + +If *onoff* is 1, libcurl uses no functions that install signal handlers or +any functions that cause signals to be sent to the process. This option is +here to allow multi-threaded unix applications to still set/use all timeout +options etc, without risking getting signals. + +If this option is set and libcurl has been built with the standard name +resolver, timeouts cannot occur while the name resolve takes place. Consider +building libcurl with the c-ares or threaded resolver backends to enable +asynchronous DNS lookups, to enable timeouts for name resolves without the use +of signals. + +Setting CURLOPT_NOSIGNAL(3) to 1 makes libcurl NOT ask the system to +ignore SIGPIPE signals, which otherwise are sent by the system when trying to +send data to a socket which is closed in the other end. libcurl makes an +effort to never cause such SIGPIPE signals to trigger, but some operating +systems have no way to avoid them and even on those that have there are some +corner cases when they may still happen, contrary to our desire. In addition, +using *CURLAUTH_NTLM_WB* authentication could cause a SIGCHLD signal to be +raised. + +# DEFAULT + +0 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + + curl_easy_setopt(curl, CURLOPT_NOSIGNAL, 1L); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.10 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_OPENSOCKETDATA.md b/docs/libcurl/opts/CURLOPT_OPENSOCKETDATA.md new file mode 100644 index 000000000..f3e7ef855 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_OPENSOCKETDATA.md @@ -0,0 +1,92 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_OPENSOCKETDATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CLOSESOCKETFUNCTION (3) + - CURLOPT_OPENSOCKETFUNCTION (3) + - CURLOPT_SOCKOPTFUNCTION (3) +--- + +# NAME + +CURLOPT_OPENSOCKETDATA - pointer passed to open socket callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_OPENSOCKETDATA, void *pointer); +~~~ + +# DESCRIPTION + +Pass a *pointer* that is untouched by libcurl and passed as the first +argument in the open socket callback set with +CURLOPT_OPENSOCKETFUNCTION(3). + +# DEFAULT + +The default value of this parameter is NULL. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +/* make libcurl use the already established socket 'sockfd' */ + +static curl_socket_t opensocket(void *clientp, + curlsocktype purpose, + struct curl_sockaddr *address) +{ + curl_socket_t sockfd; + sockfd = *(curl_socket_t *)clientp; + /* the actual externally set socket is passed in via the OPENSOCKETDATA + option */ + return sockfd; +} + +static int sockopt_callback(void *clientp, curl_socket_t curlfd, + curlsocktype purpose) +{ + /* This return code was added in libcurl 7.21.5 */ + return CURL_SOCKOPT_ALREADY_CONNECTED; +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + extern int sockfd; /* the already connected one */ + + /* libcurl thinks that you connect to the host + * and port that you specify in the URL option. */ + curl_easy_setopt(curl, CURLOPT_URL, "http://99.99.99.99:9999"); + /* call this function to get a socket */ + curl_easy_setopt(curl, CURLOPT_OPENSOCKETFUNCTION, opensocket); + curl_easy_setopt(curl, CURLOPT_OPENSOCKETDATA, &sockfd); + + /* call this function to set options for the socket */ + curl_easy_setopt(curl, CURLOPT_SOCKOPTFUNCTION, sockopt_callback); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.17.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.md b/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.md new file mode 100644 index 000000000..125ccff68 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_OPENSOCKETFUNCTION.md @@ -0,0 +1,132 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_OPENSOCKETFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CLOSESOCKETFUNCTION (3) + - CURLOPT_OPENSOCKETFUNCTION (3) + - CURLOPT_SOCKOPTFUNCTION (3) +--- + +# NAME + +CURLOPT_OPENSOCKETFUNCTION - callback for opening socket + +# SYNOPSIS + +~~~c +#include + +typedef enum { + CURLSOCKTYPE_IPCXN, /* socket created for a specific IP connection */ +} curlsocktype; + +struct curl_sockaddr { + int family; + int socktype; + int protocol; + unsigned int addrlen; + struct sockaddr addr; +}; + +curl_socket_t opensocket_callback(void *clientp, + curlsocktype purpose, + struct curl_sockaddr *address); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_OPENSOCKETFUNCTION, opensocket_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +This callback function gets called by libcurl instead of the *socket(2)* +call. The callback's *purpose* argument identifies the exact purpose for +this particular socket. *CURLSOCKTYPE_IPCXN* is for IP based connections +and is the only purpose currently used in libcurl. Future versions of libcurl +may support more purposes. + +The *clientp* pointer contains whatever user-defined value set using the +CURLOPT_OPENSOCKETDATA(3) function. + +The callback gets the resolved peer address as the *address* argument and +is allowed to modify the address or refuse to connect completely. The callback +function should return the newly created socket or *CURL_SOCKET_BAD* in +case no connection could be established or another error was detected. Any +additional *setsockopt(2)* calls can of course be done on the socket at +the user's discretion. A *CURL_SOCKET_BAD* return value from the callback +function signals an unrecoverable error to libcurl and it returns +*CURLE_COULDNT_CONNECT* from the function that triggered this callback. +This return code can be used for IP address block listing. + +If you want to pass in a socket with an already established connection, pass +the socket back with this callback and then use +CURLOPT_SOCKOPTFUNCTION(3) to signal that it already is connected. + +# DEFAULT + +The default behavior is the equivalent of this: +~~~c + return socket(addr->family, addr->socktype, addr->protocol); +~~~ + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +/* make libcurl use the already established socket 'sockfd' */ + +static curl_socket_t opensocket(void *clientp, + curlsocktype purpose, + struct curl_sockaddr *address) +{ + curl_socket_t sockfd; + sockfd = *(curl_socket_t *)clientp; + /* the actual externally set socket is passed in via the OPENSOCKETDATA + option */ + return sockfd; +} + +static int sockopt_callback(void *clientp, curl_socket_t curlfd, + curlsocktype purpose) +{ + /* This return code was added in libcurl 7.21.5 */ + return CURL_SOCKOPT_ALREADY_CONNECTED; +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + extern int sockfd; /* the already connected one */ + /* libcurl thinks that you connect to the host + * and port that you specify in the URL option. */ + curl_easy_setopt(curl, CURLOPT_URL, "http://99.99.99.99:9999"); + /* call this function to get a socket */ + curl_easy_setopt(curl, CURLOPT_OPENSOCKETFUNCTION, opensocket); + curl_easy_setopt(curl, CURLOPT_OPENSOCKETDATA, &sockfd); + + /* call this function to set options for the socket */ + curl_easy_setopt(curl, CURLOPT_SOCKOPTFUNCTION, sockopt_callback); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.17.1. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_PASSWORD.md b/docs/libcurl/opts/CURLOPT_PASSWORD.md new file mode 100644 index 000000000..9849802d1 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PASSWORD.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PASSWORD +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPAUTH (3) + - CURLOPT_PROXYAUTH (3) + - CURLOPT_USERNAME (3) + - CURLOPT_USERPWD (3) +--- + +# NAME + +CURLOPT_PASSWORD - password to use in authentication + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PASSWORD, char *pwd); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, which should be pointing to the +null-terminated password to use for the transfer. + +The CURLOPT_PASSWORD(3) option should be used in conjunction with the +CURLOPT_USERNAME(3) option. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +blank + +# PROTOCOLS + +Most + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + + curl_easy_setopt(curl, CURLOPT_PASSWORD, "qwerty"); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.19.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PATH_AS_IS.md b/docs/libcurl/opts/CURLOPT_PATH_AS_IS.md new file mode 100644 index 000000000..499469172 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PATH_AS_IS.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PATH_AS_IS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DEBUGFUNCTION (3) + - CURLOPT_STDERR (3) + - CURLOPT_URL (3) + - curl_url_set (3) +--- + +# NAME + +CURLOPT_PATH_AS_IS - do not handle dot dot sequences + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PATH_AS_IS, long leaveit); +~~~ + +# DESCRIPTION + +Set the long *leaveit* to 1, to explicitly tell libcurl to not alter the +given path before passing it on to the server. + +This instructs libcurl to NOT squash sequences of "/../" or "/./" that may +exist in the URL's path part and that is supposed to be removed according to +RFC 3986 section 5.2.4. + +Some server implementations are known to (erroneously) require the dot dot +sequences to remain in the path and some clients want to pass these on in +order to try out server implementations. + +By default libcurl normalizes such sequences before using the path. + +The corresponding flag for the curl_url_set(3) function is called +**CURLU_PATH_AS_IS**. + +# DEFAULT + +0 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, + "https://example.com/../../etc/password"); + + curl_easy_setopt(curl, CURLOPT_PATH_AS_IS, 1L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.42.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.md b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.md new file mode 100644 index 000000000..922e2a6d6 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.md @@ -0,0 +1,143 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PINNEDPUBLICKEY +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CAINFO (3) + - CURLOPT_CAPATH (3) + - CURLOPT_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_PINNEDPUBLICKEY - pinned public key + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PINNEDPUBLICKEY, + char *pinnedpubkey); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. The string can be the +filename of your pinned public key. The file format expected is "PEM" or +"DER". The string can also be any number of base64 encoded sha256 hashes +preceded by "sha256//" and separated by ";" + +When negotiating a TLS or SSL connection, the server sends a certificate +indicating its identity. A public key is extracted from this certificate and +if it does not exactly match the public key provided to this option, curl +aborts the connection before sending or receiving any data. + +This option is independent of option CURLOPT_SSL_VERIFYPEER(3). If you turn +off that option then the peer is still verified by public key. + +On mismatch, *CURLE_SSL_PINNEDPUBKEYNOTMATCH* is returned. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "/etc/publickey.der"); + /* OR + curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, + "sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3" + "tvRMwE=;sha256//t62CeU2tQiqkexU74Gxa2eg7fRbEg" + "oChTociMee9wno="); + */ + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# PUBLIC KEY EXTRACTION + +If you do not have the server's public key file you can extract it from the +server's certificate. +~~~ +# retrieve the server's certificate if you do not already have it +# +# be sure to examine the certificate to see if it is what you expected +# +# Windows-specific: +# - Use NUL instead of /dev/null. +# - OpenSSL may wait for input instead of disconnecting. Hit enter. +# - If you do not have sed, then just copy the certificate into a file: +# Lines from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----. +# +openssl s_client -servername www.example.com -connect www.example.com:443 \ + < /dev/null | sed -n "/-----BEGIN/,/-----END/p" > www.example.com.pem + +# extract public key in pem format from certificate +openssl x509 -in www.example.com.pem -pubkey -noout > www.example.com.pubkey.pem + +# convert public key from pem to der +openssl asn1parse -noout -inform pem -in www.example.com.pubkey.pem \ + -out www.example.com.pubkey.der + +# sha256 hash and base64 encode der to string for use +openssl dgst -sha256 -binary www.example.com.pubkey.der | openssl base64 +~~~ + +The public key in PEM format contains a header, base64 data and a +footer: +~~~ +-----BEGIN PUBLIC KEY----- +[BASE 64 DATA] +-----END PUBLIC KEY----- +~~~ + +# AVAILABILITY + +## PEM/DER support + +7.39.0: OpenSSL, GnuTLS + +7.43.0: wolfSSL + +7.47.0: mbedTLS + +7.54.1: Secure Transport on macOS 10.7+/iOS 10+ + +7.58.1: Schannel + +## sha256 support + +7.44.0: OpenSSL, GnuTLS and wolfSSL + +7.47.0: mbedTLS + +7.54.1: Secure Transport on macOS 10.7+/iOS 10+ + +7.58.1: Schannel + +Other SSL backends not supported. + +# RETURN VALUE + +Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PIPEWAIT.md b/docs/libcurl/opts/CURLOPT_PIPEWAIT.md new file mode 100644 index 000000000..1be844dd0 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PIPEWAIT.md @@ -0,0 +1,78 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PIPEWAIT +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_MAX_HOST_CONNECTIONS (3) + - CURLMOPT_PIPELINING (3) + - CURLOPT_FORBID_REUSE (3) + - CURLOPT_FRESH_CONNECT (3) +--- + +# NAME + +CURLOPT_PIPEWAIT - wait for multiplexing + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PIPEWAIT, long wait); +~~~ + +# DESCRIPTION + +Set *wait* to 1L to tell libcurl to prefer to wait for a connection to +confirm or deny that it can do multiplexing before continuing. + +When about to perform a new transfer that allows multiplexing, libcurl checks +for existing connections to use. If no such connection exists it immediately +continues and creates a fresh new connection to use. + +By setting this option to 1 - and having CURLMOPT_PIPELINING(3) enabled +for the multi handle this transfer is associated with - libcurl instead waits +for the connection to reveal if it is possible to multiplex on before it +continues. This enables libcurl to much better keep the number of connections +to a minimum when using multiplexing protocols. + +With this option set, libcurl prefers to wait and reuse an existing connection +for multiplexing rather than the opposite: prefer to open a new connection +rather than waiting. + +The waiting time is as long as it takes for the connection to get up and for +libcurl to get the necessary response back that informs it about its protocol +and support level. + +# DEFAULT + +0 (off) + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PIPEWAIT, 1L); + + /* now add this easy handle to the multi handle */ + } +} +~~~ + +# AVAILABILITY + +Added in 7.43.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_PORT.md b/docs/libcurl/opts/CURLOPT_PORT.md new file mode 100644 index 000000000..42dc80133 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PORT.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PORT +Section: 3 +Source: libcurl +See-also: + - CURLINFO_PRIMARY_PORT (3) + - CURLOPT_STDERR (3) + - CURLOPT_URL (3) +--- + +# NAME + +CURLOPT_PORT - remote port number to connect to + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PORT, long number); +~~~ + +# DESCRIPTION + +We discourage using this option since its scope is not obvious and hard to +predict. Set the preferred port number in the URL instead. + +This option sets *number* to be the remote port number to connect to, +instead of the one specified in the URL or the default port for the used +protocol. + +Usually, you just let the URL decide which port to use but this allows the +application to override that. + +While this option accepts a 'long', a port number is an unsigned 16 bit number +and therefore using a port number lower than zero or over 65535 causes a +**CURLE_BAD_FUNCTION_ARGUMENT** error. + +# DEFAULT + +By default this is 0 which makes it not used. This also makes port number zero +impossible to set with this API. + +# PROTOCOLS + +Used for all protocols that speak to a port number. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + curl_easy_setopt(curl, CURLOPT_PORT, 8080L); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_POST.md b/docs/libcurl/opts/CURLOPT_POST.md new file mode 100644 index 000000000..96fcd42de --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_POST.md @@ -0,0 +1,102 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_POST +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPPOST (3) + - CURLOPT_POSTFIELDS (3) + - CURLOPT_PUT (3) +--- + +# NAME + +CURLOPT_POST - make an HTTP POST + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_POST, long post); +~~~ + +# DESCRIPTION + +A parameter set to 1 tells libcurl to do a regular HTTP post. This also makes +libcurl use a "Content-Type: application/x-www-form-urlencoded" header. This +is the most commonly used POST method. + +Use one of CURLOPT_POSTFIELDS(3) or CURLOPT_COPYPOSTFIELDS(3) +options to specify what data to post and CURLOPT_POSTFIELDSIZE(3) or +CURLOPT_POSTFIELDSIZE_LARGE(3) to set the data size. + +Optionally, you can provide data to POST using the +CURLOPT_READFUNCTION(3) and CURLOPT_READDATA(3) options but then +you must make sure to not set CURLOPT_POSTFIELDS(3) to anything but +NULL. When providing data with a callback, you must transmit it using chunked +transfer-encoding or you must set the size of the data with the +CURLOPT_POSTFIELDSIZE(3) or CURLOPT_POSTFIELDSIZE_LARGE(3) +options. To enable chunked encoding, you simply pass in the appropriate +Transfer-Encoding header, see the post-callback.c example. + +You can override the default POST Content-Type: header by setting your own +with CURLOPT_HTTPHEADER(3). + +Using POST with HTTP 1.1 implies the use of a "Expect: 100-continue" header. +You can disable this header with CURLOPT_HTTPHEADER(3) as usual. + +If you use POST to an HTTP 1.1 server, you can send data without knowing the +size before starting the POST if you use chunked encoding. You enable this by +adding a header like "Transfer-Encoding: chunked" with +CURLOPT_HTTPHEADER(3). With HTTP 1.0 or without chunked transfer, you +must specify the size in the request. (Since 7.66.0, libcurl automatically +uses chunked encoding for POSTs if the size is unknown.) + +When setting CURLOPT_POST(3) to 1, libcurl automatically sets +CURLOPT_NOBODY(3) and CURLOPT_HTTPGET(3) to 0. + +If you issue a POST request and then want to make a HEAD or GET using the same +reused handle, you must explicitly set the new request type using +CURLOPT_NOBODY(3) or CURLOPT_HTTPGET(3) or similar. + +When setting CURLOPT_POST(3) to 0, libcurl resets the request type to the +default to disable the POST. Typically that means gets reset to GET. Instead +you should set a new request type explicitly as described above. + +# DEFAULT + +0, disabled + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + curl_easy_setopt(curl, CURLOPT_POST, 1L); + + /* set up the read callback with CURLOPT_READFUNCTION */ + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Along with HTTP + +# RETURN VALUE + +Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_POSTFIELDS.md b/docs/libcurl/opts/CURLOPT_POSTFIELDS.md new file mode 100644 index 000000000..409e4100a --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_POSTFIELDS.md @@ -0,0 +1,124 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_POSTFIELDS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_COPYPOSTFIELDS (3) + - CURLOPT_MIMEPOST (3) + - CURLOPT_POSTFIELDSIZE (3) + - CURLOPT_READFUNCTION (3) + - CURLOPT_UPLOAD (3) +--- + +# NAME + +CURLOPT_POSTFIELDS - data to POST to server + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_POSTFIELDS, char *postdata); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, pointing to the data buffer to use in an +HTTP POST operation. The data must be formatted and encoded the way you want +the server to receive it. libcurl does not convert or encode it in any +way. For example, the web server may assume that this data is URL encoded. + +The data pointed to is NOT copied by the library: as a consequence, it must be +preserved by the calling application until the associated transfer finishes. +This behavior can be changed (so libcurl does copy the data) by instead using +the CURLOPT_COPYPOSTFIELDS(3) option. + +This POST is a normal **application/x-www-form-urlencoded** kind (and +libcurl sets that Content-Type by default when this option is used), which is +commonly used by HTML forms. Change Content-Type with +CURLOPT_HTTPHEADER(3). + +You can use curl_easy_escape(3) to URL encode your data, if +necessary. It returns a pointer to an encoded string that can be passed as +*postdata*. + +Using CURLOPT_POSTFIELDS(3) implies setting CURLOPT_POST(3) to 1. + +If CURLOPT_POSTFIELDS(3) is explicitly set to NULL then libcurl gets the +POST data from the read callback. If you want to send a zero-byte POST set +CURLOPT_POSTFIELDS(3) to an empty string, or set CURLOPT_POST(3) +to 1 and CURLOPT_POSTFIELDSIZE(3) to 0. + +libcurl assumes this option points to a null-terminated string unless you also +set CURLOPT_POSTFIELDSIZE(3) to specify the length of the provided data, +which then is strictly required if you want to send off null bytes included in +the data. + +Using POST with HTTP 1.1 implies the use of a "Expect: 100-continue" header, +and libcurl adds that header automatically if the POST is either known to be +larger than 1MB or if the expected size is unknown. You can disable this +header with CURLOPT_HTTPHEADER(3) as usual. + +To make **multipart/formdata** posts, check out the +CURLOPT_MIMEPOST(3) option combined with curl_mime_init(3). + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +/* send an application/x-www-form-urlencoded POST */ +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + const char *data = "data to send"; + + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* size of the POST data if strlen() is not good enough */ + curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, 12L); + + /* pass in a pointer to the data - libcurl does not copy */ + curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data); + + curl_easy_perform(curl); + } + + /* send an application/json POST */ + curl = curl_easy_init(); + if(curl) { + const char *json = "{\"name\": \"daniel\"}"; + struct curl_slist *slist1 = NULL; + slist1 = curl_slist_append(slist1, "Content-Type: application/json"); + slist1 = curl_slist_append(slist1, "Accept: application/json"); + + /* set custom headers */ + curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist1); + + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* pass in a pointer to the data - libcurl does not copy */ + curl_easy_setopt(curl, CURLOPT_POSTFIELDS, json); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.md b/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.md new file mode 100644 index 000000000..d086809cb --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_POSTFIELDSIZE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_POSTFIELDS (3) + - CURLOPT_POSTFIELDSIZE_LARGE (3) +--- + +# NAME + +CURLOPT_POSTFIELDSIZE - size of POST data pointed to + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_POSTFIELDSIZE, long size); +~~~ + +# DESCRIPTION + +If you want to post static data to the server without having libcurl do a +strlen() to measure the data size, this option must be used. When this option +is used you can post fully binary data, which otherwise is likely to fail. If +this size is set to -1, libcurl uses strlen() to get the size or relies on the +CURLOPT_READFUNCTION(3) (if used) to signal the end of data. + +If you post more than 2GB, use CURLOPT_POSTFIELDSIZE_LARGE(3). + +# DEFAULT + +-1 + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +#include /* for strlen */ + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + const char *data = "data to send"; + + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* size of the POST data */ + curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long) strlen(data)); + + curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Along with HTTP + +# RETURN VALUE + +Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.md b/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.md new file mode 100644 index 000000000..36fc0ff95 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_POSTFIELDSIZE_LARGE.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_POSTFIELDSIZE_LARGE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_COPYPOSTFIELDS (3) + - CURLOPT_POSTFIELDS (3) + - CURLOPT_POSTFIELDSIZE (3) +--- + +# NAME + +CURLOPT_POSTFIELDSIZE_LARGE - size of POST data pointed to + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_POSTFIELDSIZE_LARGE, + curl_off_t size); +~~~ + +# DESCRIPTION + +If you want to post static data to the server without having libcurl do a +strlen() to measure the data size, this option must be used. When this option +is used you can post fully binary data, which otherwise is likely to fail. If +this size is set to -1, libcurl uses strlen() to get the size or relies on the +CURLOPT_READFUNCTION(3) (if used) to signal the end of data. + +# DEFAULT + +-1 + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +extern char *large_chunk; /* pointer to somewhere */ + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + const char *data = large_chunk; + curl_off_t length_of_data; /* set somehow */ + + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* size of the POST data */ + curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE_LARGE, length_of_data); + + curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Along with HTTP + +# RETURN VALUE + +Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_POSTQUOTE.md b/docs/libcurl/opts/CURLOPT_POSTQUOTE.md new file mode 100644 index 000000000..300a1f2c5 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_POSTQUOTE.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_POSTQUOTE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PREQUOTE (3) + - CURLOPT_QUOTE (3) +--- + +# NAME + +CURLOPT_POSTQUOTE - (S)FTP commands to run after the transfer + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_POSTQUOTE, + struct curl_slist *cmds); +~~~ + +# DESCRIPTION + +Pass a pointer to a linked list of FTP or SFTP commands to pass to the server +after your FTP transfer request. The commands are only issues if no error +occur. The linked list should be a fully valid list of struct curl_slist +structs properly filled in as described for CURLOPT_QUOTE(3). + +Disable this operation again by setting a NULL to this option. + +# DEFAULT + +NULL + +# PROTOCOLS + +SFTP and FTP + +# EXAMPLE + +~~~c +int main(void) +{ + struct curl_slist *cmdlist = NULL; + cmdlist = curl_slist_append(cmdlist, "RNFR source-name"); + cmdlist = curl_slist_append(cmdlist, "RNTO new-name"); + + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/foo.bin"); + + /* pass in the FTP commands to run after the transfer */ + curl_easy_setopt(curl, CURLOPT_POSTQUOTE, cmdlist); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +If support for the protocols are built-in. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_POSTREDIR.md b/docs/libcurl/opts/CURLOPT_POSTREDIR.md new file mode 100644 index 000000000..0ca04a98c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_POSTREDIR.md @@ -0,0 +1,81 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_POSTREDIR +Section: 3 +Source: libcurl +See-also: + - CURLINFO_EFFECTIVE_METHOD (3) + - CURLINFO_REDIRECT_COUNT (3) + - CURLOPT_FOLLOWLOCATION (3) + - CURLOPT_MAXREDIRS (3) + - CURLOPT_POSTFIELDS (3) +--- + +# NAME + +CURLOPT_POSTREDIR - how to act on an HTTP POST redirect + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_POSTREDIR, + long bitmask); +~~~ + +# DESCRIPTION + +Pass a bitmask to control how libcurl acts on redirects after POSTs that get a +301, 302 or 303 response back. A parameter with bit 0 set (value +**CURL_REDIR_POST_301**) tells the library to respect RFC 7231 (section +6.4.2 to 6.4.4) and not convert POST requests into GET requests when following +a 301 redirection. Setting bit 1 (value **CURL_REDIR_POST_302**) makes +libcurl maintain the request method after a 302 redirect whilst setting bit 2 +(value **CURL_REDIR_POST_303**) makes libcurl maintain the request method +after a 303 redirect. The value **CURL_REDIR_POST_ALL** is a convenience +define that sets all three bits. + +The non-RFC behavior is ubiquitous in web browsers, so the library does the +conversion by default to maintain consistency. However, a server may require a +POST to remain a POST after such a redirection. This option is meaningful only +when setting CURLOPT_FOLLOWLOCATION(3). + +# DEFAULT + +0 + +# PROTOCOLS + +HTTP(S) + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* a silly POST example */ + curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "data=true"); + + /* example.com is redirected, so we tell libcurl to send POST on 301, + 302 and 303 HTTP response codes */ + curl_easy_setopt(curl, CURLOPT_POSTREDIR, CURL_REDIR_POST_ALL); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.17.1. This option was known as CURLOPT_POST301 up to 7.19.0 as it +only supported the 301 then. CURL_REDIR_POST_303 was added in 7.26.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_PREQUOTE.md b/docs/libcurl/opts/CURLOPT_PREQUOTE.md new file mode 100644 index 000000000..e5192039d --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PREQUOTE.md @@ -0,0 +1,76 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PREQUOTE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_POSTQUOTE (3) + - CURLOPT_QUOTE (3) +--- + +# NAME + +CURLOPT_PREQUOTE - commands to run before an FTP transfer + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PREQUOTE, + struct curl_slist *cmds); +~~~ + +# DESCRIPTION + +Pass a pointer to a linked list of FTP commands to pass to the server after +the transfer type is set. The linked list should be a fully valid list of +struct curl_slist structs properly filled in as described for +CURLOPT_QUOTE(3). Disable this operation again by setting a NULL to this +option. + +These commands are not performed when a directory listing is performed, only +for file transfers. + +While CURLOPT_QUOTE(3) and CURLOPT_POSTQUOTE(3) work for SFTP, +this option does not. + +# DEFAULT + +NULL + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +int main(void) +{ + struct curl_slist *cmdlist = NULL; + cmdlist = curl_slist_append(cmdlist, "SYST"); + + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/foo.bin"); + + /* pass in the FTP commands to run */ + curl_easy_setopt(curl, CURLOPT_PREQUOTE, cmdlist); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Along with the protocol support + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_PREREQDATA.md b/docs/libcurl/opts/CURLOPT_PREREQDATA.md new file mode 100644 index 000000000..14ba8e302 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PREREQDATA.md @@ -0,0 +1,73 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PREREQDATA +Section: 3 +Source: libcurl +See-also: + - CURLINFO_PRIMARY_IP (3) + - CURLINFO_PRIMARY_PORT (3) + - CURLOPT_PREREQFUNCTION (3) +--- + +# NAME + +CURLOPT_PREREQDATA - pointer passed to the pre-request callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PREREQDATA, void *pointer); +~~~ + +# DESCRIPTION + +Pass a *pointer* that is untouched by libcurl and passed as the first +argument in the pre-request callback set with CURLOPT_PREREQFUNCTION(3). + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +struct priv { + void *custom; +}; + +static int prereq_callback(void *clientp, + char *conn_primary_ip, + char *conn_local_ip, + int conn_primary_port, + int conn_local_port) +{ + printf("Connection made to %s:%d\n", conn_primary_ip, conn_primary_port); + return CURL_PREREQFUNC_OK; +} + +int main(void) +{ + struct priv prereq_data; + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_PREREQFUNCTION, prereq_callback); + curl_easy_setopt(curl, CURLOPT_PREREQDATA, &prereq_data); + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.80.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_PREREQFUNCTION.3 b/docs/libcurl/opts/CURLOPT_PREREQFUNCTION.md similarity index 51% rename from docs/libcurl/opts/CURLOPT_PREREQFUNCTION.3 rename to docs/libcurl/opts/CURLOPT_PREREQFUNCTION.md index c17484826..c81408494 100644 --- a/docs/libcurl/opts/CURLOPT_PREREQFUNCTION.3 +++ b/docs/libcurl/opts/CURLOPT_PREREQFUNCTION.md @@ -1,34 +1,23 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Max Dymond, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.\" -.TH CURLOPT_PREREQFUNCTION 3 "September 26, 2023" "ibcurl 8.4.0" libcurl - -.SH NAME -CURLOPT_PREREQFUNCTION \- user callback called when a connection has been +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PREREQFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLINFO_PRIMARY_IP (3) + - CURLINFO_PRIMARY_PORT (3) + - CURLOPT_PREREQDATA (3) +--- + +# NAME + +CURLOPT_PREREQFUNCTION - user callback called when a connection has been established, but before a request has been made. -.SH SYNOPSIS -.nf + +# SYNOPSIS + +~~~c #include /* These are the return codes for the pre-request callback. */ @@ -42,7 +31,10 @@ int prereq_callback(void *clientp, int conn_local_port); CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PREREQFUNCTION, prereq_callback); -.SH DESCRIPTION +~~~ + +# DESCRIPTION + Pass a pointer to your callback function, which should match the prototype shown above. @@ -53,56 +45,81 @@ callback is called once a connection has been established to the server, but before a GET/HEAD/POST/etc request has been sent. This function may be called multiple times if redirections are enabled and are -being followed (see \fICURLOPT_FOLLOWLOCATION(3)\fP). +being followed (see CURLOPT_FOLLOWLOCATION(3)). -The callback function must return \fICURL_PREREQFUNC_OK\fP on success, or -\fICURL_PREREQFUNC_ABORT\fP to cause the transfer to fail. +The callback function must return *CURL_PREREQFUNC_OK* on success, or +*CURL_PREREQFUNC_ABORT* to cause the transfer to fail. This function is passed the following arguments: -.IP conn_primary_ip + +## conn_primary_ip + A null-terminated pointer to a C string containing the primary IP of the remote server established with this connection. For FTP, this is the IP for the control connection. IPv6 addresses are represented without surrounding brackets. -.IP conn_local_ip + +## conn_local_ip + A null-terminated pointer to a C string containing the originating IP for this connection. IPv6 addresses are represented without surrounding brackets. -.IP conn_primary_port + +## conn_primary_port + The primary port number on the remote server established with this connection. For FTP, this is the port for the control connection. This can be a TCP or a UDP port number depending on the protocol. -.IP conn_local_port + +## conn_local_port + The originating port number for this connection. This can be a TCP or a UDP port number depending on the protocol. -.IP clientp -The pointer you set with \fICURLOPT_PREREQDATA(3)\fP. -.SH DEFAULT + +## clientp + +The pointer you set with CURLOPT_PREREQDATA(3). + +# DEFAULT + By default, this is NULL and unused. -.SH PROTOCOLS + +# PROTOCOLS + ALL -.SH EXAMPLE -.nf + +# EXAMPLE + +~~~c +struct priv { + void *custom; +}; + static int prereq_callback(void *clientp, char *conn_primary_ip, char *conn_local_ip, int conn_primary_port, int conn_local_port) { - printf("Connection made to %s:%s\\n", conn_primary_ip, conn_primary_port); + printf("Connection made to %s:%d\n", conn_primary_ip, conn_primary_port); return CURL_PREREQFUNC_OK; } +int main(void) { - struct data prereq_data; - curl_easy_setopt(CURL *handle, CURLOPT_PREREQFUNCTION, prereq_callback); - curl_easy_setopt(CURL *handle, CURLOPT_PREREQDATA, &prereq_data); + struct priv prereq_data; + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_PREREQFUNCTION, prereq_callback); + curl_easy_setopt(curl, CURLOPT_PREREQDATA, &prereq_data); + curl_easy_perform(curl); + } } -.fi -.SH AVAILABILITY +~~~ + +# AVAILABILITY + Added in 7.80.0 -.SH RETURN VALUE + +# RETURN VALUE + Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. -.SH "SEE ALSO" -.BR CURLINFO_PRIMARY_IP (3), -.BR CURLINFO_PRIMARY_PORT (3), -.BR CURLOPT_PREREQDATA (3) diff --git a/docs/libcurl/opts/CURLOPT_PRE_PROXY.md b/docs/libcurl/opts/CURLOPT_PRE_PROXY.md new file mode 100644 index 000000000..1afe831e3 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PRE_PROXY.md @@ -0,0 +1,84 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PRE_PROXY +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPPROXYTUNNEL (3) + - CURLOPT_PROXY (3) +--- + +# NAME + +CURLOPT_PRE_PROXY - pre-proxy host to use + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PRE_PROXY, char *preproxy); +~~~ + +# DESCRIPTION + +Set the *preproxy* to use for the upcoming request. The parameter should be a +char * to a null-terminated string holding the hostname or dotted numerical IP +address. A numerical IPv6 address must be written within [brackets]. + +To specify port number in this string, append :[port] to the end of the host +name. The proxy's port number may optionally be specified with the separate +option CURLOPT_PROXYPORT(3). If not specified, libcurl defaults to using +port 1080 for proxies. + +A pre proxy is a SOCKS proxy that curl connects to before it connects to the +HTTP(S) proxy specified in the CURLOPT_PROXY(3) option. The pre proxy +can only be a SOCKS proxy. + +The pre proxy string should be prefixed with [scheme]:// to specify which kind +of socks is used. Use socks4://, socks4a://, socks5:// or socks5h:// (the last +one to enable socks5 and asking the proxy to do the resolving, also known as +*CURLPROXY_SOCKS5_HOSTNAME* type) to request the specific SOCKS version to +be used. Otherwise SOCKS4 is used as default. + +Setting the pre proxy string to "" (an empty string) explicitly disables the +use of a pre proxy. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +Default is NULL, meaning no pre proxy is used. + +When you set a hostname to use, do not assume that there is any particular +single port number used widely for proxies. Specify it! + +# PROTOCOLS + +All except file://. Note that some protocols do not work well over proxy. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/file.txt"); + curl_easy_setopt(curl, CURLOPT_PRE_PROXY, "socks4://socks-proxy:1080"); + curl_easy_setopt(curl, CURLOPT_PROXY, "http://proxy:80"); + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0 + +# RETURN VALUE + +Returns CURLE_OK if proxies are supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PRIVATE.md b/docs/libcurl/opts/CURLOPT_PRIVATE.md new file mode 100644 index 000000000..571a681b9 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PRIVATE.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PRIVATE +Section: 3 +Source: libcurl +See-also: + - CURLINFO_PRIVATE (3) + - CURLOPT_STDERR (3) + - CURLOPT_VERBOSE (3) +--- + +# NAME + +CURLOPT_PRIVATE - store a private pointer + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PRIVATE, void *pointer); +~~~ + +# DESCRIPTION + +Pass a void * as parameter, pointing to data that should be associated with +this curl handle. The pointer can subsequently be retrieved using +curl_easy_getinfo(3) with the CURLINFO_PRIVATE(3) option. libcurl itself +never does anything with this data. + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +struct private { + void *custom; +}; + +int main(void) +{ + CURL *curl = curl_easy_init(); + struct private secrets; + if(curl) { + struct private *extracted; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* store a pointer to our private struct */ + curl_easy_setopt(curl, CURLOPT_PRIVATE, &secrets); + + curl_easy_perform(curl); + + /* we can extract the private pointer again too */ + curl_easy_getinfo(curl, CURLINFO_PRIVATE, &extracted); + } +} +~~~ + +# AVAILABILITY + +Added in 7.10.3 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_PROGRESSDATA.md b/docs/libcurl/opts/CURLOPT_PROGRESSDATA.md new file mode 100644 index 000000000..276bee827 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROGRESSDATA.md @@ -0,0 +1,80 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROGRESSDATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROGRESSFUNCTION (3) + - CURLOPT_XFERINFOFUNCTION (3) +--- + +# NAME + +CURLOPT_PROGRESSDATA - pointer passed to the progress callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROGRESSDATA, void *pointer); +~~~ + +# DESCRIPTION + +Pass a *pointer* that is untouched by libcurl and passed as the first +argument in the progress callback set with CURLOPT_PROGRESSFUNCTION(3). + +# DEFAULT + +The default value of this parameter is NULL. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +struct progress { + char *private; + size_t size; +}; + +static size_t progress_callback(void *clientp, + double dltotal, + double dlnow, + double ultotal, + double ulnow) +{ + struct progress *memory = clientp; + printf("private: %p\n", memory->private); + + /* use the values */ + + return 0; /* all is good */ +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + struct progress data; + + /* pass struct to callback */ + curl_easy_setopt(curl, CURLOPT_PROGRESSDATA, &data); + curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, progress_callback); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_PROGRESSFUNCTION.md b/docs/libcurl/opts/CURLOPT_PROGRESSFUNCTION.md new file mode 100644 index 000000000..19d84c889 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROGRESSFUNCTION.md @@ -0,0 +1,125 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROGRESSFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_NOPROGRESS (3) + - CURLOPT_VERBOSE (3) + - CURLOPT_XFERINFOFUNCTION (3) +--- + +# NAME + +CURLOPT_PROGRESSFUNCTION - progress meter callback + +# SYNOPSIS + +~~~c +#include + +int progress_callback(void *clientp, + double dltotal, + double dlnow, + double ultotal, + double ulnow); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROGRESSFUNCTION, + progress_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +This option is deprecated and we encourage users to use the +newer CURLOPT_XFERINFOFUNCTION(3) instead, if you can. + +This function gets called by libcurl instead of its internal equivalent with a +frequent interval. While data is being transferred it is invoked frequently, +and during slow periods like when nothing is being transferred it can slow +down to about one call per second. + +*clientp* is the pointer set with CURLOPT_PROGRESSDATA(3), it is not +used by libcurl but is only passed along from the application to the callback. + +The callback gets told how much data libcurl is about to transfer and has +transferred, in number of bytes. *dltotal* is the total number of bytes +libcurl expects to download in this transfer. *dlnow* is the number of +bytes downloaded so far. *ultotal* is the total number of bytes libcurl +expects to upload in this transfer. *ulnow* is the number of bytes +uploaded so far. + +Unknown/unused argument values passed to the callback are be set to zero (like +if you only download data, the upload size remains 0). Many times the callback +is called one or more times first, before it knows the data sizes so a program +must be made to handle that. + +If your callback function returns CURL_PROGRESSFUNC_CONTINUE it causes libcurl +to continue executing the default progress function. + +Returning any other non-zero value from this callback makes libcurl abort the +transfer and return *CURLE_ABORTED_BY_CALLBACK*. + +If you transfer data with the multi interface, this function is not called +during periods of idleness unless you call the appropriate libcurl function +that performs transfers. + +CURLOPT_NOPROGRESS(3) must be set to 0 to make this function actually +get called. + +# DEFAULT + +By default, libcurl has an internal progress meter. That is rarely wanted by +users. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +struct progress { + char *private; + size_t size; +}; + +static size_t progress_callback(void *clientp, + double dltotal, + double dlnow, + double ultotal, + double ulnow) +{ + struct progress *memory = clientp; + printf("private: %p\n", memory->private); + + /* use the values */ + + return 0; /* all is good */ +} + +int main(void) +{ + struct progress data; + + CURL *curl = curl_easy_init(); + if(curl) { + /* pass struct to callback */ + curl_easy_setopt(curl, CURLOPT_PROGRESSDATA, &data); + curl_easy_setopt(curl, CURLOPT_PROGRESSFUNCTION, progress_callback); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Deprecated since 7.32.0. + +# RETURN VALUE + +Returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_PROTOCOLS.md b/docs/libcurl/opts/CURLOPT_PROTOCOLS.md new file mode 100644 index 000000000..a4d1a5a7c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROTOCOLS.md @@ -0,0 +1,104 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROTOCOLS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DEFAULT_PROTOCOL (3) + - CURLOPT_REDIR_PROTOCOLS (3) + - CURLOPT_URL (3) +--- + +# NAME + +CURLOPT_PROTOCOLS - allowed protocols + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROTOCOLS, long bitmask); +~~~ + +# DESCRIPTION + +This option is deprecated. We strongly recommend using +CURLOPT_PROTOCOLS_STR(3) instead because this option cannot control all +available protocols! + +Pass a long that holds a bitmask of CURLPROTO_* defines. If used, this bitmask +limits what protocols libcurl may use in the transfer. This allows you to have +a libcurl built to support a wide range of protocols but still limit specific +transfers to only be allowed to use a subset of them. By default libcurl +accepts all protocols it supports (*CURLPROTO_ALL*). See also +CURLOPT_REDIR_PROTOCOLS(3). + +These are the available protocol defines: +~~~c +CURLPROTO_DICT +CURLPROTO_FILE +CURLPROTO_FTP +CURLPROTO_FTPS +CURLPROTO_GOPHER +CURLPROTO_HTTP +CURLPROTO_HTTPS +CURLPROTO_IMAP +CURLPROTO_IMAPS +CURLPROTO_LDAP +CURLPROTO_LDAPS +CURLPROTO_POP3 +CURLPROTO_POP3S +CURLPROTO_RTMP +CURLPROTO_RTMPE +CURLPROTO_RTMPS +CURLPROTO_RTMPT +CURLPROTO_RTMPTE +CURLPROTO_RTMPTS +CURLPROTO_RTSP +CURLPROTO_SCP +CURLPROTO_SFTP +CURLPROTO_SMB +CURLPROTO_SMBS +CURLPROTO_SMTP +CURLPROTO_SMTPS +CURLPROTO_TELNET +CURLPROTO_TFTP +~~~ + +# DEFAULT + +All protocols built-in. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(int argc, char **argv) +{ + CURL *curl = curl_easy_init(); + if(curl) { + /* pass in the URL from an external source */ + curl_easy_setopt(curl, CURLOPT_URL, argv[1]); + + /* only allow HTTP, TFTP and SFTP */ + curl_easy_setopt(curl, CURLOPT_PROTOCOLS, + CURLPROTO_HTTP | CURLPROTO_TFTP | CURLPROTO_SFTP); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.19.4. Deprecated since 7.85.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_PROTOCOLS_STR.md b/docs/libcurl/opts/CURLOPT_PROTOCOLS_STR.md new file mode 100644 index 000000000..9da056d23 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROTOCOLS_STR.md @@ -0,0 +1,88 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROTOCOLS_STR +Section: 3 +Source: libcurl +See-also: + - CURLINFO_SCHEME (3) + - CURLOPT_DEFAULT_PROTOCOL (3) + - CURLOPT_REDIR_PROTOCOLS_STR (3) + - CURLOPT_URL (3) + - curl_version_info (3) +--- + +# NAME + +CURLOPT_PROTOCOLS_STR - allowed protocols + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROTOCOLS_STR, char *spec); +~~~ + +# DESCRIPTION + +Pass a pointer to a string that holds a comma-separated list of case +insensitive protocol names (URL schemes) to allow in the transfer. This +option allows applications to use libcurl built to support a wide range of +protocols but still limit specific transfers to only be allowed to use a +subset of them. By default, libcurl accepts all protocols it was built with +support for. See also CURLOPT_REDIR_PROTOCOLS_STR(3). + +If trying to set a non-existing protocol or if no matching protocol at all is +set, it returns error. + +These are the available protocols: + +DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, +MQTT, POP3, POP3S, RTMP, RTMPE, RTMPS, RTMPT, RTMPTE, RTMPTS, RTSP, SCP, SFTP, +SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS, WSS + +You can set "ALL" as a short-cut to enable all protocols. Note that by setting +all, you may enable protocols that were not supported the day you write this +but are introduced in a future libcurl version. + +curl_version_info(3) can be used to get a list of all supported +protocols in the current libcurl. CURLINFO_SCHEME(3) is the recommended +way to figure out the protocol used in a previous transfer. + +# DEFAULT + +All protocols built-in + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(int argc, char **argv) +{ + CURL *curl = curl_easy_init(); + if(curl) { + /* pass in the URL from an external source */ + curl_easy_setopt(curl, CURLOPT_URL, argv[1]); + + /* only allow HTTP, TFTP and SFTP */ + curl_easy_setopt(curl, CURLOPT_PROTOCOLS_STR, "http,tftp,sftp"); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.85.0 + +# RETURN VALUE + +Returns CURLE_UNKNOWN_OPTION if the option is not implemented, +CURLE_UNSUPPORTED_PROTOCOL if a listed protocol is not supported or disabled, +CURLE_BAD_FUNCTION_ARGUMENT if no protocol is listed else CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_PROXY.md b/docs/libcurl/opts/CURLOPT_PROXY.md new file mode 100644 index 000000000..89c22df9b --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY.md @@ -0,0 +1,146 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPPROXYTUNNEL (3) + - CURLOPT_PRE_PROXY (3) + - CURLOPT_PROXYPORT (3) + - CURLOPT_PROXYTYPE (3) +--- + +# NAME + +CURLOPT_PROXY - proxy to use + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY, char *proxy); +~~~ + +# DESCRIPTION + +Set the *proxy* to use for transfers with this easy handle. The parameter +should be a char * to a null-terminated string holding the hostname or dotted +numerical IP address. A numerical IPv6 address must be written within +[brackets]. + +To specify port number in this string, append :[port] to the end of the host +name. The proxy's port number may optionally (but discouraged) be specified +with the separate option CURLOPT_PROXYPORT(3). If not specified, libcurl +defaults to using port 1080 for proxies. + +The proxy string may be prefixed with [scheme]:// to specify which kind of +proxy is used. + +## http:// + +HTTP Proxy. Default when no scheme or proxy type is specified. + +## https:// + +HTTPS Proxy. (Added in 7.52.0 for OpenSSL and GnuTLS Since 7.87.0, it +also works for BearSSL, mbedTLS, rustls, Schannel, Secure Transport and +wolfSSL.) + +This uses HTTP/1 by default. Setting CURLOPT_PROXYTYPE(3) to +**CURLPROXY_HTTPS2** allows libcurl to negotiate using HTTP/2 with proxy. + +## socks4:// + +SOCKS4 Proxy. + +## socks4a:// + +SOCKS4a Proxy. Proxy resolves URL hostname. + +## socks5:// + +SOCKS5 Proxy. + +## socks5h:// + +SOCKS5 Proxy. Proxy resolves URL hostname. + +Without a scheme prefix, CURLOPT_PROXYTYPE(3) can be used to specify +which kind of proxy the string identifies. + +When you tell the library to use an HTTP proxy, libcurl transparently converts +operations to HTTP even if you specify an FTP URL etc. This may have an impact +on what other features of the library you can use, such as +CURLOPT_QUOTE(3) and similar FTP specifics that do not work unless you +tunnel through the HTTP proxy. Such tunneling is activated with +CURLOPT_HTTPPROXYTUNNEL(3). + +Setting the proxy string to "" (an empty string) explicitly disables the use +of a proxy, even if there is an environment variable set for it. + +A proxy host string can also include protocol scheme (http://) and embedded +user + password. + +Unix domain sockets are supported for socks proxies since 7.84.0. Set +localhost for the host part. e.g. socks5h://localhost/path/to/socket.sock + +The application does not have to keep the string around after setting this +option. + +When a proxy is used, the active FTP mode as set with *CUROPT_FTPPORT(3)*, +cannot be used. + +# Environment variables + +libcurl respects the proxy environment variables named **http_proxy**, +**ftp_proxy**, **sftp_proxy** etc. If set, libcurl uses the specified proxy +for that URL scheme. For an "FTP://" URL, the **ftp_proxy** is +considered. **all_proxy** is used if no protocol specific proxy was set. + +If **no_proxy** (or **NO_PROXY**) is set, it is the exact equivalent of +setting the CURLOPT_NOPROXY(3) option. + +The CURLOPT_PROXY(3) and CURLOPT_NOPROXY(3) options override environment +variables. + +# DEFAULT + +Default is NULL, meaning no proxy is used. + +When you set a hostname to use, do not assume that there is any particular +single port number used widely for proxies. Specify it! + +# PROTOCOLS + +All except file://. Note that some protocols do not work well over proxy. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/file.txt"); + curl_easy_setopt(curl, CURLOPT_PROXY, "http://proxy:80"); + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Since 7.14.1 the proxy environment variable names can include the protocol +scheme. + +Since 7.21.7 the proxy string supports the socks protocols as "schemes". + +Since 7.50.2, unsupported schemes in proxy strings cause libcurl to return +error. + +# RETURN VALUE + +Returns CURLE_OK if proxies are supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXYAUTH.md b/docs/libcurl/opts/CURLOPT_PROXYAUTH.md new file mode 100644 index 000000000..8e6dc093b --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXYAUTH.md @@ -0,0 +1,77 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXYAUTH +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPAUTH (3) + - CURLOPT_PROXY (3) + - CURLOPT_PROXYPORT (3) + - CURLOPT_PROXYTYPE (3) + - CURLOPT_PROXYUSERPWD (3) +--- + +# NAME + +CURLOPT_PROXYAUTH - HTTP proxy authentication methods + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXYAUTH, long bitmask); +~~~ + +# DESCRIPTION + +Pass a long as parameter, which is set to a bitmask, to tell libcurl which +HTTP authentication method(s) you want it to use for your proxy +authentication. If more than one bit is set, libcurl first queries the site to +see what authentication methods it supports and then it picks the best one you +allow it to use. For some methods, this induces an extra network round-trip. +Set the actual name and password with the CURLOPT_PROXYUSERPWD(3) +option. + +The bitmask can be constructed by the bits listed and described in the +CURLOPT_HTTPAUTH(3) man page. + +# DEFAULT + +CURLAUTH_BASIC + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* use this proxy */ + curl_easy_setopt(curl, CURLOPT_PROXY, "http://local.example.com:1080"); + /* allow whatever auth the proxy speaks */ + curl_easy_setopt(curl, CURLOPT_PROXYAUTH, CURLAUTH_ANY); + /* set the proxy credentials */ + curl_easy_setopt(curl, CURLOPT_PROXYUSERPWD, "james:007"); + ret = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.10.7 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_NOT_BUILT_IN if the bitmask specified no supported authentication +methods. diff --git a/docs/libcurl/opts/CURLOPT_PROXYHEADER.md b/docs/libcurl/opts/CURLOPT_PROXYHEADER.md new file mode 100644 index 000000000..e44afdd18 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXYHEADER.md @@ -0,0 +1,80 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXYHEADER +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HEADEROPT (3) + - CURLOPT_HTTPHEADER (3) +--- + +# NAME + +CURLOPT_PROXYHEADER - set of HTTP headers to pass to proxy + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXYHEADER, + struct curl_slist *headers); +~~~ + +# DESCRIPTION + +Pass a pointer to a linked list of HTTP headers to pass in your HTTP request +sent to a proxy. The rules for this list is identical to the +CURLOPT_HTTPHEADER(3) option's. + +The headers set with this option is only ever used in requests sent to a proxy +- when there is also a request sent to a host. + +The first line in a request (containing the method, usually a GET or POST) is +NOT a header and cannot be replaced using this option. Only the lines +following the request-line are headers. Adding this method line in this list +of headers causes your request to send an invalid header. + +Pass a NULL to this to reset back to no custom headers. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + + struct curl_slist *list; + + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_PROXY, "http://proxy.example.com:80"); + + list = curl_slist_append(NULL, "Shoesize: 10"); + list = curl_slist_append(list, "Accept:"); + + curl_easy_setopt(curl, CURLOPT_PROXYHEADER, list); + + curl_easy_perform(curl); + + curl_slist_free_all(list); /* free the list again */ + } +} +~~~ + +# AVAILABILITY + +Added in 7.37.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_PROXYPASSWORD.md b/docs/libcurl/opts/CURLOPT_PROXYPASSWORD.md new file mode 100644 index 000000000..22520ea11 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXYPASSWORD.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXYPASSWORD +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPAUTH (3) + - CURLOPT_PASSWORD (3) + - CURLOPT_PROXYAUTH (3) + - CURLOPT_PROXYUSERNAME (3) +--- + +# NAME + +CURLOPT_PROXYPASSWORD - password to use with proxy authentication + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXYPASSWORD, char *pwd); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, which should be pointing to the null-terminated +password to use for authentication with the proxy. + +The CURLOPT_PROXYPASSWORD(3) option should be used in conjunction with +the CURLOPT_PROXYUSERNAME(3) option. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +blank + +# PROTOCOLS + +Most + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + curl_easy_setopt(curl, CURLOPT_PROXY, "http://localhost:8080"); + curl_easy_setopt(curl, CURLOPT_PROXYUSERNAME, "mrsmith"); + curl_easy_setopt(curl, CURLOPT_PROXYPASSWORD, "qwerty"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.19.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXYPORT.md b/docs/libcurl/opts/CURLOPT_PROXYPORT.md new file mode 100644 index 000000000..0cda8bb8f --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXYPORT.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXYPORT +Section: 3 +Source: libcurl +See-also: + - CURLINFO_PRIMARY_PORT (3) + - CURLOPT_PORT (3) + - CURLOPT_PROXY (3) + - CURLOPT_PROXYTYPE (3) +--- + +# NAME + +CURLOPT_PROXYPORT - port number the proxy listens on + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXYPORT, long port); +~~~ + +# DESCRIPTION + +We discourage use of this option. + +Pass a long with this option to set the proxy port to connect to unless it is +specified in the proxy string CURLOPT_PROXY(3) or uses 443 for https +proxies and 1080 for all others as default. + +While this accepts a 'long', the port number is 16 bit so it cannot be larger +than 65535. + +# DEFAULT + +0, not specified which makes it use the default port + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + curl_easy_setopt(curl, CURLOPT_PROXY, "localhost"); + curl_easy_setopt(curl, CURLOPT_PROXYPORT, 8080L); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_PROXYTYPE.md b/docs/libcurl/opts/CURLOPT_PROXYTYPE.md new file mode 100644 index 000000000..4f06fe550 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXYTYPE.md @@ -0,0 +1,99 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXYTYPE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY (3) + - CURLOPT_PROXYPORT (3) +--- + +# NAME + +CURLOPT_PROXYTYPE - proxy protocol type + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXYTYPE, long type); +~~~ + +# DESCRIPTION + +Pass one of the values below to set the type of the proxy. + +## CURLPROXY_HTTP + +HTTP Proxy. Default. + +## CURLPROXY_HTTPS + +HTTPS Proxy using HTTP/1. (Added in 7.52.0 for OpenSSL and GnuTLS. Since +7.87.0, it also works for BearSSL, mbedTLS, rustls, Schannel, Secure Transport +and wolfSSL.) + +## CURLPROXY_HTTPS2 + +HTTPS Proxy and attempt to speak HTTP/2 over it. (Added in 8.1.0) + +## CURLPROXY_HTTP_1_0 + +HTTP 1.0 Proxy. This is similar to CURLPROXY_HTTP except it uses HTTP/1.0 for +any CONNECT tunneling. It does not change the HTTP version of the actual HTTP +requests, controlled by CURLOPT_HTTP_VERSION(3). + +## CURLPROXY_SOCKS4 + +SOCKS4 Proxy. + +## CURLPROXY_SOCKS4A + +SOCKS4a Proxy. Proxy resolves URL hostname. + +## CURLPROXY_SOCKS5 + +SOCKS5 Proxy. + +## CURLPROXY_SOCKS5_HOSTNAME + +SOCKS5 Proxy. Proxy resolves URL hostname. + +Often it is more convenient to specify the proxy type with the scheme part of +the CURLOPT_PROXY(3) string. + +# DEFAULT + +CURLPROXY_HTTP + +# PROTOCOLS + +Most + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY, "local.example.com:1080"); + /* set the proxy type */ + curl_easy_setopt(curl, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS5); + ret = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.md b/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.md new file mode 100644 index 000000000..f0d1dfc4d --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXYUSERNAME.md @@ -0,0 +1,73 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXYUSERNAME +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPAUTH (3) + - CURLOPT_PROXYAUTH (3) + - CURLOPT_PROXYPASSWORD (3) + - CURLOPT_USERNAME (3) +--- + +# NAME + +CURLOPT_PROXYUSERNAME - user name to use for proxy authentication + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXYUSERNAME, + char *username); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, which should be pointing to the +null-terminated user name to use for the transfer. + +CURLOPT_PROXYUSERNAME(3) sets the user name to be used in protocol +authentication with the proxy. + +To specify the proxy password use the CURLOPT_PROXYPASSWORD(3). + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +blank + +# PROTOCOLS + +Most + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + curl_easy_setopt(curl, CURLOPT_PROXY, "http://localhost:8080"); + curl_easy_setopt(curl, CURLOPT_PROXYUSERNAME, "mrsmith"); + curl_easy_setopt(curl, CURLOPT_PROXYPASSWORD, "qwerty"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.19.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXYUSERPWD.md b/docs/libcurl/opts/CURLOPT_PROXYUSERPWD.md new file mode 100644 index 000000000..196d587e2 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXYUSERPWD.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXYUSERPWD +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY (3) + - CURLOPT_PROXYPASSWORD (3) + - CURLOPT_PROXYTYPE (3) + - CURLOPT_PROXYUSERNAME (3) +--- + +# NAME + +CURLOPT_PROXYUSERPWD - user name and password to use for proxy authentication + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXYUSERPWD, char *userpwd); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, which should be [user name]:[password] to +use for the connection to the HTTP proxy. Both the name and the password are +URL decoded before used, so to include for example a colon in the user name +you should encode it as %3A. (This is different to how CURLOPT_USERPWD(3) is +used - beware.) + +Use CURLOPT_PROXYAUTH(3) to specify the authentication method. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +This is NULL by default. + +# PROTOCOLS + +Used with all protocols that can use a proxy + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + curl_easy_setopt(curl, CURLOPT_PROXY, "http://localhost:8080"); + curl_easy_setopt(curl, CURLOPT_PROXYUSERPWD, "clark%20kent:superman"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK if proxies are supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_CAINFO.md b/docs/libcurl/opts/CURLOPT_PROXY_CAINFO.md new file mode 100644 index 000000000..473083f35 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_CAINFO.md @@ -0,0 +1,93 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_CAINFO +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CAINFO (3) + - CURLOPT_CAINFO_BLOB (3) + - CURLOPT_CAPATH (3) + - CURLOPT_PROXY_CAINFO_BLOB (3) + - CURLOPT_PROXY_CAPATH (3) + - CURLOPT_PROXY_SSL_VERIFYHOST (3) + - CURLOPT_PROXY_SSL_VERIFYPEER (3) + - CURLOPT_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_PROXY_CAINFO - path to proxy Certificate Authority (CA) bundle + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_CAINFO, char *path); +~~~ + +# DESCRIPTION + +This option is for connecting to an HTTPS proxy, not an HTTPS server. + +Pass a char pointer to a null-terminated string naming a file holding one or +more certificates to verify the HTTPS proxy with. + +If CURLOPT_PROXY_SSL_VERIFYPEER(3) is zero and you avoid verifying the +server's certificate, CURLOPT_PROXY_CAINFO(3) need not even indicate an +accessible file. + +This option is by default set to the system path where libcurl's CA +certificate bundle is assumed to be stored, as established at build time. + +(iOS and macOS only) If curl is built against Secure Transport, then this +option is supported for backward compatibility with other SSL engines, but it +should not be set. If the option is not set, then curl uses the certificates +in the system and user Keychain to verify the peer, which is the preferred +method of verifying the peer's certificate chain. + +The application does not have to keep the string around after setting this +option. + +The default value for this can be figured out with CURLINFO_CAINFO(3). + +# DEFAULT + +Built-in system specific + +# PROTOCOLS + +Used with HTTPS proxy + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* using an HTTPS proxy */ + curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443"); + curl_easy_setopt(curl, CURLOPT_PROXY_CAINFO, "/etc/certs/cabundle.pem"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0 + +For TLS backends that do not support certificate files, the +CURLOPT_PROXY_CAINFO(3) option is ignored. Refer to +https://curl.se/docs/ssl-compared.html + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_CAINFO_BLOB.md b/docs/libcurl/opts/CURLOPT_PROXY_CAINFO_BLOB.md new file mode 100644 index 000000000..bbf30cba3 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_CAINFO_BLOB.md @@ -0,0 +1,92 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_CAINFO_BLOB +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CAINFO (3) + - CURLOPT_CAINFO_BLOB (3) + - CURLOPT_CAPATH (3) + - CURLOPT_PROXY_CAINFO (3) + - CURLOPT_PROXY_CAPATH (3) + - CURLOPT_PROXY_SSL_VERIFYHOST (3) + - CURLOPT_PROXY_SSL_VERIFYPEER (3) + - CURLOPT_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_PROXY_CAINFO_BLOB - proxy Certificate Authority (CA) bundle in PEM format + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_CAINFO_BLOB, + struct curl_blob *stblob); +~~~ + +# DESCRIPTION + +This option is for connecting to an HTTPS proxy, not an HTTPS server. + +Pass a pointer to a curl_blob structure, which contains information (pointer +and size) about a memory block with binary data of PEM encoded content holding +one or more certificates to verify the HTTPS proxy with. + +If the blob is initialized with the flags member of struct curl_blob set to +CURL_BLOB_COPY, the application does not have to keep the buffer around after +setting this. + +If CURLOPT_PROXY_SSL_VERIFYPEER(3) is zero and you avoid verifying the +server's certificate, CURLOPT_PROXY_CAINFO_BLOB(3) is not needed. + +This option overrides CURLOPT_PROXY_CAINFO(3). + +# DEFAULT + +NULL + +# PROTOCOLS + +Used with HTTPS proxy + +# EXAMPLE + +~~~c +#include /* for strlen */ + +extern char *strpem; /* strpem must point to a PEM string */ +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + struct curl_blob blob; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* using an HTTPS proxy */ + curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443"); + blob.data = strpem; + blob.len = strlen(strpem); + blob.flags = CURL_BLOB_COPY; + curl_easy_setopt(curl, CURLOPT_PROXY_CAINFO_BLOB, &blob); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.77.0. + +This option is supported by the rustls (since 7.82.0), OpenSSL, Secure +Transport and Schannel backends. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.md b/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.md new file mode 100644 index 000000000..2253c9f26 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_CAPATH.md @@ -0,0 +1,81 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_CAPATH +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CAINFO (3) + - CURLOPT_DEBUGFUNCTION (3) + - CURLOPT_PROXY_CAINFO (3) + - CURLOPT_PROXY_SSL_VERIFYHOST (3) + - CURLOPT_STDERR (3) +--- + +# NAME + +CURLOPT_PROXY_CAPATH - directory holding HTTPS proxy CA certificates + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_CAPATH, char *capath); +~~~ + +# DESCRIPTION + +Pass a char pointer to a null-terminated string naming a directory holding +multiple CA certificates to verify the HTTPS proxy with. If libcurl is built +against OpenSSL, the certificate directory must be prepared using the OpenSSL +**c_rehash** utility. This makes sense only when +CURLOPT_PROXY_SSL_VERIFYPEER(3) is enabled (which it is by default). + +The application does not have to keep the string around after setting this +option. + +The default value for this can be figured out with CURLINFO_CAPATH(3). + +# DEFAULT + +NULL + +# PROTOCOLS + +Everything used over an HTTPS proxy + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* using an HTTPS proxy */ + curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443"); + curl_easy_setopt(curl, CURLOPT_PROXY_CAPATH, "/etc/cert-dir"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0 + +This option is supported by the OpenSSL, GnuTLS, and mbedTLS (since 7.56.0) +backends. + +# RETURN VALUE + +CURLE_OK if supported; or an error such as: + +CURLE_NOT_BUILT_IN - Not supported by the SSL backend + +CURLE_UNKNOWN_OPTION + +CURLE_OUT_OF_MEMORY diff --git a/docs/libcurl/opts/CURLOPT_PROXY_CRLFILE.md b/docs/libcurl/opts/CURLOPT_PROXY_CRLFILE.md new file mode 100644 index 000000000..d12c29800 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_CRLFILE.md @@ -0,0 +1,83 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_CRLFILE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_SSL_VERIFYHOST (3) + - CURLOPT_PROXY_SSL_VERIFYPEER (3) + - CURLOPT_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_PROXY_CRLFILE - HTTPS proxy Certificate Revocation List file + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_CRLFILE, char *file); +~~~ + +# DESCRIPTION + +This option is for connecting to an HTTPS proxy, not an HTTPS server. + +Pass a char pointer to a null-terminated string naming a *file* with the +concatenation of CRL (in PEM format) to use in the certificate validation that +occurs during the SSL exchange. + +When curl is built to use GnuTLS, there is no way to influence the use of CRL +passed to help in the verification process. When libcurl is built with OpenSSL +support, X509_V_FLAG_CRL_CHECK and X509_V_FLAG_CRL_CHECK_ALL are both set, +requiring CRL check against all the elements of the certificate chain if a CRL +file is passed. + +This option makes sense only when used in combination with the +CURLOPT_PROXY_SSL_VERIFYPEER(3) option. + +A specific error code (*CURLE_SSL_CRL_BADFILE*) is defined with the option. It +is returned when the SSL exchange fails because the CRL file cannot be loaded. +A failure in certificate verification due to a revocation information found in +the CRL does not trigger this specific error. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +Used with HTTPS proxy. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:80"); + curl_easy_setopt(curl, CURLOPT_PROXY_CRLFILE, "/etc/certs/crl.pem"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT.md b/docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT.md new file mode 100644 index 000000000..3b289d2d4 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT.md @@ -0,0 +1,82 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_ISSUERCERT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_ISSUERCERT (3) + - CURLOPT_PROXY_SSL_VERIFYHOST (3) + - CURLOPT_PROXY_SSL_VERIFYPEER (3) + - CURLOPT_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_PROXY_ISSUERCERT - proxy issuer SSL certificate filename + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_ISSUERCERT, char *file); +~~~ + +# DESCRIPTION + +Pass a char pointer to a null-terminated string naming a *file* holding a CA +certificate in PEM format. If the option is set, an additional check against +the peer certificate is performed to verify the issuer of the HTTPS proxy is +indeed the one associated with the certificate provided by the option. This +additional check is useful in multi-level PKI where one needs to enforce that +the peer certificate is from a specific branch of the tree. + +This option makes sense only when used in combination with the +CURLOPT_PROXY_SSL_VERIFYPEER(3) option. Otherwise, the result of the +check is not considered as failure. + +A specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the option, +which is returned if the setup of the SSL/TLS session has failed due to a +mismatch with the issuer of peer certificate +(CURLOPT_PROXY_SSL_VERIFYPEER(3) has to be set too for the check to +fail). + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS-based protocols + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* using an HTTPS proxy */ + curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443"); + curl_easy_setopt(curl, CURLOPT_PROXY_ISSUERCERT, "/etc/certs/cacert.pem"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.71.0. This option is supported by the OpenSSL backends. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT_BLOB.md b/docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT_BLOB.md new file mode 100644 index 000000000..ddd8cf5b4 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_ISSUERCERT_BLOB.md @@ -0,0 +1,95 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_ISSUERCERT_BLOB +Section: 3 +Source: libcurl +See-also: + - CURLOPT_ISSUERCERT_BLOB (3) + - CURLOPT_PROXY_SSL_VERIFYHOST (3) + - CURLOPT_PROXY_SSL_VERIFYPEER (3) + - CURLOPT_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_PROXY_ISSUERCERT_BLOB - proxy issuer SSL certificate from memory blob + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_ISSUERCERT_BLOB, + struct curl_blob *blob); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_blob struct, which contains information (pointer and +size) about a memory block with binary data of a CA certificate in PEM +format. If the option is set, an additional check against the peer certificate +is performed to verify the issuer of the HTTPS proxy is indeed the one +associated with the certificate provided by the option. This additional check +is useful in multi-level PKI where one needs to enforce that the peer +certificate is from a specific branch of the tree. + +This option should be used in combination with the +CURLOPT_PROXY_SSL_VERIFYPEER(3) option. Otherwise, the result of the +check is not considered as failure. + +A specific error code (CURLE_SSL_ISSUER_ERROR) is defined with the option, +which is returned if the setup of the SSL/TLS session has failed due to a +mismatch with the issuer of peer certificate +(CURLOPT_PROXY_SSL_VERIFYPEER(3) has to be set too for the check to fail). + +If the blob is initialized with the flags member of struct curl_blob set to +CURL_BLOB_COPY, the application does not have to keep the buffer around after +setting this. + +This option is an alternative to CURLOPT_PROXY_ISSUERCERT(3) which +instead expects a filename as input. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS-based protocols + +# EXAMPLE + +~~~c + +extern char *certificateData; /* point to the data */ +size_t filesize; /* size of the data */ + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + struct curl_blob blob; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* using an HTTPS proxy */ + curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost:443"); + blob.data = certificateData; + blob.len = filesize; + blob.flags = CURL_BLOB_COPY; + curl_easy_setopt(curl, CURLOPT_PROXY_ISSUERCERT_BLOB, &blob); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.71.0. This option is supported by the OpenSSL backends. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_KEYPASSWD.md b/docs/libcurl/opts/CURLOPT_PROXY_KEYPASSWD.md new file mode 100644 index 000000000..b29d95f07 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_KEYPASSWD.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_KEYPASSWD +Section: 3 +Source: libcurl +See-also: + - CURLOPT_KEYPASSWD (3) + - CURLOPT_PROXY_SSLKEY (3) + - CURLOPT_SSH_PRIVATE_KEYFILE (3) + - CURLOPT_SSLKEY (3) +--- + +# NAME + +CURLOPT_PROXY_KEYPASSWD - passphrase for the proxy private key + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_KEYPASSWD, char *pwd); +~~~ + +# DESCRIPTION + +This option is for connecting to an HTTPS proxy, not an HTTPS server. + +Pass a pointer to a null-terminated string as parameter. It is used as the +password required to use the CURLOPT_PROXY_SSLKEY(3) private key. You +never need a pass phrase to load a certificate but you need one to load your +private key. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +Used with HTTPS proxy + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy:443"); + curl_easy_setopt(curl, CURLOPT_PROXY_KEYPASSWD, "superman"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0 + +# RETURN VALUE + +Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_PINNEDPUBLICKEY.md b/docs/libcurl/opts/CURLOPT_PROXY_PINNEDPUBLICKEY.md new file mode 100644 index 000000000..4db13652d --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_PINNEDPUBLICKEY.md @@ -0,0 +1,124 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_PINNEDPUBLICKEY +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PINNEDPUBLICKEY (3) + - CURLOPT_PROXY_CAINFO (3) + - CURLOPT_PROXY_CAPATH (3) + - CURLOPT_PROXY_SSL_VERIFYHOST (3) + - CURLOPT_PROXY_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_PROXY_PINNEDPUBLICKEY - pinned public key for https proxy + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_PINNEDPUBLICKEY, + char *pinnedpubkey); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. The string can be the +filename of your pinned public key. The file format expected is "PEM" or +"DER". The string can also be any number of base64 encoded sha256 hashes +preceded by "sha256//" and separated by ";" + +When negotiating a TLS or SSL connection, the https proxy sends a certificate +indicating its identity. A public key is extracted from this certificate and +if it does not exactly match the public key provided to this option, libcurl +aborts the connection before sending or receiving any data. + +On mismatch, *CURLE_SSL_PINNEDPUBKEYNOTMATCH* is returned. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy:443"); + curl_easy_setopt(curl, CURLOPT_PROXY_PINNEDPUBLICKEY, + "sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjA" + "a3HWY3tvRMwE=;sha256//t62CeU2tQiqkexU74" + "Gxa2eg7fRbEgoChTociMee9wno="); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# PUBLIC KEY EXTRACTION + +If you do not have the https proxy server's public key file you can extract it +from the https proxy server's certificate. +~~~c +# retrieve the server's certificate if you do not already have it +# +# be sure to examine the certificate to see if it is what you expected +# +# Windows-specific: +# - Use NUL instead of /dev/null. +# - OpenSSL may wait for input instead of disconnecting. Hit enter. +# - If you do not have sed, then just copy the certificate into a file: +# Lines from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----. +# +openssl s_client -servername www.example.com -connect www.example.com:443 \ + < /dev/null | sed -n "/-----BEGIN/,/-----END/p" > www.example.com.pem + +# extract public key in pem format from certificate +openssl x509 -in www.example.com.pem -pubkey -noout > www.example.com.pubkey.pem + +# convert public key from pem to der +openssl asn1parse -noout -inform pem -in www.example.com.pubkey.pem \ + -out www.example.com.pubkey.der + +# sha256 hash and base64 encode der to string for use +openssl dgst -sha256 -binary www.example.com.pubkey.der | openssl base64 +~~~ +The public key in PEM format contains a header, base64 data and a +footer: +~~~c +-----BEGIN PUBLIC KEY----- +[BASE 64 DATA] +-----END PUBLIC KEY----- +~~~ + +# AVAILABILITY + +PEM/DER support: + + 7.52.0: GnuTLS, OpenSSL, mbedTLS, wolfSSL + +sha256 support: + + 7.52.0: GnuTLS, OpenSSL, mbedTLS, wolfSSL + +Other SSL backends not supported. + +# RETURN VALUE + +Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.md b/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.md new file mode 100644 index 000000000..73e5cb72a --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.md @@ -0,0 +1,65 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_SERVICE_NAME +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY (3) + - CURLOPT_PROXYTYPE (3) + - CURLOPT_SERVICE_NAME (3) +--- + +# NAME + +CURLOPT_PROXY_SERVICE_NAME - proxy authentication service name + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SERVICE_NAME, + char *name); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter to a string holding the *name* of the +service. The default service name is **"HTTP"** for HTTP based proxies and +**"rcmd"** for SOCKS5. This option allows you to change it. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +See above + +# PROTOCOLS + +All network protocols + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY_SERVICE_NAME, "custom"); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.43.0 for HTTP proxies, 7.49.0 for SOCKS5 proxies. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT.md b/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT.md new file mode 100644 index 000000000..debc7ea8e --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT.md @@ -0,0 +1,79 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_SSLCERT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_SSLCERTTYPE (3) + - CURLOPT_PROXY_SSLKEY (3) + - CURLOPT_SSLCERT (3) +--- + +# NAME + +CURLOPT_PROXY_SSLCERT - HTTPS proxy client certificate + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSLCERT, char *cert); +~~~ + +# DESCRIPTION + +This option is for connecting to an HTTPS proxy, not an HTTPS server. + +Pass a pointer to a null-terminated string as parameter. The string should be +the filename of your client certificate used to connect to the HTTPS proxy. +The default format is "P12" on Secure Transport and "PEM" on other engines, +and can be changed with CURLOPT_PROXY_SSLCERTTYPE(3). + +With Secure Transport, this can also be the nickname of the certificate you +wish to authenticate with as it is named in the security database. If you want +to use a file from the current directory, please precede it with "./" prefix, +in order to avoid confusion with a nickname. + +When using a client certificate, you most likely also need to provide a +private key with CURLOPT_PROXY_SSLKEY(3). + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +Used with HTTPS proxy + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy"); + curl_easy_setopt(curl, CURLOPT_PROXY_SSLCERT, "client.pem"); + curl_easy_setopt(curl, CURLOPT_PROXY_SSLKEY, "key.pem"); + curl_easy_setopt(curl, CURLOPT_PROXY_KEYPASSWD, "s3cret"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0 + +# RETURN VALUE + +Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLCERTTYPE.md b/docs/libcurl/opts/CURLOPT_PROXY_SSLCERTTYPE.md new file mode 100644 index 000000000..ce6c50887 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLCERTTYPE.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_SSLCERTTYPE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_SSLCERT (3) + - CURLOPT_PROXY_SSLKEY (3) + - CURLOPT_SSLCERTTYPE (3) +--- + +# NAME + +CURLOPT_PROXY_SSLCERTTYPE - type of the proxy client SSL certificate + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSLCERTTYPE, char *type); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. The string should be +the format of your client certificate used when connecting to an HTTPS proxy. + +Supported formats are "PEM" and "DER", except with Secure Transport or +Schannel. OpenSSL (versions 0.9.3 and later), Secure Transport (on iOS 5 or +later, or OS X 10.7 or later) and Schannel support "P12" for PKCS#12-encoded +files. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +"PEM" + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy"); + curl_easy_setopt(curl, CURLOPT_PROXY_SSLCERT, "client.pem"); + curl_easy_setopt(curl, CURLOPT_PROXY_SSLCERTTYPE, "PEM"); + curl_easy_setopt(curl, CURLOPT_PROXY_SSLKEY, "key.pem"); + curl_easy_setopt(curl, CURLOPT_PROXY_KEYPASSWD, "s3cret"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0 + +If built TLS enabled. + +# RETURN VALUE + +Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT_BLOB.md b/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT_BLOB.md new file mode 100644 index 000000000..e880d38e0 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLCERT_BLOB.md @@ -0,0 +1,85 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_SSLCERT_BLOB +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_SSLCERT (3) + - CURLOPT_PROXY_SSLCERTTYPE (3) + - CURLOPT_PROXY_SSLKEY (3) + - CURLOPT_SSLCERT_BLOB (3) +--- + +# NAME + +CURLOPT_PROXY_SSLCERT_BLOB - SSL proxy client certificate from memory blob + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSLCERT_BLOB, + struct curl_blob *blob); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_blob structure, which contains information (pointer +and size) about a memory block with binary data of the certificate used to +connect to the HTTPS proxy. The format must be "P12" on Secure Transport or +Schannel. The format must be "P12" or "PEM" on OpenSSL. The string "P12" or +"PEM" must be specified with CURLOPT_PROXY_SSLCERTTYPE(3). + +If the blob is initialized with the flags member of struct curl_blob set to +CURL_BLOB_COPY, the application does not have to keep the buffer around after +setting this. + +This option is an alternative to CURLOPT_PROXY_SSLCERT(3) which instead +expects a filename as input. + +# DEFAULT + +NULL + +# PROTOCOLS + +Used with HTTPS proxy + +# EXAMPLE + +~~~c + +extern char *certificateData; /* point to data */ +extern size_t filesize; /* size of the data */ + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + struct curl_blob blob; + blob.data = certificateData; + blob.len = filesize; + blob.flags = CURL_BLOB_COPY; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy"); + curl_easy_setopt(curl, CURLOPT_PROXY_SSLKEY, "key.pem"); + curl_easy_setopt(curl, CURLOPT_PROXY_KEYPASSWD, "s3cret"); + curl_easy_setopt(curl, CURLOPT_PROXY_SSLCERT_BLOB, &blob); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.71.0. This option is supported by the OpenSSL, Secure Transport and +Schannel backends. + +# RETURN VALUE + +Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY.md b/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY.md new file mode 100644 index 000000000..c8400db44 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY.md @@ -0,0 +1,77 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_SSLKEY +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_SSLCERT (3) + - CURLOPT_PROXY_SSLKEYTYPE (3) + - CURLOPT_SSLCERT (3) + - CURLOPT_SSLKEY (3) + - CURLOPT_SSLKEYTYPE (3) +--- + +# NAME + +CURLOPT_PROXY_SSLKEY - private key file for HTTPS proxy client cert + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSLKEY, char *keyfile); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. The string should be +the filename of your private key used for connecting to the HTTPS proxy. The +default format is "PEM" and can be changed with +CURLOPT_PROXY_SSLKEYTYPE(3). + +(Windows, iOS and Mac OS X) This option is ignored by Secure Transport and +Schannel SSL backends because they expect the private key to be already +present in the key chain or PKCS#12 file containing the certificate. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy"); + curl_easy_setopt(curl, CURLOPT_PROXY_SSLCERT, "client.pem"); + curl_easy_setopt(curl, CURLOPT_PROXY_SSLKEY, "key.pem"); + curl_easy_setopt(curl, CURLOPT_PROXY_KEYPASSWD, "s3cret"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0 + +If built TLS enabled. + +# RETURN VALUE + +Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLKEYTYPE.md b/docs/libcurl/opts/CURLOPT_PROXY_SSLKEYTYPE.md new file mode 100644 index 000000000..97960f437 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLKEYTYPE.md @@ -0,0 +1,66 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_SSLKEYTYPE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_SSLCERT (3) + - CURLOPT_PROXY_SSLKEY (3) + - CURLOPT_SSLKEYTYPE (3) +--- + +# NAME + +CURLOPT_PROXY_SSLKEYTYPE - type of the proxy private key file + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSLKEYTYPE, char *type); +~~~ + +# DESCRIPTION + +This option is for connecting to an HTTPS proxy, not an HTTPS server. + +Pass a pointer to a null-terminated string as parameter. The string should be +the format of your private key. Supported formats are "PEM", "DER" and "ENG". + +The application does not have to keep the string around after setting this +option. + +# PROTOCOLS + +Used with HTTPS proxy + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy"); + curl_easy_setopt(curl, CURLOPT_PROXY_SSLCERT, "client.pem"); + curl_easy_setopt(curl, CURLOPT_PROXY_SSLKEY, "key.pem"); + curl_easy_setopt(curl, CURLOPT_PROXY_SSLKEYTYPE, "PEM"); + curl_easy_setopt(curl, CURLOPT_PROXY_KEYPASSWD, "s3cret"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0 + +# RETURN VALUE + +Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY_BLOB.md b/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY_BLOB.md new file mode 100644 index 000000000..48bb2e88a --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLKEY_BLOB.md @@ -0,0 +1,86 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_SSLKEY_BLOB +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSLKEY (3) + - CURLOPT_SSLKEYTYPE (3) + - CURLOPT_SSLKEY_BLOB (3) +--- + +# NAME + +CURLOPT_PROXY_SSLKEY_BLOB - private key for proxy cert from memory blob + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSLKEY_BLOB, + struct curl_blob *blob); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_blob structure that contains information (pointer and +size) about the private key for connecting to the HTTPS proxy. Compatible with +OpenSSL. The format (like "PEM") must be specified with +CURLOPT_PROXY_SSLKEYTYPE(3). + +If the blob is initialized with the flags member of struct curl_blob set to +CURL_BLOB_COPY, the application does not have to keep the buffer around after +setting this. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c + +extern char *certificateData; /* point to data */ +extern size_t filesize; /* size of data */ + +extern char *privateKeyData; /* point to data */ +extern size_t privateKeySize; /* size */ + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + struct curl_blob blob; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy"); + blob.data = certificateData; + blob.len = filesize; + blob.flags = CURL_BLOB_COPY; + curl_easy_setopt(curl, CURLOPT_PROXY_SSLCERT_BLOB, &blob); + curl_easy_setopt(curl, CURLOPT_PROXY_SSLCERTTYPE, "PEM"); + + blob.data = privateKeyData; + blob.len = privateKeySize; + curl_easy_setopt(curl, CURLOPT_PROXY_SSLKEY_BLOB, &blob); + curl_easy_setopt(curl, CURLOPT_PROXY_KEYPASSWD, "s3cret"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.71.0. This option is supported by the OpenSSL backends. + +# RETURN VALUE + +Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.md b/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.md new file mode 100644 index 000000000..6f159e87d --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.md @@ -0,0 +1,125 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_SSLVERSION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTP_VERSION (3) + - CURLOPT_IPRESOLVE (3) + - CURLOPT_SSLVERSION (3) + - CURLOPT_USE_SSL (3) +--- + +# NAME + +CURLOPT_PROXY_SSLVERSION - preferred HTTPS proxy TLS version + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSLVERSION, + long version); +~~~ + +# DESCRIPTION + +Pass a long as parameter to control which version of SSL/TLS to attempt to use +when connecting to an HTTPS proxy. + +Use one of the available defines for this purpose. The available options are: + +## CURL_SSLVERSION_DEFAULT + +The default action. This attempts to figure out the remote SSL protocol +version. + +## CURL_SSLVERSION_TLSv1 + +TLSv1.x + +## CURL_SSLVERSION_TLSv1_0 + +TLSv1.0 + +## CURL_SSLVERSION_TLSv1_1 + +TLSv1.1 + +## CURL_SSLVERSION_TLSv1_2 + +TLSv1.2 + +## CURL_SSLVERSION_TLSv1_3 + +TLSv1.3 +The maximum TLS version can be set by using *one* of the +CURL_SSLVERSION_MAX_ macros below. It is also possible to OR *one* of the +CURL_SSLVERSION_ macros with *one* of the CURL_SSLVERSION_MAX_ macros. +The MAX macros are not supported for WolfSSL. + +## CURL_SSLVERSION_MAX_DEFAULT + +The flag defines the maximum supported TLS version as TLSv1.2, or the default +value from the SSL library. +(Added in 7.54.0) + +## CURL_SSLVERSION_MAX_TLSv1_0 + +The flag defines maximum supported TLS version as TLSv1.0. +(Added in 7.54.0) + +## CURL_SSLVERSION_MAX_TLSv1_1 + +The flag defines maximum supported TLS version as TLSv1.1. +(Added in 7.54.0) + +## CURL_SSLVERSION_MAX_TLSv1_2 + +The flag defines maximum supported TLS version as TLSv1.2. +(Added in 7.54.0) + +## CURL_SSLVERSION_MAX_TLSv1_3 + +The flag defines maximum supported TLS version as TLSv1.3. +(Added in 7.54.0) + +In versions of curl prior to 7.54 the CURL_SSLVERSION_TLS options were +documented to allow *only* the specified TLS version, but behavior was +inconsistent depending on the TLS library. + +# DEFAULT + +CURL_SSLVERSION_DEFAULT + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* ask libcurl to use TLS version 1.0 or later */ + curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSL_CIPHER_LIST.md b/docs/libcurl/opts/CURLOPT_PROXY_SSL_CIPHER_LIST.md new file mode 100644 index 000000000..d7626c376 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_SSL_CIPHER_LIST.md @@ -0,0 +1,91 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_SSL_CIPHER_LIST +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_SSLVERSION (3) + - CURLOPT_PROXY_TLS13_CIPHERS (3) + - CURLOPT_SSLVERSION (3) + - CURLOPT_SSL_CIPHER_LIST (3) + - CURLOPT_TLS13_CIPHERS (3) +--- + +# NAME + +CURLOPT_PROXY_SSL_CIPHER_LIST - ciphers to use for HTTPS proxy + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_CIPHER_LIST, + char *list); +~~~ + +# DESCRIPTION + +Pass a char pointer, pointing to a null-terminated string holding the list of +ciphers to use for the connection to the HTTPS proxy. The list must be +syntactically correct, it consists of one or more cipher strings separated by +colons. Commas or spaces are also acceptable separators but colons are +normally used, &!, &- and &+ can be used as operators. + +For OpenSSL and GnuTLS valid examples of cipher lists include **RC4-SHA**, +**SHA1+DES**, **TLSv1** and **DEFAULT**. The default list is normally +set when you compile OpenSSL. + +For WolfSSL, valid examples of cipher lists include **ECDHE-RSA-RC4-SHA**, +**AES256-SHA:AES256-SHA256**, etc. + +For BearSSL, valid examples of cipher lists include +**ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256**, or when using IANA names +**TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256**, +etc. +With BearSSL you do not add/remove ciphers. If one uses this option then all +known ciphers are disabled and only those passed in are enabled. + +Find more details about cipher lists on this URL: + + https://curl.se/docs/ssl-ciphers.html + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL, use internal default + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY, "https://localhost"); + curl_easy_setopt(curl, CURLOPT_PROXY_SSL_CIPHER_LIST, "TLSv1"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0, in 7.83.0 for BearSSL + +If built TLS enabled. + +# RETURN VALUE + +Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.md b/docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.md new file mode 100644 index 000000000..30d6935a1 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.md @@ -0,0 +1,119 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_SSL_OPTIONS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_SSLVERSION (3) + - CURLOPT_PROXY_SSL_CIPHER_LIST (3) + - CURLOPT_SSLVERSION (3) + - CURLOPT_SSL_CIPHER_LIST (3) +--- + +# NAME + +CURLOPT_PROXY_SSL_OPTIONS - HTTPS proxy SSL behavior options + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_OPTIONS, + long bitmask); +~~~ + +# DESCRIPTION + +Pass a long with a bitmask to tell libcurl about specific SSL +behaviors. Available bits: + +## CURLSSLOPT_ALLOW_BEAST + +Tells libcurl to not attempt to use any workarounds for a security flaw in the +SSL3 and TLS1.0 protocols. If this option is not used or this bit is set to 0, +the SSL layer libcurl uses may use a work-around for this flaw although it +might cause interoperability problems with some (older) SSL implementations. +WARNING: avoiding this work-around lessens the security, and by setting this +option to 1 you ask for exactly that. This option is only supported for Secure +Transport and OpenSSL. + +## CURLSSLOPT_NO_REVOKE + +Tells libcurl to disable certificate revocation checks for those SSL backends +where such behavior is present. This option is only supported for Schannel +(the native Windows SSL library), with an exception in the case of Windows' +Untrusted Publishers block list which it seems cannot be bypassed. (Added in +7.44.0) + +## CURLSSLOPT_NO_PARTIALCHAIN + +Tells libcurl to not accept "partial" certificate chains, which it otherwise +does by default. This option is only supported for OpenSSL and fails the +certificate verification if the chain ends with an intermediate certificate +and not with a root cert. (Added in 7.68.0) + +## CURLSSLOPT_REVOKE_BEST_EFFORT + +Tells libcurl to ignore certificate revocation checks in case of missing or +offline distribution points for those SSL backends where such behavior is +present. This option is only supported for Schannel (the native Windows SSL +library). If combined with *CURLSSLOPT_NO_REVOKE*, the latter takes +precedence. (Added in 7.70.0) + +## CURLSSLOPT_NATIVE_CA + +Tell libcurl to use the operating system's native CA store for certificate +verification. If you set this option and also set a CA certificate file or +directory then during verification those certificates are searched in addition +to the native CA store. + +Works with wolfSSL on Windows, Linux (Debian, Ubuntu, Gentoo, Fedora, RHEL), +macOS, Android and iOS (added in 8.3.0), with GnuTLS (added in 8.5.0) or on +Windows when built to use OpenSSL (Added in 7.71.0). + +## CURLSSLOPT_AUTO_CLIENT_CERT + +Tell libcurl to automatically locate and use a client certificate for +authentication, when requested by the server. This option is only supported +for Schannel (the native Windows SSL library). Prior to 7.77.0 this was the +default behavior in libcurl with Schannel. Since the server can request any +certificate that supports client authentication in the OS certificate store it +could be a privacy violation and unexpected. +(Added in 7.77.0) + +# DEFAULT + +0 + +# PROTOCOLS + +All TLS-based protocols + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy"); + /* weaken TLS only for use with silly proxies */ + curl_easy_setopt(curl, CURLOPT_PROXY_SSL_OPTIONS, CURLSSLOPT_ALLOW_BEAST | + CURLSSLOPT_NO_REVOKE); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYHOST.md b/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYHOST.md new file mode 100644 index 000000000..fdb8249ff --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYHOST.md @@ -0,0 +1,94 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_SSL_VERIFYHOST +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CAINFO (3) + - CURLOPT_PROXY_CAINFO (3) + - CURLOPT_PROXY_SSL_VERIFYPEER (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_PROXY_SSL_VERIFYHOST - verify the proxy certificate's name against host + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_VERIFYHOST, + long verify); +~~~ + +# DESCRIPTION + +Pass a long set to 2L as asking curl to *verify* in the HTTPS proxy's +certificate name fields against the proxy name. + +This option determines whether libcurl verifies that the proxy cert contains +the correct name for the name it is known as. + +When CURLOPT_PROXY_SSL_VERIFYHOST(3) is 2, the proxy certificate must +indicate that the server is the proxy to which you meant to connect to, or the +connection fails. + +Curl considers the proxy the intended one when the Common Name field or a +Subject Alternate Name field in the certificate matches the hostname in the +proxy string which you told curl to use. + +If *verify* value is set to 1: + +In 7.28.0 and earlier: treated as a debug option of some sorts, not supported +anymore due to frequently leading to programmer mistakes. + +From 7.28.1 to 7.65.3: setting it to 1 made curl_easy_setopt(3) return +an error and leaving the flag untouched. + +From 7.66.0: treats 1 and 2 the same. + +When the *verify* value is 0L, the connection succeeds regardless of the +names used in the certificate. Use that ability with caution! + +See also CURLOPT_PROXY_SSL_VERIFYPEER(3) to verify the digital signature +of the proxy certificate. + +# DEFAULT + +2 + +# PROTOCOLS + +All protocols when used over an HTTPS proxy. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Set the default value: strict name check please */ + curl_easy_setopt(curl, CURLOPT_PROXY_SSL_VERIFYHOST, 2L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0. + +If built TLS enabled. + +# RETURN VALUE + +Returns CURLE_OK if TLS is supported, and CURLE_UNKNOWN_OPTION if not. + +If 1 is set as argument, *CURLE_BAD_FUNCTION_ARGUMENT* is returned. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYPEER.md b/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYPEER.md new file mode 100644 index 000000000..f934ddeb7 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_SSL_VERIFYPEER.md @@ -0,0 +1,94 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_SSL_VERIFYPEER +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_PROXY_SSL_VERIFYPEER - verify the proxy's SSL certificate + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SSL_VERIFYPEER, + long verify); +~~~ + +# DESCRIPTION + +Pass a long as parameter set to 1L to enable or 0L to disable. + +This option tells curl to verify the authenticity of the HTTPS proxy's +certificate. A value of 1 means curl verifies; 0 (zero) means it does not. + +This is the proxy version of CURLOPT_SSL_VERIFYPEER(3) that is used for +ordinary HTTPS servers. + +When negotiating a TLS or SSL connection, the server sends a certificate +indicating its identity. Curl verifies whether the certificate is authentic, +i.e. that you can trust that the server is who the certificate says it is. +This trust is based on a chain of digital signatures, rooted in certification +authority (CA) certificates you supply. curl uses a default bundle of CA +certificates (the path for that is determined at build time) and you can +specify alternate certificates with the CURLOPT_PROXY_CAINFO(3) option or +the CURLOPT_PROXY_CAPATH(3) option. + +When CURLOPT_PROXY_SSL_VERIFYPEER(3) is enabled, and the verification +fails to prove that the certificate is authentic, the connection fails. When +the option is zero, the peer certificate verification succeeds regardless. + +Authenticating the certificate is not enough to be sure about the server. You +typically also want to ensure that the server is the server you mean to be +talking to. Use CURLOPT_PROXY_SSL_VERIFYHOST(3) for that. The check that the +hostname in the certificate is valid for the hostname you are connecting to is +done independently of the CURLOPT_PROXY_SSL_VERIFYPEER(3) option. + +WARNING: disabling verification of the certificate allows bad guys to +man-in-the-middle the communication without you knowing it. Disabling +verification makes the communication insecure. Just having encryption on a +transfer is not enough as you cannot be sure that you are communicating with +the correct end-point. + +# DEFAULT + +1 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Set the default value: strict certificate check please */ + curl_easy_setopt(curl, CURLOPT_PROXY_SSL_VERIFYPEER, 1L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0 + +If built TLS enabled. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_TLS13_CIPHERS.md b/docs/libcurl/opts/CURLOPT_PROXY_TLS13_CIPHERS.md new file mode 100644 index 000000000..f3c5448f0 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_TLS13_CIPHERS.md @@ -0,0 +1,78 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_TLS13_CIPHERS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_SSLVERSION (3) + - CURLOPT_PROXY_SSL_CIPHER_LIST (3) + - CURLOPT_SSLVERSION (3) + - CURLOPT_SSL_CIPHER_LIST (3) + - CURLOPT_TLS13_CIPHERS (3) +--- + +# NAME + +CURLOPT_PROXY_TLS13_CIPHERS - ciphers suites for proxy TLS 1.3 + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_TLS13_CIPHERS, + char *list); +~~~ + +# DESCRIPTION + +Pass a char pointer, pointing to a null-terminated string holding the list of +cipher suites to use for the TLS 1.3 connection to a proxy. The list must be +syntactically correct, it consists of one or more cipher suite strings +separated by colons. + +Find more details about cipher lists on this URL: + + https://curl.se/docs/ssl-ciphers.html + +This option is currently used only when curl is built to use OpenSSL 1.1.1 or +later. If you are using a different SSL backend you can try setting TLS 1.3 +cipher suites by using the CURLOPT_PROXY_SSL_CIPHER_LIST(3) option. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL, use internal default + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY_TLS13_CIPHERS, + "TLS_CHACHA20_POLY1305_SHA256"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.61.0. +Available when built with OpenSSL >= 1.1.1. + +# RETURN VALUE + +Returns CURLE_OK if supported, CURLE_NOT_BUILT_IN otherwise. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_PASSWORD.md b/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_PASSWORD.md new file mode 100644 index 000000000..778d1b79c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_PASSWORD.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_TLSAUTH_PASSWORD +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_TLSAUTH_TYPE (3) + - CURLOPT_PROXY_TLSAUTH_USERNAME (3) + - CURLOPT_TLSAUTH_TYPE (3) + - CURLOPT_TLSAUTH_USERNAME (3) +--- + +# NAME + +CURLOPT_PROXY_TLSAUTH_PASSWORD - password to use for proxy TLS authentication + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_TLSAUTH_PASSWORD, + char *pwd); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, which should point to the null-terminated +password to use for the TLS authentication method specified with the +CURLOPT_PROXY_TLSAUTH_TYPE(3) option. Requires that the +CURLOPT_PROXY_TLSAUTH_USERNAME(3) option also be set. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy"); + curl_easy_setopt(curl, CURLOPT_PROXY_TLSAUTH_TYPE, "SRP"); + curl_easy_setopt(curl, CURLOPT_PROXY_TLSAUTH_USERNAME, "user"); + curl_easy_setopt(curl, CURLOPT_PROXY_TLSAUTH_PASSWORD, "secret"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0, with the OpenSSL and GnuTLS backends only + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_TYPE.md b/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_TYPE.md new file mode 100644 index 000000000..d4389188b --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_TYPE.md @@ -0,0 +1,80 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_TLSAUTH_TYPE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_TLSAUTH_PASSWORD (3) + - CURLOPT_PROXY_TLSAUTH_USERNAME (3) + - CURLOPT_TLSAUTH_PASSWORD (3) + - CURLOPT_TLSAUTH_USERNAME (3) +--- + +# NAME + +CURLOPT_PROXY_TLSAUTH_TYPE - HTTPS proxy TLS authentication methods + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_TLSAUTH_TYPE, + char *type); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. The string should be +the method of the TLS authentication used for the HTTPS connection. Supported +method is "SRP". + +## SRP + +TLS-SRP authentication. Secure Remote Password authentication for TLS is +defined in RFC 5054 and provides mutual authentication if both sides have a +shared secret. To use TLS-SRP, you must also set the +CURLOPT_PROXY_TLSAUTH_USERNAME(3) and +CURLOPT_PROXY_TLSAUTH_PASSWORD(3) options. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +blank + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy"); + curl_easy_setopt(curl, CURLOPT_PROXY_TLSAUTH_TYPE, "SRP"); + curl_easy_setopt(curl, CURLOPT_PROXY_TLSAUTH_USERNAME, "user"); + curl_easy_setopt(curl, CURLOPT_PROXY_TLSAUTH_PASSWORD, "secret"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0 + +You need to build libcurl with GnuTLS or OpenSSL with TLS-SRP support for this +to work. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_USERNAME.md b/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_USERNAME.md new file mode 100644 index 000000000..612ff4f92 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_TLSAUTH_USERNAME.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_TLSAUTH_USERNAME +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_TLSAUTH_PASSWORD (3) + - CURLOPT_PROXY_TLSAUTH_TYPE (3) + - CURLOPT_TLSAUTH_PASSWORD (3) + - CURLOPT_TLSAUTH_TYPE (3) +--- + +# NAME + +CURLOPT_PROXY_TLSAUTH_USERNAME - user name to use for proxy TLS authentication + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_TLSAUTH_USERNAME, + char *user); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, which should point to the null-terminated +username to use for the HTTPS proxy TLS authentication method specified with +the CURLOPT_PROXY_TLSAUTH_TYPE(3) option. Requires that the +CURLOPT_PROXY_TLSAUTH_PASSWORD(3) option also be set. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY, "https://proxy"); + curl_easy_setopt(curl, CURLOPT_PROXY_TLSAUTH_TYPE, "SRP"); + curl_easy_setopt(curl, CURLOPT_PROXY_TLSAUTH_USERNAME, "user"); + curl_easy_setopt(curl, CURLOPT_PROXY_TLSAUTH_PASSWORD, "secret"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.52.0, with the OpenSSL and GnuTLS backends only. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.md b/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.md new file mode 100644 index 000000000..c0fed8b21 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.md @@ -0,0 +1,69 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PROXY_TRANSFER_MODE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CRLF (3) + - CURLOPT_HTTPPROXYTUNNEL (3) + - CURLOPT_PROXY (3) + - CURLOPT_TRANSFERTEXT (3) +--- + +# NAME + +CURLOPT_PROXY_TRANSFER_MODE - append FTP transfer mode to URL for proxy + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_TRANSFER_MODE, + long enabled); +~~~ + +# DESCRIPTION + +Pass a long. If the value is set to 1 (one), it tells libcurl to set the +transfer mode (binary or ASCII) for FTP transfers done via an HTTP proxy, by +appending ;type=a or ;type=i to the URL. Without this setting, or it being set +to 0 (zero, the default), CURLOPT_TRANSFERTEXT(3) has no effect when +doing FTP via a proxy. Beware that not all proxies support this feature. + +# DEFAULT + +0, disabled + +# PROTOCOLS + +FTP over proxy + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, + "ftp://example.com/old-server/file.txt"); + curl_easy_setopt(curl, CURLOPT_PROXY, "http://localhost:80"); + curl_easy_setopt(curl, CURLOPT_PROXY_TRANSFER_MODE, 1L); + curl_easy_setopt(curl, CURLOPT_TRANSFERTEXT, 1L); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.18.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if the +enabled value is not supported. diff --git a/docs/libcurl/opts/CURLOPT_PUT.md b/docs/libcurl/opts/CURLOPT_PUT.md new file mode 100644 index 000000000..117eaedd7 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PUT.md @@ -0,0 +1,89 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_PUT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPGET (3) + - CURLOPT_MIMEPOST (3) + - CURLOPT_POSTFIELDS (3) + - CURLOPT_UPLOAD (3) +--- + +# NAME + +CURLOPT_PUT - make an HTTP PUT request + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PUT, long put); +~~~ + +# DESCRIPTION + +A parameter set to 1 tells the library to use HTTP PUT to transfer data. The +data should be set with CURLOPT_READDATA(3) and +CURLOPT_INFILESIZE(3). + +This option is **deprecated** since version 7.12.1. Use CURLOPT_UPLOAD(3). + +# DEFAULT + +0, disabled + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +static size_t read_cb(char *ptr, size_t size, size_t nmemb, void *userdata) +{ + FILE *src = userdata; + /* copy as much data as possible into the 'ptr' buffer, but no more than + 'size' * 'nmemb' bytes */ + size_t retcode = fread(ptr, size, nmemb, src); + + return retcode; +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + FILE *src = fopen("local-file", "r"); + curl_off_t fsize; /* set this to the size of the input file */ + + /* we want to use our own read function */ + curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_cb); + + /* enable PUT */ + curl_easy_setopt(curl, CURLOPT_PUT, 1L); + + /* specify target */ + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/dir/to/newfile"); + + /* now specify which pointer to pass to our callback */ + curl_easy_setopt(curl, CURLOPT_READDATA, src); + + /* Set the size of the file to upload */ + curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, (curl_off_t)fsize); + + /* Now run off and do what you have been told */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Deprecated since 7.12.1. Do not use. + +# RETURN VALUE + +Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_QUICK_EXIT.md b/docs/libcurl/opts/CURLOPT_QUICK_EXIT.md new file mode 100644 index 000000000..4159c02fb --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_QUICK_EXIT.md @@ -0,0 +1,62 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_QUICK_EXIT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_FAILONERROR (3) + - CURLOPT_RESOLVE (3) +--- + +# NAME + +CURLOPT_QUICK_EXIT - allow to exit quickly + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_QUICK_EXIT, + long value); +~~~ + +# DESCRIPTION + +Pass a long as a parameter, 1L meaning that when recovering from a timeout, +libcurl should skip lengthy cleanups that are intended to avoid all kinds of +leaks (threads etc.), as the caller program is about to call exit() anyway. +This allows for a swift termination after a DNS timeout for example, by +canceling and/or forgetting about a resolver thread, at the expense of a +possible (though short-lived) leak of associated resources. + +# DEFAULT + +0 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_QUICK_EXIT, 1L); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.87.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_QUOTE.md b/docs/libcurl/opts/CURLOPT_QUOTE.md new file mode 100644 index 000000000..f57b45eec --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_QUOTE.md @@ -0,0 +1,161 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_QUOTE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CUSTOMREQUEST (3) + - CURLOPT_DIRLISTONLY (3) + - CURLOPT_POSTQUOTE (3) + - CURLOPT_PREQUOTE (3) +--- + +# NAME + +CURLOPT_QUOTE - (S)FTP commands to run before transfer + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_QUOTE, + struct curl_slist *cmds); +~~~ + +# DESCRIPTION + +Pass a pointer to a linked list of FTP or SFTP commands to pass to the server +prior to your request. This is done before any other commands are issued (even +before the CWD command for FTP). The linked list should be a fully valid list +of 'struct curl_slist' structs properly filled in with text strings. Use +curl_slist_append(3) to append strings (commands) to the list, and clear +the entire list afterwards with curl_slist_free_all(3). + +Disable this operation again by setting a NULL to this option. + +When speaking to an FTP server, prefix the command with an asterisk (*) to +make libcurl continue even if the command fails as by default libcurl stops at +first failure. + +The set of valid FTP commands depends on the server (see RFC 959 for a list of +mandatory commands). + +libcurl does not inspect, parse or "understand" the commands passed to the +server using this option. If you change connection state, working directory or +similar using quote commands, libcurl does not know about it. + +The path arguments for FTP or SFTP can use single or double quotes to +distinguish a space from being the parameter separator or being a part of the +path. e.g. rename with sftp using a quote command like this: + + "rename 'test/_upload.txt' 'test/Hello World.txt'" + +# SFTP commands + +## atime date file + +The atime command sets the last access time of the file named by the file +operand. The can be all sorts of date strings, see the +curl_getdate(3) man page for date expression details. (Added in 7.73.0) + +## chgrp group file + +The chgrp command sets the group ID of the file named by the file operand to +the group ID specified by the group operand. The group operand is a decimal +integer group ID. + +## chmod mode file + +The chmod command modifies the file mode bits of the specified file. The +mode operand is an octal integer mode number. + +## chown user file + +The chown command sets the owner of the file named by the file operand to the +user ID specified by the user operand. The user operand is a decimal +integer user ID. + +## ln source_file target_file + +The **ln** and **symlink** commands create a symbolic link at the +target_file location pointing to the source_file location. + +## mkdir directory_name + +The mkdir command creates the directory named by the directory_name operand. + +## mtime date file + +The mtime command sets the last modification time of the file named by the +file operand. The can be all sorts of date strings, see the +curl_getdate(3) man page for date expression details. (Added in 7.73.0) + +## pwd + +The **pwd** command returns the absolute path of the current working +directory. + +## rename source target + +The rename command renames the file or directory named by the source +operand to the destination path named by the target operand. + +## rm file + +The rm command removes the file specified by the file operand. + +## rmdir directory + +The rmdir command removes the directory entry specified by the directory +operand, provided it is empty. + +## statvfs file + +The statvfs command returns statistics on the file system in which specified +file resides. (Added in 7.49.0) + +## symlink source_file target_file + +See ln. + +# DEFAULT + +NULL + +# PROTOCOLS + +SFTP and FTP + +# EXAMPLE + +~~~c +int main(void) +{ + struct curl_slist *cmdlist = NULL; + cmdlist = curl_slist_append(cmdlist, "RNFR source-name"); + cmdlist = curl_slist_append(cmdlist, "RNTO new-name"); + + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/foo.bin"); + + /* pass in the FTP commands to run before the transfer */ + curl_easy_setopt(curl, CURLOPT_QUOTE, cmdlist); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +SFTP support added in 7.16.3. *-prefix for SFTP added in 7.24.0 + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_RANDOM_FILE.md b/docs/libcurl/opts/CURLOPT_RANDOM_FILE.md new file mode 100644 index 000000000..7675461a2 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_RANDOM_FILE.md @@ -0,0 +1,67 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_RANDOM_FILE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_EGDSOCKET (3) +--- + +# NAME + +CURLOPT_RANDOM_FILE - file to read random data from + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RANDOM_FILE, char *path); +~~~ + +# DESCRIPTION + +Deprecated option. It serves no purpose anymore. + +Pass a char pointer to a null-terminated filename. The file might be used to +read from to seed the random engine for SSL and more. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL, not used + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_RANDOM_FILE, "junk.txt"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +If built with TLS enabled. Only the OpenSSL backend uses this, and only with +OpenSSL versions before 1.1.0. + +This option was deprecated in 7.84.0. + +# RETURN VALUE + +Returns CURLE_OK on success or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_RANGE.md b/docs/libcurl/opts/CURLOPT_RANGE.md new file mode 100644 index 000000000..3f765bc61 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_RANGE.md @@ -0,0 +1,84 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_RANGE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_LOW_SPEED_LIMIT (3) + - CURLOPT_MAXFILESIZE_LARGE (3) + - CURLOPT_MAX_RECV_SPEED_LARGE (3) + - CURLOPT_RESUME_FROM (3) +--- + +# NAME + +CURLOPT_RANGE - byte range to request + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RANGE, char *range); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, which should contain the specified range you +want to retrieve. It should be in the format "X-Y", where either X or Y may be +left out and X and Y are byte indexes. + +HTTP transfers also support several intervals, separated with commas as in +*"X-Y,N-M"*. Using this kind of multiple intervals causes the HTTP server +to send the response document in pieces (using standard MIME separation +techniques). Unfortunately, the HTTP standard (RFC 7233 section 3.1) allows +servers to ignore range requests so even when you set CURLOPT_RANGE(3) +for a request, you may end up getting the full response sent back. + +For RTSP, the formatting of a range should follow RFC 2326 Section 12.29. For +RTSP, byte ranges are **not** permitted. Instead, ranges should be given in +**npt**, **utc**, or **smpte** formats. + +For HTTP PUT uploads this option should not be used, since it may conflict with +other options. + +Pass a NULL to this option to disable the use of ranges. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP, FTP, FILE, RTSP and SFTP. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* get the first 200 bytes */ + curl_easy_setopt(curl, CURLOPT_RANGE, "0-199"); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +FILE since 7.18.0, RTSP since 7.20.0 + +# RETURN VALUE + +Returns CURLE_OK on success or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_READDATA.md b/docs/libcurl/opts/CURLOPT_READDATA.md new file mode 100644 index 000000000..d7aa4ff9a --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_READDATA.md @@ -0,0 +1,77 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_READDATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HEADERDATA (3) + - CURLOPT_READFUNCTION (3) + - CURLOPT_WRITEDATA (3) + - CURLOPT_WRITEFUNCTION (3) +--- + +# NAME + +CURLOPT_READDATA - pointer passed to the read callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_READDATA, void *pointer); +~~~ + +# DESCRIPTION + +Data *pointer* to pass to the file read function. If you use the +CURLOPT_READFUNCTION(3) option, this is the pointer you get as input in +the fourth argument to the callback. + +If you do not specify a read callback but instead rely on the default internal +read function, this data must be a valid readable FILE * (cast to 'void *'). + +If you are using libcurl as a DLL on Windows, you must use the +CURLOPT_READFUNCTION(3) callback if you set this option, otherwise you +might experience crashes. + +# DEFAULT + +By default, this is a FILE * to stdin. + +# PROTOCOLS + +This is used for all protocols when sending data. + +# EXAMPLE + +~~~c +struct MyData { + void *custom; +}; + +int main(void) +{ + CURL *curl = curl_easy_init(); + struct MyData this; + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* pass pointer that gets passed in to the + CURLOPT_READFUNCTION callback */ + curl_easy_setopt(curl, CURLOPT_READDATA, &this); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +This option was once known by the older name CURLOPT_INFILE, the name +CURLOPT_READDATA(3) was introduced in 7.9.7. + +# RETURN VALUE + +This returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_READFUNCTION.md b/docs/libcurl/opts/CURLOPT_READFUNCTION.md new file mode 100644 index 000000000..978440d13 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_READFUNCTION.md @@ -0,0 +1,123 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_READFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_POST (3) + - CURLOPT_READDATA (3) + - CURLOPT_SEEKFUNCTION (3) + - CURLOPT_UPLOAD (3) + - CURLOPT_UPLOAD_BUFFERSIZE (3) + - CURLOPT_WRITEFUNCTION (3) +--- + +# NAME + +CURLOPT_READFUNCTION - read callback for data uploads + +# SYNOPSIS + +~~~c +#include + +size_t read_callback(char *buffer, size_t size, size_t nitems, void *userdata); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_READFUNCTION, read_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, as the prototype shows above. + +This callback function gets called by libcurl as soon as it needs to read data +in order to send it to the peer - like if you ask it to upload or post data to +the server. The data area pointed at by the pointer *buffer* should be +filled up with at most *size* multiplied with *nitems* number of bytes +by your function. *size* is always 1. + +Set the *userdata* argument with the CURLOPT_READDATA(3) option. + +Your function must return the actual number of bytes that it stored in the +data area pointed at by the pointer *buffer*. Returning 0 signals +end-of-file to the library and causes it to stop the current transfer. + +If you stop the current transfer by returning 0 "pre-maturely" (i.e before the +server expected it, like when you have said you would upload N bytes and you +upload less than N bytes), you may experience that the server "hangs" waiting +for the rest of the data that is not sent. + +The read callback may return *CURL_READFUNC_ABORT* to stop the current +operation immediately, resulting in a *CURLE_ABORTED_BY_CALLBACK* error +code from the transfer. + +The callback can return *CURL_READFUNC_PAUSE* to cause reading from this +connection to pause. See curl_easy_pause(3) for further details. + +**Bugs**: when doing TFTP uploads, you must return the exact amount of data +that the callback wants, or it is considered the final packet by the server +end and the transfer ends there. + +If you set this callback pointer to NULL, or do not set it at all, the default +internal read function is used. It is doing an fread() on the FILE * userdata +set with CURLOPT_READDATA(3). + +You can set the total size of the data you are sending by using +CURLOPT_INFILESIZE_LARGE(3) or CURLOPT_POSTFIELDSIZE_LARGE(3), +depending on the type of transfer. For some transfer types it may be required +and it allows for better error checking. + +# DEFAULT + +The default internal read callback is fread(). + +# PROTOCOLS + +This is used for all protocols when doing uploads. + +# EXAMPLE + +~~~c +size_t read_callback(char *ptr, size_t size, size_t nmemb, void *userdata) +{ + FILE *readhere = (FILE *)userdata; + curl_off_t nread; + + /* copy as much data as possible into the 'ptr' buffer, but no more than + 'size' * 'nmemb' bytes! */ + size_t retcode = fread(ptr, size, nmemb, readhere); + + nread = (curl_off_t)retcode; + + fprintf(stderr, "*** We read %" CURL_FORMAT_CURL_OFF_T + " bytes from file\n", nread); + return retcode; +} + +int main(int argc, char **argv) +{ + FILE *file = fopen(argv[1], "rb"); + CURLcode result; + + CURL *curl = curl_easy_init(); + if(curl) { + /* set callback to use */ + curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_callback); + + /* pass in suitable argument to callback */ + curl_easy_setopt(curl, CURLOPT_READDATA, (void *)file); + + result = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +CURL_READFUNC_PAUSE return code was added in 7.18.0 and CURL_READFUNC_ABORT +was added in 7.12.1. + +# RETURN VALUE + +This returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.md b/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.md new file mode 100644 index 000000000..4d06d4658 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.md @@ -0,0 +1,115 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_REDIR_PROTOCOLS +Section: 3 +Source: libcurl +See-also: + - CURLINFO_SCHEME (3) + - CURLOPT_DEFAULT_PROTOCOL (3) + - CURLOPT_PROTOCOLS (3) + - CURLOPT_REDIR_PROTOCOLS_STR (3) +--- + +# NAME + +CURLOPT_REDIR_PROTOCOLS - protocols allowed to redirect to + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_REDIR_PROTOCOLS, long bitmask); +~~~ + +# DESCRIPTION + +This option is deprecated. We strongly recommend using +CURLOPT_REDIR_PROTOCOLS_STR(3) instead because this option cannot +control all available protocols! + +Pass a long that holds a bitmask of CURLPROTO_* defines. If used, this bitmask +limits what protocols libcurl may use in a transfer that it follows to in a +redirect when CURLOPT_FOLLOWLOCATION(3) is enabled. This allows you to +limit specific transfers to only be allowed to use a subset of protocols in +redirections. + +Protocols denied by CURLOPT_PROTOCOLS(3) are not overridden by this +option. + +By default libcurl allows HTTP, HTTPS, FTP and FTPS on redirect (7.65.2). +*CURLPROTO_ALL* enables all protocols on redirect, including those +otherwise disabled for security. + +These are the available protocol defines: +~~~c +CURLPROTO_DICT +CURLPROTO_FILE +CURLPROTO_FTP +CURLPROTO_FTPS +CURLPROTO_GOPHER +CURLPROTO_HTTP +CURLPROTO_HTTPS +CURLPROTO_IMAP +CURLPROTO_IMAPS +CURLPROTO_LDAP +CURLPROTO_LDAPS +CURLPROTO_POP3 +CURLPROTO_POP3S +CURLPROTO_RTMP +CURLPROTO_RTMPE +CURLPROTO_RTMPS +CURLPROTO_RTMPT +CURLPROTO_RTMPTE +CURLPROTO_RTMPTS +CURLPROTO_RTSP +CURLPROTO_SCP +CURLPROTO_SFTP +CURLPROTO_SMB +CURLPROTO_SMBS +CURLPROTO_SMTP +CURLPROTO_SMTPS +CURLPROTO_TELNET +CURLPROTO_TFTP +~~~ + +# DEFAULT + +HTTP, HTTPS, FTP and FTPS (Added in 7.65.2). + +Older versions defaulted to all protocols except FILE, SCP and since 7.40.0 +SMB and SMBS. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(int argc, char **argv) +{ + CURL *curl = curl_easy_init(); + if(curl) { + /* pass in the URL from an external source */ + curl_easy_setopt(curl, CURLOPT_URL, argv[1]); + + /* only allow redirects to HTTP and HTTPS URLs */ + curl_easy_setopt(curl, CURLOPT_REDIR_PROTOCOLS, + CURLPROTO_HTTP | CURLPROTO_HTTPS); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.19.4, before then it would follow all protocols. Deprecated +since 7.85.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS_STR.md b/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS_STR.md new file mode 100644 index 000000000..9201a4b41 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS_STR.md @@ -0,0 +1,94 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_REDIR_PROTOCOLS_STR +Section: 3 +Source: libcurl +See-also: + - CURLINFO_SCHEME (3) + - CURLOPT_DEFAULT_PROTOCOL (3) + - CURLOPT_PROTOCOLS (3) + - CURLOPT_PROTOCOLS_STR (3) + - CURLOPT_REDIR_PROTOCOLS (3) +--- + +# NAME + +CURLOPT_REDIR_PROTOCOLS_STR - protocols allowed to redirect to + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_REDIR_PROTOCOLS_STR, + char *spec); +~~~ + +# DESCRIPTION + +Pass a pointer to a string that holds a comma-separated list of case +insensitive protocol names (URL schemes). That list limits what protocols +libcurl may use in a transfer that it follows to in a redirect when +CURLOPT_FOLLOWLOCATION(3) is enabled. This option allows applications to +limit specific transfers to only be allowed to use a subset of protocols in +redirections. + +Protocols denied by CURLOPT_PROTOCOLS_STR(3) are not overridden by this +option. + +By default libcurl allows HTTP, HTTPS, FTP and FTPS on redirects (since +7.65.2). + +These are the available protocols: + +DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, +MQTT, POP3, POP3S, RTMP, RTMPE, RTMPS, RTMPT, RTMPTE, RTMPTS, RTSP, SCP, SFTP, +SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS, WSS + +You can set "ALL" as a short-cut to enable all protocols. Note that by setting +all, you may enable protocols that were not supported the day you write this +but are introduced in a future libcurl version. + +If trying to set a non-existing protocol or if no matching protocol at all is +set, it returns error. + +# DEFAULT + +HTTP, HTTPS, FTP and FTPS (Added in 7.65.2). + +Older versions defaulted to all protocols except FILE, SCP and since 7.40.0 +SMB and SMBS. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(int argc, char **argv) +{ + CURL *curl = curl_easy_init(); + if(curl) { + /* pass in the URL from an external source */ + curl_easy_setopt(curl, CURLOPT_URL, argv[1]); + + /* only allow redirects to HTTP and HTTPS URLs */ + curl_easy_setopt(curl, CURLOPT_REDIR_PROTOCOLS_STR, "http,https"); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.85.0. + +# RETURN VALUE + +Returns CURLE_UNKNOWN_OPTION if the option is not implemented, +CURLE_UNSUPPORTED_PROTOCOL if a listed protocol is not supported or disabled, +CURLE_BAD_FUNCTION_ARGUMENT if no protocol is listed else CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_REFERER.md b/docs/libcurl/opts/CURLOPT_REFERER.md new file mode 100644 index 000000000..6af19cb01 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_REFERER.md @@ -0,0 +1,67 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_REFERER +Section: 3 +Source: libcurl +See-also: + - CURLINFO_REDIRECT_URL (3) + - CURLINFO_REFERER (3) + - CURLOPT_HTTPHEADER (3) + - CURLOPT_USERAGENT (3) +--- + +# NAME + +CURLOPT_REFERER - the HTTP referer header + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_REFERER, char *where); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. It is used to set the +Referer: header field in the HTTP request sent to the remote server. You can +set any custom header with CURLOPT_HTTPHEADER(3). + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* tell it where we found the link to this place */ + curl_easy_setopt(curl, CURLOPT_REFERER, "https://example.org/me.html"); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +If built with HTTP support + +# RETURN VALUE + +Returns CURLE_OK if HTTP support is enabled, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_REQUEST_TARGET.md b/docs/libcurl/opts/CURLOPT_REQUEST_TARGET.md new file mode 100644 index 000000000..cfc15d7b4 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_REQUEST_TARGET.md @@ -0,0 +1,67 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_REQUEST_TARGET +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CUSTOMREQUEST (3) + - CURLOPT_HTTPGET (3) + - CURLOPT_PATH_AS_IS (3) + - CURLOPT_URL (3) +--- + +# NAME + +CURLOPT_REQUEST_TARGET - alternative target for this request + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_REQUEST_TARGET, string); +~~~ + +# DESCRIPTION + +Pass a char pointer to string which libcurl uses in the upcoming request +instead of the path as extracted from the URL. + +libcurl passes on the verbatim string in its request without any filter or +other safe guards. That includes white space and control characters. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/*"); + curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "OPTIONS"); + + /* issue an OPTIONS * request (no leading slash) */ + curl_easy_setopt(curl, CURLOPT_REQUEST_TARGET, "*"); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.55.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_RESOLVE.md b/docs/libcurl/opts/CURLOPT_RESOLVE.md new file mode 100644 index 000000000..ce446bdbf --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_RESOLVE.md @@ -0,0 +1,115 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_RESOLVE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CONNECT_TO (3) + - CURLOPT_DNS_CACHE_TIMEOUT (3) + - CURLOPT_IPRESOLVE (3) +--- + +# NAME + +CURLOPT_RESOLVE - provide custom hostname to IP address resolves + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RESOLVE, + struct curl_slist *hosts); +~~~ + +# DESCRIPTION + +Pass a pointer to a linked list of strings with hostname resolve information +to use for requests with this handle. The linked list should be a fully valid +list of **struct curl_slist** structs properly filled in. Use +curl_slist_append(3) to create the list and curl_slist_free_all(3) to clean up +an entire list. + +Each resolve rule to add should be written using the format + +~~~c + [+]HOST:PORT:ADDRESS[,ADDRESS] +~~~ + +HOST is the name libcurl wants to resolve, PORT is the port number of the +service where libcurl wants to connect to the HOST and ADDRESS is one or more +numerical IP addresses. If you specify multiple IP addresses they need to be +separated by comma. If libcurl is built to support IPv6, each of the ADDRESS +entries can of course be either IPv4 or IPv6 style addressing. + +This option effectively populates the DNS cache with entries for the host+port +pair so redirects and everything that operations against the HOST+PORT instead +use your provided ADDRESS. + +The optional leading "+" specifies that the new entry should time-out. Entries +added without the leading plus character never times out whereas entries added +with "+HOST:..." times out just like ordinary DNS cache entries. + +If the DNS cache already has an entry for the given host+port pair, the new +entry overrides the former one. + +An ADDRESS provided by this option is only used if not restricted by the +setting of CURLOPT_IPRESOLVE(3) to a different IP version. + +To remove names from the DNS cache again, to stop providing these fake +resolves, include a string in the linked list that uses the format + +~~~c + -HOST:PORT +~~~ + +The entry to remove must be prefixed with a dash, and the hostname and port +number must exactly match what was added previously. + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl; + struct curl_slist *host = NULL; + host = curl_slist_append(NULL, "example.com:443:127.0.0.1"); + + curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_RESOLVE, host); + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + curl_easy_perform(curl); + + /* always cleanup */ + curl_easy_cleanup(curl); + } + + curl_slist_free_all(host); +} +~~~ + +# AVAILABILITY + +Added in 7.21.3. Removal support added in 7.42.0. + +Support for providing the ADDRESS within [brackets] was added in 7.57.0. + +Support for providing multiple IP addresses per entry was added in 7.59.0. + +Support for adding non-permanent entries by using the "+" prefix was added in +7.75.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_RESOLVER_START_DATA.md b/docs/libcurl/opts/CURLOPT_RESOLVER_START_DATA.md new file mode 100644 index 000000000..f34cf8bd6 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_RESOLVER_START_DATA.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_RESOLVER_START_DATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PREREQFUNCTION (3) + - CURLOPT_RESOLVER_START_FUNCTION (3) +--- + +# NAME + +CURLOPT_RESOLVER_START_DATA - pointer passed to the resolver start callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RESOLVER_START_DATA, + void *pointer); +~~~ + +# DESCRIPTION + +Pass a *pointer* is be untouched by libcurl and passed as the third +argument in the resolver start callback set with +CURLOPT_RESOLVER_START_FUNCTION(3). + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +static int resolver_start_cb(void *resolver_state, void *reserved, + void *userdata) +{ + (void)reserved; + printf("Received resolver_state=%p userdata=%p\n", + resolver_state, userdata); + return 0; +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_RESOLVER_START_FUNCTION, resolver_start_cb); + curl_easy_setopt(curl, CURLOPT_RESOLVER_START_DATA, curl); + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.59.0 + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_RESOLVER_START_FUNCTION.md b/docs/libcurl/opts/CURLOPT_RESOLVER_START_FUNCTION.md new file mode 100644 index 000000000..a9b490726 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_RESOLVER_START_FUNCTION.md @@ -0,0 +1,88 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_RESOLVER_START_FUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PREREQFUNCTION (3) + - CURLOPT_RESOLVER_START_DATA (3) +--- + +# NAME + +CURLOPT_RESOLVER_START_FUNCTION - callback called before a new name resolve is started + +# SYNOPSIS + +~~~c +#include + +int resolver_start_cb(void *resolver_state, void *reserved, void *userdata); + +CURLcode curl_easy_setopt(CURL *handle, + CURLOPT_RESOLVER_START_FUNCTION, + resolver_start_cb); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +This callback function gets called by libcurl every time before a new resolve +request is started. + +*resolver_state* points to a backend-specific resolver state. Currently only +the ares resolver backend has a resolver state. It can be used to set up any +desired option on the ares channel before it is used, for example setting up +socket callback options. + +*reserved* is reserved. + +*userdata* is the user pointer set with the +CURLOPT_RESOLVER_START_DATA(3) option. + +The callback must return 0 on success. Returning a non-zero value causes the +resolve to fail. + +# DEFAULT + +NULL (No callback) + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +static int start_cb(void *resolver_state, void *reserved, + void *userdata) +{ + (void)reserved; + printf("Received resolver_state=%p userdata=%p\n", + resolver_state, userdata); + return 0; +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_RESOLVER_START_FUNCTION, start_cb); + curl_easy_setopt(curl, CURLOPT_RESOLVER_START_DATA, curl); + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.59.0 + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_RESUME_FROM.md b/docs/libcurl/opts/CURLOPT_RESUME_FROM.md new file mode 100644 index 000000000..c8de1ee6b --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_RESUME_FROM.md @@ -0,0 +1,80 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_RESUME_FROM +Section: 3 +Source: libcurl +See-also: + - CURLOPT_INFILESIZE (3) + - CURLOPT_RANGE (3) + - CURLOPT_RESUME_FROM_LARGE (3) +--- + +# NAME + +CURLOPT_RESUME_FROM - offset to resume transfer from + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RESUME_FROM, long from); +~~~ + +# DESCRIPTION + +Pass a long as parameter. It contains the offset in number of bytes that you +want the transfer to start from. Set this option to 0 to make the transfer +start from the beginning (effectively disabling resume). For FTP, set this +option to -1 to make the transfer start from the end of the target file +(useful to continue an interrupted upload). + +When doing uploads with FTP, the resume position is where in the local/source +file libcurl should try to resume the upload from and it then appends the +source file to the remote target file. + +If you need to resume a transfer beyond the 2GB limit, use +CURLOPT_RESUME_FROM_LARGE(3) instead. + +# DEFAULT + +0, not used + +# PROTOCOLS + +HTTP, FTP, SFTP, FILE + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + long size_of_file; + + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com"); + + /* resume upload at byte index 200 */ + curl_easy_setopt(curl, CURLOPT_RESUME_FROM, 200L); + + /* ask for upload */ + curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); + + /* set total data amount to expect */ + curl_easy_setopt(curl, CURLOPT_INFILESIZE, size_of_file); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.md b/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.md new file mode 100644 index 000000000..950a4f496 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_RESUME_FROM_LARGE.md @@ -0,0 +1,79 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_RESUME_FROM_LARGE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_INFILESIZE_LARGE (3) + - CURLOPT_RANGE (3) + - CURLOPT_RESUME_FROM (3) +--- + +# NAME + +CURLOPT_RESUME_FROM_LARGE - offset to resume transfer from + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RESUME_FROM_LARGE, + curl_off_t from); +~~~ + +# DESCRIPTION + +Pass a curl_off_t as parameter. It contains the offset in number of bytes that +you want the transfer to start from. Set this option to 0 to make the transfer +start from the beginning (effectively disabling resume). For FTP, set this +option to -1 to make the transfer start from the end of the target file +(useful to continue an interrupted upload). + +When doing uploads with FTP, the resume position is where in the local/source +file libcurl should try to resume the upload from and it appends the source +file to the remote target file. + +# DEFAULT + +0, not used + +# PROTOCOLS + +HTTP, FTP, SFTP, FILE + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_off_t resume_position; /* get it somehow */ + curl_off_t file_size; /* get it somehow as well */ + + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com"); + + /* resuming upload at this position, possibly beyond 2GB */ + curl_easy_setopt(curl, CURLOPT_RESUME_FROM_LARGE, resume_position); + + /* ask for upload */ + curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); + + /* set total data amount to expect */ + curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, file_size); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.11.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_RTSP_CLIENT_CSEQ.md b/docs/libcurl/opts/CURLOPT_RTSP_CLIENT_CSEQ.md new file mode 100644 index 000000000..6c83663dc --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_RTSP_CLIENT_CSEQ.md @@ -0,0 +1,62 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_RTSP_CLIENT_CSEQ +Section: 3 +Source: libcurl +See-also: + - CURLINFO_RTSP_CLIENT_CSEQ (3) + - CURLINFO_RTSP_SERVER_CSEQ (3) + - CURLOPT_RTSP_REQUEST (3) + - CURLOPT_RTSP_SERVER_CSEQ (3) +--- + +# NAME + +CURLOPT_RTSP_CLIENT_CSEQ - RTSP client CSEQ number + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RTSP_CLIENT_CSEQ, long cseq); +~~~ + +# DESCRIPTION + +Pass a long to set the CSEQ number to issue for the next RTSP request. Useful +if the application is resuming a previously broken connection. The CSEQ +increments from this new number henceforth. + +# DEFAULT + +0 + +# PROTOCOLS + +RTSP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "rtsp://example.com/"); + curl_easy_setopt(curl, CURLOPT_RTSP_CLIENT_CSEQ, 1234L); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.20.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.md b/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.md new file mode 100644 index 000000000..d56b34dc9 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.md @@ -0,0 +1,139 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_RTSP_REQUEST +Section: 3 +Source: libcurl +See-also: + - CURLOPT_RTSP_SESSION_ID (3) + - CURLOPT_RTSP_STREAM_URI (3) +--- + +# NAME + +CURLOPT_RTSP_REQUEST - RTSP request + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RTSP_REQUEST, long request); +~~~ + +# DESCRIPTION + +Tell libcurl what kind of RTSP request to make. Pass one of the following RTSP +enum values as a long in the *request* argument. Unless noted otherwise, +commands require the Session ID to be initialized. + +## CURL_RTSPREQ_OPTIONS + +Used to retrieve the available methods of the server. The application is +responsible for parsing and obeying the response. The session ID is not needed +for this method. + +## CURL_RTSPREQ_DESCRIBE + +Used to get the low level description of a stream. The application should note +what formats it understands in the *'Accept:'* header. Unless set manually, +libcurl automatically adds in *'Accept: application/sdp'*. Time-condition +headers are added to Describe requests if the CURLOPT_TIMECONDITION(3) +option is used. (The session ID is not needed for this method) + +## CURL_RTSPREQ_ANNOUNCE + +When sent by a client, this method changes the description of the session. For +example, if a client is using the server to record a meeting, the client can +use Announce to inform the server of all the meta-information about the +session. ANNOUNCE acts like an HTTP PUT or POST just like +*CURL_RTSPREQ_SET_PARAMETER* + +## CURL_RTSPREQ_SETUP + +Setup is used to initialize the transport layer for the session. The +application must set the desired Transport options for a session by using the +CURLOPT_RTSP_TRANSPORT(3) option prior to calling setup. If no session +ID is currently set with CURLOPT_RTSP_SESSION_ID(3), libcurl extracts +and uses the session ID in the response to this request. The session ID is not +needed for this method. + +## CURL_RTSPREQ_PLAY + +Send a Play command to the server. Use the CURLOPT_RANGE(3) option to +modify the playback time (e.g. *npt=10-15*). + +## CURL_RTSPREQ_PAUSE + +Send a Pause command to the server. Use the CURLOPT_RANGE(3) option with +a single value to indicate when the stream should be +halted. (e.g. *npt=25*) + +## CURL_RTSPREQ_TEARDOWN + +This command terminates an RTSP session. Simply closing a connection does not +terminate the RTSP session since it is valid to control an RTSP session over +different connections. + +## CURL_RTSPREQ_GET_PARAMETER + +Retrieve a parameter from the server. By default, libcurl adds a +*Content-Type: text/parameters* header on all non-empty requests unless a +custom one is set. GET_PARAMETER acts just like an HTTP PUT or POST (see +*CURL_RTSPREQ_SET_PARAMETER*). Applications wishing to send a heartbeat +message (e.g. in the presence of a server-specified timeout) should send use +an empty GET_PARAMETER request. + +## CURL_RTSPREQ_SET_PARAMETER + +Set a parameter on the server. By default, libcurl uses a *Content-Type: +text/parameters* header unless a custom one is set. The interaction with +SET_PARAMETER is much like an HTTP PUT or POST. An application may either use +CURLOPT_UPLOAD(3) with CURLOPT_READDATA(3) like an HTTP PUT, or it may use +CURLOPT_POSTFIELDS(3) like an HTTP POST. No chunked transfers are allowed, so +the application must set the CURLOPT_INFILESIZE(3) in the former and +CURLOPT_POSTFIELDSIZE(3) in the latter. Also, there is no use of multi-part +POSTs within RTSP. + +## CURL_RTSPREQ_RECORD + +Used to tell the server to record a session. Use the CURLOPT_RANGE(3) +option to modify the record time. + +## CURL_RTSPREQ_RECEIVE + +This is a special request because it does not send any data to the server. The +application may call this function in order to receive interleaved RTP +data. It returns after processing one read buffer of data in order to give the +application a chance to run. + +# DEFAULT + +# PROTOCOLS + +RTSP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "rtsp://example.com/"); + /* ask for options! */ + curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, CURL_RTSPREQ_OPTIONS); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.20.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.md b/docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.md new file mode 100644 index 000000000..521084388 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_RTSP_SERVER_CSEQ.md @@ -0,0 +1,61 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_RTSP_SERVER_CSEQ +Section: 3 +Source: libcurl +See-also: + - CURLINFO_RTSP_SERVER_CSEQ (3) + - CURLOPT_RTSP_CLIENT_CSEQ (3) + - CURLOPT_RTSP_STREAM_URI (3) +--- + +# NAME + +CURLOPT_RTSP_SERVER_CSEQ - RTSP server CSEQ number + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RTSP_SERVER_CSEQ, long cseq); +~~~ + +# DESCRIPTION + +Pass a long to set the CSEQ number to expect for the next RTSP Server->Client +request. **NOTE**: this feature (listening for Server requests) is +unimplemented. + +# DEFAULT + +0 + +# PROTOCOLS + +RTSP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "rtsp://example.com/"); + curl_easy_setopt(curl, CURLOPT_RTSP_SERVER_CSEQ, 1234L); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.20.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_RTSP_SESSION_ID.md b/docs/libcurl/opts/CURLOPT_RTSP_SESSION_ID.md new file mode 100644 index 000000000..8af7f7c59 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_RTSP_SESSION_ID.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_RTSP_SESSION_ID +Section: 3 +Source: libcurl +See-also: + - CURLOPT_RTSP_REQUEST (3) + - CURLOPT_RTSP_STREAM_URI (3) +--- + +# NAME + +CURLOPT_RTSP_SESSION_ID - RTSP session ID + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RTSP_SESSION_ID, char *id); +~~~ + +# DESCRIPTION + +Pass a char pointer as a parameter to set the value of the current RTSP +Session ID for the handle. Useful for resuming an in-progress session. Once +this value is set to any non-NULL value, libcurl returns +*CURLE_RTSP_SESSION_ERROR* if ID received from the server does not match. If +unset (or set to NULL), libcurl automatically sets the ID the first time the +server sets it in a response. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +RTSP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + char *prev_id; /* saved from before somehow */ + curl_easy_setopt(curl, CURLOPT_URL, "rtsp://example.com/"); + curl_easy_setopt(curl, CURLOPT_RTSP_SESSION_ID, prev_id); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.20.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.md b/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.md new file mode 100644 index 000000000..e138a3cd9 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_RTSP_STREAM_URI +Section: 3 +Source: libcurl +See-also: + - CURLOPT_RTSP_REQUEST (3) + - CURLOPT_RTSP_TRANSPORT (3) +--- + +# NAME + +CURLOPT_RTSP_STREAM_URI - RTSP stream URI + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RTSP_STREAM_URI, char *URI); +~~~ + +# DESCRIPTION + +Set the stream *URI* to operate on by passing a char * . For example, a single +session may be controlling *rtsp://foo/twister/audio* and +*rtsp://foo/twister/video* and the application can switch to the appropriate +stream using this option. If unset, libcurl defaults to operating on generic +server options by passing '*' in the place of the RTSP Stream URI. This option +is distinct from CURLOPT_URL(3). When working with RTSP, the +CURLOPT_RTSP_STREAM_URI(3) indicates what URL to send to the server in the +request header while the CURLOPT_URL(3) indicates where to make the connection +to. (e.g. the CURLOPT_URL(3) for the above examples might be set to +*rtsp://foo/twister* + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +"*" + +# PROTOCOLS + +RTSP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "rtsp://example.com/"); + curl_easy_setopt(curl, CURLOPT_RTSP_STREAM_URI, + "rtsp://foo.example.com/twister/video"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.20.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.md b/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.md new file mode 100644 index 000000000..b8083967d --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_RTSP_TRANSPORT.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_RTSP_TRANSPORT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_RTSP_REQUEST (3) + - CURLOPT_RTSP_SESSION_ID (3) +--- + +# NAME + +CURLOPT_RTSP_TRANSPORT - RTSP Transport: header + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_RTSP_TRANSPORT, + char *transport); +~~~ + +# DESCRIPTION + +Pass a char pointer to tell libcurl what to pass for the Transport: header for +this RTSP session. This is mainly a convenience method to avoid needing to set +a custom Transport: header for every SETUP request. The application must set a +Transport: header before issuing a SETUP request. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +RTSP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "rtsp://example.com/"); + curl_easy_setopt(curl, CURLOPT_RTSP_REQUEST, CURL_RTSPREQ_SETUP); + curl_easy_setopt(curl, CURLOPT_RTSP_TRANSPORT, + "RTP/AVP;unicast;client_port=4588-4589"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.20.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SASL_AUTHZID.md b/docs/libcurl/opts/CURLOPT_SASL_AUTHZID.md new file mode 100644 index 000000000..5ff67c6ab --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SASL_AUTHZID.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SASL_AUTHZID +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PASSWORD (3) + - CURLOPT_USERNAME (3) + - CURLOPT_USERPWD (3) +--- + +# NAME + +CURLOPT_SASL_AUTHZID - authorization identity (identity to act as) + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SASL_AUTHZID, char *authzid); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, which should be pointing to the +null-terminated authorization identity (*authzid*) for the transfer. Only +applicable to the PLAIN SASL authentication mechanism where it is optional. + +When not specified only the authentication identity (*authcid*) as +specified by the username is sent to the server, along with the password. The +server derives a *authzid* from the *authcid* when not provided, which +it then uses internally. + +When the *authzid* is specified, the use of which is server dependent, it +can be used to access another user's inbox, that the user has been granted +access to, or a shared mailbox for example. + +# DEFAULT + +blank + +# PROTOCOLS + +IMAP, LDAP, POP3 and SMTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "imap://example.com/"); + curl_easy_setopt(curl, CURLOPT_USERNAME, "Kurt"); + curl_easy_setopt(curl, CURLOPT_PASSWORD, "xipj3plmq"); + curl_easy_setopt(curl, CURLOPT_SASL_AUTHZID, "Ursel"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.66.0. Support for OpenLDAP added in 7.82.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SASL_IR.md b/docs/libcurl/opts/CURLOPT_SASL_IR.md new file mode 100644 index 000000000..204734d01 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SASL_IR.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SASL_IR +Section: 3 +Source: libcurl +See-also: + - CURLOPT_MAIL_AUTH (3) + - CURLOPT_MAIL_FROM (3) + - CURLOPT_SASL_AUTHZID (3) +--- + +# NAME + +CURLOPT_SASL_IR - send initial response in first packet + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SASL_IR, long enable); +~~~ + +# DESCRIPTION + +Pass a long. If the value is 1, curl sends the initial response to the server +in the first authentication packet in order to reduce the number of ping pong +requests. Only applicable to the following supporting SASL authentication +mechanisms: + +* Login +* Plain +* GSSAPI +* NTLM +* OAuth 2.0 + +Note: Whilst IMAP supports this option there is no need to explicitly set it, +as libcurl can determine the feature itself when the server supports the +SASL-IR CAPABILITY. + +# DEFAULT + +0 + +# PROTOCOLS + +IMAP, POP3 and SMTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "smtp://example.com/"); + curl_easy_setopt(curl, CURLOPT_SASL_IR, 1L); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.31.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SEEKDATA.md b/docs/libcurl/opts/CURLOPT_SEEKDATA.md new file mode 100644 index 000000000..9392c2366 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SEEKDATA.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SEEKDATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DEBUGFUNCTION (3) + - CURLOPT_IOCTLFUNCTION (3) + - CURLOPT_SEEKFUNCTION (3) + - CURLOPT_STDERR (3) +--- + +# NAME + +CURLOPT_SEEKDATA - pointer passed to the seek callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SEEKDATA, void *pointer); +~~~ + +# DESCRIPTION + +Data *pointer* to pass to the seek callback function. If you use the +CURLOPT_SEEKFUNCTION(3) option, this is the pointer you get as input. + +# DEFAULT + +If you do not set this, NULL is passed to the callback. + +# PROTOCOLS + +HTTP, FTP, SFTP + +# EXAMPLE + +~~~c +#include /* for lseek() */ + +struct data { + int our_fd; +}; + +static int seek_cb(void *clientp, curl_off_t offset, int origin) +{ + struct data *d = (struct data *)clientp; + lseek(d->our_fd, offset, origin); + return CURL_SEEKFUNC_OK; +} + +int main(void) +{ + struct data seek_data; + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_SEEKFUNCTION, seek_cb); + curl_easy_setopt(curl, CURLOPT_SEEKDATA, &seek_data); + } +} +~~~ + +# AVAILABILITY + +Added in 7.18.0 + +# RETURN VALUE + diff --git a/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.md b/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.md new file mode 100644 index 000000000..102bdcfc7 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SEEKFUNCTION.md @@ -0,0 +1,102 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SEEKFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DEBUGFUNCTION (3) + - CURLOPT_IOCTLFUNCTION (3) + - CURLOPT_SEEKDATA (3) + - CURLOPT_STDERR (3) +--- + +# NAME + +CURLOPT_SEEKFUNCTION - user callback for seeking in input stream + +# SYNOPSIS + +~~~c +#include + +/* These are the return codes for the seek callbacks */ +#define CURL_SEEKFUNC_OK 0 +#define CURL_SEEKFUNC_FAIL 1 /* fail the entire transfer */ +#define CURL_SEEKFUNC_CANTSEEK 2 /* tell libcurl seeking cannot be done, so + libcurl might try other means instead */ + +int seek_callback(void *clientp, curl_off_t offset, int origin); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SEEKFUNCTION, seek_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +This function gets called by libcurl to seek to a certain position in the +input stream and can be used to fast forward a file in a resumed upload +(instead of reading all uploaded bytes with the normal read +function/callback). It is also called to rewind a stream when data has already +been sent to the server and needs to be sent again. This may happen when doing +an HTTP PUT or POST with a multi-pass authentication method, or when an +existing HTTP connection is reused too late and the server closes the +connection. The function shall work like fseek(3) or lseek(3) and it gets +SEEK_SET, SEEK_CUR or SEEK_END as argument for *origin*, although libcurl +currently only passes SEEK_SET. + +*clientp* is the pointer you set with CURLOPT_SEEKDATA(3). + +The callback function must return *CURL_SEEKFUNC_OK* on success, +*CURL_SEEKFUNC_FAIL* to cause the upload operation to fail or +*CURL_SEEKFUNC_CANTSEEK* to indicate that while the seek failed, libcurl +is free to work around the problem if possible. The latter can sometimes be +done by instead reading from the input or similar. + +If you forward the input arguments directly to fseek(3) or lseek(3), note that +the data type for *offset* is not the same as defined for curl_off_t on +many systems! + +# DEFAULT + +By default, this is NULL and unused. + +# PROTOCOLS + +HTTP, FTP, SFTP + +# EXAMPLE + +~~~c +#include /* for lseek */ + +struct data { + int our_fd; +}; +static int seek_cb(void *clientp, curl_off_t offset, int origin) +{ + struct data *d = (struct data *)clientp; + lseek(d->our_fd, offset, origin); + return CURL_SEEKFUNC_OK; +} + +int main(void) +{ + struct data seek_data; + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_SEEKFUNCTION, seek_cb); + curl_easy_setopt(curl, CURLOPT_SEEKDATA, &seek_data); + } +} +~~~ + +# AVAILABILITY + +Added in 7.18.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SERVER_RESPONSE_TIMEOUT.md b/docs/libcurl/opts/CURLOPT_SERVER_RESPONSE_TIMEOUT.md new file mode 100644 index 000000000..5385d521e --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SERVER_RESPONSE_TIMEOUT.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SERVER_RESPONSE_TIMEOUT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CONNECTTIMEOUT (3) + - CURLOPT_LOW_SPEED_LIMIT (3) + - CURLOPT_TIMEOUT (3) +--- + +# NAME + +CURLOPT_SERVER_RESPONSE_TIMEOUT - time allowed to wait for server response + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SERVER_RESPONSE_TIMEOUT, + long timeout); +~~~ + +# DESCRIPTION + +Pass a long. Causes libcurl to set a *timeout* period (in seconds) on the +amount of time that the server is allowed to take in order to send a response +message for a command before the session is considered dead. While libcurl is +waiting for a response, this value overrides CURLOPT_TIMEOUT(3). It is +recommended that if used in conjunction with CURLOPT_TIMEOUT(3), you set +CURLOPT_SERVER_RESPONSE_TIMEOUT(3) to a value smaller than +CURLOPT_TIMEOUT(3). + +This option was formerly known as CURLOPT_FTP_RESPONSE_TIMEOUT. + +# DEFAULT + +None + +# PROTOCOLS + +FTP, IMAP, POP3, SMTP, and SSH + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/slow.txt"); + /* wait no more than 23 seconds */ + curl_easy_setopt(curl, CURLOPT_SERVER_RESPONSE_TIMEOUT, 23L); + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.10.8. Used under this name since 7.20.0 + +Support for SSH is predicated on a new enough (1.11.0) version of libssh2 +being available when compiling libcurl. + +# RETURN VALUE + +Returns CURLE_OK if supported, and CURLE_UNKNOWN_OPTION if not. Returns +CURLE_BAD_FUNCTION_ARGUMENT if set to a negative value or a value that when +converted to milliseconds is too large. diff --git a/docs/libcurl/opts/CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.md b/docs/libcurl/opts/CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.md new file mode 100644 index 000000000..a7d9c9137 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.md @@ -0,0 +1,74 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SERVER_RESPONSE_TIMEOUT_MS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CONNECTTIMEOUT (3) + - CURLOPT_LOW_SPEED_LIMIT (3) + - CURLOPT_TIMEOUT (3) +--- + +# NAME + +CURLOPT_SERVER_RESPONSE_TIMEOUT_MS - time allowed to wait for server response + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SERVER_RESPONSE_TIMEOUT_MS, + long timeout); +~~~ + +# DESCRIPTION + +Pass a long. Causes libcurl to set a *timeout* period (in milliseconds) on the +amount of time that the server is allowed to take in order to send a response +message for a command before the session is considered dead. While libcurl is +waiting for a response, this value overrides CURLOPT_TIMEOUT(3). It is +recommended that if used in conjunction with CURLOPT_TIMEOUT(3), you set +CURLOPT_SERVER_RESPONSE_TIMEOUT_MS(3) to a value smaller than +CURLOPT_TIMEOUT(3). + +The maximum accepted value is 2147483648. + +This is the millisecond version of CURLOPT_SERVER_RESPONSE_TIMEOUT(3). + +# DEFAULT + +None + +# PROTOCOLS + +FTP, IMAP, POP3, SMTP, and SSH + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/slow.txt"); + /* wait no more than 237 milliseconds */ + curl_easy_setopt(curl, CURLOPT_SERVER_RESPONSE_TIMEOUT_MS, 237L); + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 8.6.0. + +# RETURN VALUE + +Returns CURLE_OK if supported, and CURLE_UNKNOWN_OPTION if not. Returns +CURLE_BAD_FUNCTION_ARGUMENT if set to a negative value or a value that when +converted to milliseconds is too large. diff --git a/docs/libcurl/opts/CURLOPT_SERVICE_NAME.md b/docs/libcurl/opts/CURLOPT_SERVICE_NAME.md new file mode 100644 index 000000000..0e13ca712 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SERVICE_NAME.md @@ -0,0 +1,66 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SERVICE_NAME +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY (3) + - CURLOPT_PROXYTYPE (3) + - CURLOPT_PROXY_SERVICE_NAME (3) +--- + +# NAME + +CURLOPT_SERVICE_NAME - authentication service name + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SERVICE_NAME, char *name); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter to a string holding the *name* of the service +for DIGEST-MD5, SPNEGO and Kerberos 5 authentication mechanisms. The default +service names are "ftp", "HTTP", "imap", "ldap", "pop" and "smtp". This option +allows you to change them. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +See above + +# PROTOCOLS + +HTTP, FTP, IMAP, LDAP, POP3 and SMTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode ret; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_SERVICE_NAME, "custom"); + ret = curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.43.0 for HTTP, 7.49.0 for FTP, IMAP, POP3 and SMTP, +7.82.0 for OpenLDAP. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SHARE.md b/docs/libcurl/opts/CURLOPT_SHARE.md new file mode 100644 index 000000000..3c0e7d259 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SHARE.md @@ -0,0 +1,88 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SHARE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_COOKIE (3) + - CURLSHOPT_SHARE (3) +--- + +# NAME + +CURLOPT_SHARE - share handle to use + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SHARE, CURLSH *share); +~~~ + +# DESCRIPTION + +Pass a *share* handle as a parameter. The share handle must have been +created by a previous call to curl_share_init(3). Setting this option, +makes this curl handle use the data from the shared handle instead of keeping +the data to itself. This enables several curl handles to share data. If the +curl handles are used simultaneously in multiple threads, you **MUST** use +the locking methods in the share handle. See curl_share_setopt(3) for +details. + +If you add a share that is set to share cookies, your easy handle uses that +cookie cache and get the cookie engine enabled. If you stop sharing an object +that was using cookies (or change to another object that does not share +cookies), the easy handle gets its cookie engine disabled. + +Data that the share object is not set to share is dealt with the usual way, as +if no share was used. + +Set this option to NULL again to stop using that share object. + +# DEFAULT + +NULL + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + CURL *curl2 = curl_easy_init(); /* a second handle */ + if(curl) { + CURLcode res; + CURLSH *shobject = curl_share_init(); + curl_share_setopt(shobject, CURLSHOPT_SHARE, CURL_LOCK_DATA_COOKIE); + + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_COOKIEFILE, ""); + curl_easy_setopt(curl, CURLOPT_SHARE, shobject); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + + /* the second handle shares cookies from the first */ + curl_easy_setopt(curl2, CURLOPT_URL, "https://example.com/second"); + curl_easy_setopt(curl2, CURLOPT_COOKIEFILE, ""); + curl_easy_setopt(curl2, CURLOPT_SHARE, shobject); + res = curl_easy_perform(curl2); + curl_easy_cleanup(curl2); + + curl_share_cleanup(shobject); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_SOCKOPTDATA.md b/docs/libcurl/opts/CURLOPT_SOCKOPTDATA.md new file mode 100644 index 000000000..f44bf532d --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SOCKOPTDATA.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SOCKOPTDATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_OPENSOCKETFUNCTION (3) + - CURLOPT_SOCKOPTFUNCTION (3) +--- + +# NAME + +CURLOPT_SOCKOPTDATA - pointer to pass to sockopt callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SOCKOPTDATA, void *pointer); +~~~ + +# DESCRIPTION + +Pass a *pointer* that is untouched by libcurl and passed as the first +argument in the sockopt callback set with CURLOPT_SOCKOPTFUNCTION(3). + +# DEFAULT + +The default value of this parameter is NULL. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +static int sockopt_callback(void *clientp, curl_socket_t curlfd, + curlsocktype purpose) +{ + int val = *(int *)clientp; + setsockopt((int)curlfd, SOL_SOCKET, SO_RCVBUF, + (const char *)&val, sizeof(val)); + return CURL_SOCKOPT_OK; +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + int recvbuffersize = 256 * 1024; + + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + + /* call this function to set options for the socket */ + curl_easy_setopt(curl, CURLOPT_SOCKOPTFUNCTION, sockopt_callback); + curl_easy_setopt(curl, CURLOPT_SOCKOPTDATA, &recvbuffersize); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.16.0 + +# RETURN VALUE + +Returns *CURLE_OK* if the option is supported, and *CURLE_UNKNOWN_OPTION* if not. diff --git a/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.md b/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.md new file mode 100644 index 000000000..f5de31685 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SOCKOPTFUNCTION.md @@ -0,0 +1,132 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SOCKOPTFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_OPENSOCKETFUNCTION (3) + - CURLOPT_SEEKFUNCTION (3) + - CURLOPT_SOCKOPTDATA (3) +--- + +# NAME + +CURLOPT_SOCKOPTFUNCTION - callback for setting socket options + +# SYNOPSIS + +~~~c +#include + +typedef enum { + CURLSOCKTYPE_IPCXN, /* socket created for a specific IP connection */ + CURLSOCKTYPE_ACCEPT, /* socket created by accept() call */ + CURLSOCKTYPE_LAST /* never use */ +} curlsocktype; + +#define CURL_SOCKOPT_OK 0 +#define CURL_SOCKOPT_ERROR 1 /* causes libcurl to abort and return + CURLE_ABORTED_BY_CALLBACK */ +#define CURL_SOCKOPT_ALREADY_CONNECTED 2 + +int sockopt_callback(void *clientp, + curl_socket_t curlfd, + curlsocktype purpose); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SOCKOPTFUNCTION, sockopt_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +When set, this callback function gets called by libcurl when the socket has +been created, but before the connect call to allow applications to change +specific socket options. The callback's *purpose* argument identifies the +exact purpose for this particular socket: + +*CURLSOCKTYPE_IPCXN* for actively created connections or since 7.28.0 +*CURLSOCKTYPE_ACCEPT* for FTP when the connection was setup with PORT/EPSV +(in earlier versions these sockets were not passed to this callback). + +Future versions of libcurl may support more purposes. libcurl passes the newly +created socket descriptor to the callback in the *curlfd* parameter so +additional setsockopt() calls can be done at the user's discretion. + +The *clientp* pointer contains whatever user-defined value set using the +CURLOPT_SOCKOPTDATA(3) function. + +Return *CURL_SOCKOPT_OK* from the callback on success. Return +*CURL_SOCKOPT_ERROR* from the callback function to signal an unrecoverable +error to the library and it closes the socket and returns +*CURLE_COULDNT_CONNECT*. Alternatively, the callback function can return +*CURL_SOCKOPT_ALREADY_CONNECTED*, to tell libcurl that the socket is +already connected and then libcurl does no attempt to connect. This allows an +application to pass in an already connected socket with +CURLOPT_OPENSOCKETFUNCTION(3) and then have this function make libcurl +not attempt to connect (again). + +# DEFAULT + +By default, this callback is NULL and unused. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +/* make libcurl use the already established socket 'sockfd' */ + +static curl_socket_t opensocket(void *clientp, + curlsocktype purpose, + struct curl_sockaddr *address) +{ + curl_socket_t sockfd; + sockfd = *(curl_socket_t *)clientp; + /* the actual externally set socket is passed in via the OPENSOCKETDATA + option */ + return sockfd; +} + +static int sockopt_callback(void *clientp, curl_socket_t curlfd, + curlsocktype purpose) +{ + /* This return code was added in libcurl 7.21.5 */ + return CURL_SOCKOPT_ALREADY_CONNECTED; +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + int sockfd; /* our custom file descriptor */ + /* libcurl thinks that you connect to the host + * and port that you specify in the URL option. */ + curl_easy_setopt(curl, CURLOPT_URL, "http://99.99.99.99:9999"); + /* call this function to get a socket */ + curl_easy_setopt(curl, CURLOPT_OPENSOCKETFUNCTION, opensocket); + curl_easy_setopt(curl, CURLOPT_OPENSOCKETDATA, &sockfd); + + /* call this function to set options for the socket */ + curl_easy_setopt(curl, CURLOPT_SOCKOPTFUNCTION, sockopt_callback); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.16.0. The *CURL_SOCKOPT_ALREADY_CONNECTED* return code was +added in 7.21.5. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.md b/docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.md new file mode 100644 index 000000000..457ef9940 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SOCKS5_AUTH.md @@ -0,0 +1,69 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SOCKS5_AUTH +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY (3) + - CURLOPT_PROXYTYPE (3) +--- + +# NAME + +CURLOPT_SOCKS5_AUTH - methods for SOCKS5 proxy authentication + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SOCKS5_AUTH, long bitmask); +~~~ + +# DESCRIPTION + +Pass a long as parameter, which is set to a bitmask, to tell libcurl which +authentication method(s) are allowed for SOCKS5 proxy authentication. The only +supported flags are *CURLAUTH_BASIC*, which allows username/password +authentication, *CURLAUTH_GSSAPI*, which allows GSS-API authentication, and +*CURLAUTH_NONE*, which allows no authentication. Set the actual user name and +password with the CURLOPT_PROXYUSERPWD(3) option. + +# DEFAULT + +CURLAUTH_BASIC|CURLAUTH_GSSAPI + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* request to use a SOCKS5 proxy */ + curl_easy_setopt(curl, CURLOPT_PROXY, "socks5://user:pass@myproxy.com"); + + /* enable username/password authentication only */ + curl_easy_setopt(curl, CURLOPT_SOCKS5_AUTH, (long)CURLAUTH_BASIC); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.55.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_NOT_BUILT_IN if the bitmask contains unsupported flags. diff --git a/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_NEC.md b/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_NEC.md new file mode 100644 index 000000000..08a1ced6a --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_NEC.md @@ -0,0 +1,63 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SOCKS5_GSSAPI_NEC +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY (3) + - CURLOPT_SOCKS5_GSSAPI_SERVICE (3) +--- + +# NAME + +CURLOPT_SOCKS5_GSSAPI_NEC - SOCKS proxy GSSAPI negotiation protection + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SOCKS5_GSSAPI_NEC, long nec); +~~~ + +# DESCRIPTION + +Pass a long set to 1 to enable or 0 to disable. As part of the GSSAPI +negotiation a protection mode is negotiated. The RFC 1961 says in section +4.3/4.4 it should be protected, but the NEC reference implementation does not. +If enabled, this option allows the unprotected exchange of the protection mode +negotiation. + +# DEFAULT + +? + +# PROTOCOLS + +Most + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY, "socks5://proxy"); + curl_easy_setopt(curl, CURLOPT_SOCKS5_GSSAPI_NEC, 1L); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.19.4 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.md b/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.md new file mode 100644 index 000000000..47f6e28db --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SOCKS5_GSSAPI_SERVICE.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SOCKS5_GSSAPI_SERVICE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY (3) + - CURLOPT_PROXYTYPE (3) +--- + +# NAME + +CURLOPT_SOCKS5_GSSAPI_SERVICE - SOCKS5 proxy authentication service name + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SOCKS5_GSSAPI_SERVICE, + char *name); +~~~ + +# DESCRIPTION + +Deprecated since 7.49.0. Use CURLOPT_PROXY_SERVICE_NAME(3) instead. + +Pass a char pointer as parameter to a string holding the *name* of the +service. The default service name for a SOCKS5 server is *rcmd*. This option +allows you to change it. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +See above + +# PROTOCOLS + +All network protocols + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_PROXY, "socks5://proxy"); + curl_easy_setopt(curl, CURLOPT_SOCKS5_GSSAPI_SERVICE, "rcmd-special"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.19.4, deprecated in 7.49.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SSH_AUTH_TYPES.md b/docs/libcurl/opts/CURLOPT_SSH_AUTH_TYPES.md new file mode 100644 index 000000000..205e94d19 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSH_AUTH_TYPES.md @@ -0,0 +1,67 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSH_AUTH_TYPES +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 (3) + - CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 (3) + - CURLOPT_SSH_PUBLIC_KEYFILE (3) +--- + +# NAME + +CURLOPT_SSH_AUTH_TYPES - auth types for SFTP and SCP + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_AUTH_TYPES, long bitmask); +~~~ + +# DESCRIPTION + +Pass a long set to a bitmask consisting of one or more of +CURLSSH_AUTH_PUBLICKEY, CURLSSH_AUTH_PASSWORD, CURLSSH_AUTH_HOST, +CURLSSH_AUTH_KEYBOARD and CURLSSH_AUTH_AGENT. + +Set *CURLSSH_AUTH_ANY* to let libcurl pick a suitable one. Currently +CURLSSH_AUTH_HOST has no effect. If CURLSSH_AUTH_AGENT is used, libcurl +attempts to connect to ssh-agent or pageant and let the agent attempt the +authentication. + +# DEFAULT + +CURLSSH_AUTH_ANY (all available) + +# PROTOCOLS + +SFTP and SCP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com/file"); + curl_easy_setopt(curl, CURLOPT_SSH_AUTH_TYPES, + CURLSSH_AUTH_PUBLICKEY | CURLSSH_AUTH_KEYBOARD); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +CURLSSH_AUTH_HOST was added in 7.16.1, CURLSSH_AUTH_AGENT was added in 7.28.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SSH_COMPRESSION.md b/docs/libcurl/opts/CURLOPT_SSH_COMPRESSION.md new file mode 100644 index 000000000..5e2b2785d --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSH_COMPRESSION.md @@ -0,0 +1,64 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSH_COMPRESSION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_ACCEPT_ENCODING (3) + - CURLOPT_TRANSFER_ENCODING (3) +--- + +# NAME + +CURLOPT_SSH_COMPRESSION - enable SSH compression + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_COMPRESSION, long enable); +~~~ + +# DESCRIPTION + +Pass a long as parameter set to 1L to enable or 0L to disable. + +Enables built-in SSH compression. This is a request, not an order; the server +may or may not do it. + +# DEFAULT + +0, disabled + +# PROTOCOLS + +All SSH based protocols: SCP, SFTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com"); + + /* enable built-in compression */ + curl_easy_setopt(curl, CURLOPT_SSH_COMPRESSION, 1L); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.56.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SSH_HOSTKEYDATA.md b/docs/libcurl/opts/CURLOPT_SSH_HOSTKEYDATA.md new file mode 100644 index 000000000..39cbd0ddd --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSH_HOSTKEYDATA.md @@ -0,0 +1,73 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSH_KEYDATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSH_HOSTKEYFUNCTION (3) +--- + +# NAME + +CURLOPT_SSH_HOSTKEYDATA - pointer to pass to the SSH host key callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_HOSTKEYDATA, void *pointer); +~~~ + +# DESCRIPTION + +Pass a void * as parameter. This *pointer* is passed along untouched to +the callback set with CURLOPT_SSH_HOSTKEYFUNCTION(3). + +# DEFAULT + +NULL + +# PROTOCOLS + +SCP and SFTP + +# EXAMPLE + +~~~c +struct mine { + void *custom; +}; + +static int hostkeycb(void *clientp, /* CURLOPT_SSH_HOSTKEYDATA */ + int keytype, /* CURLKHTYPE */ + const char *key, /* host key to check */ + size_t keylen) /* length of the key */ +{ + /* 'clientp' points to the callback_data struct */ + /* investigate the situation and return the correct value */ + return CURLKHMATCH_OK; +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + struct mine callback_data; + curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com/thisfile.txt"); + curl_easy_setopt(curl, CURLOPT_SSH_HOSTKEYFUNCTION, hostkeycb); + curl_easy_setopt(curl, CURLOPT_SSH_HOSTKEYDATA, &callback_data); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.84.0, works only with libssh2 backend. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SSH_HOSTKEYFUNCTION.md b/docs/libcurl/opts/CURLOPT_SSH_HOSTKEYFUNCTION.md new file mode 100644 index 000000000..ed5797520 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSH_HOSTKEYFUNCTION.md @@ -0,0 +1,98 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSH_HOSTKEYFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSH_HOSTKEYDATA (3) + - CURLOPT_SSH_KNOWNHOSTS (3) +--- + +# NAME + +CURLOPT_SSH_HOSTKEYFUNCTION - callback to check host key + +# SYNOPSIS + +~~~c +#include + +int keycallback(void *clientp, + int keytype, + const char *key, + size_t keylen); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_HOSTKEYFUNCTION, + keycallback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. It overrides CURLOPT_SSH_KNOWNHOSTS(3). + +This callback gets called when the verification of the SSH host key is needed. + +**key** is **keylen** bytes long and is the key to check. **keytype** +says what type it is, from the **CURLKHTYPE_*** series in the +**curl_khtype** enum. + +**clientp** is a custom pointer set with CURLOPT_SSH_HOSTKEYDATA(3). + +The callback MUST return one of the following return codes to tell libcurl how +to act: + +## CURLKHMATCH_OK + +The host key is accepted, the connection should continue. + +## CURLKHMATCH_MISMATCH + +the host key is rejected, the connection is canceled. + +# DEFAULT + +NULL + +# PROTOCOLS + +SCP and SFTP + +# EXAMPLE + +~~~c +struct mine { + void *custom; +}; + +int hostkeycb(void *clientp, /* passed with CURLOPT_SSH_HOSTKEYDATA */ + int keytype, /* CURLKHTYPE */ + const char *key, /* host key to check */ + size_t keylen) /* length of the key */ +{ + /* 'clientp' points to the callback_data struct */ + /* investigate the situation and return the correct value */ + return CURLKHMATCH_OK; +} +int main(void) +{ + struct mine callback_data; + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com/thisfile.txt"); + curl_easy_setopt(curl, CURLOPT_SSH_HOSTKEYFUNCTION, hostkeycb); + curl_easy_setopt(curl, CURLOPT_SSH_HOSTKEYDATA, &callback_data); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.84.0 , work only with libssh2 backend. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.md b/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.md new file mode 100644 index 000000000..4b7876501 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSH_AUTH_TYPES (3) + - CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 (3) + - CURLOPT_SSH_KNOWNHOSTS (3) + - CURLOPT_SSH_PUBLIC_KEYFILE (3) +--- + +# NAME + +CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 - MD5 checksum of SSH server public key + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_HOST_PUBLIC_KEY_MD5, + char *md5); +~~~ + +# DESCRIPTION + +Pass a char pointer pointing to a string containing 32 hexadecimal digits. The +string should be the 128 bit MD5 checksum of the remote host's public key, and +libcurl aborts the connection to the host unless the MD5 checksum match. + +MD5 is a weak algorithm. We strongly recommend using +CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256(3) instead. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +SCP and SFTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com/file"); + curl_easy_setopt(curl, CURLOPT_SSH_HOST_PUBLIC_KEY_MD5, + "afe17cd62a0f3b61f1ab9cb22ba269a7"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.17.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.md b/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.md new file mode 100644 index 000000000..41562db63 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.md @@ -0,0 +1,65 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSH_AUTH_TYPES (3) + - CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 (3) + - CURLOPT_SSH_PUBLIC_KEYFILE (3) +--- + +# NAME + +CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 - SHA256 hash of SSH server public key + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256, + char *sha256); +~~~ + +# DESCRIPTION + +Pass a char pointer pointing to a string containing a Base64-encoded SHA256 +hash of the remote host's public key. The transfer fails if the given hash +does not match the hash the remote host provides. + +# DEFAULT + +NULL + +# PROTOCOLS + +SCP and SFTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com/file"); + curl_easy_setopt(curl, CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256, + "NDVkMTQxMGQ1ODdmMjQ3MjczYjAyOTY5MmRkMjVmNDQ="); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.80.0 +Requires the libssh2 backend. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SSH_KEYDATA.md b/docs/libcurl/opts/CURLOPT_SSH_KEYDATA.md new file mode 100644 index 000000000..e90cace34 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSH_KEYDATA.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSH_KEYDATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSH_KEYDATA (3) + - CURLOPT_SSH_KNOWNHOSTS (3) +--- + +# NAME + +CURLOPT_SSH_KEYDATA - pointer passed to the SSH key callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_KEYDATA, void *pointer); +~~~ + +# DESCRIPTION + +Pass a void * as parameter. This *pointer* is passed along verbatim to the +callback set with CURLOPT_SSH_KEYFUNCTION(3). + +# DEFAULT + +NULL + +# PROTOCOLS + +SFTP and SCP + +# EXAMPLE + +~~~c +struct mine { + void *custom; +}; +static int keycb(CURL *easy, + const struct curl_khkey *knownkey, + const struct curl_khkey *foundkey, + enum curl_khmatch match, + void *clientp) +{ + /* 'clientp' points to the callback_data struct */ + /* investigate the situation and return the correct value */ + return CURLKHSTAT_FINE_ADD_TO_FILE; +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + struct mine callback_data; + curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com/thisfile.txt"); + curl_easy_setopt(curl, CURLOPT_SSH_KEYFUNCTION, keycb); + curl_easy_setopt(curl, CURLOPT_SSH_KEYDATA, &callback_data); + curl_easy_setopt(curl, CURLOPT_SSH_KNOWNHOSTS, "/home/user/known_hosts"); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.19.6 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3 b/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.md similarity index 58% rename from docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3 rename to docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.md index b4746a03c..5fc40060e 100644 --- a/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3 +++ b/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.md @@ -1,33 +1,21 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.\" -.TH CURLOPT_SSH_KEYFUNCTION 3 "September 26, 2023" "ibcurl 8.4.0" libcurl - -.SH NAME -CURLOPT_SSH_KEYFUNCTION \- callback for known host matching logic -.SH SYNOPSIS -.nf +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSH_KEYFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSH_KEYDATA (3) + - CURLOPT_SSH_KNOWNHOSTS (3) +--- + +# NAME + +CURLOPT_SSH_KEYFUNCTION - callback for known host matching logic + +# SYNOPSIS + +~~~c #include enum curl_khstat { @@ -62,50 +50,73 @@ int ssh_keycallback(CURL *easy, CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_KEYFUNCTION, ssh_keycallback); -.SH DESCRIPTION +~~~ + +# DESCRIPTION + Pass a pointer to your callback function, which should match the prototype shown above. It gets called when the known_host matching has been done, to allow the application to act and decide for libcurl how to proceed. The callback is only -called if \fICURLOPT_SSH_KNOWNHOSTS(3)\fP is also set. +called if CURLOPT_SSH_KNOWNHOSTS(3) is also set. This callback function gets passed the CURL handle, the key from the -known_hosts file \fIknownkey\fP, the key from the remote site \fIfoundkey\fP, +known_hosts file *knownkey*, the key from the remote site *foundkey*, info from libcurl on the matching status and a custom pointer (set with -\fICURLOPT_SSH_KEYDATA(3)\fP). It MUST return one of the following return +CURLOPT_SSH_KEYDATA(3)). It MUST return one of the following return codes to tell libcurl how to act: -.IP CURLKHSTAT_FINE_REPLACE + +## CURLKHSTAT_FINE_REPLACE + The new host+key is accepted and libcurl replaces the old host+key into the known_hosts file before continuing with the connection. This also adds the new host+key combo to the known_host pool kept in memory if it was not already present there. The adding of data to the file is done by completely replacing the file with a new copy, so the permissions of the file must allow this. (Added in 7.73.0) -.IP CURLKHSTAT_FINE_ADD_TO_FILE + +## CURLKHSTAT_FINE_ADD_TO_FILE + The host+key is accepted and libcurl appends it to the known_hosts file before continuing with the connection. This also adds the host+key combo to the known_host pool kept in memory if it was not already present there. The adding of data to the file is done by completely replacing the file with a new copy, so the permissions of the file must allow this. -.IP CURLKHSTAT_FINE + +## CURLKHSTAT_FINE + The host+key is accepted libcurl continues with the connection. This also adds the host+key combo to the known_host pool kept in memory if it was not already present there. -.IP CURLKHSTAT_REJECT + +## CURLKHSTAT_REJECT + The host+key is rejected. libcurl denies the connection to continue and it is closed. -.IP CURLKHSTAT_DEFER + +## CURLKHSTAT_DEFER + The host+key is rejected, but the SSH connection is asked to be kept alive. -This feature could be used when the app wants to somehow return back and act -on the host+key situation and then retry without needing the overhead of -setting it up from scratch again. -.SH DEFAULT +This feature could be used when the app wants to return and act on the +host+key situation and then retry without needing the overhead of setting it +up from scratch again. + +# DEFAULT + NULL -.SH PROTOCOLS + +# PROTOCOLS + SFTP and SCP -.SH EXAMPLE -.nf + +# EXAMPLE + +~~~c +struct mine { + void *custom; +}; + static int keycb(CURL *easy, const struct curl_khkey *knownkey, const struct curl_khkey *foundkey, @@ -116,19 +127,26 @@ static int keycb(CURL *easy, /* investigate the situation and return the correct value */ return CURLKHSTAT_FINE_ADD_TO_FILE; } + +int main(void) { - curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com/thisfile.txt"); - curl_easy_setopt(curl, CURLOPT_SSH_KEYFUNCTION, keycb); - curl_easy_setopt(curl, CURLOPT_SSH_KEYDATA, &callback_data); - curl_easy_setopt(curl, CURLOPT_SSH_KNOWNHOSTS, "/home/user/known_hosts"); + CURL *curl = curl_easy_init(); + if(curl) { + struct mine callback_data; + curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com/thisfile.txt"); + curl_easy_setopt(curl, CURLOPT_SSH_KEYFUNCTION, keycb); + curl_easy_setopt(curl, CURLOPT_SSH_KEYDATA, &callback_data); + curl_easy_setopt(curl, CURLOPT_SSH_KNOWNHOSTS, "/home/user/known_hosts"); - curl_easy_perform(curl); + curl_easy_perform(curl); } -.fi -.SH AVAILABILITY +} +~~~ + +# AVAILABILITY + Added in 7.19.6 -.SH RETURN VALUE + +# RETURN VALUE + Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. -.SH "SEE ALSO" -.BR CURLOPT_SSH_KEYDATA (3), -.BR CURLOPT_SSH_KNOWNHOSTS (3) diff --git a/docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.md b/docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.md new file mode 100644 index 000000000..5a5fcbf33 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSH_KNOWNHOSTS.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSH_KNOWNHOSTS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSH_AUTH_TYPES (3) + - CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 (3) +--- + +# NAME + +CURLOPT_SSH_KNOWNHOSTS - filename holding the SSH known hosts + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_KNOWNHOSTS, char *fname); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string holding the filename of the +known_host file to use. The known_hosts file should use the OpenSSH file +format as supported by libssh2. If this file is specified, libcurl only +accepts connections with hosts that are known and present in that file, with a +matching public key. Use CURLOPT_SSH_KEYFUNCTION(3) to alter the default +behavior on host and key matches and mismatches. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +SFTP and SCP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com/file"); + curl_easy_setopt(curl, CURLOPT_SSH_KNOWNHOSTS, + "/home/clarkkent/.ssh/known_hosts"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.19.6 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.md b/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.md new file mode 100644 index 000000000..e8a40079b --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.md @@ -0,0 +1,76 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSH_PRIVATE_KEYFILE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSH_AUTH_TYPES (3) + - CURLOPT_SSH_PUBLIC_KEYFILE (3) +--- + +# NAME + +CURLOPT_SSH_PRIVATE_KEYFILE - private key file for SSH auth + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_PRIVATE_KEYFILE, + char *filename); +~~~ + +# DESCRIPTION + +Pass a char pointer pointing to a *filename* for your private key. If not +used, libcurl defaults to **$HOME/.ssh/id_rsa** or **$HOME/.ssh/id_dsa** if +the HOME environment variable is set, and in the current directory if HOME is +not set. + +If the file is password-protected, set the password with +CURLOPT_KEYPASSWD(3). + +The SSH library derives the public key from this private key when possible. If +the SSH library cannot derive the public key from the private one and no +public one is provided with CURLOPT_SSH_PUBLIC_KEYFILE(3), the transfer +fails. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +As explained above + +# PROTOCOLS + +SFTP and SCP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com/file"); + curl_easy_setopt(curl, CURLOPT_SSH_PRIVATE_KEYFILE, + "/home/clarkkent/.ssh/id_rsa"); + curl_easy_setopt(curl, CURLOPT_KEYPASSWD, "password"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.16.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.md b/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.md new file mode 100644 index 000000000..35d65ad93 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSH_PUBLIC_KEYFILE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSH_AUTH_TYPES (3) + - CURLOPT_SSH_PRIVATE_KEYFILE (3) +--- + +# NAME + +CURLOPT_SSH_PUBLIC_KEYFILE - public key file for SSH auth + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_PUBLIC_KEYFILE, + char *filename); +~~~ + +# DESCRIPTION + +Pass a char pointer pointing to a *filename* for your public key. If not used, +libcurl defaults to **$HOME/.ssh/id_dsa.pub** if the HOME environment variable +is set, and just "id_dsa.pub" in the current directory if HOME is not set. + +If NULL (or an empty string) is passed to this option, libcurl passes no +public key to the SSH library, which then rather derives it from the private +key. If the SSH library cannot derive the public key from the private one and +no public one is provided, the transfer fails. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +SFTP and SCP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com/file"); + curl_easy_setopt(curl, CURLOPT_SSH_PUBLIC_KEYFILE, + "/home/clarkkent/.ssh/id_rsa.pub"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +The "" trick was added in 7.26.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SSLCERT.md b/docs/libcurl/opts/CURLOPT_SSLCERT.md new file mode 100644 index 000000000..21f052ff7 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSLCERT.md @@ -0,0 +1,87 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSLCERT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_KEYPASSWD (3) + - CURLOPT_SSLCERTTYPE (3) + - CURLOPT_SSLKEY (3) +--- + +# NAME + +CURLOPT_SSLCERT - SSL client certificate + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLCERT, char *cert); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. The string should be +the filename of your client certificate. The default format is "P12" on Secure +Transport and "PEM" on other engines, and can be changed with +CURLOPT_SSLCERTTYPE(3). + +With Secure Transport, this can also be the nickname of the certificate you +wish to authenticate with as it is named in the security database. If you want +to use a file from the current directory, please precede it with "./" prefix, +in order to avoid confusion with a nickname. + +(Schannel only) Client certificates can be specified by a path expression to a +certificate store. (You can import *PFX* to a store first). You can use +"" to refer to a certificate in the +system certificates store, for example, +**"CurrentUserMY934a7ac6f8a5d579285a74fa"**. The thumbprint is usually a SHA-1 +hex string which you can see in certificate details. Following store locations +are supported: **CurrentUser**, **LocalMachine**, **CurrentService**, +**Services**, **CurrentUserGroupPolicy**, **LocalMachineGroupPolicy**, +**LocalMachineEnterprise**. Schannel also support P12 certificate file, with +the string "P12" specified with CURLOPT_SSLCERTTYPE(3). + +When using a client certificate, you most likely also need to provide a +private key with CURLOPT_SSLKEY(3). + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_SSLCERT, "client.pem"); + curl_easy_setopt(curl, CURLOPT_SSLKEY, "key.pem"); + curl_easy_setopt(curl, CURLOPT_KEYPASSWD, "s3cret"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +If built TLS enabled. + +# RETURN VALUE + +Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SSLCERTTYPE.md b/docs/libcurl/opts/CURLOPT_SSLCERTTYPE.md new file mode 100644 index 000000000..420ca4f86 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSLCERTTYPE.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSLCERTTYPE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSLCERT (3) + - CURLOPT_SSLKEY (3) +--- + +# NAME + +CURLOPT_SSLCERTTYPE - type of client SSL certificate + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLCERTTYPE, char *type); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. The string should be +the format of your certificate. + +Supported formats are "PEM" and "DER", except with Secure Transport or +Schannel. OpenSSL (versions 0.9.3 and later), Secure Transport (on iOS 5 or +later, or OS X 10.7 or later) and Schannel support "P12" for PKCS#12-encoded +files. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +"PEM" + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_SSLCERT, "client.pem"); + curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM"); + curl_easy_setopt(curl, CURLOPT_SSLKEY, "key.pem"); + curl_easy_setopt(curl, CURLOPT_KEYPASSWD, "s3cret"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +If built TLS enabled. Added in 7.9.3 + +# RETURN VALUE + +Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SSLCERT_BLOB.md b/docs/libcurl/opts/CURLOPT_SSLCERT_BLOB.md new file mode 100644 index 000000000..1f3ed56ed --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSLCERT_BLOB.md @@ -0,0 +1,83 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSLCERT_BLOB +Section: 3 +Source: libcurl +See-also: + - CURLOPT_KEYPASSWD (3) + - CURLOPT_SSLCERTTYPE (3) + - CURLOPT_SSLKEY (3) +--- + +# NAME + +CURLOPT_SSLCERT_BLOB - SSL client certificate from memory blob + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLCERT_BLOB, + struct curl_blob *stblob); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_blob structure, which contains (pointer and size) a +client certificate. The format must be "P12" on Secure Transport or +Schannel. The format must be "P12" or "PEM" on OpenSSL. The format must be +"DER" or "PEM" on mbedTLS. The format must be specified with +CURLOPT_SSLCERTTYPE(3). + +If the blob is initialized with the flags member of struct curl_blob set to +CURL_BLOB_COPY, the application does not have to keep the buffer around after +setting this. + +This option is an alternative to CURLOPT_SSLCERT(3) which instead +expects a filename as input. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c + +extern char *certificateData; /* point to data */ +extern size_t filesize; /* size of data */ + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + struct curl_blob stblob; + stblob.data = certificateData; + stblob.len = filesize; + stblob.flags = CURL_BLOB_COPY; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_SSLCERT_BLOB, &stblob); + curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "P12"); + curl_easy_setopt(curl, CURLOPT_KEYPASSWD, "s3cret"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.71.0. This option is supported by the OpenSSL, Secure Transport, +Schannel and mbedTLS (since 7.78.0) backends. + +# RETURN VALUE + +Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SSLENGINE.md b/docs/libcurl/opts/CURLOPT_SSLENGINE.md new file mode 100644 index 000000000..45ccc42c5 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSLENGINE.md @@ -0,0 +1,74 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSLENGINE +Section: 3 +Source: libcurl +See-also: + - CURLINFO_SSL_ENGINES (3) + - CURLOPT_SSLENGINE_DEFAULT (3) + - CURLOPT_SSLKEY (3) +--- + +# NAME + +CURLOPT_SSLENGINE - SSL engine identifier + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLENGINE, char *id); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. It is used as the +identifier for the crypto engine you want to use for your private key. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_SSLENGINE, "dynamic"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Only if the SSL backend is OpenSSL built with engine support. + +# RETURN VALUE + +CURLE_OK - Engine found. + +CURLE_SSL_ENGINE_NOTFOUND - Engine not found, or OpenSSL was not built with +engine support. + +CURLE_SSL_ENGINE_INITFAILED - Engine found but initialization failed. + +CURLE_NOT_BUILT_IN - Option not built in, OpenSSL is not the SSL backend. + +CURLE_UNKNOWN_OPTION - Option not recognized. + +CURLE_OUT_OF_MEMORY - Insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.md b/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.md new file mode 100644 index 000000000..d082f7b54 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSLENGINE_DEFAULT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSLCERT (3) + - CURLOPT_SSLENGINE (3) +--- + +# NAME + +CURLOPT_SSLENGINE_DEFAULT - make SSL engine default + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLENGINE_DEFAULT, long val); +~~~ + +# DESCRIPTION + +Pass a long set to 1 to make the already specified crypto engine the default +for (asymmetric) crypto operations. + +This option has no effect unless set after CURLOPT_SSLENGINE(3). + +# DEFAULT + +None + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_SSLENGINE, "dynamic"); + curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Only if the SSL backend is OpenSSL built with engine support. + +# RETURN VALUE + +CURLE_OK - Engine set as default. + +CURLE_SSL_ENGINE_SETFAILED - Engine could not be set as default. + +CURLE_NOT_BUILT_IN - Option not built in, OpenSSL is not the SSL backend. + +CURLE_UNKNOWN_OPTION - Option not recognized. + +CURLE_OUT_OF_MEMORY - Insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SSLKEY.md b/docs/libcurl/opts/CURLOPT_SSLKEY.md new file mode 100644 index 000000000..292258fd7 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSLKEY.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSLKEY +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSLCERT (3) + - CURLOPT_SSLKEYTYPE (3) + - CURLOPT_SSLKEY_BLOB (3) +--- + +# NAME + +CURLOPT_SSLKEY - private key file for TLS and SSL client cert + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLKEY, char *keyfile); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. The string should be +the filename of your private key. The default format is "PEM" and can be +changed with CURLOPT_SSLKEYTYPE(3). + +(Windows, iOS and Mac OS X) This option is ignored by Secure Transport and +Schannel SSL backends because they expect the private key to be already present +in the key-chain or PKCS#12 file containing the certificate. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_SSLCERT, "client.pem"); + curl_easy_setopt(curl, CURLOPT_SSLKEY, "key.pem"); + curl_easy_setopt(curl, CURLOPT_KEYPASSWD, "s3cret"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +If built TLS enabled. + +# RETURN VALUE + +Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SSLKEYTYPE.md b/docs/libcurl/opts/CURLOPT_SSLKEYTYPE.md new file mode 100644 index 000000000..b3f114109 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSLKEYTYPE.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSLKEYTYPE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_SSLKEYTYPE (3) + - CURLOPT_SSLCERT (3) + - CURLOPT_SSLKEY (3) +--- + +# NAME + +CURLOPT_SSLKEYTYPE - type of the private key file + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLKEYTYPE, char *type); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. The string should be +the format of your private key. Supported formats are "PEM", "DER" and "ENG". + +The format "ENG" enables you to load the private key from a crypto engine. In +this case CURLOPT_SSLKEY(3) is used as an identifier passed to the engine. You +have to set the crypto engine with CURLOPT_SSLENGINE(3). "DER" format key file +currently does not work because of a bug in OpenSSL. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +"PEM" + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_SSLCERT, "client.pem"); + curl_easy_setopt(curl, CURLOPT_SSLKEY, "key.pem"); + curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM"); + curl_easy_setopt(curl, CURLOPT_KEYPASSWD, "s3cret"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +If built TLS enabled. + +# RETURN VALUE + +Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SSLKEY_BLOB.md b/docs/libcurl/opts/CURLOPT_SSLKEY_BLOB.md new file mode 100644 index 000000000..74425692b --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSLKEY_BLOB.md @@ -0,0 +1,87 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSLKEY_BLOB +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSLKEY (3) + - CURLOPT_SSLKEYTYPE (3) +--- + +# NAME + +CURLOPT_SSLKEY_BLOB - private key for client cert from memory blob + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLKEY_BLOB, + struct curl_blob *blob); +~~~ + +# DESCRIPTION + +Pass a pointer to a curl_blob structure, which contains information (pointer +and size) for a private key. Compatible with OpenSSL. The format (like "PEM") +must be specified with CURLOPT_SSLKEYTYPE(3). + +If the blob is initialized with the flags member of struct curl_blob set to +CURL_BLOB_COPY, the application does not have to keep the buffer around after +setting this. + +This option is an alternative to CURLOPT_SSLKEY(3) which instead expects a +filename as input. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c + +extern char *certificateData; /* point to cert */ +extern size_t filesize; /* size of cert */ + +extern char *privateKeyData; /* point to key */ +extern size_t privateKeySize; /* size of key */ + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + struct curl_blob blob; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + blob.data = certificateData; + blob.len = filesize; + blob.flags = CURL_BLOB_COPY; + curl_easy_setopt(curl, CURLOPT_SSLCERT_BLOB, &blob); + curl_easy_setopt(curl, CURLOPT_SSLCERTTYPE, "PEM"); + + blob.data = privateKeyData; + blob.len = privateKeySize; + curl_easy_setopt(curl, CURLOPT_SSLKEY_BLOB, &blob); + curl_easy_setopt(curl, CURLOPT_KEYPASSWD, "s3cret"); + curl_easy_setopt(curl, CURLOPT_SSLKEYTYPE, "PEM"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.71.0. This option is supported by the OpenSSL backends. + +# RETURN VALUE + +Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SSLVERSION.md b/docs/libcurl/opts/CURLOPT_SSLVERSION.md new file mode 100644 index 000000000..f64a13b5f --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSLVERSION.md @@ -0,0 +1,143 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSLVERSION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTP_VERSION (3) + - CURLOPT_IPRESOLVE (3) + - CURLOPT_PROXY_SSLVERSION (3) + - CURLOPT_USE_SSL (3) +--- + +# NAME + +CURLOPT_SSLVERSION - preferred TLS/SSL version + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSLVERSION, long version); +~~~ + +# DESCRIPTION + +Pass a long as parameter to control which version range of SSL/TLS versions to +use. + +The SSL and TLS versions have typically developed from the most insecure +version to be more and more secure in this order through history: SSL v2, +SSLv3, TLS v1.0, TLS v1.1, TLS v1.2 and the most recent TLS v1.3. + +Use one of the available defines for this purpose. The available options are: + +## CURL_SSLVERSION_DEFAULT + +The default acceptable version range. The minimum acceptable version is by +default TLS v1.0 since 7.39.0 (unless the TLS library has a stricter rule). + +## CURL_SSLVERSION_TLSv1 + +TLS v1.0 or later + +## CURL_SSLVERSION_SSLv2 + +SSL v2 - refused + +## CURL_SSLVERSION_SSLv3 + +SSL v3 - refused + +## CURL_SSLVERSION_TLSv1_0 + +TLS v1.0 or later (Added in 7.34.0) + +## CURL_SSLVERSION_TLSv1_1 + +TLS v1.1 or later (Added in 7.34.0) + +## CURL_SSLVERSION_TLSv1_2 + +TLS v1.2 or later (Added in 7.34.0) + +## CURL_SSLVERSION_TLSv1_3 + +TLS v1.3 or later (Added in 7.52.0) + +The maximum TLS version can be set by using *one* of the +CURL_SSLVERSION_MAX_ macros below. It is also possible to OR *one* of the +CURL_SSLVERSION_ macros with *one* of the CURL_SSLVERSION_MAX_ macros. +The MAX macros are not supported for WolfSSL. + +## CURL_SSLVERSION_MAX_DEFAULT + +The flag defines the maximum supported TLS version by libcurl, or the default +value from the SSL library is used. libcurl uses a sensible default maximum, +which was TLS v1.2 up to before 7.61.0 and is TLS v1.3 since then - assuming +the TLS library support it. (Added in 7.54.0) + +## CURL_SSLVERSION_MAX_TLSv1_0 + +The flag defines maximum supported TLS version as TLS v1.0. +(Added in 7.54.0) + +## CURL_SSLVERSION_MAX_TLSv1_1 + +The flag defines maximum supported TLS version as TLS v1.1. +(Added in 7.54.0) + +## CURL_SSLVERSION_MAX_TLSv1_2 + +The flag defines maximum supported TLS version as TLS v1.2. +(Added in 7.54.0) + +## CURL_SSLVERSION_MAX_TLSv1_3 + +The flag defines maximum supported TLS version as TLS v1.3. +(Added in 7.54.0) + +In versions of curl prior to 7.54 the CURL_SSLVERSION_TLS options were +documented to allow *only* the specified TLS version, but behavior was +inconsistent depending on the TLS library. + +# DEFAULT + +CURL_SSLVERSION_DEFAULT + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* ask libcurl to use TLS version 1.0 or later */ + curl_easy_setopt(curl, CURLOPT_SSLVERSION, (long)CURL_SSLVERSION_TLSv1); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +SSLv2 and SSLv3 are refused completely since curl 7.77.0 + +SSLv2 is disabled by default since 7.18.1. Other SSL versions availability may +vary depending on which backend libcurl has been built to use. + +SSLv3 is disabled by default since 7.39.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.md b/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.md new file mode 100644 index 000000000..c96c93f3e --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.md @@ -0,0 +1,92 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSL_CIPHER_LIST +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_SSL_CIPHER_LIST (3) + - CURLOPT_PROXY_TLS13_CIPHERS (3) + - CURLOPT_SSLVERSION (3) + - CURLOPT_TLS13_CIPHERS (3) + - CURLOPT_USE_SSL (3) +--- + +# NAME + +CURLOPT_SSL_CIPHER_LIST - ciphers to use for TLS + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CIPHER_LIST, char *list); +~~~ + +# DESCRIPTION + +Pass a char pointer, pointing to a null-terminated string holding the list of +ciphers to use for the SSL connection. The list must be syntactically correct, +it consists of one or more cipher strings separated by colons. Commas or +spaces are also acceptable separators but colons are normally used, !, - and ++ can be used as operators. + +For OpenSSL and GnuTLS valid examples of cipher lists include **RC4-SHA**, +**SHA1+DES**, **TLSv1** and **DEFAULT**. The default list is normally set when +you compile OpenSSL. + +For WolfSSL, valid examples of cipher lists include **ECDHE-RSA-RC4-SHA**, +**AES256-SHA:AES256-SHA256**, etc. + +For BearSSL, valid examples of cipher lists include +**ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256**, or when using +IANA names +**TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256**, +etc. With BearSSL you do not add/remove ciphers. If one uses this option then +all known ciphers are disabled and only those passed in are enabled. + +For Schannel, you can use this option to set algorithms but not specific +cipher suites. Refer to the ciphers lists document for algorithms. + +Find more details about cipher lists on this URL: + + https://curl.se/docs/ssl-ciphers.html + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL, use internal default + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_SSL_CIPHER_LIST, "TLSv1"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.9, in 7.83.0 for BearSSL + +If built TLS enabled. + +# RETURN VALUE + +Returns CURLE_OK if TLS is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 b/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.md similarity index 52% rename from docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 rename to docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.md index 654296631..6e328a5bd 100644 --- a/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 +++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.md @@ -1,47 +1,43 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.\" -.TH CURLOPT_SSL_CTX_DATA 3 "September 26, 2023" "ibcurl 8.4.0" libcurl - -.SH NAME -CURLOPT_SSL_CTX_DATA \- pointer passed to SSL context callback -.SH SYNOPSIS -.nf +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSL_CTX_DATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSLVERSION (3) + - CURLOPT_SSL_CTX_FUNCTION (3) +--- + +# NAME + +CURLOPT_SSL_CTX_DATA - pointer passed to SSL context callback + +# SYNOPSIS + +~~~c #include CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_DATA, void *pointer); -.fi -.SH DESCRIPTION -Data \fIpointer\fP to pass to the ssl context callback set by the option -\fICURLOPT_SSL_CTX_FUNCTION(3)\fP, this is the pointer you get as third +~~~ + +# DESCRIPTION + +Data *pointer* to pass to the ssl context callback set by the option +CURLOPT_SSL_CTX_FUNCTION(3), this is the pointer you get as third parameter. -.SH DEFAULT + +# DEFAULT + NULL -.SH PROTOCOLS + +# PROTOCOLS + All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. -.SH EXAMPLE -.nf + +# EXAMPLE + +~~~c /* OpenSSL specific */ #include @@ -60,15 +56,15 @@ static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm) * X509 structure that SSL can use */ PEM_read_bio_X509(bio, &cert, 0, NULL); - if(cert == NULL) - printf("PEM_read_bio_X509 failed...\\n"); + if(!cert) + printf("PEM_read_bio_X509 failed...\n"); /* get a pointer to the X509 certificate store (which may be empty) */ store = SSL_CTX_get_cert_store((SSL_CTX *)sslctx); /* add our certificate to this store */ if(X509_STORE_add_cert(store, cert) == 0) - printf("error adding certificate\\n"); + printf("error adding certificate\n"); /* decrease reference counts */ X509_free(cert); @@ -80,18 +76,18 @@ static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm) int main(void) { - CURL * ch; + CURL *ch; CURLcode rv; char *mypem = /* example CA cert PEM - shortened */ - "-----BEGIN CERTIFICATE-----\\n" - "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\\n" - "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\\n" - "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\\n" - "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\\n" - "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\\n" - "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\\n" - "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\\n" - "-----END CERTIFICATE-----\\n"; + "-----BEGIN CERTIFICATE-----\n" + "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n" + "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n" + "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n" + "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\n" + "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\n" + "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\n" + "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n" + "-----END CERTIFICATE-----\n"; curl_global_init(CURL_GLOBAL_ALL); ch = curl_easy_init(); @@ -104,24 +100,25 @@ int main(void) curl_easy_setopt(ch, CURLOPT_SSL_CTX_DATA, mypem); rv = curl_easy_perform(ch); if(!rv) - printf("*** transfer succeeded ***\\n"); + printf("*** transfer succeeded ***\n"); else - printf("*** transfer failed ***\\n"); + printf("*** transfer failed ***\n"); curl_easy_cleanup(ch); curl_global_cleanup(); return rv; } -.fi -.SH AVAILABILITY +~~~ + +# AVAILABILITY + Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL, in 7.54.0 for mbedTLS, in 7.83.0 in BearSSL. Other SSL backends are not supported. -.SH RETURN VALUE + +# RETURN VALUE + CURLE_OK if supported; or an error such as: CURLE_NOT_BUILT_IN - Not supported by the SSL backend CURLE_UNKNOWN_OPTION -.SH "SEE ALSO" -.BR CURLOPT_SSL_CTX_FUNCTION (3), -.BR CURLOPT_SSLVERSION (3) diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.md similarity index 57% rename from docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 rename to docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.md index 5f7977776..ae8b8bbad 100644 --- a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 +++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.md @@ -1,40 +1,31 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.\" -.TH CURLOPT_SSL_CTX_FUNCTION 3 "September 26, 2023" "ibcurl 8.4.0" libcurl - -.SH NAME -CURLOPT_SSL_CTX_FUNCTION \- SSL context callback for OpenSSL, wolfSSL or mbedTLS -.SH SYNOPSIS -.nf +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSL_CTX_FUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSL_CTX_DATA (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_SSL_CTX_FUNCTION - SSL context callback for OpenSSL, wolfSSL or mbedTLS + +# SYNOPSIS + +~~~c #include CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *clientp); CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION, ssl_ctx_callback); -.SH DESCRIPTION +~~~ + +# DESCRIPTION + This option only works for libcurl powered by OpenSSL, wolfSSL, mbedTLS or BearSSL. If libcurl was built against another SSL library this functionality is absent. @@ -45,16 +36,16 @@ shown above. This callback function gets called by libcurl just before the initialization of an SSL connection after having processed all other SSL related options to give a last chance to an application to modify the behavior of the SSL -initialization. The \fIssl_ctx\fP parameter is actually a pointer to the SSL -library's \fISSL_CTX\fP for OpenSSL or wolfSSL, a pointer to -\fImbedtls_ssl_config\fP for mbedTLS or a pointer to -\fIbr_ssl_client_context\fP for BearSSL. If an error is returned from the +initialization. The *ssl_ctx* parameter is actually a pointer to the SSL +library's *SSL_CTX* for OpenSSL or wolfSSL, a pointer to +*mbedtls_ssl_config* for mbedTLS or a pointer to +*br_ssl_client_context* for BearSSL. If an error is returned from the callback no attempt to establish a connection is made and the perform -operation returns the callback's error code. Set the \fIclientp\fP argument -with the \fICURLOPT_SSL_CTX_DATA(3)\fP option. +operation returns the callback's error code. Set the *clientp* argument +with the CURLOPT_SSL_CTX_DATA(3) option. This function gets called on all new connections made to a server, during the -SSL negotiation. The \fIssl_ctx\fP points to a newly initialized object each +SSL negotiation. The *ssl_ctx* points to a newly initialized object each time, but note the pointer may be the same as from a prior call. To use this properly, a non-trivial amount of knowledge of your SSL library is @@ -63,27 +54,33 @@ callbacks to add additional validation code for certificates, and even to change the actual URI of an HTTPS request. For OpenSSL, asynchronous certificate verification via -\fISSL_set_retry_verify\fP is supported. (Added in 8.3.0) +*SSL_set_retry_verify* is supported. (Added in 8.3.0) -WARNING: The \fICURLOPT_SSL_CTX_FUNCTION(3)\fP callback allows the application +WARNING: The CURLOPT_SSL_CTX_FUNCTION(3) callback allows the application to reach in and modify SSL details in the connection without libcurl itself knowing anything about it, which then subsequently can lead to libcurl unknowingly reusing SSL connections with different properties. To remedy this -you may set \fICURLOPT_FORBID_REUSE(3)\fP from the callback function. +you may set CURLOPT_FORBID_REUSE(3) from the callback function. -WARNING: If you are using DNS-over-HTTPS (DoH) via \fICURLOPT_DOH_URL(3)\fP +WARNING: If you are using DNS-over-HTTPS (DoH) via CURLOPT_DOH_URL(3) then this callback is also called for those transfers and the curl handle is -set to an internal handle. \fBThis behavior is subject to change.\fP We -recommend before performing your transfer set \fICURLOPT_PRIVATE(3)\fP on your +set to an internal handle. **This behavior is subject to change.** We +recommend before performing your transfer set CURLOPT_PRIVATE(3) on your curl handle so you can identify it in the context callback. If you have a reason to modify DoH SSL context please let us know on the curl-library mailing list because we are considering removing this capability. -.SH DEFAULT + +# DEFAULT + NULL -.SH PROTOCOLS + +# PROTOCOLS + All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. -.SH EXAMPLE -.nf + +# EXAMPLE + +~~~c /* OpenSSL specific */ #include @@ -102,15 +99,15 @@ static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm) * X509 structure that SSL can use */ PEM_read_bio_X509(bio, &cert, 0, NULL); - if(cert == NULL) - printf("PEM_read_bio_X509 failed...\\n"); + if(!cert) + printf("PEM_read_bio_X509 failed...\n"); /* get a pointer to the X509 certificate store (which may be empty) */ store = SSL_CTX_get_cert_store((SSL_CTX *)sslctx); /* add our certificate to this store */ if(X509_STORE_add_cert(store, cert) == 0) - printf("error adding certificate\\n"); + printf("error adding certificate\n"); /* decrease reference counts */ X509_free(cert); @@ -122,18 +119,18 @@ static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm) int main(void) { - CURL * ch; + CURL *ch; CURLcode rv; char *mypem = /* example CA cert PEM - shortened */ - "-----BEGIN CERTIFICATE-----\\n" - "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\\n" - "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\\n" - "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\\n" - "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\\n" - "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\\n" - "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\\n" - "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\\n" - "-----END CERTIFICATE-----\\n"; + "-----BEGIN CERTIFICATE-----\n" + "MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290\n" + "IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB\n" + "IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA\n" + "Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO\n" + "GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk\n" + "zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW\n" + "omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD\n" + "-----END CERTIFICATE-----\n"; curl_global_init(CURL_GLOBAL_ALL); ch = curl_easy_init(); @@ -146,24 +143,25 @@ int main(void) curl_easy_setopt(ch, CURLOPT_SSL_CTX_DATA, mypem); rv = curl_easy_perform(ch); if(!rv) - printf("*** transfer succeeded ***\\n"); + printf("*** transfer succeeded ***\n"); else - printf("*** transfer failed ***\\n"); + printf("*** transfer failed ***\n"); curl_easy_cleanup(ch); curl_global_cleanup(); return rv; } -.fi -.SH AVAILABILITY +~~~ + +# AVAILABILITY + Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL, in 7.54.0 for mbedTLS, in 7.83.0 in BearSSL. Other SSL backends are not supported. -.SH RETURN VALUE + +# RETURN VALUE + CURLE_OK if supported; or an error such as: CURLE_NOT_BUILT_IN - Not supported by the SSL backend CURLE_UNKNOWN_OPTION -.SH "SEE ALSO" -.BR CURLOPT_SSL_CTX_DATA (3), -.BR CURLOPT_SSL_VERIFYPEER (3) diff --git a/docs/libcurl/opts/CURLOPT_SSL_EC_CURVES.md b/docs/libcurl/opts/CURLOPT_SSL_EC_CURVES.md new file mode 100644 index 000000000..adfaae34c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSL_EC_CURVES.md @@ -0,0 +1,61 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSL_EC_CURVES +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSL_CIPHER_LIST (3) + - CURLOPT_SSL_OPTIONS (3) + - CURLOPT_TLS13_CIPHERS (3) +--- + +# NAME + +CURLOPT_SSL_EC_CURVES - key exchange curves + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_EC_CURVES, char *alg_list); +~~~ + +# DESCRIPTION + +Pass a string as parameter with a colon delimited list of (EC) algorithms. This +option defines the client's key exchange algorithms in the SSL handshake (if +the SSL backend libcurl is built to use supports it). + +# DEFAULT + +"", embedded in SSL backend + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_SSL_EC_CURVES, "X25519:P-521"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.73.0. Supported by the OpenSSL backend. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SSL_ENABLE_ALPN.md b/docs/libcurl/opts/CURLOPT_SSL_ENABLE_ALPN.md new file mode 100644 index 000000000..e1b456a06 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSL_ENABLE_ALPN.md @@ -0,0 +1,60 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSL_ENABLE_ALPN +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSL_ENABLE_NPN (3) + - CURLOPT_SSL_OPTIONS (3) +--- + +# NAME + +CURLOPT_SSL_ENABLE_ALPN - Application Layer Protocol Negotiation + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_ENABLE_ALPN, long npn); +~~~ + +# DESCRIPTION + +Pass a long as parameter, 0 or 1 where 1 is for enable and 0 for disable. This +option enables/disables ALPN in the SSL handshake (if the SSL backend libcurl +is built to use supports it), which can be used to negotiate http2. + +# DEFAULT + +1, enabled + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_SSL_ENABLE_ALPN, 0L); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.36.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.md b/docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.md new file mode 100644 index 000000000..36221cabd --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSL_ENABLE_NPN.md @@ -0,0 +1,62 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSL_ENABLE_NPN +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSL_ENABLE_ALPN (3) + - CURLOPT_SSL_OPTIONS (3) +--- + +# NAME + +CURLOPT_SSL_ENABLE_NPN - use NPN + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_ENABLE_NPN, long npn); +~~~ + +# DESCRIPTION + +Deprecated in 7.86.0. Setting this option has no function. + +Pass a long as parameter, 0 or 1 where 1 is for enable and 0 for disable. This +option enables/disables NPN in the SSL handshake (if the SSL backend libcurl +is built to use supports it), which can be used to negotiate http2. + +# DEFAULT + +1, enabled + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_SSL_ENABLE_NPN, 1L); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.36.0. Deprecated in 7.86.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.md b/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.md new file mode 100644 index 000000000..084728c70 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.md @@ -0,0 +1,62 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSL_FALSESTART +Section: 3 +Source: libcurl +See-also: + - CURLOPT_TCP_FASTOPEN (3) +--- + +# NAME + +CURLOPT_SSL_FALSESTART - TLS false start + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_FALSESTART, long enable); +~~~ + +# DESCRIPTION + +Pass a long as parameter set to 1L to enable or 0 to disable. + +This option determines whether libcurl should use false start during the TLS +handshake. False start is a mode where a TLS client starts sending application +data before verifying the server's Finished message, thus saving a round trip +when performing a full handshake. + +# DEFAULT + +0 + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_SSL_FALSESTART, 1L); + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.42.0. This option is currently only supported by the Secure +Transport (on iOS 7.0 or later, or OS X 10.9 or later) TLS backend. + +# RETURN VALUE + +Returns CURLE_OK if false start is supported by the SSL backend, otherwise +returns CURLE_NOT_BUILT_IN. diff --git a/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.md b/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.md new file mode 100644 index 000000000..ffc62c33c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.md @@ -0,0 +1,116 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSL_OPTIONS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_SSL_OPTIONS (3) + - CURLOPT_SSLVERSION (3) + - CURLOPT_SSL_CIPHER_LIST (3) +--- + +# NAME + +CURLOPT_SSL_OPTIONS - SSL behavior options + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_OPTIONS, long bitmask); +~~~ + +# DESCRIPTION + +Pass a long with a bitmask to tell libcurl about specific SSL +behaviors. Available bits: + +## CURLSSLOPT_ALLOW_BEAST + +Tells libcurl to not attempt to use any workarounds for a security flaw in the +SSL3 and TLS1.0 protocols. If this option is not used or this bit is set to 0, +the SSL layer libcurl uses may use a work-around for this flaw although it +might cause interoperability problems with some (older) SSL implementations. +WARNING: avoiding this work-around lessens the security, and by setting this +option to 1 you ask for exactly that. This option is only supported for Secure +Transport and OpenSSL. + +## CURLSSLOPT_NO_REVOKE + +Tells libcurl to disable certificate revocation checks for those SSL backends +where such behavior is present. This option is only supported for Schannel +(the native Windows SSL library), with an exception in the case of Windows' +Untrusted Publishers block list which it seems cannot be bypassed. (Added in +7.44.0) + +## CURLSSLOPT_NO_PARTIALCHAIN + +Tells libcurl to not accept "partial" certificate chains, which it otherwise +does by default. This option is only supported for OpenSSL and fails the +certificate verification if the chain ends with an intermediate certificate +and not with a root cert. (Added in 7.68.0) + +## CURLSSLOPT_REVOKE_BEST_EFFORT + +Tells libcurl to ignore certificate revocation checks in case of missing or +offline distribution points for those SSL backends where such behavior is +present. This option is only supported for Schannel (the native Windows SSL +library). If combined with *CURLSSLOPT_NO_REVOKE*, the latter takes +precedence. (Added in 7.70.0) + +## CURLSSLOPT_NATIVE_CA + +Tell libcurl to use the operating system's native CA store for certificate +verification. If you set this option and also set a CA certificate file or +directory then during verification those certificates are searched in addition +to the native CA store. + +Works with wolfSSL on Windows, Linux (Debian, Ubuntu, Gentoo, Fedora, RHEL), +macOS, Android and iOS (added in 8.3.0), with GnuTLS (added in 8.5.0) or on +Windows when built to use OpenSSL (Added in 7.71.0). + +## CURLSSLOPT_AUTO_CLIENT_CERT + +Tell libcurl to automatically locate and use a client certificate for +authentication, when requested by the server. This option is only supported +for Schannel (the native Windows SSL library). Prior to 7.77.0 this was the +default behavior in libcurl with Schannel. Since the server can request any +certificate that supports client authentication in the OS certificate store it +could be a privacy violation and unexpected. +(Added in 7.77.0) + +# DEFAULT + +0 + +# PROTOCOLS + +All TLS-based protocols + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* weaken TLS only for use with silly servers */ + curl_easy_setopt(curl, CURLOPT_SSL_OPTIONS, (long)CURLSSLOPT_ALLOW_BEAST | + CURLSSLOPT_NO_REVOKE); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.25.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.md b/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.md new file mode 100644 index 000000000..a6b3cf195 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSL_SESSIONID_CACHE.md @@ -0,0 +1,66 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSL_SESSIONID_CACHE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DNS_CACHE_TIMEOUT (3) + - CURLOPT_MAXAGE_CONN (3) + - CURLOPT_MAXLIFETIME_CONN (3) + - CURLOPT_SSLVERSION (3) +--- + +# NAME + +CURLOPT_SSL_SESSIONID_CACHE - use the SSL session-ID cache + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_SESSIONID_CACHE, + long enabled); +~~~ + +# DESCRIPTION + +Pass a long set to 0 to disable libcurl's use of SSL session-ID caching. Set +this to 1 to enable it. By default all transfers are done using the cache +enabled. While nothing ever should get hurt by attempting to reuse SSL +session-IDs, there seem to be or have been broken SSL implementations in the +wild that may require you to disable this in order for you to succeed. + +# DEFAULT + +1 + +# PROTOCOLS + +All TLS-based + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* switch off session-id use! */ + curl_easy_setopt(curl, CURLOPT_SSL_SESSIONID_CACHE, 0L); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.16.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.md b/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.md new file mode 100644 index 000000000..75648a11b --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.md @@ -0,0 +1,114 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSL_VERIFYHOST +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CAINFO (3) + - CURLOPT_PINNEDPUBLICKEY (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_SSL_VERIFYHOST - verify the certificate's name against host + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_VERIFYHOST, long verify); +~~~ + +# DESCRIPTION + +Pass a long as parameter specifying what to *verify*. + +This option determines whether libcurl verifies that the server cert is for +the server it is known as. + +When negotiating TLS and SSL connections, the server sends a certificate +indicating its identity. + +When CURLOPT_SSL_VERIFYHOST(3) is 2, that certificate must indicate that +the server is the server to which you meant to connect, or the connection +fails. Simply put, it means it has to have the same name in the certificate as +is in the URL you operate against. + +Curl considers the server the intended one when the Common Name field or a +Subject Alternate Name field in the certificate matches the hostname in the +URL to which you told Curl to connect. + +If *verify* value is set to 1: + +In 7.28.0 and earlier: treated as a debug option of some sorts, not supported +anymore due to frequently leading to programmer mistakes. + +From 7.28.1 to 7.65.3: setting it to 1 made curl_easy_setopt(3) return +an error and leaving the flag untouched. + +From 7.66.0: treats 1 and 2 the same. + +When the *verify* value is 0, the connection succeeds regardless of the +names in the certificate. Use that ability with caution! + +The default value for this option is 2. + +This option controls checking the server's certificate's claimed identity. +The server could be lying. To control lying, see CURLOPT_SSL_VERIFYPEER(3). + +WARNING: disabling verification of the certificate allows bad guys to +man-in-the-middle the communication without you knowing it. Disabling +verification makes the communication insecure. Just having encryption on a +transfer is not enough as you cannot be sure that you are communicating with +the correct end-point. + +When libcurl uses secure protocols it trusts responses and allows for example +HSTS and Alt-Svc information to be stored and used subsequently. Disabling +certificate verification can make libcurl trust and use such information from +malicious servers. + +# LIMITATIONS + +Secure Transport: If *verify* value is 0, then SNI is also disabled. SNI is +a TLS extension that sends the hostname to the server. The server may use that +information to do such things as sending back a specific certificate for the +hostname, or forwarding the request to a specific origin server. Some hostnames +may be inaccessible if SNI is not sent. + +# DEFAULT + +2 + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Set the default value: strict name check please */ + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +If built TLS enabled. + +# RETURN VALUE + +Returns CURLE_OK if TLS is supported, and CURLE_UNKNOWN_OPTION if not. + +If 1 is set as argument, *CURLE_BAD_FUNCTION_ARGUMENT* is returned. diff --git a/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.md b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.md new file mode 100644 index 000000000..c9884ceb9 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.md @@ -0,0 +1,98 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSL_VERIFYPEER +Section: 3 +Source: libcurl +See-also: + - CURLINFO_CAINFO (3) + - CURLINFO_CAPATH (3) + - CURLOPT_CAINFO (3) + - CURLOPT_PROXY_SSL_VERIFYHOST (3) + - CURLOPT_PROXY_SSL_VERIFYPEER (3) + - CURLOPT_SSL_VERIFYHOST (3) +--- + +# NAME + +CURLOPT_SSL_VERIFYPEER - verify the peer's SSL certificate + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_VERIFYPEER, long verify); +~~~ + +# DESCRIPTION + +Pass a long as parameter to enable or disable. + +This option determines whether curl verifies the authenticity of the peer's +certificate. A value of 1 means curl verifies; 0 (zero) means it does not. + +When negotiating a TLS or SSL connection, the server sends a certificate +indicating its identity. Curl verifies whether the certificate is authentic, +i.e. that you can trust that the server is who the certificate says it is. +This trust is based on a chain of digital signatures, rooted in certification +authority (CA) certificates you supply. curl uses a default bundle of CA +certificates (the path for that is determined at build time) and you can +specify alternate certificates with the CURLOPT_CAINFO(3) option or the +CURLOPT_CAPATH(3) option. + +When CURLOPT_SSL_VERIFYPEER(3) is enabled, and the verification fails to +prove that the certificate is signed by a CA, the connection fails. + +When this option is disabled (set to zero), the CA certificates are not loaded +and the peer certificate verification is simply skipped. + +Authenticating the certificate is not enough to be sure about the server. You +typically also want to ensure that the server is the server you mean to be +talking to. Use CURLOPT_SSL_VERIFYHOST(3) for that. The check that the host +name in the certificate is valid for the hostname you are connecting to is +done independently of the CURLOPT_SSL_VERIFYPEER(3) option. + +WARNING: disabling verification of the certificate allows bad guys to +man-in-the-middle the communication without you knowing it. Disabling +verification makes the communication insecure. Just having encryption on a +transfer is not enough as you cannot be sure that you are communicating with +the correct end-point. + +When libcurl uses secure protocols it trusts responses and allows for example +HSTS and Alt-Svc information to be stored and used subsequently. Disabling +certificate verification can make libcurl trust and use such information from +malicious servers. + +# DEFAULT + +1 - enabled + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Set the default value: strict certificate check please */ + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +If built TLS enabled. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.md b/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.md new file mode 100644 index 000000000..66dbd7465 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SSL_VERIFYSTATUS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CAINFO (3) + - CURLOPT_SSL_VERIFYHOST (3) + - CURLOPT_SSL_VERIFYPEER (3) +--- + +# NAME + +CURLOPT_SSL_VERIFYSTATUS - verify the certificate's status + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_VERIFYSTATUS, long verify); +~~~ + +# DESCRIPTION + +Pass a long as parameter set to 1 to enable or 0 to disable. + +This option determines whether libcurl verifies the status of the server cert +using the "Certificate Status Request" TLS extension (aka. OCSP stapling). + +Note that if this option is enabled but the server does not support the TLS +extension, the verification fails. + +# DEFAULT + +0 + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* ask for OCSP stapling! */ + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYSTATUS, 1L); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.41.0. This option is currently only supported by the OpenSSL and +GnuTLS TLS backends. + +# RETURN VALUE + +Returns CURLE_OK if OCSP stapling is supported by the SSL backend, otherwise +returns CURLE_NOT_BUILT_IN. diff --git a/docs/libcurl/opts/CURLOPT_STDERR.md b/docs/libcurl/opts/CURLOPT_STDERR.md new file mode 100644 index 000000000..a20e50366 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_STDERR.md @@ -0,0 +1,65 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_STDERR +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DEBUGFUNCTION (3) + - CURLOPT_NOPROGRESS (3) + - CURLOPT_VERBOSE (3) +--- + +# NAME + +CURLOPT_STDERR - redirect stderr to another stream + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_STDERR, FILE *stream); +~~~ + +# DESCRIPTION + +Pass a FILE * as parameter. Tell libcurl to use this *stream* instead of +stderr when showing the progress meter and displaying CURLOPT_VERBOSE(3) +data. + +If you are using libcurl as a Windows DLL, this option causes an exception and +a crash in the library since it cannot access a FILE * passed on from the +application. A work-around is to instead use CURLOPT_DEBUGFUNCTION(3). + +# DEFAULT + +stderr + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + FILE *filep = fopen("dump", "wb"); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_STDERR, filep); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS.md b/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS.md new file mode 100644 index 000000000..ba2489a30 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS.md @@ -0,0 +1,77 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_STREAM_DEPENDS +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_PIPELINING (3) + - CURLOPT_HTTP_VERSION (3) + - CURLOPT_STREAM_DEPENDS_E (3) + - CURLOPT_STREAM_WEIGHT (3) +--- + +# NAME + +CURLOPT_STREAM_DEPENDS - stream this transfer depends on + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_STREAM_DEPENDS, + CURL *dephandle); +~~~ + +# DESCRIPTION + +Pass a CURL pointer in *dephandle* to identify the stream within the same +connection that this stream is depending upon. This option clears the +exclusive bit and is mutually exclusive to the CURLOPT_STREAM_DEPENDS_E(3) +option. + +The spec says "Including a dependency expresses a preference to allocate +resources to the identified stream rather than to the dependent stream." + +This option can be set during transfer. + +*dephandle* must not be the same as *handle*, that makes this function return +an error. It must be another easy handle, and it also needs to be a handle of +a transfer that is about to be sent over the same HTTP/2 connection for this +option to have an actual effect. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP/2 + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + CURL *curl2 = curl_easy_init(); /* a second handle */ + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/one"); + + /* the second depends on the first */ + curl_easy_setopt(curl2, CURLOPT_URL, "https://example.com/two"); + curl_easy_setopt(curl2, CURLOPT_STREAM_DEPENDS, curl); + + /* then add both to a multi handle and transfer them! */ + } +} +~~~ + +# AVAILABILITY + +Added in 7.46.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS_E.md b/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS_E.md new file mode 100644 index 000000000..e8dbc113f --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_STREAM_DEPENDS_E.md @@ -0,0 +1,80 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_STREAM_DEPENDS_E +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_PIPELINING (3) + - CURLOPT_HTTP_VERSION (3) + - CURLOPT_STREAM_DEPENDS (3) + - CURLOPT_STREAM_WEIGHT (3) +--- + +# NAME + +CURLOPT_STREAM_DEPENDS_E - stream this transfer depends on exclusively + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_STREAM_DEPENDS_E, + CURL *dephandle); +~~~ + +# DESCRIPTION + +Pass a CURL pointer in *dephandle* to identify the stream within the same +connection that this stream is depending upon exclusively. That means it +depends on it and sets the Exclusive bit. + +The spec says "Including a dependency expresses a preference to allocate +resources to the identified stream rather than to the dependent stream." + +Setting a dependency with the exclusive flag for a reprioritized stream causes +all the dependencies of the new parent stream to become dependent on the +reprioritized stream. + +This option can be set during transfer. + +*dephandle* must not be the same as *handle*, that makes this function return +an error. It must be another easy handle, and it also needs to be a handle of +a transfer that is about to be sent over the same HTTP/2 connection for this +option to have an actual effect. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP/2 + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + CURL *curl2 = curl_easy_init(); /* a second handle */ + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/one"); + + /* the second depends on the first */ + curl_easy_setopt(curl2, CURLOPT_URL, "https://example.com/two"); + curl_easy_setopt(curl2, CURLOPT_STREAM_DEPENDS_E, curl); + + /* then add both to a multi handle and transfer them! */ + } +} +~~~ + +# AVAILABILITY + +Added in 7.46.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_STREAM_WEIGHT.md b/docs/libcurl/opts/CURLOPT_STREAM_WEIGHT.md new file mode 100644 index 000000000..914a4263d --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_STREAM_WEIGHT.md @@ -0,0 +1,81 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_STREAM_WEIGHT +Section: 3 +Source: libcurl +See-also: + - CURLMOPT_PIPELINING (3) + - CURLOPT_PIPEWAIT (3) + - CURLOPT_STREAM_DEPENDS (3) + - CURLOPT_STREAM_DEPENDS_E (3) +--- + +# NAME + +CURLOPT_STREAM_WEIGHT - numerical stream weight + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_STREAM_WEIGHT, long weight); +~~~ + +# DESCRIPTION + +Set the long *weight* to a number between 1 and 256. + +When using HTTP/2, this option sets the individual weight for this particular +stream used by the easy *handle*. Setting and using weights only makes +sense and is only usable when doing multiple streams over the same +connections, which thus implies that you use CURLMOPT_PIPELINING(3). + +This option can be set during transfer and causes the updated weight info get +sent to the server the next time an HTTP/2 frame is sent to the server. + +See section 5.3 of RFC 7540 for protocol details. + +Streams with the same parent should be allocated resources proportionally +based on their weight. If you have two streams going, stream A with weight 16 +and stream B with weight 32, stream B gets two thirds (32/48) of the available +bandwidth (assuming the server can send off the data equally for both +streams). + +# DEFAULT + +If nothing is set, the HTTP/2 protocol itself uses its own default which is +16. + +# PROTOCOLS + +HTTP/2 + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + CURL *curl2 = curl_easy_init(); /* a second handle */ + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/one"); + curl_easy_setopt(curl, CURLOPT_STREAM_WEIGHT, 10L); + + /* the second has twice the weight */ + curl_easy_setopt(curl2, CURLOPT_URL, "https://example.com/two"); + curl_easy_setopt(curl2, CURLOPT_STREAM_WEIGHT, 20L); + + /* then add both to a multi handle and transfer them! */ + } +} +~~~ + +# AVAILABILITY + +Added in 7.46.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_SUPPRESS_CONNECT_HEADERS.md b/docs/libcurl/opts/CURLOPT_SUPPRESS_CONNECT_HEADERS.md new file mode 100644 index 000000000..730192585 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SUPPRESS_CONNECT_HEADERS.md @@ -0,0 +1,103 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_SUPPRESS_CONNECT_HEADERS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HEADER (3) + - CURLOPT_HTTPPROXYTUNNEL (3) + - CURLOPT_PROXY (3) +--- + +# NAME + +CURLOPT_SUPPRESS_CONNECT_HEADERS - suppress proxy CONNECT response headers + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SUPPRESS_CONNECT_HEADERS, long onoff); +~~~ + +# DESCRIPTION + +When CURLOPT_HTTPPROXYTUNNEL(3) is used and a CONNECT request is made, +suppress proxy CONNECT response headers from the user callback functions +CURLOPT_HEADERFUNCTION(3) and CURLOPT_WRITEFUNCTION(3). + +Proxy CONNECT response headers can complicate header processing since it is +essentially a separate set of headers. You can enable this option to suppress +those headers. + +For example let's assume an HTTPS URL is to be retrieved via CONNECT. On +success there would normally be two sets of headers, and each header line sent +to the header function and/or the write function. The data given to the +callbacks would look like this: + +~~~c +HTTP/1.1 200 Connection established +{headers} +... + +HTTP/1.1 200 OK +Content-Type: application/json +{headers} +... + +{body} +... +~~~ + +However by enabling this option the CONNECT response headers are suppressed, +so the data given to the callbacks would look like this: + +~~~c +HTTP/1.1 200 OK +Content-Type: application/json +{headers} +... + +{body} +... +~~~ + +# DEFAULT + +0 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + curl_easy_setopt(curl, CURLOPT_HEADER, 1L); + curl_easy_setopt(curl, CURLOPT_PROXY, "http://foo:3128"); + curl_easy_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L); + curl_easy_setopt(curl, CURLOPT_SUPPRESS_CONNECT_HEADERS, 1L); + + curl_easy_perform(curl); + + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.54.0 + +# RETURN VALUE + +CURLE_OK or an error such as CURLE_UNKNOWN_OPTION. diff --git a/docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.md b/docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.md new file mode 100644 index 000000000..4db103b4b --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TCP_FASTOPEN.md @@ -0,0 +1,64 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TCP_FASTOPEN +Section: 3 +Source: libcurl +See-also: + - CURLOPT_SSL_FALSESTART (3) +--- + +# NAME + +CURLOPT_TCP_FASTOPEN - TCP Fast Open + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TCP_FASTOPEN, long enable); +~~~ + +# DESCRIPTION + +Pass a long as parameter set to 1L to enable or 0 to disable. + +TCP Fast Open (RFC 7413) is a mechanism that allows data to be carried in the +SYN and SYN-ACK packets and consumed by the receiving end during the initial +connection handshake, saving up to one full round-trip time (RTT). + +Beware: the TLS session cache does not work when TCP Fast Open is enabled. TCP +Fast Open is also known to be problematic on or across certain networks. + +# DEFAULT + +0 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_TCP_FASTOPEN, 1L); + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.49.0. This option is currently only supported on Linux and macOS +10.11 or later. + +# RETURN VALUE + +Returns CURLE_OK if fast open is supported by the operating system, otherwise +returns CURLE_NOT_BUILT_IN. diff --git a/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.md b/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.md new file mode 100644 index 000000000..090431993 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TCP_KEEPALIVE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_LOW_SPEED_LIMIT (3) + - CURLOPT_MAX_RECV_SPEED_LARGE (3) + - CURLOPT_TCP_KEEPIDLE (3) + - CURLOPT_TCP_KEEPINTVL (3) +--- + +# NAME + +CURLOPT_TCP_KEEPALIVE - TCP keep-alive probing + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TCP_KEEPALIVE, long probe); +~~~ + +# DESCRIPTION + +Pass a long. If set to 1, TCP keepalive probes are used. The delay and +frequency of these probes can be controlled by the +CURLOPT_TCP_KEEPIDLE(3) and CURLOPT_TCP_KEEPINTVL(3) options, +provided the operating system supports them. Set to 0 (default behavior) to +disable keepalive probes + +# DEFAULT + +0 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* enable TCP keep-alive for this transfer */ + curl_easy_setopt(curl, CURLOPT_TCP_KEEPALIVE, 1L); + + /* keep-alive idle time to 120 seconds */ + curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L); + + /* interval time between keep-alive probes: 60 seconds */ + curl_easy_setopt(curl, CURLOPT_TCP_KEEPINTVL, 60L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.25.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.md b/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.md new file mode 100644 index 000000000..d8418ffb2 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TCP_KEEPIDLE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_TCP_KEEPALIVE (3) + - CURLOPT_TCP_KEEPINTVL (3) +--- + +# NAME + +CURLOPT_TCP_KEEPIDLE - TCP keep-alive idle time wait + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TCP_KEEPIDLE, long delay); +~~~ + +# DESCRIPTION + +Pass a long. Sets the *delay*, in seconds, to wait while the connection is +idle before sending keepalive probes. Not all operating systems support this +option. + +The maximum value this accepts is 2147483648. Any larger value is capped to +this amount. + +# DEFAULT + +60 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* enable TCP keep-alive for this transfer */ + curl_easy_setopt(curl, CURLOPT_TCP_KEEPALIVE, 1L); + + /* set keep-alive idle time to 120 seconds */ + curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L); + + /* interval time between keep-alive probes: 60 seconds */ + curl_easy_setopt(curl, CURLOPT_TCP_KEEPINTVL, 60L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.25.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.md b/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.md new file mode 100644 index 000000000..d560cf516 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.md @@ -0,0 +1,69 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TCP_KEEPINTVL +Section: 3 +Source: libcurl +See-also: + - CURLOPT_TCP_KEEPALIVE (3) + - CURLOPT_TCP_KEEPIDLE (3) +--- + +# NAME + +CURLOPT_TCP_KEEPINTVL - TCP keep-alive interval + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TCP_KEEPINTVL, long interval); +~~~ + +# DESCRIPTION + +Pass a long. Sets the interval, in seconds, to wait between sending keepalive +probes. Not all operating systems support this option. (Added in 7.25.0) + +The maximum value this accepts is 2147483648. Any larger value is capped to +this amount. + +# DEFAULT + +60 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* enable TCP keep-alive for this transfer */ + curl_easy_setopt(curl, CURLOPT_TCP_KEEPALIVE, 1L); + + /* set keep-alive idle time to 120 seconds */ + curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L); + + /* interval time between keep-alive probes: 60 seconds */ + curl_easy_setopt(curl, CURLOPT_TCP_KEEPINTVL, 60L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_TCP_NODELAY.md b/docs/libcurl/opts/CURLOPT_TCP_NODELAY.md new file mode 100644 index 000000000..7fe286d26 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TCP_NODELAY.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TCP_NODELAY +Section: 3 +Source: libcurl +See-also: + - CURLOPT_BUFFERSIZE (3) + - CURLOPT_SOCKOPTFUNCTION (3) + - CURLOPT_TCP_KEEPALIVE (3) +--- + +# NAME + +CURLOPT_TCP_NODELAY - the TCP_NODELAY option + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TCP_NODELAY, long nodelay); +~~~ + +# DESCRIPTION + +Pass a long specifying whether the *TCP_NODELAY* option is to be set or +cleared (1L = set, 0 = clear). The option is set by default. This has no +effect after the connection has been established. + +Setting this option to 1L disables TCP's Nagle algorithm on connections +created using this handle. The purpose of this algorithm is to try to minimize +the number of small packets on the network (where "small packets" means TCP +segments less than the Maximum Segment Size for the network). + +Maximizing the amount of data sent per TCP segment is good because it +amortizes the overhead of the send. However, in some cases small segments may +need to be sent without delay. This is less efficient than sending larger +amounts of data at a time, and can contribute to congestion on the network if +overdone. + +# DEFAULT + +1 + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + /* leave Nagle enabled */ + curl_easy_setopt(curl, CURLOPT_TCP_NODELAY, 0); + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always. The default was changed to 1 from 0 in 7.50.2. + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_TELNETOPTIONS.md b/docs/libcurl/opts/CURLOPT_TELNETOPTIONS.md new file mode 100644 index 000000000..e1db12ed8 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TELNETOPTIONS.md @@ -0,0 +1,66 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TELNETOPTIONS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPHEADER (3) + - CURLOPT_QUOTE (3) +--- + +# NAME + +CURLOPT_TELNETOPTIONS - set of telnet options + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TELNETOPTIONS, + struct curl_slist *cmds); +~~~ + +# DESCRIPTION + +Provide a pointer to a curl_slist with variables to pass to the telnet +negotiations. The variables should be in the format . libcurl +supports the options **TTYPE**, **XDISPLOC** and **NEW_ENV**. See the +TELNET standard for details. + +# DEFAULT + +NULL + +# PROTOCOLS + +TELNET + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + struct curl_slist *options; + options = curl_slist_append(NULL, "TTTYPE=vt100"); + options = curl_slist_append(options, "USER=foobar"); + curl_easy_setopt(curl, CURLOPT_URL, "telnet://example.com/"); + curl_easy_setopt(curl, CURLOPT_TELNETOPTIONS, options); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + curl_slist_free_all(options); + } +} +~~~ + +# AVAILABILITY + +Along with TELNET + +# RETURN VALUE + +Returns CURLE_OK if TELNET is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_TFTP_BLKSIZE.md b/docs/libcurl/opts/CURLOPT_TFTP_BLKSIZE.md new file mode 100644 index 000000000..07cbebae4 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TFTP_BLKSIZE.md @@ -0,0 +1,63 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TFTP_BLKSIZE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_MAXFILESIZE (3) +--- + +# NAME + +CURLOPT_TFTP_BLKSIZE - TFTP block size + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TFTP_BLKSIZE, long blocksize); +~~~ + +# DESCRIPTION + +Specify *blocksize* to use for TFTP data transmission. Valid range as per +RFC 2348 is 8-65464 bytes. The default of 512 bytes is used if this option is +not specified. The specified block size is only used if supported by the +remote server. If the server does not return an option acknowledgment or +returns an option acknowledgment with no block size, the default of 512 bytes +is used. + +# DEFAULT + +512 + +# PROTOCOLS + +TFTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "tftp://example.com/bootimage"); + /* try using larger blocks */ + curl_easy_setopt(curl, CURLOPT_TFTP_BLKSIZE, 2048L); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.19.4 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_TFTP_NO_OPTIONS.md b/docs/libcurl/opts/CURLOPT_TFTP_NO_OPTIONS.md new file mode 100644 index 000000000..fd4e4921f --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TFTP_NO_OPTIONS.md @@ -0,0 +1,78 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TFTP_NO_OPTIONS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_TFTP_BLKSIZE (3) +--- + +# NAME + +CURLOPT_TFTP_NO_OPTIONS - send no TFTP options requests + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TFTP_NO_OPTIONS, long onoff); +~~~ + +# DESCRIPTION + +Set *onoff* to 1L to exclude all TFTP options defined in RFC 2347, +RFC 2348 and RFC 2349 from read and write requests. + +This option improves interoperability with legacy servers that do not +acknowledge or properly implement TFTP options. When this option is used +CURLOPT_TFTP_BLKSIZE(3) is ignored. + +# DEFAULT + +0 + +# PROTOCOLS + +TFTP + +# EXAMPLE + +~~~c +size_t write_callback(char *ptr, size_t size, size_t nmemb, void *fp) +{ + return fwrite(ptr, size, nmemb, (FILE *)fp); +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + FILE *fp = fopen("foo.bin", "wb"); + if(fp) { + curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)fp); + curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback); + + curl_easy_setopt(curl, CURLOPT_URL, "tftp://example.com/foo.bin"); + + /* do not send TFTP options requests */ + curl_easy_setopt(curl, CURLOPT_TFTP_NO_OPTIONS, 1L); + + /* Perform the request */ + curl_easy_perform(curl); + + fclose(fp); + } + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.48.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_TIMECONDITION.md b/docs/libcurl/opts/CURLOPT_TIMECONDITION.md new file mode 100644 index 000000000..80d93a516 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TIMECONDITION.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TIMECONDITION +Section: 3 +Source: libcurl +See-also: + - CURLINFO_FILETIME (3) + - CURLOPT_TIMEVALUE (3) +--- + +# NAME + +CURLOPT_TIMECONDITION - select condition for a time request + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TIMECONDITION, long cond); +~~~ + +# DESCRIPTION + +Pass a long as parameter. This defines how the CURLOPT_TIMEVALUE(3) time +value is treated. You can set this parameter to *CURL_TIMECOND_IFMODSINCE* +or *CURL_TIMECOND_IFUNMODSINCE*. + +The last modification time of a file is not always known and in such instances +this feature has no effect even if the given time condition would not have +been met. curl_easy_getinfo(3) with the *CURLINFO_CONDITION_UNMET* +option can be used after a transfer to learn if a zero-byte successful +"transfer" was due to this condition not matching. + +# DEFAULT + +CURL_TIMECOND_NONE (0) + +# PROTOCOLS + +HTTP, FTP, RTSP, and FILE + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* January 1, 2020 is 1577833200 */ + curl_easy_setopt(curl, CURLOPT_TIMEVALUE, 1577833200L); + + /* If-Modified-Since the above time stamp */ + curl_easy_setopt(curl, CURLOPT_TIMECONDITION, + (long)CURL_TIMECOND_IFMODSINCE); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_TIMEOUT.md b/docs/libcurl/opts/CURLOPT_TIMEOUT.md new file mode 100644 index 000000000..02a3d3dbe --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TIMEOUT.md @@ -0,0 +1,90 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TIMEOUT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CONNECTTIMEOUT (3) + - CURLOPT_LOW_SPEED_LIMIT (3) + - CURLOPT_TCP_KEEPALIVE (3) + - CURLOPT_TIMEOUT_MS (3) +--- + +# NAME + +CURLOPT_TIMEOUT - maximum time the transfer is allowed to complete + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TIMEOUT, long timeout); +~~~ + +# DESCRIPTION + +Pass a long as parameter containing *timeout* - the maximum time in +seconds that you allow the entire transfer operation to take. The whole thing, +from start to end. Normally, name lookups can take a considerable time and +limiting operations risk aborting perfectly normal operations. + +CURLOPT_TIMEOUT_MS(3) is the same function but set in milliseconds. + +If both CURLOPT_TIMEOUT(3) and CURLOPT_TIMEOUT_MS(3) are set, the +value set last is used. + +Since this option puts a hard limit on how long time a request is allowed to +take, it has limited use in dynamic use cases with varying transfer +times. That is especially apparent when using the multi interface, which may +queue the transfer, and that time is included. You are advised to explore +CURLOPT_LOW_SPEED_LIMIT(3), CURLOPT_LOW_SPEED_TIME(3) or using +CURLOPT_PROGRESSFUNCTION(3) to implement your own timeout logic. + +The connection timeout set with CURLOPT_CONNECTTIMEOUT(3) is included in +this general all-covering timeout. + +With CURLOPT_CONNECTTIMEOUT(3) set to 3 and CURLOPT_TIMEOUT(3) set +to 5, the operation can never last longer than 5 seconds. + +With CURLOPT_CONNECTTIMEOUT(3) set to 4 and CURLOPT_TIMEOUT(3) set +to 2, the operation can never last longer than 2 seconds. + +This option may cause libcurl to use the SIGALRM signal to timeout system +calls on builds not using asynch DNS. In unix-like systems, this might cause +signals to be used unless CURLOPT_NOSIGNAL(3) is set. + +# DEFAULT + +Default timeout is 0 (zero) which means it never times out during transfer. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* complete within 20 seconds */ + curl_easy_setopt(curl, CURLOPT_TIMEOUT, 20L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK. Returns CURLE_BAD_FUNCTION_ARGUMENT if set to a negative +value or a value that when converted to milliseconds is too large. diff --git a/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.md b/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.md new file mode 100644 index 000000000..0bb037f7c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TIMEOUT_MS.md @@ -0,0 +1,64 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TIMEOUT_MS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CONNECTTIMEOUT (3) + - CURLOPT_LOW_SPEED_LIMIT (3) + - CURLOPT_TCP_KEEPALIVE (3) + - CURLOPT_TIMEOUT (3) +--- + +# NAME + +CURLOPT_TIMEOUT_MS - maximum time the transfer is allowed to complete + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TIMEOUT_MS, long timeout); +~~~ + +# DESCRIPTION + +Pass a long as parameter containing *timeout* - the maximum time in +milliseconds that you allow the libcurl transfer operation to take. + +See CURLOPT_TIMEOUT(3) for details. + +# DEFAULT + +Default timeout is 0 (zero) which means it never times out during transfer. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* complete within 20000 milliseconds */ + curl_easy_setopt(curl, CURLOPT_TIMEOUT_MS, 20000L); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_TIMEVALUE.md b/docs/libcurl/opts/CURLOPT_TIMEVALUE.md new file mode 100644 index 000000000..cc8f6032c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TIMEVALUE.md @@ -0,0 +1,69 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TIMEVALUE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_TIMECONDITION (3) + - CURLOPT_TIMEVALUE_LARGE (3) +--- + +# NAME + +CURLOPT_TIMEVALUE - time value for conditional + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TIMEVALUE, long val); +~~~ + +# DESCRIPTION + +Pass a long *val* as parameter. This should be the time counted as seconds +since 1 Jan 1970, and the time is used in a condition as specified with +CURLOPT_TIMECONDITION(3). + +On systems with 32 bit 'long' variables (such as Windows), this option cannot +set dates beyond the year 2038. Consider CURLOPT_TIMEVALUE_LARGE(3) +instead. + +# DEFAULT + +0 + +# PROTOCOLS + +HTTP, FTP, RTSP, and FILE + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* January 1, 2020 is 1577833200 */ + curl_easy_setopt(curl, CURLOPT_TIMEVALUE, 1577833200L); + + /* If-Modified-Since the above time stamp */ + curl_easy_setopt(curl, CURLOPT_TIMECONDITION, CURL_TIMECOND_IFMODSINCE); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_TIMEVALUE_LARGE.md b/docs/libcurl/opts/CURLOPT_TIMEVALUE_LARGE.md new file mode 100644 index 000000000..1424f6617 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TIMEVALUE_LARGE.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TIMEVALUE_LARGE +Section: 3 +Source: libcurl +See-also: + - CURLINFO_FILETIME (3) + - CURLOPT_TIMECONDITION (3) + - CURLOPT_TIMEVALUE (3) +--- + +# NAME + +CURLOPT_TIMEVALUE_LARGE - time value for conditional + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TIMEVALUE_LARGE, + curl_off_t val); +~~~ + +# DESCRIPTION + +Pass a curl_off_t *val* as parameter. This should be the time counted as +seconds since 1 Jan 1970, and the time is used in a condition as specified +with CURLOPT_TIMECONDITION(3). + +The difference between this option and CURLOPT_TIMEVALUE(3) is the type +of the argument. On systems where 'long' is only 32 bit wide, this option has +to be used to set dates beyond the year 2038. + +# DEFAULT + +0 + +# PROTOCOLS + +HTTP, FTP, RTSP, and FILE + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* January 1, 2020 is 1577833200 */ + curl_easy_setopt(curl, CURLOPT_TIMEVALUE_LARGE, (curl_off_t)1577833200); + + /* If-Modified-Since the above time stamp */ + curl_easy_setopt(curl, CURLOPT_TIMECONDITION, CURL_TIMECOND_IFMODSINCE); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.59.0. + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_TLS13_CIPHERS.md b/docs/libcurl/opts/CURLOPT_TLS13_CIPHERS.md new file mode 100644 index 000000000..add1f2f8e --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TLS13_CIPHERS.md @@ -0,0 +1,80 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TLS13_CIPHERS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_SSLVERSION (3) + - CURLOPT_PROXY_SSL_CIPHER_LIST (3) + - CURLOPT_PROXY_TLS13_CIPHERS (3) + - CURLOPT_SSLVERSION (3) + - CURLOPT_SSL_CIPHER_LIST (3) + - CURLOPT_USE_SSL (3) +--- + +# NAME + +CURLOPT_TLS13_CIPHERS - ciphers suites to use for TLS 1.3 + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TLS13_CIPHERS, char *list); +~~~ + +# DESCRIPTION + +Pass a char pointer, pointing to a null-terminated string holding the list of +cipher suites to use for the TLS 1.3 connection. The list must be +syntactically correct, it consists of one or more cipher suite strings +separated by colons. + +Find more details about cipher lists on this URL: + + https://curl.se/docs/ssl-ciphers.html + +This option is currently used only when curl is built to use OpenSSL 1.1.1 or +later, or Schannel. If you are using a different SSL backend you can try +setting TLS 1.3 cipher suites by using the CURLOPT_SSL_CIPHER_LIST(3) +option. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL, use internal default + +# PROTOCOLS + +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_TLS13_CIPHERS, + "TLS_CHACHA20_POLY1305_SHA256"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.61.0 for OpenSSL. Available when built with OpenSSL >= 1.1.1. + +Added in 7.85.0 for Schannel. + +# RETURN VALUE + +Returns CURLE_OK if supported, CURLE_NOT_BUILT_IN otherwise. diff --git a/docs/libcurl/opts/CURLOPT_TLSAUTH_PASSWORD.md b/docs/libcurl/opts/CURLOPT_TLSAUTH_PASSWORD.md new file mode 100644 index 000000000..1d0e1d01d --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TLSAUTH_PASSWORD.md @@ -0,0 +1,70 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TLSAUTH_PASSWORD +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_TLSAUTH_PASSWORD (3) + - CURLOPT_TLSAUTH_TYPE (3) + - CURLOPT_TLSAUTH_USERNAME (3) +--- + +# NAME + +CURLOPT_TLSAUTH_PASSWORD - password to use for TLS authentication + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TLSAUTH_PASSWORD, char *pwd); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, which should point to the null-terminated +password to use for the TLS authentication method specified with the +CURLOPT_TLSAUTH_TYPE(3) option. Requires that the +CURLOPT_TLSAUTH_USERNAME(3) option also be set. + +The application does not have to keep the string around after setting this +option. + +This feature relies in TLS SRP which does not work with TLS 1.3. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS-based protocols + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_TLSAUTH_TYPE, "SRP"); + curl_easy_setopt(curl, CURLOPT_TLSAUTH_USERNAME, "user"); + curl_easy_setopt(curl, CURLOPT_TLSAUTH_PASSWORD, "secret"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.21.4, with the OpenSSL and GnuTLS backends only + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_TLSAUTH_TYPE.md b/docs/libcurl/opts/CURLOPT_TLSAUTH_TYPE.md new file mode 100644 index 000000000..f3e0803d4 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TLSAUTH_TYPE.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TLSAUTH_TYPE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_TLSAUTH_PASSWORD (3) + - CURLOPT_TLSAUTH_USERNAME (3) +--- + +# NAME + +CURLOPT_TLSAUTH_TYPE - TLS authentication methods + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TLSAUTH_TYPE, char *type); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. The string should be +the method of the TLS authentication. Supported method is "SRP". + +## SRP + +TLS-SRP authentication. Secure Remote Password authentication for TLS is +defined in RFC 5054 and provides mutual authentication if both sides have a +shared secret. To use TLS-SRP, you must also set the +CURLOPT_TLSAUTH_USERNAME(3) and CURLOPT_TLSAUTH_PASSWORD(3) +options. + +The application does not have to keep the string around after setting this +option. + +TLS SRP does not work with TLS 1.3. + +# DEFAULT + +blank + +# PROTOCOLS + +All TLS-based protocols + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_TLSAUTH_TYPE, "SRP"); + curl_easy_setopt(curl, CURLOPT_TLSAUTH_USERNAME, "user"); + curl_easy_setopt(curl, CURLOPT_TLSAUTH_PASSWORD, "secret"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +You need to build libcurl with GnuTLS or OpenSSL with TLS-SRP support for this +to work. Added in 7.21.4 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_TLSAUTH_USERNAME.md b/docs/libcurl/opts/CURLOPT_TLSAUTH_USERNAME.md new file mode 100644 index 000000000..1127046af --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TLSAUTH_USERNAME.md @@ -0,0 +1,69 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TLSAUTH_USERNAME +Section: 3 +Source: libcurl +See-also: + - CURLOPT_TLSAUTH_PASSWORD (3) + - CURLOPT_TLSAUTH_TYPE (3) +--- + +# NAME + +CURLOPT_TLSAUTH_USERNAME - user name to use for TLS authentication + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TLSAUTH_USERNAME, char *user); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, which should point to the null-terminated +username to use for the TLS authentication method specified with the +CURLOPT_TLSAUTH_TYPE(3) option. Requires that the +CURLOPT_TLSAUTH_PASSWORD(3) option also be set. + +The application does not have to keep the string around after setting this +option. + +This feature relies in TLS SRP which does not work with TLS 1.3. + +# DEFAULT + +NULL + +# PROTOCOLS + +All TLS-based protocols + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + curl_easy_setopt(curl, CURLOPT_TLSAUTH_TYPE, "SRP"); + curl_easy_setopt(curl, CURLOPT_TLSAUTH_USERNAME, "user"); + curl_easy_setopt(curl, CURLOPT_TLSAUTH_PASSWORD, "secret"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.21.4, with the OpenSSL and GnuTLS backends only + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_TRAILERDATA.md b/docs/libcurl/opts/CURLOPT_TRAILERDATA.md new file mode 100644 index 000000000..304b408e2 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TRAILERDATA.md @@ -0,0 +1,59 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TRAILERDATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_TRAILERFUNCTION (3) + - CURLOPT_WRITEFUNCTION (3) +--- + +# NAME + +CURLOPT_TRAILERDATA - pointer passed to trailing headers callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TRAILERDATA, void *userdata); +~~~ + +# DESCRIPTION + +Data pointer to be passed to the HTTP trailer callback function. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +struct MyData { + void *custom; +}; + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + struct MyData data; + curl_easy_setopt(curl, CURLOPT_TRAILERDATA, &data); + } +} +~~~ + +# AVAILABILITY + +This option was added in curl 7.64.0 and is present if HTTP support is enabled + +# RETURN VALUE + +Returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_TRAILERFUNCTION.md b/docs/libcurl/opts/CURLOPT_TRAILERFUNCTION.md new file mode 100644 index 000000000..5d79214bf --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TRAILERFUNCTION.md @@ -0,0 +1,110 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TRAILERFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_TRAILERDATA (3) + - CURLOPT_WRITEFUNCTION (3) +--- + +# NAME + +CURLOPT_TRAILERFUNCTION - callback for sending trailing headers + +# SYNOPSIS + +~~~c +#include + +int curl_trailer_callback(struct curl_slist ** list, void *userdata); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TRAILERFUNCTION, + curl_trailer_callback *func); +~~~ + +# DESCRIPTION + +Pass a pointer to a callback function. + +This callback function is called once right before sending the final CR LF in +an HTTP chunked transfer to fill a list of trailing headers to be sent before +finishing the HTTP transfer. + +You can set the userdata argument with the CURLOPT_TRAILERDATA(3) +option. + +The trailing headers included in the linked list must not be CRLF-terminated, +because libcurl adds the appropriate line termination characters after each +header item. + +If you use curl_slist_append(3) to add trailing headers to the *curl_slist* +then libcurl duplicates the strings, and frees the *curl_slist* once the +trailers have been sent. + +If one of the trailing header fields is not formatted correctly it is ignored +and an info message is emitted. + +The return value can either be **CURL_TRAILERFUNC_OK** or +**CURL_TRAILERFUNC_ABORT** which would respectively instruct libcurl to +either continue with sending the trailers or to abort the request. + +If you set this option to NULL, then the transfer proceeds as usual +without any interruptions. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP + +# EXAMPLE +~~~c +static int trailer_cb(struct curl_slist **tr, void *data) +{ + /* libcurl frees the list */ + *tr = curl_slist_append(*tr, "My-super-awesome-trailer: trailer-stuff"); + return CURL_TRAILERFUNC_OK; +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + + /* Set the URL of the request */ + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); + /* Now set it as a put */ + curl_easy_setopt(curl, CURLOPT_PUT, 1L); + + /* Assuming we have a function that returns the data to be pushed + Let that function be read_cb */ + curl_easy_setopt(curl, CURLOPT_READFUNCTION, trailer_cb); + + struct curl_slist *headers = NULL; + headers = curl_slist_append(headers, "Trailer: My-super-awesome-trailer"); + res = curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); + + /* Set the trailers filling callback */ + curl_easy_setopt(curl, CURLOPT_TRAILERFUNCTION, trailer_cb); + + /* Perform the transfer */ + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + + curl_slist_free_all(headers); + } +} +~~~ +# AVAILABILITY + +This option was added in curl 7.64.0 and is present if HTTP support is enabled. + +# RETURN VALUE + +Returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_TRANSFERTEXT.md b/docs/libcurl/opts/CURLOPT_TRANSFERTEXT.md new file mode 100644 index 000000000..4f6d00485 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TRANSFERTEXT.md @@ -0,0 +1,65 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TRANSFERTEXT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CRLF (3) +--- + +# NAME + +CURLOPT_TRANSFERTEXT - request a text based transfer for FTP + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TRANSFERTEXT, long text); +~~~ + +# DESCRIPTION + +A parameter set to 1 tells the library to use ASCII mode for FTP transfers, +instead of the default binary transfer. For win32 systems it does not set the +stdout to binary mode. This option can be usable when transferring text data +between systems with different views on certain characters, such as newlines +or similar. + +libcurl does not do a complete ASCII conversion when doing ASCII transfers +over FTP. This is a known limitation/flaw that nobody has rectified. libcurl +simply sets the mode to ASCII and performs a standard transfer. + +# DEFAULT + +0, disabled + +# PROTOCOLS + +FTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/textfile"); + curl_easy_setopt(curl, CURLOPT_TRANSFERTEXT, 1L); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Along with FTP + +# RETURN VALUE + +Returns CURLE_OK if FTP is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.md b/docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.md new file mode 100644 index 000000000..7fd38487a --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING.md @@ -0,0 +1,68 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_TRANSFER_ENCODING +Section: 3 +Source: libcurl +See-also: + - CURLOPT_ACCEPT_ENCODING (3) + - CURLOPT_HTTP_TRANSFER_DECODING (3) +--- + +# NAME + +CURLOPT_TRANSFER_ENCODING - ask for HTTP Transfer Encoding + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_TRANSFER_ENCODING, + long enable); +~~~ + +# DESCRIPTION + +Pass a long set to 1L to *enable* or 0 to disable. + +Adds a request for compressed Transfer Encoding in the outgoing HTTP +request. If the server supports this and so desires, it can respond with the +HTTP response sent using a compressed Transfer-Encoding that is automatically +uncompressed by libcurl on reception. + +Transfer-Encoding differs slightly from the Content-Encoding you ask for with +CURLOPT_ACCEPT_ENCODING(3) in that a Transfer-Encoding is strictly meant +to be for the transfer and thus MUST be decoded before the data arrives in the +client. Traditionally, Transfer-Encoding has been much less used and supported +by both HTTP clients and HTTP servers. + +# DEFAULT + +0 + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_TRANSFER_ENCODING, 1L); + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.21.6 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.md b/docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.md new file mode 100644 index 000000000..0ef3ec176 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_UNIX_SOCKET_PATH.md @@ -0,0 +1,87 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_UNIX_SOCKET_PATH +Section: 3 +Source: libcurl +See-also: + - CURLOPT_ABSTRACT_UNIX_SOCKET (3) + - CURLOPT_OPENSOCKETFUNCTION (3) + - unix (7) +--- + +# NAME + +CURLOPT_UNIX_SOCKET_PATH - Unix domain socket + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UNIX_SOCKET_PATH, char *path); +~~~ + +# DESCRIPTION + +Enables the use of Unix domain sockets as connection endpoint and sets the +path to *path*. If *path* is NULL, then Unix domain sockets are +disabled. + +When enabled, curl connects to the Unix domain socket instead of establishing +a TCP connection to the host. Since no network connection is created, curl +does not resolve the DNS hostname in the URL. + +The maximum path length on Cygwin, Linux and Solaris is 107. On other platforms +it might be even less. + +Proxy and TCP options such as CURLOPT_TCP_NODELAY(3) are not +supported. Proxy options such as CURLOPT_PROXY(3) have no effect either +as these are TCP-oriented, and asking a proxy server to connect to a certain +Unix domain socket is not possible. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +Default is NULL, meaning that no Unix domain sockets are used. + +# PROTOCOLS + +All protocols except for FILE and FTP are supported in theory. HTTP, IMAP, +POP3 and SMTP should in particular work (including their SSL/TLS variants). + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_UNIX_SOCKET_PATH, "/tmp/httpd.sock"); + curl_easy_setopt(curl, CURLOPT_URL, "http://localhost/"); + + curl_easy_perform(curl); + } +} +~~~ + +If you are on Linux and somehow have a need for paths larger than 107 bytes, +you can use the proc filesystem to bypass the limitation: + +~~~c + int dirfd = open(long_directory_path_to_socket, O_DIRECTORY | O_RDONLY); + char path[108]; + snprintf(path, sizeof(path), "/proc/self/fd/%d/httpd.sock", dirfd); + curl_easy_setopt(curl_handle, CURLOPT_UNIX_SOCKET_PATH, path); + /* Be sure to keep dirfd valid until you discard the handle */ +~~~ + +# AVAILABILITY + +Added in 7.40.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.md b/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.md new file mode 100644 index 000000000..53b584fd0 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_UNRESTRICTED_AUTH.md @@ -0,0 +1,78 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_UNRESTRICTED_AUTH +Section: 3 +Source: libcurl +See-also: + - CURLINFO_REDIRECT_COUNT (3) + - CURLOPT_FOLLOWLOCATION (3) + - CURLOPT_MAXREDIRS (3) + - CURLOPT_REDIR_PROTOCOLS_STR (3) + - CURLOPT_USERPWD (3) +--- + +# NAME + +CURLOPT_UNRESTRICTED_AUTH - send credentials to other hosts too + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UNRESTRICTED_AUTH, + long goahead); +~~~ + +# DESCRIPTION + +Set the long *gohead* parameter to 1L to make libcurl continue to send +authentication (user+password) credentials when following locations, even when +hostname changed. This option is meaningful only when setting +CURLOPT_FOLLOWLOCATION(3). + +Further, when this option is not used or set to **0L**, libcurl does not +send custom nor internally generated Authentication: headers on requests done +to other hosts than the one used for the initial URL. + +By default, libcurl only sends credentials and Authentication headers to the +initial hostname as given in the original URL, to avoid leaking username + +password to other sites. + +This option should be used with caution: when curl follows redirects it +blindly fetches the next URL as instructed by the server. Setting +CURLOPT_UNRESTRICTED_AUTH(3) to 1L makes curl trust the server and sends +possibly sensitive credentials to any host the server points to, possibly +again and again as the following hosts can keep redirecting to new hosts. + +# DEFAULT + +0 + +# PROTOCOLS + +HTTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); + curl_easy_setopt(curl, CURLOPT_UNRESTRICTED_AUTH, 1L); + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Along with HTTP + +# RETURN VALUE + +Returns CURLE_OK if HTTP is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_UPKEEP_INTERVAL_MS.md b/docs/libcurl/opts/CURLOPT_UPKEEP_INTERVAL_MS.md new file mode 100644 index 000000000..283efa73e --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_UPKEEP_INTERVAL_MS.md @@ -0,0 +1,82 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_UPKEEP_INTERVAL_MS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_TCP_KEEPALIVE (3) +--- + +# NAME + +CURLOPT_UPKEEP_INTERVAL_MS - connection upkeep interval + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UPKEEP_INTERVAL_MS, + long upkeep_interval_ms); +~~~ + +# DESCRIPTION + +Some protocols have "connection upkeep" mechanisms. These mechanisms usually +send some traffic on existing connections in order to keep them alive; this +can prevent connections from being closed due to overzealous firewalls, for +example. + +The user needs to explicitly call curl_easy_upkeep(3) in order to +perform the upkeep work. + +Currently the only protocol with a connection upkeep mechanism is HTTP/2: when +the connection upkeep interval is exceeded and curl_easy_upkeep(3) +is called, an HTTP/2 PING frame is sent on the connection. + +# DEFAULT + +CURL_UPKEEP_INTERVAL_DEFAULT (currently defined as 60000L, which is 60 seconds) + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + /* Make a connection to an HTTP/2 server. */ + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* Set the interval to 30000ms / 30s */ + curl_easy_setopt(curl, CURLOPT_UPKEEP_INTERVAL_MS, 30000L); + + curl_easy_perform(curl); + + /* Perform more work here. */ + + /* While the connection is being held open, curl_easy_upkeep() can be + called. If curl_easy_upkeep() is called and the time since the last + upkeep exceeds the interval, then an HTTP/2 PING is sent. */ + curl_easy_upkeep(curl); + + /* Perform more work here. */ + + /* always cleanup */ + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.62.0 + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_UPLOAD.md b/docs/libcurl/opts/CURLOPT_UPLOAD.md new file mode 100644 index 000000000..a54f2fd9f --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_UPLOAD.md @@ -0,0 +1,97 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_UPLOAD +Section: 3 +Source: libcurl +See-also: + - CURLOPT_INFILESIZE_LARGE (3) + - CURLOPT_PUT (3) + - CURLOPT_READFUNCTION (3) +--- + +# NAME + +CURLOPT_UPLOAD - data upload + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UPLOAD, long upload); +~~~ + +# DESCRIPTION + +The long parameter *upload* set to 1 tells the library to prepare for and +perform an upload. The CURLOPT_READDATA(3) and +CURLOPT_INFILESIZE(3) or CURLOPT_INFILESIZE_LARGE(3) options are +also interesting for uploads. If the protocol is HTTP, uploading means using +the PUT request unless you tell libcurl otherwise. + +Using PUT with HTTP 1.1 implies the use of a "Expect: 100-continue" header. +You can disable this header with CURLOPT_HTTPHEADER(3) as usual. + +If you use PUT to an HTTP 1.1 server, you can upload data without knowing the +size before starting the transfer. The library enables this by adding a header +"Transfer-Encoding: chunked". With HTTP 1.0 or if you prefer not to use chunked +transfer, you must specify the size of the data with +CURLOPT_INFILESIZE(3) or CURLOPT_INFILESIZE_LARGE(3). + +# DEFAULT + +0, default is download + +# PROTOCOLS + +Most + +# EXAMPLE + +~~~c +static size_t read_cb(char *ptr, size_t size, size_t nmemb, void *userdata) +{ + FILE *src = userdata; + /* copy as much data as possible into the 'ptr' buffer, but no more than + 'size' * 'nmemb' bytes */ + size_t retcode = fread(ptr, size, nmemb, src); + + return retcode; +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + FILE *src = fopen("local-file", "r"); + curl_off_t fsize; /* set this to the size of the input file */ + + /* we want to use our own read function */ + curl_easy_setopt(curl, CURLOPT_READFUNCTION, read_cb); + + /* enable uploading */ + curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); + + /* specify target */ + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/dir/to/newfile"); + + /* now specify which pointer to pass to our callback */ + curl_easy_setopt(curl, CURLOPT_READDATA, src); + + /* Set the size of the file to upload */ + curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, (curl_off_t)fsize); + + /* Now run off and do what you have been told! */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_UPLOAD_BUFFERSIZE.md b/docs/libcurl/opts/CURLOPT_UPLOAD_BUFFERSIZE.md new file mode 100644 index 000000000..f32a45f98 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_UPLOAD_BUFFERSIZE.md @@ -0,0 +1,80 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_UPLOAD_BUFFERSIZE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_BUFFERSIZE (3) + - CURLOPT_READFUNCTION (3) + - CURLOPT_TCP_NODELAY (3) +--- + +# NAME + +CURLOPT_UPLOAD_BUFFERSIZE - upload buffer size + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_UPLOAD_BUFFERSIZE, long size); +~~~ + +# DESCRIPTION + +Pass a long specifying your preferred *size* (in bytes) for the upload +buffer in libcurl. It makes libcurl uses a larger buffer that gets passed to +the next layer in the stack to get sent off. In some setups and for some +protocols, there is a huge performance benefit of having a larger upload +buffer. + +This is just treated as a request, not an order. You cannot be guaranteed to +actually get the given size. + +The upload buffer size is by default 64 kilobytes. The maximum buffer size +allowed to be set is 2 megabytes. The minimum buffer size allowed to be set is +16 kilobytes. + +The upload buffer is allocated on-demand - so if the handle is not used for +upload, this buffer is not allocated at all. + +DO NOT set this option on a handle that is currently used for an active +transfer as that may lead to unintended consequences. + +# DEFAULT + +65536 bytes + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "sftp://example.com/foo.bin"); + + /* ask libcurl to allocate a larger upload buffer */ + curl_easy_setopt(curl, CURLOPT_UPLOAD_BUFFERSIZE, 120000L); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.62.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_URL.md b/docs/libcurl/opts/CURLOPT_URL.md new file mode 100644 index 000000000..3a0691bfc --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_URL.md @@ -0,0 +1,145 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_URL +Section: 3 +Source: libcurl +See-also: + - CURLINFO_REDIRECT_URL (3) + - CURLOPT_CURLU (3) + - CURLOPT_FORBID_REUSE (3) + - CURLOPT_FRESH_CONNECT (3) + - CURLOPT_PATH_AS_IS (3) + - CURLOPT_PROTOCOLS (3) + - curl_easy_perform (3) + - curl_url_get (3) + - curl_url_set (3) +--- + +# NAME + +CURLOPT_URL - URL for this transfer + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_URL, char *URL); +~~~ + +# DESCRIPTION + +Pass in a pointer to the *URL* to work with. The parameter should be a +char * to a null-terminated string which must be URL-encoded in the following +format: + +scheme://host:port/path + +For a greater explanation of the format please see RFC 3986. + +libcurl does not validate the syntax or use the URL until the transfer is +started. Even if you set a crazy value here, curl_easy_setopt(3) might +still return *CURLE_OK*. + +If the given URL is missing a scheme name (such as "http://" or "ftp://" etc) +then libcurl guesses based on the host. If the outermost subdomain name +matches DICT, FTP, IMAP, LDAP, POP3 or SMTP then that protocol gets used, +otherwise HTTP is used. Since 7.45.0 guessing can be disabled by setting a +default protocol, see CURLOPT_DEFAULT_PROTOCOL(3) for details. + +Should the protocol, either as specified by the URL scheme or deduced by +libcurl from the hostname, not be supported by libcurl then +*CURLE_UNSUPPORTED_PROTOCOL* is returned from either the curl_easy_perform(3) +or curl_multi_perform(3) functions when you call them. Use +curl_version_info(3) for detailed information of which protocols are supported +by the build of libcurl you are using. + +CURLOPT_PROTOCOLS_STR(3) can be used to limit what protocols libcurl may +use for this transfer, independent of what libcurl has been compiled to +support. That may be useful if you accept the URL from an external source and +want to limit the accessibility. + +The CURLOPT_URL(3) string is ignored if CURLOPT_CURLU(3) is set. + +Either CURLOPT_URL(3) or CURLOPT_CURLU(3) must be set before a +transfer is started. + +The application does not have to keep the string around after setting this +option. + +The parser used for handling the URL set with CURLOPT_URL(3) is the same +that curl_url_set(3) uses. + +# ENCODING + +The string pointed to in the CURLOPT_URL(3) argument is generally +expected to be a sequence of characters using an ASCII compatible encoding. + +If libcurl is built with IDN support, the server name part of the URL can use +an "international name" by using the current encoding (according to locale) or +UTF-8 (when winidn is used; or a Windows Unicode build using libidn2). + +If libcurl is built without IDN support, the server name is used exactly as +specified when passed to the name resolver functions. + +# DEFAULT + +There is no default URL. If this option is not set, no transfer can be +performed. + +# SECURITY CONCERNS + +Applications may at times find it convenient to allow users to specify URLs +for various purposes and that string would then end up fed to this option. + +Getting a URL from an external untrusted party brings several security +concerns: + +If you have an application that runs as or in a server application, getting an +unfiltered URL can easily trick your application to access a local resource +instead of a remote. Protecting yourself against localhost accesses is hard +when accepting user provided URLs. + +Such custom URLs can also access other ports than you planned as port numbers +are part of the regular URL format. The combination of a local host and a +custom port number can allow external users to play tricks with your local +services. + +Accepting external URLs may also use other protocols than http:// or other +common ones. Restrict what accept with CURLOPT_PROTOCOLS(3). + +User provided URLs can also be made to point to sites that redirect further on +(possibly to other protocols too). Consider your +CURLOPT_FOLLOWLOCATION(3) and CURLOPT_REDIR_PROTOCOLS(3) settings. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +POP3 and SMTP were added in 7.31.0 + +# RETURN VALUE + +Returns CURLE_OK on success or CURLE_OUT_OF_MEMORY if there was insufficient +heap space. + +Note that curl_easy_setopt(3) does not parse the given string so given a +bad URL, it is not detected until curl_easy_perform(3) or similar is +called. diff --git a/docs/libcurl/opts/CURLOPT_USERAGENT.md b/docs/libcurl/opts/CURLOPT_USERAGENT.md new file mode 100644 index 000000000..a5423def0 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_USERAGENT.md @@ -0,0 +1,66 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_USERAGENT +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CUSTOMREQUEST (3) + - CURLOPT_HTTPHEADER (3) + - CURLOPT_REFERER (3) + - CURLOPT_REQUEST_TARGET (3) +--- + +# NAME + +CURLOPT_USERAGENT - HTTP user-agent header + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_USERAGENT, char *ua); +~~~ + +# DESCRIPTION + +Pass a pointer to a null-terminated string as parameter. It is used to set the +User-Agent: header field in the HTTP request sent to the remote server. You +can also set any custom header with CURLOPT_HTTPHEADER(3). + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL, no User-Agent: header is used by default. + +# PROTOCOLS + +HTTP, HTTPS + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + curl_easy_setopt(curl, CURLOPT_USERAGENT, "Dark Secret Ninja/1.0"); + + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +As long as HTTP is supported + +# RETURN VALUE + +Returns CURLE_OK if HTTP is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_USERNAME.md b/docs/libcurl/opts/CURLOPT_USERNAME.md new file mode 100644 index 000000000..f74817801 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_USERNAME.md @@ -0,0 +1,92 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_USERNAME +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HTTPAUTH (3) + - CURLOPT_PASSWORD (3) + - CURLOPT_PROXYAUTH (3) + - CURLOPT_USERPWD (3) +--- + +# NAME + +CURLOPT_USERNAME - user name to use in authentication + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_USERNAME, + char *username); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, which should be pointing to the +null-terminated user name to use for the transfer. + +CURLOPT_USERNAME(3) sets the user name to be used in protocol +authentication. You should not use this option together with the (older) +CURLOPT_USERPWD(3) option. + +When using Kerberos V5 authentication with a Windows based server, you should +include the domain name in order for the server to successfully obtain a +Kerberos Ticket. If you do not then the initial part of the authentication +handshake may fail. + +When using NTLM, the user name can be specified simply as the user name +without the domain name should the server be part of a single domain and +forest. + +To include the domain name use either Down-Level Logon Name or UPN (User +Principal Name) formats. For example, **EXAMPLE\user** and +**user@example.com** respectively. + +Some HTTP servers (on Windows) support inclusion of the domain for Basic +authentication as well. + +To specify the password and login options, along with the user name, use the +CURLOPT_PASSWORD(3) and CURLOPT_LOGIN_OPTIONS(3) options. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +blank + +# PROTOCOLS + +Most + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + + curl_easy_setopt(curl, CURLOPT_USERNAME, "clark"); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.19.1 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_USERPWD.md b/docs/libcurl/opts/CURLOPT_USERPWD.md new file mode 100644 index 000000000..01c65207a --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_USERPWD.md @@ -0,0 +1,98 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_USERPWD +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PASSWORD (3) + - CURLOPT_PROXYUSERPWD (3) + - CURLOPT_USERNAME (3) +--- + +# NAME + +CURLOPT_USERPWD - user name and password to use in authentication + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_USERPWD, char *userpwd); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, pointing to a null-terminated login details +string for the connection. The format of which is: [user name]:[password]. + +When using Kerberos V5 authentication with a Windows based server, you should +specify the user name part with the domain name in order for the server to +successfully obtain a Kerberos Ticket. If you do not then the initial part of +the authentication handshake may fail. + +When using NTLM, the user name can be specified simply as the user name +without the domain name should the server be part of a single domain and +forest. + +To specify the domain name use either Down-Level Logon Name or UPN (User +Principal Name) formats. For example **EXAMPLE\user** and **user@example.com** +respectively. + +Some HTTP servers (on Windows) support inclusion of the domain for Basic +authentication as well. + +When using HTTP and CURLOPT_FOLLOWLOCATION(3), libcurl might perform several +requests to possibly different hosts. libcurl only sends this user and +password information to hosts using the initial hostname (unless +CURLOPT_UNRESTRICTED_AUTH(3) is set), so if libcurl follows redirects to other +hosts, it does not send the user and password to those. This is enforced to +prevent accidental information leakage. + +Use CURLOPT_HTTPAUTH(3) to specify the authentication method for HTTP +based connections or CURLOPT_LOGIN_OPTIONS(3) to control IMAP, POP3 and +SMTP options. + +The user and password strings are not URL decoded, so there is no way to send +in a user name containing a colon using this option. Use +CURLOPT_USERNAME(3) for that, or include it in the URL. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +Most + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/foo.bin"); + + curl_easy_setopt(curl, CURLOPT_USERPWD, "clark:kent"); + + res = curl_easy_perform(curl); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK on success or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLOPT_USE_SSL.md b/docs/libcurl/opts/CURLOPT_USE_SSL.md new file mode 100644 index 000000000..3e227fcfd --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_USE_SSL.md @@ -0,0 +1,86 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_USE_SSL +Section: 3 +Source: libcurl +See-also: + - CURLOPT_PROXY_SSLVERSION (3) + - CURLOPT_SSLVERSION (3) + - CURLOPT_SSL_OPTIONS (3) +--- + +# NAME + +CURLOPT_USE_SSL - request using SSL / TLS for the transfer + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_USE_SSL, long level); +~~~ + +# DESCRIPTION + +Pass a long using one of the values from below, to make libcurl use your +desired *level* of SSL for the transfer. + +These are all protocols that start out plain text and get "upgraded" to SSL +using the STARTTLS command. + +This is for enabling SSL/TLS when you use FTP, SMTP, POP3, IMAP etc. + +## CURLUSESSL_NONE + +do not attempt to use SSL. + +## CURLUSESSL_TRY + +Try using SSL, proceed as normal otherwise. Note that server may close the +connection if the negotiation does not succeed. + +## CURLUSESSL_CONTROL + +Require SSL for the control connection or fail with *CURLE_USE_SSL_FAILED*. + +## CURLUSESSL_ALL + +Require SSL for all communication or fail with *CURLE_USE_SSL_FAILED*. + +# DEFAULT + +CURLUSESSL_NONE + +# PROTOCOLS + +FTP, SMTP, POP3, IMAP, LDAP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "ftp://example.com/dir/file.ext"); + + /* require use of SSL for this, or fail */ + curl_easy_setopt(curl, CURLOPT_USE_SSL, (long)CURLUSESSL_ALL); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.11.0. This option was known as CURLOPT_FTP_SSL up to 7.16.4, and +the constants were known as CURLFTPSSL_* +Handled by LDAP since 7.81.0. Fully supported by the OpenLDAP backend only. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_VERBOSE.md b/docs/libcurl/opts/CURLOPT_VERBOSE.md new file mode 100644 index 000000000..5ecc4b11a --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_VERBOSE.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_VERBOSE +Section: 3 +Source: libcurl +See-also: + - CURLOPT_DEBUGFUNCTION (3) + - CURLOPT_ERRORBUFFER (3) + - CURLOPT_STDERR (3) + - curl_global_trace (3) +--- + +# NAME + +CURLOPT_VERBOSE - verbose mode + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_VERBOSE, long onoff); +~~~ + +# DESCRIPTION + +Set the *onoff* parameter to 1 to make the library display a lot of +verbose information about its operations on this *handle*. Useful for +libcurl and/or protocol debugging and understanding. The verbose information +is sent to stderr, or the stream set with CURLOPT_STDERR(3). + +You hardly ever want this enabled in production use, you almost always want +this used when you debug/report problems. + +To also get all the protocol data sent and received, consider using the +CURLOPT_DEBUGFUNCTION(3). + +# DEFAULT + +0, meaning disabled. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + + /* ask libcurl to show us the verbose output */ + curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); + + /* Perform the request */ + curl_easy_perform(curl); + } +} +~~~ + +# AVAILABILITY + +Always + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.md b/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.md new file mode 100644 index 000000000..754126567 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_WILDCARDMATCH.md @@ -0,0 +1,111 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_WILDCARDMATCH +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CHUNK_BGN_FUNCTION (3) + - CURLOPT_CHUNK_END_FUNCTION (3) + - CURLOPT_FNMATCH_FUNCTION (3) + - CURLOPT_URL (3) +--- + +# NAME + +CURLOPT_WILDCARDMATCH - directory wildcard transfers + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_WILDCARDMATCH, long onoff); +~~~ + +# DESCRIPTION + +Set *onoff* to 1 if you want to transfer multiple files according to a +filename pattern. The pattern can be specified as part of the CURLOPT_URL(3) +option, using an **fnmatch**-like pattern (Shell Pattern Matching) in the last +part of URL (filename). + +By default, libcurl uses its internal wildcard matching implementation. You +can provide your own matching function by the +CURLOPT_FNMATCH_FUNCTION(3) option. + +A brief introduction of its syntax follows: + +## * - ASTERISK + + ftp://example.com/some/path/*.txt + +for all txt's from the root directory. Only two asterisks are allowed within +the same pattern string. + +## ? - QUESTION MARK + +Question mark matches any (exactly one) character. + + ftp://example.com/some/path/photo?.jpg + +## [ - BRACKET EXPRESSION + +The left bracket opens a bracket expression. The question mark and asterisk have +no special meaning in a bracket expression. Each bracket expression ends by the +right bracket and matches exactly one character. Some examples follow: + +**[a-zA-Z0-9]** or **[f-gF-G]** - character interval + +**[abc]** - character enumeration + +**[^abc]** or **[!abc]** - negation + +**[[:name:]]** class expression. Supported classes are **alnum**,**lower**, +**space**, **alpha**, **digit**, **print**, **upper**, **blank**, **graph**, +**xdigit**. + +**[][-!^]** - special case - matches only '-', ']', '[', '!' or '^'. These +characters have no special purpose. + +**[[]]** - escape syntax. Matches '[', ']' or 'e'. + +Using the rules above, a filename pattern can be constructed: + + ftp://example.com/some/path/[a-z[:upper:]\\].jpg + +# PROTOCOLS + +This feature is only supported for FTP download. + +# EXAMPLE + +~~~c +extern long begin_cb(struct curl_fileinfo *, void *, int); +extern long end_cb(void *ptr); + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + /* turn on wildcard matching */ + curl_easy_setopt(curl, CURLOPT_WILDCARDMATCH, 1L); + + /* callback is called before download of concrete file started */ + curl_easy_setopt(curl, CURLOPT_CHUNK_BGN_FUNCTION, begin_cb); + + /* callback is called after data from the file have been transferred */ + curl_easy_setopt(curl, CURLOPT_CHUNK_END_FUNCTION, end_cb); + + /* See more on https://curl.se/libcurl/c/ftp-wildcard.html */ + } +} +~~~ + +# AVAILABILITY + +Added in 7.21.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_WRITEDATA.md b/docs/libcurl/opts/CURLOPT_WRITEDATA.md new file mode 100644 index 000000000..495c6bf9c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_WRITEDATA.md @@ -0,0 +1,63 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_WRITEDATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HEADERDATA (3) + - CURLOPT_READDATA (3) + - CURLOPT_WRITEFUNCTION (3) +--- + +# NAME + +CURLOPT_WRITEDATA - pointer passed to the write callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_WRITEDATA, void *pointer); +~~~ + +# DESCRIPTION + +A data *pointer* to pass to the write callback. If you use the +CURLOPT_WRITEFUNCTION(3) option, this is the pointer you get in that +callback's fourth and last argument. If you do not use a write callback, you +must make *pointer* a 'FILE *' (cast to 'void *') as libcurl passes this +to *fwrite(3)* when writing data. + +The internal CURLOPT_WRITEFUNCTION(3) writes the data to the FILE * +given with this option, or to stdout if this option has not been set. + +If you are using libcurl as a Windows DLL, you **MUST** use a +CURLOPT_WRITEFUNCTION(3) if you set this option or you might experience +crashes. + +# DEFAULT + +By default, this is a FILE * to stdout. + +# PROTOCOLS + +Used for all protocols. + +# EXAMPLE + +A common technique is to use the write callback to store the incoming data +into a dynamically growing allocated buffer, and then this +CURLOPT_WRITEDATA(3) is used to point to a struct or the buffer to store +data in. Like in the getinmemory example: +https://curl.se/libcurl/c/getinmemory.html + +# AVAILABILITY + +Available in all libcurl versions. This option was formerly known as +CURLOPT_FILE, the name CURLOPT_WRITEDATA(3) was added in 7.9.7. + +# RETURN VALUE + +This returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.md b/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.md new file mode 100644 index 000000000..8957439d3 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_WRITEFUNCTION.md @@ -0,0 +1,136 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_WRITEFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_HEADERFUNCTION (3) + - CURLOPT_READFUNCTION (3) + - CURLOPT_WRITEDATA (3) +--- + +# NAME + +CURLOPT_WRITEFUNCTION - callback for writing received data + +# SYNOPSIS + +~~~c +#include + +size_t write_callback(char *ptr, size_t size, size_t nmemb, void *userdata); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_WRITEFUNCTION, write_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +This callback function gets called by libcurl as soon as there is data +received that needs to be saved. For most transfers, this callback gets called +many times and each invoke delivers another chunk of data. *ptr* points to the +delivered data, and the size of that data is *nmemb*; *size* is always 1. + +The data passed to this function is not null-terminated. + +The callback function is passed as much data as possible in all invokes, but +you must not make any assumptions. It may be one byte, it may be +thousands. The maximum amount of body data that is be passed to the write +callback is defined in the curl.h header file: *CURL_MAX_WRITE_SIZE* (the +usual default is 16K). If CURLOPT_HEADER(3) is enabled, which makes header +data get passed to the write callback, you can get up to +*CURL_MAX_HTTP_HEADER* bytes of header data passed into it. This usually means +100K. + +This function may be called with zero bytes data if the transferred file is +empty. + +Set the *userdata* argument with the CURLOPT_WRITEDATA(3) option. + +Your callback should return the number of bytes actually taken care of. If +that amount differs from the amount passed to your callback function, it +signals an error condition to the library. This causes the transfer to get +aborted and the libcurl function used returns *CURLE_WRITE_ERROR*. + +You can also abort the transfer by returning CURL_WRITEFUNC_ERROR (added in +7.87.0), which makes *CURLE_WRITE_ERROR* get returned. + +If the callback function returns CURL_WRITEFUNC_PAUSE it pauses this +transfer. See curl_easy_pause(3) for further details. + +Set this option to NULL to get the internal default function used instead of +your callback. The internal default function writes the data to the FILE * +given with CURLOPT_WRITEDATA(3). + +This option does not enable HSTS, you need to use CURLOPT_HSTS_CTRL(3) to +do that. + +# DEFAULT + +libcurl uses 'fwrite' as a callback by default. + +# PROTOCOLS + +For all protocols + +# EXAMPLE + +~~~c +#include /* for realloc */ +#include /* for memcpy */ + +struct memory { + char *response; + size_t size; +}; + +static size_t cb(void *data, size_t size, size_t nmemb, void *clientp) +{ + size_t realsize = size * nmemb; + struct memory *mem = (struct memory *)clientp; + + char *ptr = realloc(mem->response, mem->size + realsize + 1); + if(!ptr) + return 0; /* out of memory! */ + + mem->response = ptr; + memcpy(&(mem->response[mem->size]), data, realsize); + mem->size += realsize; + mem->response[mem->size] = 0; + + return realsize; +} + +int main(void) +{ + struct memory chunk = {0}; + CURLcode res; + CURL *curl = curl_easy_init(); + if(curl) { + /* send all data to this function */ + curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, cb); + + /* we pass our 'chunk' struct to the callback function */ + curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&chunk); + + /* send a request */ + res = curl_easy_perform(curl); + + /* remember to free the buffer */ + free(chunk.response); + + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Support for the CURL_WRITEFUNC_PAUSE return code was added in version 7.18.0. + +# RETURN VALUE + +This returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_WS_OPTIONS.md b/docs/libcurl/opts/CURLOPT_WS_OPTIONS.md new file mode 100644 index 000000000..04af5bca8 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_WS_OPTIONS.md @@ -0,0 +1,75 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_WS_OPTIONS +Section: 3 +Source: libcurl +See-also: + - CURLOPT_CONNECT_ONLY (3) + - curl_ws_recv (3) + - curl_ws_send (3) +--- + +# NAME + +CURLOPT_WS_OPTIONS - WebSocket behavior options + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_WS_OPTIONS, long bitmask); +~~~ + +# DESCRIPTION + +Pass a long with a bitmask to tell libcurl about specific WebSocket +behaviors. + +To detach a WebSocket connection and use the curl_ws_send(3) and +curl_ws_recv(3) functions after the HTTP upgrade procedure, set the +CURLOPT_CONNECT_ONLY(3) option to 2L. + +Available bits in the bitmask + +## CURLWS_RAW_MODE (1) + +Deliver "raw" WebSocket traffic to the CURLOPT_WRITEFUNCTION(3) +callback. + +In raw mode, libcurl does not handle pings or any other frame for the +application. + +# DEFAULT + +0 + +# PROTOCOLS + +WebSocket + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "ws://example.com/"); + /* tell curl we deal with all the WebSocket magic ourselves */ + curl_easy_setopt(curl, CURLOPT_WS_OPTIONS, (long)CURLWS_RAW_MODE); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.86.0 + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. diff --git a/docs/libcurl/opts/CURLOPT_XFERINFODATA.md b/docs/libcurl/opts/CURLOPT_XFERINFODATA.md new file mode 100644 index 000000000..145057c5c --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_XFERINFODATA.md @@ -0,0 +1,80 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_XFERINFODATA +Section: 3 +Source: libcurl +See-also: + - CURLOPT_NOPROGRESS (3) + - CURLOPT_VERBOSE (3) + - CURLOPT_XFERINFOFUNCTION (3) +--- + +# NAME + +CURLOPT_XFERINFODATA - pointer passed to the progress callback + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_XFERINFODATA, void *pointer); +~~~ + +# DESCRIPTION + +Pass a *pointer* that is untouched by libcurl and passed as the first +argument in the progress callback set with CURLOPT_XFERINFOFUNCTION(3). + +This is an alias for CURLOPT_PROGRESSDATA(3). + +# DEFAULT + +The default value of this parameter is NULL. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +struct progress { + char *private; + size_t size; +}; + +static size_t progress_cb(void *clientp, + curl_off_t dltotal, + curl_off_t dlnow, + curl_off_t ultotal, + curl_off_t ulnow) +{ + struct progress *memory = clientp; + printf("private ptr: %p\n", memory->private); + /* use the values */ + + return 0; /* all is good */ +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + struct progress data; + + /* pass struct to callback */ + curl_easy_setopt(curl, CURLOPT_XFERINFODATA, &data); + curl_easy_setopt(curl, CURLOPT_XFERINFOFUNCTION, progress_cb); + } +} +~~~ + +# AVAILABILITY + +Added in 7.32.0 + +# RETURN VALUE + +Returns CURLE_OK diff --git a/docs/libcurl/opts/CURLOPT_XFERINFOFUNCTION.md b/docs/libcurl/opts/CURLOPT_XFERINFOFUNCTION.md new file mode 100644 index 000000000..b965db591 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_XFERINFOFUNCTION.md @@ -0,0 +1,120 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_XFERINFOFUNCTION +Section: 3 +Source: libcurl +See-also: + - CURLOPT_NOPROGRESS (3) + - CURLOPT_XFERINFODATA (3) +--- + +# NAME + +CURLOPT_XFERINFOFUNCTION - progress meter callback + +# SYNOPSIS + +~~~c +#include + +int progress_callback(void *clientp, + curl_off_t dltotal, + curl_off_t dlnow, + curl_off_t ultotal, + curl_off_t ulnow); + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_XFERINFOFUNCTION, + progress_callback); +~~~ + +# DESCRIPTION + +Pass a pointer to your callback function, which should match the prototype +shown above. + +This function gets called by libcurl instead of its internal equivalent with a +frequent interval. While data is being transferred it gets called frequently, +and during slow periods like when nothing is being transferred it can slow +down to about one call per second. + +*clientp* is the pointer set with CURLOPT_XFERINFODATA(3), it is not +used by libcurl but is only passed along from the application to the callback. + +The callback gets told how much data libcurl is about to transfer and has +already transferred, in number of bytes. *dltotal* is the total number of +bytes libcurl expects to download in this transfer. *dlnow* is the number +of bytes downloaded so far. *ultotal* is the total number of bytes libcurl +expects to upload in this transfer. *ulnow* is the number of bytes +uploaded so far. + +Unknown/unused argument values passed to the callback are set to zero (like if +you only download data, the upload size remains 0). Many times the callback is +called one or more times first, before it knows the data sizes so a program +must be made to handle that. + +If your callback function returns CURL_PROGRESSFUNC_CONTINUE it makes libcurl +to continue executing the default progress function. + +Returning any other non-zero value from this callback makes libcurl abort the +transfer and return *CURLE_ABORTED_BY_CALLBACK*. + +If you transfer data with the multi interface, this function is not called +during periods of idleness unless you call the appropriate libcurl function +that performs transfers. + +CURLOPT_NOPROGRESS(3) must be set to 0 to make this function actually +get called. + +# DEFAULT + +By default, libcurl has an internal progress meter. That is rarely wanted by +users. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +struct progress { + char *private; + size_t size; +}; + +static size_t progress_callback(void *clientp, + curl_off_t dltotal, + curl_off_t dlnow, + curl_off_t ultotal, + curl_off_t ulnow) +{ + struct progress *memory = clientp; + printf("my ptr: %p\n", memory->private); + + /* use the values */ + + return 0; /* all is good */ +} + +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + struct progress data; + + /* pass struct to callback */ + curl_easy_setopt(curl, CURLOPT_XFERINFODATA, &data); + + curl_easy_setopt(curl, CURLOPT_XFERINFOFUNCTION, progress_callback); + } +} +~~~ + +# AVAILABILITY + +Added in 7.32.0. This callback replaces CURLOPT_PROGRESSFUNCTION(3) + +# RETURN VALUE + +Returns CURLE_OK. diff --git a/docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.md b/docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.md new file mode 100644 index 000000000..af91ea03e --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_XOAUTH2_BEARER.md @@ -0,0 +1,67 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLOPT_XOAUTH2_BEARER +Section: 3 +Source: libcurl +See-also: + - CURLOPT_MAIL_AUTH (3) + - CURLOPT_USERNAME (3) +--- + +# NAME + +CURLOPT_XOAUTH2_BEARER - OAuth 2.0 access token + +# SYNOPSIS + +~~~c +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_XOAUTH2_BEARER, char *token); +~~~ + +# DESCRIPTION + +Pass a char pointer as parameter, which should point to the null-terminated +OAuth 2.0 Bearer Access Token for use with HTTP, IMAP, LDAP, POP3 and SMTP +servers that support the OAuth 2.0 Authorization Framework. + +Note: For IMAP, LDAP, POP3 and SMTP, the user name used to generate the +Bearer Token should be supplied via the CURLOPT_USERNAME(3) option. + +The application does not have to keep the string around after setting this +option. + +# DEFAULT + +NULL + +# PROTOCOLS + +HTTP, IMAP, LDAP, POP3 and SMTP + +# EXAMPLE + +~~~c +int main(void) +{ + CURL *curl = curl_easy_init(); + if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "pop3://example.com/"); + curl_easy_setopt(curl, CURLOPT_XOAUTH2_BEARER, "1ab9cb22ba269a7"); + res = curl_easy_perform(curl); + curl_easy_cleanup(curl); + } +} +~~~ + +# AVAILABILITY + +Added in 7.33.0. Support for OpenLDAP added in 7.82.0. + +# RETURN VALUE + +Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. diff --git a/docs/libcurl/opts/CURLSHOPT_LOCKFUNC.md b/docs/libcurl/opts/CURLSHOPT_LOCKFUNC.md new file mode 100644 index 000000000..f41f86ebf --- /dev/null +++ b/docs/libcurl/opts/CURLSHOPT_LOCKFUNC.md @@ -0,0 +1,77 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLSHOPT_LOCKFUNC +Section: 3 +Source: libcurl +See-also: + - CURLSHOPT_UNLOCKFUNC (3) + - curl_share_cleanup (3) + - curl_share_init (3) + - curl_share_setopt (3) +--- + +# NAME + +CURLSHOPT_LOCKFUNC - mutex lock callback + +# SYNOPSIS + +~~~c +#include + +void lockcb(CURL *handle, curl_lock_data data, curl_lock_access access, + void *clientp); + +CURLSHcode curl_share_setopt(CURLSH *share, CURLSHOPT_LOCKFUNC, lockcb); +~~~ + +# DESCRIPTION + +Set a mutex lock callback for the share object, to allow it to get used by +multiple threads concurrently. There is a corresponding +CURLSHOPT_UNLOCKFUNC(3) callback called when the mutex is again released. + +The *lockcb* argument must be a pointer to a function matching the +prototype shown above. The arguments to the callback are: + +*handle* is the currently active easy handle in use when the share object +is intended to get used. + +The *data* argument tells what kind of data libcurl wants to lock. Make +sure that the callback uses a different lock for each kind of data. + +*access* defines what access type libcurl wants, shared or single. + +*clientp* is the private pointer you set with CURLSHOPT_USERDATA(3). +This pointer is not used by libcurl itself. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +extern void mutex_lock(CURL *handle, curl_lock_data data, + curl_lock_access access, void *clientp); + +int main(void) +{ + CURLSHcode sh; + CURLSH *share = curl_share_init(); + sh = curl_share_setopt(share, CURLSHOPT_LOCKFUNC, mutex_lock); + if(sh) + printf("Error: %s\n", curl_share_strerror(sh)); +} +~~~ + +# AVAILABILITY + +Added in 7.10 + +# RETURN VALUE + +CURLSHE_OK (zero) means that the option was set properly, non-zero means an +error occurred. See libcurl-errors(3) for the full list with +descriptions. diff --git a/docs/libcurl/opts/CURLSHOPT_SHARE.3 b/docs/libcurl/opts/CURLSHOPT_SHARE.md similarity index 50% rename from docs/libcurl/opts/CURLSHOPT_SHARE.3 rename to docs/libcurl/opts/CURLSHOPT_SHARE.md index 701711b80..66ed27034 100644 --- a/docs/libcurl/opts/CURLSHOPT_SHARE.3 +++ b/docs/libcurl/opts/CURLSHOPT_SHARE.md @@ -1,58 +1,59 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.TH CURLSHOPT_SHARE 3 "September 26, 2023" "ibcurl 8.4.0" libcurl - -.SH NAME +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLSHOPT_SHARE +Section: 3 +Source: libcurl +See-also: + - CURLSHOPT_UNSHARE (3) + - curl_share_cleanup (3) + - curl_share_init (3) + - curl_share_setopt (3) +--- + +# NAME + CURLSHOPT_SHARE - add data to share -.SH SYNOPSIS -.nf + +# SYNOPSIS + +~~~c #include CURLSHcode curl_share_setopt(CURLSH *share, CURLSHOPT_SHARE, long type); -.fi -.SH DESCRIPTION -The \fItype\fP parameter specifies what specific data that should be shared -and kept in the share object that was created with \fIcurl_share_init(3)\fP. -The given \fItype\fP must be be one of the values described below. You can set -\fICURLSHOPT_SHARE(3)\fP multiple times with different data arguments to have +~~~ + +# DESCRIPTION + +The *type* parameter specifies what specific data that should be shared +and kept in the share object that was created with curl_share_init(3). +The given *type* must be be one of the values described below. You can set +CURLSHOPT_SHARE(3) multiple times with different data arguments to have the share object share multiple types of data. Unset a type again by setting -\fICURLSHOPT_UNSHARE(3)\fP. -.IP CURL_LOCK_DATA_COOKIE +CURLSHOPT_UNSHARE(3). + +## CURL_LOCK_DATA_COOKIE + Cookie data is shared across the easy handles using this shared object. Note that this does not activate an easy handle's cookie handling. You can do that -separately by using \fICURLOPT_COOKIEFILE(3)\fP for example. -.IP CURL_LOCK_DATA_DNS +separately by using CURLOPT_COOKIEFILE(3) for example. + +## CURL_LOCK_DATA_DNS + Cached DNS hosts are shared across the easy handles using this shared object. Note that when you use the multi interface, all easy handles added to the same multi handle share DNS cache by default without using this option. -.IP CURL_LOCK_DATA_SSL_SESSION + +## CURL_LOCK_DATA_SSL_SESSION + SSL session IDs are shared across the easy handles using this shared object. This reduces the time spent in the SSL handshake when reconnecting to the same server. Note SSL session IDs are reused within the same easy handle by default. Note this symbol was added in 7.10.3 but was not implemented until 7.23.0. -.IP CURL_LOCK_DATA_CONNECT + +## CURL_LOCK_DATA_CONNECT + Put the connection cache in the share object and make all easy handles using this share object share the connection cache. @@ -63,12 +64,14 @@ get additional transfers added to them if the existing connection is held by the same multi or easy handle. libcurl does not support doing HTTP/2 streams in different threads using a shared connection. -Support for \fBCURL_LOCK_DATA_CONNECT\fP was added in 7.57.0, but the symbol +Support for **CURL_LOCK_DATA_CONNECT** was added in 7.57.0, but the symbol existed before this. Note that when you use the multi interface, all easy handles added to the same multi handle shares connection cache by default without using this option. -.IP CURL_LOCK_DATA_PSL + +## CURL_LOCK_DATA_PSL + The Public Suffix List stored in the share object is made available to all easy handle bound to the later. Since the Public Suffix List is periodically refreshed, this avoids updates in too many different contexts. @@ -77,30 +80,38 @@ Added in 7.61.0. Note that when you use the multi interface, all easy handles added to the same multi handle shares PSL cache by default without using this option. -.IP CURL_LOCK_DATA_HSTS + +## CURL_LOCK_DATA_HSTS + The in-memory HSTS cache. It is not supported to share the HSTS between multiple concurrent threads. Added in 7.88.0 -.SH PROTOCOLS + +# PROTOCOLS + All -.SH EXAMPLE -.nf + +# EXAMPLE + +~~~c +int main(void) +{ CURLSHcode sh; - share = curl_share_init(); + CURLSH *share = curl_share_init(); sh = curl_share_setopt(share, CURLSHOPT_SHARE, CURL_LOCK_DATA_COOKIE); if(sh) - printf("Error: %s\\n", curl_share_strerror(sh)); -.fi -.SH AVAILABILITY + printf("Error: %s\n", curl_share_strerror(sh)); +} +~~~ + +# AVAILABILITY + Added in 7.10 -.SH RETURN VALUE + +# RETURN VALUE + CURLSHE_OK (zero) means that the option was set properly, non-zero means an -error occurred. See \fIlibcurl-errors(3)\fP for the full list with +error occurred. See libcurl-errors(3) for the full list with descriptions. -.SH "SEE ALSO" -.BR curl_share_cleanup (3), -.BR curl_share_init (3), -.BR curl_share_setopt (3), -.BR CURLSHOPT_UNSHARE (3) diff --git a/docs/libcurl/opts/CURLSHOPT_UNLOCKFUNC.md b/docs/libcurl/opts/CURLSHOPT_UNLOCKFUNC.md new file mode 100644 index 000000000..16f9a377e --- /dev/null +++ b/docs/libcurl/opts/CURLSHOPT_UNLOCKFUNC.md @@ -0,0 +1,72 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLSHOPT_UNLOCKFUNC +Section: 3 +Source: libcurl +See-also: + - CURLSHOPT_LOCKFUNC (3) + - curl_share_cleanup (3) + - curl_share_init (3) + - curl_share_setopt (3) +--- + +# NAME + +CURLSHOPT_UNLOCKFUNC - mutex unlock callback + +# SYNOPSIS + +~~~c +#include + +void unlockcb(CURL *handle, curl_lock_data data, void *clientp); + +CURLSHcode curl_share_setopt(CURLSH *share, CURLSHOPT_UNLOCKFUNC, unlockcb); +~~~ + +# DESCRIPTION + +Set a mutex unlock callback for the share object. There is a corresponding +CURLSHOPT_LOCKFUNC(3) callback called when the mutex is first locked. + +The *unlockcb* argument must be a pointer to a function matching the +prototype shown above. The arguments to the callback are: + +*handle* is the currently active easy handle in use when the share object +is released. + +The *data* argument tells what kind of data libcurl wants to unlock. Make +sure that the callback uses a different lock for each kind of data. + +*clientp* is the private pointer you set with CURLSHOPT_USERDATA(3). +This pointer is not used by libcurl itself. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +extern void mutex_unlock(CURL *, curl_lock_data, void *); + +int main(void) +{ + CURLSHcode sh; + CURLSH *share = curl_share_init(); + sh = curl_share_setopt(share, CURLSHOPT_UNLOCKFUNC, mutex_unlock); + if(sh) + printf("Error: %s\n", curl_share_strerror(sh)); +} +~~~ + +# AVAILABILITY + +Added in 7.10 + +# RETURN VALUE + +CURLSHE_OK (zero) means that the option was set properly, non-zero means an +error occurred. See libcurl-errors(3) for the full list with +descriptions. diff --git a/docs/libcurl/opts/CURLSHOPT_UNSHARE.md b/docs/libcurl/opts/CURLSHOPT_UNSHARE.md new file mode 100644 index 000000000..e3cf5988c --- /dev/null +++ b/docs/libcurl/opts/CURLSHOPT_UNSHARE.md @@ -0,0 +1,84 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLSHOPT_UNSHARE +Section: 3 +Source: libcurl +See-also: + - CURLSHOPT_SHARE (3) + - curl_share_cleanup (3) + - curl_share_init (3) + - curl_share_setopt (3) +--- + +# NAME + +CURLSHOPT_UNSHARE - remove data to share + +# SYNOPSIS + +~~~c +#include + +CURLSHcode curl_share_setopt(CURLSH *share, CURLSHOPT_UNSHARE, long type); +~~~ + +# DESCRIPTION + +The *type* parameter specifies what specific data that should no longer be +shared and kept in the share object that was created with +curl_share_init(3). In other words, stop sharing that data in this +shared object. The given *type* must be be one of the values described +below. You can set CURLSHOPT_UNSHARE(3) multiple times with different +data arguments to remove multiple types from the shared object. Add data to +share again with CURLSHOPT_SHARE(3). + +## CURL_LOCK_DATA_COOKIE + +Cookie data is no longer shared across the easy handles using this shared +object. + +## CURL_LOCK_DATA_DNS + +Cached DNS hosts are no longer shared across the easy handles using this +shared object. + +## CURL_LOCK_DATA_SSL_SESSION + +SSL session IDs are no longer shared across the easy handles using this shared +object. + +## CURL_LOCK_DATA_CONNECT + +The connection cache is no longer shared. + +## CURL_LOCK_DATA_PSL + +The Public Suffix List is no longer shared. + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +int main(void) +{ + CURLSHcode sh; + CURLSH *share = curl_share_init(); + sh = curl_share_setopt(share, CURLSHOPT_UNSHARE, CURL_LOCK_DATA_COOKIE); + if(sh) + printf("Error: %s\n", curl_share_strerror(sh)); +} +~~~ + +# AVAILABILITY + +Added in 7.10 + +# RETURN VALUE + +CURLSHE_OK (zero) means that the option was set properly, non-zero means an +error occurred. See libcurl-errors(3) for the full list with +descriptions. diff --git a/docs/libcurl/opts/CURLSHOPT_USERDATA.md b/docs/libcurl/opts/CURLSHOPT_USERDATA.md new file mode 100644 index 000000000..d0ec7772d --- /dev/null +++ b/docs/libcurl/opts/CURLSHOPT_USERDATA.md @@ -0,0 +1,62 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: CURLSHOPT_USERDATA +Section: 3 +Source: libcurl +See-also: + - CURLSHOPT_LOCKFUNC (3) + - curl_share_cleanup (3) + - curl_share_init (3) + - curl_share_setopt (3) +--- + +# NAME + +CURLSHOPT_USERDATA - pointer passed to the lock and unlock mutex callbacks + +# SYNOPSIS + +~~~c +#include + +CURLSHcode curl_share_setopt(CURLSH *share, CURLSHOPT_USERDATA, void *clientp); +~~~ + +# DESCRIPTION + +The *clientp* parameter is held verbatim by libcurl and is passed on as +the *clientp* argument to the callbacks set with +CURLSHOPT_LOCKFUNC(3) and CURLSHOPT_UNLOCKFUNC(3). + +# PROTOCOLS + +All + +# EXAMPLE + +~~~c +struct secrets { + void *custom; +}; + +int main(void) +{ + CURLSHcode sh; + struct secrets private_stuff; + CURLSH *share = curl_share_init(); + sh = curl_share_setopt(share, CURLSHOPT_USERDATA, &private_stuff); + if(sh) + printf("Error: %s\n", curl_share_strerror(sh)); +} +~~~ + +# AVAILABILITY + +Added in 7.10 + +# RETURN VALUE + +CURLSHE_OK (zero) means that the option was set properly, non-zero means an +error occurred. See libcurl-errors(3) for the full list with +descriptions. diff --git a/docs/libcurl/opts/Makefile.am b/docs/libcurl/opts/Makefile.am index 250937fd1..42f9db4c5 100644 --- a/docs/libcurl/opts/Makefile.am +++ b/docs/libcurl/opts/Makefile.am @@ -26,38 +26,19 @@ AUTOMAKE_OPTIONS = foreign no-dependencies include Makefile.inc -man_DISTMANS = $(man_MANS:.3=.3.dist) +CURLPAGES = $(man_MANS:.3=.md) +CLEANFILES = $(man_MANS) +nodist_MANS = $(man_MANS) -HTMLPAGES = $(man_MANS:.3=.html) +EXTRA_DIST = $(CURLPAGES) CMakeLists.txt -PDFPAGES = $(man_MANS:.3=.pdf) +CD2NROFF = $(top_srcdir)/scripts/cd2nroff $< >$@ +CD2 = $(CD2_$(V)) +CD2_0 = @echo " RENDER " $@; +CD2_1 = +CD2_ = $(CD2_0) -CLEANFILES = $(HTMLPAGES) $(PDFPAGES) $(man_DISTMANS) +SUFFIXES = .3 .md -EXTRA_DIST = $(man_MANS) CMakeLists.txt -MAN2HTML= roffit --mandir=. $< >$@ - -SUFFIXES = .3 .html - -html: $(HTMLPAGES) - -.3.html: - $(MAN2HTML) - -pdf: $(PDFPAGES) - -.3.pdf: - @(foo=`echo $@ | sed -e 's/\.[0-9]$$//g'`; \ - groff -Tps -man $< >$$foo.ps; \ - ps2pdf $$foo.ps $@; \ - rm $$foo.ps; \ - echo "converted $< to $@") - -mancheck: - @(cd $(top_srcdir)/docs/libcurl/opts && ls `awk -F, '!/OBSOLETE/ && /^ CINIT/ { a=substr($$1, 9); print "CURLOPT_" a ".3"}' $(top_srcdir)/include/curl/curl.h`) - rm -f in_temp - @(for a in $(man_MANS); do echo $$a >>in_temp; done) - sort in_temp > in_makefile - ls CURL*.3 > in_directory - -diff -u in_makefile in_directory - rm in_temp in_directory in_makefile +.md.3: + $(CD2)$(CD2NROFF) diff --git a/docs/libcurl/opts/Makefile.inc b/docs/libcurl/opts/Makefile.inc index 9fe780677..be7035bf0 100644 --- a/docs/libcurl/opts/Makefile.inc +++ b/docs/libcurl/opts/Makefile.inc @@ -65,6 +65,7 @@ man_MANS = \ CURLINFO_PROXY_ERROR.3 \ CURLINFO_PROXY_SSL_VERIFYRESULT.3 \ CURLINFO_PROXYAUTH_AVAIL.3 \ + CURLINFO_QUEUE_TIME_T.3 \ CURLINFO_REDIRECT_COUNT.3 \ CURLINFO_REDIRECT_TIME.3 \ CURLINFO_REDIRECT_TIME_T.3 \ @@ -332,6 +333,7 @@ man_MANS = \ CURLOPT_SEEKDATA.3 \ CURLOPT_SEEKFUNCTION.3 \ CURLOPT_SERVER_RESPONSE_TIMEOUT.3 \ + CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.3 \ CURLOPT_SERVICE_NAME.3 \ CURLOPT_SHARE.3 \ CURLOPT_SOCKOPTDATA.3 \ diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions index 24a954ece..c20008a73 100644 --- a/docs/libcurl/symbols-in-versions +++ b/docs/libcurl/symbols-in-versions @@ -190,7 +190,7 @@ CURL_VERSION_ZSTD 7.72.0 CURL_WAIT_POLLIN 7.28.0 CURL_WAIT_POLLOUT 7.28.0 CURL_WAIT_POLLPRI 7.28.0 -CURL_WIN32 7.69.0 +CURL_WIN32 7.69.0 - 8.5.0 CURL_WRITEFUNC_ERROR 7.87.0 CURL_WRITEFUNC_PAUSE 7.18.0 CURL_ZERO_TERMINATED 7.56.0 @@ -212,12 +212,12 @@ CURLAUTH_NONE 7.10.6 CURLAUTH_NTLM 7.10.6 CURLAUTH_NTLM_WB 7.22.0 CURLAUTH_ONLY 7.21.3 -CURLCLOSEPOLICY_CALLBACK 7.7 -CURLCLOSEPOLICY_LEAST_RECENTLY_USED 7.7 -CURLCLOSEPOLICY_LEAST_TRAFFIC 7.7 -CURLCLOSEPOLICY_NONE 7.7 -CURLCLOSEPOLICY_OLDEST 7.7 -CURLCLOSEPOLICY_SLOWEST 7.7 +CURLCLOSEPOLICY_CALLBACK 7.7 7.16.1 +CURLCLOSEPOLICY_LEAST_RECENTLY_USED 7.7 7.16.1 +CURLCLOSEPOLICY_LEAST_TRAFFIC 7.7 7.16.1 +CURLCLOSEPOLICY_NONE 7.7 7.16.1 +CURLCLOSEPOLICY_OLDEST 7.7 7.16.1 +CURLCLOSEPOLICY_SLOWEST 7.7 7.16.1 CURLE_ABORTED_BY_CALLBACK 7.1 CURLE_AGAIN 7.18.2 CURLE_ALREADY_COMPLETE 7.7.2 7.8 @@ -328,6 +328,7 @@ CURLE_TFTP_NOSUCHUSER 7.15.0 CURLE_TFTP_NOTFOUND 7.15.0 CURLE_TFTP_PERM 7.15.0 CURLE_TFTP_UNKNOWNID 7.15.0 +CURLE_TOO_LARGE 8.6.0 CURLE_TOO_MANY_REDIRECTS 7.5 CURLE_UNKNOWN_OPTION 7.21.5 CURLE_UNKNOWN_TELNET_OPTION 7.7 7.21.5 @@ -468,6 +469,7 @@ CURLINFO_PROXY_ERROR 7.73.0 CURLINFO_PROXY_SSL_VERIFYRESULT 7.52.0 CURLINFO_PROXYAUTH_AVAIL 7.10.8 CURLINFO_PTR 7.54.1 +CURLINFO_QUEUE_TIME_T 8.6.0 CURLINFO_REDIRECT_COUNT 7.9.7 CURLINFO_REDIRECT_TIME 7.9.7 CURLINFO_REDIRECT_TIME_T 7.61.0 @@ -800,6 +802,7 @@ CURLOPT_SASL_IR 7.31.0 CURLOPT_SEEKDATA 7.18.0 CURLOPT_SEEKFUNCTION 7.18.0 CURLOPT_SERVER_RESPONSE_TIMEOUT 7.20.0 +CURLOPT_SERVER_RESPONSE_TIMEOUT_MS 8.6.0 CURLOPT_SERVICE_NAME 7.43.0 CURLOPT_SHARE 7.10 CURLOPT_SOCKOPTDATA 7.16.0 @@ -1094,6 +1097,7 @@ CURLUE_NO_USER 7.62.0 CURLUE_NO_ZONEID 7.81.0 CURLUE_OK 7.62.0 CURLUE_OUT_OF_MEMORY 7.62.0 +CURLUE_TOO_LARGE 8.6.0 CURLUE_UNKNOWN_PART 7.62.0 CURLUE_UNSUPPORTED_SCHEME 7.62.0 CURLUE_URLDECODE 7.62.0 diff --git a/docs/mk-ca-bundle.1 b/docs/mk-ca-bundle.md similarity index 34% rename from docs/mk-ca-bundle.1 rename to docs/mk-ca-bundle.md index e6db0504c..bacfce08b 100644 --- a/docs/mk-ca-bundle.1 +++ b/docs/mk-ca-bundle.md @@ -1,120 +1,128 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" * SPDX-License-Identifier: curl -.\" * -.\" ************************************************************************** -.\" -.TH mk-ca-bundle 1 "24 Oct 2016" mk-ca-bundle mk-ca-bundle -.SH NAME -mk-ca-bundle \- convert Mozilla's certificate bundle to PEM format -.SH SYNOPSIS +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Title: mk-ca-bundle +Section: 1 +Source: mk-ca-bundle +See-also: + - curl (1) +--- + +# NAME + +mk-ca-bundle - convert Mozilla's certificate bundle to PEM format + +# SYNOPSIS + mk-ca-bundle [options] -.I [outputfile] -.SH DESCRIPTION -The mk-ca-bundle tool downloads the \fIcertdata.txt\fP file from Mozilla's -source tree over HTTPS, then parses \fIcertdata.txt\fP and extracts -certificates into PEM format. By default, only CA root certificates trusted to -issue SSL server authentication certificates are extracted. These are then -processed with the OpenSSL command line tool to produce the final ca-bundle -file. - -The default \fIoutputfile\fP name is \fBca-bundle.crt\fP. By setting it to '-' -(a single dash) you will get the output sent to STDOUT instead of a file. +*[outputfile]* + +# DESCRIPTION + +The mk-ca-bundle tool downloads the *certdata.txt* file from Mozilla's source +tree over HTTPS, then parses *certdata.txt* and extracts certificates into PEM +format. By default, only CA root certificates trusted to issue SSL server +authentication certificates are extracted. These are then processed with the +OpenSSL command line tool to produce the final ca-bundle file. + +The default *outputfile* name is **ca-bundle.crt**. By setting it to '-' (a +single dash) you will get the output sent to STDOUT instead of a file. The PEM format this scripts uses for output makes the result readily available for use by just about all OpenSSL or GnuTLS powered applications, such as curl and others. -.SH OPTIONS + +# OPTIONS + The following options are supported: -.IP -b -backup an existing version of \fIoutputfilename\fP -.IP "-d [name]" -specify which Mozilla tree to pull \fIcertdata.txt\fP from (or a custom + +## -b + +backup an existing version of *outputfilename* + +## -d [name] + +specify which Mozilla tree to pull *certdata.txt* from (or a custom URL). Valid names are: aurora, beta, central, Mozilla, nss, release (default). They are shortcuts for which source tree to get the certificates data from. -.IP -f -force rebuild even if \fIcertdata.txt\fP is current (Added in version 1.17) -.IP -i + +## -f + +force rebuild even if *certdata.txt* is current (Added in version 1.17) + +## -i + print version info about used modules -.IP -k + +## -k + Allow insecure data transfer. By default (since 1.27) this command will fail if the HTTPS transfer fails. This overrides that decision (and opens for man-in-the-middle attacks). -.IP -l -print license info about \fIcertdata.txt\fP -.IP -m + +## -l + +print license info about *certdata.txt* + +## -m + (Added in 1.26) Include meta data comments in the output. The meta data is specific information about each certificate that is stored in the original file as comments and using this option will make those comments get passed on to the output file. The meta data is not parsed in any way by mk-ca-bundle. -.IP -n -no download of \fIcertdata.txt\fP (to use existing) -.IP "-p [purposes]:[levels]" + +## -n + +no download of *certdata.txt* (to use existing) + +## -p [purposes]:[levels] + list of Mozilla trust purposes and levels for certificates to include in -output. Takes the form of a comma separated list of purposes, a colon, and a +output. Takes the form of a comma separated list of purposes, a colon, and a comma separated list of levels. The default is to include all certificates -trusted to issue SSL Server certificates -(\fISERVER_AUTH:TRUSTED_DELEGATOR\fP). - -(Added in version 1.21, Perl only) - -Valid purposes are: -.RS -\fIALL\fP, \fIDIGITAL_SIGNATURE\fP, \fINON_REPUDIATION\fP, -\fIKEY_ENCIPHERMENT\fP, \fIDATA_ENCIPHERMENT\fP, \fIKEY_AGREEMENT\fP, -\fIKEY_CERT_SIGN\fP, \fICRL_SIGN\fP, \fISERVER_AUTH\fP (default), -\fICLIENT_AUTH\fP, \fICODE_SIGNING\fP, \fIEMAIL_PROTECTION\fP, -\fIIPSEC_END_SYSTEM\fP, \fIIPSEC_TUNNEL\fP, \fIIPSEC_USER\fP, -\fITIME_STAMPING\fP, \fISTEP_UP_APPROVED\fP -.RE -.IP -Valid trust levels are: -.RS -\fIALL\fP, \fITRUSTED_DELEGATOR\fP (default), \fINOT_TRUSTED\fP, \fIMUST_VERIFY_TRUST\fP, \fITRUSTED\fP -.RE -.IP -q +trusted to issue SSL Server certificates (*SERVER_AUTH:TRUSTED_DELEGATOR*). + +Valid purposes are: *ALL*, *DIGITAL_SIGNATURE*, *NON_REPUDIATION*, +*KEY_ENCIPHERMENT*, *DATA_ENCIPHERMENT*, *KEY_AGREEMENT*, *KEY_CERT_SIGN*, +*CRL_SIGN*, *SERVER_AUTH* (default), *CLIENT_AUTH*, *CODE_SIGNING*, +*EMAIL_PROTECTION*, *IPSEC_END_SYSTEM*, *IPSEC_TUNNEL*, *IPSEC_USER*, +*TIME_STAMPING*, *STEP_UP_APPROVED* + +Valid trust levels are: *ALL*, *TRUSTED_DELEGATOR* (default), *NOT_TRUSTED*, +*MUST_VERIFY_TRUST*, *TRUSTED* + +## -q + be really quiet (no progress output at all) -.IP -t + +## -t + include plain text listing of certificates -.IP "-s [algorithms]" + +## -s [algorithms] + comma separated list of signature algorithms with which to hash/fingerprint each certificate and output when run in plain text mode. -(Added in version 1.21, Perl only) - Valid algorithms are: -.RS ALL, NONE, MD5 (default), SHA1, SHA256, SHA384, SHA512 -.RE -.IP -u -unlink (remove) \fIcertdata.txt\fP after processing -.IP -v + +## -u + +unlink (remove) *certdata.txt* after processing + +## -v + be verbose and print out processed certificate authorities -.SH EXIT STATUS + +# EXIT STATUS + Returns 0 on success. Returns 1 if it fails to download data. -.SH FILE FORMAT + +# FILE FORMAT + The file format used by Mozilla for this trust information is documented here: -.nf +~~~c https://p11-glue.freedesktop.org/doc/storing-trust-policy/storing-trust-existing.html -.fi -.SH SEE ALSO -.BR curl (1) +~~~ diff --git a/include/curl/curl.h b/include/curl/curl.h index bf71d82fb..eb0602250 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -53,28 +53,19 @@ #include "curlver.h" /* libcurl version defines */ #include "system.h" /* determine things run-time */ -/* - * Define CURL_WIN32 when build target is Win32 API - */ - -#if (defined(_WIN32) || defined(__WIN32__) || defined(WIN32)) && \ - !defined(__SYMBIAN32__) -#define CURL_WIN32 -#endif - #include #include -#if (defined(__FreeBSD__) && (__FreeBSD__ >= 2)) || defined(__MidnightBSD__) +#if defined(__FreeBSD__) || defined(__MidnightBSD__) /* Needed for __FreeBSD_version or __MidnightBSD_version symbol definition */ -#include +#include #endif /* The include stuff here below is mainly for time_t! */ #include #include -#if defined(CURL_WIN32) && !defined(_WIN32_WCE) && !defined(__CYGWIN__) +#if defined(_WIN32) && !defined(_WIN32_WCE) && !defined(__CYGWIN__) #if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H) || \ defined(__LWIP_OPT_H__) || defined(LWIP_HDR_OPT_H)) /* The check above prevents the winsock2 inclusion if winsock.h already was @@ -88,7 +79,7 @@ libc5-based Linux systems. Only include it on systems that are known to require it! */ #if defined(_AIX) || defined(__NOVELL_LIBC__) || defined(__NetBSD__) || \ - defined(__minix) || defined(__SYMBIAN32__) || defined(__INTEGRITY) || \ + defined(__minix) || defined(__INTEGRITY) || \ defined(ANDROID) || defined(__ANDROID__) || defined(__OpenBSD__) || \ defined(__CYGWIN__) || defined(AMIGA) || defined(__NuttX__) || \ (defined(__FreeBSD_version) && (__FreeBSD_version < 800000)) || \ @@ -97,11 +88,11 @@ #include #endif -#if !defined(CURL_WIN32) && !defined(_WIN32_WCE) +#if !defined(_WIN32) && !defined(_WIN32_WCE) #include #endif -#if !defined(CURL_WIN32) +#if !defined(_WIN32) #include #endif @@ -128,7 +119,7 @@ typedef void CURLSH; #ifdef CURL_STATICLIB # define CURL_EXTERN -#elif defined(CURL_WIN32) || defined(__SYMBIAN32__) || \ +#elif defined(_WIN32) || \ (__has_declspec_attribute(dllexport) && \ __has_declspec_attribute(dllimport)) # if defined(BUILDING_LIBCURL) @@ -144,7 +135,7 @@ typedef void CURLSH; #ifndef curl_socket_typedef /* socket typedef */ -#if defined(CURL_WIN32) && !defined(__LWIP_OPT_H__) && !defined(LWIP_HDR_OPT_H) +#if defined(_WIN32) && !defined(__LWIP_OPT_H__) && !defined(LWIP_HDR_OPT_H) typedef SOCKET curl_socket_t; #define CURL_SOCKET_BAD INVALID_SOCKET #else @@ -640,6 +631,7 @@ typedef enum { CURLE_PROXY, /* 97 - proxy handshake error */ CURLE_SSL_CLIENTCERT, /* 98 - client-side certificate required */ CURLE_UNRECOVERABLE_POLL, /* 99 - poll/select returned fatal error */ + CURLE_TOO_LARGE, /* 100 - a value/data met its maximum */ CURL_LAST /* never use! */ } CURLcode; @@ -1854,7 +1846,8 @@ typedef enum { /* allow GSSAPI credential delegation */ CURLOPT(CURLOPT_GSSAPI_DELEGATION, CURLOPTTYPE_VALUES, 210), - /* Set the name servers to use for DNS resolution */ + /* Set the name servers to use for DNS resolution. + * Only supported by the c-ares DNS backend */ CURLOPT(CURLOPT_DNS_SERVERS, CURLOPTTYPE_STRINGPOINT, 211), /* Time-out accept operations (currently for FTP only) after this amount @@ -2210,6 +2203,9 @@ typedef enum { /* set a specific client IP for HAProxy PROXY protocol header? */ CURLOPT(CURLOPT_HAPROXY_CLIENT_IP, CURLOPTTYPE_STRINGPOINT, 323), + /* millisecond version */ + CURLOPT(CURLOPT_SERVER_RESPONSE_TIMEOUT_MS, CURLOPTTYPE_LONG, 324), + CURLOPT_LASTENTRY /* the last unused */ } CURLoption; @@ -2941,7 +2937,8 @@ typedef enum { CURLINFO_CAPATH = CURLINFO_STRING + 62, CURLINFO_XFER_ID = CURLINFO_OFF_T + 63, CURLINFO_CONN_ID = CURLINFO_OFF_T + 64, - CURLINFO_LASTONE = 64 + CURLINFO_QUEUE_TIME_T = CURLINFO_OFF_T + 65, + CURLINFO_LASTONE = 65 } CURLINFO; /* CURLINFO_RESPONSE_CODE is the new name for the option previously known as @@ -3220,6 +3217,7 @@ CURL_EXTERN CURLcode curl_easy_pause(CURL *handle, int bitmask); #include "options.h" #include "header.h" #include "websockets.h" +#include "mprintf.h" /* the typechecker doesn't work in C++ (yet) */ #if defined(__GNUC__) && defined(__GNUC_MINOR__) && \ diff --git a/include/curl/curlver.h b/include/curl/curlver.h index 44e6070d6..bde10fa21 100644 --- a/include/curl/curlver.h +++ b/include/curl/curlver.h @@ -59,7 +59,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x080400 +#define LIBCURL_VERSION_NUM 0x080600 /* * This is the date and time when the full source package was created. The diff --git a/include/curl/mprintf.h b/include/curl/mprintf.h index dc5664bc5..4f704548d 100644 --- a/include/curl/mprintf.h +++ b/include/curl/mprintf.h @@ -34,19 +34,27 @@ extern "C" { #if (defined(__GNUC__) || defined(__clang__)) && \ defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - !defined(__MINGW32__) && !defined(CURL_NO_FMT_CHECKS) -#define CURL_TEMP_PRINTF(a,b) __attribute__ ((format(printf, a, b))) + !defined(CURL_NO_FMT_CHECKS) +#if defined(__MINGW32__) && !defined(__clang__) +#define CURL_TEMP_PRINTF(fmt, arg) \ + __attribute__((format(gnu_printf, fmt, arg))) #else -#define CURL_TEMP_PRINTF(a,b) +#define CURL_TEMP_PRINTF(fmt, arg) \ + __attribute__((format(printf, fmt, arg))) +#endif +#else +#define CURL_TEMP_PRINTF(fmt, arg) #endif -CURL_EXTERN int curl_mprintf(const char *format, ...) CURL_TEMP_PRINTF(1, 2); +CURL_EXTERN int curl_mprintf(const char *format, ...) + CURL_TEMP_PRINTF(1, 2); CURL_EXTERN int curl_mfprintf(FILE *fd, const char *format, ...) CURL_TEMP_PRINTF(2, 3); CURL_EXTERN int curl_msprintf(char *buffer, const char *format, ...) CURL_TEMP_PRINTF(2, 3); CURL_EXTERN int curl_msnprintf(char *buffer, size_t maxlength, - const char *format, ...) CURL_TEMP_PRINTF(3, 4); + const char *format, ...) + CURL_TEMP_PRINTF(3, 4); CURL_EXTERN int curl_mvprintf(const char *format, va_list args) CURL_TEMP_PRINTF(1, 0); CURL_EXTERN int curl_mvfprintf(FILE *fd, const char *format, va_list args) diff --git a/include/curl/system.h b/include/curl/system.h index 97e0d037a..81a1b817d 100644 --- a/include/curl/system.h +++ b/include/curl/system.h @@ -141,29 +141,6 @@ # define CURL_TYPEOF_CURL_SOCKLEN_T int # endif -#elif defined(__SYMBIAN32__) -# if defined(__EABI__) /* Treat all ARM compilers equally */ -# define CURL_TYPEOF_CURL_OFF_T long long -# define CURL_FORMAT_CURL_OFF_T "lld" -# define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_SUFFIX_CURL_OFF_T LL -# define CURL_SUFFIX_CURL_OFF_TU ULL -# elif defined(__CW32__) -# pragma longlong on -# define CURL_TYPEOF_CURL_OFF_T long long -# define CURL_FORMAT_CURL_OFF_T "lld" -# define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_SUFFIX_CURL_OFF_T LL -# define CURL_SUFFIX_CURL_OFF_TU ULL -# elif defined(__VC32__) -# define CURL_TYPEOF_CURL_OFF_T __int64 -# define CURL_FORMAT_CURL_OFF_T "lld" -# define CURL_FORMAT_CURL_OFF_TU "llu" -# define CURL_SUFFIX_CURL_OFF_T LL -# define CURL_SUFFIX_CURL_OFF_TU ULL -# endif -# define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int - #elif defined(macintosh) # include # if TYPE_LONGLONG @@ -201,14 +178,14 @@ # define CURL_TYPEOF_CURL_SOCKLEN_T int #elif defined(__MINGW32__) +# include # define CURL_TYPEOF_CURL_OFF_T long long -# define CURL_FORMAT_CURL_OFF_T "I64d" -# define CURL_FORMAT_CURL_OFF_TU "I64u" +# define CURL_FORMAT_CURL_OFF_T PRId64 +# define CURL_FORMAT_CURL_OFF_TU PRIu64 # define CURL_SUFFIX_CURL_OFF_T LL # define CURL_SUFFIX_CURL_OFF_TU ULL -# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t +# define CURL_TYPEOF_CURL_SOCKLEN_T int # define CURL_PULL_SYS_TYPES_H 1 -# define CURL_PULL_WS2TCPIP_H 1 #elif defined(__VMS) # if defined(__VAX) @@ -370,7 +347,14 @@ /* ===================================== */ #elif defined(_MSC_VER) -# if (_MSC_VER >= 900) && (_INTEGRAL_MAX_BITS >= 64) +# if (_MSC_VER >= 1800) +# include +# define CURL_TYPEOF_CURL_OFF_T __int64 +# define CURL_FORMAT_CURL_OFF_T PRId64 +# define CURL_FORMAT_CURL_OFF_TU PRIu64 +# define CURL_SUFFIX_CURL_OFF_T i64 +# define CURL_SUFFIX_CURL_OFF_TU ui64 +# elif (_MSC_VER >= 900) && (_INTEGRAL_MAX_BITS >= 64) # define CURL_TYPEOF_CURL_OFF_T __int64 # define CURL_FORMAT_CURL_OFF_T "I64d" # define CURL_FORMAT_CURL_OFF_TU "I64u" @@ -432,15 +416,6 @@ #define CURL_PULL_SYS_POLL_H #endif - -/* CURL_PULL_WS2TCPIP_H is defined above when inclusion of header file */ -/* ws2tcpip.h is required here to properly make type definitions below. */ -#ifdef CURL_PULL_WS2TCPIP_H -# include -# include -# include -#endif - /* CURL_PULL_SYS_TYPES_H is defined above when inclusion of header file */ /* sys/types.h is required here to properly make type definitions below. */ #ifdef CURL_PULL_SYS_TYPES_H diff --git a/include/curl/urlapi.h b/include/curl/urlapi.h index 88cdeb3bc..91f8c4548 100644 --- a/include/curl/urlapi.h +++ b/include/curl/urlapi.h @@ -63,6 +63,7 @@ typedef enum { CURLUE_BAD_SLASHES, /* 28 */ CURLUE_BAD_USER, /* 29 */ CURLUE_LACKS_IDN, /* 30 */ + CURLUE_TOO_LARGE, /* 31 */ CURLUE_LAST } CURLUcode; diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt index 6f849199c..51d52578e 100644 --- a/lib/CMakeLists.txt +++ b/lib/CMakeLists.txt @@ -47,20 +47,25 @@ if(USE_ARES) include_directories(${CARES_INCLUDE_DIR}) endif() -add_library( - curlu # special libcurlu library just for unittests - STATIC - EXCLUDE_FROM_ALL - ${HHEADERS} ${CSOURCES} -) -target_compile_definitions(curlu PUBLIC UNITTESTS CURL_STATICLIB) +if(BUILD_TESTING) + add_library( + curlu # special libcurlu library just for unittests + STATIC + EXCLUDE_FROM_ALL + ${HHEADERS} ${CSOURCES} + ) + target_compile_definitions(curlu PUBLIC UNITTESTS CURL_STATICLIB) +endif() if(ENABLE_CURLDEBUG) # We must compile these sources separately to avoid memdebug.h redefinitions # applying to them. set_source_files_properties(memdebug.c curl_multibyte.c PROPERTIES SKIP_UNITY_BUILD_INCLUSION ON) endif() -target_link_libraries(curlu PRIVATE ${CURL_LIBS}) + +if(BUILD_TESTING) + target_link_libraries(curlu PRIVATE ${CURL_LIBS}) +endif() transform_makefile_inc("Makefile.soname" "${CMAKE_CURRENT_BINARY_DIR}/Makefile.soname.cmake") include(${CMAKE_CURRENT_BINARY_DIR}/Makefile.soname.cmake) diff --git a/lib/Makefile.am b/lib/Makefile.am index 3c0a70912..1237c8e99 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -110,7 +110,7 @@ libcurl_la_CFLAGS_EXTRA += $(CFLAG_CURL_SYMBOL_HIDING) endif libcurl_la_CPPFLAGS = $(AM_CPPFLAGS) $(libcurl_la_CPPFLAGS_EXTRA) -libcurl_la_LDFLAGS = $(AM_LDFLAGS) $(libcurl_la_LDFLAGS_EXTRA) $(LDFLAGS) $(LIBCURL_LIBS) +libcurl_la_LDFLAGS = $(AM_LDFLAGS) $(libcurl_la_LDFLAGS_EXTRA) $(CURL_LDFLAGS_LIB) $(LIBCURL_LIBS) libcurl_la_CFLAGS = $(AM_CFLAGS) $(libcurl_la_CFLAGS_EXTRA) libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_STATICLIB -DUNITTESTS diff --git a/lib/Makefile.inc b/lib/Makefile.inc index e568ef953..627148abe 100644 --- a/lib/Makefile.inc +++ b/lib/Makefile.inc @@ -78,15 +78,19 @@ LIB_VTLS_HFILES = \ LIB_VQUIC_CFILES = \ vquic/curl_msh3.c \ vquic/curl_ngtcp2.c \ + vquic/curl_osslq.c \ vquic/curl_quiche.c \ - vquic/vquic.c + vquic/vquic.c \ + vquic/vquic-tls.c LIB_VQUIC_HFILES = \ vquic/curl_msh3.h \ vquic/curl_ngtcp2.h \ + vquic/curl_osslq.h \ vquic/curl_quiche.h \ vquic/vquic.h \ - vquic/vquic_int.h + vquic/vquic_int.h \ + vquic/vquic-tls.h LIB_VSSH_CFILES = \ vssh/libssh.c \ diff --git a/lib/Makefile.mk b/lib/Makefile.mk index 5071600b5..95f281b7d 100644 --- a/lib/Makefile.mk +++ b/lib/Makefile.mk @@ -24,8 +24,8 @@ # Makefile to build curl parts with GCC-like toolchains and optional features. # -# Usage: [mingw32-]make -f Makefile.mk CFG=-feat1[-feat2][-feat3][...] -# Example: [mingw32-]make -f Makefile.mk CFG=-zlib-ssl-libssh2-ipv6 +# Usage: make -f Makefile.mk CFG=-feat1[-feat2][-feat3][...] +# Example: make -f Makefile.mk CFG=-zlib-ssl-libssh2-ipv6 # # Look for ' ?=' to find all accepted customization variables. @@ -40,10 +40,7 @@ endif CFLAGS ?= CPPFLAGS ?= -RCFLAGS ?= LDFLAGS ?= -CURL_LDFLAGS_BIN ?= -CURL_LDFLAGS_LIB ?= LIBS ?= CROSSPREFIX ?= @@ -53,46 +50,21 @@ ifeq ($(CC),cc) endif CC := $(CROSSPREFIX)$(CC) AR := $(CROSSPREFIX)$(AR) -RC ?= $(CROSSPREFIX)windres - -# For compatibility -ARCH ?= -ifeq ($(ARCH),w64) - TRIPLET := x86_64-w64-mingw32 - CFLAGS += -m64 - LDFLAGS += -m64 - RCFLAGS += --target=pe-x86-64 -else ifdef ARCH - TRIPLET := i686-w64-mingw32 - CFLAGS += -m32 - LDFLAGS += -m32 - RCFLAGS += --target=pe-i386 -else - TRIPLET ?= $(shell $(CC) -dumpmachine) -endif -BIN_EXT := .exe +TRIPLET ?= $(shell $(CC) -dumpmachine) -ifneq ($(findstring -w,$(TRIPLET)),) - WIN32 := 1 -else ifneq ($(findstring msdos,$(TRIPLET)),) +BIN_EXT := + +ifneq ($(findstring msdos,$(TRIPLET)),) # Cross-tools: https://github.com/andrewwutw/build-djgpp MSDOS := 1 + BIN_EXT := .exe else ifneq ($(findstring amigaos,$(TRIPLET)),) # Cross-tools: https://github.com/bebbo/amiga-gcc AMIGA := 1 endif CPPFLAGS += -I. -I$(PROOT)/include -RCFLAGS += -I$(PROOT)/include - -ifndef WIN32 - DYN := -endif - -ifdef AMIGA - BIN_EXT := -endif ### Deprecated settings. For compatibility. @@ -115,37 +87,26 @@ ifneq ($(findstring -map,$(CFG)),) MAP := 1 endif -ifdef WIN32 - ifneq ($(findstring -unicode,$(CFG)),) - CPPFLAGS += -DUNICODE -D_UNICODE - CURL_LDFLAGS_BIN += -municode - endif -endif - # CPPFLAGS below are only necessary when building libcurl via 'lib' (see # comments below about exceptions). Always include them anyway to match # behavior of other build systems. -# Linker options to exclude for shared mode executables. -_LDFLAGS := -_LIBS := - ifneq ($(findstring -sync,$(CFG)),) CPPFLAGS += -DUSE_SYNC_DNS else ifneq ($(findstring -ares,$(CFG)),) LIBCARES_PATH ?= $(PROOT)/../c-ares CPPFLAGS += -DUSE_ARES CPPFLAGS += -I"$(LIBCARES_PATH)/include" - _LDFLAGS += -L"$(LIBCARES_PATH)/lib" - _LIBS += -lcares + LDFLAGS += -L"$(LIBCARES_PATH)/lib" + LIBS += -lcares endif ifneq ($(findstring -rtmp,$(CFG)),) LIBRTMP_PATH ?= $(PROOT)/../librtmp CPPFLAGS += -DUSE_LIBRTMP CPPFLAGS += -I"$(LIBRTMP_PATH)" - _LDFLAGS += -L"$(LIBRTMP_PATH)/librtmp" - _LIBS += -lrtmp -lwinmm + LDFLAGS += -L"$(LIBRTMP_PATH)/librtmp" + LIBS += -lrtmp ZLIB := 1 endif @@ -153,23 +114,20 @@ ifneq ($(findstring -ssh2,$(CFG)),) LIBSSH2_PATH ?= $(PROOT)/../libssh2 CPPFLAGS += -DUSE_LIBSSH2 CPPFLAGS += -I"$(LIBSSH2_PATH)/include" - _LDFLAGS += -L"$(LIBSSH2_PATH)/lib" - ifdef WIN32 - _LDFLAGS += -L"$(LIBSSH2_PATH)/win32" - endif - _LIBS += -lssh2 + LDFLAGS += -L"$(LIBSSH2_PATH)/lib" + LIBS += -lssh2 else ifneq ($(findstring -libssh,$(CFG)),) LIBSSH_PATH ?= $(PROOT)/../libssh CPPFLAGS += -DUSE_LIBSSH CPPFLAGS += -I"$(LIBSSH_PATH)/include" - _LDFLAGS += -L"$(LIBSSH_PATH)/lib" - _LIBS += -lssh + LDFLAGS += -L"$(LIBSSH_PATH)/lib" + LIBS += -lssh else ifneq ($(findstring -wolfssh,$(CFG)),) WOLFSSH_PATH ?= $(PROOT)/../wolfssh CPPFLAGS += -DUSE_WOLFSSH CPPFLAGS += -I"$(WOLFSSH_PATH)/include" - _LDFLAGS += -L"$(WOLFSSH_PATH)/lib" - _LIBS += -lwolfssh + LDFLAGS += -L"$(WOLFSSH_PATH)/lib" + LIBS += -lwolfssh endif ifneq ($(findstring -ssl,$(CFG)),) @@ -179,9 +137,9 @@ ifneq ($(findstring -ssl,$(CFG)),) OPENSSL_INCLUDE ?= $(OPENSSL_PATH)/include OPENSSL_LIBPATH ?= $(OPENSSL_PATH)/lib CPPFLAGS += -I"$(OPENSSL_INCLUDE)" - _LDFLAGS += -L"$(OPENSSL_LIBPATH)" + LDFLAGS += -L"$(OPENSSL_LIBPATH)" OPENSSL_LIBS ?= -lssl -lcrypto - _LIBS += $(OPENSSL_LIBS) + LIBS += $(OPENSSL_LIBS) ifneq ($(findstring -srp,$(CFG)),) ifneq ($(wildcard $(OPENSSL_INCLUDE)/openssl/srp.h),) @@ -196,20 +154,16 @@ ifneq ($(findstring -wolfssl,$(CFG)),) CPPFLAGS += -DUSE_WOLFSSL CPPFLAGS += -DSIZEOF_LONG_LONG=8 CPPFLAGS += -I"$(WOLFSSL_PATH)/include" - _LDFLAGS += -L"$(WOLFSSL_PATH)/lib" - _LIBS += -lwolfssl + LDFLAGS += -L"$(WOLFSSL_PATH)/lib" + LIBS += -lwolfssl SSLLIBS += 1 endif ifneq ($(findstring -mbedtls,$(CFG)),) MBEDTLS_PATH ?= $(PROOT)/../mbedtls CPPFLAGS += -DUSE_MBEDTLS CPPFLAGS += -I"$(MBEDTLS_PATH)/include" - _LDFLAGS += -L"$(MBEDTLS_PATH)/lib" - _LIBS += -lmbedtls -lmbedx509 -lmbedcrypto - SSLLIBS += 1 -endif -ifneq ($(findstring -schannel,$(CFG)),) - CPPFLAGS += -DUSE_SCHANNEL + LDFLAGS += -L"$(MBEDTLS_PATH)/lib" + LIBS += -lmbedtls -lmbedx509 -lmbedcrypto SSLLIBS += 1 endif @@ -217,21 +171,21 @@ ifneq ($(findstring -nghttp2,$(CFG)),) NGHTTP2_PATH ?= $(PROOT)/../nghttp2 CPPFLAGS += -DUSE_NGHTTP2 CPPFLAGS += -I"$(NGHTTP2_PATH)/include" - _LDFLAGS += -L"$(NGHTTP2_PATH)/lib" - _LIBS += -lnghttp2 + LDFLAGS += -L"$(NGHTTP2_PATH)/lib" + LIBS += -lnghttp2 endif ifeq ($(findstring -nghttp3,$(CFG))$(findstring -ngtcp2,$(CFG)),-nghttp3-ngtcp2) NGHTTP3_PATH ?= $(PROOT)/../nghttp3 CPPFLAGS += -DUSE_NGHTTP3 CPPFLAGS += -I"$(NGHTTP3_PATH)/include" - _LDFLAGS += -L"$(NGHTTP3_PATH)/lib" - _LIBS += -lnghttp3 + LDFLAGS += -L"$(NGHTTP3_PATH)/lib" + LIBS += -lnghttp3 NGTCP2_PATH ?= $(PROOT)/../ngtcp2 CPPFLAGS += -DUSE_NGTCP2 CPPFLAGS += -I"$(NGTCP2_PATH)/include" - _LDFLAGS += -L"$(NGTCP2_PATH)/lib" + LDFLAGS += -L"$(NGTCP2_PATH)/lib" NGTCP2_LIBS ?= ifeq ($(NGTCP2_LIBS),) @@ -246,7 +200,7 @@ ifeq ($(findstring -nghttp3,$(CFG))$(findstring -ngtcp2,$(CFG)),-nghttp3-ngtcp2) endif endif - _LIBS += -lngtcp2 $(NGTCP2_LIBS) + LIBS += -lngtcp2 $(NGTCP2_LIBS) endif ifneq ($(findstring -zlib,$(CFG))$(ZLIB),) @@ -254,59 +208,51 @@ ifneq ($(findstring -zlib,$(CFG))$(ZLIB),) # These CPPFLAGS are also required when compiling the curl tool via 'src'. CPPFLAGS += -DHAVE_LIBZ CPPFLAGS += -I"$(ZLIB_PATH)/include" - _LDFLAGS += -L"$(ZLIB_PATH)/lib" + LDFLAGS += -L"$(ZLIB_PATH)/lib" ZLIB_LIBS ?= -lz - _LIBS += $(ZLIB_LIBS) + LIBS += $(ZLIB_LIBS) ZLIB := 1 endif ifneq ($(findstring -zstd,$(CFG)),) ZSTD_PATH ?= $(PROOT)/../zstd CPPFLAGS += -DHAVE_ZSTD CPPFLAGS += -I"$(ZSTD_PATH)/include" - _LDFLAGS += -L"$(ZSTD_PATH)/lib" + LDFLAGS += -L"$(ZSTD_PATH)/lib" ZSTD_LIBS ?= -lzstd - _LIBS += $(ZSTD_LIBS) + LIBS += $(ZSTD_LIBS) endif ifneq ($(findstring -brotli,$(CFG)),) BROTLI_PATH ?= $(PROOT)/../brotli CPPFLAGS += -DHAVE_BROTLI CPPFLAGS += -I"$(BROTLI_PATH)/include" - _LDFLAGS += -L"$(BROTLI_PATH)/lib" + LDFLAGS += -L"$(BROTLI_PATH)/lib" BROTLI_LIBS ?= -lbrotlidec -lbrotlicommon - _LIBS += $(BROTLI_LIBS) + LIBS += $(BROTLI_LIBS) endif ifneq ($(findstring -gsasl,$(CFG)),) LIBGSASL_PATH ?= $(PROOT)/../gsasl CPPFLAGS += -DUSE_GSASL CPPFLAGS += -I"$(LIBGSASL_PATH)/include" - _LDFLAGS += -L"$(LIBGSASL_PATH)/lib" - _LIBS += -lgsasl + LDFLAGS += -L"$(LIBGSASL_PATH)/lib" + LIBS += -lgsasl endif ifneq ($(findstring -idn2,$(CFG)),) LIBIDN2_PATH ?= $(PROOT)/../libidn2 CPPFLAGS += -DUSE_LIBIDN2 CPPFLAGS += -I"$(LIBIDN2_PATH)/include" - _LDFLAGS += -L"$(LIBIDN2_PATH)/lib" - _LIBS += -lidn2 + LDFLAGS += -L"$(LIBIDN2_PATH)/lib" + LIBS += -lidn2 ifneq ($(findstring -psl,$(CFG)),) LIBPSL_PATH ?= $(PROOT)/../libpsl CPPFLAGS += -DUSE_LIBPSL CPPFLAGS += -I"$(LIBPSL_PATH)/include" - _LDFLAGS += -L"$(LIBPSL_PATH)/lib" - _LIBS += -lpsl + LDFLAGS += -L"$(LIBPSL_PATH)/lib" + LIBS += -lpsl endif -else ifneq ($(findstring -winidn,$(CFG)),) - CPPFLAGS += -DUSE_WIN32_IDN - _LIBS += -lnormaliz endif -ifneq ($(findstring -sspi,$(CFG)),) - ifdef WIN32 - CPPFLAGS += -DUSE_WINDOWS_SSPI - endif -endif ifneq ($(findstring -ipv6,$(CFG)),) CPPFLAGS += -DENABLE_IPV6 endif @@ -314,26 +260,14 @@ endif ifneq ($(findstring -watt,$(CFG))$(MSDOS),) WATT_PATH ?= $(PROOT)/../watt CPPFLAGS += -I"$(WATT_PATH)/inc" - _LDFLAGS += -L"$(WATT_PATH)/lib" - _LIBS += -lwatt -endif - -ifdef WIN32 - ifeq ($(findstring -lldap,$(LIBS)),) - _LIBS += -lwldap32 - endif - _LIBS += -lws2_32 -lcrypt32 -lbcrypt + LDFLAGS += -L"$(WATT_PATH)/lib" + LIBS += -lwatt endif ifneq ($(findstring 11,$(subst $(subst ,, ),,$(SSLLIBS))),) CPPFLAGS += -DCURL_WITH_MULTI_SSL endif -ifndef DYN - LDFLAGS += $(_LDFLAGS) - LIBS += $(_LIBS) -endif - ### Common rules OBJ_DIR := $(TRIPLET) @@ -360,9 +294,6 @@ $(OBJ_DIR): $(OBJ_DIR)/%.o: %.c $(CC) -W -Wall $(CFLAGS) $(CPPFLAGS) -c $< -o $@ -$(OBJ_DIR)/%.res: %.rc - $(RC) -O coff $(RCFLAGS) -i $< -o $@ - clean: @$(call DEL, $(TOCLEAN)) @$(RMDIR) $(OBJ_DIR) @@ -375,42 +306,23 @@ distclean vclean: clean ifdef LOCAL CPPFLAGS += -DBUILDING_LIBCURL -ifdef WIN32 -CPPFLAGS += -DCURL_STATICLIB -endif ### Sources and targets -# Provides CSOURCES, HHEADERS, LIB_RCFILES +# Provides CSOURCES, HHEADERS include Makefile.inc vpath %.c vauth vquic vssh vtls libcurl_a_LIBRARY := libcurl.a -ifdef WIN32 -CURL_DLL_SUFFIX ?= -libcurl_dll_LIBRARY := libcurl$(CURL_DLL_SUFFIX).dll -libcurl_dll_a_LIBRARY := libcurl.dll.a -ifeq ($(findstring -trackmem,$(CFG)),) -CURL_LDFLAGS_LIB += $(PROOT)/libcurl.def -endif -ifdef MAP -libcurl_map_LIBRARY := libcurl$(CURL_DLL_SUFFIX).map -CURL_LDFLAGS_LIB += -Wl,-Map,$(libcurl_map_LIBRARY) -endif -endif -TARGETS := $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY) +TARGETS := $(libcurl_a_LIBRARY) libcurl_a_OBJECTS := $(patsubst %.c,$(OBJ_DIR)/%.o,$(notdir $(strip $(CSOURCES)))) libcurl_a_DEPENDENCIES := $(strip $(CSOURCES) $(HHEADERS)) -ifdef WIN32 -libcurl_dll_OBJECTS := $(libcurl_a_OBJECTS) -libcurl_dll_OBJECTS += $(patsubst %.rc,$(OBJ_DIR)/%.res,$(strip $(LIB_RCFILES))) -endif -TOCLEAN := $(libcurl_dll_OBJECTS) -TOVCLEAN := $(libcurl_dll_LIBRARY:.dll=.def) $(libcurl_dll_a_LIBRARY) $(libcurl_map_LIBRARY) +TOCLEAN := +TOVCLEAN := ### Rules @@ -418,9 +330,5 @@ $(libcurl_a_LIBRARY): $(libcurl_a_OBJECTS) $(libcurl_a_DEPENDENCIES) @$(call DEL, $@) $(AR) rcs $@ $(libcurl_a_OBJECTS) -$(libcurl_dll_LIBRARY): $(libcurl_dll_OBJECTS) - $(CC) $(LDFLAGS) -shared $(CURL_LDFLAGS_LIB) -o $@ $(libcurl_dll_OBJECTS) $(LIBS) \ - -Wl,--output-def,$(@:.dll=.def),--out-implib,$(libcurl_dll_a_LIBRARY) - all: $(OBJ_DIR) $(TARGETS) endif diff --git a/lib/altsvc.c b/lib/altsvc.c index 22b0b69c7..e9f62bf0e 100644 --- a/lib/altsvc.c +++ b/lib/altsvc.c @@ -97,7 +97,7 @@ static struct altsvc *altsvc_createid(const char *srchost, unsigned int srcport, unsigned int dstport) { - struct altsvc *as = calloc(sizeof(struct altsvc), 1); + struct altsvc *as = calloc(1, sizeof(struct altsvc)); size_t hlen; size_t dlen; if(!as) @@ -106,9 +106,11 @@ static struct altsvc *altsvc_createid(const char *srchost, dlen = strlen(dsthost); DEBUGASSERT(hlen); DEBUGASSERT(dlen); - if(!hlen || !dlen) + if(!hlen || !dlen) { /* bad input */ + free(as); return NULL; + } if((hlen > 2) && srchost[0] == '[') { /* IPv6 address, strip off brackets */ srchost++; @@ -123,15 +125,13 @@ static struct altsvc *altsvc_createid(const char *srchost, dlen -= 2; } - as->src.host = Curl_memdup(srchost, hlen + 1); + as->src.host = Curl_memdup0(srchost, hlen); if(!as->src.host) goto error; - as->src.host[hlen] = 0; - as->dst.host = Curl_memdup(dsthost, dlen + 1); + as->dst.host = Curl_memdup0(dsthost, dlen); if(!as->dst.host) goto error; - as->dst.host[dlen] = 0; as->src.alpnid = srcalpnid; as->dst.alpnid = dstalpnid; @@ -301,7 +301,7 @@ static CURLcode altsvc_out(struct altsvc *as, FILE *fp) */ struct altsvcinfo *Curl_altsvc_init(void) { - struct altsvcinfo *asi = calloc(sizeof(struct altsvcinfo), 1); + struct altsvcinfo *asi = calloc(1, sizeof(struct altsvcinfo)); if(!asi) return NULL; Curl_llist_init(&asi->list, NULL); @@ -335,9 +335,6 @@ CURLcode Curl_altsvc_load(struct altsvcinfo *asi, const char *file) CURLcode Curl_altsvc_ctrl(struct altsvcinfo *asi, const long ctrl) { DEBUGASSERT(asi); - if(!ctrl) - /* unexpected */ - return CURLE_BAD_FUNCTION_ARGUMENT; asi->flags = ctrl; return CURLE_OK; } diff --git a/lib/arpa_telnet.h b/lib/arpa_telnet.h index de1373800..228b4466e 100644 --- a/lib/arpa_telnet.h +++ b/lib/arpa_telnet.h @@ -56,12 +56,14 @@ static const char * const telnetoptions[]= "TERM SPEED", "LFLOW", "LINEMODE", "XDISPLOC", "OLD-ENVIRON", "AUTHENTICATION", "ENCRYPT", "NEW-ENVIRON" }; +#define CURL_TELOPT(x) telnetoptions[x] +#else +#define CURL_TELOPT(x) "" #endif #define CURL_TELOPT_MAXIMUM CURL_TELOPT_NEW_ENVIRON #define CURL_TELOPT_OK(x) ((x) <= CURL_TELOPT_MAXIMUM) -#define CURL_TELOPT(x) telnetoptions[x] #define CURL_NTELOPTS 40 @@ -103,7 +105,12 @@ static const char * const telnetcmds[]= #define CURL_TELCMD_OK(x) ( ((unsigned int)(x) >= CURL_TELCMD_MINIMUM) && \ ((unsigned int)(x) <= CURL_TELCMD_MAXIMUM) ) + +#ifndef CURL_DISABLE_VERBOSE_STRINGS #define CURL_TELCMD(x) telnetcmds[(x)-CURL_TELCMD_MINIMUM] +#else +#define CURL_TELCMD(x) "" +#endif #endif /* CURL_DISABLE_TELNET */ diff --git a/lib/asyn-ares.c b/lib/asyn-ares.c index e73e41dab..76efba78a 100644 --- a/lib/asyn-ares.c +++ b/lib/asyn-ares.c @@ -60,13 +60,13 @@ #include "progress.h" #include "timediff.h" -# if defined(CURL_STATICLIB) && !defined(CARES_STATICLIB) && \ - defined(WIN32) -# define CARES_STATICLIB -# endif -# include -# include /* really old c-ares didn't include this by - itself */ +#if defined(CURL_STATICLIB) && !defined(CARES_STATICLIB) && \ + defined(_WIN32) +# define CARES_STATICLIB +#endif +#include +#include /* really old c-ares didn't include this by + itself */ #if ARES_VERSION >= 0x010500 /* c-ares 1.5.0 or later, the callback proto is modified */ @@ -173,10 +173,26 @@ CURLcode Curl_resolver_init(struct Curl_easy *easy, void **resolver) int status; struct ares_options options; int optmask = ARES_OPT_SOCK_STATE_CB; + static int ares_ver = 0; options.sock_state_cb = sock_state_cb; options.sock_state_cb_data = easy; - options.timeout = CARES_TIMEOUT_PER_ATTEMPT; - optmask |= ARES_OPT_TIMEOUTMS; + if(ares_ver == 0) + ares_version(&ares_ver); + + if(ares_ver < 0x011400) { /* c-ares included similar change since 1.20.0 */ + options.timeout = CARES_TIMEOUT_PER_ATTEMPT; + optmask |= ARES_OPT_TIMEOUTMS; + } + + /* + if c ares < 1.20.0: curl set timeout to CARES_TIMEOUT_PER_ATTEMPT (2s) + + if c-ares >= 1.20.0 it already has the timeout to 2s, curl does not need + to set the timeout value; + + if c-ares >= 1.24.0, user can set the timeout via /etc/resolv.conf to + overwrite c-ares' timeout. + */ status = ares_init_options((ares_channel*)resolver, &options, optmask); if(status != ARES_SUCCESS) { @@ -755,7 +771,7 @@ struct Curl_addrinfo *Curl_resolver_getaddrinfo(struct Curl_easy *data, size_t namelen = strlen(hostname); *waitp = 0; /* default to synchronous response */ - res = calloc(sizeof(struct thread_data) + namelen, 1); + res = calloc(1, sizeof(struct thread_data) + namelen); if(res) { strcpy(res->hostname, hostname); data->state.async.hostname = res->hostname; @@ -858,6 +874,7 @@ CURLcode Curl_set_dns_servers(struct Curl_easy *data, case ARES_ENODATA: case ARES_EBADSTR: default: + DEBUGF(infof(data, "bad servers set")); result = CURLE_BAD_FUNCTION_ARGUMENT; break; } @@ -896,6 +913,7 @@ CURLcode Curl_set_dns_local_ip4(struct Curl_easy *data, } else { if(Curl_inet_pton(AF_INET, local_ip4, &a4) != 1) { + DEBUGF(infof(data, "bad DNS IPv4 address")); return CURLE_BAD_FUNCTION_ARGUMENT; } } @@ -923,6 +941,7 @@ CURLcode Curl_set_dns_local_ip6(struct Curl_easy *data, } else { if(Curl_inet_pton(AF_INET6, local_ip6, a6) != 1) { + DEBUGF(infof(data, "bad DNS IPv6 address")); return CURLE_BAD_FUNCTION_ARGUMENT; } } diff --git a/lib/asyn-thread.c b/lib/asyn-thread.c index a2e294f8f..d4d382add 100644 --- a/lib/asyn-thread.c +++ b/lib/asyn-thread.c @@ -54,6 +54,7 @@ # define RESOLVER_ENOMEM ENOMEM #endif +#include "system_win32.h" #include "urldata.h" #include "sendf.h" #include "hostip.h" @@ -144,9 +145,22 @@ static bool init_resolve_thread(struct Curl_easy *data, const char *hostname, int port, const struct addrinfo *hints); +#ifdef _WIN32 +/* Thread sync data used by GetAddrInfoExW for win8+ */ +struct thread_sync_data_w8 +{ + OVERLAPPED overlapped; + ADDRINFOEXW_ *res; + HANDLE cancel_ev; + ADDRINFOEXW_ hints; +}; +#endif /* Data for synchronization between resolver thread and its parent */ struct thread_sync_data { +#ifdef _WIN32 + struct thread_sync_data_w8 w8; +#endif curl_mutex_t *mtx; int done; int port; @@ -165,6 +179,9 @@ struct thread_sync_data { }; struct thread_data { +#ifdef _WIN32 + HANDLE complete_ev; +#endif curl_thread_t thread_hnd; unsigned int poll_interval; timediff_t interval_end; @@ -196,7 +213,7 @@ void destroy_thread_sync_data(struct thread_sync_data *tsd) * the other end (for reading) is always closed in the parent thread. */ if(tsd->sock_pair[1] != CURL_SOCKET_BAD) { - sclose(tsd->sock_pair[1]); + wakeup_close(tsd->sock_pair[1]); } #endif memset(tsd, 0, sizeof(*tsd)); @@ -233,8 +250,8 @@ int init_thread_sync_data(struct thread_data *td, Curl_mutex_init(tsd->mtx); #ifndef CURL_DISABLE_SOCKETPAIR - /* create socket pair, avoid AF_LOCAL since it doesn't build on Solaris */ - if(Curl_socketpair(AF_UNIX, SOCK_STREAM, 0, &tsd->sock_pair[0]) < 0) { + /* create socket pair or pipe */ + if(wakeup_create(&tsd->sock_pair[0]) < 0) { tsd->sock_pair[0] = CURL_SOCKET_BAD; tsd->sock_pair[1] = CURL_SOCKET_BAD; goto err_exit; @@ -254,7 +271,7 @@ int init_thread_sync_data(struct thread_data *td, err_exit: #ifndef CURL_DISABLE_SOCKETPAIR if(tsd->sock_pair[0] != CURL_SOCKET_BAD) { - sclose(tsd->sock_pair[0]); + wakeup_close(tsd->sock_pair[0]); tsd->sock_pair[0] = CURL_SOCKET_BAD; } #endif @@ -276,6 +293,151 @@ static CURLcode getaddrinfo_complete(struct Curl_easy *data) return result; } +#ifdef _WIN32 +static VOID WINAPI +query_complete(DWORD err, DWORD bytes, LPWSAOVERLAPPED overlapped) +{ + size_t ss_size; + const ADDRINFOEXW_ *ai; + struct Curl_addrinfo *ca; + struct Curl_addrinfo *cafirst = NULL; + struct Curl_addrinfo *calast = NULL; +#ifdef __clang__ +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wcast-align" +#endif + struct thread_sync_data *tsd = + CONTAINING_RECORD(overlapped, struct thread_sync_data, w8.overlapped); +#ifdef __clang__ +#pragma clang diagnostic pop +#endif + struct thread_data *td = tsd->td; + const ADDRINFOEXW_ *res = tsd->w8.res; + int error = (int)err; + (void)bytes; + + if(error == ERROR_SUCCESS) { + /* traverse the addrinfo list */ + + for(ai = res; ai != NULL; ai = ai->ai_next) { + size_t namelen = ai->ai_canonname ? wcslen(ai->ai_canonname) + 1 : 0; + /* ignore elements with unsupported address family, */ + /* settle family-specific sockaddr structure size. */ + if(ai->ai_family == AF_INET) + ss_size = sizeof(struct sockaddr_in); +#ifdef ENABLE_IPV6 + else if(ai->ai_family == AF_INET6) + ss_size = sizeof(struct sockaddr_in6); +#endif + else + continue; + + /* ignore elements without required address info */ + if(!ai->ai_addr || !(ai->ai_addrlen > 0)) + continue; + + /* ignore elements with bogus address size */ + if((size_t)ai->ai_addrlen < ss_size) + continue; + + ca = malloc(sizeof(struct Curl_addrinfo) + ss_size + namelen); + if(!ca) { + error = EAI_MEMORY; + break; + } + + /* copy each structure member individually, member ordering, */ + /* size, or padding might be different for each platform. */ + ca->ai_flags = ai->ai_flags; + ca->ai_family = ai->ai_family; + ca->ai_socktype = ai->ai_socktype; + ca->ai_protocol = ai->ai_protocol; + ca->ai_addrlen = (curl_socklen_t)ss_size; + ca->ai_addr = NULL; + ca->ai_canonname = NULL; + ca->ai_next = NULL; + + ca->ai_addr = (void *)((char *)ca + sizeof(struct Curl_addrinfo)); + memcpy(ca->ai_addr, ai->ai_addr, ss_size); + + if(namelen) { + size_t i; + ca->ai_canonname = (void *)((char *)ca->ai_addr + ss_size); + for(i = 0; i < namelen; ++i) /* convert wide string to ascii */ + ca->ai_canonname[i] = (char)ai->ai_canonname[i]; + ca->ai_canonname[namelen] = '\0'; + } + + /* if the return list is empty, this becomes the first element */ + if(!cafirst) + cafirst = ca; + + /* add this element last in the return list */ + if(calast) + calast->ai_next = ca; + calast = ca; + } + + /* if we failed, also destroy the Curl_addrinfo list */ + if(error) { + Curl_freeaddrinfo(cafirst); + cafirst = NULL; + } + else if(!cafirst) { +#ifdef EAI_NONAME + /* rfc3493 conformant */ + error = EAI_NONAME; +#else + /* rfc3493 obsoleted */ + error = EAI_NODATA; +#endif +#ifdef USE_WINSOCK + SET_SOCKERRNO(error); +#endif + } + tsd->res = cafirst; + } + + if(tsd->w8.res) { + Curl_FreeAddrInfoExW(tsd->w8.res); + tsd->w8.res = NULL; + } + + if(error) { + tsd->sock_error = SOCKERRNO?SOCKERRNO:error; + if(tsd->sock_error == 0) + tsd->sock_error = RESOLVER_ENOMEM; + } + else { + Curl_addrinfo_set_port(tsd->res, tsd->port); + } + + Curl_mutex_acquire(tsd->mtx); + if(tsd->done) { + /* too late, gotta clean up the mess */ + Curl_mutex_release(tsd->mtx); + destroy_thread_sync_data(tsd); + free(td); + } + else { +#ifndef CURL_DISABLE_SOCKETPAIR + char buf[1]; + if(tsd->sock_pair[1] != CURL_SOCKET_BAD) { + /* DNS has been resolved, signal client task */ + buf[0] = 1; + if(swrite(tsd->sock_pair[1], buf, sizeof(buf)) < 0) { + /* update sock_erro to errno */ + tsd->sock_error = SOCKERRNO; + } + } +#endif + tsd->done = 1; + Curl_mutex_release(tsd->mtx); + if(td->complete_ev) + SetEvent(td->complete_ev); /* Notify caller that the query completed */ + } +} +#endif #ifdef HAVE_GETADDRINFO @@ -320,7 +482,7 @@ static unsigned int CURL_STDCALL getaddrinfo_thread(void *arg) if(tsd->sock_pair[1] != CURL_SOCKET_BAD) { /* DNS has been resolved, signal client task */ buf[0] = 1; - if(swrite(tsd->sock_pair[1], buf, sizeof(buf)) < 0) { + if(wakeup_write(tsd->sock_pair[1], buf, sizeof(buf)) < 0) { /* update sock_erro to errno */ tsd->sock_error = SOCKERRNO; } @@ -391,9 +553,21 @@ static void destroy_async_data(struct Curl_async *async) Curl_mutex_release(td->tsd.mtx); if(!done) { +#ifdef _WIN32 + if(td->complete_ev) + CloseHandle(td->complete_ev); + else +#endif Curl_thread_destroy(td->thread_hnd); } else { +#ifdef _WIN32 + if(td->complete_ev) { + Curl_GetAddrInfoExCancel(&td->tsd.w8.cancel_ev); + WaitForSingleObject(td->complete_ev, INFINITE); + CloseHandle(td->complete_ev); + } +#endif if(td->thread_hnd != curl_thread_t_null) Curl_thread_join(&td->thread_hnd); @@ -439,6 +613,9 @@ static bool init_resolve_thread(struct Curl_easy *data, asp->status = 0; asp->dns = NULL; td->thread_hnd = curl_thread_t_null; +#ifdef _WIN32 + td->complete_ev = NULL; +#endif if(!init_thread_sync_data(td, hostname, port, hints)) { asp->tdata = NULL; @@ -454,6 +631,41 @@ static bool init_resolve_thread(struct Curl_easy *data, /* The thread will set this to 1 when complete. */ td->tsd.done = 0; +#ifdef _WIN32 + if(Curl_isWindows8OrGreater && Curl_FreeAddrInfoExW && + Curl_GetAddrInfoExCancel && Curl_GetAddrInfoExW) { +#define MAX_NAME_LEN 256 /* max domain name is 253 chars */ +#define MAX_PORT_LEN 8 + WCHAR namebuf[MAX_NAME_LEN]; + WCHAR portbuf[MAX_PORT_LEN]; + /* calculate required length */ + int w_len = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, hostname, + -1, NULL, 0); + if((w_len > 0) && (w_len < MAX_NAME_LEN)) { + /* do utf8 conversion */ + w_len = MultiByteToWideChar(CP_UTF8, 0, hostname, -1, namebuf, w_len); + if((w_len > 0) && (w_len < MAX_NAME_LEN)) { + swprintf(portbuf, MAX_PORT_LEN, L"%d", port); + td->tsd.w8.hints.ai_family = hints->ai_family; + td->tsd.w8.hints.ai_socktype = hints->ai_socktype; + td->complete_ev = CreateEvent(NULL, TRUE, FALSE, NULL); + if(!td->complete_ev) { + /* failed to start, mark it as done here for proper cleanup. */ + td->tsd.done = 1; + goto err_exit; + } + err = Curl_GetAddrInfoExW(namebuf, portbuf, NS_DNS, + NULL, &td->tsd.w8.hints, &td->tsd.w8.res, + NULL, &td->tsd.w8.overlapped, + &query_complete, &td->tsd.w8.cancel_ev); + if(err != WSA_IO_PENDING) + query_complete(err, 0, &td->tsd.w8.overlapped); + return TRUE; + } + } + } +#endif + #ifdef HAVE_GETADDRINFO td->thread_hnd = Curl_thread_create(getaddrinfo_thread, &td->tsd); #else @@ -490,9 +702,22 @@ static CURLcode thread_wait_resolv(struct Curl_easy *data, DEBUGASSERT(data); td = data->state.async.tdata; DEBUGASSERT(td); +#ifdef _WIN32 + DEBUGASSERT(td->complete_ev || td->thread_hnd != curl_thread_t_null); +#else DEBUGASSERT(td->thread_hnd != curl_thread_t_null); +#endif /* wait for the thread to resolve the name */ +#ifdef _WIN32 + if(td->complete_ev) { + WaitForSingleObject(td->complete_ev, INFINITE); + CloseHandle(td->complete_ev); + if(entry) + result = getaddrinfo_complete(data); + } + else +#endif if(Curl_thread_join(&td->thread_hnd)) { if(entry) result = getaddrinfo_complete(data); diff --git a/lib/base64.c b/lib/base64.c index 2a49b5acd..919eb6235 100644 --- a/lib/base64.c +++ b/lib/base64.c @@ -31,6 +31,7 @@ !defined(CURL_DISABLE_SMTP) || \ !defined(CURL_DISABLE_POP3) || \ !defined(CURL_DISABLE_IMAP) || \ + !defined(CURL_DISABLE_DIGEST_AUTH) || \ !defined(CURL_DISABLE_DOH) || defined(USE_SSL) || defined(BUILDING_CURL) #include "curl/curl.h" #include "warnless.h" diff --git a/lib/bufref.c b/lib/bufref.c index ce686b6f3..f0a0e2a7d 100644 --- a/lib/bufref.c +++ b/lib/bufref.c @@ -25,6 +25,7 @@ #include "curl_setup.h" #include "urldata.h" #include "bufref.h" +#include "strdup.h" #include "curl_memory.h" #include "memdebug.h" @@ -116,12 +117,9 @@ CURLcode Curl_bufref_memdup(struct bufref *br, const void *ptr, size_t len) DEBUGASSERT(len <= CURL_MAX_INPUT_LENGTH); if(ptr) { - cpy = malloc(len + 1); + cpy = Curl_memdup0(ptr, len); if(!cpy) return CURLE_OUT_OF_MEMORY; - if(len) - memcpy(cpy, ptr, len); - cpy[len] = '\0'; } Curl_bufref_set(br, cpy, len, curl_free); diff --git a/lib/c-hyper.c b/lib/c-hyper.c index 5726ff1cc..d02ecd73a 100644 --- a/lib/c-hyper.c +++ b/lib/c-hyper.c @@ -22,6 +22,10 @@ * ***************************************************************************/ +/* Curl's integration with Hyper. This replaces certain functions in http.c, + * based on configuration #defines. This implementation supports HTTP/1.1 but + * not HTTP/2. + */ #include "curl_setup.h" #if !defined(CURL_DISABLE_HTTP) && defined(USE_HYPER) @@ -144,7 +148,7 @@ static int hyper_each_header(void *userdata, if(name_len + value_len + 2 > CURL_MAX_HTTP_HEADER) { failf(data, "Too long response header"); - data->state.hresult = CURLE_OUT_OF_MEMORY; + data->state.hresult = CURLE_TOO_LARGE; return HYPER_ITER_BREAK; } @@ -172,17 +176,15 @@ static int hyper_each_header(void *userdata, Curl_debug(data, CURLINFO_HEADER_IN, headp, len); - if(!data->state.hconnect || !data->set.suppress_connect_headers) { - writetype = CLIENTWRITE_HEADER; - if(data->state.hconnect) - writetype |= CLIENTWRITE_CONNECT; - if(data->req.httpcode/100 == 1) - writetype |= CLIENTWRITE_1XX; - result = Curl_client_write(data, writetype, headp, len); - if(result) { - data->state.hresult = CURLE_ABORTED_BY_CALLBACK; - return HYPER_ITER_BREAK; - } + writetype = CLIENTWRITE_HEADER; + if(data->state.hconnect) + writetype |= CLIENTWRITE_CONNECT; + if(data->req.httpcode/100 == 1) + writetype |= CLIENTWRITE_1XX; + result = Curl_client_write(data, writetype, headp, len); + if(result) { + data->state.hresult = CURLE_ABORTED_BY_CALLBACK; + return HYPER_ITER_BREAK; } result = Curl_bump_headersize(data, len, FALSE); @@ -201,7 +203,7 @@ static int hyper_body_chunk(void *userdata, const hyper_buf *chunk) struct SingleRequest *k = &data->req; CURLcode result = CURLE_OK; - if(0 == k->bodywrites++) { + if(0 == k->bodywrites) { bool done = FALSE; #if defined(USE_NTLM) struct connectdata *conn = data->conn; @@ -241,11 +243,6 @@ static int hyper_body_chunk(void *userdata, const hyper_buf *chunk) return HYPER_ITER_BREAK; } } - if(k->ignorebody) - return HYPER_ITER_CONTINUE; - if(0 == len) - return HYPER_ITER_CONTINUE; - Curl_debug(data, CURLINFO_DATA_IN, buf, len); result = Curl_client_write(data, CLIENTWRITE_BODY, buf, len); if(result) { @@ -253,12 +250,6 @@ static int hyper_body_chunk(void *userdata, const hyper_buf *chunk) return HYPER_ITER_BREAK; } - data->req.bytecount += len; - result = Curl_pgrsSetDownloadCounter(data, data->req.bytecount); - if(result) { - data->state.hresult = result; - return HYPER_ITER_BREAK; - } return HYPER_ITER_CONTINUE; } @@ -310,13 +301,14 @@ static CURLcode status_line(struct Curl_easy *data, Curl_debug(data, CURLINFO_HEADER_IN, Curl_dyn_ptr(&data->state.headerb), len); - if(!data->state.hconnect || !data->set.suppress_connect_headers) { - writetype = CLIENTWRITE_HEADER|CLIENTWRITE_STATUS; - result = Curl_client_write(data, writetype, - Curl_dyn_ptr(&data->state.headerb), len); - if(result) - return result; - } + writetype = CLIENTWRITE_HEADER|CLIENTWRITE_STATUS; + if(data->state.hconnect) + writetype |= CLIENTWRITE_CONNECT; + result = Curl_client_write(data, writetype, + Curl_dyn_ptr(&data->state.headerb), len); + if(result) + return result; + result = Curl_bump_headersize(data, len, FALSE); return result; } @@ -333,6 +325,9 @@ static CURLcode empty_header(struct Curl_easy *data) CURLE_WRITE_ERROR : CURLE_OK; if(result) failf(data, "hyperstream: couldn't pass blank header"); + /* Hyper does chunked decoding itself. If it was added during + * response header processing, remove it again. */ + Curl_cwriter_remove_by_name(data, "chunked"); } return result; } @@ -551,11 +546,9 @@ CURLcode Curl_hyper_stream(struct Curl_easy *data, static CURLcode debug_request(struct Curl_easy *data, const char *method, - const char *path, - bool h2) + const char *path) { - char *req = aprintf("%s %s HTTP/%s\r\n", method, path, - h2?"2":"1.1"); + char *req = aprintf("%s %s HTTP/1.1\r\n", method, path); if(!req) return CURLE_OUT_OF_MEMORY; Curl_debug(data, CURLINFO_HEADER_OUT, req, strlen(req)); @@ -637,7 +630,6 @@ CURLcode Curl_hyper_header(struct Curl_easy *data, hyper_headers *headers, static CURLcode request_target(struct Curl_easy *data, struct connectdata *conn, const char *method, - bool h2, hyper_request *req) { CURLcode result; @@ -649,26 +641,13 @@ static CURLcode request_target(struct Curl_easy *data, if(result) return result; - if(h2 && hyper_request_set_uri_parts(req, - /* scheme */ - (uint8_t *)data->state.up.scheme, - strlen(data->state.up.scheme), - /* authority */ - (uint8_t *)conn->host.name, - strlen(conn->host.name), - /* path_and_query */ - (uint8_t *)Curl_dyn_uptr(&r), - Curl_dyn_len(&r))) { - failf(data, "error setting uri parts to hyper"); - result = CURLE_OUT_OF_MEMORY; - } - else if(!h2 && hyper_request_set_uri(req, (uint8_t *)Curl_dyn_uptr(&r), + if(hyper_request_set_uri(req, (uint8_t *)Curl_dyn_uptr(&r), Curl_dyn_len(&r))) { failf(data, "error setting uri to hyper"); result = CURLE_OUT_OF_MEMORY; } else - result = debug_request(data, method, Curl_dyn_ptr(&r), h2); + result = debug_request(data, method, Curl_dyn_ptr(&r)); Curl_dyn_free(&r); @@ -899,7 +878,6 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) const char *p_accept; /* Accept: string */ const char *method; Curl_HttpReq httpreq; - bool h2 = FALSE; const char *te = NULL; /* transfer-encoding */ hyper_code rc; @@ -907,6 +885,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) may be parts of the request that is not yet sent, since we can deal with the rest of the request in the PERFORM phase. */ *done = TRUE; + Curl_client_cleanup(data); infof(data, "Time for the Hyper dance"); memset(h, 0, sizeof(struct hyptransfer)); @@ -917,6 +896,8 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) Curl_http_method(data, conn, &method, &httpreq); + DEBUGASSERT(data->req.bytecount == 0); + /* setup the authentication headers */ { char *pq = NULL; @@ -972,8 +953,9 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) goto error; } if(conn->alpn == CURL_HTTP_VERSION_2) { - hyper_clientconn_options_http2(options, 1); - h2 = TRUE; + failf(data, "ALPN protocol h2 not supported with Hyper"); + result = CURLE_UNSUPPORTED_PROTOCOL; + goto error; } hyper_clientconn_options_set_preserve_header_case(options, 1); hyper_clientconn_options_set_preserve_header_order(options, 1); @@ -1024,7 +1006,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) } } else { - if(!h2 && !data->state.disableexpect) { + if(!data->state.disableexpect) { data->state.expect100header = TRUE; } } @@ -1035,7 +1017,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) goto error; } - result = request_target(data, conn, method, h2, req); + result = request_target(data, conn, method, req); if(result) goto error; @@ -1056,19 +1038,10 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(result) goto error; - if(!h2) { - if(data->state.aptr.host) { - result = Curl_hyper_header(data, headers, data->state.aptr.host); - if(result) - goto error; - } - } - else { - /* For HTTP/2, we show the Host: header as if we sent it, to make it look - like for HTTP/1 but it isn't actually sent since :authority is then - used. */ - Curl_debug(data, CURLINFO_HEADER_OUT, data->state.aptr.host, - strlen(data->state.aptr.host)); + if(data->state.aptr.host) { + result = Curl_hyper_header(data, headers, data->state.aptr.host); + if(result) + goto error; } if(data->state.aptr.proxyuserpwd) { diff --git a/lib/cf-h1-proxy.c b/lib/cf-h1-proxy.c index 674802114..167e5315a 100644 --- a/lib/cf-h1-proxy.c +++ b/lib/cf-h1-proxy.c @@ -70,6 +70,7 @@ struct h1_tunnel_state { struct dynbuf request_data; size_t nsent; size_t headerlines; + struct Curl_chunker ch; enum keeponval { KEEPON_DONE, KEEPON_CONNECT, @@ -133,6 +134,7 @@ static CURLcode tunnel_init(struct Curl_cfilter *cf, Curl_dyn_init(&ts->rcvbuf, DYN_PROXY_CONNECT_HEADERS); Curl_dyn_init(&ts->request_data, DYN_HTTP_REQUEST); + Curl_httpchunk_init(data, &ts->ch, TRUE); *pts = ts; connkeep(cf->conn, "HTTP proxy CONNECT"); @@ -146,14 +148,6 @@ static void h1_tunnel_go_state(struct Curl_cfilter *cf, { if(ts->tunnel_state == new_state) return; - /* leaving this one */ - switch(ts->tunnel_state) { - case H1_TUNNEL_CONNECT: - data->req.ignorebody = FALSE; - break; - default: - break; - } /* entering this one */ switch(new_state) { case H1_TUNNEL_INIT: @@ -183,7 +177,7 @@ static void h1_tunnel_go_state(struct Curl_cfilter *cf, infof(data, "CONNECT phase completed"); data->state.authproxy.done = TRUE; data->state.authproxy.multipass = FALSE; - /* FALLTHROUGH */ + FALLTHROUGH(); case H1_TUNNEL_FAILED: if(new_state == H1_TUNNEL_FAILED) CURL_TRC_CF(data, cf, "new tunnel state 'failed'"); @@ -212,6 +206,7 @@ static void tunnel_free(struct Curl_cfilter *cf, h1_tunnel_go_state(cf, ts, H1_TUNNEL_FAILED, data); Curl_dyn_free(&ts->rcvbuf); Curl_dyn_free(&ts->request_data); + Curl_httpchunk_free(data, &ts->ch); free(ts); cf->ctx = NULL; } @@ -344,8 +339,8 @@ static CURLcode on_resp_header(struct Curl_cfilter *cf, STRCONST("chunked"))) { infof(data, "CONNECT responded chunked"); ts->chunked_encoding = TRUE; - /* init our chunky engine */ - Curl_httpchunk_init(data); + /* reset our chunky engine */ + Curl_httpchunk_reset(data, &ts->ch, TRUE); } } else if(Curl_compareheader(header, @@ -373,8 +368,8 @@ static CURLcode recv_CONNECT_resp(struct Curl_cfilter *cf, struct SingleRequest *k = &data->req; curl_socket_t tunnelsocket = Curl_conn_cf_get_socket(cf, data); char *linep; - size_t perline; - int error; + size_t line_len; + int error, writetype; #define SELECT_OK 0 #define SELECT_ERROR 1 @@ -386,12 +381,12 @@ static CURLcode recv_CONNECT_resp(struct Curl_cfilter *cf, return CURLE_OK; while(ts->keepon) { - ssize_t gotbytes; + ssize_t nread; char byte; /* Read one byte at a time to avoid a race condition. Wait at most one second before looping to ensure continuous pgrsUpdates. */ - result = Curl_read(data, tunnelsocket, &byte, 1, &gotbytes); + result = Curl_read(data, tunnelsocket, &byte, 1, &nread); if(result == CURLE_AGAIN) /* socket buffer drained, return */ return CURLE_OK; @@ -404,7 +399,7 @@ static CURLcode recv_CONNECT_resp(struct Curl_cfilter *cf, break; } - if(gotbytes <= 0) { + if(nread <= 0) { if(data->set.proxyauth && data->state.authproxy.avail && data->state.aptr.proxyuserpwd) { /* proxy auth was requested and there was proxy auth available, @@ -432,17 +427,17 @@ static CURLcode recv_CONNECT_resp(struct Curl_cfilter *cf, break; } } - else { + else if(ts->chunked_encoding) { /* chunked-encoded body, so we need to do the chunked dance properly to know when the end of the body is reached */ - CHUNKcode r; - CURLcode extra; - ssize_t tookcareof = 0; + size_t consumed = 0; /* now parse the chunked piece of data so that we can properly tell when the stream ends */ - r = Curl_httpchunk_read(data, &byte, 1, &tookcareof, &extra); - if(r == CHUNKE_STOP) { + result = Curl_httpchunk_read(data, &ts->ch, &byte, 1, &consumed); + if(result) + return result; + if(Curl_httpchunk_is_done(data, &ts->ch)) { /* we're done reading chunks! */ infof(data, "chunk reading DONE"); ts->keepon = KEEPON_DONE; @@ -462,22 +457,19 @@ static CURLcode recv_CONNECT_resp(struct Curl_cfilter *cf, ts->headerlines++; linep = Curl_dyn_ptr(&ts->rcvbuf); - perline = Curl_dyn_len(&ts->rcvbuf); /* amount of bytes in this line */ + line_len = Curl_dyn_len(&ts->rcvbuf); /* amount of bytes in this line */ /* output debug if that is requested */ - Curl_debug(data, CURLINFO_HEADER_IN, linep, perline); + Curl_debug(data, CURLINFO_HEADER_IN, linep, line_len); - if(!data->set.suppress_connect_headers) { - /* send the header to the callback */ - int writetype = CLIENTWRITE_HEADER | CLIENTWRITE_CONNECT | - (ts->headerlines == 1 ? CLIENTWRITE_STATUS : 0); - - result = Curl_client_write(data, writetype, linep, perline); - if(result) - return result; - } + /* send the header to the callback */ + writetype = CLIENTWRITE_HEADER | CLIENTWRITE_CONNECT | + (ts->headerlines == 1 ? CLIENTWRITE_STATUS : 0); + result = Curl_client_write(data, writetype, linep, line_len); + if(result) + return result; - result = Curl_bump_headersize(data, perline, TRUE); + result = Curl_bump_headersize(data, line_len, TRUE); if(result) return result; @@ -500,29 +492,7 @@ static CURLcode recv_CONNECT_resp(struct Curl_cfilter *cf, " bytes of response-body", ts->cl); } else if(ts->chunked_encoding) { - CHUNKcode r; - CURLcode extra; - infof(data, "Ignore chunked response-body"); - - /* We set ignorebody true here since the chunked decoder - function will acknowledge that. Pay attention so that this is - cleared again when this function returns! */ - k->ignorebody = TRUE; - - if(linep[1] == '\n') - /* this can only be a LF if the letter at index 0 was a CR */ - linep++; - - /* now parse the chunked piece of data so that we can properly - tell when the stream ends */ - r = Curl_httpchunk_read(data, linep + 1, 1, &gotbytes, - &extra); - if(r == CHUNKE_STOP) { - /* we're done reading chunks! */ - infof(data, "chunk reading DONE"); - ts->keepon = KEEPON_DONE; - } } else { /* without content-length or chunked encoding, we @@ -755,7 +725,7 @@ static CURLcode start_CONNECT(struct Curl_cfilter *cf, } if(!Curl_checkProxyheaders(data, conn, STRCONST("User-Agent")) && - data->set.str[STRING_USERAGENT]) { + data->set.str[STRING_USERAGENT] && *data->set.str[STRING_USERAGENT]) { struct dynbuf ua; Curl_dyn_init(&ua, DYN_HTTP_REQUEST); result = Curl_dyn_addf(&ua, "User-Agent: %s\r\n", @@ -915,7 +885,7 @@ static CURLcode H1_CONNECT(struct Curl_cfilter *cf, if(result) goto out; h1_tunnel_go_state(cf, ts, H1_TUNNEL_CONNECT, data); - /* FALLTHROUGH */ + FALLTHROUGH(); case H1_TUNNEL_CONNECT: /* see that the request is completely sent */ @@ -924,7 +894,7 @@ static CURLcode H1_CONNECT(struct Curl_cfilter *cf, if(result || !done) goto out; h1_tunnel_go_state(cf, ts, H1_TUNNEL_RECEIVE, data); - /* FALLTHROUGH */ + FALLTHROUGH(); case H1_TUNNEL_RECEIVE: /* read what is there */ @@ -939,7 +909,7 @@ static CURLcode H1_CONNECT(struct Curl_cfilter *cf, goto out; /* got it */ h1_tunnel_go_state(cf, ts, H1_TUNNEL_RESPONSE, data); - /* FALLTHROUGH */ + FALLTHROUGH(); case H1_TUNNEL_RESPONSE: CURL_TRC_CF(data, cf, "CONNECT response"); @@ -1033,36 +1003,42 @@ out: *done = (result == CURLE_OK) && tunnel_is_established(cf->ctx); if(*done) { cf->connected = TRUE; + /* Restore `data->req` fields that may habe been touched */ + data->req.header = TRUE; /* assume header */ + data->req.bytecount = 0; + data->req.ignorebody = FALSE; + Curl_client_cleanup(data); + Curl_pgrsSetUploadCounter(data, 0); + Curl_pgrsSetDownloadCounter(data, 0); + tunnel_free(cf, data); } return result; } -static int cf_h1_proxy_get_select_socks(struct Curl_cfilter *cf, +static void cf_h1_proxy_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, - curl_socket_t *socks) + struct easy_pollset *ps) { struct h1_tunnel_state *ts = cf->ctx; - int fds; - fds = cf->next->cft->get_select_socks(cf->next, data, socks); - if(!fds && cf->next->connected && !cf->connected) { + if(!cf->connected) { /* If we are not connected, but the filter "below" is * and not waiting on something, we are tunneling. */ - socks[0] = Curl_conn_cf_get_socket(cf, data); + curl_socket_t sock = Curl_conn_cf_get_socket(cf, data); if(ts) { /* when we've sent a CONNECT to a proxy, we should rather either wait for the socket to become readable to be able to get the response headers or if we're still sending the request, wait for write. */ - if(ts->CONNECT.sending == HTTPSEND_REQUEST) { - return GETSOCK_WRITESOCK(0); - } - return GETSOCK_READSOCK(0); + if(ts->CONNECT.sending == HTTPSEND_REQUEST) + Curl_pollset_set_out_only(data, ps, sock); + else + Curl_pollset_set_in_only(data, ps, sock); } - return GETSOCK_WRITESOCK(0); + else + Curl_pollset_set_out_only(data, ps, sock); } - return fds; } static void cf_h1_proxy_destroy(struct Curl_cfilter *cf, @@ -1093,7 +1069,7 @@ struct Curl_cftype Curl_cft_h1_proxy = { cf_h1_proxy_connect, cf_h1_proxy_close, Curl_cf_http_proxy_get_host, - cf_h1_proxy_get_select_socks, + cf_h1_proxy_adjust_pollset, Curl_cf_def_data_pending, Curl_cf_def_send, Curl_cf_def_recv, diff --git a/lib/cf-h2-proxy.c b/lib/cf-h2-proxy.c index dbc895d26..f8f2f3c41 100644 --- a/lib/cf-h2-proxy.c +++ b/lib/cf-h2-proxy.c @@ -155,7 +155,7 @@ static void h2_tunnel_go_state(struct Curl_cfilter *cf, infof(data, "CONNECT phase completed"); data->state.authproxy.done = TRUE; data->state.authproxy.multipass = FALSE; - /* FALLTHROUGH */ + FALLTHROUGH(); case H2_TUNNEL_FAILED: if(new_state == H2_TUNNEL_FAILED) CURL_TRC_CF(data, cf, "[%d] new tunnel state 'failed'", ts->stream_id); @@ -221,10 +221,10 @@ static void drain_tunnel(struct Curl_cfilter *cf, bits = CURL_CSELECT_IN; if(!tunnel->closed && !tunnel->reset && tunnel->upload_blocked_len) bits |= CURL_CSELECT_OUT; - if(data->state.dselect_bits != bits) { - CURL_TRC_CF(data, cf, "[%d] DRAIN dselect_bits=%x", + if(data->state.select_bits != bits) { + CURL_TRC_CF(data, cf, "[%d] DRAIN select_bits=%x", tunnel->stream_id, bits); - data->state.dselect_bits = bits; + data->state.select_bits = bits; Curl_expire(data, 0, EXPIRE_RUN_NOW); } } @@ -688,12 +688,8 @@ static int proxy_h2_on_frame_recv(nghttp2_session *session, * window and *assume* that we treat this like a WINDOW_UPDATE. Some * servers send an explicit WINDOW_UPDATE, but not all seem to do that. * To be safe, we UNHOLD a stream in order not to stall. */ - if((data->req.keepon & KEEP_SEND_HOLD) && - (data->req.keepon & KEEP_SEND)) { - data->req.keepon &= ~KEEP_SEND_HOLD; + if(CURL_WANT_SEND(data)) { drain_tunnel(cf, data, &ctx->tunnel); - CURL_TRC_CF(data, cf, "[%d] un-holding after SETTINGS", - stream_id); } break; case NGHTTP2_GOAWAY: @@ -727,12 +723,8 @@ static int proxy_h2_on_frame_recv(nghttp2_session *session, } break; case NGHTTP2_WINDOW_UPDATE: - if((data->req.keepon & KEEP_SEND_HOLD) && - (data->req.keepon & KEEP_SEND)) { - data->req.keepon &= ~KEEP_SEND_HOLD; - Curl_expire(data, 0, EXPIRE_RUN_NOW); - CURL_TRC_CF(data, cf, "[%d] unpausing after win update", - stream_id); + if(CURL_WANT_SEND(data)) { + drain_tunnel(cf, data, &ctx->tunnel); } break; default: @@ -909,7 +901,6 @@ static CURLcode proxy_h2_submit(int32_t *pstream_id, { struct dynhds h2_headers; nghttp2_nv *nva = NULL; - unsigned int i; int32_t stream_id = -1; size_t nheader; CURLcode result; @@ -920,22 +911,12 @@ static CURLcode proxy_h2_submit(int32_t *pstream_id, if(result) goto out; - nheader = Curl_dynhds_count(&h2_headers); - nva = malloc(sizeof(nghttp2_nv) * nheader); + nva = Curl_dynhds_to_nva(&h2_headers, &nheader); if(!nva) { result = CURLE_OUT_OF_MEMORY; goto out; } - for(i = 0; i < nheader; ++i) { - struct dynhds_entry *e = Curl_dynhds_getn(&h2_headers, i); - nva[i].name = (unsigned char *)e->name; - nva[i].namelen = e->namelen; - nva[i].value = (unsigned char *)e->value; - nva[i].valuelen = e->valuelen; - nva[i].flags = NGHTTP2_NV_FLAG_NONE; - } - if(read_callback) { nghttp2_data_provider data_prd; @@ -1052,7 +1033,7 @@ static CURLcode H2_CONNECT(struct Curl_cfilter *cf, if(result) goto out; h2_tunnel_go_state(cf, ts, H2_TUNNEL_CONNECT, data); - /* FALLTHROUGH */ + FALLTHROUGH(); case H2_TUNNEL_CONNECT: /* see that the request is completely sent */ @@ -1071,7 +1052,7 @@ static CURLcode H2_CONNECT(struct Curl_cfilter *cf, result = CURLE_OK; goto out; } - /* FALLTHROUGH */ + FALLTHROUGH(); case H2_TUNNEL_RESPONSE: DEBUGASSERT(ts->has_final_response); @@ -1187,25 +1168,31 @@ static bool cf_h2_proxy_data_pending(struct Curl_cfilter *cf, return cf->next? cf->next->cft->has_data_pending(cf->next, data) : FALSE; } -static int cf_h2_proxy_get_select_socks(struct Curl_cfilter *cf, - struct Curl_easy *data, - curl_socket_t *sock) +static void cf_h2_proxy_adjust_pollset(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct easy_pollset *ps) { struct cf_h2_proxy_ctx *ctx = cf->ctx; - int bitmap = GETSOCK_BLANK; - struct cf_call_data save; - - CF_DATA_SAVE(save, cf, data); - sock[0] = Curl_conn_cf_get_socket(cf, data); - bitmap |= GETSOCK_READSOCK(0); + curl_socket_t sock = Curl_conn_cf_get_socket(cf, data); + bool want_recv, want_send; - /* HTTP/2 layer wants to send data) AND there's a window to send data in */ - if(nghttp2_session_want_write(ctx->h2) && - nghttp2_session_get_remote_window_size(ctx->h2)) - bitmap |= GETSOCK_WRITESOCK(0); + Curl_pollset_check(data, ps, sock, &want_recv, &want_send); + if(ctx->h2 && (want_recv || want_send)) { + struct cf_call_data save; + bool c_exhaust, s_exhaust; - CF_DATA_RESTORE(cf, save); - return bitmap; + CF_DATA_SAVE(save, cf, data); + c_exhaust = !nghttp2_session_get_remote_window_size(ctx->h2); + s_exhaust = ctx->tunnel.stream_id >= 0 && + !nghttp2_session_get_stream_remote_window_size( + ctx->h2, ctx->tunnel.stream_id); + want_recv = (want_recv || c_exhaust || s_exhaust); + want_send = (!s_exhaust && want_send) || + (!c_exhaust && nghttp2_session_want_write(ctx->h2)); + + Curl_pollset_set(data, ps, sock, want_recv, want_send); + CF_DATA_RESTORE(cf, save); + } } static ssize_t h2_handle_tunnel_close(struct Curl_cfilter *cf, @@ -1542,7 +1529,7 @@ struct Curl_cftype Curl_cft_h2_proxy = { cf_h2_proxy_connect, cf_h2_proxy_close, Curl_cf_http_proxy_get_host, - cf_h2_proxy_get_select_socks, + cf_h2_proxy_adjust_pollset, cf_h2_proxy_data_pending, cf_h2_proxy_send, cf_h2_proxy_recv, @@ -1560,7 +1547,7 @@ CURLcode Curl_cf_h2_proxy_insert_after(struct Curl_cfilter *cf, CURLcode result = CURLE_OUT_OF_MEMORY; (void)data; - ctx = calloc(sizeof(*ctx), 1); + ctx = calloc(1, sizeof(*ctx)); if(!ctx) goto out; diff --git a/lib/cf-haproxy.c b/lib/cf-haproxy.c index 39ac41571..c062887bf 100644 --- a/lib/cf-haproxy.c +++ b/lib/cf-haproxy.c @@ -125,7 +125,7 @@ static CURLcode cf_haproxy_connect(struct Curl_cfilter *cf, if(result) goto out; ctx->state = HAPROXY_SEND; - /* FALLTHROUGH */ + FALLTHROUGH(); case HAPROXY_SEND: len = Curl_dyn_len(&ctx->data_out); if(len > 0) { @@ -141,7 +141,7 @@ static CURLcode cf_haproxy_connect(struct Curl_cfilter *cf, } } ctx->state = HAPROXY_DONE; - /* FALLTHROUGH */ + FALLTHROUGH(); default: Curl_dyn_free(&ctx->data_out); break; @@ -171,23 +171,17 @@ static void cf_haproxy_close(struct Curl_cfilter *cf, cf->next->cft->do_close(cf->next, data); } -static int cf_haproxy_get_select_socks(struct Curl_cfilter *cf, - struct Curl_easy *data, - curl_socket_t *socks) +static void cf_haproxy_adjust_pollset(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct easy_pollset *ps) { - int fds; - - fds = cf->next->cft->get_select_socks(cf->next, data, socks); - if(!fds && cf->next->connected && !cf->connected) { + if(cf->next->connected && !cf->connected) { /* If we are not connected, but the filter "below" is * and not waiting on something, we are sending. */ - socks[0] = Curl_conn_cf_get_socket(cf, data); - return GETSOCK_WRITESOCK(0); + Curl_pollset_set_out_only(data, ps, Curl_conn_cf_get_socket(cf, data)); } - return fds; } - struct Curl_cftype Curl_cft_haproxy = { "HAPROXY", 0, @@ -196,7 +190,7 @@ struct Curl_cftype Curl_cft_haproxy = { cf_haproxy_connect, cf_haproxy_close, Curl_cf_def_get_host, - cf_haproxy_get_select_socks, + cf_haproxy_adjust_pollset, Curl_cf_def_data_pending, Curl_cf_def_send, Curl_cf_def_recv, @@ -214,7 +208,7 @@ static CURLcode cf_haproxy_create(struct Curl_cfilter **pcf, CURLcode result; (void)data; - ctx = calloc(sizeof(*ctx), 1); + ctx = calloc(1, sizeof(*ctx)); if(!ctx) { result = CURLE_OUT_OF_MEMORY; goto out; diff --git a/lib/cf-https-connect.c b/lib/cf-https-connect.c index be54aec74..b23fa056f 100644 --- a/lib/cf-https-connect.c +++ b/lib/cf-https-connect.c @@ -188,9 +188,6 @@ static CURLcode baller_connected(struct Curl_cfilter *cf, #endif infof(data, "using HTTP/2"); break; - case CURL_HTTP_VERSION_1_1: - infof(data, "using HTTP/1.1"); - break; default: infof(data, "using HTTP/1.x"); break; @@ -269,7 +266,7 @@ static CURLcode cf_hc_connect(struct Curl_cfilter *cf, cf_hc_baller_init(&ctx->h21_baller, cf, data, "h21", cf->conn->transport); ctx->state = CF_HC_CONNECT; - /* FALLTHROUGH */ + FALLTHROUGH(); case CF_HC_CONNECT: if(cf_hc_baller_is_active(&ctx->h3_baller)) { @@ -325,42 +322,25 @@ out: return result; } -static int cf_hc_get_select_socks(struct Curl_cfilter *cf, +static void cf_hc_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, - curl_socket_t *socks) + struct easy_pollset *ps) { - struct cf_hc_ctx *ctx = cf->ctx; - size_t i, j, s; - int brc, rc = GETSOCK_BLANK; - curl_socket_t bsocks[MAX_SOCKSPEREASYHANDLE]; - struct cf_hc_baller *ballers[2]; - - if(cf->connected) - return cf->next->cft->get_select_socks(cf->next, data, socks); - - ballers[0] = &ctx->h3_baller; - ballers[1] = &ctx->h21_baller; - for(i = s = 0; i < sizeof(ballers)/sizeof(ballers[0]); i++) { - struct cf_hc_baller *b = ballers[i]; - if(!cf_hc_baller_is_active(b)) - continue; - brc = Curl_conn_cf_get_select_socks(b->cf, data, bsocks); - CURL_TRC_CF(data, cf, "get_selected_socks(%s) -> %x", b->name, brc); - if(!brc) - continue; - for(j = 0; j < MAX_SOCKSPEREASYHANDLE && s < MAX_SOCKSPEREASYHANDLE; ++j) { - if((brc & GETSOCK_WRITESOCK(j)) || (brc & GETSOCK_READSOCK(j))) { - socks[s] = bsocks[j]; - if(brc & GETSOCK_WRITESOCK(j)) - rc |= GETSOCK_WRITESOCK(s); - if(brc & GETSOCK_READSOCK(j)) - rc |= GETSOCK_READSOCK(s); - s++; - } + if(!cf->connected) { + struct cf_hc_ctx *ctx = cf->ctx; + struct cf_hc_baller *ballers[2]; + size_t i; + + ballers[0] = &ctx->h3_baller; + ballers[1] = &ctx->h21_baller; + for(i = 0; i < sizeof(ballers)/sizeof(ballers[0]); i++) { + struct cf_hc_baller *b = ballers[i]; + if(!cf_hc_baller_is_active(b)) + continue; + Curl_conn_cf_adjust_pollset(b->cf, data, ps); } + CURL_TRC_CF(data, cf, "adjust_pollset -> %d socks", ps->num); } - CURL_TRC_CF(data, cf, "get_selected_socks -> %x", rc); - return rc; } static bool cf_hc_data_pending(struct Curl_cfilter *cf, @@ -455,7 +435,7 @@ struct Curl_cftype Curl_cft_http_connect = { cf_hc_connect, cf_hc_close, Curl_cf_def_get_host, - cf_hc_get_select_socks, + cf_hc_adjust_pollset, cf_hc_data_pending, Curl_cf_def_send, Curl_cf_def_recv, @@ -475,7 +455,7 @@ static CURLcode cf_hc_create(struct Curl_cfilter **pcf, CURLcode result = CURLE_OK; (void)data; - ctx = calloc(sizeof(*ctx), 1); + ctx = calloc(1, sizeof(*ctx)); if(!ctx) { result = CURLE_OUT_OF_MEMORY; goto out; diff --git a/lib/cf-socket.c b/lib/cf-socket.c index ce3f9e943..742902f1b 100644 --- a/lib/cf-socket.c +++ b/lib/cf-socket.c @@ -81,7 +81,7 @@ #include "memdebug.h" -#if defined(ENABLE_IPV6) && defined(IPV6_V6ONLY) && defined(WIN32) +#if defined(ENABLE_IPV6) && defined(IPV6_V6ONLY) && defined(_WIN32) /* It makes support for IPv4-mapped IPv6 addresses. * Linux kernel, NetBSD, FreeBSD and Darwin: default is off; * Windows Vista and later: default is on; @@ -102,11 +102,7 @@ static void tcpnodelay(struct Curl_easy *data, curl_socket_t sockfd) #if defined(TCP_NODELAY) curl_socklen_t onoff = (curl_socklen_t) 1; int level = IPPROTO_TCP; -#if !defined(CURL_DISABLE_VERBOSE_STRINGS) char buffer[STRERROR_LEN]; -#else - (void) data; -#endif if(setsockopt(sockfd, level, TCP_NODELAY, (void *)&onoff, sizeof(onoff)) < 0) @@ -127,6 +123,7 @@ static void nosigpipe(struct Curl_easy *data, curl_socket_t sockfd) { int onoff = 1; + (void)data; if(setsockopt(sockfd, SOL_SOCKET, SO_NOSIGPIPE, (void *)&onoff, sizeof(onoff)) < 0) { #if !defined(CURL_DISABLE_VERBOSE_STRINGS) @@ -140,14 +137,14 @@ static void nosigpipe(struct Curl_easy *data, #define nosigpipe(x,y) Curl_nop_stmt #endif -#if defined(__DragonFly__) || defined(HAVE_WINSOCK2_H) +#if defined(__DragonFly__) || defined(USE_WINSOCK) /* DragonFlyBSD and Windows use millisecond units */ #define KEEPALIVE_FACTOR(x) (x *= 1000) #else #define KEEPALIVE_FACTOR(x) #endif -#if defined(HAVE_WINSOCK2_H) && !defined(SIO_KEEPALIVE_VALS) +#if defined(USE_WINSOCK) && !defined(SIO_KEEPALIVE_VALS) #define SIO_KEEPALIVE_VALS _WSAIOW(IOC_VENDOR,4) struct tcp_keepalive { @@ -166,7 +163,9 @@ tcpkeepalive(struct Curl_easy *data, /* only set IDLE and INTVL if setting KEEPALIVE is successful */ if(setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (void *)&optval, sizeof(optval)) < 0) { - infof(data, "Failed to set SO_KEEPALIVE on fd %d", sockfd); + infof(data, "Failed to set SO_KEEPALIVE on fd " + "%" CURL_FORMAT_SOCKET_T ": errno %d", + sockfd, SOCKERRNO); } else { #if defined(SIO_KEEPALIVE_VALS) @@ -181,8 +180,9 @@ tcpkeepalive(struct Curl_easy *data, vals.keepaliveinterval = optval; if(WSAIoctl(sockfd, SIO_KEEPALIVE_VALS, (LPVOID) &vals, sizeof(vals), NULL, 0, &dummy, NULL, NULL) != 0) { - infof(data, "Failed to set SIO_KEEPALIVE_VALS on fd %d: %d", - (int)sockfd, WSAGetLastError()); + infof(data, "Failed to set SIO_KEEPALIVE_VALS on fd " + "%" CURL_FORMAT_SOCKET_T ": errno %d", + sockfd, SOCKERRNO); } #else #ifdef TCP_KEEPIDLE @@ -190,7 +190,9 @@ tcpkeepalive(struct Curl_easy *data, KEEPALIVE_FACTOR(optval); if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPIDLE, (void *)&optval, sizeof(optval)) < 0) { - infof(data, "Failed to set TCP_KEEPIDLE on fd %d", sockfd); + infof(data, "Failed to set TCP_KEEPIDLE on fd " + "%" CURL_FORMAT_SOCKET_T ": errno %d", + sockfd, SOCKERRNO); } #elif defined(TCP_KEEPALIVE) /* Mac OS X style */ @@ -198,7 +200,9 @@ tcpkeepalive(struct Curl_easy *data, KEEPALIVE_FACTOR(optval); if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE, (void *)&optval, sizeof(optval)) < 0) { - infof(data, "Failed to set TCP_KEEPALIVE on fd %d", sockfd); + infof(data, "Failed to set TCP_KEEPALIVE on fd " + "%" CURL_FORMAT_SOCKET_T ": errno %d", + sockfd, SOCKERRNO); } #endif #ifdef TCP_KEEPINTVL @@ -206,7 +210,9 @@ tcpkeepalive(struct Curl_easy *data, KEEPALIVE_FACTOR(optval); if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPINTVL, (void *)&optval, sizeof(optval)) < 0) { - infof(data, "Failed to set TCP_KEEPINTVL on fd %d", sockfd); + infof(data, "Failed to set TCP_KEEPINTVL on fd " + "%" CURL_FORMAT_SOCKET_T ": errno %d", + sockfd, SOCKERRNO); } #endif #endif @@ -662,7 +668,7 @@ static bool verifyconnect(curl_socket_t sockfd, int *error) int err = 0; curl_socklen_t errSize = sizeof(err); -#ifdef WIN32 +#ifdef _WIN32 /* * In October 2003 we effectively nullified this function on Windows due to * problems with it using all CPU in multi-threaded cases. @@ -786,6 +792,7 @@ struct cf_socket_ctx { #endif BIT(got_first_byte); /* if first byte was received */ BIT(accepted); /* socket was accepted, not connected */ + BIT(sock_connected); /* socket is "connected", e.g. in UDP */ BIT(active); BIT(buffer_recv); }; @@ -883,34 +890,14 @@ static void cf_socket_close(struct Curl_cfilter *cf, struct Curl_easy *data) struct cf_socket_ctx *ctx = cf->ctx; if(ctx && CURL_SOCKET_BAD != ctx->sock) { - if(ctx->active) { - /* We share our socket at cf->conn->sock[cf->sockindex] when active. - * If it is no longer there, someone has stolen (and hopefully - * closed it) and we just forget about it. - */ - if(ctx->sock == cf->conn->sock[cf->sockindex]) { - CURL_TRC_CF(data, cf, "cf_socket_close(%" CURL_FORMAT_SOCKET_T - ", active)", ctx->sock); - socket_close(data, cf->conn, !ctx->accepted, ctx->sock); - cf->conn->sock[cf->sockindex] = CURL_SOCKET_BAD; - } - else { - CURL_TRC_CF(data, cf, "cf_socket_close(%" CURL_FORMAT_SOCKET_T - ") no longer at conn->sock[], discarding", ctx->sock); - /* TODO: we do not want this to happen. Need to check which - * code is messing with conn->sock[cf->sockindex] */ - } - ctx->sock = CURL_SOCKET_BAD; - if(cf->sockindex == FIRSTSOCKET) - cf->conn->remote_addr = NULL; - } - else { - /* this is our local socket, we did never publish it */ - CURL_TRC_CF(data, cf, "cf_socket_close(%" CURL_FORMAT_SOCKET_T - ", not active)", ctx->sock); - socket_close(data, cf->conn, !ctx->accepted, ctx->sock); - ctx->sock = CURL_SOCKET_BAD; - } + CURL_TRC_CF(data, cf, "cf_socket_close(%" CURL_FORMAT_SOCKET_T + ")", ctx->sock); + if(ctx->sock == cf->conn->sock[cf->sockindex]) + cf->conn->sock[cf->sockindex] = CURL_SOCKET_BAD; + socket_close(data, cf->conn, !ctx->accepted, ctx->sock); + ctx->sock = CURL_SOCKET_BAD; + if(ctx->active && cf->sockindex == FIRSTSOCKET) + cf->conn->remote_addr = NULL; Curl_bufq_reset(&ctx->recvbuf); ctx->active = FALSE; ctx->buffer_recv = FALSE; @@ -1006,20 +993,14 @@ static CURLcode cf_socket_open(struct Curl_cfilter *cf, if(result) goto out; -#ifndef CURL_DISABLE_VERBOSE_STRINGS - { - const char *ipmsg; #ifdef ENABLE_IPV6 - if(ctx->addr.family == AF_INET6) { - set_ipv6_v6only(ctx->sock, 0); - ipmsg = " Trying [%s]:%d..."; - } - else -#endif - ipmsg = " Trying %s:%d..."; - infof(data, ipmsg, ctx->r_ip, ctx->r_port); + if(ctx->addr.family == AF_INET6) { + set_ipv6_v6only(ctx->sock, 0); + infof(data, " Trying [%s]:%d...", ctx->r_ip, ctx->r_port); } + else #endif + infof(data, " Trying %s:%d...", ctx->r_ip, ctx->r_port); #ifdef ENABLE_IPV6 is_tcp = (ctx->addr.family == AF_INET @@ -1077,7 +1058,7 @@ static CURLcode cf_socket_open(struct Curl_cfilter *cf, /* set socket non-blocking */ (void)curlx_nonblock(ctx->sock, TRUE); - + ctx->sock_connected = (ctx->addr.socktype != SOCK_DGRAM); out: if(result) { if(ctx->sock != CURL_SOCKET_BAD) { @@ -1169,6 +1150,7 @@ static CURLcode cf_tcp_connect(struct Curl_cfilter *cf, *done = FALSE; /* a very negative world view is best */ if(ctx->sock == CURL_SOCKET_BAD) { + int error; result = cf_socket_open(cf, data); if(result) @@ -1181,8 +1163,12 @@ static CURLcode cf_tcp_connect(struct Curl_cfilter *cf, /* Connect TCP socket */ rc = do_connect(cf, data, cf->conn->bits.tcp_fastopen); + error = SOCKERRNO; + set_local_ip(cf, data); + CURL_TRC_CF(data, cf, "local address %s port %d...", + ctx->l_ip, ctx->l_port); if(-1 == rc) { - result = socket_connect_result(data, ctx->r_ip, SOCKERRNO); + result = socket_connect_result(data, ctx->r_ip, error); goto out; } } @@ -1220,13 +1206,14 @@ static CURLcode cf_tcp_connect(struct Curl_cfilter *cf, out: if(result) { if(ctx->error) { + set_local_ip(cf, data); data->state.os_errno = ctx->error; SET_SOCKERRNO(ctx->error); #ifndef CURL_DISABLE_VERBOSE_STRINGS { char buffer[STRERROR_LEN]; - infof(data, "connect to %s port %u failed: %s", - ctx->r_ip, ctx->r_port, + infof(data, "connect to %s port %u from %s port %d failed: %s", + ctx->r_ip, ctx->r_port, ctx->l_ip, ctx->l_port, Curl_strerror(ctx->error, buffer, sizeof(buffer))); } #endif @@ -1252,20 +1239,22 @@ static void cf_socket_get_host(struct Curl_cfilter *cf, *pport = cf->conn->port; } -static int cf_socket_get_select_socks(struct Curl_cfilter *cf, +static void cf_socket_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, - curl_socket_t *socks) + struct easy_pollset *ps) { struct cf_socket_ctx *ctx = cf->ctx; - int rc = GETSOCK_BLANK; - (void)data; - if(!cf->connected && ctx->sock != CURL_SOCKET_BAD) { - socks[0] = ctx->sock; - rc |= GETSOCK_WRITESOCK(0); + if(ctx->sock != CURL_SOCKET_BAD) { + if(!cf->connected) { + Curl_pollset_set_out_only(data, ps, ctx->sock); + CURL_TRC_CF(data, cf, "adjust_pollset(!connected) -> %d socks", ps->num); + } + else if(!ctx->active) { + Curl_pollset_add_in(data, ps, ctx->sock); + CURL_TRC_CF(data, cf, "adjust_pollset(!active) -> %d socks", ps->num); + } } - - return rc; } static bool cf_socket_data_pending(struct Curl_cfilter *cf, @@ -1447,36 +1436,11 @@ out: static void conn_set_primary_ip(struct Curl_cfilter *cf, struct Curl_easy *data) { -#ifdef HAVE_GETPEERNAME struct cf_socket_ctx *ctx = cf->ctx; - if(!(data->conn->handler->protocol & CURLPROTO_TFTP)) { - /* TFTP does not connect the endpoint: getpeername() failed with errno - 107: Transport endpoint is not connected */ - - char buffer[STRERROR_LEN]; - struct Curl_sockaddr_storage ssrem; - curl_socklen_t plen; - int port; - plen = sizeof(ssrem); - memset(&ssrem, 0, plen); - if(getpeername(ctx->sock, (struct sockaddr*) &ssrem, &plen)) { - int error = SOCKERRNO; - failf(data, "getpeername() failed with errno %d: %s", - error, Curl_strerror(error, buffer, sizeof(buffer))); - return; - } - if(!Curl_addr2string((struct sockaddr*)&ssrem, plen, - cf->conn->primary_ip, &port)) { - failf(data, "ssrem inet_ntop() failed with errno %d: %s", - errno, Curl_strerror(errno, buffer, sizeof(buffer))); - return; - } - } -#else - cf->conn->primary_ip[0] = 0; (void)data; -#endif + DEBUGASSERT(sizeof(ctx->r_ip) == sizeof(cf->conn->primary_ip)); + memcpy(cf->conn->primary_ip, ctx->r_ip, sizeof(cf->conn->primary_ip)); } static void cf_socket_active(struct Curl_cfilter *cf, struct Curl_easy *data) @@ -1518,6 +1482,9 @@ static CURLcode cf_socket_cntrl(struct Curl_cfilter *cf, case CF_CTRL_DATA_SETUP: Curl_persistconninfo(data, cf->conn, ctx->l_ip, ctx->l_port); break; + case CF_CTRL_FORGET_SOCKET: + ctx->sock = CURL_SOCKET_BAD; + break; } return CURLE_OK; } @@ -1589,7 +1556,7 @@ static CURLcode cf_socket_query(struct Curl_cfilter *cf, *when = ctx->first_byte_at; break; } - /* FALLTHROUGH */ + FALLTHROUGH(); default: *when = ctx->connected_at; break; @@ -1612,7 +1579,7 @@ struct Curl_cftype Curl_cft_tcp = { cf_tcp_connect, cf_socket_close, cf_socket_get_host, - cf_socket_get_select_socks, + cf_socket_adjust_pollset, cf_socket_data_pending, cf_socket_send, cf_socket_recv, @@ -1635,7 +1602,7 @@ CURLcode Curl_cf_tcp_create(struct Curl_cfilter **pcf, (void)data; (void)conn; DEBUGASSERT(transport == TRNSPRT_TCP); - ctx = calloc(sizeof(*ctx), 1); + ctx = calloc(1, sizeof(*ctx)); if(!ctx) { result = CURLE_OUT_OF_MEMORY; goto out; @@ -1663,10 +1630,17 @@ static CURLcode cf_udp_setup_quic(struct Curl_cfilter *cf, /* QUIC needs a connected socket, nonblocking */ DEBUGASSERT(ctx->sock != CURL_SOCKET_BAD); +#if defined(__APPLE__) && defined(USE_OPENSSL_QUIC) + (void)rc; + /* On macOS OpenSSL QUIC fails on connected sockets. + * see: */ +#else rc = connect(ctx->sock, &ctx->addr.sa_addr, ctx->addr.addrlen); if(-1 == rc) { return socket_connect_result(data, ctx->r_ip, SOCKERRNO); } + ctx->sock_connected = TRUE; +#endif set_local_ip(cf, data); CURL_TRC_CF(data, cf, "%s socket %" CURL_FORMAT_SOCKET_T " connected: [%s:%d] -> [%s:%d]", @@ -1742,7 +1716,7 @@ struct Curl_cftype Curl_cft_udp = { cf_udp_connect, cf_socket_close, cf_socket_get_host, - cf_socket_get_select_socks, + cf_socket_adjust_pollset, cf_socket_data_pending, cf_socket_send, cf_socket_recv, @@ -1765,7 +1739,7 @@ CURLcode Curl_cf_udp_create(struct Curl_cfilter **pcf, (void)data; (void)conn; DEBUGASSERT(transport == TRNSPRT_UDP || transport == TRNSPRT_QUIC); - ctx = calloc(sizeof(*ctx), 1); + ctx = calloc(1, sizeof(*ctx)); if(!ctx) { result = CURLE_OUT_OF_MEMORY; goto out; @@ -1793,7 +1767,7 @@ struct Curl_cftype Curl_cft_unix = { cf_tcp_connect, cf_socket_close, cf_socket_get_host, - cf_socket_get_select_socks, + cf_socket_adjust_pollset, cf_socket_data_pending, cf_socket_send, cf_socket_recv, @@ -1816,7 +1790,7 @@ CURLcode Curl_cf_unix_create(struct Curl_cfilter **pcf, (void)data; (void)conn; DEBUGASSERT(transport == TRNSPRT_UNIX); - ctx = calloc(sizeof(*ctx), 1); + ctx = calloc(1, sizeof(*ctx)); if(!ctx) { result = CURLE_OUT_OF_MEMORY; goto out; @@ -1857,7 +1831,7 @@ struct Curl_cftype Curl_cft_tcp_accept = { cf_tcp_accept_connect, cf_socket_close, cf_socket_get_host, /* TODO: not accurate */ - cf_socket_get_select_socks, + cf_socket_adjust_pollset, cf_socket_data_pending, cf_socket_send, cf_socket_recv, @@ -1879,7 +1853,7 @@ CURLcode Curl_conn_tcp_listen_set(struct Curl_easy *data, Curl_conn_cf_discard_all(data, conn, sockindex); DEBUGASSERT(conn->sock[sockindex] == CURL_SOCKET_BAD); - ctx = calloc(sizeof(*ctx), 1); + ctx = calloc(1, sizeof(*ctx)); if(!ctx) { result = CURLE_OUT_OF_MEMORY; goto out; diff --git a/lib/cf-socket.h b/lib/cf-socket.h index 1d40df737..87e0f30a2 100644 --- a/lib/cf-socket.h +++ b/lib/cf-socket.h @@ -34,23 +34,6 @@ struct Curl_easy; struct connectdata; struct Curl_sockaddr_ex; -#ifndef SIZEOF_CURL_SOCKET_T -/* configure and cmake check and set the define */ -# ifdef _WIN64 -# define SIZEOF_CURL_SOCKET_T 8 -# else -/* default guess */ -# define SIZEOF_CURL_SOCKET_T 4 -# endif -#endif - -#if SIZEOF_CURL_SOCKET_T < 8 -# define CURL_FORMAT_SOCKET_T "d" -#else -# define CURL_FORMAT_SOCKET_T "qd" -#endif - - /* * The Curl_sockaddr_ex structure is basically libcurl's external API * curl_sockaddr structure with enough space available to directly hold any diff --git a/lib/cfilters.c b/lib/cfilters.c index f74eb4003..823e90c3f 100644 --- a/lib/cfilters.c +++ b/lib/cfilters.c @@ -33,6 +33,7 @@ #include "sockaddr.h" /* required for Curl_sockaddr_storage */ #include "multiif.h" #include "progress.h" +#include "select.h" #include "warnless.h" /* The last 3 #include files should be in this order */ @@ -70,12 +71,14 @@ void Curl_cf_def_get_host(struct Curl_cfilter *cf, struct Curl_easy *data, } } -int Curl_cf_def_get_select_socks(struct Curl_cfilter *cf, +void Curl_cf_def_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, - curl_socket_t *socks) + struct easy_pollset *ps) { - return cf->next? - cf->next->cft->get_select_socks(cf->next, data, socks) : 0; + /* NOP */ + (void)cf; + (void)data; + (void)ps; } bool Curl_cf_def_data_pending(struct Curl_cfilter *cf, @@ -212,7 +215,7 @@ CURLcode Curl_cf_create(struct Curl_cfilter **pcf, CURLcode result = CURLE_OUT_OF_MEMORY; DEBUGASSERT(cft); - cf = calloc(sizeof(*cf), 1); + cf = calloc(1, sizeof(*cf)); if(!cf) goto out; @@ -303,15 +306,6 @@ void Curl_conn_cf_close(struct Curl_cfilter *cf, struct Curl_easy *data) cf->cft->do_close(cf, data); } -int Curl_conn_cf_get_select_socks(struct Curl_cfilter *cf, - struct Curl_easy *data, - curl_socket_t *socks) -{ - if(cf) - return cf->cft->get_select_socks(cf, data, socks); - return 0; -} - ssize_t Curl_conn_cf_send(struct Curl_cfilter *cf, struct Curl_easy *data, const void *buf, size_t len, CURLcode *err) { @@ -433,22 +427,31 @@ bool Curl_conn_data_pending(struct Curl_easy *data, int sockindex) return FALSE; } -int Curl_conn_get_select_socks(struct Curl_easy *data, int sockindex, - curl_socket_t *socks) +void Curl_conn_cf_adjust_pollset(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct easy_pollset *ps) { - struct Curl_cfilter *cf; + /* Get the lowest not-connected filter, if there are any */ + while(cf && !cf->connected && cf->next && !cf->next->connected) + cf = cf->next; + /* From there on, give all filters a chance to adjust the pollset. + * Lower filters are called later, so they may override */ + while(cf) { + cf->cft->adjust_pollset(cf, data, ps); + cf = cf->next; + } +} + +void Curl_conn_adjust_pollset(struct Curl_easy *data, + struct easy_pollset *ps) +{ + int i; DEBUGASSERT(data); DEBUGASSERT(data->conn); - cf = data->conn->cfilter[sockindex]; - - /* if the next one is not yet connected, that's the one we want */ - while(cf && cf->next && !cf->next->connected) - cf = cf->next; - if(cf) { - return cf->cft->get_select_socks(cf, data, socks); + for(i = 0; i < 2; ++i) { + Curl_conn_cf_adjust_pollset(data->conn->cfilter[i], data, ps); } - return GETSOCK_BLANK; } void Curl_conn_get_host(struct Curl_easy *data, int sockindex, @@ -524,6 +527,18 @@ curl_socket_t Curl_conn_get_socket(struct Curl_easy *data, int sockindex) return data->conn? data->conn->sock[sockindex] : CURL_SOCKET_BAD; } +void Curl_conn_forget_socket(struct Curl_easy *data, int sockindex) +{ + if(data->conn) { + struct Curl_cfilter *cf = data->conn->cfilter[sockindex]; + if(cf) + (void)Curl_conn_cf_cntrl(cf, data, TRUE, + CF_CTRL_FORGET_SOCKET, 0, NULL); + fake_sclose(data->conn->sock[sockindex]); + data->conn->sock[sockindex] = CURL_SOCKET_BAD; + } +} + static CURLcode cf_cntrl_all(struct connectdata *conn, struct Curl_easy *data, bool ignore_result, @@ -646,3 +661,128 @@ size_t Curl_conn_get_max_concurrent(struct Curl_easy *data, &n, NULL) : CURLE_UNKNOWN_OPTION; return (result || n <= 0)? 1 : (size_t)n; } + + +void Curl_pollset_reset(struct Curl_easy *data, + struct easy_pollset *ps) +{ + size_t i; + (void)data; + memset(ps, 0, sizeof(*ps)); + for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++) + ps->sockets[i] = CURL_SOCKET_BAD; +} + +/** + * + */ +void Curl_pollset_change(struct Curl_easy *data, + struct easy_pollset *ps, curl_socket_t sock, + int add_flags, int remove_flags) +{ + unsigned int i; + + (void)data; + DEBUGASSERT(VALID_SOCK(sock)); + if(!VALID_SOCK(sock)) + return; + + DEBUGASSERT(add_flags <= (CURL_POLL_IN|CURL_POLL_OUT)); + DEBUGASSERT(remove_flags <= (CURL_POLL_IN|CURL_POLL_OUT)); + DEBUGASSERT((add_flags&remove_flags) == 0); /* no overlap */ + for(i = 0; i < ps->num; ++i) { + if(ps->sockets[i] == sock) { + ps->actions[i] &= (unsigned char)(~remove_flags); + ps->actions[i] |= (unsigned char)add_flags; + /* all gone? remove socket */ + if(!ps->actions[i]) { + if((i + 1) < ps->num) { + memmove(&ps->sockets[i], &ps->sockets[i + 1], + (ps->num - (i + 1)) * sizeof(ps->sockets[0])); + memmove(&ps->actions[i], &ps->actions[i + 1], + (ps->num - (i + 1)) * sizeof(ps->actions[0])); + } + --ps->num; + } + return; + } + } + /* not present */ + if(add_flags) { + /* Having more SOCKETS per easy handle than what is defined + * is a programming error. This indicates that we need + * to raise this limit, making easy_pollset larger. + * Since we use this in tight loops, we do not want to make + * the pollset dynamic unnecessarily. + * The current maximum in practise is HTTP/3 eyeballing where + * we have up to 4 sockets involved in connection setup. + */ + DEBUGASSERT(i < MAX_SOCKSPEREASYHANDLE); + if(i < MAX_SOCKSPEREASYHANDLE) { + ps->sockets[i] = sock; + ps->actions[i] = (unsigned char)add_flags; + ps->num = i + 1; + } + } +} + +void Curl_pollset_set(struct Curl_easy *data, + struct easy_pollset *ps, curl_socket_t sock, + bool do_in, bool do_out) +{ + Curl_pollset_change(data, ps, sock, + (do_in?CURL_POLL_IN:0)|(do_out?CURL_POLL_OUT:0), + (!do_in?CURL_POLL_IN:0)|(!do_out?CURL_POLL_OUT:0)); +} + +static void ps_add(struct Curl_easy *data, struct easy_pollset *ps, + int bitmap, curl_socket_t *socks) +{ + if(bitmap) { + int i; + for(i = 0; i < MAX_SOCKSPEREASYHANDLE; ++i) { + if(!(bitmap & GETSOCK_MASK_RW(i)) || !VALID_SOCK((socks[i]))) { + break; + } + if(bitmap & GETSOCK_READSOCK(i)) { + if(bitmap & GETSOCK_WRITESOCK(i)) + Curl_pollset_add_inout(data, ps, socks[i]); + else + /* is READ, since we checked MASK_RW above */ + Curl_pollset_add_in(data, ps, socks[i]); + } + else + Curl_pollset_add_out(data, ps, socks[i]); + } + } +} + +void Curl_pollset_add_socks(struct Curl_easy *data, + struct easy_pollset *ps, + int (*get_socks_cb)(struct Curl_easy *data, + curl_socket_t *socks)) +{ + curl_socket_t socks[MAX_SOCKSPEREASYHANDLE]; + int bitmap; + + bitmap = get_socks_cb(data, socks); + ps_add(data, ps, bitmap, socks); +} + +void Curl_pollset_check(struct Curl_easy *data, + struct easy_pollset *ps, curl_socket_t sock, + bool *pwant_read, bool *pwant_write) +{ + unsigned int i; + + (void)data; + DEBUGASSERT(VALID_SOCK(sock)); + for(i = 0; i < ps->num; ++i) { + if(ps->sockets[i] == sock) { + *pwant_read = !!(ps->actions[i] & CURL_POLL_IN); + *pwant_write = !!(ps->actions[i] & CURL_POLL_OUT); + return; + } + } + *pwant_read = *pwant_write = FALSE; +} diff --git a/lib/cfilters.h b/lib/cfilters.h index 2c65264d9..f83842920 100644 --- a/lib/cfilters.h +++ b/lib/cfilters.h @@ -60,14 +60,34 @@ typedef void Curl_cft_get_host(struct Curl_cfilter *cf, const char **pdisplay_host, int *pport); -/* Filters may return sockets and fdset flags they are waiting for. - * The passes array has room for up to MAX_SOCKSPEREASYHANDLE sockets. - * @return read/write fdset for index in socks - * or GETSOCK_BLANK when nothing to wait on +struct easy_pollset; + +/* Passing in an easy_pollset for monitoring of sockets, let + * filters add or remove sockets actions (CURL_POLL_OUT, CURL_POLL_IN). + * This may add a socket or, in case no actions remain, remove + * a socket from the set. + * + * Filter implementations need to call filters "below" *after* they have + * made their adjustments. This allows lower filters to override "upper" + * actions. If a "lower" filter is unable to write, it needs to be able + * to disallow POLL_OUT. + * + * A filter without own restrictions/preferences should not modify + * the pollset. Filters, whose filter "below" is not connected, should + * also do no adjustments. + * + * Examples: a TLS handshake, while ongoing, might remove POLL_IN + * when it needs to write, or vice versa. A HTTP/2 filter might remove + * POLL_OUT when a stream window is exhausted and a WINDOW_UPDATE needs + * to be received first and add instead POLL_IN. + * + * @param cf the filter to ask + * @param data the easy handle the pollset is about + * @param ps the pollset (inout) for the easy handle */ -typedef int Curl_cft_get_select_socks(struct Curl_cfilter *cf, - struct Curl_easy *data, - curl_socket_t *socks); +typedef void Curl_cft_adjust_pollset(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct easy_pollset *ps); typedef bool Curl_cft_data_pending(struct Curl_cfilter *cf, const struct Curl_easy *data); @@ -110,6 +130,7 @@ typedef CURLcode Curl_cft_conn_keep_alive(struct Curl_cfilter *cf, #define CF_CTRL_DATA_DONE_SEND 8 /* 0 NULL ignored */ /* update conn info at connection and data */ #define CF_CTRL_CONN_INFO_UPDATE (256+0) /* 0 NULL ignored */ +#define CF_CTRL_FORGET_SOCKET (256+1) /* 0 NULL ignored */ /** * Handle event/control for the filter. @@ -171,7 +192,7 @@ struct Curl_cftype { Curl_cft_connect *do_connect; /* establish connection */ Curl_cft_close *do_close; /* close conn */ Curl_cft_get_host *get_host; /* host filter talks to */ - Curl_cft_get_select_socks *get_select_socks;/* sockets to select on */ + Curl_cft_adjust_pollset *adjust_pollset; /* adjust transfer poll set */ Curl_cft_data_pending *has_data_pending;/* conn has data pending */ Curl_cft_send *do_send; /* send data */ Curl_cft_recv *do_recv; /* receive data */ @@ -200,9 +221,9 @@ void Curl_cf_def_destroy_this(struct Curl_cfilter *cf, void Curl_cf_def_get_host(struct Curl_cfilter *cf, struct Curl_easy *data, const char **phost, const char **pdisplay_host, int *pport); -int Curl_cf_def_get_select_socks(struct Curl_cfilter *cf, - struct Curl_easy *data, - curl_socket_t *socks); +void Curl_cf_def_adjust_pollset(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct easy_pollset *ps); bool Curl_cf_def_data_pending(struct Curl_cfilter *cf, const struct Curl_easy *data); ssize_t Curl_cf_def_send(struct Curl_cfilter *cf, struct Curl_easy *data, @@ -279,9 +300,6 @@ CURLcode Curl_conn_cf_connect(struct Curl_cfilter *cf, struct Curl_easy *data, bool blocking, bool *done); void Curl_conn_cf_close(struct Curl_cfilter *cf, struct Curl_easy *data); -int Curl_conn_cf_get_select_socks(struct Curl_cfilter *cf, - struct Curl_easy *data, - curl_socket_t *socks); ssize_t Curl_conn_cf_send(struct Curl_cfilter *cf, struct Curl_easy *data, const void *buf, size_t len, CURLcode *err); ssize_t Curl_conn_cf_recv(struct Curl_cfilter *cf, struct Curl_easy *data, @@ -364,11 +382,22 @@ bool Curl_conn_data_pending(struct Curl_easy *data, curl_socket_t Curl_conn_get_socket(struct Curl_easy *data, int sockindex); /** - * Get any select fd flags and the socket filters at chain `sockindex` - * at connection `conn` might be waiting for. + * Tell filters to forget about the socket at sockindex. */ -int Curl_conn_get_select_socks(struct Curl_easy *data, int sockindex, - curl_socket_t *socks); +void Curl_conn_forget_socket(struct Curl_easy *data, int sockindex); + +/** + * Adjust the pollset for the filter chain startgin at `cf`. + */ +void Curl_conn_cf_adjust_pollset(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct easy_pollset *ps); + +/** + * Adjust pollset from filters installed at transfer's connection. + */ +void Curl_conn_adjust_pollset(struct Curl_easy *data, + struct easy_pollset *ps); /** * Receive data through the filter chain at `sockindex` for connection @@ -468,6 +497,49 @@ size_t Curl_conn_get_max_concurrent(struct Curl_easy *data, int sockindex); +void Curl_pollset_reset(struct Curl_easy *data, + struct easy_pollset *ps); + +/* Change the poll flags (CURL_POLL_IN/CURL_POLL_OUT) to the poll set for + * socket `sock`. If the socket is not already part of the poll set, it + * will be added. + * If the socket is present and all poll flags are cleared, it will be removed. + */ +void Curl_pollset_change(struct Curl_easy *data, + struct easy_pollset *ps, curl_socket_t sock, + int add_flags, int remove_flags); + +void Curl_pollset_set(struct Curl_easy *data, + struct easy_pollset *ps, curl_socket_t sock, + bool do_in, bool do_out); + +#define Curl_pollset_add_in(data, ps, sock) \ + Curl_pollset_change((data), (ps), (sock), CURL_POLL_IN, 0) +#define Curl_pollset_add_out(data, ps, sock) \ + Curl_pollset_change((data), (ps), (sock), CURL_POLL_OUT, 0) +#define Curl_pollset_add_inout(data, ps, sock) \ + Curl_pollset_change((data), (ps), (sock), \ + CURL_POLL_IN|CURL_POLL_OUT, 0) +#define Curl_pollset_set_in_only(data, ps, sock) \ + Curl_pollset_change((data), (ps), (sock), \ + CURL_POLL_IN, CURL_POLL_OUT) +#define Curl_pollset_set_out_only(data, ps, sock) \ + Curl_pollset_change((data), (ps), (sock), \ + CURL_POLL_OUT, CURL_POLL_IN) + +void Curl_pollset_add_socks(struct Curl_easy *data, + struct easy_pollset *ps, + int (*get_socks_cb)(struct Curl_easy *data, + curl_socket_t *socks)); + +/** + * Check if the pollset, as is, wants to read and/or write regarding + * the given socket. + */ +void Curl_pollset_check(struct Curl_easy *data, + struct easy_pollset *ps, curl_socket_t sock, + bool *pwant_read, bool *pwant_write); + /** * Types and macros used to keep the current easy handle in filter calls, * allowing for nested invocations. See #10336. diff --git a/lib/config-amigaos.h b/lib/config-amigaos.h index 8f4d3e6c3..d168b446b 100644 --- a/lib/config-amigaos.h +++ b/lib/config-amigaos.h @@ -32,7 +32,6 @@ #define HAVE_ARPA_INET_H 1 #define HAVE_CLOSESOCKET_CAMEL 1 -#define HAVE_INTTYPES_H 1 #define HAVE_IOCTLSOCKET_CAMEL 1 #define HAVE_IOCTLSOCKET_CAMEL_FIONBIO 1 #define HAVE_LONGLONG 1 diff --git a/lib/config-dos.h b/lib/config-dos.h index 550c410a1..c6fbba796 100644 --- a/lib/config-dos.h +++ b/lib/config-dos.h @@ -122,7 +122,6 @@ #define HAVE_SIGSETJMP 1 #define HAVE_SYS_TIME_H 1 #define HAVE_TERMIOS_H 1 - #define HAVE_VARIADIC_MACROS_GCC 1 #elif defined(__HIGHC__) #define HAVE_SYS_TIME_H 1 diff --git a/lib/config-os400.h b/lib/config-os400.h index e9a628863..32852bb37 100644 --- a/lib/config-os400.h +++ b/lib/config-os400.h @@ -104,9 +104,6 @@ /* Define if you have the `timeval' struct. */ #define HAVE_STRUCT_TIMEVAL -/* Define if you have the header file. */ -#define HAVE_INTTYPES_H - /* Define if you have the header file. */ #undef HAVE_IO_H @@ -119,12 +116,6 @@ /* Define if you have the GNU gssapi libraries */ #undef HAVE_GSSGNU -/* Define if you have the Heimdal gssapi libraries */ -#define HAVE_GSSHEIMDAL - -/* Define if you have the MIT gssapi libraries */ -#undef HAVE_GSSMIT - /* Define if you need the malloc.h header file even with stdlib.h */ /* #define NEED_MALLOC_H 1 */ @@ -152,9 +143,6 @@ /* Define if you have the `socket' function. */ #define HAVE_SOCKET -/* Define if you have the header file. */ -#undef HAVE_STDINT_H - /* The following define is needed on OS400 to enable strcmpi(), stricmp() and strdup(). */ diff --git a/lib/config-plan9.h b/lib/config-plan9.h index fa4be8e6d..aa9623f92 100644 --- a/lib/config-plan9.h +++ b/lib/config-plan9.h @@ -91,7 +91,6 @@ #define HAVE_GMTIME_R 1 #define HAVE_INET_NTOP 1 #define HAVE_INET_PTON 1 -#define HAVE_INTTYPES_H 1 #define HAVE_LIBGEN_H 1 #define HAVE_LIBZ 1 #define HAVE_LOCALE_H 1 @@ -117,7 +116,6 @@ #define HAVE_SOCKET 1 #define HAVE_SSL_GET_SHUTDOWN 1 #define HAVE_STDBOOL_H 1 -#define HAVE_STDINT_H 1 #define HAVE_STRCASECMP 1 #define HAVE_STRDUP 1 #define HAVE_STRTOK_R 1 diff --git a/lib/config-riscos.h b/lib/config-riscos.h index 52c279f5b..f3a8e6832 100644 --- a/lib/config-riscos.h +++ b/lib/config-riscos.h @@ -108,9 +108,6 @@ /* Define if you have the `timeval' struct. */ #define HAVE_STRUCT_TIMEVAL -/* Define if you have the header file. */ -#define HAVE_INTTYPES_H - /* Define if you have the header file. */ #undef HAVE_IO_H @@ -144,9 +141,6 @@ /* Define if you have the `socket' function. */ #define HAVE_SOCKET -/* Define if you have the header file. */ -#undef HAVE_STDINT_H - /* Define if you have the `strcasecmp' function. */ #undef HAVE_STRCASECMP diff --git a/lib/config-win32.h b/lib/config-win32.h index e55ef2fd2..89ed1a0f1 100644 --- a/lib/config-win32.h +++ b/lib/config-win32.h @@ -38,17 +38,6 @@ /* Define if you have the header file. */ #define HAVE_FCNTL_H 1 -/* Define to 1 if you have the header file. */ -#if (defined(_MSC_VER) && (_MSC_VER >= 1800)) || defined(__MINGW32__) -#define HAVE_INTTYPES_H 1 -#endif - -/* Define to 1 if you have the header file. */ -#if (defined(_MSC_VER) && (_MSC_VER >= 1600)) || defined(__MINGW32__) || \ - (defined(__BORLANDC__) && (__BORLANDC__ >= 0x0582)) || defined(__POCC__) -#define HAVE_STDINT_H 1 -#endif - /* Define if you have the header file. */ #define HAVE_IO_H 1 @@ -56,9 +45,7 @@ #define HAVE_LOCALE_H 1 /* Define if you need header even with header file. */ -#if !defined(__SALFORDC__) && !defined(__POCC__) #define NEED_MALLOC_H 1 -#endif /* Define if you have the header file. */ /* #define HAVE_NETDB_H 1 */ @@ -72,7 +59,9 @@ #endif /* Define if you have the header file. */ -/* #define HAVE_SYS_PARAM_H 1 */ +#if defined(__MINGW32__) +#define HAVE_SYS_PARAM_H 1 +#endif /* Define if you have the header file. */ /* #define HAVE_SYS_SELECT_H 1 */ @@ -87,15 +76,15 @@ #define HAVE_SYS_STAT_H 1 /* Define if you have the header file. */ -/* #define HAVE_SYS_TIME_H 1 */ +#if defined(__MINGW32__) +#define HAVE_SYS_TIME_H 1 +#endif /* Define if you have the header file. */ #define HAVE_SYS_TYPES_H 1 /* Define if you have the header file. */ -#ifndef __BORLANDC__ #define HAVE_SYS_UTIME_H 1 -#endif /* Define if you have the header file. */ /* #define HAVE_TERMIO_H 1 */ @@ -104,23 +93,10 @@ /* #define HAVE_TERMIOS_H 1 */ /* Define if you have the header file. */ -#if defined(__MINGW32__) || defined(__LCC__) || defined(__POCC__) +#if defined(__MINGW32__) #define HAVE_UNISTD_H 1 #endif -/* Define if you have the header file. */ -#define HAVE_WINDOWS_H 1 - -/* Define if you have the header file. */ -#ifndef __SALFORDC__ -#define HAVE_WINSOCK2_H 1 -#endif - -/* Define if you have the header file. */ -#ifndef __SALFORDC__ -#define HAVE_WS2TCPIP_H 1 -#endif - /* Define to 1 if you have the header file. */ #if defined(__MINGW32__) #define HAVE_LIBGEN_H 1 @@ -160,7 +136,9 @@ #define HAVE_GETHOSTNAME 1 /* Define if you have the gettimeofday function. */ -/* #define HAVE_GETTIMEOFDAY 1 */ +#if defined(__MINGW32__) +#define HAVE_GETTIMEOFDAY 1 +#endif /* Define if you have the ioctlsocket function. */ #define HAVE_IOCTLSOCKET 1 @@ -192,15 +170,12 @@ #define HAVE_STRICMP 1 /* Define if you have the strtoll function. */ -#if defined(__MINGW32__) || defined(__POCC__) || \ - (defined(_MSC_VER) && (_MSC_VER >= 1800)) +#if (defined(_MSC_VER) && (_MSC_VER >= 1800)) || defined(__MINGW32__) #define HAVE_STRTOLL 1 #endif /* Define if you have the utime function. */ -#ifndef __BORLANDC__ #define HAVE_UTIME 1 -#endif /* Define if you have the recv function. */ #define HAVE_RECV 1 @@ -242,7 +217,7 @@ #define SEND_TYPE_RETV int /* Define to 1 if you have the snprintf function. */ -#if defined(_MSC_VER) && (_MSC_VER >= 1900) +#if (defined(_MSC_VER) && (_MSC_VER >= 1900)) || defined(__MINGW32__) #define HAVE_SNPRINTF 1 #endif @@ -275,7 +250,7 @@ /* Define if ssize_t is not an available 'typedefed' type. */ #ifndef _SSIZE_T_DEFINED -# if defined(__POCC__) || defined(__MINGW32__) +# if defined(__MINGW32__) # elif defined(_WIN64) # define _SSIZE_T_DEFINED # define ssize_t __int64 @@ -308,56 +283,6 @@ /* Define to the size of `curl_off_t', as computed by sizeof. */ #define SIZEOF_CURL_OFF_T 8 -/* ---------------------------------------------------------------- */ -/* BSD-style lwIP TCP/IP stack SPECIFIC */ -/* ---------------------------------------------------------------- */ - -/* Define to use BSD-style lwIP TCP/IP stack. */ -/* #define USE_LWIPSOCK 1 */ - -#ifdef USE_LWIPSOCK -# undef USE_WINSOCK -# undef HAVE_WINSOCK2_H -# undef HAVE_WS2TCPIP_H -# undef HAVE_GETHOSTNAME -# undef LWIP_POSIX_SOCKETS_IO_NAMES -# undef RECV_TYPE_ARG1 -# undef RECV_TYPE_ARG3 -# undef SEND_TYPE_ARG1 -# undef SEND_TYPE_ARG3 -# define HAVE_FREEADDRINFO -# define HAVE_GETADDRINFO -# define HAVE_GETHOSTBYNAME_R -# define HAVE_GETHOSTBYNAME_R_6 -# define LWIP_POSIX_SOCKETS_IO_NAMES 0 -# define RECV_TYPE_ARG1 int -# define RECV_TYPE_ARG3 size_t -# define SEND_TYPE_ARG1 int -# define SEND_TYPE_ARG3 size_t -#endif - -/* ---------------------------------------------------------------- */ -/* Watt-32 tcp/ip SPECIFIC */ -/* ---------------------------------------------------------------- */ - -#ifdef USE_WATT32 - #include - #undef byte - #undef word - #undef USE_WINSOCK - #undef HAVE_WINSOCK2_H - #undef HAVE_WS2TCPIP_H - #define HAVE_GETADDRINFO - #define HAVE_SYS_IOCTL_H - #define HAVE_SYS_SOCKET_H - #define HAVE_NETINET_IN_H - #define HAVE_NETDB_H - #define HAVE_ARPA_INET_H - #define HAVE_FREEADDRINFO - #define SOCKET int -#endif - - /* ---------------------------------------------------------------- */ /* COMPILER SPECIFIC */ /* ---------------------------------------------------------------- */ @@ -371,15 +296,8 @@ /* Windows should not have HAVE_GMTIME_R defined */ /* #undef HAVE_GMTIME_R */ -/* Define if the compiler supports C99 variadic macro style. */ -#if defined(_MSC_VER) && (_MSC_VER >= 1400) -#define HAVE_VARIADIC_MACROS_C99 1 -#endif - /* Define if the compiler supports the 'long long' data type. */ -#if defined(__MINGW32__) || \ - (defined(_MSC_VER) && (_MSC_VER >= 1310)) || \ - (defined(__BORLANDC__) && (__BORLANDC__ >= 0x561)) +#if (defined(_MSC_VER) && (_MSC_VER >= 1310)) || defined(__MINGW32__) #define HAVE_LONGLONG 1 #endif @@ -461,53 +379,17 @@ Vista # endif #endif -/* When no build target is specified Pelles C 5.00 and later default build - target is Windows Vista. We override default target to be Windows 2000. */ -#if defined(__POCC__) && (__POCC__ >= 500) -# ifndef _WIN32_WINNT -# define _WIN32_WINNT 0x0500 -# endif -# ifndef WINVER -# define WINVER 0x0500 -# endif -#endif - -/* Availability of freeaddrinfo, getaddrinfo, and if_nametoindex - functions is quite convoluted, compiler dependent and even build target - dependent. */ -#if defined(HAVE_WS2TCPIP_H) -# if defined(__POCC__) -# define HAVE_FREEADDRINFO 1 -# define HAVE_GETADDRINFO 1 -# define HAVE_GETADDRINFO_THREADSAFE 1 -# elif defined(_WIN32_WINNT) && (_WIN32_WINNT >= 0x0501) -# define HAVE_FREEADDRINFO 1 -# define HAVE_GETADDRINFO 1 -# define HAVE_GETADDRINFO_THREADSAFE 1 -# elif defined(_MSC_VER) && (_MSC_VER >= 1200) -# define HAVE_FREEADDRINFO 1 -# define HAVE_GETADDRINFO 1 -# define HAVE_GETADDRINFO_THREADSAFE 1 -# endif -#endif - -#if defined(__POCC__) -# ifndef _MSC_VER -# error Microsoft extensions /Ze compiler option is required -# endif -# ifndef __POCC__OLDNAMES -# error Compatibility names /Go compiler option is required -# endif -#endif +/* Windows XP is required for freeaddrinfo, getaddrinfo */ +#define HAVE_FREEADDRINFO 1 +#define HAVE_GETADDRINFO 1 +#define HAVE_GETADDRINFO_THREADSAFE 1 /* ---------------------------------------------------------------- */ /* STRUCT RELATED */ /* ---------------------------------------------------------------- */ /* Define if you have struct sockaddr_storage. */ -#if !defined(__SALFORDC__) && !defined(__BORLANDC__) #define HAVE_STRUCT_SOCKADDR_STORAGE 1 -#endif /* Define if you have struct timeval. */ #define HAVE_STRUCT_TIMEVAL 1 @@ -531,10 +413,6 @@ Vista # define USE_WIN32_LARGE_FILES #endif -#if defined(__POCC__) -# undef USE_WIN32_LARGE_FILES -#endif - #if !defined(USE_WIN32_LARGE_FILES) && !defined(USE_WIN32_SMALL_FILES) # define USE_WIN32_SMALL_FILES #endif @@ -596,10 +474,6 @@ Vista #define USE_WIN32_LDAP 1 #endif -#if defined(__POCC__) && defined(USE_WIN32_LDAP) -# define CURL_DISABLE_LDAP 1 -#endif - /* Define to use the Windows crypto library. */ #if !defined(CURL_WINDOWS_APP) #define USE_WIN32_CRYPTO @@ -635,7 +509,7 @@ Vista /* If you want to build curl with the built-in manual */ #define USE_MANUAL 1 -#if defined(__POCC__) || defined(USE_IPV6) +#if defined(USE_IPV6) # define ENABLE_IPV6 1 #endif diff --git a/lib/config-win32ce.h b/lib/config-win32ce.h index cc3833d01..ae3ca290c 100644 --- a/lib/config-win32ce.h +++ b/lib/config-win32ce.h @@ -81,19 +81,10 @@ /* #define HAVE_TERMIOS_H 1 */ /* Define if you have the header file. */ -#if defined(__MINGW32__) || defined(__LCC__) +#if defined(__MINGW32__) #define HAVE_UNISTD_H 1 #endif -/* Define if you have the header file. */ -#define HAVE_WINDOWS_H 1 - -/* Define if you have the header file. */ -#define HAVE_WINSOCK2_H 1 - -/* Define if you have the header file. */ -#define HAVE_WS2TCPIP_H 1 - /* ---------------------------------------------------------------- */ /* OTHER HEADER INFO */ /* ---------------------------------------------------------------- */ @@ -190,8 +181,7 @@ #define in_addr_t unsigned long /* Define ssize_t if it is not an available 'typedefed' type */ -#if defined(__POCC__) -#elif defined(_WIN64) +#if defined(_WIN64) #define ssize_t __int64 #else #define ssize_t int diff --git a/lib/conncache.c b/lib/conncache.c index 93d87686c..66f18ecb8 100644 --- a/lib/conncache.c +++ b/lib/conncache.c @@ -107,7 +107,7 @@ int Curl_conncache_init(struct conncache *connc, int size) connc->closure_handle = curl_easy_init(); if(!connc->closure_handle) return 1; /* bad */ - connc->closure_handle->internal = true; + connc->closure_handle->state.internal = true; Curl_hash_init(&connc->hash, size, Curl_hash_str, Curl_str_key_compare, free_bundle_hash_entry); @@ -243,7 +243,7 @@ CURLcode Curl_conncache_add_conn(struct Curl_easy *data) conn->connection_id = connc->next_connection_id++; connc->num_conn++; - DEBUGF(infof(data, "Added connection %ld. " + DEBUGF(infof(data, "Added connection %" CURL_FORMAT_CURL_OFF_T ". " "The cache now contains %zu members", conn->connection_id, connc->num_conn)); @@ -379,21 +379,26 @@ conncache_find_first_connection(struct conncache *connc) bool Curl_conncache_return_conn(struct Curl_easy *data, struct connectdata *conn) { - /* data->multi->maxconnects can be negative, deal with it. */ - size_t maxconnects = - (data->multi->maxconnects < 0) ? data->multi->num_easy * 4: - data->multi->maxconnects; + unsigned int maxconnects = !data->multi->maxconnects ? + data->multi->num_easy * 4: data->multi->maxconnects; struct connectdata *conn_candidate = NULL; conn->lastused = Curl_now(); /* it was used up until now */ - if(maxconnects > 0 && - Curl_conncache_size(data) > maxconnects) { + if(maxconnects && Curl_conncache_size(data) > maxconnects) { infof(data, "Connection cache is full, closing the oldest one"); conn_candidate = Curl_conncache_extract_oldest(data); if(conn_candidate) { - /* the winner gets the honour of being disconnected */ - Curl_disconnect(data, conn_candidate, /* dead_connection */ FALSE); + /* Use the closure handle for this disconnect so that anything that + happens during the disconnect is not stored and associated with the + 'data' handle which already just finished a transfer and it is + important that details from this (unrelated) disconnect does not + taint meta-data in the data handle. */ + struct conncache *connc = data->state.conn_cache; + connc->closure_handle->state.buffer = data->state.buffer; + connc->closure_handle->set.buffer_size = data->set.buffer_size; + Curl_disconnect(connc->closure_handle, conn_candidate, + /* dead_connection */ FALSE); } } diff --git a/lib/connect.c b/lib/connect.c index c7ba3e20e..45743e98b 100644 --- a/lib/connect.c +++ b/lib/connect.c @@ -84,31 +84,26 @@ #include "curl_memory.h" #include "memdebug.h" +#ifndef ARRAYSIZE +#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) +#endif /* * Curl_timeleft() returns the amount of milliseconds left allowed for the * transfer/connection. If the value is 0, there's no timeout (ie there's * infinite time left). If the value is negative, the timeout time has already * elapsed. - * - * If 'nowp' is non-NULL, it points to the current time. - * 'duringconnect' is FALSE if not during a connect, as then of course the - * connect timeout is not taken into account! - * + * @param data the transfer to check on + * @param nowp timestamp to use for calculdation, NULL to use Curl_now() + * @param duringconnect TRUE iff connect timeout is also taken into account. * @unittest: 1303 */ - -#define TIMEOUT_CONNECT 1 -#define TIMEOUT_MAXTIME 2 - timediff_t Curl_timeleft(struct Curl_easy *data, struct curltime *nowp, bool duringconnect) { - unsigned int timeout_set = 0; - timediff_t connect_timeout_ms = 0; - timediff_t maxtime_timeout_ms = 0; - timediff_t timeout_ms = 0; + timediff_t timeleft_ms = 0; + timediff_t ctimeleft_ms = 0; struct curltime now; /* The duration of a connect and the total transfer are calculated from two @@ -116,43 +111,35 @@ timediff_t Curl_timeleft(struct Curl_easy *data, before the connect timeout expires and we must acknowledge whichever timeout that is reached first. The total timeout is set per entire operation, while the connect timeout is set per connect. */ - - if(data->set.timeout > 0) { - timeout_set = TIMEOUT_MAXTIME; - maxtime_timeout_ms = data->set.timeout; - } - if(duringconnect) { - timeout_set |= TIMEOUT_CONNECT; - connect_timeout_ms = (data->set.connecttimeout > 0) ? - data->set.connecttimeout : DEFAULT_CONNECT_TIMEOUT; - } - if(!timeout_set) - /* no timeout */ - return 0; + if(data->set.timeout <= 0 && !duringconnect) + return 0; /* no timeout in place or checked, return "no limit" */ if(!nowp) { now = Curl_now(); nowp = &now; } - if(timeout_set & TIMEOUT_MAXTIME) { - maxtime_timeout_ms -= Curl_timediff(*nowp, data->progress.t_startop); - timeout_ms = maxtime_timeout_ms; + if(data->set.timeout > 0) { + timeleft_ms = data->set.timeout - + Curl_timediff(*nowp, data->progress.t_startop); + if(!timeleft_ms) + timeleft_ms = -1; /* 0 is "no limit", fake 1 ms expiry */ + if(!duringconnect) + return timeleft_ms; /* no connect check, this is it */ } - if(timeout_set & TIMEOUT_CONNECT) { - connect_timeout_ms -= Curl_timediff(*nowp, data->progress.t_startsingle); - - if(!(timeout_set & TIMEOUT_MAXTIME) || - (connect_timeout_ms < maxtime_timeout_ms)) - timeout_ms = connect_timeout_ms; + if(duringconnect) { + timediff_t ctimeout_ms = (data->set.connecttimeout > 0) ? + data->set.connecttimeout : DEFAULT_CONNECT_TIMEOUT; + ctimeleft_ms = ctimeout_ms - + Curl_timediff(*nowp, data->progress.t_startsingle); + if(!ctimeleft_ms) + ctimeleft_ms = -1; /* 0 is "no limit", fake 1 ms expiry */ + if(!timeleft_ms) + return ctimeleft_ms; /* no general timeout, this is it */ } - - if(!timeout_ms) - /* avoid returning 0 as that means no timeout! */ - return -1; - - return timeout_ms; + /* return minimal time left or max amount already expired */ + return (ctimeleft_ms < timeleft_ms)? ctimeleft_ms : timeleft_ms; } /* Copies connection info into the transfer handle to make it available when @@ -348,6 +335,7 @@ void Curl_conncontrol(struct connectdata *conn, */ struct eyeballer { const char *name; + const struct Curl_addrinfo *first; /* complete address list, not owned */ const struct Curl_addrinfo *addr; /* List of addresses to try, not owned */ int ai_family; /* matching address family only */ cf_ip_connect_create *cf_create; /* for creating cf */ @@ -359,9 +347,12 @@ struct eyeballer { expire_id timeout_id; /* ID for Curl_expire() */ CURLcode result; int error; + BIT(rewinded); /* if we rewinded the addr list */ BIT(has_started); /* attempts have started */ BIT(is_done); /* out of addresses/time */ BIT(connected); /* cf has connected */ + BIT(inconclusive); /* connect was not a hard failure, we + * might talk to a restarting server */ }; @@ -398,7 +389,7 @@ static CURLcode eyeballer_new(struct eyeballer **pballer, struct eyeballer *baller; *pballer = NULL; - baller = calloc(1, sizeof(*baller) + 1000); + baller = calloc(1, sizeof(*baller)); if(!baller) return CURLE_OUT_OF_MEMORY; @@ -408,7 +399,7 @@ static CURLcode eyeballer_new(struct eyeballer **pballer, #endif "ip")); baller->cf_create = cf_create; - baller->addr = addr; + baller->first = baller->addr = addr; baller->ai_family = ai_family; baller->primary = primary; baller->delay_ms = delay_ms; @@ -438,6 +429,13 @@ static void baller_free(struct eyeballer *baller, } } +static void baller_rewind(struct eyeballer *baller) +{ + baller->rewinded = TRUE; + baller->addr = baller->first; + baller->inconclusive = FALSE; +} + static void baller_next_addr(struct eyeballer *baller) { baller->addr = addr_next_match(baller->addr, baller->ai_family); @@ -528,6 +526,10 @@ static CURLcode baller_start_next(struct Curl_cfilter *cf, { if(cf->sockindex == FIRSTSOCKET) { baller_next_addr(baller); + /* If we get inconclusive answers from the server(s), we make + * a second iteration over the address list */ + if(!baller->addr && baller->inconclusive && !baller->rewinded) + baller_rewind(baller); baller_start(cf, data, baller, timeoutms); } else { @@ -566,6 +568,8 @@ static CURLcode baller_connect(struct Curl_cfilter *cf, baller->result = CURLE_OPERATION_TIMEDOUT; } } + else if(baller->result == CURLE_WEIRD_SERVER_REPLY) + baller->inconclusive = TRUE; } return baller->result; } @@ -595,7 +599,7 @@ evaluate: *connected = FALSE; /* a very negative world view is best */ now = Curl_now(); ongoing = not_started = 0; - for(i = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) { + for(i = 0; i < ARRAYSIZE(ctx->baller); i++) { struct eyeballer *baller = ctx->baller[i]; if(!baller || baller->is_done) @@ -656,7 +660,7 @@ evaluate: if(not_started > 0) { int added = 0; - for(i = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) { + for(i = 0; i < ARRAYSIZE(ctx->baller); i++) { struct eyeballer *baller = ctx->baller[i]; if(!baller || baller->has_started) @@ -691,13 +695,13 @@ evaluate: /* all ballers have failed to connect. */ CURL_TRC_CF(data, cf, "all eyeballers failed"); result = CURLE_COULDNT_CONNECT; - for(i = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) { + for(i = 0; i < ARRAYSIZE(ctx->baller); i++) { struct eyeballer *baller = ctx->baller[i]; + if(!baller) + continue; CURL_TRC_CF(data, cf, "%s assess started=%d, result=%d", - baller?baller->name:NULL, - baller?baller->has_started:0, - baller?baller->result:0); - if(baller && baller->has_started && baller->result) { + baller->name, baller->has_started, baller->result); + if(baller->has_started && baller->result) { result = baller->result; break; } @@ -838,7 +842,7 @@ static void cf_he_ctx_clear(struct Curl_cfilter *cf, struct Curl_easy *data) DEBUGASSERT(ctx); DEBUGASSERT(data); - for(i = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) { + for(i = 0; i < ARRAYSIZE(ctx->baller); i++) { baller_free(ctx->baller[i], data); ctx->baller[i] = NULL; } @@ -846,35 +850,22 @@ static void cf_he_ctx_clear(struct Curl_cfilter *cf, struct Curl_easy *data) ctx->winner = NULL; } -static int cf_he_get_select_socks(struct Curl_cfilter *cf, +static void cf_he_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, - curl_socket_t *socks) + struct easy_pollset *ps) { struct cf_he_ctx *ctx = cf->ctx; - size_t i, s; - int wrc, rc = GETSOCK_BLANK; - curl_socket_t wsocks[MAX_SOCKSPEREASYHANDLE]; - - if(cf->connected) - return cf->next->cft->get_select_socks(cf->next, data, socks); - - for(i = s = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) { - struct eyeballer *baller = ctx->baller[i]; - if(!baller || !baller->cf) - continue; + size_t i; - wrc = Curl_conn_cf_get_select_socks(baller->cf, data, wsocks); - if(wrc) { - /* TODO: we assume we get at most one socket back */ - socks[s] = wsocks[0]; - if(wrc & GETSOCK_WRITESOCK(0)) - rc |= GETSOCK_WRITESOCK(s); - if(wrc & GETSOCK_READSOCK(0)) - rc |= GETSOCK_READSOCK(s); - s++; + if(!cf->connected) { + for(i = 0; i < ARRAYSIZE(ctx->baller); i++) { + struct eyeballer *baller = ctx->baller[i]; + if(!baller || !baller->cf) + continue; + Curl_conn_cf_adjust_pollset(baller->cf, data, ps); } + CURL_TRC_CF(data, cf, "adjust_pollset -> %d socks", ps->num); } - return rc; } static CURLcode cf_he_connect(struct Curl_cfilter *cf, @@ -901,7 +892,7 @@ static CURLcode cf_he_connect(struct Curl_cfilter *cf, if(result) return result; ctx->state = SCFST_WAITING; - /* FALLTHROUGH */ + FALLTHROUGH(); case SCFST_WAITING: result = is_connected(cf, data, done); if(!result && *done) { @@ -956,7 +947,7 @@ static bool cf_he_data_pending(struct Curl_cfilter *cf, if(cf->connected) return cf->next->cft->has_data_pending(cf->next, data); - for(i = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) { + for(i = 0; i < ARRAYSIZE(ctx->baller); i++) { struct eyeballer *baller = ctx->baller[i]; if(!baller || !baller->cf) continue; @@ -975,7 +966,7 @@ static struct curltime get_max_baller_time(struct Curl_cfilter *cf, size_t i; memset(&tmax, 0, sizeof(tmax)); - for(i = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) { + for(i = 0; i < ARRAYSIZE(ctx->baller); i++) { struct eyeballer *baller = ctx->baller[i]; memset(&t, 0, sizeof(t)); @@ -1000,7 +991,7 @@ static CURLcode cf_he_query(struct Curl_cfilter *cf, int reply_ms = -1; size_t i; - for(i = 0; i < sizeof(ctx->baller)/sizeof(ctx->baller[0]); i++) { + for(i = 0; i < ARRAYSIZE(ctx->baller); i++) { struct eyeballer *baller = ctx->baller[i]; int breply_ms; @@ -1055,7 +1046,7 @@ struct Curl_cftype Curl_cft_happy_eyeballs = { cf_he_connect, cf_he_close, Curl_cf_def_get_host, - cf_he_get_select_socks, + cf_he_adjust_pollset, cf_he_data_pending, Curl_cf_def_send, Curl_cf_def_recv, @@ -1089,7 +1080,7 @@ cf_happy_eyeballs_create(struct Curl_cfilter **pcf, (void)data; (void)conn; *pcf = NULL; - ctx = calloc(sizeof(*ctx), 1); + ctx = calloc(1, sizeof(*ctx)); if(!ctx) { result = CURLE_OUT_OF_MEMORY; goto out; @@ -1122,13 +1113,13 @@ struct transport_provider transport_providers[] = { #ifdef ENABLE_QUIC { TRNSPRT_QUIC, Curl_cf_quic_create }, #endif +#ifndef CURL_DISABLE_TFTP { TRNSPRT_UDP, Curl_cf_udp_create }, +#endif +#ifdef USE_UNIX_SOCKETS { TRNSPRT_UNIX, Curl_cf_unix_create }, -}; - -#ifndef ARRAYSIZE -#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) #endif +}; static cf_ip_connect_create *get_cf_create(int transport) { @@ -1319,7 +1310,7 @@ struct Curl_cftype Curl_cft_setup = { cf_setup_connect, cf_setup_close, Curl_cf_def_get_host, - Curl_cf_def_get_select_socks, + Curl_cf_def_adjust_pollset, Curl_cf_def_data_pending, Curl_cf_def_send, Curl_cf_def_recv, @@ -1340,7 +1331,7 @@ static CURLcode cf_setup_create(struct Curl_cfilter **pcf, CURLcode result = CURLE_OK; (void)data; - ctx = calloc(sizeof(*ctx), 1); + ctx = calloc(1, sizeof(*ctx)); if(!ctx) { result = CURLE_OUT_OF_MEMORY; goto out; diff --git a/lib/content_encoding.c b/lib/content_encoding.c index 7970cc063..c1abf24e8 100644 --- a/lib/content_encoding.c +++ b/lib/content_encoding.c @@ -63,6 +63,9 @@ #ifndef CURL_DISABLE_HTTP +/* allow no more than 5 "chained" compression steps */ +#define MAX_ENCODE_STACK 5 + #define DSIZ CURL_MAX_WRITE_SIZE /* buffer size for decompressed data */ @@ -95,7 +98,7 @@ typedef enum { /* Deflate and gzip writer. */ struct zlib_writer { - struct contenc_writer super; + struct Curl_cwriter super; zlibInitState zlib_init; /* zlib init state */ uInt trailerlen; /* Remaining trailer byte count. */ z_stream z; /* State structure for zlib. */ @@ -171,7 +174,7 @@ static CURLcode process_trailer(struct Curl_easy *data, } static CURLcode inflate_stream(struct Curl_easy *data, - struct contenc_writer *writer, + struct Curl_cwriter *writer, int type, zlibInitState started) { struct zlib_writer *zp = (struct zlib_writer *) writer; @@ -196,7 +199,7 @@ static CURLcode inflate_stream(struct Curl_easy *data, return exit_zlib(data, z, &zp->zlib_init, CURLE_OUT_OF_MEMORY); /* because the buffer size is fixed, iteratively decompress and transfer to - the client via downstream_write function. */ + the client via next_write function. */ while(!done) { int status; /* zlib status */ done = TRUE; @@ -217,7 +220,7 @@ static CURLcode inflate_stream(struct Curl_easy *data, if(z->avail_out != DSIZ) { if(status == Z_OK || status == Z_STREAM_END) { zp->zlib_init = started; /* Data started. */ - result = Curl_unencode_write(data, writer->downstream, decomp, + result = Curl_cwriter_write(data, writer->next, type, decomp, DSIZ - z->avail_out); if(result) { exit_zlib(data, z, &zp->zlib_init, result); @@ -274,8 +277,8 @@ static CURLcode inflate_stream(struct Curl_easy *data, /* Deflate handler. */ -static CURLcode deflate_init_writer(struct Curl_easy *data, - struct contenc_writer *writer) +static CURLcode deflate_do_init(struct Curl_easy *data, + struct Curl_cwriter *writer) { struct zlib_writer *zp = (struct zlib_writer *) writer; z_stream *z = &zp->z; /* zlib state structure */ @@ -290,13 +293,16 @@ static CURLcode deflate_init_writer(struct Curl_easy *data, return CURLE_OK; } -static CURLcode deflate_unencode_write(struct Curl_easy *data, - struct contenc_writer *writer, +static CURLcode deflate_do_write(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, const char *buf, size_t nbytes) { struct zlib_writer *zp = (struct zlib_writer *) writer; z_stream *z = &zp->z; /* zlib state structure */ + if(!(type & CLIENTWRITE_BODY)) + return Curl_cwriter_write(data, writer->next, type, buf, nbytes); + /* Set the compressed input when this function is called */ z->next_in = (Bytef *) buf; z->avail_in = (uInt) nbytes; @@ -305,11 +311,11 @@ static CURLcode deflate_unencode_write(struct Curl_easy *data, return process_trailer(data, zp); /* Now uncompress the data */ - return inflate_stream(data, writer, ZLIB_INFLATING); + return inflate_stream(data, writer, type, ZLIB_INFLATING); } -static void deflate_close_writer(struct Curl_easy *data, - struct contenc_writer *writer) +static void deflate_do_close(struct Curl_easy *data, + struct Curl_cwriter *writer) { struct zlib_writer *zp = (struct zlib_writer *) writer; z_stream *z = &zp->z; /* zlib state structure */ @@ -317,19 +323,19 @@ static void deflate_close_writer(struct Curl_easy *data, exit_zlib(data, z, &zp->zlib_init, CURLE_OK); } -static const struct content_encoding deflate_encoding = { +static const struct Curl_cwtype deflate_encoding = { "deflate", NULL, - deflate_init_writer, - deflate_unencode_write, - deflate_close_writer, + deflate_do_init, + deflate_do_write, + deflate_do_close, sizeof(struct zlib_writer) }; /* Gzip handler. */ -static CURLcode gzip_init_writer(struct Curl_easy *data, - struct contenc_writer *writer) +static CURLcode gzip_do_init(struct Curl_easy *data, + struct Curl_cwriter *writer) { struct zlib_writer *zp = (struct zlib_writer *) writer; z_stream *z = &zp->z; /* zlib state structure */ @@ -359,11 +365,14 @@ static CURLcode gzip_init_writer(struct Curl_easy *data, #ifdef OLD_ZLIB_SUPPORT /* Skip over the gzip header */ -static enum { +typedef enum { GZIP_OK, GZIP_BAD, GZIP_UNDERFLOW -} check_gzip_header(unsigned char const *data, ssize_t len, ssize_t *headerlen) +} gzip_status; + +static gzip_status check_gzip_header(unsigned char const *data, ssize_t len, + ssize_t *headerlen) { int method, flags; const ssize_t totallen = len; @@ -441,19 +450,22 @@ static enum { } #endif -static CURLcode gzip_unencode_write(struct Curl_easy *data, - struct contenc_writer *writer, +static CURLcode gzip_do_write(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, const char *buf, size_t nbytes) { struct zlib_writer *zp = (struct zlib_writer *) writer; z_stream *z = &zp->z; /* zlib state structure */ + if(!(type & CLIENTWRITE_BODY)) + return Curl_cwriter_write(data, writer->next, type, buf, nbytes); + if(zp->zlib_init == ZLIB_INIT_GZIP) { /* Let zlib handle the gzip decompression entirely */ z->next_in = (Bytef *) buf; z->avail_in = (uInt) nbytes; /* Now uncompress the data */ - return inflate_stream(data, writer, ZLIB_INIT_GZIP); + return inflate_stream(data, writer, type, ZLIB_INIT_GZIP); } #ifndef OLD_ZLIB_SUPPORT @@ -565,12 +577,12 @@ static CURLcode gzip_unencode_write(struct Curl_easy *data, } /* We've parsed the header, now uncompress the data */ - return inflate_stream(data, writer, ZLIB_GZIP_INFLATING); + return inflate_stream(data, writer, type, ZLIB_GZIP_INFLATING); #endif } -static void gzip_close_writer(struct Curl_easy *data, - struct contenc_writer *writer) +static void gzip_do_close(struct Curl_easy *data, + struct Curl_cwriter *writer) { struct zlib_writer *zp = (struct zlib_writer *) writer; z_stream *z = &zp->z; /* zlib state structure */ @@ -578,12 +590,12 @@ static void gzip_close_writer(struct Curl_easy *data, exit_zlib(data, z, &zp->zlib_init, CURLE_OK); } -static const struct content_encoding gzip_encoding = { +static const struct Curl_cwtype gzip_encoding = { "gzip", "x-gzip", - gzip_init_writer, - gzip_unencode_write, - gzip_close_writer, + gzip_do_init, + gzip_do_write, + gzip_do_close, sizeof(struct zlib_writer) }; @@ -593,7 +605,7 @@ static const struct content_encoding gzip_encoding = { #ifdef HAVE_BROTLI /* Brotli writer. */ struct brotli_writer { - struct contenc_writer super; + struct Curl_cwriter super; BrotliDecoderState *br; /* State structure for brotli. */ }; @@ -635,8 +647,8 @@ static CURLcode brotli_map_error(BrotliDecoderErrorCode be) return CURLE_WRITE_ERROR; } -static CURLcode brotli_init_writer(struct Curl_easy *data, - struct contenc_writer *writer) +static CURLcode brotli_do_init(struct Curl_easy *data, + struct Curl_cwriter *writer) { struct brotli_writer *bp = (struct brotli_writer *) writer; (void) data; @@ -645,8 +657,8 @@ static CURLcode brotli_init_writer(struct Curl_easy *data, return bp->br? CURLE_OK: CURLE_OUT_OF_MEMORY; } -static CURLcode brotli_unencode_write(struct Curl_easy *data, - struct contenc_writer *writer, +static CURLcode brotli_do_write(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, const char *buf, size_t nbytes) { struct brotli_writer *bp = (struct brotli_writer *) writer; @@ -657,6 +669,9 @@ static CURLcode brotli_unencode_write(struct Curl_easy *data, CURLcode result = CURLE_OK; BrotliDecoderResult r = BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT; + if(!(type & CLIENTWRITE_BODY)) + return Curl_cwriter_write(data, writer->next, type, buf, nbytes); + if(!bp->br) return CURLE_WRITE_ERROR; /* Stream already ended. */ @@ -670,7 +685,7 @@ static CURLcode brotli_unencode_write(struct Curl_easy *data, dstleft = DSIZ; r = BrotliDecoderDecompressStream(bp->br, &nbytes, &src, &dstleft, &dst, NULL); - result = Curl_unencode_write(data, writer->downstream, + result = Curl_cwriter_write(data, writer->next, type, decomp, DSIZ - dstleft); if(result) break; @@ -693,8 +708,8 @@ static CURLcode brotli_unencode_write(struct Curl_easy *data, return result; } -static void brotli_close_writer(struct Curl_easy *data, - struct contenc_writer *writer) +static void brotli_do_close(struct Curl_easy *data, + struct Curl_cwriter *writer) { struct brotli_writer *bp = (struct brotli_writer *) writer; @@ -706,12 +721,12 @@ static void brotli_close_writer(struct Curl_easy *data, } } -static const struct content_encoding brotli_encoding = { +static const struct Curl_cwtype brotli_encoding = { "br", NULL, - brotli_init_writer, - brotli_unencode_write, - brotli_close_writer, + brotli_do_init, + brotli_do_write, + brotli_do_close, sizeof(struct brotli_writer) }; #endif @@ -720,13 +735,13 @@ static const struct content_encoding brotli_encoding = { #ifdef HAVE_ZSTD /* Zstd writer. */ struct zstd_writer { - struct contenc_writer super; + struct Curl_cwriter super; ZSTD_DStream *zds; /* State structure for zstd. */ void *decomp; }; -static CURLcode zstd_init_writer(struct Curl_easy *data, - struct contenc_writer *writer) +static CURLcode zstd_do_init(struct Curl_easy *data, + struct Curl_cwriter *writer) { struct zstd_writer *zp = (struct zstd_writer *) writer; @@ -737,8 +752,8 @@ static CURLcode zstd_init_writer(struct Curl_easy *data, return zp->zds ? CURLE_OK : CURLE_OUT_OF_MEMORY; } -static CURLcode zstd_unencode_write(struct Curl_easy *data, - struct contenc_writer *writer, +static CURLcode zstd_do_write(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, const char *buf, size_t nbytes) { CURLcode result = CURLE_OK; @@ -747,6 +762,9 @@ static CURLcode zstd_unencode_write(struct Curl_easy *data, ZSTD_outBuffer out; size_t errorCode; + if(!(type & CLIENTWRITE_BODY)) + return Curl_cwriter_write(data, writer->next, type, buf, nbytes); + if(!zp->decomp) { zp->decomp = malloc(DSIZ); if(!zp->decomp) @@ -766,7 +784,7 @@ static CURLcode zstd_unencode_write(struct Curl_easy *data, return CURLE_BAD_CONTENT_ENCODING; } if(out.pos > 0) { - result = Curl_unencode_write(data, writer->downstream, + result = Curl_cwriter_write(data, writer->next, type, zp->decomp, out.pos); if(result) break; @@ -778,8 +796,8 @@ static CURLcode zstd_unencode_write(struct Curl_easy *data, return result; } -static void zstd_close_writer(struct Curl_easy *data, - struct contenc_writer *writer) +static void zstd_do_close(struct Curl_easy *data, + struct Curl_cwriter *writer) { struct zstd_writer *zp = (struct zstd_writer *) writer; @@ -795,52 +813,30 @@ static void zstd_close_writer(struct Curl_easy *data, } } -static const struct content_encoding zstd_encoding = { +static const struct Curl_cwtype zstd_encoding = { "zstd", NULL, - zstd_init_writer, - zstd_unencode_write, - zstd_close_writer, + zstd_do_init, + zstd_do_write, + zstd_do_close, sizeof(struct zstd_writer) }; #endif /* Identity handler. */ -static CURLcode identity_init_writer(struct Curl_easy *data, - struct contenc_writer *writer) -{ - (void)data; - (void)writer; - return CURLE_OK; -} - -static CURLcode identity_unencode_write(struct Curl_easy *data, - struct contenc_writer *writer, - const char *buf, size_t nbytes) -{ - return Curl_unencode_write(data, writer->downstream, buf, nbytes); -} - -static void identity_close_writer(struct Curl_easy *data, - struct contenc_writer *writer) -{ - (void) data; - (void) writer; -} - -static const struct content_encoding identity_encoding = { +static const struct Curl_cwtype identity_encoding = { "identity", "none", - identity_init_writer, - identity_unencode_write, - identity_close_writer, - sizeof(struct contenc_writer) + Curl_cwriter_def_init, + Curl_cwriter_def_write, + Curl_cwriter_def_close, + sizeof(struct Curl_cwriter) }; -/* supported content encodings table. */ -static const struct content_encoding * const encodings[] = { +/* supported general content decoders. */ +static const struct Curl_cwtype * const general_unencoders[] = { &identity_encoding, #ifdef HAVE_LIBZ &deflate_encoding, @@ -855,28 +851,39 @@ static const struct content_encoding * const encodings[] = { NULL }; +/* supported content decoders only for transfer encodings */ +static const struct Curl_cwtype * const transfer_unencoders[] = { +#ifndef CURL_DISABLE_HTTP + &Curl_httpchunk_unencoder, +#endif + NULL +}; -/* Return a list of comma-separated names of supported encodings. */ -char *Curl_all_content_encodings(void) +/* Provide a list of comma-separated names of supported encodings. +*/ +void Curl_all_content_encodings(char *buf, size_t blen) { size_t len = 0; - const struct content_encoding * const *cep; - const struct content_encoding *ce; - char *ace; + const struct Curl_cwtype * const *cep; + const struct Curl_cwtype *ce; + + DEBUGASSERT(buf); + DEBUGASSERT(blen); + buf[0] = 0; - for(cep = encodings; *cep; cep++) { + for(cep = general_unencoders; *cep; cep++) { ce = *cep; if(!strcasecompare(ce->name, CONTENT_ENCODING_DEFAULT)) len += strlen(ce->name) + 2; } - if(!len) - return strdup(CONTENT_ENCODING_DEFAULT); - - ace = malloc(len); - if(ace) { - char *p = ace; - for(cep = encodings; *cep; cep++) { + if(!len) { + if(blen >= sizeof(CONTENT_ENCODING_DEFAULT)) + strcpy(buf, CONTENT_ENCODING_DEFAULT); + } + else if(blen > len) { + char *p = buf; + for(cep = general_unencoders; *cep; cep++) { ce = *cep; if(!strcasecompare(ce->name, CONTENT_ENCODING_DEFAULT)) { strcpy(p, ce->name); @@ -887,75 +894,71 @@ char *Curl_all_content_encodings(void) } p[-2] = '\0'; } - - return ace; } - /* Deferred error dummy writer. */ -static CURLcode error_init_writer(struct Curl_easy *data, - struct contenc_writer *writer) +static CURLcode error_do_init(struct Curl_easy *data, + struct Curl_cwriter *writer) { (void)data; (void)writer; return CURLE_OK; } -static CURLcode error_unencode_write(struct Curl_easy *data, - struct contenc_writer *writer, +static CURLcode error_do_write(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, const char *buf, size_t nbytes) { - char *all = Curl_all_content_encodings(); + char all[256]; + (void)Curl_all_content_encodings(all, sizeof(all)); (void) writer; (void) buf; (void) nbytes; - if(!all) - return CURLE_OUT_OF_MEMORY; + if(!(type & CLIENTWRITE_BODY)) + return Curl_cwriter_write(data, writer->next, type, buf, nbytes); + failf(data, "Unrecognized content encoding type. " "libcurl understands %s content encodings.", all); - free(all); return CURLE_BAD_CONTENT_ENCODING; } -static void error_close_writer(struct Curl_easy *data, - struct contenc_writer *writer) +static void error_do_close(struct Curl_easy *data, + struct Curl_cwriter *writer) { (void) data; (void) writer; } -static const struct content_encoding error_encoding = { - NULL, +static const struct Curl_cwtype error_writer = { + "ce-error", NULL, - error_init_writer, - error_unencode_write, - error_close_writer, - sizeof(struct contenc_writer) + error_do_init, + error_do_write, + error_do_close, + sizeof(struct Curl_cwriter) }; -/* Write data using an unencoding writer stack. "nbytes" is not - allowed to be 0. */ -CURLcode Curl_unencode_write(struct Curl_easy *data, - struct contenc_writer *writer, - const char *buf, size_t nbytes) -{ - if(!nbytes) - return CURLE_OK; - if(!writer) - return CURLE_WRITE_ERROR; - return writer->handler->unencode_write(data, writer, buf, nbytes); -} - /* Find the content encoding by name. */ -static const struct content_encoding *find_encoding(const char *name, - size_t len) +static const struct Curl_cwtype *find_unencode_writer(const char *name, + size_t len, + Curl_cwriter_phase phase) { - const struct content_encoding * const *cep; - - for(cep = encodings; *cep; cep++) { - const struct content_encoding *ce = *cep; + const struct Curl_cwtype * const *cep; + + if(phase == CURL_CW_TRANSFER_DECODE) { + for(cep = transfer_unencoders; *cep; cep++) { + const struct Curl_cwtype *ce = *cep; + if((strncasecompare(name, ce->name, len) && !ce->name[len]) || + (ce->alias && strncasecompare(name, ce->alias, len) + && !ce->alias[len])) + return ce; + } + } + /* look among the general decoders */ + for(cep = general_unencoders; *cep; cep++) { + const struct Curl_cwtype *ce = *cep; if((strncasecompare(name, ce->name, len) && !ce->name[len]) || (ce->alias && strncasecompare(name, ce->alias, len) && !ce->alias[len])) return ce; @@ -968,8 +971,8 @@ static const struct content_encoding *find_encoding(const char *name, CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, const char *enclist, int is_transfer) { - struct SingleRequest *k = &data->req; - unsigned int order = is_transfer? 2: 1; + Curl_cwriter_phase phase = is_transfer? + CURL_CW_TRANSFER_DECODE:CURL_CW_CONTENT_DECODE; CURLcode result; do { @@ -986,31 +989,36 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, if(!ISSPACE(*enclist)) namelen = enclist - name + 1; - /* Special case: chunked encoding is handled at the reader level. */ - if(is_transfer && namelen == 7 && strncasecompare(name, "chunked", 7)) { - k->chunk = TRUE; /* chunks coming our way. */ - Curl_httpchunk_init(data); /* init our chunky engine. */ - } - else if(namelen) { - const struct content_encoding *encoding; - struct contenc_writer *writer; - if(is_transfer && !data->set.http_transfer_encoding) + if(namelen) { + const struct Curl_cwtype *cwt; + struct Curl_cwriter *writer; + + /* if we skip the decoding in this phase, do not look further. + * Exception is "chunked" transfer-encoding which always must happen */ + if((is_transfer && !data->set.http_transfer_encoding && + (namelen != 7 || !strncasecompare(name, "chunked", 7))) || + (!is_transfer && data->set.http_ce_skip)) { /* not requested, ignore */ return CURLE_OK; + } - encoding = find_encoding(name, namelen); - /* Fix on OHOS: ignore this error when the content-encoding is not recognized. */ - if(!encoding) { - return CURLE_OK; + if(Curl_cwriter_count(data, phase) + 1 >= MAX_ENCODE_STACK) { + failf(data, "Reject response due to more than %u content encodings", + MAX_ENCODE_STACK); + return CURLE_BAD_CONTENT_ENCODING; } - result = Curl_client_create_writer(&writer, data, encoding, order); + cwt = find_unencode_writer(name, namelen, phase); + if(!cwt) + cwt = &error_writer; /* Defer error at use. */ + + result = Curl_cwriter_create(&writer, data, cwt, phase); if(result) return result; - result = Curl_client_add_writer(data, writer); + result = Curl_cwriter_add(data, writer); if(result) { - Curl_client_free_writer(data, writer); + Curl_cwriter_free(data, writer); return result; } } @@ -1030,20 +1038,15 @@ CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, return CURLE_NOT_BUILT_IN; } -CURLcode Curl_unencode_write(struct Curl_easy *data, - struct contenc_writer *writer, - const char *buf, size_t nbytes) +void Curl_all_content_encodings(char *buf, size_t blen) { - (void) data; - (void) writer; - (void) buf; - (void) nbytes; - return CURLE_NOT_BUILT_IN; + DEBUGASSERT(buf); + DEBUGASSERT(blen); + if(blen < sizeof(CONTENT_ENCODING_DEFAULT)) + buf[0] = 0; + else + strcpy(buf, CONTENT_ENCODING_DEFAULT); } -char *Curl_all_content_encodings(void) -{ - return strdup(CONTENT_ENCODING_DEFAULT); /* Satisfy caller. */ -} #endif /* CURL_DISABLE_HTTP */ diff --git a/lib/content_encoding.h b/lib/content_encoding.h index ef7930cb3..1addf230b 100644 --- a/lib/content_encoding.h +++ b/lib/content_encoding.h @@ -25,15 +25,10 @@ ***************************************************************************/ #include "curl_setup.h" -struct contenc_writer; +struct Curl_cwriter; -char *Curl_all_content_encodings(void); +void Curl_all_content_encodings(char *buf, size_t blen); CURLcode Curl_build_unencoding_stack(struct Curl_easy *data, const char *enclist, int is_transfer); -CURLcode Curl_unencode_write(struct Curl_easy *data, - struct contenc_writer *writer, - const char *buf, size_t nbytes); -void Curl_unencode_cleanup(struct Curl_easy *data); - #endif /* HEADER_CURL_CONTENT_ENCODING_H */ diff --git a/lib/cookie.c b/lib/cookie.c index 57b2ad9a5..dc319b611 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -330,7 +330,7 @@ static char *sanitize_cookie_path(const char *cookie_path) */ void Curl_cookie_loadfiles(struct Curl_easy *data) { - struct curl_slist *list = data->set.cookielist; + struct curl_slist *list = data->state.cookielist; if(list) { Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, CURL_LOCK_ACCESS_SINGLE); while(list) { @@ -365,9 +365,7 @@ static void strstore(char **str, const char *newstr, size_t len) DEBUGASSERT(newstr); DEBUGASSERT(str); free(*str); - *str = Curl_memdup(newstr, len + 1); - if(*str) - (*str)[len] = 0; + *str = Curl_memdup0(newstr, len); } /* @@ -823,10 +821,8 @@ Curl_cookie_add(struct Curl_easy *data, endslash = memrchr(path, '/', (queryp - path)); if(endslash) { size_t pathlen = (endslash-path + 1); /* include end slash */ - co->path = malloc(pathlen + 1); /* one extra for the zero byte */ + co->path = Curl_memdup0(path, pathlen); if(co->path) { - memcpy(co->path, path, pathlen); - co->path[pathlen] = 0; /* null-terminate */ co->spath = sanitize_cookie_path(co->path); if(!co->spath) badcookie = TRUE; /* out of memory bad */ @@ -929,7 +925,7 @@ Curl_cookie_add(struct Curl_easy *data, if(!co->spath) badcookie = TRUE; fields++; /* add a field and fall down to secure */ - /* FALLTHROUGH */ + FALLTHROUGH(); case 3: co->secure = FALSE; if(strcasecompare(ptr, "TRUE")) { @@ -1231,7 +1227,7 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data, if(data) { FILE *fp = NULL; - if(file) { + if(file && *file) { if(!strcmp(file, "-")) fp = stdin; else { @@ -1355,7 +1351,7 @@ static int cookie_sort_ct(const void *p1, const void *p2) static struct Cookie *dup_cookie(struct Cookie *src) { - struct Cookie *d = calloc(sizeof(struct Cookie), 1); + struct Cookie *d = calloc(1, sizeof(struct Cookie)); if(d) { CLONE(domain); CLONE(path); diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake index 0bfb45796..937b93edb 100644 --- a/lib/curl_config.h.cmake +++ b/lib/curl_config.h.cmake @@ -74,9 +74,15 @@ /* disables FTP */ #cmakedefine CURL_DISABLE_FTP 1 +/* disables curl_easy_options API for existing options to curl_easy_setopt */ +#cmakedefine CURL_DISABLE_GETOPTIONS 1 + /* disables GOPHER */ #cmakedefine CURL_DISABLE_GOPHER 1 +/* disables headers-api support */ +#cmakedefine CURL_DISABLE_HEADERS_API 1 + /* disables HSTS support */ #cmakedefine CURL_DISABLE_HSTS 1 @@ -98,6 +104,9 @@ /* disables MIME support */ #cmakedefine CURL_DISABLE_MIME 1 +/* disables local binding support */ +#cmakedefine CURL_DISABLE_BINDLOCAL 1 + /* disables MQTT */ #cmakedefine CURL_DISABLE_MQTT 1 @@ -168,9 +177,6 @@ /* Define to 1 if you have _Atomic support. */ #cmakedefine HAVE_ATOMIC 1 -/* Define to 1 if you have the `fchmod' function. */ -#cmakedefine HAVE_FCHMOD 1 - /* Define to 1 if you have the `fnmatch' function. */ #cmakedefine HAVE_FNMATCH 1 @@ -208,6 +214,9 @@ /* Define to 1 if you have the fseeko function. */ #cmakedefine HAVE_FSEEKO 1 +/* Define to 1 if you have the fseeko declaration. */ +#cmakedefine HAVE_DECL_FSEEKO 1 + /* Define to 1 if you have the _fseeki64 function. */ #cmakedefine HAVE__FSEEKI64 1 @@ -289,12 +298,6 @@ /* if you have the GNU gssapi libraries */ #cmakedefine HAVE_GSSGNU 1 -/* if you have the Heimdal gssapi libraries */ -#cmakedefine HAVE_GSSHEIMDAL 1 - -/* if you have the MIT gssapi libraries */ -#cmakedefine HAVE_GSSMIT 1 - /* Define to 1 if you have the `idna_strerror' function. */ #cmakedefine HAVE_IDNA_STRERROR 1 @@ -313,9 +316,6 @@ /* Define to 1 if symbol `ADDRESS_FAMILY' exists */ #cmakedefine HAVE_ADDRESS_FAMILY 1 -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_INTTYPES_H 1 - /* Define to 1 if you have the ioctlsocket function. */ #cmakedefine HAVE_IOCTLSOCKET 1 @@ -497,9 +497,6 @@ /* Define to 1 if you have the header file. */ #cmakedefine HAVE_STDBOOL_H 1 -/* Define to 1 if you have the header file. */ -#cmakedefine HAVE_STDINT_H 1 - /* Define to 1 if you have the strcasecmp function. */ #cmakedefine HAVE_STRCASECMP 1 @@ -596,24 +593,9 @@ /* Define to 1 if you have the header file. */ #cmakedefine HAVE_UTIME_H 1 -/* Define to 1 if compiler supports C99 variadic macro style. */ -#cmakedefine HAVE_VARIADIC_MACROS_C99 1 - -/* Define to 1 if compiler supports old gcc variadic macro style. */ -#cmakedefine HAVE_VARIADIC_MACROS_GCC 1 - -/* Define to 1 if you have the windows.h header file. */ -#cmakedefine HAVE_WINDOWS_H 1 - -/* Define to 1 if you have the winsock2.h header file. */ -#cmakedefine HAVE_WINSOCK2_H 1 - /* Define this symbol if your OS supports changing the contents of argv */ #cmakedefine HAVE_WRITABLE_ARGV 1 -/* Define to 1 if you have the ws2tcpip.h header file. */ -#cmakedefine HAVE_WS2TCPIP_H 1 - /* Define to 1 if you need the lber.h header file even with ldap.h */ #cmakedefine NEED_LBER_H 1 @@ -716,9 +698,6 @@ ${SIZEOF_TIME_T_CODE} /* if libPSL is in use */ #cmakedefine USE_LIBPSL 1 -/* If you want to build curl with the built-in manual */ -#cmakedefine USE_MANUAL 1 - /* if you want to use OpenLDAP code instead of legacy ldap implementation */ #cmakedefine USE_OPENLDAP 1 diff --git a/lib/curl_hmac.h b/lib/curl_hmac.h index 2ea03dd26..7a5387a94 100644 --- a/lib/curl_hmac.h +++ b/lib/curl_hmac.h @@ -25,7 +25,8 @@ ***************************************************************************/ #if (defined(USE_CURL_NTLM_CORE) && !defined(USE_WINDOWS_SSPI)) \ - || !defined(CURL_DISABLE_AWS) || !defined(CURL_DISABLE_DIGEST_AUTH) + || !defined(CURL_DISABLE_AWS) || !defined(CURL_DISABLE_DIGEST_AUTH) \ + || defined(USE_LIBSSH2) #include diff --git a/lib/curl_memory.h b/lib/curl_memory.h index b8c46d793..714ad71c9 100644 --- a/lib/curl_memory.h +++ b/lib/curl_memory.h @@ -68,7 +68,7 @@ #undef send #undef recv -#ifdef WIN32 +#ifdef _WIN32 # ifdef UNICODE # undef wcsdup # undef _wcsdup @@ -134,7 +134,7 @@ extern curl_free_callback Curl_cfree; extern curl_realloc_callback Curl_crealloc; extern curl_strdup_callback Curl_cstrdup; extern curl_calloc_callback Curl_ccalloc; -#if defined(WIN32) && defined(UNICODE) +#if defined(_WIN32) && defined(UNICODE) extern curl_wcsdup_callback Curl_cwcsdup; #endif @@ -160,7 +160,7 @@ extern curl_wcsdup_callback Curl_cwcsdup; #undef free #define free(ptr) Curl_cfree(ptr) -#ifdef WIN32 +#ifdef _WIN32 # ifdef UNICODE # undef wcsdup # define wcsdup(ptr) Curl_cwcsdup(ptr) diff --git a/lib/curl_multibyte.c b/lib/curl_multibyte.c index 522ea34e8..ff2109856 100644 --- a/lib/curl_multibyte.c +++ b/lib/curl_multibyte.c @@ -32,7 +32,7 @@ #include "curl_setup.h" -#if defined(WIN32) +#if defined(_WIN32) #include "curl_multibyte.h" @@ -84,7 +84,7 @@ char *curlx_convert_wchar_to_UTF8(const wchar_t *str_w) return str_utf8; } -#endif /* WIN32 */ +#endif /* _WIN32 */ #if defined(USE_WIN32_LARGE_FILES) || defined(USE_WIN32_SMALL_FILES) diff --git a/lib/curl_multibyte.h b/lib/curl_multibyte.h index ddac1f638..8b9ac719e 100644 --- a/lib/curl_multibyte.h +++ b/lib/curl_multibyte.h @@ -25,7 +25,7 @@ ***************************************************************************/ #include "curl_setup.h" -#if defined(WIN32) +#if defined(_WIN32) /* * MultiByte conversions using Windows kernel32 library. @@ -33,7 +33,7 @@ wchar_t *curlx_convert_UTF8_to_wchar(const char *str_utf8); char *curlx_convert_wchar_to_UTF8(const wchar_t *str_w); -#endif /* WIN32 */ +#endif /* _WIN32 */ /* * Macros curlx_convert_UTF8_to_tchar(), curlx_convert_tchar_to_UTF8() @@ -54,7 +54,7 @@ char *curlx_convert_wchar_to_UTF8(const wchar_t *str_w); * ensure that the curl memdebug override macros do not replace them. */ -#if defined(UNICODE) && defined(WIN32) +#if defined(UNICODE) && defined(_WIN32) #define curlx_convert_UTF8_to_tchar(ptr) curlx_convert_UTF8_to_wchar((ptr)) #define curlx_convert_tchar_to_UTF8(ptr) curlx_convert_wchar_to_UTF8((ptr)) @@ -78,7 +78,7 @@ typedef union { const unsigned char *const_tbyte_ptr; } xcharp_u; -#endif /* UNICODE && WIN32 */ +#endif /* UNICODE && _WIN32 */ #define curlx_unicodefree(ptr) \ do { \ diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c index cc0ed9167..6f6d75c03 100644 --- a/lib/curl_ntlm_core.c +++ b/lib/curl_ntlm_core.c @@ -111,6 +111,7 @@ # include #else # error "Can't compile NTLM support without a crypto library with DES." +# define CURL_NTLM_NOT_SUPPORTED #endif #include "urldata.h" @@ -130,6 +131,7 @@ #define NTLMv2_BLOB_SIGNATURE "\x01\x01\x00\x00" #define NTLMv2_BLOB_LEN (44 -16 + ntlm->target_info_len + 4) +#if !defined(CURL_NTLM_NOT_SUPPORTED) /* * Turns a 56-bit key into being 64-bit wide. */ @@ -144,6 +146,7 @@ static void extend_key_56_to_64(const unsigned char *key_56, char *key) key[6] = (unsigned char)(((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6)); key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF); } +#endif #if defined(USE_OPENSSL_DES) || defined(USE_WOLFSSL) /* @@ -337,6 +340,10 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys, encrypt_des(plaintext, results, keys); encrypt_des(plaintext, results + 8, keys + 7); encrypt_des(plaintext, results + 16, keys + 14); +#else + (void)keys; + (void)plaintext; + (void)results; #endif } @@ -347,9 +354,11 @@ CURLcode Curl_ntlm_core_mk_lm_hash(const char *password, unsigned char *lmbuffer /* 21 bytes */) { unsigned char pw[14]; +#if !defined(CURL_NTLM_NOT_SUPPORTED) static const unsigned char magic[] = { 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 /* i.e. KGS!@#$% */ }; +#endif size_t len = CURLMIN(strlen(password), 14); Curl_strntoupper((char *)pw, password, len); diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c index aa7bea75e..0c7892ab7 100644 --- a/lib/curl_ntlm_wb.c +++ b/lib/curl_ntlm_wb.c @@ -68,7 +68,9 @@ /* Portable 'sclose_nolog' used only in child process instead of 'sclose' to avoid fooling the socket leak detector */ -#if defined(HAVE_CLOSESOCKET) +#ifdef HAVE_PIPE +# define sclose_nolog(x) close((x)) +#elif defined(HAVE_CLOSESOCKET) # define sclose_nolog(x) closesocket((x)) #elif defined(HAVE_CLOSESOCKET_CAMEL) # define sclose_nolog(x) CloseSocket((x)) @@ -189,7 +191,7 @@ static CURLcode ntlm_wb_init(struct Curl_easy *data, struct ntlmdata *ntlm, goto done; } - if(Curl_socketpair(AF_UNIX, SOCK_STREAM, 0, sockfds)) { + if(wakeup_create(sockfds)) { failf(data, "Could not open socket pair. errno %d: %s", errno, Curl_strerror(errno, buffer, sizeof(buffer))); goto done; @@ -197,8 +199,8 @@ static CURLcode ntlm_wb_init(struct Curl_easy *data, struct ntlmdata *ntlm, child_pid = fork(); if(child_pid == -1) { - sclose(sockfds[0]); - sclose(sockfds[1]); + wakeup_close(sockfds[0]); + wakeup_close(sockfds[1]); failf(data, "Could not fork. errno %d: %s", errno, Curl_strerror(errno, buffer, sizeof(buffer))); goto done; @@ -264,11 +266,11 @@ static CURLcode ntlm_wb_response(struct Curl_easy *data, struct ntlmdata *ntlm, size_t len_in = strlen(input), len_out = 0; struct dynbuf b; char *ptr = NULL; - unsigned char *buf = (unsigned char *)data->state.buffer; + usigned char buf[1024] Curl_dyn_init(&b, MAX_NTLM_WB_RESPONSE); while(len_in > 0) { - ssize_t written = swrite(ntlm->ntlm_auth_hlpr_socket, input, len_in); + ssize_t written = wakeup_write(ntlm->ntlm_auth_hlpr_socket, input, len_in); if(written == -1) { /* Interrupted by a signal, retry it */ if(errno == EINTR) @@ -282,7 +284,7 @@ static CURLcode ntlm_wb_response(struct Curl_easy *data, struct ntlmdata *ntlm, /* Read one line */ while(1) { ssize_t size = - sread(ntlm->ntlm_auth_hlpr_socket, buf, data->set.buffer_size); + wakeup_read(ntlm->ntlm_auth_hlpr_socket, buf, sizeof(buf)); if(size == -1) { if(errno == EINTR) continue; @@ -479,7 +481,7 @@ CURLcode Curl_output_ntlm_wb(struct Curl_easy *data, struct connectdata *conn, /* connection is already authenticated, * don't send a header in future requests */ *state = NTLMSTATE_LAST; - /* FALLTHROUGH */ + FALLTHROUGH(); case NTLMSTATE_LAST: Curl_safefree(*allocuserpwd); authp->done = TRUE; diff --git a/lib/curl_path.h b/lib/curl_path.h index 9ed09dea8..cbe51c221 100644 --- a/lib/curl_path.h +++ b/lib/curl_path.h @@ -28,7 +28,7 @@ #include #include "urldata.h" -#ifdef WIN32 +#ifdef _WIN32 # undef PATH_MAX # define PATH_MAX MAX_PATH # ifndef R_OK diff --git a/lib/curl_printf.h b/lib/curl_printf.h index 46ef344f7..c2457d2a6 100644 --- a/lib/curl_printf.h +++ b/lib/curl_printf.h @@ -31,6 +31,10 @@ #include +#define MERR_OK 0 +#define MERR_MEM 1 +#define MERR_TOO_LARGE 2 + # undef printf # undef fprintf # undef msnprintf diff --git a/lib/curl_rtmp.c b/lib/curl_rtmp.c index 406fb42ac..147b12a3f 100644 --- a/lib/curl_rtmp.c +++ b/lib/curl_rtmp.c @@ -39,7 +39,7 @@ /* The last #include file should be: */ #include "memdebug.h" -#if defined(WIN32) && !defined(USE_LWIPSOCK) +#if defined(_WIN32) && !defined(USE_LWIPSOCK) #define setsockopt(a,b,c,d,e) (setsockopt)(a,b,c,(const char *)d,(int)e) #define SET_RCVTIMEO(tv,s) int tv = s*1000 #elif defined(LWIP_SO_SNDRCVTIMEO_NONSTANDARD) @@ -79,7 +79,7 @@ const struct Curl_handler Curl_handler_rtmp = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ rtmp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_RTMP, /* defport */ @@ -102,7 +102,7 @@ const struct Curl_handler Curl_handler_rtmpt = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ rtmp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_RTMPT, /* defport */ @@ -125,7 +125,7 @@ const struct Curl_handler Curl_handler_rtmpe = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ rtmp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_RTMP, /* defport */ @@ -148,7 +148,7 @@ const struct Curl_handler Curl_handler_rtmpte = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ rtmp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_RTMPT, /* defport */ @@ -171,7 +171,7 @@ const struct Curl_handler Curl_handler_rtmps = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ rtmp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_RTMPS, /* defport */ @@ -194,7 +194,7 @@ const struct Curl_handler Curl_handler_rtmpts = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ rtmp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_RTMPS, /* defport */ diff --git a/lib/curl_sasl.c b/lib/curl_sasl.c index 91ddf1062..66639cbac 100644 --- a/lib/curl_sasl.c +++ b/lib/curl_sasl.c @@ -205,18 +205,23 @@ void Curl_sasl_init(struct SASL *sasl, struct Curl_easy *data, sasl->force_ir = FALSE; /* Respect external option */ if(auth != CURLAUTH_BASIC) { - sasl->resetprefs = FALSE; - sasl->prefmech = SASL_AUTH_NONE; + unsigned short mechs = SASL_AUTH_NONE; + + /* If some usable http authentication options have been set, determine + new defaults from them. */ if(auth & CURLAUTH_BASIC) - sasl->prefmech |= SASL_MECH_PLAIN | SASL_MECH_LOGIN; + mechs |= SASL_MECH_PLAIN | SASL_MECH_LOGIN; if(auth & CURLAUTH_DIGEST) - sasl->prefmech |= SASL_MECH_DIGEST_MD5; + mechs |= SASL_MECH_DIGEST_MD5; if(auth & CURLAUTH_NTLM) - sasl->prefmech |= SASL_MECH_NTLM; + mechs |= SASL_MECH_NTLM; if(auth & CURLAUTH_BEARER) - sasl->prefmech |= SASL_MECH_OAUTHBEARER | SASL_MECH_XOAUTH2; + mechs |= SASL_MECH_OAUTHBEARER | SASL_MECH_XOAUTH2; if(auth & CURLAUTH_GSSAPI) - sasl->prefmech |= SASL_MECH_GSSAPI; + mechs |= SASL_MECH_GSSAPI; + + if(mechs != SASL_AUTH_NONE) + sasl->prefmech = mechs; } } @@ -262,6 +267,8 @@ static void sasl_state(struct SASL *sasl, struct Curl_easy *data, sasl->state = newstate; } +#if defined(USE_NTLM) || defined(USE_GSASL) || defined(USE_KERBEROS5) || \ + !defined(CURL_DISABLE_DIGEST_AUTH) /* Get the SASL server message and convert it to binary. */ static CURLcode get_server_message(struct SASL *sasl, struct Curl_easy *data, struct bufref *out) @@ -284,6 +291,7 @@ static CURLcode get_server_message(struct SASL *sasl, struct Curl_easy *data, } return result; } +#endif /* Encode the outgoing SASL message. */ static CURLcode build_message(struct SASL *sasl, struct bufref *msg) diff --git a/lib/curl_setup.h b/lib/curl_setup.h index ba14972e2..703e903fa 100644 --- a/lib/curl_setup.h +++ b/lib/curl_setup.h @@ -28,6 +28,18 @@ #define CURL_NO_OLDIES #endif +/* FIXME: Delete this once the warnings have been fixed. */ +#if !defined(CURL_WARN_SIGN_CONVERSION) +#ifdef __GNUC__ +#pragma GCC diagnostic ignored "-Wsign-conversion" +#endif +#endif + +/* Set default _WIN32_WINNT */ +#ifdef __MINGW32__ +#include <_mingw.h> +#endif + /* * Disable Visual Studio warnings: * 4127 "conditional expression is constant" @@ -36,15 +48,7 @@ #pragma warning(disable:4127) #endif -/* - * Define WIN32 when build target is Win32 API - */ - -#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32) -#define WIN32 -#endif - -#ifdef WIN32 +#ifdef _WIN32 /* * Don't include unneeded stuff in Windows headers to avoid compiler * warnings and macro clashes. @@ -82,7 +86,7 @@ #ifdef _WIN32_WCE # include "config-win32ce.h" #else -# ifdef WIN32 +# ifdef _WIN32 # include "config-win32.h" # endif #endif @@ -214,6 +218,23 @@ # define CURL_DISABLE_RTSP #endif +/* + * When HTTP is disabled, disable HTTP-only features + */ + +#if defined(CURL_DISABLE_HTTP) +# define CURL_DISABLE_ALTSVC 1 +# define CURL_DISABLE_COOKIES 1 +# define CURL_DISABLE_BASIC_AUTH 1 +# define CURL_DISABLE_BEARER_AUTH 1 +# define CURL_DISABLE_AWS 1 +# define CURL_DISABLE_DOH 1 +# define CURL_DISABLE_FORM_API 1 +# define CURL_DISABLE_HEADERS_API 1 +# define CURL_DISABLE_HSTS 1 +# define CURL_DISABLE_HTTP_AUTH 1 +#endif + /* ================================================================ */ /* No system header file shall be included in this file before this */ /* point. */ @@ -239,12 +260,39 @@ * Windows setup file includes some system headers. */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # include "setup-win32.h" #endif #include +/* curl uses its own printf() function internally. It understands the GNU + * format. Use this format, so that is matches the GNU format attribute we + * use with the mingw compiler, allowing it to verify them at compile-time. + */ +#ifdef __MINGW32__ +# undef CURL_FORMAT_CURL_OFF_T +# undef CURL_FORMAT_CURL_OFF_TU +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +#endif + +/* based on logic in "curl/mprintf.h" */ + +#if (defined(__GNUC__) || defined(__clang__)) && \ + defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ + !defined(CURL_NO_FMT_CHECKS) +#if defined(__MINGW32__) && !defined(__clang__) +#define CURL_PRINTF(fmt, arg) \ + __attribute__((format(gnu_printf, fmt, arg))) +#else +#define CURL_PRINTF(fmt, arg) \ + __attribute__((format(__printf__, fmt, arg))) +#endif +#else +#define CURL_PRINTF(fmt, arg) +#endif + /* * Use getaddrinfo to resolve the IPv4 address literal. If the current network * interface doesn't support IPv4, but supports IPv6, NAT64, and DNS64, @@ -331,23 +379,6 @@ #include #endif -#ifdef __POCC__ -# include -# include -# define sys_nerr EILSEQ -#endif - -/* - * Salford-C kludge section (mostly borrowed from wxWidgets). - */ -#ifdef __SALFORDC__ - #pragma suppress 353 /* Possible nested comments */ - #pragma suppress 593 /* Define not used */ - #pragma suppress 61 /* enum has no name */ - #pragma suppress 106 /* unnamed, unused parameter */ - #include -#endif - /* * Large file (>2Gb) support using WIN32 functions. */ @@ -411,6 +442,24 @@ #define SIZEOF_TIME_T 4 #endif +#ifndef SIZEOF_CURL_SOCKET_T +/* configure and cmake check and set the define */ +# ifdef _WIN64 +# define SIZEOF_CURL_SOCKET_T 8 +# else +/* default guess */ +# define SIZEOF_CURL_SOCKET_T 4 +# endif +#endif + +#if SIZEOF_CURL_SOCKET_T < 8 +# define CURL_FORMAT_SOCKET_T "d" +#elif defined(__MINGW32__) +# define CURL_FORMAT_SOCKET_T "zd" +#else +# define CURL_FORMAT_SOCKET_T "qd" +#endif + /* * Default sizeof(off_t) in case it hasn't been defined in config file. */ @@ -500,11 +549,11 @@ 5. set dir/file naming defines */ -#ifdef WIN32 +#ifdef _WIN32 # define DIR_CHAR "\\" -#else /* WIN32 */ +#else /* _WIN32 */ # ifdef MSDOS /* Watt-32 */ @@ -529,48 +578,19 @@ # define DIR_CHAR "/" -# ifndef fileno /* sunos 4 have this as a macro! */ - int fileno(FILE *stream); -# endif - -#endif /* WIN32 */ - -/* - * msvc 6.0 requires PSDK in order to have INET6_ADDRSTRLEN - * defined in ws2tcpip.h as well as to provide IPv6 support. - * Does not apply if lwIP is used. - */ - -#if defined(_MSC_VER) && !defined(__POCC__) && !defined(USE_LWIPSOCK) -# if !defined(HAVE_WS2TCPIP_H) || \ - ((_MSC_VER < 1300) && !defined(INET6_ADDRSTRLEN)) -# undef HAVE_GETADDRINFO_THREADSAFE -# undef HAVE_FREEADDRINFO -# undef HAVE_GETADDRINFO -# undef ENABLE_IPV6 -# endif -#endif +#endif /* _WIN32 */ /* ---------------------------------------------------------------- */ /* resolver specialty compile-time defines */ /* CURLRES_* defines to use in the host*.c sources */ /* ---------------------------------------------------------------- */ -/* - * lcc-win32 doesn't have _beginthreadex(), lacks threads support. - */ - -#if defined(__LCC__) && defined(WIN32) -# undef USE_THREADS_POSIX -# undef USE_THREADS_WIN32 -#endif - /* * MSVC threads support requires a multi-threaded runtime library. * _beginthreadex() is not available in single-threaded ones. */ -#if defined(_MSC_VER) && !defined(__POCC__) && !defined(_MT) +#if defined(_MSC_VER) && !defined(_MT) # undef USE_THREADS_POSIX # undef USE_THREADS_WIN32 #endif @@ -581,6 +601,9 @@ #if defined(ENABLE_IPV6) && defined(HAVE_GETADDRINFO) # define CURLRES_IPV6 +#elif defined(ENABLE_IPV6) && (defined(_WIN32) || defined(__CYGWIN__)) +/* assume on Windows that IPv6 without getaddrinfo is a broken build */ +# error "Unexpected build: IPv6 is enabled but getaddrinfo was not found." #else # define CURLRES_IPV4 #endif @@ -600,35 +623,6 @@ /* ---------------------------------------------------------------- */ -/* - * msvc 6.0 does not have struct sockaddr_storage and - * does not define IPPROTO_ESP in winsock2.h. But both - * are available if PSDK is properly installed. - */ - -#if defined(_MSC_VER) && !defined(__POCC__) -# if !defined(HAVE_WINSOCK2_H) || ((_MSC_VER < 1300) && !defined(IPPROTO_ESP)) -# undef HAVE_STRUCT_SOCKADDR_STORAGE -# endif -#endif - -/* - * Intentionally fail to build when using msvc 6.0 without PSDK installed. - * The brave of heart can circumvent this, defining ALLOW_MSVC6_WITHOUT_PSDK - * in lib/config-win32.h although absolutely discouraged and unsupported. - */ - -#if defined(_MSC_VER) && !defined(__POCC__) -# if !defined(HAVE_WINDOWS_H) || ((_MSC_VER < 1300) && !defined(_FILETIME_)) -# if !defined(ALLOW_MSVC6_WITHOUT_PSDK) -# error MSVC 6.0 requires "February 2003 Platform SDK" a.k.a. \ - "Windows Server 2003 PSDK" -# else -# define CURL_DISABLE_LDAP 1 -# endif -# endif -#endif - #if defined(HAVE_LIBIDN2) && defined(HAVE_IDN2_H) && !defined(USE_WIN32_IDN) /* The lib and header are present */ #define USE_LIBIDN2 @@ -694,6 +688,29 @@ # define WARN_UNUSED_RESULT #endif +/* noreturn attribute */ + +#if !defined(CURL_NORETURN) +#if (defined(__GNUC__) && (__GNUC__ >= 3)) || defined(__clang__) +# define CURL_NORETURN __attribute__((__noreturn__)) +#elif defined(_MSC_VER) && (_MSC_VER >= 1200) +# define CURL_NORETURN __declspec(noreturn) +#else +# define CURL_NORETURN +#endif +#endif + +/* fallthrough attribute */ + +#if !defined(FALLTHROUGH) +#if (defined(__GNUC__) && __GNUC__ >= 7) || \ + (defined(__clang__) && __clang_major__ >= 10) +# define FALLTHROUGH() __attribute__((fallthrough)) +#else +# define FALLTHROUGH() do {} while (0) +#endif +#endif + /* * Include macros and defines that should only be processed once. */ @@ -715,10 +732,7 @@ */ #if defined(__LWIP_OPT_H__) || defined(LWIP_HDR_OPT_H) -# if defined(SOCKET) || \ - defined(USE_WINSOCK) || \ - defined(HAVE_WINSOCK2_H) || \ - defined(HAVE_WS2TCPIP_H) +# if defined(SOCKET) || defined(USE_WINSOCK) # error "WinSock and lwIP TCP/IP stack definitions shall not coexist!" # endif #endif @@ -752,7 +766,7 @@ /* In Windows the default file mode is text but an application can override it. Therefore we specify it explicitly. https://github.com/curl/curl/pull/258 */ -#if defined(WIN32) || defined(MSDOS) +#if defined(_WIN32) || defined(MSDOS) #define FOPEN_READTEXT "rt" #define FOPEN_WRITETEXT "wt" #define FOPEN_APPENDTEXT "at" @@ -807,12 +821,19 @@ int getpwuid_r(uid_t uid, struct passwd *pwd, char *buf, #define UNITTEST static #endif -#if defined(USE_NGHTTP2) || defined(USE_HYPER) +/* Hyper supports HTTP2 also, but Curl's integration with Hyper does not */ +#if defined(USE_NGHTTP2) #define USE_HTTP2 #endif #if (defined(USE_NGTCP2) && defined(USE_NGHTTP3)) || \ + (defined(USE_OPENSSL_QUIC) && defined(USE_NGHTTP3)) || \ defined(USE_QUICHE) || defined(USE_MSH3) + +#ifdef CURL_WITH_MULTI_SSL +#error "Multi-SSL combined with QUIC is not supported" +#endif + #define ENABLE_QUIC #define USE_HTTP3 #endif @@ -820,11 +841,11 @@ int getpwuid_r(uid_t uid, struct passwd *pwd, char *buf, /* Certain Windows implementations are not aligned with what curl expects, so always use the local one on this platform. E.g. the mingw-w64 implementation can return wrong results for non-ASCII inputs. */ -#if defined(HAVE_BASENAME) && defined(WIN32) +#if defined(HAVE_BASENAME) && defined(_WIN32) #undef HAVE_BASENAME #endif -#if defined(USE_UNIX_SOCKETS) && defined(WIN32) +#if defined(USE_UNIX_SOCKETS) && defined(_WIN32) # if !defined(UNIX_PATH_MAX) /* Replicating logic present in afunix.h (distributed with newer Windows 10 SDK versions only) */ diff --git a/lib/curl_setup_once.h b/lib/curl_setup_once.h index c1ed05907..bf0ee663d 100644 --- a/lib/curl_setup_once.h +++ b/lib/curl_setup_once.h @@ -56,7 +56,7 @@ #include #endif -#ifdef WIN32 +#ifdef _WIN32 #include #include #endif @@ -70,11 +70,7 @@ #endif #ifdef USE_WOLFSSL -# if defined(HAVE_STDINT_H) -# include -# elif defined(HAVE_INTTYPES_H) -# include -# endif +#include #endif #ifdef USE_SCHANNEL diff --git a/lib/curl_sspi.h b/lib/curl_sspi.h index 5af7c2483..b26c39156 100644 --- a/lib/curl_sspi.h +++ b/lib/curl_sspi.h @@ -88,6 +88,22 @@ extern PSecurityFunctionTable s_pSecFn; # define CRYPT_E_REVOKED ((HRESULT)0x80092010L) #endif +#ifndef CRYPT_E_NO_REVOCATION_DLL +# define CRYPT_E_NO_REVOCATION_DLL ((HRESULT)0x80092011L) +#endif + +#ifndef CRYPT_E_NO_REVOCATION_CHECK +# define CRYPT_E_NO_REVOCATION_CHECK ((HRESULT)0x80092012L) +#endif + +#ifndef CRYPT_E_REVOCATION_OFFLINE +# define CRYPT_E_REVOCATION_OFFLINE ((HRESULT)0x80092013L) +#endif + +#ifndef CRYPT_E_NOT_IN_REVOCATION_DATABASE +# define CRYPT_E_NOT_IN_REVOCATION_DATABASE ((HRESULT)0x80092014L) +#endif + #ifdef UNICODE # define SECFLAG_WINNT_AUTH_IDENTITY \ (unsigned long)SEC_WINNT_AUTH_IDENTITY_UNICODE diff --git a/lib/curl_trc.c b/lib/curl_trc.c index e53b30573..b8dccc419 100644 --- a/lib/curl_trc.c +++ b/lib/curl_trc.c @@ -61,10 +61,6 @@ void Curl_debug(struct Curl_easy *data, curl_infotype type, "* ", "< ", "> ", "{ ", "} ", "{ ", "} " }; if(data->set.fdebug) { bool inCallback = Curl_is_in_callback(data); - /* CURLOPT_DEBUGFUNCTION doc says the user may set CURLOPT_PRIVATE to - distinguish their handle from internal handles. */ - if(data->internal) - DEBUGASSERT(!data->set.private_data); Curl_set_in_callback(data, true); (void)(*data->set.fdebug)(data, type, ptr, size, data->set.debugdata); Curl_set_in_callback(data, inCallback); @@ -109,6 +105,8 @@ void Curl_failf(struct Curl_easy *data, const char *fmt, ...) } } +#if !defined(CURL_DISABLE_VERBOSE_STRINGS) + /* Curl_infof() is for info message along the way */ #define MAXINFO 2048 @@ -128,13 +126,11 @@ void Curl_infof(struct Curl_easy *data, const char *fmt, ...) } } -#if !defined(CURL_DISABLE_VERBOSE_STRINGS) - void Curl_trc_cf_infof(struct Curl_easy *data, struct Curl_cfilter *cf, const char *fmt, ...) { DEBUGASSERT(cf); - if(data && Curl_trc_cf_is_verbose(cf, data)) { + if(Curl_trc_cf_is_verbose(cf, data)) { va_list ap; int len; char buffer[MAXINFO + 2]; @@ -161,8 +157,10 @@ static struct Curl_cftype *cf_types[] = { #endif #ifdef USE_SSL &Curl_cft_ssl, +#ifndef CURL_DISABLE_PROXY &Curl_cft_ssl_proxy, #endif +#endif #if !defined(CURL_DISABLE_PROXY) #if !defined(CURL_DISABLE_HTTP) &Curl_cft_h1_proxy, @@ -232,24 +230,14 @@ CURLcode Curl_trc_init(void) if(config) { return Curl_trc_opt(config); } -#endif +#endif /* DEBUGBUILD */ return CURLE_OK; } -#else /* !CURL_DISABLE_VERBOSE_STRINGS) */ +#else /* defined(CURL_DISABLE_VERBOSE_STRINGS) */ CURLcode Curl_trc_init(void) { return CURLE_OK; } -#if !defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) -void Curl_trc_cf_infof(struct Curl_easy *data, struct Curl_cfilter *cf, - const char *fmt, ...) -{ - (void)data; - (void)cf; - (void)fmt; -} -#endif - -#endif /* !DEBUGBUILD */ +#endif /* !defined(CURL_DISABLE_VERBOSE_STRINGS) */ diff --git a/lib/curl_trc.h b/lib/curl_trc.h index 84b5471d8..3a5387a27 100644 --- a/lib/curl_trc.h +++ b/lib/curl_trc.h @@ -54,67 +54,23 @@ CURLcode Curl_trc_opt(const char *config); void Curl_debug(struct Curl_easy *data, curl_infotype type, char *ptr, size_t size); -/** - * Output an informational message when transfer's verbose logging is enabled. - */ -void Curl_infof(struct Curl_easy *data, -#if defined(__GNUC__) && !defined(printf) && \ - defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - !defined(__MINGW32__) - const char *fmt, ...) - __attribute__((format(printf, 2, 3))); -#else - const char *fmt, ...); -#endif - /** * Output a failure message on registered callbacks for transfer. */ void Curl_failf(struct Curl_easy *data, -#if defined(__GNUC__) && !defined(printf) && \ - defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - !defined(__MINGW32__) - const char *fmt, ...) - __attribute__((format(printf, 2, 3))); -#else - const char *fmt, ...); -#endif + const char *fmt, ...) CURL_PRINTF(2, 3); #define failf Curl_failf -/** - * Output an informational message when both transfer's verbose logging - * and connection filters verbose logging are enabled. - */ -void Curl_trc_cf_infof(struct Curl_easy *data, struct Curl_cfilter *cf, -#if defined(__GNUC__) && !defined(printf) && \ - defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ - !defined(__MINGW32__) - const char *fmt, ...) - __attribute__((format(printf, 3, 4))); -#else - const char *fmt, ...); -#endif - #define CURL_LOG_LVL_NONE 0 #define CURL_LOG_LVL_INFO 1 -#if !defined(CURL_DISABLE_VERBOSE_STRINGS) -/* informational messages enabled */ - -#define Curl_trc_is_verbose(data) ((data) && (data)->set.verbose) -#define Curl_trc_cf_is_verbose(cf, data) \ - ((data) && (data)->set.verbose && \ - (cf) && (cf)->cft->log_level >= CURL_LOG_LVL_INFO) - -/* explainer: we have some mix configuration and werror settings - * that define HAVE_VARIADIC_MACROS_C99 even though C89 is enforced - * on gnuc and some other compiler. Need to treat carefully. - */ -#if defined(HAVE_VARIADIC_MACROS_C99) && \ - defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L +#define CURL_HAVE_C99 +#endif +#ifdef CURL_HAVE_C99 #define infof(data, ...) \ do { if(Curl_trc_is_verbose(data)) \ Curl_infof(data, __VA_ARGS__); } while(0) @@ -122,29 +78,50 @@ void Curl_trc_cf_infof(struct Curl_easy *data, struct Curl_cfilter *cf, do { if(Curl_trc_cf_is_verbose(cf, data)) \ Curl_trc_cf_infof(data, cf, __VA_ARGS__); } while(0) -#else /* no variadic macro args */ +#else #define infof Curl_infof #define CURL_TRC_CF Curl_trc_cf_infof -#endif /* variadic macro args */ +#endif + +#ifndef CURL_DISABLE_VERBOSE_STRINGS +/* informational messages enabled */ + +#define Curl_trc_is_verbose(data) ((data) && (data)->set.verbose) +#define Curl_trc_cf_is_verbose(cf, data) \ + ((data) && (data)->set.verbose && \ + (cf) && (cf)->cft->log_level >= CURL_LOG_LVL_INFO) + +/** + * Output an informational message when transfer's verbose logging is enabled. + */ +void Curl_infof(struct Curl_easy *data, + const char *fmt, ...) CURL_PRINTF(2, 3); + +/** + * Output an informational message when both transfer's verbose logging + * and connection filters verbose logging are enabled. + */ +void Curl_trc_cf_infof(struct Curl_easy *data, struct Curl_cfilter *cf, + const char *fmt, ...) CURL_PRINTF(3, 4); -#else /* !CURL_DISABLE_VERBOSE_STRINGS */ +#else /* defined(CURL_DISABLE_VERBOSE_STRINGS) */ /* All informational messages are not compiled in for size savings */ #define Curl_trc_is_verbose(d) ((void)(d), FALSE) #define Curl_trc_cf_is_verbose(x,y) ((void)(x), (void)(y), FALSE) -#if defined(HAVE_VARIADIC_MACROS_C99) -#define infof(...) Curl_nop_stmt -#define CURL_TRC_CF(...) Curl_nop_stmt -#define Curl_trc_cf_infof(...) Curl_nop_stmt -#elif defined(HAVE_VARIADIC_MACROS_GCC) -#define infof(x...) Curl_nop_stmt -#define CURL_TRC_CF(x...) Curl_nop_stmt -#define Curl_trc_cf_infof(x...) Curl_nop_stmt -#else -#error "missing VARIADIC macro define, fix and rebuild!" -#endif +static void Curl_infof(struct Curl_easy *data, const char *fmt, ...) +{ + (void)data; (void)fmt; +} + +static void Curl_trc_cf_infof(struct Curl_easy *data, + struct Curl_cfilter *cf, + const char *fmt, ...) +{ + (void)data; (void)cf; (void)fmt; +} -#endif /* CURL_DISABLE_VERBOSE_STRINGS */ +#endif /* !defined(CURL_DISABLE_VERBOSE_STRINGS) */ #endif /* HEADER_CURL_TRC_H */ diff --git a/lib/dict.c b/lib/dict.c index 3172b3829..323984822 100644 --- a/lib/dict.c +++ b/lib/dict.c @@ -89,7 +89,7 @@ const struct Curl_handler Curl_handler_dict = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ ZERO_NULL, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_DICT, /* defport */ @@ -122,6 +122,9 @@ static char *unescape_word(const char *input) } /* sendf() sends formatted data to the server */ +static CURLcode sendf(curl_socket_t sockfd, struct Curl_easy *data, + const char *fmt, ...) CURL_PRINTF(3, 4); + static CURLcode sendf(curl_socket_t sockfd, struct Curl_easy *data, const char *fmt, ...) { diff --git a/lib/doh.c b/lib/doh.c index bb0c89ec6..ef32d507d 100644 --- a/lib/doh.c +++ b/lib/doh.c @@ -218,7 +218,6 @@ static CURLcode dohprobe(struct Curl_easy *data, struct curl_slist *headers) { struct Curl_easy *doh = NULL; - char *nurl = NULL; CURLcode result = CURLE_OK; timediff_t timeout_ms; DOHcode d = doh_encode(host, dnstype, p->dohbuffer, sizeof(p->dohbuffer), @@ -242,7 +241,7 @@ static CURLcode dohprobe(struct Curl_easy *data, /* pass in the struct pointer via a local variable to please coverity and the gcc typecheck helpers */ struct dynbuf *resp = &p->serverdoh; - doh->internal = true; + doh->state.internal = true; ERROR_CHECK_SETOPT(CURLOPT_URL, url); ERROR_CHECK_SETOPT(CURLOPT_DEFAULT_PROTOCOL, "https"); ERROR_CHECK_SETOPT(CURLOPT_WRITEFUNCTION, doh_write_cb); @@ -252,6 +251,7 @@ static CURLcode dohprobe(struct Curl_easy *data, ERROR_CHECK_SETOPT(CURLOPT_HTTPHEADER, headers); #ifdef USE_HTTP2 ERROR_CHECK_SETOPT(CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2TLS); + ERROR_CHECK_SETOPT(CURLOPT_PIPEWAIT, 1L); #endif #ifndef CURLDEBUG /* enforce HTTPS if not debug */ @@ -339,9 +339,10 @@ static CURLcode dohprobe(struct Curl_easy *data, doh->set.dohfor = data; /* identify for which transfer this is done */ p->easy = doh; - /* DoH private_data must be null because the user must have a way to - distinguish their transfer's handle from DoH handles in user - callbacks (ie SSL CTX callback). */ + /* DoH handles must not inherit private_data. The handles may be passed to + the user via callbacks and the user will be able to identify them as + internal handles because private data is not set. The user can then set + private_data via CURLOPT_PRIVATE if they so choose. */ DEBUGASSERT(!doh->set.private_data); if(curl_multi_add_handle(multi, doh)) @@ -349,11 +350,9 @@ static CURLcode dohprobe(struct Curl_easy *data, } else goto error; - free(nurl); return CURLE_OK; error: - free(nurl); Curl_close(&doh); return result; } @@ -372,7 +371,7 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data, int slot; struct dohdata *dohp; struct connectdata *conn = data->conn; - *waitp = TRUE; /* this never returns synchronously */ + *waitp = FALSE; (void)hostname; (void)port; @@ -380,7 +379,7 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data, DEBUGASSERT(conn); /* start clean, consider allocating this struct on demand */ - dohp = data->req.doh = calloc(sizeof(struct dohdata), 1); + dohp = data->req.doh = calloc(1, sizeof(struct dohdata)); if(!dohp) return NULL; @@ -412,12 +411,14 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data, dohp->pending++; } #endif + *waitp = TRUE; /* this never returns synchronously */ return NULL; error: curl_slist_free_all(dohp->headers); data->req.doh->headers = NULL; for(slot = 0; slot < DOH_PROBE_SLOTS; slot++) { + (void)curl_multi_remove_handle(data->multi, dohp->probe[slot].easy); Curl_close(&dohp->probe[slot].easy); } Curl_safefree(data->req.doh); @@ -443,7 +444,7 @@ static DOHcode skipqname(const unsigned char *doh, size_t dohlen, return DOH_DNS_BAD_LABEL; if(dohlen < (*indexp + 1 + length)) return DOH_DNS_OUT_OF_RANGE; - *indexp += 1 + length; + *indexp += (unsigned int)(1 + length); } while(length); return DOH_OK; } @@ -455,14 +456,15 @@ static unsigned short get16bit(const unsigned char *doh, int index) static unsigned int get32bit(const unsigned char *doh, int index) { - /* make clang and gcc optimize this to bswap by incrementing - the pointer first. */ - doh += index; - - /* avoid undefined behavior by casting to unsigned before shifting - 24 bits, possibly into the sign bit. codegen is same, but - ub sanitizer won't be upset */ - return ( (unsigned)doh[0] << 24) | (doh[1] << 16) |(doh[2] << 8) | doh[3]; + /* make clang and gcc optimize this to bswap by incrementing + the pointer first. */ + doh += index; + + /* avoid undefined behavior by casting to unsigned before shifting + 24 bits, possibly into the sign bit. codegen is same, but + ub sanitizer won't be upset */ + return ((unsigned)doh[0] << 24) | ((unsigned)doh[1] << 16) | + ((unsigned)doh[2] << 8) | doh[3]; } static DOHcode store_a(const unsigned char *doh, int index, struct dohentry *d) @@ -787,8 +789,8 @@ static void showdoh(struct Curl_easy *data, * must be an associated call later to Curl_freeaddrinfo(). */ -static struct Curl_addrinfo * -doh2ai(const struct dohentry *de, const char *hostname, int port) +static CURLcode doh2ai(const struct dohentry *de, const char *hostname, + int port, struct Curl_addrinfo **aip) { struct Curl_addrinfo *ai; struct Curl_addrinfo *prevai = NULL; @@ -801,9 +803,10 @@ doh2ai(const struct dohentry *de, const char *hostname, int port) int i; size_t hostlen = strlen(hostname) + 1; /* include null-terminator */ - if(!de) - /* no input == no output! */ - return NULL; + DEBUGASSERT(de); + + if(!de->numaddr) + return CURLE_COULDNT_RESOLVE_HOST; for(i = 0; i < de->numaddr; i++) { size_t ss_size; @@ -876,8 +879,9 @@ doh2ai(const struct dohentry *de, const char *hostname, int port) Curl_freeaddrinfo(firstai); firstai = NULL; } + *aip = firstai; - return firstai; + return result; } #ifndef CURL_DISABLE_VERBOSE_STRINGS @@ -932,10 +936,12 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data, p->dnstype, &de); Curl_dyn_free(&p->serverdoh); +#ifndef CURL_DISABLE_VERBOSE_STRINGS if(rc[slot]) { infof(data, "DoH: %s type %s for %s", doh_strerror(rc[slot]), type2name(p->dnstype), dohp->host); } +#endif } /* next slot */ result = CURLE_COULDNT_RESOLVE_HOST; /* until we know better */ @@ -947,10 +953,10 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data, infof(data, "DoH Host name: %s", dohp->host); showdoh(data, &de); - ai = doh2ai(&de, dohp->host, dohp->port); - if(!ai) { + result = doh2ai(&de, dohp->host, dohp->port, &ai); + if(result) { de_cleanup(&de); - return CURLE_OUT_OF_MEMORY; + return result; } if(data->share) diff --git a/lib/dynbuf.c b/lib/dynbuf.c index 0c9c491ae..a4c599d10 100644 --- a/lib/dynbuf.c +++ b/lib/dynbuf.c @@ -77,10 +77,11 @@ static CURLcode dyn_nappend(struct dynbuf *s, DEBUGASSERT(indx < s->toobig); DEBUGASSERT(!s->leng || s->bufr); DEBUGASSERT(a <= s->toobig); + DEBUGASSERT(!len || mem); if(fit > s->toobig) { Curl_dyn_free(s); - return CURLE_OUT_OF_MEMORY; + return CURLE_TOO_LARGE; } else if(!a) { DEBUGASSERT(!indx); @@ -174,10 +175,12 @@ CURLcode Curl_dyn_addn(struct dynbuf *s, const void *mem, size_t len) */ CURLcode Curl_dyn_add(struct dynbuf *s, const char *str) { - size_t n = strlen(str); + size_t n; + DEBUGASSERT(str); DEBUGASSERT(s); DEBUGASSERT(s->init == DYNINIT); DEBUGASSERT(!s->leng || s->bufr); + n = strlen(str); return dyn_nappend(s, (unsigned char *)str, n); } @@ -191,10 +194,14 @@ CURLcode Curl_dyn_vaddf(struct dynbuf *s, const char *fmt, va_list ap) DEBUGASSERT(s); DEBUGASSERT(s->init == DYNINIT); DEBUGASSERT(!s->leng || s->bufr); + DEBUGASSERT(fmt); rc = Curl_dyn_vprintf(s, fmt, ap); if(!rc) return CURLE_OK; + else if(rc == MERR_TOO_LARGE) + return CURLE_TOO_LARGE; + return CURLE_OUT_OF_MEMORY; #else char *str; str = vaprintf(fmt, ap); /* this allocs a new string to append */ @@ -206,8 +213,8 @@ CURLcode Curl_dyn_vaddf(struct dynbuf *s, const char *fmt, va_list ap) } /* If we failed, we cleanup the whole buffer and return error */ Curl_dyn_free(s); + return CURLE_OK; #endif - return CURLE_OUT_OF_MEMORY; } /* diff --git a/lib/dynbuf.h b/lib/dynbuf.h index 31a913019..7dbaab886 100644 --- a/lib/dynbuf.h +++ b/lib/dynbuf.h @@ -61,9 +61,9 @@ CURLcode Curl_dyn_addn(struct dynbuf *s, const void *mem, size_t len) CURLcode Curl_dyn_add(struct dynbuf *s, const char *str) WARN_UNUSED_RESULT; CURLcode Curl_dyn_addf(struct dynbuf *s, const char *fmt, ...) - WARN_UNUSED_RESULT; + WARN_UNUSED_RESULT CURL_PRINTF(2, 3); CURLcode Curl_dyn_vaddf(struct dynbuf *s, const char *fmt, va_list ap) - WARN_UNUSED_RESULT; + WARN_UNUSED_RESULT CURL_PRINTF(2, 0); void Curl_dyn_reset(struct dynbuf *s); CURLcode Curl_dyn_tail(struct dynbuf *s, size_t trail); CURLcode Curl_dyn_setlen(struct dynbuf *s, size_t set); diff --git a/lib/dynhds.c b/lib/dynhds.c index 979b3e825..d7548959b 100644 --- a/lib/dynhds.c +++ b/lib/dynhds.c @@ -27,6 +27,10 @@ #include "strcase.h" /* The last 3 #include files should be in this order */ +#ifdef USE_NGHTTP2 +#include +#include +#endif /* USE_NGHTTP2 */ #include "curl_printf.h" #include "curl_memory.h" #include "memdebug.h" @@ -365,3 +369,28 @@ CURLcode Curl_dynhds_h1_dprint(struct dynhds *dynhds, struct dynbuf *dbuf) return result; } +#ifdef USE_NGHTTP2 + +nghttp2_nv *Curl_dynhds_to_nva(struct dynhds *dynhds, size_t *pcount) +{ + nghttp2_nv *nva = calloc(1, sizeof(nghttp2_nv) * dynhds->hds_len); + size_t i; + + *pcount = 0; + if(!nva) + return NULL; + + for(i = 0; i < dynhds->hds_len; ++i) { + struct dynhds_entry *e = dynhds->hds[i]; + DEBUGASSERT(e); + nva[i].name = (unsigned char *)e->name; + nva[i].namelen = e->namelen; + nva[i].value = (unsigned char *)e->value; + nva[i].valuelen = e->valuelen; + nva[i].flags = NGHTTP2_NV_FLAG_NONE; + } + *pcount = dynhds->hds_len; + return nva; +} + +#endif /* USE_NGHTTP2 */ diff --git a/lib/dynhds.h b/lib/dynhds.h index 8a053480e..3b536000a 100644 --- a/lib/dynhds.h +++ b/lib/dynhds.h @@ -171,4 +171,13 @@ CURLcode Curl_dynhds_h1_add_line(struct dynhds *dynhds, */ CURLcode Curl_dynhds_h1_dprint(struct dynhds *dynhds, struct dynbuf *dbuf); +#ifdef USE_NGHTTP2 + +#include +#include + +nghttp2_nv *Curl_dynhds_to_nva(struct dynhds *dynhds, size_t *pcount); + +#endif /* USE_NGHTTP2 */ + #endif /* HEADER_CURL_DYNHDS_H */ diff --git a/lib/easy.c b/lib/easy.c index 6b4fb8efe..067b6d7b6 100644 --- a/lib/easy.c +++ b/lib/easy.c @@ -112,7 +112,7 @@ static curl_simple_lock s_lock = CURL_SIMPLE_LOCK_INIT; #define system_strdup strdup #endif -#if defined(_MSC_VER) && defined(_DLL) && !defined(__POCC__) +#if defined(_MSC_VER) && defined(_DLL) # pragma warning(disable:4232) /* MSVC extension, dllimport identity */ #endif @@ -125,11 +125,11 @@ curl_free_callback Curl_cfree = (curl_free_callback)free; curl_realloc_callback Curl_crealloc = (curl_realloc_callback)realloc; curl_strdup_callback Curl_cstrdup = (curl_strdup_callback)system_strdup; curl_calloc_callback Curl_ccalloc = (curl_calloc_callback)calloc; -#if defined(WIN32) && defined(UNICODE) +#if defined(_WIN32) && defined(UNICODE) curl_wcsdup_callback Curl_cwcsdup = Curl_wcsdup; #endif -#if defined(_MSC_VER) && defined(_DLL) && !defined(__POCC__) +#if defined(_MSC_VER) && defined(_DLL) # pragma warning(default:4232) /* MSVC extension, dllimport identity */ #endif @@ -153,7 +153,7 @@ static CURLcode global_init(long flags, bool memoryfuncs) Curl_crealloc = (curl_realloc_callback)realloc; Curl_cstrdup = (curl_strdup_callback)system_strdup; Curl_ccalloc = (curl_calloc_callback)calloc; -#if defined(WIN32) && defined(UNICODE) +#if defined(_WIN32) && defined(UNICODE) Curl_cwcsdup = (curl_wcsdup_callback)_wcsdup; #endif } @@ -188,18 +188,10 @@ static CURLcode global_init(long flags, bool memoryfuncs) goto fail; } -#if defined(USE_SSH) if(Curl_ssh_init()) { + DEBUGF(fprintf(stderr, "Error: Curl_ssh_init failed\n")); goto fail; } -#endif - -#ifdef USE_WOLFSSH - if(WS_SUCCESS != wolfSSH_Init()) { - DEBUGF(fprintf(stderr, "Error: wolfSSH_Init failed\n")); - return CURLE_FAILED_INIT; - } -#endif easy_init_flags = flags; @@ -295,7 +287,7 @@ void curl_global_cleanup(void) Curl_ssl_cleanup(); Curl_resolver_global_cleanup(); -#ifdef WIN32 +#ifdef _WIN32 Curl_win32_cleanup(easy_init_flags); #endif @@ -488,13 +480,15 @@ static int events_socket(struct Curl_easy *easy, /* easy handle */ ev->list = nxt; free(m); m = nxt; - infof(easy, "socket cb: socket %d REMOVED", s); + infof(easy, "socket cb: socket %" CURL_FORMAT_SOCKET_T + " REMOVED", s); } else { /* The socket 's' is already being monitored, update the activity mask. Convert from libcurl bitmask to the poll one. */ m->socket.events = socketcb2poll(what); - infof(easy, "socket cb: socket %d UPDATED as %s%s", s, + infof(easy, "socket cb: socket %" CURL_FORMAT_SOCKET_T + " UPDATED as %s%s", s, (what&CURL_POLL_IN)?"IN":"", (what&CURL_POLL_OUT)?"OUT":""); } @@ -518,7 +512,8 @@ static int events_socket(struct Curl_easy *easy, /* easy handle */ m->socket.events = socketcb2poll(what); m->socket.revents = 0; ev->list = m; - infof(easy, "socket cb: socket %d ADDED as %s%s", s, + infof(easy, "socket cb: socket %" CURL_FORMAT_SOCKET_T + " ADDED as %s%s", s, (what&CURL_POLL_IN)?"IN":"", (what&CURL_POLL_OUT)?"OUT":""); } @@ -607,8 +602,9 @@ static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev) if(fds[i].revents) { /* socket activity, tell libcurl */ int act = poll2cselect(fds[i].revents); /* convert */ - infof(multi->easyp, "call curl_multi_socket_action(socket %d)", - fds[i].fd); + infof(multi->easyp, + "call curl_multi_socket_action(socket " + "%" CURL_FORMAT_SOCKET_T ")", fds[i].fd); mcode = curl_multi_socket_action(multi, fds[i].fd, act, &ev->running_handles); } @@ -692,9 +688,9 @@ static CURLcode easy_transfer(struct Curl_multi *multi) /* Make sure to return some kind of error if there was a multi problem */ if(mcode) { result = (mcode == CURLM_OUT_OF_MEMORY) ? CURLE_OUT_OF_MEMORY : - /* The other multi errors should never happen, so return - something suitably generic */ - CURLE_BAD_FUNCTION_ARGUMENT; + /* The other multi errors should never happen, so return + something suitably generic */ + CURLE_BAD_FUNCTION_ARGUMENT; } return result; @@ -752,7 +748,7 @@ static CURLcode easy_perform(struct Curl_easy *data, bool events) return CURLE_RECURSIVE_API_CALL; /* Copy the MAXCONNECTS option to the multi handle */ - curl_multi_setopt(multi, CURLMOPT_MAXCONNECTS, data->set.maxconnects); + curl_multi_setopt(multi, CURLMOPT_MAXCONNECTS, (long)data->set.maxconnects); mcode = curl_multi_add_handle(multi, data); if(mcode) { @@ -845,8 +841,10 @@ static CURLcode dupset(struct Curl_easy *dst, struct Curl_easy *src) dst->set = src->set; Curl_mime_initpart(&dst->set.mimepost); - /* clear all string pointers first */ + /* clear all dest string and blob pointers first, in case we error out + mid-function */ memset(dst->set.str, 0, STRING_LAST * sizeof(char *)); + memset(dst->set.blobs, 0, BLOB_LAST * sizeof(struct curl_blob *)); /* duplicate all strings */ for(i = (enum dupstring)0; i< STRING_LASTZEROTERMINATED; i++) { @@ -855,8 +853,6 @@ static CURLcode dupset(struct Curl_easy *dst, struct Curl_easy *src) return result; } - /* clear all blob pointers first */ - memset(dst->set.blobs, 0, BLOB_LAST * sizeof(struct curl_blob *)); /* duplicate all blobs */ for(j = (enum dupblob)0; j < BLOB_LAST; j++) { result = Curl_setblobopt(&dst->set.blobs[j], src->set.blobs[j]); @@ -866,10 +862,13 @@ static CURLcode dupset(struct Curl_easy *dst, struct Curl_easy *src) /* duplicate memory areas pointed to */ i = STRING_COPYPOSTFIELDS; - if(src->set.postfieldsize && src->set.str[i]) { - /* postfieldsize is curl_off_t, Curl_memdup() takes a size_t ... */ - dst->set.str[i] = Curl_memdup(src->set.str[i], - curlx_sotouz(src->set.postfieldsize)); + if(src->set.str[i]) { + if(src->set.postfieldsize == -1) + dst->set.str[i] = strdup(src->set.str[i]); + else + /* postfieldsize is curl_off_t, Curl_memdup() takes a size_t ... */ + dst->set.str[i] = Curl_memdup(src->set.str[i], + curlx_sotouz(src->set.postfieldsize)); if(!dst->set.str[i]) return CURLE_OUT_OF_MEMORY; /* point to the new copy */ @@ -919,18 +918,19 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) outcurl->progress.callback = data->progress.callback; #ifndef CURL_DISABLE_COOKIES - if(data->cookies) { + outcurl->state.cookielist = NULL; + if(data->cookies && data->state.cookie_engine) { /* If cookies are enabled in the parent handle, we enable them in the clone as well! */ - outcurl->cookies = Curl_cookie_init(data, NULL, outcurl->cookies, + outcurl->cookies = Curl_cookie_init(outcurl, NULL, outcurl->cookies, data->set.cookiesession); if(!outcurl->cookies) goto fail; } - if(data->set.cookielist) { - outcurl->set.cookielist = Curl_slist_duplicate(data->set.cookielist); - if(!outcurl->set.cookielist) + if(data->state.cookielist) { + outcurl->state.cookielist = Curl_slist_duplicate(data->state.cookielist); + if(!outcurl->state.cookielist) goto fail; } #endif @@ -976,11 +976,14 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data) (void)Curl_hsts_loadcb(outcurl, outcurl->hsts); } #endif + +#ifdef CURLRES_ASYNCH /* Clone the resolver handle, if present, for the new handle */ if(Curl_resolver_duphandle(outcurl, &outcurl->state.async.resolver, data->state.async.resolver)) goto fail; +#endif #ifdef USE_ARES { @@ -1016,13 +1019,10 @@ fail: if(outcurl) { #ifndef CURL_DISABLE_COOKIES - curl_slist_free_all(outcurl->set.cookielist); - outcurl->set.cookielist = NULL; + free(outcurl->cookies); #endif - Curl_safefree(outcurl->state.buffer); + free(outcurl->state.buffer); Curl_dyn_free(&outcurl->state.headerb); - Curl_safefree(outcurl->state.url); - Curl_safefree(outcurl->state.referer); Curl_altsvc_cleanup(&outcurl->asi); Curl_hsts_cleanup(&outcurl->hsts); Curl_freeset(outcurl); @@ -1145,7 +1145,7 @@ CURLcode curl_easy_pause(struct Curl_easy *data, int action) if(!data->state.tempcount) /* if not pausing again, force a recv/send check of this connection as the data might've been read off the socket already */ - data->conn->cselect_bits = CURL_CSELECT_IN | CURL_CSELECT_OUT; + data->state.select_bits = CURL_CSELECT_IN | CURL_CSELECT_OUT; if(data->multi) { if(Curl_update_timer(data->multi)) return CURLE_ABORTED_BY_CALLBACK; diff --git a/lib/easy_lock.h b/lib/easy_lock.h index d3fffd0d2..4f6764d42 100644 --- a/lib/easy_lock.h +++ b/lib/easy_lock.h @@ -93,6 +93,15 @@ static inline void curl_simple_lock_unlock(curl_simple_lock *lock) atomic_store_explicit(lock, false, memory_order_release); } +#elif defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) + +#include + +#define curl_simple_lock pthread_mutex_t +#define CURL_SIMPLE_LOCK_INIT PTHREAD_MUTEX_INITIALIZER +#define curl_simple_lock_lock(m) pthread_mutex_lock(m) +#define curl_simple_lock_unlock(m) pthread_mutex_unlock(m) + #else #undef GLOBAL_INIT_IS_THREADSAFE diff --git a/lib/easyoptions.c b/lib/easyoptions.c index e69c658b0..da4c6111a 100644 --- a/lib/easyoptions.c +++ b/lib/easyoptions.c @@ -274,6 +274,8 @@ struct curl_easyoption Curl_easyopts[] = { {"SEEKFUNCTION", CURLOPT_SEEKFUNCTION, CURLOT_FUNCTION, 0}, {"SERVER_RESPONSE_TIMEOUT", CURLOPT_SERVER_RESPONSE_TIMEOUT, CURLOT_LONG, 0}, + {"SERVER_RESPONSE_TIMEOUT_MS", CURLOPT_SERVER_RESPONSE_TIMEOUT_MS, + CURLOT_LONG, 0}, {"SERVICE_NAME", CURLOPT_SERVICE_NAME, CURLOT_STRING, 0}, {"SHARE", CURLOPT_SHARE, CURLOT_OBJECT, 0}, {"SOCKOPTDATA", CURLOPT_SOCKOPTDATA, CURLOT_CBPTR, 0}, @@ -373,6 +375,6 @@ struct curl_easyoption Curl_easyopts[] = { */ int Curl_easyopts_check(void) { - return ((CURLOPT_LASTENTRY%10000) != (323 + 1)); + return ((CURLOPT_LASTENTRY%10000) != (324 + 1)); } #endif diff --git a/lib/file.c b/lib/file.c index ffa9fb76d..b7ce3a8ed 100644 --- a/lib/file.c +++ b/lib/file.c @@ -69,7 +69,7 @@ #include "curl_memory.h" #include "memdebug.h" -#if defined(WIN32) || defined(MSDOS) || defined(__EMX__) +#if defined(_WIN32) || defined(MSDOS) || defined(__EMX__) #define DOS_FILESYSTEM 1 #elif defined(__amigaos4__) #define AMIGA_FILESYSTEM 1 @@ -113,7 +113,7 @@ const struct Curl_handler Curl_handler_file = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ file_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ 0, /* defport */ @@ -290,16 +290,15 @@ static CURLcode file_upload(struct Curl_easy *data) int fd; int mode; CURLcode result = CURLE_OK; - char *buf = data->state.buffer; + char buffer[8*1024], *uphere_save; curl_off_t bytecount = 0; struct_stat file_stat; - const char *buf2; + const char *sendbuf; /* * Since FILE: doesn't do the full init, we need to provide some extra * assignments here. */ - data->req.upload_fromhere = buf; if(!dir) return CURLE_FILE_COULDNT_READ_FILE; /* fix: better error code */ @@ -338,11 +337,15 @@ static CURLcode file_upload(struct Curl_easy *data) data->state.resume_from = (curl_off_t)file_stat.st_size; } + /* Yikes! Curl_fillreadbuffer uses data->req.upload_fromhere to READ + * client data to! Please, someone fix... */ + uphere_save = data->req.upload_fromhere; while(!result) { size_t nread; ssize_t nwrite; size_t readcount; - result = Curl_fillreadbuffer(data, data->set.buffer_size, &readcount); + data->req.upload_fromhere = buffer; + result = Curl_fillreadbuffer(data, sizeof(buffer), &readcount); if(result) break; @@ -356,19 +359,19 @@ static CURLcode file_upload(struct Curl_easy *data) if((curl_off_t)nread <= data->state.resume_from) { data->state.resume_from -= nread; nread = 0; - buf2 = buf; + sendbuf = buffer; } else { - buf2 = buf + data->state.resume_from; + sendbuf = buffer + data->state.resume_from; nread -= (size_t)data->state.resume_from; data->state.resume_from = 0; } } else - buf2 = buf; + sendbuf = buffer; /* write the data to the target */ - nwrite = write(fd, buf2, nread); + nwrite = write(fd, sendbuf, nread); if((size_t)nwrite != nread) { result = CURLE_SEND_ERROR; break; @@ -387,6 +390,7 @@ static CURLcode file_upload(struct Curl_easy *data) result = CURLE_ABORTED_BY_CALLBACK; close(fd); + data->req.upload_fromhere = uphere_save; return result; } @@ -413,15 +417,11 @@ static CURLcode file_do(struct Curl_easy *data, bool *done) curl_off_t expected_size = -1; bool size_known; bool fstated = FALSE; - char *buf = data->state.buffer; - curl_off_t bytecount = 0; int fd; struct FILEPROTO *file; *done = TRUE; /* unconditionally */ - Curl_pgrsStartNow(data); - if(data->state.upload) return file_upload(data); @@ -544,34 +544,30 @@ static CURLcode file_do(struct Curl_easy *data, bool *done) Curl_pgrsTime(data, TIMER_STARTTRANSFER); while(!result) { + char tmpbuf[8*1024]; ssize_t nread; /* Don't fill a whole buffer if we want less than all data */ size_t bytestoread; if(size_known) { - bytestoread = (expected_size < data->set.buffer_size) ? - curlx_sotouz(expected_size) : (size_t)data->set.buffer_size; + bytestoread = (expected_size < (curl_off_t)(sizeof(tmpbuf)-1)) ? + curlx_sotouz(expected_size) : (sizeof(tmpbuf)-1); } else - bytestoread = data->set.buffer_size-1; + bytestoread = sizeof(tmpbuf)-1; - nread = read(fd, buf, bytestoread); + nread = read(fd, tmpbuf, bytestoread); if(nread > 0) - buf[nread] = 0; + tmpbuf[nread] = 0; if(nread <= 0 || (size_known && (expected_size == 0))) break; - bytecount += nread; if(size_known) expected_size -= nread; - result = Curl_client_write(data, CLIENTWRITE_BODY, buf, nread); - if(result) - return result; - - result = Curl_pgrsSetDownloadCounter(data, bytecount); + result = Curl_client_write(data, CLIENTWRITE_BODY, tmpbuf, nread); if(result) return result; diff --git a/lib/fopen.c b/lib/fopen.c index a73ac068e..6518b43ba 100644 --- a/lib/fopen.c +++ b/lib/fopen.c @@ -99,18 +99,13 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, char *tempstore = NULL; struct_stat sb; int fd = -1; - char *dir; + char *dir = NULL; *tempname = NULL; - dir = dirslash(filename); - if(!dir) - goto fail; - *fh = fopen(filename, FOPEN_WRITETEXT); if(!*fh) goto fail; if(fstat(fileno(*fh), &sb) == -1 || !S_ISREG(sb.st_mode)) { - free(dir); return CURLE_OK; } fclose(*fh); @@ -120,31 +115,24 @@ CURLcode Curl_fopen(struct Curl_easy *data, const char *filename, if(result) goto fail; - /* The temp file name should not end up too long for the target file - system */ - tempstore = aprintf("%s%s.tmp", dir, randbuf); + dir = dirslash(filename); + if(dir) { + /* The temp file name should not end up too long for the target file + system */ + tempstore = aprintf("%s%s.tmp", dir, randbuf); + free(dir); + } + if(!tempstore) { result = CURLE_OUT_OF_MEMORY; goto fail; } result = CURLE_WRITE_ERROR; - fd = open(tempstore, O_WRONLY | O_CREAT | O_EXCL, 0600); + fd = open(tempstore, O_WRONLY | O_CREAT | O_EXCL, 0600|sb.st_mode); if(fd == -1) goto fail; -#ifdef HAVE_FCHMOD - { - struct_stat nsb; - if((fstat(fd, &nsb) != -1) && - (nsb.st_uid == sb.st_uid) && (nsb.st_gid == sb.st_gid)) { - /* if the user and group are the same, clone the original mode */ - if(fchmod(fd, (mode_t)sb.st_mode) == -1) - goto fail; - } - } -#endif - *fh = fdopen(fd, FOPEN_WRITETEXT); if(!*fh) goto fail; diff --git a/lib/formdata.c b/lib/formdata.c index e40c4bcb0..d6a1697aa 100644 --- a/lib/formdata.c +++ b/lib/formdata.c @@ -277,7 +277,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, case CURLFORM_PTRNAME: current_form->flags |= HTTPPOST_PTRNAME; /* fall through */ - /* FALLTHROUGH */ + FALLTHROUGH(); case CURLFORM_COPYNAME: if(current_form->name) return_value = CURL_FORMADD_OPTION_TWICE; @@ -303,7 +303,7 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, */ case CURLFORM_PTRCONTENTS: current_form->flags |= HTTPPOST_PTRCONTENTS; - /* FALLTHROUGH */ + FALLTHROUGH(); case CURLFORM_COPYCONTENTS: if(current_form->value) return_value = CURL_FORMADD_OPTION_TWICE; @@ -603,9 +603,9 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost, app passed in a bad combo, so we better check for that first. */ if(form->name) { /* copy name (without strdup; possibly not null-terminated) */ - form->name = Curl_memdup(form->name, form->namelength? - form->namelength: - strlen(form->name) + 1); + form->name = Curl_memdup0(form->name, form->namelength? + form->namelength: + strlen(form->name)); } if(!form->name) { return_value = CURL_FORMADD_MEMORY; @@ -779,11 +779,9 @@ static CURLcode setname(curl_mimepart *part, const char *name, size_t len) if(!name || !len) return curl_mime_name(part, name); - zname = malloc(len + 1); + zname = Curl_memdup0(name, len); if(!zname) return CURLE_OUT_OF_MEMORY; - memcpy(zname, name, len); - zname[len] = '\0'; res = curl_mime_name(part, zname); free(zname); return res; @@ -792,7 +790,7 @@ static CURLcode setname(curl_mimepart *part, const char *name, size_t len) /* wrap call to fseeko so it matches the calling convention of callback */ static int fseeko_wrapper(void *stream, curl_off_t offset, int whence) { -#if defined(HAVE_FSEEKO) +#if defined(HAVE_FSEEKO) && defined(HAVE_DECL_FSEEKO) return fseeko(stream, (off_t)offset, whence); #elif defined(HAVE__FSEEKI64) return _fseeki64(stream, (__int64)offset, whence); diff --git a/lib/ftp.c b/lib/ftp.c index 518c92332..f62108234 100644 --- a/lib/ftp.c +++ b/lib/ftp.c @@ -72,6 +72,7 @@ #include "warnless.h" #include "http_proxy.h" #include "socks.h" +#include "strdup.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" @@ -167,7 +168,7 @@ const struct Curl_handler Curl_handler_ftp = { ftp_domore_getsock, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ ftp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_FTP, /* defport */ @@ -198,7 +199,7 @@ const struct Curl_handler Curl_handler_ftps = { ftp_domore_getsock, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ ftp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_FTPS, /* defport */ @@ -362,10 +363,11 @@ static CURLcode ReceivedServerConnect(struct Curl_easy *data, bool *received) curl_socket_t data_sock = conn->sock[SECONDARYSOCKET]; struct ftp_conn *ftpc = &conn->proto.ftpc; struct pingpong *pp = &ftpc->pp; - int result; + int socketstate = 0; timediff_t timeout_ms; ssize_t nread; int ftpcode; + bool response = FALSE; *received = FALSE; @@ -378,17 +380,21 @@ static CURLcode ReceivedServerConnect(struct Curl_easy *data, bool *received) } /* First check whether there is a cached response from server */ - if(pp->cache_size && pp->cache && pp->cache[0] > '3') { + if(Curl_dyn_len(&pp->recvbuf) && (*Curl_dyn_ptr(&pp->recvbuf) > '3')) { /* Data connection could not be established, let's return */ infof(data, "There is negative response in cache while serv connect"); (void)Curl_GetFTPResponse(data, &nread, &ftpcode); return CURLE_FTP_ACCEPT_FAILED; } - result = Curl_socket_check(ctrl_sock, data_sock, CURL_SOCKET_BAD, 0); + if(pp->overflow) + /* there is pending control data still in the buffer to read */ + response = TRUE; + else + socketstate = Curl_socket_check(ctrl_sock, data_sock, CURL_SOCKET_BAD, 0); /* see if the connection request is already here */ - switch(result) { + switch(socketstate) { case -1: /* error */ /* let's die here */ failf(data, "Error while waiting for server connect"); @@ -396,23 +402,23 @@ static CURLcode ReceivedServerConnect(struct Curl_easy *data, bool *received) case 0: /* Server connect is not received yet */ break; /* loop */ default: - - if(result & CURL_CSELECT_IN2) { + if(socketstate & CURL_CSELECT_IN2) { infof(data, "Ready to accept data connection from server"); *received = TRUE; } - else if(result & CURL_CSELECT_IN) { - infof(data, "Ctrl conn has data while waiting for data conn"); - (void)Curl_GetFTPResponse(data, &nread, &ftpcode); - - if(ftpcode/100 > 3) - return CURLE_FTP_ACCEPT_FAILED; + else if(socketstate & CURL_CSELECT_IN) + response = TRUE; + break; + } + if(response) { + infof(data, "Ctrl conn has data while waiting for data conn"); + (void)Curl_GetFTPResponse(data, &nread, &ftpcode); - return CURLE_WEIRD_SERVER_REPLY; - } + if(ftpcode/100 > 3) + return CURLE_FTP_ACCEPT_FAILED; - break; - } /* switch() */ + return CURLE_WEIRD_SERVER_REPLY; + } return CURLE_OK; } @@ -553,7 +559,7 @@ static CURLcode ftp_readresp(struct Curl_easy *data, #ifdef HAVE_GSSAPI { struct connectdata *conn = data->conn; - char * const buf = data->state.buffer; + char * const buf = Curl_dyn_ptr(&data->conn->proto.ftpc.pp.recvbuf); /* handle the security-oriented responses 6xx ***/ switch(code) { @@ -659,7 +665,7 @@ CURLcode Curl_GetFTPResponse(struct Curl_easy *data, * */ - if(pp->cache && (cache_skip < 2)) { + if(Curl_dyn_len(&pp->recvbuf) && (cache_skip < 2)) { /* * There's a cache left since before. We then skipping the wait for * socket action, unless this is the same cache like the previous round @@ -687,7 +693,7 @@ CURLcode Curl_GetFTPResponse(struct Curl_easy *data, if(result) break; - if(!nread && pp->cache) + if(!nread && Curl_dyn_len(&pp->recvbuf)) /* bump cache skip counter as on repeated skips we must wait for more data */ cache_skip++; @@ -819,7 +825,7 @@ static int ftp_domore_getsock(struct Curl_easy *data, DEBUGF(infof(data, "ftp_domore_getsock()")); if(conn->cfilter[SECONDARYSOCKET] && !Curl_conn_is_connected(conn, SECONDARYSOCKET)) - return Curl_conn_get_select_socks(data, SECONDARYSOCKET, socks); + return 0; if(FTP_STOP == ftpc->state) { int bits = GETSOCK_READSOCK(0); @@ -926,6 +932,8 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, bool possibly_non_local = TRUE; char buffer[STRERROR_LEN]; char *addr = NULL; + size_t addrlen = 0; + char ipstr[50]; /* Step 1, figure out what is requested, * accepted format : @@ -934,32 +942,17 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, if(data->set.str[STRING_FTPPORT] && (strlen(data->set.str[STRING_FTPPORT]) > 1)) { - -#ifdef ENABLE_IPV6 - size_t addrlen = INET6_ADDRSTRLEN > strlen(string_ftpport) ? - INET6_ADDRSTRLEN : strlen(string_ftpport); -#else - size_t addrlen = INET_ADDRSTRLEN > strlen(string_ftpport) ? - INET_ADDRSTRLEN : strlen(string_ftpport); -#endif - char *ip_start = string_ftpport; char *ip_end = NULL; - char *port_start = NULL; - char *port_sep = NULL; - - addr = calloc(addrlen + 1, 1); - if(!addr) { - result = CURLE_OUT_OF_MEMORY; - goto out; - } #ifdef ENABLE_IPV6 if(*string_ftpport == '[') { /* [ipv6]:port(-range) */ - ip_start = string_ftpport + 1; - ip_end = strchr(string_ftpport, ']'); - if(ip_end) - strncpy(addr, ip_start, ip_end - ip_start); + char *ip_start = string_ftpport + 1; + ip_end = strchr(ip_start, ']'); + if(ip_end) { + addrlen = ip_end - ip_start; + addr = ip_start; + } } else #endif @@ -969,28 +962,27 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, } else { ip_end = strchr(string_ftpport, ':'); + addr = string_ftpport; if(ip_end) { /* either ipv6 or (ipv4|domain|interface):port(-range) */ + addrlen = ip_end - string_ftpport; #ifdef ENABLE_IPV6 if(Curl_inet_pton(AF_INET6, string_ftpport, &sa6->sin6_addr) == 1) { /* ipv6 */ port_min = port_max = 0; - strcpy(addr, string_ftpport); ip_end = NULL; /* this got no port ! */ } - else #endif - /* (ipv4|domain|interface):port(-range) */ - strncpy(addr, string_ftpport, ip_end - ip_start); } else /* ipv4|interface */ - strcpy(addr, string_ftpport); + addrlen = strlen(string_ftpport); } /* parse the port */ if(ip_end) { - port_start = strchr(ip_end, ':'); + char *port_sep = NULL; + char *port_start = strchr(ip_end, ':'); if(port_start) { port_min = curlx_ultous(strtoul(port_start + 1, NULL, 10)); port_sep = strchr(port_start, '-'); @@ -1011,22 +1003,29 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data, if(port_min > port_max) port_min = port_max = 0; - if(*addr != '\0') { + if(addrlen) { + DEBUGASSERT(addr); + if(addrlen >= sizeof(ipstr)) + goto out; + memcpy(ipstr, addr, addrlen); + ipstr[addrlen] = 0; + /* attempt to get the address of the given interface name */ switch(Curl_if2ip(conn->remote_addr->family, #ifdef ENABLE_IPV6 Curl_ipv6_scope(&conn->remote_addr->sa_addr), conn->scope_id, #endif - addr, hbuf, sizeof(hbuf))) { + ipstr, hbuf, sizeof(hbuf))) { case IF2IP_NOT_FOUND: /* not an interface, use the given string as host name instead */ - host = addr; + host = ipstr; break; case IF2IP_AF_NOT_SUPPORTED: goto out; case IF2IP_FOUND: host = hbuf; /* use the hbuf for host name */ + break; } } else @@ -1266,7 +1265,6 @@ out: } if(portsock != CURL_SOCKET_BAD) Curl_socket_close(data, conn, portsock); - free(addr); return result; } @@ -1589,13 +1587,14 @@ static CURLcode ftp_state_ul_setup(struct Curl_easy *data, } /* seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */ do { + char scratch[4*1024]; size_t readthisamountnow = - (data->state.resume_from - passed > data->set.buffer_size) ? - (size_t)data->set.buffer_size : + (data->state.resume_from - passed > (curl_off_t)sizeof(scratch)) ? + sizeof(scratch) : curlx_sotouz(data->state.resume_from - passed); size_t actuallyread = - data->state.fread_func(data->state.buffer, 1, readthisamountnow, + data->state.fread_func(scratch, 1, readthisamountnow, data->state.in); passed += actuallyread; @@ -1828,7 +1827,9 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data, struct Curl_dns_entry *addr = NULL; enum resolve_t rc; unsigned short connectport; /* the local port connect() should use! */ - char *str = &data->state.buffer[4]; /* start on the first letter */ + struct pingpong *pp = &ftpc->pp; + char *str = + Curl_dyn_ptr(&pp->recvbuf) + 4; /* start on the first letter */ /* if we come here again, make sure the former name is cleared */ Curl_safefree(ftpc->newhost); @@ -2106,8 +2107,9 @@ static CURLcode ftp_state_mdtm_resp(struct Curl_easy *data, /* we got a time. Format should be: "YYYYMMDDHHMMSS[.sss]" where the last .sss part is optional and means fractions of a second */ int year, month, day, hour, minute, second; - if(ftp_213_date(&data->state.buffer[4], - &year, &month, &day, &hour, &minute, &second)) { + struct pingpong *pp = &ftpc->pp; + char *resp = Curl_dyn_ptr(&pp->recvbuf) + 4; + if(ftp_213_date(resp, &year, &month, &day, &hour, &minute, &second)) { /* we have a time, reformat it */ char timebuf[24]; msnprintf(timebuf, sizeof(timebuf), @@ -2318,7 +2320,8 @@ static CURLcode ftp_state_size_resp(struct Curl_easy *data, { CURLcode result = CURLE_OK; curl_off_t filesize = -1; - char *buf = data->state.buffer; + char *buf = Curl_dyn_ptr(&data->conn->proto.ftpc.pp.recvbuf); + size_t len = data->conn->proto.ftpc.pp.nfinal; /* get the size from the ascii string: */ if(ftpcode == 213) { @@ -2326,13 +2329,13 @@ static CURLcode ftp_state_size_resp(struct Curl_easy *data, for all the digits at the end of the response and parse only those as a number. */ char *start = &buf[4]; - char *fdigit = strchr(start, '\r'); + char *fdigit = memchr(start, '\r', len); if(fdigit) { - do + fdigit--; + if(*fdigit == '\n') + fdigit--; + while(ISDIGIT(fdigit[-1]) && (fdigit > start)) fdigit--; - while(ISDIGIT(*fdigit) && (fdigit > start)); - if(!ISDIGIT(*fdigit)) - fdigit++; } else fdigit = start; @@ -2501,7 +2504,7 @@ static CURLcode ftp_state_get_resp(struct Curl_easy *data, * * Example D above makes this parsing a little tricky */ char *bytes; - char *buf = data->state.buffer; + char *buf = Curl_dyn_ptr(&conn->proto.ftpc.pp.recvbuf); bytes = strstr(buf, " bytes"); if(bytes) { long in = (long)(--bytes-buf); @@ -2770,7 +2773,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, case FTP_AUTH: /* we have gotten the response to a previous AUTH command */ - if(pp->cache_size) + if(pp->overflow) return CURLE_WEIRD_SERVER_REPLY; /* Forbid pipelining in response. */ /* RFC2228 (page 5) says: @@ -2868,14 +2871,11 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, case FTP_PWD: if(ftpcode == 257) { - char *ptr = &data->state.buffer[4]; /* start on the first letter */ - const size_t buf_size = data->set.buffer_size; - char *dir; + char *ptr = Curl_dyn_ptr(&pp->recvbuf) + 4; /* start on the first + letter */ bool entry_extracted = FALSE; - - dir = malloc(nread + 1); - if(!dir) - return CURLE_OUT_OF_MEMORY; + struct dynbuf out; + Curl_dyn_init(&out, 1000); /* Reply format is like 257[rubbish]"" and the @@ -2887,33 +2887,30 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, */ /* scan for the first double-quote for non-standard responses */ - while(ptr < &data->state.buffer[buf_size] - && *ptr != '\n' && *ptr != '\0' && *ptr != '"') + while(*ptr != '\n' && *ptr != '\0' && *ptr != '"') ptr++; if('\"' == *ptr) { /* it started good */ - char *store; - ptr++; - for(store = dir; *ptr;) { + for(ptr++; *ptr; ptr++) { if('\"' == *ptr) { if('\"' == ptr[1]) { /* "quote-doubling" */ - *store = ptr[1]; + result = Curl_dyn_addn(&out, &ptr[1], 1); ptr++; } else { /* end of path */ - entry_extracted = TRUE; + if(Curl_dyn_len(&out)) + entry_extracted = TRUE; break; /* get out of this loop */ } } else - *store = *ptr; - store++; - ptr++; + result = Curl_dyn_addn(&out, ptr, 1); + if(result) + return result; } - *store = '\0'; /* null-terminate */ } if(entry_extracted) { /* If the path name does not look like an absolute path (i.e.: it @@ -2927,6 +2924,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, The method used here is to check the server OS: we do it only if the path name looks strange to minimize overhead on other systems. */ + char *dir = Curl_dyn_ptr(&out); if(!ftpc->server_os && dir[0] != '/') { result = Curl_pp_sendf(data, &ftpc->pp, "%s", "SYST"); @@ -2951,7 +2949,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, } else { /* couldn't get the path */ - free(dir); + Curl_dyn_free(&out); infof(data, "Failed to figure out path"); } } @@ -2961,25 +2959,23 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, case FTP_SYST: if(ftpcode == 215) { - char *ptr = &data->state.buffer[4]; /* start on the first letter */ + char *ptr = Curl_dyn_ptr(&pp->recvbuf) + 4; /* start on the first + letter */ char *os; - char *store; - - os = malloc(nread + 1); - if(!os) - return CURLE_OUT_OF_MEMORY; + char *start; /* Reply format is like 215 */ while(*ptr == ' ') ptr++; - for(store = os; *ptr && *ptr != ' ';) - *store++ = *ptr++; - *store = '\0'; /* null-terminate */ + for(start = ptr; *ptr && *ptr != ' '; ptr++) + ; + os = Curl_memdup0(start, ptr - start); + if(!os) + return CURLE_OUT_OF_MEMORY; /* Check for special servers here. */ - if(strcasecompare(os, "OS/400")) { /* Force OS400 name format 1. */ result = Curl_pp_sendf(data, &ftpc->pp, "%s", "SITE NAMEFMT 1"); @@ -3131,7 +3127,6 @@ static CURLcode ftp_statemachine(struct Curl_easy *data, break; case FTP_QUIT: - /* fallthrough, just stop! */ default: /* internal error */ ftp_state(data, FTP_STOP); @@ -3206,8 +3201,7 @@ static CURLcode ftp_connect(struct Curl_easy *data, conn->bits.ftp_use_control_ssl = TRUE; } - Curl_pp_setup(pp); /* once per transfer */ - Curl_pp_init(data, pp); /* init the generic pingpong data */ + Curl_pp_init(pp); /* once per transfer */ /* When we connect, we start in the state where we await the 220 response */ @@ -3258,14 +3252,13 @@ static CURLcode ftp_done(struct Curl_easy *data, CURLcode status, case CURLE_REMOTE_FILE_NOT_FOUND: case CURLE_WRITE_ERROR: /* the connection stays alive fine even though this happened */ - /* fall-through */ case CURLE_OK: /* doesn't affect the control connection's status */ if(!premature) break; /* until we cope better with prematurely ended requests, let them * fallback as if in complete failure */ - /* FALLTHROUGH */ + FALLTHROUGH(); default: /* by default, an error means the control connection is wedged and should not be used anymore */ ftpc->ctl_valid = FALSE; @@ -4177,13 +4170,12 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data) return CURLE_OUT_OF_MEMORY; } - ftpc->dirs[0] = calloc(1, dirlen + 1); + ftpc->dirs[0] = Curl_memdup0(rawPath, dirlen); if(!ftpc->dirs[0]) { free(rawPath); return CURLE_OUT_OF_MEMORY; } - strncpy(ftpc->dirs[0], rawPath, dirlen); ftpc->dirdepth = 1; /* we consider it to be a single dir */ fileName = slashPos + 1; /* rest is file name */ } @@ -4222,12 +4214,11 @@ CURLcode ftp_parse_url_path(struct Curl_easy *data) CWD requires a parameter and a non-existent parameter a) doesn't work on many servers and b) has no effect on the others. */ if(compLen > 0) { - char *comp = calloc(1, compLen + 1); + char *comp = Curl_memdup0(curPos, compLen); if(!comp) { free(rawPath); return CURLE_OUT_OF_MEMORY; } - strncpy(comp, curPos, compLen); ftpc->dirs[ftpc->dirdepth++] = comp; } curPos = slashPos + 1; @@ -4379,7 +4370,7 @@ static CURLcode ftp_setup_connection(struct Curl_easy *data, CURLcode result = CURLE_OK; struct ftp_conn *ftpc = &conn->proto.ftpc; - ftp = calloc(sizeof(struct FTP), 1); + ftp = calloc(1, sizeof(struct FTP)); if(!ftp) return CURLE_OUT_OF_MEMORY; diff --git a/lib/ftplistparser.c b/lib/ftplistparser.c index 2a7ca5baf..82f1ea00d 100644 --- a/lib/ftplistparser.c +++ b/lib/ftplistparser.c @@ -55,9 +55,6 @@ /* The last #include file should be: */ #include "memdebug.h" -/* allocs buffer which will contain one line of LIST command response */ -#define FTP_BUFFER_ALLOCSIZE 160 - typedef enum { PL_UNIX_TOTALSIZE = 0, PL_UNIX_FILETYPE, diff --git a/lib/functypes.h b/lib/functypes.h index 075c02e54..ea66d3281 100644 --- a/lib/functypes.h +++ b/lib/functypes.h @@ -38,7 +38,7 @@ 2. For systems with config-*.h files, define them there. */ -#ifdef WIN32 +#ifdef _WIN32 /* int recv(SOCKET, char *, int, int) */ #define RECV_TYPE_ARG1 SOCKET #define RECV_TYPE_ARG2 char * diff --git a/lib/getenv.c b/lib/getenv.c index 806978472..48ee97228 100644 --- a/lib/getenv.c +++ b/lib/getenv.c @@ -31,10 +31,11 @@ static char *GetEnv(const char *variable) { -#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) +#if defined(_WIN32_WCE) || defined(CURL_WINDOWS_APP) || \ + defined(__ORBIS__) || defined(__PROSPERO__) /* PlayStation 4 and 5 */ (void)variable; return NULL; -#elif defined(WIN32) +#elif defined(_WIN32) /* This uses Windows API instead of C runtime getenv() to get the environment variable since some changes aren't always visible to the latter. #4774 */ char *buf = NULL; diff --git a/lib/getinfo.c b/lib/getinfo.c index f1574e097..2f74629e1 100644 --- a/lib/getinfo.c +++ b/lib/getinfo.c @@ -409,6 +409,9 @@ static CURLcode getinfo_offt(struct Curl_easy *data, CURLINFO info, case CURLINFO_STARTTRANSFER_TIME_T: *param_offt = data->progress.t_starttransfer; break; + case CURLINFO_QUEUE_TIME_T: + *param_offt = data->progress.t_postqueue; + break; case CURLINFO_REDIRECT_TIME_T: *param_offt = data->progress.t_redirect; break; @@ -420,7 +423,7 @@ static CURLcode getinfo_offt(struct Curl_easy *data, CURLINFO info, break; case CURLINFO_CONN_ID: *param_offt = data->conn? - data->conn->connection_id : data->state.recent_conn_id; + data->conn->connection_id : data->state.recent_conn_id; break; default: return CURLE_UNKNOWN_OPTION; diff --git a/lib/gopher.c b/lib/gopher.c index 61e41b7e4..9ca08289e 100644 --- a/lib/gopher.c +++ b/lib/gopher.c @@ -75,7 +75,7 @@ const struct Curl_handler Curl_handler_gopher = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ ZERO_NULL, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_GOPHER, /* defport */ @@ -99,7 +99,7 @@ const struct Curl_handler Curl_handler_gophers = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ ZERO_NULL, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_GOPHER, /* defport */ diff --git a/lib/headers.c b/lib/headers.c index 3ff4d5eb0..8a3264ab5 100644 --- a/lib/headers.c +++ b/lib/headers.c @@ -185,7 +185,7 @@ struct curl_header *curl_easy_nextheader(CURL *easy, } static CURLcode namevalue(char *header, size_t hlen, unsigned int type, - char **name, char **value) + char **name, char **value) { char *end = header + hlen - 1; /* point to the last byte */ DEBUGASSERT(hlen); @@ -292,9 +292,10 @@ CURLcode Curl_headers_push(struct Curl_easy *data, const char *header, if(!end) { end = strchr(header, '\n'); if(!end) - return CURLE_BAD_FUNCTION_ARGUMENT; + /* neither CR nor LF as terminator is not a valid header */ + return CURLE_WEIRD_SERVER_REPLY; } - hlen = end - header + 1; + hlen = end - header; if((header[0] == ' ') || (header[0] == '\t')) { if(data->state.prevhead) @@ -319,21 +320,19 @@ CURLcode Curl_headers_push(struct Curl_easy *data, const char *header, hs->buffer[hlen] = 0; /* nul terminate */ result = namevalue(hs->buffer, hlen, type, &name, &value); - if(result) - goto fail; - - hs->name = name; - hs->value = value; - hs->type = type; - hs->request = data->state.requests; - - /* insert this node into the list of headers */ - Curl_llist_insert_next(&data->state.httphdrs, data->state.httphdrs.tail, - hs, &hs->node); - data->state.prevhead = hs; - return CURLE_OK; -fail: - free(hs); + if(!result) { + hs->name = name; + hs->value = value; + hs->type = type; + hs->request = data->state.requests; + + /* insert this node into the list of headers */ + Curl_llist_insert_next(&data->state.httphdrs, data->state.httphdrs.tail, + hs, &hs->node); + data->state.prevhead = hs; + } + else + free(hs); return result; } diff --git a/lib/hostip.c b/lib/hostip.c index 3cd9a65c5..4f44d348f 100644 --- a/lib/hostip.c +++ b/lib/hostip.c @@ -117,6 +117,13 @@ static void freednsentry(void *freethis); +#ifndef CURL_DISABLE_VERBOSE_STRINGS +static void show_resolve_info(struct Curl_easy *data, + struct Curl_dns_entry *dns); +#else +#define show_resolve_info(x,y) Curl_nop_stmt +#endif + /* * Curl_printable_address() stores a printable version of the 1st address * given in the 'ai' argument. The result will be stored in the buf that is @@ -481,9 +488,11 @@ Curl_cache_addr(struct Curl_easy *data, return NULL; } #endif + if(!hostlen) + hostlen = strlen(hostname); /* Create a new cache entry */ - dns = calloc(1, sizeof(struct Curl_dns_entry)); + dns = calloc(1, sizeof(struct Curl_dns_entry) + hostlen); if(!dns) { return NULL; } @@ -497,6 +506,9 @@ Curl_cache_addr(struct Curl_easy *data, time(&dns->timestamp); if(dns->timestamp == 0) dns->timestamp = 1; /* zero indicates permanent CURLOPT_RESOLVE entry */ + dns->hostport = port; + if(hostlen) + memcpy(dns->hostname, hostname, hostlen); /* Store the resolved data in our DNS cache. */ dns2 = Curl_hash_add(data->dns.hostcache, entry_id, entry_len + 1, @@ -521,7 +533,7 @@ static struct Curl_addrinfo *get_localhost6(int port, const char *name) struct sockaddr_in6 sa6; unsigned char ipv6[16]; unsigned short port16 = (unsigned short)(port & 0xffff); - ca = calloc(sizeof(struct Curl_addrinfo) + ss_size + hostlen + 1, 1); + ca = calloc(1, sizeof(struct Curl_addrinfo) + ss_size + hostlen + 1); if(!ca) return NULL; @@ -568,7 +580,7 @@ static struct Curl_addrinfo *get_localhost(int port, const char *name) return NULL; memcpy(&sa.sin_addr, &ipv4, sizeof(ipv4)); - ca = calloc(sizeof(struct Curl_addrinfo) + ss_size + hostlen + 1, 1); + ca = calloc(1, sizeof(struct Curl_addrinfo) + ss_size + hostlen + 1); if(!ca) return NULL; ca->ai_flags = 0; @@ -742,16 +754,22 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, #ifndef USE_RESOLVE_ON_IPS /* First check if this is an IPv4 address string */ - if(Curl_inet_pton(AF_INET, hostname, &in) > 0) + if(Curl_inet_pton(AF_INET, hostname, &in) > 0) { /* This is a dotted IP address 123.123.123.123-style */ addr = Curl_ip2addr(AF_INET, &in, hostname, port); + if(!addr) + return CURLRESOLV_ERROR; + } #ifdef ENABLE_IPV6 - if(!addr) { + else { struct in6_addr in6; /* check if this is an IPv6 address string */ - if(Curl_inet_pton(AF_INET6, hostname, &in6) > 0) + if(Curl_inet_pton(AF_INET6, hostname, &in6) > 0) { /* This is an IPv6 address literal */ addr = Curl_ip2addr(AF_INET6, &in6, hostname, port); + if(!addr) + return CURLRESOLV_ERROR; + } } #endif /* ENABLE_IPV6 */ @@ -823,8 +841,10 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, if(!dns) /* returned failure, bail out nicely */ Curl_freeaddrinfo(addr); - else + else { rc = CURLRESOLV_RESOLVED; + show_resolve_info(data, dns); + } } } @@ -839,7 +859,7 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, * execution. This effectively causes the remainder of the application to run * within a signal handler which is nonportable and could lead to problems. */ -static +CURL_NORETURN static void alarmfunc(int sig) { (void)sig; @@ -1269,9 +1289,11 @@ err: Curl_freeaddrinfo(head); return CURLE_OUT_OF_MEMORY; } +#ifndef CURL_DISABLE_VERBOSE_STRINGS infof(data, "Added %.*s:%d:%s to DNS cache%s", (int)hlen, host_begin, port, addresses, permanent ? "" : " (non-permanent)"); +#endif /* Wildcard hostname */ if((hlen == 1) && (host_begin[0] == '*')) { @@ -1285,18 +1307,89 @@ err: return CURLE_OK; } +#ifndef CURL_DISABLE_VERBOSE_STRINGS +static void show_resolve_info(struct Curl_easy *data, + struct Curl_dns_entry *dns) +{ + struct Curl_addrinfo *a; + CURLcode result = CURLE_OK; +#ifdef CURLRES_IPV6 + struct dynbuf out[2]; +#else + struct dynbuf out[1]; +#endif + DEBUGASSERT(data); + DEBUGASSERT(dns); + + if(!data->set.verbose || + /* ignore no name or numerical IP addresses */ + !dns->hostname[0] || Curl_host_is_ipnum(dns->hostname)) + return; + + a = dns->addr; + + infof(data, "Host %s:%d was resolved.", + (dns->hostname[0] ? dns->hostname : "(none)"), dns->hostport); + + Curl_dyn_init(&out[0], 1024); +#ifdef CURLRES_IPV6 + Curl_dyn_init(&out[1], 1024); +#endif + + while(a) { + if( +#ifdef CURLRES_IPV6 + a->ai_family == PF_INET6 || +#endif + a->ai_family == PF_INET) { + char buf[MAX_IPADR_LEN]; + struct dynbuf *d = &out[(a->ai_family != PF_INET)]; + Curl_printable_address(a, buf, sizeof(buf)); + if(Curl_dyn_len(d)) + result = Curl_dyn_addn(d, ", ", 2); + if(!result) + result = Curl_dyn_add(d, buf); + if(result) { + infof(data, "too many IP, can't show"); + goto fail; + } + } + a = a->ai_next; + } + +#ifdef CURLRES_IPV6 + infof(data, "IPv6: %s", + (Curl_dyn_len(&out[1]) ? Curl_dyn_ptr(&out[1]) : "(none)")); +#endif + infof(data, "IPv4: %s", + (Curl_dyn_len(&out[0]) ? Curl_dyn_ptr(&out[0]) : "(none)")); + +fail: + Curl_dyn_free(&out[0]); +#ifdef CURLRES_IPV6 + Curl_dyn_free(&out[1]); +#endif +} +#endif + CURLcode Curl_resolv_check(struct Curl_easy *data, struct Curl_dns_entry **dns) { + CURLcode result; #if defined(CURL_DISABLE_DOH) && !defined(CURLRES_ASYNCH) (void)data; (void)dns; #endif #ifndef CURL_DISABLE_DOH - if(data->conn->bits.doh) - return Curl_doh_is_resolved(data, dns); + if(data->conn->bits.doh) { + result = Curl_doh_is_resolved(data, dns); + } + else #endif - return Curl_resolver_is_resolved(data, dns); + result = Curl_resolver_is_resolved(data, dns); + if(*dns) + show_resolve_info(data, *dns); + return result; } int Curl_resolv_getsock(struct Curl_easy *data, diff --git a/lib/hostip.h b/lib/hostip.h index b68f539b2..fb53a5776 100644 --- a/lib/hostip.h +++ b/lib/hostip.h @@ -64,6 +64,10 @@ struct Curl_dns_entry { time_t timestamp; /* use-counter, use Curl_resolv_unlock to release reference */ long inuse; + /* hostname port number that resolved to addr. */ + int hostport; + /* hostname that resolved to addr. may be NULL (unix domain sockets). */ + char hostname[1]; }; bool Curl_host_is_ipnum(const char *hostname); diff --git a/lib/hostip6.c b/lib/hostip6.c index 6b0ba55e9..18969a7a7 100644 --- a/lib/hostip6.c +++ b/lib/hostip6.c @@ -71,8 +71,7 @@ bool Curl_ipvalid(struct Curl_easy *data, struct connectdata *conn) #if defined(CURLRES_SYNCH) #ifdef DEBUG_ADDRINFO -static void dump_addrinfo(struct connectdata *conn, - const struct Curl_addrinfo *ai) +static void dump_addrinfo(const struct Curl_addrinfo *ai) { printf("dump_addrinfo:\n"); for(; ai; ai = ai->ai_next) { @@ -84,7 +83,7 @@ static void dump_addrinfo(struct connectdata *conn, } } #else -#define dump_addrinfo(x,y) Curl_nop_stmt +#define dump_addrinfo(x) Curl_nop_stmt #endif /* @@ -149,7 +148,7 @@ struct Curl_addrinfo *Curl_getaddrinfo(struct Curl_easy *data, Curl_addrinfo_set_port(res, port); } - dump_addrinfo(conn, res); + dump_addrinfo(res); return res; } diff --git a/lib/hsts.c b/lib/hsts.c index 7ecf0042a..8725a35c1 100644 --- a/lib/hsts.c +++ b/lib/hsts.c @@ -40,6 +40,7 @@ #include "fopen.h" #include "rename.h" #include "share.h" +#include "strdup.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -76,7 +77,7 @@ static time_t hsts_debugtime(void *unused) struct hsts *Curl_hsts_init(void) { - struct hsts *h = calloc(sizeof(struct hsts), 1); + struct hsts *h = calloc(1, sizeof(struct hsts)); if(h) { Curl_llist_init(&h->list, NULL); } @@ -108,7 +109,7 @@ void Curl_hsts_cleanup(struct hsts **hp) static struct stsentry *hsts_entry(void) { - return calloc(sizeof(struct stsentry), 1); + return calloc(1, sizeof(struct stsentry)); } static CURLcode hsts_create(struct hsts *h, @@ -116,27 +117,31 @@ static CURLcode hsts_create(struct hsts *h, bool subdomains, curl_off_t expires) { - struct stsentry *sts = hsts_entry(); - char *duphost; size_t hlen; - if(!sts) - return CURLE_OUT_OF_MEMORY; + DEBUGASSERT(h); + DEBUGASSERT(hostname); + + hlen = strlen(hostname); + if(hlen && (hostname[hlen - 1] == '.')) + /* strip off any trailing dot */ + --hlen; + if(hlen) { + char *duphost; + struct stsentry *sts = hsts_entry(); + if(!sts) + return CURLE_OUT_OF_MEMORY; + + duphost = Curl_memdup0(hostname, hlen); + if(!duphost) { + free(sts); + return CURLE_OUT_OF_MEMORY; + } - duphost = strdup(hostname); - if(!duphost) { - free(sts); - return CURLE_OUT_OF_MEMORY; + sts->host = duphost; + sts->expires = expires; + sts->includeSubDomains = subdomains; + Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node); } - - hlen = strlen(duphost); - if(duphost[hlen - 1] == '.') - /* strip off trailing any dot */ - duphost[--hlen] = 0; - - sts->host = duphost; - sts->expires = expires; - sts->includeSubDomains = subdomains; - Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node); return CURLE_OK; } @@ -473,6 +478,7 @@ static CURLcode hsts_pull(struct Curl_easy *data, struct hsts *h) if(sc == CURLSTS_OK) { time_t expires; CURLcode result; + DEBUGASSERT(e.name[0]); if(!e.name[0]) /* bail out if no name was stored */ return CURLE_BAD_FUNCTION_ARGUMENT; @@ -564,7 +570,7 @@ CURLcode Curl_hsts_loadcb(struct Curl_easy *data, struct hsts *h) void Curl_hsts_loadfiles(struct Curl_easy *data) { - struct curl_slist *l = data->set.hstslist; + struct curl_slist *l = data->state.hstslist; if(l) { Curl_share_lock(data, CURL_LOCK_DATA_HSTS, CURL_LOCK_ACCESS_SINGLE); diff --git a/lib/http.c b/lib/http.c index 40ef70df5..679931e4b 100644 --- a/lib/http.c +++ b/lib/http.c @@ -100,24 +100,14 @@ * Forward declarations. */ -static int http_getsock_do(struct Curl_easy *data, - struct connectdata *conn, - curl_socket_t *socks); static bool http_should_fail(struct Curl_easy *data); -static CURLcode http_setup_conn(struct Curl_easy *data, - struct connectdata *conn); -#ifdef USE_WEBSOCKETS -static CURLcode ws_setup_conn(struct Curl_easy *data, - struct connectdata *conn); -#endif - /* * HTTP handler interface. */ const struct Curl_handler Curl_handler_http = { "HTTP", /* scheme */ - http_setup_conn, /* setup_connection */ + Curl_http_setup_conn, /* setup_connection */ Curl_http, /* do_it */ Curl_http_done, /* done */ ZERO_NULL, /* do_more */ @@ -125,11 +115,11 @@ const struct Curl_handler Curl_handler_http = { ZERO_NULL, /* connecting */ ZERO_NULL, /* doing */ ZERO_NULL, /* proto_getsock */ - http_getsock_do, /* doing_getsock */ + Curl_http_getsock_do, /* doing_getsock */ ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ ZERO_NULL, /* disconnect */ - ZERO_NULL, /* readwrite */ + Curl_http_write_resp, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_HTTP, /* defport */ @@ -139,39 +129,13 @@ const struct Curl_handler Curl_handler_http = { PROTOPT_USERPWDCTRL }; -#ifdef USE_WEBSOCKETS -const struct Curl_handler Curl_handler_ws = { - "WS", /* scheme */ - ws_setup_conn, /* setup_connection */ - Curl_http, /* do_it */ - Curl_http_done, /* done */ - ZERO_NULL, /* do_more */ - Curl_http_connect, /* connect_it */ - ZERO_NULL, /* connecting */ - ZERO_NULL, /* doing */ - ZERO_NULL, /* proto_getsock */ - http_getsock_do, /* doing_getsock */ - ZERO_NULL, /* domore_getsock */ - ZERO_NULL, /* perform_getsock */ - Curl_ws_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ - ZERO_NULL, /* connection_check */ - ZERO_NULL, /* attach connection */ - PORT_HTTP, /* defport */ - CURLPROTO_WS, /* protocol */ - CURLPROTO_HTTP, /* family */ - PROTOPT_CREDSPERREQUEST | /* flags */ - PROTOPT_USERPWDCTRL -}; -#endif - #ifdef USE_SSL /* * HTTPS handler interface. */ const struct Curl_handler Curl_handler_https = { "HTTPS", /* scheme */ - http_setup_conn, /* setup_connection */ + Curl_http_setup_conn, /* setup_connection */ Curl_http, /* do_it */ Curl_http_done, /* done */ ZERO_NULL, /* do_more */ @@ -179,11 +143,11 @@ const struct Curl_handler Curl_handler_https = { NULL, /* connecting */ ZERO_NULL, /* doing */ NULL, /* proto_getsock */ - http_getsock_do, /* doing_getsock */ + Curl_http_getsock_do, /* doing_getsock */ ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ ZERO_NULL, /* disconnect */ - ZERO_NULL, /* readwrite */ + Curl_http_write_resp, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_HTTPS, /* defport */ @@ -193,36 +157,10 @@ const struct Curl_handler Curl_handler_https = { PROTOPT_USERPWDCTRL }; -#ifdef USE_WEBSOCKETS -const struct Curl_handler Curl_handler_wss = { - "WSS", /* scheme */ - ws_setup_conn, /* setup_connection */ - Curl_http, /* do_it */ - Curl_http_done, /* done */ - ZERO_NULL, /* do_more */ - Curl_http_connect, /* connect_it */ - NULL, /* connecting */ - ZERO_NULL, /* doing */ - NULL, /* proto_getsock */ - http_getsock_do, /* doing_getsock */ - ZERO_NULL, /* domore_getsock */ - ZERO_NULL, /* perform_getsock */ - Curl_ws_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ - ZERO_NULL, /* connection_check */ - ZERO_NULL, /* attach connection */ - PORT_HTTPS, /* defport */ - CURLPROTO_WSS, /* protocol */ - CURLPROTO_HTTP, /* family */ - PROTOPT_SSL | PROTOPT_CREDSPERREQUEST | /* flags */ - PROTOPT_USERPWDCTRL -}; -#endif - #endif -static CURLcode http_setup_conn(struct Curl_easy *data, - struct connectdata *conn) +CURLcode Curl_http_setup_conn(struct Curl_easy *data, + struct connectdata *conn) { /* allocate the HTTP-specific struct for the Curl_easy, only to survive during this request */ @@ -245,16 +183,6 @@ static CURLcode http_setup_conn(struct Curl_easy *data, return CURLE_OK; } -#ifdef USE_WEBSOCKETS -static CURLcode ws_setup_conn(struct Curl_easy *data, - struct connectdata *conn) -{ - /* websockets is 1.1 only (for now) */ - data->state.httpwant = CURL_HTTP_VERSION_1_1; - return http_setup_conn(data, conn); -} -#endif - #ifndef CURL_DISABLE_PROXY /* * checkProxyHeaders() checks the linked list of custom proxy headers @@ -297,7 +225,6 @@ char *Curl_copy_header_value(const char *header) { const char *start; const char *end; - char *value; size_t len; /* Find the end of the header name */ @@ -330,14 +257,7 @@ char *Curl_copy_header_value(const char *header) /* get length of the type */ len = end - start + 1; - value = malloc(len + 1); - if(!value) - return NULL; - - memcpy(value, start, len); - value[len] = 0; /* null-terminate */ - - return value; + return Curl_memdup0(start, len); } #ifndef CURL_DISABLE_HTTP_AUTH @@ -836,6 +756,7 @@ output_auth_headers(struct Curl_easy *data, (data->state.aptr.user ? data->state.aptr.user : "")); #else + (void)proxy; infof(data, "Server auth using %s with user '%s'", auth, data->state.aptr.user ? data->state.aptr.user : ""); @@ -845,7 +766,7 @@ output_auth_headers(struct Curl_easy *data, else authstatus->multipass = FALSE; - return CURLE_OK; + return result; } /** @@ -970,17 +891,21 @@ Curl_http_output_auth(struct Curl_easy *data, } #endif -/* - * Curl_http_input_auth() deals with Proxy-Authenticate: and WWW-Authenticate: - * headers. They are dealt with both in the transfer.c main loop and in the - * proxy CONNECT loop. - */ - +#if defined(USE_SPNEGO) || defined(USE_NTLM) || \ + !defined(CURL_DISABLE_DIGEST_AUTH) || \ + !defined(CURL_DISABLE_BASIC_AUTH) || \ + !defined(CURL_DISABLE_BEARER_AUTH) static int is_valid_auth_separator(char ch) { return ch == '\0' || ch == ',' || ISSPACE(ch); } +#endif +/* + * Curl_http_input_auth() deals with Proxy-Authenticate: and WWW-Authenticate: + * headers. They are dealt with both in the transfer.c main loop and in the + * proxy CONNECT loop. + */ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, const char *auth) /* the first non-space */ { @@ -992,11 +917,15 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, curlnegotiate *negstate = proxy ? &conn->proxy_negotiate_state : &conn->http_negotiate_state; #endif +#if defined(USE_SPNEGO) || \ + defined(USE_NTLM) || \ + !defined(CURL_DISABLE_DIGEST_AUTH) || \ + !defined(CURL_DISABLE_BASIC_AUTH) || \ + !defined(CURL_DISABLE_BEARER_AUTH) + unsigned long *availp; struct auth *authp; - (void) conn; /* In case conditionals make it unused. */ - if(proxy) { availp = &data->info.proxyauthavail; authp = &data->state.authproxy; @@ -1005,6 +934,11 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, availp = &data->info.httpauthavail; authp = &data->state.authhost; } +#else + (void) proxy; +#endif + + (void) conn; /* In case conditionals make it unused. */ /* * Here we check if we want the specific single authentication (using ==) and @@ -1140,7 +1074,14 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, } } #else - ; + { + /* + * Empty block to terminate the if-else chain correctly. + * + * A semicolon would yield the same result here, but can cause a + * compiler warning when -Wextra is enabled. + */ + } #endif /* there may be multiple methods on one line, so keep reading */ @@ -1403,7 +1344,7 @@ CURLcode Curl_buffer_send(struct dynbuf *in, * and install our own `data->state.fread_func` that * on subsequent calls reads `in` empty. * - when the whisked away `in` is empty, the `fread_func` - * is restored ot its original state. + * is restored to its original state. * The problem is that `fread_func` can only return * `upload_buffer_size` lengths. If the send we do here * is larger and blocks, we do re-sending with smaller @@ -1576,9 +1517,9 @@ CURLcode Curl_http_connect(struct Curl_easy *data, bool *done) /* this returns the socket to wait for in the DO and DOING state for the multi interface and then we're always _sending_ a request and thus we wait for the single socket to become writable only */ -static int http_getsock_do(struct Curl_easy *data, - struct connectdata *conn, - curl_socket_t *socks) +int Curl_http_getsock_do(struct Curl_easy *data, + struct connectdata *conn, + curl_socket_t *socks) { /* write mode */ (void)conn; @@ -1678,8 +1619,6 @@ static CURLcode expect100(struct Curl_easy *data, struct dynbuf *req) { CURLcode result = CURLE_OK; - data->state.expect100header = FALSE; /* default to false unless it is set - to TRUE below */ if(!data->state.disableexpect && Curl_use_http_1_1plus(data, conn) && (conn->httpversion < 20)) { /* if not doing HTTP 1.0 or version 2, or disabled explicitly, we add an @@ -2084,6 +2023,7 @@ CURLcode Curl_add_timecondition(struct Curl_easy *data, switch(data->set.timecondition) { default: + DEBUGF(infof(data, "invalid time condition")); return CURLE_BAD_FUNCTION_ARGUMENT; case CURL_TIMECOND_IFMODSINCE: @@ -2252,7 +2192,7 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn) } #endif - if(strcmp("Host:", ptr)) { + if(!strcasecompare("Host:", ptr)) { aptr->host = aprintf("Host:%s\r\n", &ptr[5]); if(!aptr->host) return CURLE_OUT_OF_MEMORY; @@ -2340,9 +2280,7 @@ CURLcode Curl_http_target(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; } } - /* Extract the URL to use in the request. Store in STRING_TEMP_URL for - clean-up reasons if the function returns before the free() further - down. */ + /* Extract the URL to use in the request. */ uc = curl_url_get(h, CURLUPART_URL, &url, CURLU_NO_DEFAULT_PORT); if(uc) { curl_url_cleanup(h); @@ -2414,14 +2352,16 @@ CURLcode Curl_http_body(struct Curl_easy *data, struct connectdata *conn, /* Convert the form structure into a mime structure, then keep the conversion */ if(!data->state.formp) { - data->state.formp = calloc(sizeof(curl_mimepart), 1); + data->state.formp = calloc(1, sizeof(curl_mimepart)); if(!data->state.formp) return CURLE_OUT_OF_MEMORY; Curl_mime_cleanpart(data->state.formp); result = Curl_getformdata(data, data->state.formp, data->set.httppost, data->state.fread_func); - if(result) + if(result) { + Curl_safefree(data->state.formp); return result; + } data->state.mimepost = data->state.formp; } break; @@ -2494,6 +2434,29 @@ CURLcode Curl_http_body(struct Curl_easy *data, struct connectdata *conn, return result; } +static CURLcode addexpect(struct Curl_easy *data, struct connectdata *conn, + struct dynbuf *r) +{ + data->state.expect100header = FALSE; + /* Avoid Expect: 100-continue if Upgrade: is used */ + if(data->req.upgr101 == UPGR101_INIT) { + struct HTTP *http = data->req.p.http; + /* For really small puts we don't use Expect: headers at all, and for + the somewhat bigger ones we allow the app to disable it. Just make + sure that the expect100header is always set to the preferred value + here. */ + char *ptr = Curl_checkheaders(data, STRCONST("Expect")); + if(ptr) { + data->state.expect100header = + Curl_compareheader(ptr, STRCONST("Expect:"), + STRCONST("100-continue")); + } + else if(http->postsize > EXPECT_100_THRESHOLD || http->postsize < 0) + return expect100(data, conn, r); + } + return CURLE_OK; +} + CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, struct dynbuf *r, Curl_HttpReq httpreq) { @@ -2506,14 +2469,8 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, #endif CURLcode result = CURLE_OK; struct HTTP *http = data->req.p.http; - const char *ptr; - - /* If 'authdone' is FALSE, we must not set the write socket index to the - Curl_transfer() call below, as we're not ready to actually upload any - data yet. */ switch(httpreq) { - case HTTPREQ_PUT: /* Let's PUT the data to the server! */ if(conn->bits.authneg) @@ -2531,20 +2488,9 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, return result; } - /* For really small puts we don't use Expect: headers at all, and for - the somewhat bigger ones we allow the app to disable it. Just make - sure that the expect100header is always set to the preferred value - here. */ - ptr = Curl_checkheaders(data, STRCONST("Expect")); - if(ptr) { - data->state.expect100header = - Curl_compareheader(ptr, STRCONST("Expect:"), STRCONST("100-continue")); - } - else if(http->postsize > EXPECT_100_THRESHOLD || http->postsize < 0) { - result = expect100(data, conn, r); - if(result) - return result; - } + result = addexpect(data, conn, r); + if(result) + return result; /* end of headers */ result = Curl_dyn_addn(r, STRCONST("\r\n")); @@ -2617,22 +2563,9 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, } #endif - /* For really small posts we don't use Expect: headers at all, and for - the somewhat bigger ones we allow the app to disable it. Just make - sure that the expect100header is always set to the preferred value - here. */ - ptr = Curl_checkheaders(data, STRCONST("Expect")); - if(ptr) { - data->state.expect100header = - Curl_compareheader(ptr, STRCONST("Expect:"), STRCONST("100-continue")); - } - else if(http->postsize > EXPECT_100_THRESHOLD || http->postsize < 0) { - result = expect100(data, conn, r); - if(result) - return result; - } - else - data->state.expect100header = FALSE; + result = addexpect(data, conn, r); + if(result) + return result; /* make the request end in a true CRLF */ result = Curl_dyn_addn(r, STRCONST("\r\n")); @@ -2692,22 +2625,9 @@ CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, return result; } - /* For really small posts we don't use Expect: headers at all, and for - the somewhat bigger ones we allow the app to disable it. Just make - sure that the expect100header is always set to the preferred value - here. */ - ptr = Curl_checkheaders(data, STRCONST("Expect")); - if(ptr) { - data->state.expect100header = - Curl_compareheader(ptr, STRCONST("Expect:"), STRCONST("100-continue")); - } - else if(http->postsize > EXPECT_100_THRESHOLD || http->postsize < 0) { - result = expect100(data, conn, r); - if(result) - return result; - } - else - data->state.expect100header = FALSE; + result = addexpect(data, conn, r); + if(result) + return result; #ifndef USE_HYPER /* With Hyper the body is always passed on separately */ @@ -3020,13 +2940,14 @@ CURLcode Curl_http_resume(struct Curl_easy *data, } /* when seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */ do { + char scratch[4*1024]; size_t readthisamountnow = - (data->state.resume_from - passed > data->set.buffer_size) ? - (size_t)data->set.buffer_size : + (data->state.resume_from - passed > (curl_off_t)sizeof(scratch)) ? + sizeof(scratch) : curlx_sotouz(data->state.resume_from - passed); size_t actuallyread = - data->state.fread_func(data->state.buffer, 1, readthisamountnow, + data->state.fread_func(scratch, 1, readthisamountnow, data->state.in); passed += actuallyread; @@ -3061,6 +2982,7 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data, { struct SingleRequest *k = &data->req; + *done = FALSE; if(data->req.newurl) { if(conn->bits.close) { /* Abort after the headers if "follow Location" is set @@ -3186,14 +3108,14 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) ) { result = Curl_http2_switch(data, conn, FIRSTSOCKET); if(result) - return result; + goto fail; } else #endif DEBUGASSERT(Curl_conn_is_http2(data, conn, FIRSTSOCKET)); break; case CURL_HTTP_VERSION_1_1: - /* continue with HTTP/1.1 when explicitly requested */ + /* continue with HTTP/1.x when explicitly requested */ break; default: /* Check if user wants to use HTTP/2 with clear TCP */ @@ -3201,7 +3123,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) DEBUGF(infof(data, "HTTP/2 over clean TCP")); result = Curl_http2_switch(data, conn, FIRSTSOCKET); if(result) - return result; + goto fail; } break; } @@ -3211,11 +3133,11 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) result = Curl_http_host(data, conn); if(result) - return result; + goto fail; result = Curl_http_useragent(data); if(result) - return result; + goto fail; Curl_http_method(data, conn, &request, &httpreq); @@ -3231,7 +3153,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) (pq ? pq : data->state.up.path), FALSE); free(pq); if(result) - return result; + goto fail; } Curl_safefree(data->state.aptr.ref); @@ -3256,23 +3178,23 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) /* we only consider transfer-encoding magic if libz support is built-in */ result = Curl_transferencode(data); if(result) - return result; + goto fail; #endif result = Curl_http_body(data, conn, httpreq, &te); if(result) - return result; + goto fail; p_accept = Curl_checkheaders(data, STRCONST("Accept"))?NULL:"Accept: */*\r\n"; result = Curl_http_resume(data, conn, httpreq); if(result) - return result; + goto fail; result = Curl_http_range(data, httpreq); if(result) - return result; + goto fail; httpstring = get_http_string(data, conn); @@ -3290,7 +3212,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) result = Curl_http_target(data, conn, &req); if(result) { Curl_dyn_free(&req); - return result; + goto fail; } #ifndef CURL_DISABLE_ALTSVC @@ -3361,7 +3283,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) if(result) { Curl_dyn_free(&req); - return result; + goto fail; } if(!(conn->handler->flags&PROTOPT_SSL) && @@ -3397,7 +3319,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) } if(result) { Curl_dyn_free(&req); - return result; + goto fail; } if((http->postsize > -1) && @@ -3433,6 +3355,9 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) but is disabled here again to avoid that the chunked encoded version is actually used when sending the request body over h2 */ data->req.upload_chunky = FALSE; +fail: + if(CURLE_TOO_LARGE == result) + failf(data, "HTTP request too large"); return result; } @@ -3685,7 +3610,7 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, k->content_range = TRUE; } } - else + else if(k->httpcode < 300) data->state.resume_from = 0; /* get everything */ } #if !defined(CURL_DISABLE_COOKIES) @@ -3895,7 +3820,7 @@ CURLcode Curl_http_statusline(struct Curl_easy *data, * fields. */ if(data->set.timecondition) data->info.timecond = TRUE; - /* FALLTHROUGH */ + FALLTHROUGH(); case 204: /* (quote from RFC2616, section 10.2.5): The server has * fulfilled the request but does not need to return an @@ -3994,37 +3919,33 @@ CURLcode Curl_bump_headersize(struct Curl_easy *data, /* * Read any HTTP header lines from the server and pass them to the client app. */ -CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, - struct connectdata *conn, - ssize_t *nread, - bool *stop_reading) +static CURLcode http_rw_headers(struct Curl_easy *data, + const char *buf, size_t blen, + size_t *pconsumed) { - CURLcode result; + struct connectdata *conn = data->conn; + CURLcode result = CURLE_OK; struct SingleRequest *k = &data->req; - ssize_t onread = *nread; - char *ostr = k->str; char *headp; - char *str_start; char *end_ptr; + bool leftover_body = FALSE; /* header line within buffer loop */ + *pconsumed = 0; do { - size_t rest_length; - size_t full_length; + size_t line_length; int writetype; - /* str_start is start of line within buf */ - str_start = k->str; - /* data is in network encoding so use 0x0a instead of '\n' */ - end_ptr = memchr(str_start, 0x0a, *nread); + end_ptr = memchr(buf, 0x0a, blen); if(!end_ptr) { /* Not a complete header line within buffer, append the data to the end of the headerbuff. */ - result = Curl_dyn_addn(&data->state.headerb, str_start, *nread); + result = Curl_dyn_addn(&data->state.headerb, buf, blen); if(result) return result; + *pconsumed += blen; if(!k->headerline) { /* check if this looks like a protocol header */ @@ -4036,31 +3957,28 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, if(st == STATUS_BAD) { /* this is not the beginning of a protocol first header line */ k->header = FALSE; - k->badheader = HEADER_ALLBAD; streamclose(conn, "bad HTTP: No end-of-message indicator"); if(!data->set.http09_allowed) { failf(data, "Received HTTP/0.9 when not allowed"); return CURLE_UNSUPPORTED_PROTOCOL; } - break; + leftover_body = TRUE; + goto out; } } - - break; /* read more and try again */ + goto out; /* read more and try again */ } /* decrease the size of the remaining (supposed) header line */ - rest_length = (end_ptr - k->str) + 1; - *nread -= (ssize_t)rest_length; - - k->str = end_ptr + 1; /* move past new line */ - - full_length = k->str - str_start; - - result = Curl_dyn_addn(&data->state.headerb, str_start, full_length); + line_length = (end_ptr - buf) + 1; + result = Curl_dyn_addn(&data->state.headerb, buf, line_length); if(result) return result; + blen -= line_length; + buf += line_length; + *pconsumed += line_length; + /**** * We now have a FULL header line in 'headerb'. *****/ @@ -4078,17 +3996,8 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, return CURLE_UNSUPPORTED_PROTOCOL; } k->header = FALSE; - if(*nread) - /* since there's more, this is a partial bad header */ - k->badheader = HEADER_PARTHEADER; - else { - /* this was all we read so it's all a bad header */ - k->badheader = HEADER_ALLBAD; - *nread = onread; - k->str = ostr; - return CURLE_OK; - } - break; + leftover_body = TRUE; + goto out; } } @@ -4097,6 +4006,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, headp = Curl_dyn_ptr(&data->state.headerb); if((0x0a == *headp) || (0x0d == *headp)) { size_t headerlen; + bool switch_to_h2 = FALSE; /* Zero-length header line means end of headers! */ if('\r' == *headp) @@ -4126,41 +4036,40 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, } break; case 101: - /* Switching Protocols */ - if(k->upgr101 == UPGR101_H2) { - /* Switching to HTTP/2 */ - DEBUGASSERT(conn->httpversion < 20); - infof(data, "Received 101, Switching to HTTP/2"); - k->upgr101 = UPGR101_RECEIVED; - - /* we'll get more headers (HTTP/2 response) */ - k->header = TRUE; - k->headerline = 0; /* restart the header line counter */ - - /* switch to http2 now. The bytes after response headers - are also processed here, otherwise they are lost. */ - result = Curl_http2_upgrade(data, conn, FIRSTSOCKET, - k->str, *nread); - if(result) - return result; - *nread = 0; - } + if(conn->httpversion == 11) { + /* Switching Protocols only allowed from HTTP/1.1 */ + if(k->upgr101 == UPGR101_H2) { + /* Switching to HTTP/2 */ + infof(data, "Received 101, Switching to HTTP/2"); + k->upgr101 = UPGR101_RECEIVED; + + /* we'll get more headers (HTTP/2 response) */ + k->header = TRUE; + k->headerline = 0; /* restart the header line counter */ + switch_to_h2 = TRUE; + } #ifdef USE_WEBSOCKETS - else if(k->upgr101 == UPGR101_WS) { - /* verify the response */ - result = Curl_ws_accept(data, k->str, *nread); - if(result) - return result; - k->header = FALSE; /* no more header to parse! */ - if(data->set.connect_only) { - k->keepon &= ~KEEP_RECV; /* read no more content */ - *nread = 0; + else if(k->upgr101 == UPGR101_WS) { + /* verify the response */ + result = Curl_ws_accept(data, buf, blen); + if(result) + return result; + k->header = FALSE; /* no more header to parse! */ + *pconsumed += blen; /* ws accept handled the data */ + blen = 0; + if(data->set.connect_only) + k->keepon &= ~KEEP_RECV; /* read no more content */ } - } #endif + else { + /* Not switching to another protocol */ + k->header = FALSE; /* no more header to parse! */ + } + } else { - /* Not switching to another protocol */ - k->header = FALSE; /* no more header to parse! */ + /* invalid for other HTTP versions */ + failf(data, "unexpected 101 response code"); + return CURLE_WEIRD_SERVER_REPLY; } break; default: @@ -4366,17 +4275,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, * out and return home. */ if(data->req.no_body) - *stop_reading = TRUE; -#ifndef CURL_DISABLE_RTSP - else if((conn->handler->protocol & CURLPROTO_RTSP) && - (data->set.rtspreq == RTSPREQ_DESCRIBE) && - (k->size <= -1)) - /* Respect section 4.4 of rfc2326: If the Content-Length header is - absent, a length 0 must be assumed. It will prevent libcurl from - hanging on DESCRIBE request that got refused for whatever - reason */ - *stop_reading = TRUE; -#endif + k->download_done = TRUE; /* If max download size is *zero* (nothing) we already have nothing and can safely return ok now! But for HTTP/2, we'd @@ -4386,19 +4285,27 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, if(0 == k->maxdownload && !Curl_conn_is_http2(data, conn, FIRSTSOCKET) && !Curl_conn_is_http3(data, conn, FIRSTSOCKET)) - *stop_reading = TRUE; + k->download_done = TRUE; - if(*stop_reading) { - /* we make sure that this socket isn't read more now */ - k->keepon &= ~KEEP_RECV; - } - - Curl_debug(data, CURLINFO_HEADER_IN, str_start, headerlen); - break; /* exit header line loop */ + Curl_debug(data, CURLINFO_HEADER_IN, + Curl_dyn_ptr(&data->state.headerb), + Curl_dyn_len(&data->state.headerb)); + goto out; /* exit header line loop */ } /* We continue reading headers, reset the line-based header */ Curl_dyn_reset(&data->state.headerb); + if(switch_to_h2) { + /* Having handled the headers, we can do the HTTP/2 switch. + * Any remaining `buf` bytes are already HTTP/2 and passed to + * be processed. */ + result = Curl_http2_upgrade(data, conn, FIRSTSOCKET, buf, blen); + if(result) + return result; + *pconsumed += blen; + blen = 0; + } + continue; } @@ -4583,15 +4490,84 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, Curl_dyn_reset(&data->state.headerb); } - while(*k->str); /* header line within buffer */ + while(blen); /* We might have reached the end of the header part here, but there might be a non-header part left in the end of the read buffer. */ - +out: + if(!k->header && !leftover_body) { + Curl_dyn_free(&data->state.headerb); + } return CURLE_OK; } +/* + * HTTP protocol `write_resp` implementation. Will parse headers + * when not done yet and otherwise return without consuming data. + */ +CURLcode Curl_http_write_resp_hds(struct Curl_easy *data, + const char *buf, size_t blen, + size_t *pconsumed, + bool *done) +{ + *done = FALSE; + if(!data->req.header) { + *pconsumed = 0; + return CURLE_OK; + } + else { + CURLcode result; + + result = http_rw_headers(data, buf, blen, pconsumed); + if(!result && !data->req.header) { + /* we have successfully finished parsing the HEADERs */ + result = Curl_http_firstwrite(data, data->conn, done); + + if(!data->req.no_body && Curl_dyn_len(&data->state.headerb)) { + /* leftover from parsing something that turned out not + * to be a header, only happens if we allow for + * HTTP/0.9 like responses */ + result = Curl_client_write(data, CLIENTWRITE_BODY, + Curl_dyn_ptr(&data->state.headerb), + Curl_dyn_len(&data->state.headerb)); + } + Curl_dyn_free(&data->state.headerb); + } + return result; + } +} + +CURLcode Curl_http_write_resp(struct Curl_easy *data, + const char *buf, size_t blen, + bool is_eos, + bool *done) +{ + CURLcode result; + size_t consumed; + int flags; + + *done = FALSE; + result = Curl_http_write_resp_hds(data, buf, blen, &consumed, done); + if(result || *done) + goto out; + + DEBUGASSERT(consumed <= blen); + blen -= consumed; + buf += consumed; + /* either all was consumed in header parsing, or we have data left + * and are done with heders, e.g. it is BODY data */ + DEBUGASSERT(!blen || !data->req.header); + if(!data->req.header && (blen || is_eos)) { + /* BODY data after header been parsed, write and consume */ + flags = CLIENTWRITE_BODY; + if(is_eos) + flags |= CLIENTWRITE_EOS; + result = Curl_client_write(data, flags, (char *)buf, blen); + } +out: + return result; +} /* Decode HTTP status code string. */ CURLcode Curl_http_decode_status(int *pstatus, const char *s, size_t len) @@ -4618,17 +4594,6 @@ out: return result; } -/* simple implementation of strndup(), which isn't portable */ -static char *my_strndup(const char *ptr, size_t len) -{ - char *copy = malloc(len + 1); - if(!copy) - return NULL; - memcpy(copy, ptr, len); - copy[len] = '\0'; - return copy; -} - CURLcode Curl_http_req_make(struct httpreq **preq, const char *method, size_t m_len, const char *scheme, size_t s_len, @@ -4639,7 +4604,7 @@ CURLcode Curl_http_req_make(struct httpreq **preq, CURLcode result = CURLE_OUT_OF_MEMORY; DEBUGASSERT(method); - if(m_len + 1 >= sizeof(req->method)) + if(m_len + 1 > sizeof(req->method)) return CURLE_BAD_FUNCTION_ARGUMENT; req = calloc(1, sizeof(*req)); @@ -4647,17 +4612,17 @@ CURLcode Curl_http_req_make(struct httpreq **preq, goto out; memcpy(req->method, method, m_len); if(scheme) { - req->scheme = my_strndup(scheme, s_len); + req->scheme = Curl_memdup0(scheme, s_len); if(!req->scheme) goto out; } if(authority) { - req->authority = my_strndup(authority, a_len); + req->authority = Curl_memdup0(authority, a_len); if(!req->authority) goto out; } if(path) { - req->path = my_strndup(path, p_len); + req->path = Curl_memdup0(path, p_len); if(!req->path) goto out; } @@ -4795,7 +4760,7 @@ CURLcode Curl_http_req_make2(struct httpreq **preq, CURLUcode uc; DEBUGASSERT(method); - if(m_len + 1 >= sizeof(req->method)) + if(m_len + 1 > sizeof(req->method)) return CURLE_BAD_FUNCTION_ARGUMENT; req = calloc(1, sizeof(*req)); diff --git a/lib/http.h b/lib/http.h index 9ee3c6537..ad2697c9e 100644 --- a/lib/http.h +++ b/lib/http.h @@ -54,14 +54,6 @@ extern const struct Curl_handler Curl_handler_http; extern const struct Curl_handler Curl_handler_https; #endif -#ifdef USE_WEBSOCKETS -extern const struct Curl_handler Curl_handler_ws; - -#ifdef USE_SSL -extern const struct Curl_handler Curl_handler_wss; -#endif -#endif /* websockets */ - struct dynhds; CURLcode Curl_bump_headersize(struct Curl_easy *data, @@ -147,9 +139,17 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data, bool *done); /* protocol-specific functions set up to be called by the main engine */ +CURLcode Curl_http_setup_conn(struct Curl_easy *data, + struct connectdata *conn); CURLcode Curl_http(struct Curl_easy *data, bool *done); CURLcode Curl_http_done(struct Curl_easy *data, CURLcode, bool premature); CURLcode Curl_http_connect(struct Curl_easy *data, bool *done); +int Curl_http_getsock_do(struct Curl_easy *data, struct connectdata *conn, + curl_socket_t *socks); +CURLcode Curl_http_write_resp(struct Curl_easy *data, + const char *buf, size_t blen, + bool is_eos, + bool *done); /* These functions are in http.c */ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, @@ -225,10 +225,10 @@ struct HTTP { CURLcode Curl_http_size(struct Curl_easy *data); -CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, - struct connectdata *conn, - ssize_t *nread, - bool *stop_reading); +CURLcode Curl_http_write_resp_hds(struct Curl_easy *data, + const char *buf, size_t blen, + size_t *pconsumed, + bool *done); /** * Curl_http_output_auth() setups the authentication headers for the @@ -263,7 +263,7 @@ CURLcode Curl_http_decode_status(int *pstatus, const char *s, size_t len); * All about a core HTTP request, excluding body and trailers */ struct httpreq { - char method[12]; + char method[24]; char *scheme; char *authority; char *path; diff --git a/lib/http2.c b/lib/http2.c index 15e3d10da..c3157d1ef 100644 --- a/lib/http2.c +++ b/lib/http2.c @@ -107,14 +107,14 @@ static int populate_settings(nghttp2_settings_entry *iv, return 3; } -static size_t populate_binsettings(uint8_t *binsettings, - struct Curl_easy *data) +static ssize_t populate_binsettings(uint8_t *binsettings, + struct Curl_easy *data) { nghttp2_settings_entry iv[H2_SETTINGS_IV_LEN]; int ivlen; ivlen = populate_settings(iv, data); - /* this returns number of bytes it wrote */ + /* this returns number of bytes it wrote or a negative number on error. */ return nghttp2_pack_settings_payload(binsettings, H2_BINSETTINGS_LEN, iv, ivlen); } @@ -219,10 +219,10 @@ static void drain_stream(struct Curl_cfilter *cf, if(!stream->send_closed && (stream->upload_left || stream->upload_blocked_len)) bits |= CURL_CSELECT_OUT; - if(data->state.dselect_bits != bits) { - CURL_TRC_CF(data, cf, "[%d] DRAIN dselect_bits=%x", + if(data->state.select_bits != bits) { + CURL_TRC_CF(data, cf, "[%d] DRAIN select_bits=%x", stream->id, bits); - data->state.dselect_bits = bits; + data->state.select_bits = bits; Curl_expire(data, 0, EXPIRE_RUN_NOW); } } @@ -368,12 +368,15 @@ static ssize_t nw_out_writer(void *writer_ctx, { struct Curl_cfilter *cf = writer_ctx; struct Curl_easy *data = CF_DATA_CURRENT(cf); - ssize_t nwritten; - nwritten = Curl_conn_cf_send(cf->next, data, (const char *)buf, buflen, err); - if(nwritten > 0) - CURL_TRC_CF(data, cf, "[0] egress: wrote %zd bytes", nwritten); - return nwritten; + if(data) { + ssize_t nwritten = Curl_conn_cf_send(cf->next, data, + (const char *)buf, buflen, err); + if(nwritten > 0) + CURL_TRC_CF(data, cf, "[0] egress: wrote %zd bytes", nwritten); + return nwritten; + } + return 0; } static ssize_t send_callback(nghttp2_session *h2, @@ -451,9 +454,14 @@ static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf, * in the H1 request and we upgrade from there. This stream * is opened implicitly as #1. */ uint8_t binsettings[H2_BINSETTINGS_LEN]; - size_t binlen; /* length of the binsettings data */ + ssize_t binlen; /* length of the binsettings data */ binlen = populate_binsettings(binsettings, data); + if(binlen <= 0) { + failf(data, "nghttp2 unexpectedly failed on pack_settings_payload"); + result = CURLE_FAILED_INIT; + goto out; + } result = http2_data_setup(cf, data, &stream); if(result) @@ -1075,16 +1083,11 @@ static CURLcode on_stream_frame(struct Curl_cfilter *cf, stream->reset = TRUE; } stream->send_closed = TRUE; - data->req.keepon &= ~KEEP_SEND_HOLD; drain_stream(cf, data, stream); break; case NGHTTP2_WINDOW_UPDATE: - if((data->req.keepon & KEEP_SEND_HOLD) && - (data->req.keepon & KEEP_SEND)) { - data->req.keepon &= ~KEEP_SEND_HOLD; + if(CURL_WANT_SEND(data)) { drain_stream(cf, data, stream); - CURL_TRC_CF(data, cf, "[%d] un-holding after win update", - stream_id); } break; default: @@ -1229,15 +1232,10 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame, * window and *assume* that we treat this like a WINDOW_UPDATE. Some * servers send an explicit WINDOW_UPDATE, but not all seem to do that. * To be safe, we UNHOLD a stream in order not to stall. */ - if((data->req.keepon & KEEP_SEND_HOLD) && - (data->req.keepon & KEEP_SEND)) { + if(CURL_WANT_SEND(data)) { struct stream_ctx *stream = H2_STREAM_CTX(data); - data->req.keepon &= ~KEEP_SEND_HOLD; - if(stream) { + if(stream) drain_stream(cf, data, stream); - CURL_TRC_CF(data, cf, "[%d] un-holding after SETTINGS", - stream_id); - } } } break; @@ -1354,7 +1352,6 @@ static int on_stream_close(nghttp2_session *session, int32_t stream_id, stream->reset = TRUE; stream->send_closed = TRUE; } - data_s->req.keepon &= ~KEEP_SEND_HOLD; if(stream->error) CURL_TRC_CF(data_s, cf, "[%d] RESET: %s (err %d)", @@ -1618,10 +1615,10 @@ static int error_callback(nghttp2_session *session, size_t len, void *userp) { + struct Curl_cfilter *cf = userp; + struct Curl_easy *data = CF_DATA_CURRENT(cf); (void)session; - (void)msg; - (void)len; - (void)userp; + failf(data, "%.*s", (int)len, msg); return 0; } #endif @@ -1637,7 +1634,7 @@ CURLcode Curl_http2_request_upgrade(struct dynbuf *req, size_t blen; struct SingleRequest *k = &data->req; uint8_t binsettings[H2_BINSETTINGS_LEN]; - size_t binlen; /* length of the binsettings data */ + ssize_t binlen; /* length of the binsettings data */ binlen = populate_binsettings(binsettings, data); if(binlen <= 0) { @@ -2068,23 +2065,13 @@ static ssize_t h2_submit(struct stream_ctx **pstream, /* no longer needed */ Curl_h1_req_parse_free(&stream->h1); - nheader = Curl_dynhds_count(&h2_headers); - nva = malloc(sizeof(nghttp2_nv) * nheader); + nva = Curl_dynhds_to_nva(&h2_headers, &nheader); if(!nva) { *err = CURLE_OUT_OF_MEMORY; nwritten = -1; goto out; } - for(i = 0; i < nheader; ++i) { - struct dynhds_entry *e = Curl_dynhds_getn(&h2_headers, i); - nva[i].name = (unsigned char *)e->name; - nva[i].namelen = e->namelen; - nva[i].value = (unsigned char *)e->value; - nva[i].valuelen = e->valuelen; - nva[i].flags = NGHTTP2_NV_FLAG_NONE; - } - h2_pri_spec(data, &pri_spec); if(!nghttp2_session_check_request_allowed(ctx->h2)) CURL_TRC_CF(data, cf, "send request NOT allowed (via nghttp2)"); @@ -2288,14 +2275,6 @@ static ssize_t cf_h2_send(struct Curl_cfilter *cf, struct Curl_easy *data, * frame buffer or our network out buffer. */ size_t rwin = nghttp2_session_get_stream_remote_window_size(ctx->h2, stream->id); - if(rwin == 0) { - /* H2 flow window exhaustion. We need to HOLD upload until we get - * a WINDOW_UPDATE from the server. */ - data->req.keepon |= KEEP_SEND_HOLD; - CURL_TRC_CF(data, cf, "[%d] holding send as remote flow " - "window is exhausted", stream->id); - } - /* Whatever the cause, we need to return CURL_EAGAIN for this call. * We have unwritten state that needs us being invoked again and EAGAIN * is the only way to ensure that. */ @@ -2347,37 +2326,37 @@ out: return nwritten; } -static int cf_h2_get_select_socks(struct Curl_cfilter *cf, - struct Curl_easy *data, - curl_socket_t *sock) +static void cf_h2_adjust_pollset(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct easy_pollset *ps) { struct cf_h2_ctx *ctx = cf->ctx; - struct SingleRequest *k = &data->req; - struct stream_ctx *stream = H2_STREAM_CTX(data); - int bitmap = GETSOCK_BLANK; - struct cf_call_data save; + curl_socket_t sock; + bool want_recv, want_send; - CF_DATA_SAVE(save, cf, data); - sock[0] = Curl_conn_cf_get_socket(cf, data); - - if(!(k->keepon & (KEEP_RECV_PAUSE|KEEP_RECV_HOLD))) - /* Unless paused - in an HTTP/2 connection we can basically always get a - frame so we should always be ready for one */ - bitmap |= GETSOCK_READSOCK(0); - - /* we're (still uploading OR the HTTP/2 layer wants to send data) AND - there's a window to send data in */ - if((((k->keepon & KEEP_SENDBITS) == KEEP_SEND) || - nghttp2_session_want_write(ctx->h2)) && - (nghttp2_session_get_remote_window_size(ctx->h2) && - nghttp2_session_get_stream_remote_window_size(ctx->h2, - stream->id))) - bitmap |= GETSOCK_WRITESOCK(0); + if(!ctx->h2) + return; - CF_DATA_RESTORE(cf, save); - return bitmap; -} + sock = Curl_conn_cf_get_socket(cf, data); + Curl_pollset_check(data, ps, sock, &want_recv, &want_send); + if(want_recv || want_send) { + struct stream_ctx *stream = H2_STREAM_CTX(data); + struct cf_call_data save; + bool c_exhaust, s_exhaust; + CF_DATA_SAVE(save, cf, data); + c_exhaust = want_send && !nghttp2_session_get_remote_window_size(ctx->h2); + s_exhaust = want_send && stream && stream->id >= 0 && + !nghttp2_session_get_stream_remote_window_size(ctx->h2, + stream->id); + want_recv = (want_recv || c_exhaust || s_exhaust); + want_send = (!s_exhaust && want_send) || + (!c_exhaust && nghttp2_session_want_write(ctx->h2)); + + Curl_pollset_set(data, ps, sock, want_recv, want_send); + CF_DATA_RESTORE(cf, save); + } +} static CURLcode cf_h2_connect(struct Curl_cfilter *cf, struct Curl_easy *data, @@ -2527,14 +2506,15 @@ static CURLcode cf_h2_cntrl(struct Curl_cfilter *cf, case CF_CTRL_DATA_PAUSE: result = http2_data_pause(cf, data, (arg1 != 0)); break; - case CF_CTRL_DATA_DONE_SEND: { + case CF_CTRL_DATA_DONE_SEND: result = http2_data_done_send(cf, data); break; - } - case CF_CTRL_DATA_DONE: { + case CF_CTRL_DATA_DETACH: + http2_data_done(cf, data, TRUE); + break; + case CF_CTRL_DATA_DONE: http2_data_done(cf, data, arg1 != 0); break; - } default: break; } @@ -2622,7 +2602,7 @@ struct Curl_cftype Curl_cft_nghttp2 = { cf_h2_connect, cf_h2_close, Curl_cf_def_get_host, - cf_h2_get_select_socks, + cf_h2_adjust_pollset, cf_h2_data_pending, cf_h2_send, cf_h2_recv, @@ -2642,7 +2622,7 @@ static CURLcode http2_cfilter_add(struct Curl_cfilter **pcf, CURLcode result = CURLE_OUT_OF_MEMORY; DEBUGASSERT(data->conn); - ctx = calloc(sizeof(*ctx), 1); + ctx = calloc(1, sizeof(*ctx)); if(!ctx) goto out; @@ -2668,7 +2648,7 @@ static CURLcode http2_cfilter_insert_after(struct Curl_cfilter *cf, CURLcode result = CURLE_OUT_OF_MEMORY; (void)data; - ctx = calloc(sizeof(*ctx), 1); + ctx = calloc(1, sizeof(*ctx)); if(!ctx) goto out; diff --git a/lib/http_aws_sigv4.c b/lib/http_aws_sigv4.c index 901c22fbb..c9382918e 100644 --- a/lib/http_aws_sigv4.c +++ b/lib/http_aws_sigv4.c @@ -247,7 +247,7 @@ static CURLcode make_headers(struct Curl_easy *data, } else { char *value; - + char *endp; value = strchr(*date_header, ':'); if(!value) { *date_header = NULL; @@ -256,8 +256,17 @@ static CURLcode make_headers(struct Curl_easy *data, ++value; while(ISBLANK(*value)) ++value; - strncpy(timestamp, value, TIMESTAMP_SIZE - 1); - timestamp[TIMESTAMP_SIZE - 1] = 0; + endp = value; + while(*endp && ISALNUM(*endp)) + ++endp; + /* 16 bytes => "19700101T000000Z" */ + if((endp - value) == TIMESTAMP_SIZE - 1) { + memcpy(timestamp, value, TIMESTAMP_SIZE - 1); + timestamp[TIMESTAMP_SIZE - 1] = 0; + } + else + /* bad timestamp length */ + timestamp[0] = 0; *date_header = NULL; } @@ -456,6 +465,7 @@ static CURLcode canon_query(struct Curl_easy *data, for(i = 0; !result && (i < entry); i++, ap++) { size_t len; const char *q = ap->p; + bool found_equals = false; if(!ap->len) continue; for(len = ap->len; len && !result; q++, len--) { @@ -467,9 +477,13 @@ static CURLcode canon_query(struct Curl_easy *data, case '.': case '_': case '~': + /* allowed as-is */ + result = Curl_dyn_addn(dq, q, 1); + break; case '=': /* allowed as-is */ result = Curl_dyn_addn(dq, q, 1); + found_equals = true; break; case '%': /* uppercase the following if hexadecimal */ @@ -497,7 +511,11 @@ static CURLcode canon_query(struct Curl_easy *data, } } } - if(i < entry - 1) { + if(!result && !found_equals) { + /* queries without value still need an equals */ + result = Curl_dyn_addn(dq, "=", 1); + } + if(!result && i < entry - 1) { /* insert ampersands between query pairs */ result = Curl_dyn_addn(dq, "&", 1); } @@ -596,7 +614,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) result = CURLE_URL_MALFORMAT; goto fail; } - strncpy(service, hostname, len); + memcpy(service, hostname, len); service[len] = '\0'; infof(data, "aws_sigv4: picked service %s from host", service); @@ -615,7 +633,7 @@ CURLcode Curl_output_aws_sigv4(struct Curl_easy *data, bool proxy) result = CURLE_URL_MALFORMAT; goto fail; } - strncpy(region, reg, len); + memcpy(region, reg, len); region[len] = '\0'; infof(data, "aws_sigv4: picked region %s from host", region); } diff --git a/lib/http_chunks.c b/lib/http_chunks.c index 2a401d14c..039c179c4 100644 --- a/lib/http_chunks.c +++ b/lib/http_chunks.c @@ -75,86 +75,110 @@ */ -#define isxdigit_ascii(x) Curl_isxdigit(x) +void Curl_httpchunk_init(struct Curl_easy *data, struct Curl_chunker *ch, + bool ignore_body) +{ + (void)data; + ch->hexindex = 0; /* start at 0 */ + ch->state = CHUNK_HEX; /* we get hex first! */ + ch->last_code = CHUNKE_OK; + Curl_dyn_init(&ch->trailer, DYN_H1_TRAILER); + ch->ignore_body = ignore_body; +} -void Curl_httpchunk_init(struct Curl_easy *data) +void Curl_httpchunk_reset(struct Curl_easy *data, struct Curl_chunker *ch, + bool ignore_body) { - struct connectdata *conn = data->conn; - struct Curl_chunker *chunk = &conn->chunk; - chunk->hexindex = 0; /* start at 0 */ - chunk->state = CHUNK_HEX; /* we get hex first! */ - Curl_dyn_init(&conn->trailer, DYN_H1_TRAILER); + (void)data; + ch->hexindex = 0; /* start at 0 */ + ch->state = CHUNK_HEX; /* we get hex first! */ + ch->last_code = CHUNKE_OK; + Curl_dyn_reset(&ch->trailer); + ch->ignore_body = ignore_body; } -/* - * chunk_read() returns a OK for normal operations, or a positive return code - * for errors. STOP means this sequence of chunks is complete. The 'wrote' - * argument is set to tell the caller how many bytes we actually passed to the - * client (for byte-counting and whatever). - * - * The states and the state-machine is further explained in the header file. - * - * This function always uses ASCII hex values to accommodate non-ASCII hosts. - * For example, 0x0d and 0x0a are used instead of '\r' and '\n'. - */ -CHUNKcode Curl_httpchunk_read(struct Curl_easy *data, - char *datap, - ssize_t datalen, - ssize_t *wrote, - CURLcode *extrap) +void Curl_httpchunk_free(struct Curl_easy *data, struct Curl_chunker *ch) +{ + (void)data; + Curl_dyn_free(&ch->trailer); +} + +bool Curl_httpchunk_is_done(struct Curl_easy *data, struct Curl_chunker *ch) +{ + (void)data; + return ch->state == CHUNK_DONE; +} + +static CURLcode httpchunk_readwrite(struct Curl_easy *data, + struct Curl_chunker *ch, + struct Curl_cwriter *cw_next, + const char *buf, size_t blen, + size_t *pconsumed) { CURLcode result = CURLE_OK; - struct connectdata *conn = data->conn; - struct Curl_chunker *ch = &conn->chunk; - struct SingleRequest *k = &data->req; size_t piece; - curl_off_t length = (curl_off_t)datalen; - *wrote = 0; /* nothing's written yet */ + *pconsumed = 0; /* nothing's written yet */ + /* first check terminal states that will not progress anywhere */ + if(ch->state == CHUNK_DONE) + return CURLE_OK; + if(ch->state == CHUNK_FAILED) + return CURLE_RECV_ERROR; /* the original data is written to the client, but we go on with the chunk read process, to properly calculate the content length */ - if(data->set.http_te_skip && !k->ignorebody) { - result = Curl_client_write(data, CLIENTWRITE_BODY, datap, datalen); + if(data->set.http_te_skip && !ch->ignore_body) { + if(cw_next) + result = Curl_cwriter_write(data, cw_next, CLIENTWRITE_BODY, buf, blen); + else + result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)buf, blen); if(result) { - *extrap = result; - return CHUNKE_PASSTHRU_ERROR; + ch->state = CHUNK_FAILED; + ch->last_code = CHUNKE_PASSTHRU_ERROR; + return result; } } - while(length) { + while(blen) { switch(ch->state) { case CHUNK_HEX: - if(ISXDIGIT(*datap)) { - if(ch->hexindex < CHUNK_MAXNUM_LEN) { - ch->hexbuffer[ch->hexindex] = *datap; - datap++; - length--; - ch->hexindex++; - } - else { - return CHUNKE_TOO_LONG_HEX; /* longer hex than we support */ + if(ISXDIGIT(*buf)) { + if(ch->hexindex >= CHUNK_MAXNUM_LEN) { + failf(data, "chunk hex-length longer than %d", CHUNK_MAXNUM_LEN); + ch->state = CHUNK_FAILED; + ch->last_code = CHUNKE_TOO_LONG_HEX; /* longer than we support */ + return CURLE_RECV_ERROR; } + ch->hexbuffer[ch->hexindex++] = *buf; + buf++; + blen--; } else { char *endptr; - if(0 == ch->hexindex) + if(0 == ch->hexindex) { /* This is illegal data, we received junk where we expected a hexadecimal digit. */ - return CHUNKE_ILLEGAL_HEX; + failf(data, "chunk hex-length char not a hex digit: 0x%x", *buf); + ch->state = CHUNK_FAILED; + ch->last_code = CHUNKE_ILLEGAL_HEX; + return CURLE_RECV_ERROR; + } - /* length and datap are unmodified */ + /* blen and buf are unmodified */ ch->hexbuffer[ch->hexindex] = 0; - - if(curlx_strtoofft(ch->hexbuffer, &endptr, 16, &ch->datasize)) - return CHUNKE_ILLEGAL_HEX; + if(curlx_strtoofft(ch->hexbuffer, &endptr, 16, &ch->datasize)) { + failf(data, "chunk hex-length not valid: '%s'", ch->hexbuffer); + ch->state = CHUNK_FAILED; + ch->last_code = CHUNKE_ILLEGAL_HEX; + return CURLE_RECV_ERROR; + } ch->state = CHUNK_LF; /* now wait for the CRLF */ } break; case CHUNK_LF: /* waiting for the LF after a chunk size */ - if(*datap == 0x0a) { + if(*buf == 0x0a) { /* we're now expecting data to come, unless size was zero! */ if(0 == ch->datasize) { ch->state = CHUNK_TRAILER; /* now check for trailers */ @@ -163,30 +187,37 @@ CHUNKcode Curl_httpchunk_read(struct Curl_easy *data, ch->state = CHUNK_DATA; } - datap++; - length--; + buf++; + blen--; break; case CHUNK_DATA: - /* We expect 'datasize' of data. We have 'length' right now, it can be + /* We expect 'datasize' of data. We have 'blen' right now, it can be more or less than 'datasize'. Get the smallest piece. */ - piece = curlx_sotouz((ch->datasize >= length)?length:ch->datasize); + piece = blen; + if(ch->datasize < (curl_off_t)blen) + piece = curlx_sotouz(ch->datasize); /* Write the data portion available */ - if(!data->set.http_te_skip && !k->ignorebody) { - result = Curl_client_write(data, CLIENTWRITE_BODY, datap, piece); - + if(!data->set.http_te_skip && !ch->ignore_body) { + if(cw_next) + result = Curl_cwriter_write(data, cw_next, CLIENTWRITE_BODY, + buf, piece); + else + result = Curl_client_write(data, CLIENTWRITE_BODY, + (char *)buf, piece); if(result) { - *extrap = result; - return CHUNKE_PASSTHRU_ERROR; + ch->state = CHUNK_FAILED; + ch->last_code = CHUNKE_PASSTHRU_ERROR; + return result; } } - *wrote += piece; + *pconsumed += piece; ch->datasize -= piece; /* decrease amount left to expect */ - datap += piece; /* move read pointer forward */ - length -= piece; /* decrease space left in this round */ + buf += piece; /* move read pointer forward */ + blen -= piece; /* decrease space left in this round */ if(0 == ch->datasize) /* end of data this round, we now expect a trailing CRLF */ @@ -194,42 +225,55 @@ CHUNKcode Curl_httpchunk_read(struct Curl_easy *data, break; case CHUNK_POSTLF: - if(*datap == 0x0a) { + if(*buf == 0x0a) { /* The last one before we go back to hex state and start all over. */ - Curl_httpchunk_init(data); /* sets state back to CHUNK_HEX */ + Curl_httpchunk_reset(data, ch, ch->ignore_body); } - else if(*datap != 0x0d) - return CHUNKE_BAD_CHUNK; - datap++; - length--; + else if(*buf != 0x0d) { + ch->state = CHUNK_FAILED; + ch->last_code = CHUNKE_BAD_CHUNK; + return CURLE_RECV_ERROR; + } + buf++; + blen--; break; case CHUNK_TRAILER: - if((*datap == 0x0d) || (*datap == 0x0a)) { - char *tr = Curl_dyn_ptr(&conn->trailer); + if((*buf == 0x0d) || (*buf == 0x0a)) { + char *tr = Curl_dyn_ptr(&ch->trailer); /* this is the end of a trailer, but if the trailer was zero bytes there was no trailer and we move on */ if(tr) { size_t trlen; - result = Curl_dyn_addn(&conn->trailer, (char *)STRCONST("\x0d\x0a")); - if(result) - return CHUNKE_OUT_OF_MEMORY; - - tr = Curl_dyn_ptr(&conn->trailer); - trlen = Curl_dyn_len(&conn->trailer); + result = Curl_dyn_addn(&ch->trailer, (char *)STRCONST("\x0d\x0a")); + if(result) { + ch->state = CHUNK_FAILED; + ch->last_code = CHUNKE_OUT_OF_MEMORY; + return result; + } + tr = Curl_dyn_ptr(&ch->trailer); + trlen = Curl_dyn_len(&ch->trailer); if(!data->set.http_te_skip) { - result = Curl_client_write(data, - CLIENTWRITE_HEADER|CLIENTWRITE_TRAILER, - tr, trlen); + if(cw_next) + result = Curl_cwriter_write(data, cw_next, + CLIENTWRITE_HEADER| + CLIENTWRITE_TRAILER, + tr, trlen); + else + result = Curl_client_write(data, + CLIENTWRITE_HEADER| + CLIENTWRITE_TRAILER, + tr, trlen); if(result) { - *extrap = result; - return CHUNKE_PASSTHRU_ERROR; + ch->state = CHUNK_FAILED; + ch->last_code = CHUNKE_PASSTHRU_ERROR; + return result; } } - Curl_dyn_reset(&conn->trailer); + Curl_dyn_reset(&ch->trailer); ch->state = CHUNK_TRAILER_CR; - if(*datap == 0x0a) + if(*buf == 0x0a) /* already on the LF */ break; } @@ -240,59 +284,73 @@ CHUNKcode Curl_httpchunk_read(struct Curl_easy *data, } } else { - result = Curl_dyn_addn(&conn->trailer, datap, 1); - if(result) - return CHUNKE_OUT_OF_MEMORY; + result = Curl_dyn_addn(&ch->trailer, buf, 1); + if(result) { + ch->state = CHUNK_FAILED; + ch->last_code = CHUNKE_OUT_OF_MEMORY; + return result; + } } - datap++; - length--; + buf++; + blen--; break; case CHUNK_TRAILER_CR: - if(*datap == 0x0a) { + if(*buf == 0x0a) { ch->state = CHUNK_TRAILER_POSTCR; - datap++; - length--; + buf++; + blen--; + } + else { + ch->state = CHUNK_FAILED; + ch->last_code = CHUNKE_BAD_CHUNK; + return CURLE_RECV_ERROR; } - else - return CHUNKE_BAD_CHUNK; break; case CHUNK_TRAILER_POSTCR: /* We enter this state when a CR should arrive so we expect to have to first pass a CR before we wait for LF */ - if((*datap != 0x0d) && (*datap != 0x0a)) { + if((*buf != 0x0d) && (*buf != 0x0a)) { /* not a CR then it must be another header in the trailer */ ch->state = CHUNK_TRAILER; break; } - if(*datap == 0x0d) { + if(*buf == 0x0d) { /* skip if CR */ - datap++; - length--; + buf++; + blen--; } /* now wait for the final LF */ ch->state = CHUNK_STOP; break; case CHUNK_STOP: - if(*datap == 0x0a) { - length--; - + if(*buf == 0x0a) { + blen--; /* Record the length of any data left in the end of the buffer even if there's no more chunks to read */ - ch->datasize = curlx_sotouz(length); - - return CHUNKE_STOP; /* return stop */ + ch->datasize = blen; + ch->state = CHUNK_DONE; + return CURLE_OK; + } + else { + ch->state = CHUNK_FAILED; + ch->last_code = CHUNKE_BAD_CHUNK; + return CURLE_RECV_ERROR; } - else - return CHUNKE_BAD_CHUNK; + case CHUNK_DONE: + return CURLE_OK; + + case CHUNK_FAILED: + return CURLE_RECV_ERROR; } + } - return CHUNKE_OK; + return CURLE_OK; } -const char *Curl_chunked_strerror(CHUNKcode code) +static const char *Curl_chunked_strerror(CHUNKcode code) { switch(code) { default: @@ -304,8 +362,7 @@ const char *Curl_chunked_strerror(CHUNKcode code) case CHUNKE_BAD_CHUNK: return "Malformed encoding found"; case CHUNKE_PASSTHRU_ERROR: - DEBUGASSERT(0); /* never used */ - return ""; + return "Error writing data to client"; case CHUNKE_BAD_ENCODING: return "Bad content-encoding found"; case CHUNKE_OUT_OF_MEMORY: @@ -313,4 +370,86 @@ const char *Curl_chunked_strerror(CHUNKcode code) } } +CURLcode Curl_httpchunk_read(struct Curl_easy *data, + struct Curl_chunker *ch, + char *buf, size_t blen, + size_t *pconsumed) +{ + return httpchunk_readwrite(data, ch, NULL, buf, blen, pconsumed); +} + +struct chunked_writer { + struct Curl_cwriter super; + struct Curl_chunker ch; +}; + +static CURLcode cw_chunked_init(struct Curl_easy *data, + struct Curl_cwriter *writer) +{ + struct chunked_writer *ctx = (struct chunked_writer *)writer; + + data->req.chunk = TRUE; /* chunks coming our way. */ + Curl_httpchunk_init(data, &ctx->ch, FALSE); + return CURLE_OK; +} + +static void cw_chunked_close(struct Curl_easy *data, + struct Curl_cwriter *writer) +{ + struct chunked_writer *ctx = (struct chunked_writer *)writer; + Curl_httpchunk_free(data, &ctx->ch); +} + +static CURLcode cw_chunked_write(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, + const char *buf, size_t blen) +{ + struct chunked_writer *ctx = (struct chunked_writer *)writer; + CURLcode result; + size_t consumed; + + if(!(type & CLIENTWRITE_BODY)) + return Curl_cwriter_write(data, writer->next, type, buf, blen); + + consumed = 0; + result = httpchunk_readwrite(data, &ctx->ch, writer->next, buf, blen, + &consumed); + + if(result) { + if(CHUNKE_PASSTHRU_ERROR == ctx->ch.last_code) { + failf(data, "Failed reading the chunked-encoded stream"); + } + else { + failf(data, "%s in chunked-encoding", + Curl_chunked_strerror(ctx->ch.last_code)); + } + return result; + } + + blen -= consumed; + if(CHUNK_DONE == ctx->ch.state) { + /* chunks read successfully, download is complete */ + data->req.download_done = TRUE; + if(blen) { + infof(data, "Leftovers after chunking: %zu bytes", blen); + } + } + else if((type & CLIENTWRITE_EOS) && !data->req.no_body) { + failf(data, "transfer closed with outstanding read data remaining"); + return CURLE_PARTIAL_FILE; + } + + return CURLE_OK; +} + +/* HTTP chunked Transfer-Encoding decoder */ +const struct Curl_cwtype Curl_httpchunk_unencoder = { + "chunked", + NULL, + cw_chunked_init, + cw_chunked_write, + cw_chunked_close, + sizeof(struct chunked_writer) +}; + #endif /* CURL_DISABLE_HTTP */ diff --git a/lib/http_chunks.h b/lib/http_chunks.h index ed5071316..07f2984c3 100644 --- a/lib/http_chunks.h +++ b/lib/http_chunks.h @@ -24,6 +24,10 @@ * ***************************************************************************/ +#ifndef CURL_DISABLE_HTTP + +#include "dynbuf.h" + struct connectdata; /* @@ -67,34 +71,68 @@ typedef enum { signalled If this is an empty trailer CHUNKE_STOP will be signalled. Otherwise the trailer will be broadcasted via Curl_client_write() and the next state will be CHUNK_TRAILER */ - CHUNK_TRAILER_POSTCR + CHUNK_TRAILER_POSTCR, + + /* Successfully de-chunked everything */ + CHUNK_DONE, + + /* Failed on seeing a bad or not correctly terminated chunk */ + CHUNK_FAILED } ChunkyState; typedef enum { - CHUNKE_STOP = -1, CHUNKE_OK = 0, CHUNKE_TOO_LONG_HEX = 1, CHUNKE_ILLEGAL_HEX, CHUNKE_BAD_CHUNK, CHUNKE_BAD_ENCODING, CHUNKE_OUT_OF_MEMORY, - CHUNKE_PASSTHRU_ERROR, /* Curl_httpchunk_read() returns a CURLcode to use */ - CHUNKE_LAST + CHUNKE_PASSTHRU_ERROR /* Curl_httpchunk_read() returns a CURLcode to use */ } CHUNKcode; -const char *Curl_chunked_strerror(CHUNKcode code); - struct Curl_chunker { curl_off_t datasize; ChunkyState state; + CHUNKcode last_code; + struct dynbuf trailer; /* for chunked-encoded trailer */ unsigned char hexindex; - char hexbuffer[ CHUNK_MAXNUM_LEN + 1]; /* +1 for null-terminator */ + char hexbuffer[CHUNK_MAXNUM_LEN + 1]; /* +1 for null-terminator */ + BIT(ignore_body); /* never write response body data */ }; /* The following functions are defined in http_chunks.c */ -void Curl_httpchunk_init(struct Curl_easy *data); -CHUNKcode Curl_httpchunk_read(struct Curl_easy *data, char *datap, - ssize_t length, ssize_t *wrote, - CURLcode *passthru); +void Curl_httpchunk_init(struct Curl_easy *data, struct Curl_chunker *ch, + bool ignore_body); +void Curl_httpchunk_free(struct Curl_easy *data, struct Curl_chunker *ch); +void Curl_httpchunk_reset(struct Curl_easy *data, struct Curl_chunker *ch, + bool ignore_body); + +/* + * Read BODY bytes in HTTP/1.1 chunked encoding from `buf` and return + * the amount of bytes consumed. The actual response bytes and trailer + * headers are written out to the client. + * On success, this will consume all bytes up to the end of the response, + * e.g. the last chunk, has been processed. + * @param data the transfer involved + * @param ch the chunker instance keeping state across calls + * @param buf the response data + * @param blen amount of bytes in `buf` + * @param pconsumed on successful return, the number of bytes in `buf` + * consumed + * + * This function always uses ASCII hex values to accommodate non-ASCII hosts. + * For example, 0x0d and 0x0a are used instead of '\r' and '\n'. + */ +CURLcode Curl_httpchunk_read(struct Curl_easy *data, struct Curl_chunker *ch, + char *buf, size_t blen, size_t *pconsumed); + +/** + * @return TRUE iff chunked decoded has finished successfully. + */ +bool Curl_httpchunk_is_done(struct Curl_easy *data, struct Curl_chunker *ch); + +extern const struct Curl_cwtype Curl_httpchunk_unencoder; + +#endif /* !CURL_DISABLE_HTTP */ #endif /* HEADER_CURL_HTTP_CHUNKS_H */ diff --git a/lib/http_proxy.c b/lib/http_proxy.c index a1d6da954..113c43a41 100644 --- a/lib/http_proxy.c +++ b/lib/http_proxy.c @@ -131,8 +131,8 @@ CURLcode Curl_http_proxy_create_CONNECT(struct httpreq **preq, goto out; } - if(!Curl_checkProxyheaders(data, cf->conn, STRCONST("User-Agent")) - && data->set.str[STRING_USERAGENT]) { + if(!Curl_checkProxyheaders(data, cf->conn, STRCONST("User-Agent")) && + data->set.str[STRING_USERAGENT] && *data->set.str[STRING_USERAGENT]) { result = Curl_dynhds_cadd(&req->headers, "User-Agent", data->set.str[STRING_USERAGENT]); if(result) @@ -299,7 +299,7 @@ struct Curl_cftype Curl_cft_http_proxy = { http_proxy_cf_connect, http_proxy_cf_close, Curl_cf_http_proxy_get_host, - Curl_cf_def_get_select_socks, + Curl_cf_def_adjust_pollset, Curl_cf_def_data_pending, Curl_cf_def_send, Curl_cf_def_recv, diff --git a/lib/idn.c b/lib/idn.c index a024691d1..81a177f8c 100644 --- a/lib/idn.c +++ b/lib/idn.c @@ -36,7 +36,7 @@ #ifdef USE_LIBIDN2 #include -#if defined(WIN32) && defined(UNICODE) +#if defined(_WIN32) && defined(UNICODE) #define IDN2_LOOKUP(name, host, flags) \ idn2_lookup_u8((const uint8_t *)name, (uint8_t **)host, flags) #else diff --git a/lib/imap.c b/lib/imap.c index de64c2a7f..f9211d966 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -97,7 +97,8 @@ static CURLcode imap_doing(struct Curl_easy *data, bool *dophase_done); static CURLcode imap_setup_connection(struct Curl_easy *data, struct connectdata *conn); static char *imap_atom(const char *str, bool escape_only); -static CURLcode imap_sendf(struct Curl_easy *data, const char *fmt, ...); +static CURLcode imap_sendf(struct Curl_easy *data, const char *fmt, ...) + CURL_PRINTF(2, 3); static CURLcode imap_parse_url_options(struct connectdata *conn); static CURLcode imap_parse_url_path(struct Curl_easy *data); static CURLcode imap_parse_custom_request(struct Curl_easy *data); @@ -129,7 +130,7 @@ const struct Curl_handler Curl_handler_imap = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ imap_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_IMAP, /* defport */ @@ -158,7 +159,7 @@ const struct Curl_handler Curl_handler_imaps = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ imap_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_IMAPS, /* defport */ @@ -354,8 +355,8 @@ static bool imap_endofresp(struct Curl_easy *data, struct connectdata *conn, */ static CURLcode imap_get_message(struct Curl_easy *data, struct bufref *out) { - char *message = data->state.buffer; - size_t len = strlen(message); + char *message = Curl_dyn_ptr(&data->conn->proto.imapc.pp.recvbuf); + size_t len = data->conn->proto.imapc.pp.nfinal; if(len > 2) { /* Find the start of the message */ @@ -895,7 +896,7 @@ static CURLcode imap_state_capability_resp(struct Curl_easy *data, CURLcode result = CURLE_OK; struct connectdata *conn = data->conn; struct imap_conn *imapc = &conn->proto.imapc; - const char *line = data->state.buffer; + const char *line = Curl_dyn_ptr(&imapc->pp.recvbuf); (void)instate; /* no use for this yet */ @@ -981,7 +982,7 @@ static CURLcode imap_state_starttls_resp(struct Curl_easy *data, (void)instate; /* no use for this yet */ /* Pipelining in response is forbidden. */ - if(data->conn->proto.imapc.pp.cache_size) + if(data->conn->proto.imapc.pp.overflow) return CURLE_WEIRD_SERVER_REPLY; if(imapcode != IMAP_RESP_OK) { @@ -1057,17 +1058,13 @@ static CURLcode imap_state_listsearch_resp(struct Curl_easy *data, imapstate instate) { CURLcode result = CURLE_OK; - char *line = data->state.buffer; - size_t len = strlen(line); + char *line = Curl_dyn_ptr(&data->conn->proto.imapc.pp.recvbuf); + size_t len = data->conn->proto.imapc.pp.nfinal; (void)instate; /* No use for this yet */ - if(imapcode == '*') { - /* Temporarily add the LF character back and send as body to the client */ - line[len] = '\n'; - result = Curl_client_write(data, CLIENTWRITE_BODY, line, len + 1); - line[len] = '\0'; - } + if(imapcode == '*') + result = Curl_client_write(data, CLIENTWRITE_BODY, line, len); else if(imapcode != IMAP_RESP_OK) result = CURLE_QUOTE_ERROR; else @@ -1085,7 +1082,7 @@ static CURLcode imap_state_select_resp(struct Curl_easy *data, int imapcode, struct connectdata *conn = data->conn; struct IMAP *imap = data->req.p.imap; struct imap_conn *imapc = &conn->proto.imapc; - const char *line = data->state.buffer; + const char *line = Curl_dyn_ptr(&data->conn->proto.imapc.pp.recvbuf); (void)instate; /* no use for this yet */ @@ -1144,7 +1141,8 @@ static CURLcode imap_state_fetch_resp(struct Curl_easy *data, CURLcode result = CURLE_OK; struct imap_conn *imapc = &conn->proto.imapc; struct pingpong *pp = &imapc->pp; - const char *ptr = data->state.buffer; + const char *ptr = Curl_dyn_ptr(&data->conn->proto.imapc.pp.recvbuf); + size_t len = data->conn->proto.imapc.pp.nfinal; bool parsed = FALSE; curl_off_t size = 0; @@ -1158,16 +1156,12 @@ static CURLcode imap_state_fetch_resp(struct Curl_easy *data, /* Something like this is received "* 1 FETCH (BODY[TEXT] {2021}\r" so parse the continuation data contained within the curly brackets */ - while(*ptr && (*ptr != '{')) - ptr++; - - if(*ptr == '{') { + ptr = memchr(ptr, '{', len); + if(ptr) { char *endptr; - if(!curlx_strtoofft(ptr + 1, &endptr, 10, &size)) { - if(endptr - ptr > 1 && endptr[0] == '}' && - endptr[1] == '\r' && endptr[2] == '\0') - parsed = TRUE; - } + if(!curlx_strtoofft(ptr + 1, &endptr, 10, &size) && + (endptr - ptr > 1 && *endptr == '}')) + parsed = TRUE; } if(parsed) { @@ -1175,11 +1169,15 @@ static CURLcode imap_state_fetch_resp(struct Curl_easy *data, size); Curl_pgrsSetDownloadSize(data, size); - if(pp->cache) { - /* At this point there is a bunch of data in the header "cache" that is - actually body content, send it as body and then skip it. Do note - that there may even be additional "headers" after the body. */ - size_t chunk = pp->cache_size; + if(pp->overflow) { + /* At this point there is a data in the receive buffer that is body + content, send it as body and then skip it. Do note that there may + even be additional "headers" after the body. */ + size_t chunk = pp->overflow; + + /* keep only the overflow */ + Curl_dyn_tail(&pp->recvbuf, chunk); + pp->nfinal = 0; /* done */ if(chunk > (size_t)size) /* The conversion from curl_off_t to size_t is always fine here */ @@ -1190,27 +1188,24 @@ static CURLcode imap_state_fetch_resp(struct Curl_easy *data, imap_state(data, IMAP_STOP); return CURLE_OK; } - result = Curl_client_write(data, CLIENTWRITE_BODY, pp->cache, chunk); + result = Curl_client_write(data, CLIENTWRITE_BODY, + Curl_dyn_ptr(&pp->recvbuf), chunk); if(result) return result; - data->req.bytecount += chunk; - infof(data, "Written %zu bytes, %" CURL_FORMAT_CURL_OFF_TU " bytes are left for transfer", chunk, size - chunk); - /* Have we used the entire cache or just part of it?*/ - if(pp->cache_size > chunk) { - /* Only part of it so shrink the cache to fit the trailing data */ - memmove(pp->cache, pp->cache + chunk, pp->cache_size - chunk); - pp->cache_size -= chunk; + /* Have we used the entire overflow or just part of it?*/ + if(pp->overflow > chunk) { + /* remember the remaining trailing overflow data */ + pp->overflow -= chunk; + Curl_dyn_tail(&pp->recvbuf, pp->overflow); } else { + pp->overflow = 0; /* handled */ /* Free the cache */ - Curl_safefree(pp->cache); - - /* Reset the cache size */ - pp->cache_size = 0; + Curl_dyn_reset(&pp->recvbuf); } } @@ -1222,7 +1217,7 @@ static CURLcode imap_state_fetch_resp(struct Curl_easy *data, data->req.maxdownload = size; /* force a recv/send check of this connection, as the data might've been read off the socket already */ - data->conn->cselect_bits = CURL_CSELECT_IN; + data->state.select_bits = CURL_CSELECT_IN; Curl_setup_transfer(data, FIRSTSOCKET, size, FALSE, -1); } } @@ -1378,7 +1373,6 @@ static CURLcode imap_statemachine(struct Curl_easy *data, break; case IMAP_LOGOUT: - /* fallthrough, just stop! */ default: /* internal error */ imap_state(data, IMAP_STOP); @@ -1430,7 +1424,7 @@ static CURLcode imap_init(struct Curl_easy *data) CURLcode result = CURLE_OK; struct IMAP *imap; - imap = data->req.p.imap = calloc(sizeof(struct IMAP), 1); + imap = data->req.p.imap = calloc(1, sizeof(struct IMAP)); if(!imap) result = CURLE_OUT_OF_MEMORY; @@ -1474,9 +1468,7 @@ static CURLcode imap_connect(struct Curl_easy *data, bool *done) Curl_sasl_init(&imapc->sasl, data, &saslimap); Curl_dyn_init(&imapc->dyn, DYN_IMAP_CMD); - /* Initialise the pingpong layer */ - Curl_pp_setup(pp); - Curl_pp_init(data, pp); + Curl_pp_init(pp); /* Parse the URL options */ result = imap_parse_url_options(conn); @@ -1797,7 +1789,14 @@ static CURLcode imap_sendf(struct Curl_easy *data, const char *fmt, ...) if(!result) { va_list ap; va_start(ap, fmt); +#ifdef __clang__ +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wformat-nonliteral" +#endif result = Curl_pp_vsendf(data, &imapc->pp, Curl_dyn_ptr(&imapc->dyn), ap); +#ifdef __clang__ +#pragma clang diagnostic pop +#endif va_end(ap); } return result; diff --git a/lib/inet_pton.c b/lib/inet_pton.c index 7d3c69879..176cc956f 100644 --- a/lib/inet_pton.c +++ b/lib/inet_pton.c @@ -112,7 +112,8 @@ inet_pton4(const char *src, unsigned char *dst) pch = strchr(digits, ch); if(pch) { - unsigned int val = *tp * 10 + (unsigned int)(pch - digits); + unsigned int val = (unsigned int)(*tp * 10) + + (unsigned int)(pch - digits); if(saw_digit && *tp == 0) return (0); diff --git a/lib/inet_pton.h b/lib/inet_pton.h index 82fde7e2e..f8562fa8a 100644 --- a/lib/inet_pton.h +++ b/lib/inet_pton.h @@ -31,9 +31,6 @@ int Curl_inet_pton(int, const char *, void *); #ifdef HAVE_INET_PTON #ifdef HAVE_ARPA_INET_H #include -#elif defined(HAVE_WS2TCPIP_H) -/* inet_pton() exists in Vista or later */ -#include #endif #define Curl_inet_pton(x,y,z) inet_pton(x,y,z) #endif diff --git a/lib/krb5.c b/lib/krb5.c index 18e73debb..4db19fb27 100644 --- a/lib/krb5.c +++ b/lib/krb5.c @@ -75,8 +75,7 @@ static CURLcode ftpsend(struct Curl_easy *data, struct connectdata *conn, unsigned char data_sec = conn->data_prot; #endif - if(!cmd) - return CURLE_BAD_FUNCTION_ARGUMENT; + DEBUGASSERT(cmd); write_len = strlen(cmd); if(!write_len || write_len > (sizeof(s) -3)) @@ -236,9 +235,12 @@ krb5_auth(void *app_data, struct Curl_easy *data, struct connectdata *conn) if(Curl_GetFTPResponse(data, &nread, NULL)) return -1; - - if(data->state.buffer[0] != '3') - return -1; + else { + struct pingpong *pp = &conn->proto.ftpc.pp; + char *line = Curl_dyn_ptr(&pp->recvbuf); + if(line[0] != '3') + return -1; + } } stringp = aprintf("%s@%s", service, host); @@ -322,15 +324,19 @@ krb5_auth(void *app_data, struct Curl_easy *data, struct connectdata *conn) ret = -1; break; } - - if(data->state.buffer[0] != '2' && data->state.buffer[0] != '3') { - infof(data, "Server didn't accept auth data"); - ret = AUTH_ERROR; - break; + else { + struct pingpong *pp = &conn->proto.ftpc.pp; + size_t len = Curl_dyn_len(&pp->recvbuf); + p = Curl_dyn_ptr(&pp->recvbuf); + if((len < 4) || (p[0] != '2' && p[0] != '3')) { + infof(data, "Server didn't accept auth data"); + ret = AUTH_ERROR; + break; + } } _gssresp.value = NULL; /* make sure it is initialized */ - p = data->state.buffer + 4; + p += 4; /* over '789 ' */ p = strstr(p, "ADAT="); if(p) { result = Curl_base64_decode(p + 5, @@ -417,7 +423,6 @@ static char level_to_char(int level) case PROT_PRIVATE: return 'P'; case PROT_CMD: - /* Fall through */ default: /* Those 2 cases should not be reached! */ break; @@ -429,6 +434,9 @@ static char level_to_char(int level) /* Send an FTP command defined by |message| and the optional arguments. The function returns the ftp_code. If an error occurs, -1 is returned. */ +static int ftp_send_command(struct Curl_easy *data, const char *message, ...) + CURL_PRINTF(2, 3); + static int ftp_send_command(struct Curl_easy *data, const char *message, ...) { int ftp_code; @@ -750,6 +758,8 @@ static int sec_set_protection_level(struct Curl_easy *data) if(level) { char *pbsz; unsigned int buffer_size = 1 << 20; /* 1048576 */ + struct pingpong *pp = &conn->proto.ftpc.pp; + char *line; code = ftp_send_command(data, "PBSZ %u", buffer_size); if(code < 0) @@ -761,10 +771,11 @@ static int sec_set_protection_level(struct Curl_easy *data) } conn->buffer_size = buffer_size; - pbsz = strstr(data->state.buffer, "PBSZ="); + line = Curl_dyn_ptr(&pp->recvbuf); + pbsz = strstr(line, "PBSZ="); if(pbsz) { /* stick to default value if the check fails */ - if(!strncmp(pbsz, "PBSZ=", 5) && ISDIGIT(pbsz[5])) + if(ISDIGIT(pbsz[5])) buffer_size = atoi(&pbsz[5]); if(buffer_size < conn->buffer_size) conn->buffer_size = buffer_size; diff --git a/lib/ldap.c b/lib/ldap.c index 239d3fbf0..4c04647f4 100644 --- a/lib/ldap.c +++ b/lib/ldap.c @@ -137,7 +137,7 @@ static void _ldap_free_urldesc(LDAPURLDesc *ludp); _ldap_trace x; \ } while(0) - static void _ldap_trace(const char *fmt, ...); + static void _ldap_trace(const char *fmt, ...) CURL_PRINTF(1, 2); #else #define LDAP_TRACE(x) Curl_nop_stmt #endif @@ -177,7 +177,7 @@ const struct Curl_handler Curl_handler_ldap = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ ZERO_NULL, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_LDAP, /* defport */ @@ -205,7 +205,7 @@ const struct Curl_handler Curl_handler_ldaps = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ ZERO_NULL, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_LDAPS, /* defport */ @@ -313,7 +313,6 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) int ldap_ssl = 0; char *val_b64 = NULL; size_t val_b64_sz = 0; - curl_off_t dlsize = 0; #ifdef LDAP_OPT_NETWORK_TIMEOUT struct timeval ldap_timeout = {10, 0}; /* 10 sec connection/search timeout */ #endif @@ -327,7 +326,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) *done = TRUE; /* unconditionally */ infof(data, "LDAP local: LDAP Vendor = %s ; LDAP Version = %d", - LDAP_VENDOR_NAME, LDAP_VENDOR_VERSION); + LDAP_VENDOR_NAME, LDAP_VENDOR_VERSION); infof(data, "LDAP local: %s", data->state.url); #ifdef HAVE_LDAP_URL_PARSE @@ -345,7 +344,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) if(conn->given->flags & PROTOPT_SSL) ldap_ssl = 1; infof(data, "LDAP local: trying to establish %s connection", - ldap_ssl ? "encrypted" : "cleartext"); + ldap_ssl ? "encrypted" : "cleartext"); #if defined(USE_WIN32_LDAP) host = curlx_convert_UTF8_to_tchar(conn->host.name); @@ -535,6 +534,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) goto quit; } + Curl_pgrsSetDownloadCounter(data, 0); rc = ldap_search_s(server, ludp->lud_dn, ludp->lud_scope, ludp->lud_filter, ludp->lud_attrs, 0, &ldapmsg); @@ -596,8 +596,6 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) goto quit; } - dlsize += name_len + 5; - FREE_ON_WINLDAP(name); ldap_memfree(dn); } @@ -659,8 +657,6 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) goto quit; } - dlsize += attr_len + 3; - if((attr_len > 7) && (strcmp(";binary", attr + (attr_len - 7)) == 0)) { /* Binary attribute, encode to base64. */ @@ -689,8 +685,6 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) goto quit; } - - dlsize += val_b64_sz; } } else { @@ -705,8 +699,6 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) goto quit; } - - dlsize += vals[i]->bv_len; } result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\n", 1); @@ -719,8 +711,6 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) goto quit; } - - dlsize++; } /* Free memory used to store values */ @@ -734,10 +724,6 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)"\n", 1); if(result) goto quit; - dlsize++; - result = Curl_pgrsSetDownloadCounter(data, dlsize); - if(result) - goto quit; } if(ber) diff --git a/lib/md4.c b/lib/md4.c index 30ab62e60..067c211e4 100644 --- a/lib/md4.c +++ b/lib/md4.c @@ -32,9 +32,8 @@ #include "warnless.h" #ifdef USE_OPENSSL -#include -#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) && \ - !defined(USE_AMISSL) +#include +#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) && !defined(USE_AMISSL) /* OpenSSL 3.0.0 marks the MD4 functions as deprecated */ #define OPENSSL_NO_MD4 #endif @@ -195,11 +194,9 @@ static int MD4_Init(MD4_CTX *ctx) static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size) { if(!ctx->data) { - ctx->data = malloc(size); - if(ctx->data) { - memcpy(ctx->data, data, size); + ctx->data = Curl_memdup(data, size); + if(ctx->data) ctx->size = size; - } } } diff --git a/lib/memdebug.c b/lib/memdebug.c index d6952a07a..fce933a32 100644 --- a/lib/memdebug.c +++ b/lib/memdebug.c @@ -208,7 +208,7 @@ ALLOC_FUNC char *curl_dbg_strdup(const char *str, return mem; } -#if defined(WIN32) && defined(UNICODE) +#if defined(_WIN32) && defined(UNICODE) ALLOC_FUNC wchar_t *curl_dbg_wcsdup(const wchar_t *str, int line, const char *source) { @@ -304,12 +304,6 @@ void curl_dbg_free(void *ptr, int line, const char *source) curl_socket_t curl_dbg_socket(int domain, int type, int protocol, int line, const char *source) { - const char *fmt = (sizeof(curl_socket_t) == sizeof(int)) ? - "FD %s:%d socket() = %d\n" : - (sizeof(curl_socket_t) == sizeof(long)) ? - "FD %s:%d socket() = %ld\n" : - "FD %s:%d socket() = %zd\n"; - curl_socket_t sockfd; if(countcheck("socket", line, source)) @@ -318,7 +312,8 @@ curl_socket_t curl_dbg_socket(int domain, int type, int protocol, sockfd = socket(domain, type, protocol); if(source && (sockfd != CURL_SOCKET_BAD)) - curl_dbg_log(fmt, source, line, sockfd); + curl_dbg_log("FD %s:%d socket() = %" CURL_FORMAT_SOCKET_T "\n", + source, line, sockfd); return sockfd; } @@ -357,16 +352,12 @@ int curl_dbg_socketpair(int domain, int type, int protocol, curl_socket_t socket_vector[2], int line, const char *source) { - const char *fmt = (sizeof(curl_socket_t) == sizeof(int)) ? - "FD %s:%d socketpair() = %d %d\n" : - (sizeof(curl_socket_t) == sizeof(long)) ? - "FD %s:%d socketpair() = %ld %ld\n" : - "FD %s:%d socketpair() = %zd %zd\n"; - int res = socketpair(domain, type, protocol, socket_vector); if(source && (0 == res)) - curl_dbg_log(fmt, source, line, socket_vector[0], socket_vector[1]); + curl_dbg_log("FD %s:%d socketpair() = " + "%" CURL_FORMAT_SOCKET_T " %" CURL_FORMAT_SOCKET_T "\n", + source, line, socket_vector[0], socket_vector[1]); return res; } @@ -375,19 +366,14 @@ int curl_dbg_socketpair(int domain, int type, int protocol, curl_socket_t curl_dbg_accept(curl_socket_t s, void *saddr, void *saddrlen, int line, const char *source) { - const char *fmt = (sizeof(curl_socket_t) == sizeof(int)) ? - "FD %s:%d accept() = %d\n" : - (sizeof(curl_socket_t) == sizeof(long)) ? - "FD %s:%d accept() = %ld\n" : - "FD %s:%d accept() = %zd\n"; - struct sockaddr *addr = (struct sockaddr *)saddr; curl_socklen_t *addrlen = (curl_socklen_t *)saddrlen; curl_socket_t sockfd = accept(s, addr, addrlen); if(source && (sockfd != CURL_SOCKET_BAD)) - curl_dbg_log(fmt, source, line, sockfd); + curl_dbg_log("FD %s:%d accept() = %" CURL_FORMAT_SOCKET_T "\n", + source, line, sockfd); return sockfd; } @@ -395,14 +381,9 @@ curl_socket_t curl_dbg_accept(curl_socket_t s, void *saddr, void *saddrlen, /* separate function to allow libcurl to mark a "faked" close */ void curl_dbg_mark_sclose(curl_socket_t sockfd, int line, const char *source) { - const char *fmt = (sizeof(curl_socket_t) == sizeof(int)) ? - "FD %s:%d sclose(%d)\n": - (sizeof(curl_socket_t) == sizeof(long)) ? - "FD %s:%d sclose(%ld)\n": - "FD %s:%d sclose(%zd)\n"; - if(source) - curl_dbg_log(fmt, source, line, sockfd); + curl_dbg_log("FD %s:%d sclose(%" CURL_FORMAT_SOCKET_T ")\n", + source, line, sockfd); } /* this is our own defined way to close sockets on *ALL* platforms */ diff --git a/lib/memdebug.h b/lib/memdebug.h index c9eb5dc37..51147cdcb 100644 --- a/lib/memdebug.h +++ b/lib/memdebug.h @@ -64,7 +64,7 @@ CURL_EXTERN ALLOC_SIZE(2) void *curl_dbg_realloc(void *ptr, CURL_EXTERN void curl_dbg_free(void *ptr, int line, const char *source); CURL_EXTERN ALLOC_FUNC char *curl_dbg_strdup(const char *str, int line, const char *src); -#if defined(WIN32) && defined(UNICODE) +#if defined(_WIN32) && defined(UNICODE) CURL_EXTERN ALLOC_FUNC wchar_t *curl_dbg_wcsdup(const wchar_t *str, int line, const char *source); @@ -72,7 +72,7 @@ CURL_EXTERN ALLOC_FUNC wchar_t *curl_dbg_wcsdup(const wchar_t *str, CURL_EXTERN void curl_dbg_memdebug(const char *logname); CURL_EXTERN void curl_dbg_memlimit(long limit); -CURL_EXTERN void curl_dbg_log(const char *format, ...); +CURL_EXTERN void curl_dbg_log(const char *format, ...) CURL_PRINTF(1, 2); /* file descriptor manipulators */ CURL_EXTERN curl_socket_t curl_dbg_socket(int domain, int type, int protocol, @@ -121,7 +121,7 @@ CURL_EXTERN int curl_dbg_fclose(FILE *file, int line, const char *source); #define send(a,b,c,d) curl_dbg_send(a,b,c,d, __LINE__, __FILE__) #define recv(a,b,c,d) curl_dbg_recv(a,b,c,d, __LINE__, __FILE__) -#ifdef WIN32 +#ifdef _WIN32 # ifdef UNICODE # undef wcsdup # define wcsdup(ptr) curl_dbg_wcsdup(ptr, __LINE__, __FILE__) diff --git a/lib/mime.c b/lib/mime.c index 3b27e59e1..d712331d0 100644 --- a/lib/mime.c +++ b/lib/mime.c @@ -30,6 +30,7 @@ #include "warnless.h" #include "urldata.h" #include "sendf.h" +#include "strdup.h" #if !defined(CURL_DISABLE_MIME) && (!defined(CURL_DISABLE_HTTP) || \ !defined(CURL_DISABLE_SMTP) || \ @@ -48,7 +49,7 @@ #include "curl_memory.h" #include "memdebug.h" -#ifdef WIN32 +#ifdef _WIN32 # ifndef R_OK # define R_OK 4 # endif @@ -311,8 +312,7 @@ static char *escape_string(struct Curl_easy *data, table = formtable; /* data can be NULL when this function is called indirectly from curl_formget(). */ - if(strategy == MIMESTRATEGY_MAIL || - (data && (data->set.mime_options & CURLMIMEOPT_FORMESCAPE))) + if(strategy == MIMESTRATEGY_MAIL || (data && (data->set.mime_formescape))) table = mimetable; Curl_dyn_init(&db, CURL_MAX_INPUT_LENGTH); @@ -818,7 +818,7 @@ static size_t read_part_content(curl_mimepart *part, case MIMEKIND_FILE: if(part->fp && feof(part->fp)) break; /* At EOF. */ - /* FALLTHROUGH */ + FALLTHROUGH(); default: if(part->readfunc) { if(!(part->flags & MIME_FAST_READ)) { @@ -937,7 +937,7 @@ static size_t readback_part(curl_mimepart *part, mimesetstate(&part->state, MIMESTATE_USERHEADERS, hdr->next); break; } - /* FALLTHROUGH */ + FALLTHROUGH(); case MIMESTATE_CURLHEADERS: if(!hdr) mimesetstate(&part->state, MIMESTATE_USERHEADERS, part->userheaders); @@ -971,7 +971,7 @@ static size_t readback_part(curl_mimepart *part, fclose(part->fp); part->fp = NULL; } - /* FALLTHROUGH */ + FALLTHROUGH(); case CURL_READFUNC_ABORT: case CURL_READFUNC_PAUSE: case READ_ERROR: @@ -1236,6 +1236,7 @@ CURLcode Curl_mime_duppart(struct Curl_easy *data, } break; default: /* Invalid kind: should not occur. */ + DEBUGF(infof(data, "invalid MIMEKIND* attempt")); res = CURLE_BAD_FUNCTION_ARGUMENT; /* Internal error? */ break; } @@ -1371,27 +1372,22 @@ CURLcode curl_mime_filename(curl_mimepart *part, const char *filename) /* Set mime part content from memory data. */ CURLcode curl_mime_data(curl_mimepart *part, - const char *data, size_t datasize) + const char *ptr, size_t datasize) { if(!part) return CURLE_BAD_FUNCTION_ARGUMENT; cleanup_part_content(part); - if(data) { + if(ptr) { if(datasize == CURL_ZERO_TERMINATED) - datasize = strlen(data); + datasize = strlen(ptr); - part->data = malloc(datasize + 1); + part->data = Curl_memdup0(ptr, datasize); if(!part->data) return CURLE_OUT_OF_MEMORY; part->datasize = datasize; - - if(datasize) - memcpy(part->data, data, datasize); - part->data[datasize] = '\0'; /* Set a null terminator as sentinel. */ - part->readfunc = mime_mem_read; part->seekfunc = mime_mem_seek; part->freefunc = mime_mem_free; diff --git a/lib/mime.h b/lib/mime.h index 0a05c2a5a..a64f41d4b 100644 --- a/lib/mime.h +++ b/lib/mime.h @@ -130,7 +130,8 @@ struct curl_mimepart { size_t lastreadstatus; /* Last read callback returned status. */ }; -CURLcode Curl_mime_add_header(struct curl_slist **slp, const char *fmt, ...); +CURLcode Curl_mime_add_header(struct curl_slist **slp, const char *fmt, ...) + CURL_PRINTF(2, 3); #if !defined(CURL_DISABLE_MIME) && (!defined(CURL_DISABLE_HTTP) || \ !defined(CURL_DISABLE_SMTP) || \ diff --git a/lib/mprintf.c b/lib/mprintf.c index af5d753d6..63f7f2409 100644 --- a/lib/mprintf.c +++ b/lib/mprintf.c @@ -20,25 +20,11 @@ * * SPDX-License-Identifier: curl * - * - * Purpose: - * A merge of Bjorn Reese's format() function and Daniel's dsprintf() - * 1.0. A full blooded printf() clone with full support for $ - * everywhere (parameters, widths and precisions) including variabled - * sized parameters (like doubles, long longs, long doubles and even - * void * in 64-bit architectures). - * - * Current restrictions: - * - Max 128 parameters - * - No 'long double' support. - * - * If you ever want truly portable and good *printf() clones, the project that - * took on from here is named 'Trio' and you find more details on the trio web - * page at https://daniel.haxx.se/projects/trio/ */ #include "curl_setup.h" #include "dynbuf.h" +#include "curl_printf.h" #include #include "curl_memory.h" @@ -66,9 +52,7 @@ * Non-ANSI integer extensions */ -#if (defined(__BORLANDC__) && (__BORLANDC__ >= 0x520)) || \ - (defined(__POCC__) && defined(_MSC_VER)) || \ - (defined(_WIN32_WCE)) || \ +#if (defined(_WIN32_WCE)) || \ (defined(__MINGW32__)) || \ (defined(_MSC_VER) && (_MSC_VER >= 900) && (_INTEGRAL_MAX_BITS >= 64)) # define MP_HAVE_INT_EXTENSIONS @@ -88,7 +72,8 @@ #define BUFFSIZE 326 /* buffer for long-to-str and float-to-str calcs, should fit negative DBL_MAX (317 letters) */ -#define MAX_PARAMETERS 128 /* lame static limit */ +#define MAX_PARAMETERS 128 /* number of input arguments */ +#define MAX_SEGMENTS 128 /* number of output segments */ #ifdef __AMIGA__ # undef FORMAT_INT @@ -100,31 +85,33 @@ static const char lower_digits[] = "0123456789abcdefghijklmnopqrstuvwxyz"; /* Upper-case digits. */ static const char upper_digits[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; -#define OUTCHAR(x) \ - do { \ - if(stream((unsigned char)(x), (FILE *)data) != -1) \ - done++; \ - else \ - return done; /* return immediately on failure */ \ +#define OUTCHAR(x) \ + do { \ + if(!stream(x, userp)) \ + done++; \ + else \ + return done; /* return on failure */ \ } while(0) /* Data type to read from the arglist */ typedef enum { - FORMAT_UNKNOWN = 0, FORMAT_STRING, FORMAT_PTR, - FORMAT_INT, FORMAT_INTPTR, + FORMAT_INT, FORMAT_LONG, FORMAT_LONGLONG, + FORMAT_INTU, + FORMAT_LONGU, + FORMAT_LONGLONGU, FORMAT_DOUBLE, FORMAT_LONGDOUBLE, - FORMAT_WIDTH /* For internal use */ + FORMAT_WIDTH, + FORMAT_PRECISION } FormatType; /* conversion and display flags */ enum { - FLAGS_NEW = 0, FLAGS_SPACE = 1<<0, FLAGS_SHOWSIGN = 1<<1, FLAGS_LEFT = 1<<2, @@ -144,23 +131,40 @@ enum { FLAGS_PRECPARAM = 1<<16, /* precision PARAMETER was specified */ FLAGS_CHAR = 1<<17, /* %c story */ FLAGS_FLOATE = 1<<18, /* %e or %E */ - FLAGS_FLOATG = 1<<19 /* %g or %G */ + FLAGS_FLOATG = 1<<19, /* %g or %G */ + FLAGS_SUBSTR = 1<<20 /* no input, only substring */ }; -struct va_stack { - FormatType type; - int flags; - long width; /* width OR width parameter number */ - long precision; /* precision OR precision parameter number */ +enum { + DOLLAR_UNKNOWN, + DOLLAR_NOPE, + DOLLAR_USE +}; + +/* + * Describes an input va_arg type and hold its value. + */ +struct va_input { + FormatType type; /* FormatType */ union { char *str; void *ptr; - union { - mp_intmax_t as_signed; - mp_uintmax_t as_unsigned; - } num; + mp_intmax_t nums; /* signed */ + mp_uintmax_t numu; /* unsigned */ double dnum; - } data; + } val; +}; + +/* + * Describes an output segment. + */ +struct outsegment { + int width; /* width OR width parameter number */ + int precision; /* precision OR precision parameter number */ + unsigned int flags; + unsigned int input; /* input argument array index */ + char *start; /* format string start to output */ + size_t outlen; /* number of bytes from the format string to output */ }; struct nsprintf { @@ -171,118 +175,123 @@ struct nsprintf { struct asprintf { struct dynbuf *b; - bool fail; /* if an alloc has failed and thus the output is not the complete - data */ + char merr; }; -static long dprintf_DollarString(char *input, char **end) -{ - int number = 0; - while(ISDIGIT(*input)) { - if(number < MAX_PARAMETERS) { - number *= 10; - number += *input - '0'; - } - input++; - } - if(number <= MAX_PARAMETERS && ('$' == *input)) { - *end = ++input; - return number; - } - return 0; -} +/* the provided input number is 1-based but this returns the number 0-based. -static bool dprintf_IsQualifierNoDollar(const char *fmt) + returns -1 if no valid number was provided. +*/ +static int dollarstring(char *input, char **end) { -#if defined(MP_HAVE_INT_EXTENSIONS) - if(!strncmp(fmt, "I32", 3) || !strncmp(fmt, "I64", 3)) { - return TRUE; - } -#endif - - switch(*fmt) { - case '-': case '+': case ' ': case '#': case '.': - case '0': case '1': case '2': case '3': case '4': - case '5': case '6': case '7': case '8': case '9': - case 'h': case 'l': case 'L': case 'z': case 'q': - case '*': case 'O': -#if defined(MP_HAVE_INT_EXTENSIONS) - case 'I': -#endif - return TRUE; + if(ISDIGIT(*input)) { + int number = 0; + do { + if(number < MAX_PARAMETERS) { + number *= 10; + number += *input - '0'; + } + input++; + } while(ISDIGIT(*input)); - default: - return FALSE; + if(number && (number <= MAX_PARAMETERS) && ('$' == *input)) { + *end = ++input; + return number - 1; + } } + return -1; } -/****************************************************************** +/* + * Parse the format string. * - * Pass 1: - * Create an index with the type of each parameter entry and its - * value (may vary in size) + * Create two arrays. One describes the inputs, one describes the outputs. * * Returns zero on success. - * - ******************************************************************/ + */ -static int dprintf_Pass1(const char *format, struct va_stack *vto, - char **endpos, va_list arglist) +#define PFMT_OK 0 +#define PFMT_DOLLAR 1 /* bad dollar for main param */ +#define PFMT_DOLLARWIDTH 2 /* bad dollar use for width */ +#define PFMT_DOLLARPREC 3 /* bad dollar use for precision */ +#define PFMT_MANYARGS 4 /* too many input arguments used */ +#define PFMT_PREC 5 /* precision overflow */ +#define PFMT_PRECMIX 6 /* bad mix of precision specifiers */ +#define PFMT_WIDTH 7 /* width overflow */ +#define PFMT_INPUTGAP 8 /* gap in arguments */ +#define PFMT_WIDTHARG 9 /* attempted to use same arg twice, for width */ +#define PFMT_PRECARG 10 /* attempted to use same arg twice, for prec */ +#define PFMT_MANYSEGS 11 /* maxed out output segments */ + +static int parsefmt(const char *format, + struct outsegment *out, + struct va_input *in, + int *opieces, + int *ipieces, va_list arglist) { char *fmt = (char *)format; int param_num = 0; - long this_param; - long width; - long precision; - int flags; - long max_param = 0; - long i; + int param; + int width; + int precision; + unsigned int flags; + FormatType type; + int max_param = -1; + int i; + int ocount = 0; + unsigned char usedinput[MAX_PARAMETERS/8]; + size_t outlen = 0; + struct outsegment *optr; + int use_dollar = DOLLAR_UNKNOWN; + char *start = fmt; + + /* clear, set a bit for each used input */ + memset(usedinput, 0, sizeof(usedinput)); while(*fmt) { - if(*fmt++ == '%') { + if(*fmt == '%') { + struct va_input *iptr; + bool loopit = TRUE; + fmt++; + outlen = fmt - start - 1; if(*fmt == '%') { + /* this means a %% that should be output only as %. Create an output + segment. */ + if(outlen) { + optr = &out[ocount++]; + if(ocount > MAX_SEGMENTS) + return PFMT_MANYSEGS; + optr->input = 0; + optr->flags = FLAGS_SUBSTR; + optr->start = start; + optr->outlen = outlen; + } + start = fmt; fmt++; continue; /* while */ } - flags = FLAGS_NEW; - - /* Handle the positional case (N$) */ - - param_num++; - - this_param = dprintf_DollarString(fmt, &fmt); - if(0 == this_param) - /* we got no positional, get the next counter */ - this_param = param_num; - - if(this_param > max_param) - max_param = this_param; + flags = width = precision = 0; - /* - * The parameter with number 'i' should be used. Next, we need - * to get SIZE and TYPE of the parameter. Add the information - * to our array. - */ + if(use_dollar != DOLLAR_NOPE) { + param = dollarstring(fmt, &fmt); + if(param < 0) { + if(use_dollar == DOLLAR_USE) + /* illegal combo */ + return PFMT_DOLLAR; - width = 0; - precision = 0; - - /* Handle the flags */ - - while(dprintf_IsQualifierNoDollar(fmt)) { -#if defined(MP_HAVE_INT_EXTENSIONS) - if(!strncmp(fmt, "I32", 3)) { - flags |= FLAGS_LONG; - fmt += 3; - } - else if(!strncmp(fmt, "I64", 3)) { - flags |= FLAGS_LONGLONG; - fmt += 3; + /* we got no positional, just get the next arg */ + param = -1; + use_dollar = DOLLAR_NOPE; } else -#endif + use_dollar = DOLLAR_USE; + } + else + param = -1; + /* Handle the flags */ + while(loopit) { switch(*fmt++) { case ' ': flags |= FLAGS_SPACE; @@ -300,40 +309,63 @@ static int dprintf_Pass1(const char *format, struct va_stack *vto, case '.': if('*' == *fmt) { /* The precision is picked from a specified parameter */ - flags |= FLAGS_PRECPARAM; fmt++; - param_num++; - i = dprintf_DollarString(fmt, &fmt); - if(i) - precision = i; + if(use_dollar == DOLLAR_USE) { + precision = dollarstring(fmt, &fmt); + if(precision < 0) + /* illegal combo */ + return PFMT_DOLLARPREC; + } else - precision = param_num; - - if(precision > max_param) - max_param = precision; + /* get it from the next argument */ + precision = -1; } else { + bool is_neg = FALSE; flags |= FLAGS_PREC; - precision = strtol(fmt, &fmt, 10); + precision = 0; + if('-' == *fmt) { + is_neg = TRUE; + fmt++; + } + while(ISDIGIT(*fmt)) { + if(precision > INT_MAX/10) + return PFMT_PREC; + precision *= 10; + precision += *fmt - '0'; + fmt++; + } + if(is_neg) + precision = -precision; } if((flags & (FLAGS_PREC | FLAGS_PRECPARAM)) == (FLAGS_PREC | FLAGS_PRECPARAM)) /* it is not permitted to use both kinds of precision for the same argument */ - return 1; + return PFMT_PRECMIX; break; case 'h': flags |= FLAGS_SHORT; break; #if defined(MP_HAVE_INT_EXTENSIONS) case 'I': + if((fmt[0] == '3') && (fmt[1] == '2')) { + flags |= FLAGS_LONG; + fmt += 2; + } + else if((fmt[0] == '6') && (fmt[1] == '4')) { + flags |= FLAGS_LONGLONG; + fmt += 2; + } + else { #if (SIZEOF_CURL_OFF_T > SIZEOF_LONG) - flags |= FLAGS_LONGLONG; + flags |= FLAGS_LONGLONG; #else - flags |= FLAGS_LONG; + flags |= FLAGS_LONG; #endif + } break; #endif case 'l': @@ -367,401 +399,421 @@ static int dprintf_Pass1(const char *format, struct va_stack *vto, case '0': if(!(flags & FLAGS_LEFT)) flags |= FLAGS_PAD_NIL; - /* FALLTHROUGH */ + FALLTHROUGH(); case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': flags |= FLAGS_WIDTH; - width = strtol(fmt-1, &fmt, 10); + width = 0; + fmt--; + do { + if(width > INT_MAX/10) + return PFMT_WIDTH; + width *= 10; + width += *fmt - '0'; + fmt++; + } while(ISDIGIT(*fmt)); break; - case '*': /* Special case */ + case '*': /* read width from argument list */ flags |= FLAGS_WIDTHPARAM; - param_num++; - - i = dprintf_DollarString(fmt, &fmt); - if(i) - width = i; + if(use_dollar == DOLLAR_USE) { + width = dollarstring(fmt, &fmt); + if(width < 0) + /* illegal combo */ + return PFMT_DOLLARWIDTH; + } else - width = param_num; - if(width > max_param) - max_param = width; + /* pick from the next argument */ + width = -1; break; - case '\0': - fmt--; default: + loopit = FALSE; + fmt--; break; - } - } /* switch */ - - /* Handle the specifier */ - - i = this_param - 1; - - if((i < 0) || (i >= MAX_PARAMETERS)) - /* out of allowed range */ - return 1; + } /* switch */ + } /* while */ switch(*fmt) { case 'S': flags |= FLAGS_ALT; - /* FALLTHROUGH */ + FALLTHROUGH(); case 's': - vto[i].type = FORMAT_STRING; + type = FORMAT_STRING; break; case 'n': - vto[i].type = FORMAT_INTPTR; + type = FORMAT_INTPTR; break; case 'p': - vto[i].type = FORMAT_PTR; + type = FORMAT_PTR; break; - case 'd': case 'i': - vto[i].type = FORMAT_INT; + case 'd': + case 'i': + if(flags & FLAGS_LONGLONG) + type = FORMAT_LONGLONG; + else if(flags & FLAGS_LONG) + type = FORMAT_LONG; + else + type = FORMAT_INT; break; case 'u': - vto[i].type = FORMAT_INT; + if(flags & FLAGS_LONGLONG) + type = FORMAT_LONGLONGU; + else if(flags & FLAGS_LONG) + type = FORMAT_LONGU; + else + type = FORMAT_INTU; flags |= FLAGS_UNSIGNED; break; case 'o': - vto[i].type = FORMAT_INT; + type = FORMAT_INT; flags |= FLAGS_OCTAL; break; case 'x': - vto[i].type = FORMAT_INT; + type = FORMAT_INTU; flags |= FLAGS_HEX|FLAGS_UNSIGNED; break; case 'X': - vto[i].type = FORMAT_INT; + type = FORMAT_INTU; flags |= FLAGS_HEX|FLAGS_UPPER|FLAGS_UNSIGNED; break; case 'c': - vto[i].type = FORMAT_INT; + type = FORMAT_INT; flags |= FLAGS_CHAR; break; case 'f': - vto[i].type = FORMAT_DOUBLE; + type = FORMAT_DOUBLE; break; case 'e': - vto[i].type = FORMAT_DOUBLE; + type = FORMAT_DOUBLE; flags |= FLAGS_FLOATE; break; case 'E': - vto[i].type = FORMAT_DOUBLE; + type = FORMAT_DOUBLE; flags |= FLAGS_FLOATE|FLAGS_UPPER; break; case 'g': - vto[i].type = FORMAT_DOUBLE; + type = FORMAT_DOUBLE; flags |= FLAGS_FLOATG; break; case 'G': - vto[i].type = FORMAT_DOUBLE; + type = FORMAT_DOUBLE; flags |= FLAGS_FLOATG|FLAGS_UPPER; break; default: - vto[i].type = FORMAT_UNKNOWN; - break; + /* invalid instruction, disregard and continue */ + continue; } /* switch */ - vto[i].flags = flags; - vto[i].width = width; - vto[i].precision = precision; - if(flags & FLAGS_WIDTHPARAM) { - /* we have the width specified from a parameter, so we make that - parameter's info setup properly */ - long k = width - 1; - if((k < 0) || (k >= MAX_PARAMETERS)) - /* out of allowed range */ - return 1; - vto[i].width = k; - vto[k].type = FORMAT_WIDTH; - vto[k].flags = FLAGS_NEW; - /* can't use width or precision of width! */ - vto[k].width = 0; - vto[k].precision = 0; + if(width < 0) + width = param_num++; + else { + /* if this identifies a parameter already used, this + is illegal */ + if(usedinput[width/8] & (1 << (width&7))) + return PFMT_WIDTHARG; + } + if(width >= MAX_PARAMETERS) + return PFMT_MANYARGS; + if(width >= max_param) + max_param = width; + + in[width].type = FORMAT_WIDTH; + /* mark as used */ + usedinput[width/8] |= (unsigned char)(1 << (width&7)); } + if(flags & FLAGS_PRECPARAM) { - /* we have the precision specified from a parameter, so we make that - parameter's info setup properly */ - long k = precision - 1; - if((k < 0) || (k >= MAX_PARAMETERS)) - /* out of allowed range */ - return 1; - vto[i].precision = k; - vto[k].type = FORMAT_WIDTH; - vto[k].flags = FLAGS_NEW; - /* can't use width or precision of width! */ - vto[k].width = 0; - vto[k].precision = 0; + if(precision < 0) + precision = param_num++; + else { + /* if this identifies a parameter already used, this + is illegal */ + if(usedinput[precision/8] & (1 << (precision&7))) + return PFMT_PRECARG; + } + if(precision >= MAX_PARAMETERS) + return PFMT_MANYARGS; + if(precision >= max_param) + max_param = precision; + + in[precision].type = FORMAT_PRECISION; + usedinput[precision/8] |= (unsigned char)(1 << (precision&7)); } - *endpos++ = fmt + ((*fmt == '\0') ? 0 : 1); /* end of this sequence */ + + /* Handle the specifier */ + if(param < 0) + param = param_num++; + if(param >= MAX_PARAMETERS) + return PFMT_MANYARGS; + if(param >= max_param) + max_param = param; + + iptr = &in[param]; + iptr->type = type; + + /* mark this input as used */ + usedinput[param/8] |= (unsigned char)(1 << (param&7)); + + fmt++; + optr = &out[ocount++]; + if(ocount > MAX_SEGMENTS) + return PFMT_MANYSEGS; + optr->input = param; + optr->flags = flags; + optr->width = width; + optr->precision = precision; + optr->start = start; + optr->outlen = outlen; + start = fmt; } + else + fmt++; } - /* Read the arg list parameters into our data list */ - for(i = 0; i MAX_SEGMENTS) + return PFMT_MANYSEGS; + optr->input = 0; + optr->flags = FLAGS_SUBSTR; + optr->start = start; + optr->outlen = outlen; + } - switch(vto[i].type) { + /* Read the arg list parameters into our data list */ + for(i = 0; i < max_param + 1; i++) { + struct va_input *iptr = &in[i]; + if(!(usedinput[i/8] & (1 << (i&7)))) + /* bad input */ + return PFMT_INPUTGAP; + + /* based on the type, read the correct argument */ + switch(iptr->type) { case FORMAT_STRING: - vto[i].data.str = va_arg(arglist, char *); + iptr->val.str = va_arg(arglist, char *); break; case FORMAT_INTPTR: - case FORMAT_UNKNOWN: case FORMAT_PTR: - vto[i].data.ptr = va_arg(arglist, void *); + iptr->val.ptr = va_arg(arglist, void *); break; - case FORMAT_INT: -#ifdef HAVE_LONG_LONG_TYPE - if((vto[i].flags & FLAGS_LONGLONG) && (vto[i].flags & FLAGS_UNSIGNED)) - vto[i].data.num.as_unsigned = - (mp_uintmax_t)va_arg(arglist, mp_uintmax_t); - else if(vto[i].flags & FLAGS_LONGLONG) - vto[i].data.num.as_signed = - (mp_intmax_t)va_arg(arglist, mp_intmax_t); - else -#endif - { - if((vto[i].flags & FLAGS_LONG) && (vto[i].flags & FLAGS_UNSIGNED)) - vto[i].data.num.as_unsigned = - (mp_uintmax_t)va_arg(arglist, unsigned long); - else if(vto[i].flags & FLAGS_LONG) - vto[i].data.num.as_signed = - (mp_intmax_t)va_arg(arglist, long); - else if(vto[i].flags & FLAGS_UNSIGNED) - vto[i].data.num.as_unsigned = - (mp_uintmax_t)va_arg(arglist, unsigned int); - else - vto[i].data.num.as_signed = - (mp_intmax_t)va_arg(arglist, int); - } + case FORMAT_LONGLONGU: + iptr->val.numu = (mp_uintmax_t)va_arg(arglist, mp_uintmax_t); break; - case FORMAT_DOUBLE: - vto[i].data.dnum = va_arg(arglist, double); + case FORMAT_LONGLONG: + iptr->val.nums = (mp_intmax_t)va_arg(arglist, mp_intmax_t); + break; + + case FORMAT_LONGU: + iptr->val.numu = (mp_uintmax_t)va_arg(arglist, unsigned long); + break; + + case FORMAT_LONG: + iptr->val.nums = (mp_intmax_t)va_arg(arglist, long); break; + case FORMAT_INTU: + iptr->val.numu = (mp_uintmax_t)va_arg(arglist, unsigned int); + break; + + case FORMAT_INT: case FORMAT_WIDTH: - /* Argument has been read. Silently convert it into an integer - * for later use - */ - vto[i].type = FORMAT_INT; + case FORMAT_PRECISION: + iptr->val.nums = (mp_intmax_t)va_arg(arglist, int); + break; + + case FORMAT_DOUBLE: + iptr->val.dnum = va_arg(arglist, double); break; default: + DEBUGASSERT(NULL); /* unexpected */ break; } } + *ipieces = max_param + 1; + *opieces = ocount; - return 0; - + return PFMT_OK; } -static int dprintf_formatf( - void *data, /* untouched by format(), just sent to the stream() function in - the second argument */ +/* + * formatf() - the general printf function. + * + * It calls parsefmt() to parse the format string. It populates two arrays; + * one that describes the input arguments and one that describes a number of + * output segments. + * + * On success, the input array describes the type of all arguments and their + * values. + * + * The function then iterates over the output sengments and outputs them one + * by one until done. Using the appropriate input arguments (if any). + * + * All output is sent to the 'stream()' callback, one byte at a time. + */ + +static int formatf( + void *userp, /* untouched by format(), just sent to the stream() function in + the second argument */ /* function pointer called for each output character */ - int (*stream)(int, FILE *), + int (*stream)(unsigned char, void *), const char *format, /* %-formatted string */ va_list ap_save) /* list of parameters */ { - /* Base-36 digits for numbers. */ - const char *digits = lower_digits; - - /* Pointer into the format string. */ - char *f; - - /* Number of characters written. */ - int done = 0; - - long param; /* current parameter to read */ - long param_num = 0; /* parameter counter */ - - struct va_stack vto[MAX_PARAMETERS]; - char *endpos[MAX_PARAMETERS]; - char **end; + static const char nilstr[] = "(nil)"; + const char *digits = lower_digits; /* Base-36 digits for numbers. */ + int done = 0; /* number of characters written */ + int i; + int ocount = 0; /* number of output segments */ + int icount = 0; /* number of input arguments */ + + struct outsegment output[MAX_SEGMENTS]; + struct va_input input[MAX_PARAMETERS]; char work[BUFFSIZE]; - struct va_stack *p; /* 'workend' points to the final buffer byte position, but with an extra byte as margin to avoid the (false?) warning Coverity gives us otherwise */ char *workend = &work[sizeof(work) - 2]; - /* Do the actual %-code parsing */ - if(dprintf_Pass1(format, vto, endpos, ap_save)) + /* Parse the format string */ + if(parsefmt(format, output, input, &ocount, &icount, ap_save)) return 0; - end = &endpos[0]; /* the initial end-position from the list dprintf_Pass1() - created for us */ - - f = (char *)format; - while(*f != '\0') { - /* Format spec modifiers. */ - int is_alt; - - /* Width of a field. */ - long width; - - /* Precision of a field. */ - long prec; - - /* Decimal integer is negative. */ - int is_neg; - - /* Base of a number to be written. */ - unsigned long base; - - /* Integral values to be written. */ - mp_uintmax_t num; - - /* Used to convert negative in positive. */ - mp_intmax_t signed_num; - + for(i = 0; i < ocount; i++) { + struct outsegment *optr = &output[i]; + struct va_input *iptr; + bool is_alt; /* Format spec modifiers. */ + int width; /* Width of a field. */ + int prec; /* Precision of a field. */ + bool is_neg; /* Decimal integer is negative. */ + unsigned long base; /* Base of a number to be written. */ + mp_uintmax_t num; /* Integral values to be written. */ + mp_intmax_t signed_num; /* Used to convert negative in positive. */ char *w; - - if(*f != '%') { - /* This isn't a format spec, so write everything out until the next one - OR end of string is reached. */ - do { - OUTCHAR(*f); - } while(*++f && ('%' != *f)); - continue; + size_t outlen = optr->outlen; + int flags = optr->flags; + + if(outlen) { + char *str = optr->start; + for(; outlen && *str; outlen--) + OUTCHAR(*str++); + if(optr->flags & FLAGS_SUBSTR) + /* this is just a substring */ + continue; } - ++f; - - /* Check for "%%". Note that although the ANSI standard lists - '%' as a conversion specifier, it says "The complete format - specification shall be `%%'," so we can avoid all the width - and precision processing. */ - if(*f == '%') { - ++f; - OUTCHAR('%'); - continue; - } - - /* If this is a positional parameter, the position must follow immediately - after the %, thus create a %$ sequence */ - param = dprintf_DollarString(f, &f); - - if(!param) - param = param_num; - else - --param; - - param_num++; /* increase this always to allow "%2$s %1$s %s" and then the - third %s will pick the 3rd argument */ - - p = &vto[param]; - /* pick up the specified width */ - if(p->flags & FLAGS_WIDTHPARAM) { - width = (long)vto[p->width].data.num.as_signed; - param_num++; /* since the width is extracted from a parameter, we - must skip that to get to the next one properly */ + if(flags & FLAGS_WIDTHPARAM) { + width = (int)input[optr->width].val.nums; if(width < 0) { /* "A negative field width is taken as a '-' flag followed by a positive field width." */ - width = -width; - p->flags |= FLAGS_LEFT; - p->flags &= ~FLAGS_PAD_NIL; + if(width == INT_MIN) + width = INT_MAX; + else + width = -width; + flags |= FLAGS_LEFT; + flags &= ~FLAGS_PAD_NIL; } } else - width = p->width; + width = optr->width; /* pick up the specified precision */ - if(p->flags & FLAGS_PRECPARAM) { - prec = (long)vto[p->precision].data.num.as_signed; - param_num++; /* since the precision is extracted from a parameter, we - must skip that to get to the next one properly */ + if(flags & FLAGS_PRECPARAM) { + prec = (int)input[optr->precision].val.nums; if(prec < 0) /* "A negative precision is taken as if the precision were omitted." */ prec = -1; } - else if(p->flags & FLAGS_PREC) - prec = p->precision; + else if(flags & FLAGS_PREC) + prec = optr->precision; else prec = -1; - is_alt = (p->flags & FLAGS_ALT) ? 1 : 0; + is_alt = (flags & FLAGS_ALT) ? 1 : 0; + iptr = &input[optr->input]; - switch(p->type) { + switch(iptr->type) { + case FORMAT_INTU: + case FORMAT_LONGU: + case FORMAT_LONGLONGU: + flags |= FLAGS_UNSIGNED; + FALLTHROUGH(); case FORMAT_INT: - num = p->data.num.as_unsigned; - if(p->flags & FLAGS_CHAR) { + case FORMAT_LONG: + case FORMAT_LONGLONG: + num = iptr->val.numu; + if(flags & FLAGS_CHAR) { /* Character. */ - if(!(p->flags & FLAGS_LEFT)) + if(!(flags & FLAGS_LEFT)) while(--width > 0) OUTCHAR(' '); OUTCHAR((char) num); - if(p->flags & FLAGS_LEFT) + if(flags & FLAGS_LEFT) while(--width > 0) OUTCHAR(' '); break; } - if(p->flags & FLAGS_OCTAL) { - /* Octal unsigned integer. */ + if(flags & FLAGS_OCTAL) { + /* Octal unsigned integer */ base = 8; - goto unsigned_number; + is_neg = FALSE; } - else if(p->flags & FLAGS_HEX) { - /* Hexadecimal unsigned integer. */ - - digits = (p->flags & FLAGS_UPPER)? upper_digits : lower_digits; + else if(flags & FLAGS_HEX) { + /* Hexadecimal unsigned integer */ + digits = (flags & FLAGS_UPPER)? upper_digits : lower_digits; base = 16; - goto unsigned_number; + is_neg = FALSE; } - else if(p->flags & FLAGS_UNSIGNED) { - /* Decimal unsigned integer. */ + else if(flags & FLAGS_UNSIGNED) { + /* Decimal unsigned integer */ base = 10; - goto unsigned_number; + is_neg = FALSE; } + else { + /* Decimal integer. */ + base = 10; - /* Decimal integer. */ - base = 10; - - is_neg = (p->data.num.as_signed < (mp_intmax_t)0) ? 1 : 0; - if(is_neg) { - /* signed_num might fail to hold absolute negative minimum by 1 */ - signed_num = p->data.num.as_signed + (mp_intmax_t)1; - signed_num = -signed_num; - num = (mp_uintmax_t)signed_num; - num += (mp_uintmax_t)1; + is_neg = (iptr->val.nums < (mp_intmax_t)0); + if(is_neg) { + /* signed_num might fail to hold absolute negative minimum by 1 */ + signed_num = iptr->val.nums + (mp_intmax_t)1; + signed_num = -signed_num; + num = (mp_uintmax_t)signed_num; + num += (mp_uintmax_t)1; + } } - - goto number; - -unsigned_number: - /* Unsigned number of base BASE. */ - is_neg = 0; - number: - /* Number of base BASE. */ - /* Supply a default precision if none was given. */ if(prec == -1) prec = 1; /* Put the number in WORK. */ w = workend; - while(num > 0) { - *w-- = digits[num % base]; - num /= base; + switch(base) { + case 10: + while(num > 0) { + *w-- = (char)('0' + (num % 10)); + num /= 10; + } + break; + default: + while(num > 0) { + *w-- = digits[num % base]; + num /= base; + } + break; } - width -= (long)(workend - w); - prec -= (long)(workend - w); + width -= (int)(workend - w); + prec -= (int)(workend - w); if(is_alt && base == 8 && prec <= 0) { *w-- = '0'; @@ -777,29 +829,29 @@ number: if(is_alt && base == 16) width -= 2; - if(is_neg || (p->flags & FLAGS_SHOWSIGN) || (p->flags & FLAGS_SPACE)) + if(is_neg || (flags & FLAGS_SHOWSIGN) || (flags & FLAGS_SPACE)) --width; - if(!(p->flags & FLAGS_LEFT) && !(p->flags & FLAGS_PAD_NIL)) + if(!(flags & FLAGS_LEFT) && !(flags & FLAGS_PAD_NIL)) while(width-- > 0) OUTCHAR(' '); if(is_neg) OUTCHAR('-'); - else if(p->flags & FLAGS_SHOWSIGN) + else if(flags & FLAGS_SHOWSIGN) OUTCHAR('+'); - else if(p->flags & FLAGS_SPACE) + else if(flags & FLAGS_SPACE) OUTCHAR(' '); if(is_alt && base == 16) { OUTCHAR('0'); - if(p->flags & FLAGS_UPPER) + if(flags & FLAGS_UPPER) OUTCHAR('X'); else OUTCHAR('x'); } - if(!(p->flags & FLAGS_LEFT) && (p->flags & FLAGS_PAD_NIL)) + if(!(flags & FLAGS_LEFT) && (flags & FLAGS_PAD_NIL)) while(width-- > 0) OUTCHAR('0'); @@ -808,219 +860,199 @@ number: OUTCHAR(*w); } - if(p->flags & FLAGS_LEFT) + if(flags & FLAGS_LEFT) while(width-- > 0) OUTCHAR(' '); break; - case FORMAT_STRING: - /* String. */ - { - static const char null[] = "(nil)"; - const char *str; - size_t len; - - str = (char *) p->data.str; - if(!str) { - /* Write null[] if there's space. */ - if(prec == -1 || prec >= (long) sizeof(null) - 1) { - str = null; - len = sizeof(null) - 1; - /* Disable quotes around (nil) */ - p->flags &= (~FLAGS_ALT); - } - else { - str = ""; - len = 0; - } + case FORMAT_STRING: { + const char *str; + size_t len; + + str = (char *)iptr->val.str; + if(!str) { + /* Write null string if there's space. */ + if(prec == -1 || prec >= (int) sizeof(nilstr) - 1) { + str = nilstr; + len = sizeof(nilstr) - 1; + /* Disable quotes around (nil) */ + flags &= (~FLAGS_ALT); } - else if(prec != -1) - len = (size_t)prec; - else if(*str == '\0') + else { + str = ""; len = 0; - else - len = strlen(str); + } + } + else if(prec != -1) + len = (size_t)prec; + else if(*str == '\0') + len = 0; + else + len = strlen(str); - width -= (len > LONG_MAX) ? LONG_MAX : (long)len; + width -= (len > INT_MAX) ? INT_MAX : (int)len; - if(p->flags & FLAGS_ALT) - OUTCHAR('"'); + if(flags & FLAGS_ALT) + OUTCHAR('"'); - if(!(p->flags&FLAGS_LEFT)) - while(width-- > 0) - OUTCHAR(' '); + if(!(flags&FLAGS_LEFT)) + while(width-- > 0) + OUTCHAR(' '); - for(; len && *str; len--) - OUTCHAR(*str++); - if(p->flags&FLAGS_LEFT) - while(width-- > 0) - OUTCHAR(' '); + for(; len && *str; len--) + OUTCHAR(*str++); + if(flags&FLAGS_LEFT) + while(width-- > 0) + OUTCHAR(' '); - if(p->flags & FLAGS_ALT) - OUTCHAR('"'); - } + if(flags & FLAGS_ALT) + OUTCHAR('"'); break; + } case FORMAT_PTR: /* Generic pointer. */ - { - void *ptr; - ptr = (void *) p->data.ptr; - if(ptr) { - /* If the pointer is not NULL, write it as a %#x spec. */ - base = 16; - digits = (p->flags & FLAGS_UPPER)? upper_digits : lower_digits; - is_alt = 1; - num = (size_t) ptr; - is_neg = 0; - goto number; - } - else { - /* Write "(nil)" for a nil pointer. */ - static const char strnil[] = "(nil)"; - const char *point; - - width -= (long)(sizeof(strnil) - 1); - if(p->flags & FLAGS_LEFT) - while(width-- > 0) - OUTCHAR(' '); - for(point = strnil; *point != '\0'; ++point) - OUTCHAR(*point); - if(!(p->flags & FLAGS_LEFT)) - while(width-- > 0) - OUTCHAR(' '); - } + if(iptr->val.ptr) { + /* If the pointer is not NULL, write it as a %#x spec. */ + base = 16; + digits = (flags & FLAGS_UPPER)? upper_digits : lower_digits; + is_alt = TRUE; + num = (size_t) iptr->val.ptr; + is_neg = FALSE; + goto number; } - break; + else { + /* Write "(nil)" for a nil pointer. */ + const char *point; - case FORMAT_DOUBLE: - { - char formatbuf[32]="%"; - char *fptr = &formatbuf[1]; - size_t left = sizeof(formatbuf)-strlen(formatbuf); - int len; - - width = -1; - if(p->flags & FLAGS_WIDTH) - width = p->width; - else if(p->flags & FLAGS_WIDTHPARAM) - width = (long)vto[p->width].data.num.as_signed; + width -= (int)(sizeof(nilstr) - 1); + if(flags & FLAGS_LEFT) + while(width-- > 0) + OUTCHAR(' '); + for(point = nilstr; *point != '\0'; ++point) + OUTCHAR(*point); + if(!(flags & FLAGS_LEFT)) + while(width-- > 0) + OUTCHAR(' '); + } + break; - prec = -1; - if(p->flags & FLAGS_PREC) - prec = p->precision; - else if(p->flags & FLAGS_PRECPARAM) - prec = (long)vto[p->precision].data.num.as_signed; - - if(p->flags & FLAGS_LEFT) - *fptr++ = '-'; - if(p->flags & FLAGS_SHOWSIGN) - *fptr++ = '+'; - if(p->flags & FLAGS_SPACE) - *fptr++ = ' '; - if(p->flags & FLAGS_ALT) - *fptr++ = '#'; - - *fptr = 0; - - if(width >= 0) { - if(width >= (long)sizeof(work)) - width = sizeof(work)-1; - /* RECURSIVE USAGE */ - len = curl_msnprintf(fptr, left, "%ld", width); - fptr += len; - left -= len; + case FORMAT_DOUBLE: { + char formatbuf[32]="%"; + char *fptr = &formatbuf[1]; + size_t left = sizeof(formatbuf)-strlen(formatbuf); + int len; + + if(flags & FLAGS_WIDTH) + width = optr->width; + + if(flags & FLAGS_PREC) + prec = optr->precision; + + if(flags & FLAGS_LEFT) + *fptr++ = '-'; + if(flags & FLAGS_SHOWSIGN) + *fptr++ = '+'; + if(flags & FLAGS_SPACE) + *fptr++ = ' '; + if(flags & FLAGS_ALT) + *fptr++ = '#'; + + *fptr = 0; + + if(width >= 0) { + if(width >= (int)sizeof(work)) + width = sizeof(work)-1; + /* RECURSIVE USAGE */ + len = curl_msnprintf(fptr, left, "%d", width); + fptr += len; + left -= len; + } + if(prec >= 0) { + /* for each digit in the integer part, we can have one less + precision */ + size_t maxprec = sizeof(work) - 2; + double val = iptr->val.dnum; + if(width > 0 && prec <= width) + maxprec -= width; + while(val >= 10.0) { + val /= 10; + maxprec--; } - if(prec >= 0) { - /* for each digit in the integer part, we can have one less - precision */ - size_t maxprec = sizeof(work) - 2; - double val = p->data.dnum; - if(width > 0 && prec <= width) - maxprec -= width; - while(val >= 10.0) { - val /= 10; - maxprec--; - } - if(prec > (long)maxprec) - prec = (long)maxprec-1; - if(prec < 0) - prec = 0; - /* RECURSIVE USAGE */ - len = curl_msnprintf(fptr, left, ".%ld", prec); - fptr += len; - } - if(p->flags & FLAGS_LONG) - *fptr++ = 'l'; + if(prec > (int)maxprec) + prec = (int)maxprec-1; + if(prec < 0) + prec = 0; + /* RECURSIVE USAGE */ + len = curl_msnprintf(fptr, left, ".%d", prec); + fptr += len; + } + if(flags & FLAGS_LONG) + *fptr++ = 'l'; - if(p->flags & FLAGS_FLOATE) - *fptr++ = (char)((p->flags & FLAGS_UPPER) ? 'E':'e'); - else if(p->flags & FLAGS_FLOATG) - *fptr++ = (char)((p->flags & FLAGS_UPPER) ? 'G' : 'g'); - else - *fptr++ = 'f'; + if(flags & FLAGS_FLOATE) + *fptr++ = (char)((flags & FLAGS_UPPER) ? 'E':'e'); + else if(flags & FLAGS_FLOATG) + *fptr++ = (char)((flags & FLAGS_UPPER) ? 'G' : 'g'); + else + *fptr++ = 'f'; - *fptr = 0; /* and a final null-termination */ + *fptr = 0; /* and a final null-termination */ #ifdef __clang__ #pragma clang diagnostic push #pragma clang diagnostic ignored "-Wformat-nonliteral" #endif - /* NOTE NOTE NOTE!! Not all sprintf implementations return number of - output characters */ + /* NOTE NOTE NOTE!! Not all sprintf implementations return number of + output characters */ #ifdef HAVE_SNPRINTF - (snprintf)(work, sizeof(work), formatbuf, p->data.dnum); + (snprintf)(work, sizeof(work), formatbuf, iptr->val.dnum); #else - (sprintf)(work, formatbuf, p->data.dnum); + (sprintf)(work, formatbuf, iptr->val.dnum); #endif #ifdef __clang__ #pragma clang diagnostic pop #endif - DEBUGASSERT(strlen(work) <= sizeof(work)); - for(fptr = work; *fptr; fptr++) - OUTCHAR(*fptr); - } + DEBUGASSERT(strlen(work) <= sizeof(work)); + for(fptr = work; *fptr; fptr++) + OUTCHAR(*fptr); break; + } case FORMAT_INTPTR: /* Answer the count of characters written. */ #ifdef HAVE_LONG_LONG_TYPE - if(p->flags & FLAGS_LONGLONG) - *(LONG_LONG_TYPE *) p->data.ptr = (LONG_LONG_TYPE)done; + if(flags & FLAGS_LONGLONG) + *(LONG_LONG_TYPE *) iptr->val.ptr = (LONG_LONG_TYPE)done; else #endif - if(p->flags & FLAGS_LONG) - *(long *) p->data.ptr = (long)done; - else if(!(p->flags & FLAGS_SHORT)) - *(int *) p->data.ptr = (int)done; + if(flags & FLAGS_LONG) + *(long *) iptr->val.ptr = (long)done; + else if(!(flags & FLAGS_SHORT)) + *(int *) iptr->val.ptr = (int)done; else - *(short *) p->data.ptr = (short)done; + *(short *) iptr->val.ptr = (short)done; break; default: break; } - f = *end++; /* goto end of %-code */ - } return done; } /* fputc() look-alike */ -static int addbyter(int output, FILE *data) +static int addbyter(unsigned char outc, void *f) { - struct nsprintf *infop = (struct nsprintf *)data; - unsigned char outc = (unsigned char)output; - + struct nsprintf *infop = f; if(infop->length < infop->max) { /* only do this if we haven't reached max length yet */ - infop->buffer[0] = outc; /* store */ - infop->buffer++; /* increase pointer */ + *infop->buffer++ = outc; /* store */ infop->length++; /* we are now one byte larger */ - return outc; /* fputc() returns like this on success */ + return 0; /* fputc() returns like this on success */ } - return -1; + return 1; } int curl_mvsnprintf(char *buffer, size_t maxlength, const char *format, @@ -1033,7 +1065,7 @@ int curl_mvsnprintf(char *buffer, size_t maxlength, const char *format, info.length = 0; info.max = maxlength; - retcode = dprintf_formatf(&info, addbyter, format, ap_save); + retcode = formatf(&info, addbyter, format, ap_save); if(info.max) { /* we terminate this with a zero byte */ if(info.max == info.length) { @@ -1059,32 +1091,28 @@ int curl_msnprintf(char *buffer, size_t maxlength, const char *format, ...) } /* fputc() look-alike */ -static int alloc_addbyter(int output, FILE *data) +static int alloc_addbyter(unsigned char outc, void *f) { - struct asprintf *infop = (struct asprintf *)data; - unsigned char outc = (unsigned char)output; - - if(Curl_dyn_addn(infop->b, &outc, 1)) { - infop->fail = 1; - return -1; /* fail */ + struct asprintf *infop = f; + CURLcode result = Curl_dyn_addn(infop->b, &outc, 1); + if(result) { + infop->merr = result == CURLE_TOO_LARGE ? MERR_TOO_LARGE : MERR_MEM; + return 1 ; /* fail */ } - return outc; /* fputc() returns like this on success */ + return 0; } -extern int Curl_dyn_vprintf(struct dynbuf *dyn, - const char *format, va_list ap_save); - -/* appends the formatted string, returns 0 on success, 1 on error */ +/* appends the formatted string, returns MERR error code */ int Curl_dyn_vprintf(struct dynbuf *dyn, const char *format, va_list ap_save) { struct asprintf info; info.b = dyn; - info.fail = 0; + info.merr = MERR_OK; - (void)dprintf_formatf(&info, alloc_addbyter, format, ap_save); - if(info.fail) { + (void)formatf(&info, alloc_addbyter, format, ap_save); + if(info.merr) { Curl_dyn_free(info.b); - return 1; + return info.merr; } return 0; } @@ -1095,10 +1123,10 @@ char *curl_mvaprintf(const char *format, va_list ap_save) struct dynbuf dyn; info.b = &dyn; Curl_dyn_init(info.b, DYN_APRINTF); - info.fail = 0; + info.merr = MERR_OK; - (void)dprintf_formatf(&info, alloc_addbyter, format, ap_save); - if(info.fail) { + (void)formatf(&info, alloc_addbyter, format, ap_save); + if(info.merr) { Curl_dyn_free(info.b); return NULL; } @@ -1117,13 +1145,12 @@ char *curl_maprintf(const char *format, ...) return s; } -static int storebuffer(int output, FILE *data) +static int storebuffer(unsigned char outc, void *f) { - char **buffer = (char **)data; - unsigned char outc = (unsigned char)output; + char **buffer = f; **buffer = outc; (*buffer)++; - return outc; /* act like fputc() ! */ + return 0; } int curl_msprintf(char *buffer, const char *format, ...) @@ -1131,19 +1158,29 @@ int curl_msprintf(char *buffer, const char *format, ...) va_list ap_save; /* argument pointer */ int retcode; va_start(ap_save, format); - retcode = dprintf_formatf(&buffer, storebuffer, format, ap_save); + retcode = formatf(&buffer, storebuffer, format, ap_save); va_end(ap_save); *buffer = 0; /* we terminate this with a zero byte */ return retcode; } +static int fputc_wrapper(unsigned char outc, void *f) +{ + int out = outc; + FILE *s = f; + int rc = fputc(out, s); + if(rc == out) + return 0; + return 1; +} + int curl_mprintf(const char *format, ...) { int retcode; va_list ap_save; /* argument pointer */ va_start(ap_save, format); - retcode = dprintf_formatf(stdout, fputc, format, ap_save); + retcode = formatf(stdout, fputc_wrapper, format, ap_save); va_end(ap_save); return retcode; } @@ -1153,25 +1190,24 @@ int curl_mfprintf(FILE *whereto, const char *format, ...) int retcode; va_list ap_save; /* argument pointer */ va_start(ap_save, format); - retcode = dprintf_formatf(whereto, fputc, format, ap_save); + retcode = formatf(whereto, fputc_wrapper, format, ap_save); va_end(ap_save); return retcode; } int curl_mvsprintf(char *buffer, const char *format, va_list ap_save) { - int retcode; - retcode = dprintf_formatf(&buffer, storebuffer, format, ap_save); + int retcode = formatf(&buffer, storebuffer, format, ap_save); *buffer = 0; /* we terminate this with a zero byte */ return retcode; } int curl_mvprintf(const char *format, va_list ap_save) { - return dprintf_formatf(stdout, fputc, format, ap_save); + return formatf(stdout, fputc_wrapper, format, ap_save); } int curl_mvfprintf(FILE *whereto, const char *format, va_list ap_save) { - return dprintf_formatf(whereto, fputc, format, ap_save); + return formatf(whereto, fputc_wrapper, format, ap_save); } diff --git a/lib/mqtt.c b/lib/mqtt.c index 54f88822c..5a9d6d0f1 100644 --- a/lib/mqtt.c +++ b/lib/mqtt.c @@ -88,7 +88,7 @@ const struct Curl_handler Curl_handler_mqtt = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ ZERO_NULL, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_MQTT, /* defport */ @@ -524,8 +524,10 @@ static CURLcode mqtt_publish(struct Curl_easy *data) char encodedbytes[4]; curl_off_t postfieldsize = data->set.postfieldsize; - if(!payload) + if(!payload) { + DEBUGF(infof(data, "mqtt_publish without payload, return bad arg")); return CURLE_BAD_FUNCTION_ARGUMENT; + } if(postfieldsize < 0) payloadlen = strlen(payload); else @@ -616,16 +618,12 @@ static void mqstate(struct Curl_easy *data, } -/* for the publish packet */ -#define MQTT_HEADER_LEN 5 /* max 5 bytes */ - static CURLcode mqtt_read_publish(struct Curl_easy *data, bool *done) { CURLcode result = CURLE_OK; struct connectdata *conn = data->conn; curl_socket_t sockfd = conn->sock[FIRSTSOCKET]; ssize_t nread; - unsigned char *pkt = (unsigned char *)data->state.buffer; size_t remlen; struct mqtt_conn *mqtt = &conn->proto.mqtt; struct MQTT *mq = data->req.p.mqtt; @@ -674,14 +672,14 @@ MQTT_SUBACK_COMING: data->req.bytecount = 0; data->req.size = remlen; mq->npacket = remlen; /* get this many bytes */ - /* FALLTHROUGH */ + FALLTHROUGH(); case MQTT_PUB_REMAIN: { /* read rest of packet, but no more. Cap to buffer size */ - struct SingleRequest *k = &data->req; + char buffer[4*1024]; size_t rest = mq->npacket; - if(rest > (size_t)data->set.buffer_size) - rest = (size_t)data->set.buffer_size; - result = Curl_read(data, sockfd, (char *)pkt, rest, &nread); + if(rest > sizeof(buffer)) + rest = sizeof(buffer); + result = Curl_read(data, sockfd, buffer, rest, &nread); if(result) { if(CURLE_AGAIN == result) { infof(data, "EEEE AAAAGAIN"); @@ -693,20 +691,13 @@ MQTT_SUBACK_COMING: result = CURLE_PARTIAL_FILE; goto end; } - Curl_debug(data, CURLINFO_DATA_IN, (char *)pkt, (size_t)nread); - - mq->npacket -= nread; - k->bytecount += nread; - result = Curl_pgrsSetDownloadCounter(data, k->bytecount); - if(result) - goto end; /* if QoS is set, message contains packet id */ - - result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)pkt, nread); + result = Curl_client_write(data, CLIENTWRITE_BODY, buffer, nread); if(result) goto end; + mq->npacket -= nread; if(!mq->npacket) /* no more PUBLISH payload, back to subscribe wait state */ mqstate(data, MQTT_FIRST, MQTT_PUBWAIT); @@ -754,7 +745,6 @@ static CURLcode mqtt_doing(struct Curl_easy *data, bool *done) struct MQTT *mq = data->req.p.mqtt; ssize_t nread; curl_socket_t sockfd = conn->sock[FIRSTSOCKET]; - unsigned char *pkt = (unsigned char *)data->state.buffer; unsigned char byte; *done = FALSE; @@ -785,14 +775,14 @@ static CURLcode mqtt_doing(struct Curl_easy *data, bool *done) /* remember the first byte */ mq->npacket = 0; mqstate(data, MQTT_REMAINING_LENGTH, MQTT_NOSTATE); - /* FALLTHROUGH */ + FALLTHROUGH(); case MQTT_REMAINING_LENGTH: do { result = Curl_read(data, sockfd, (char *)&byte, 1, &nread); if(!nread) break; Curl_debug(data, CURLINFO_HEADER_IN, (char *)&byte, 1); - pkt[mq->npacket++] = byte; + mq->pkt_hd[mq->npacket++] = byte; } while((byte & 0x80) && (mq->npacket < 4)); if(nread && (byte & 0x80)) /* MQTT supports up to 127 * 128^0 + 127 * 128^1 + 127 * 128^2 + @@ -800,7 +790,7 @@ static CURLcode mqtt_doing(struct Curl_easy *data, bool *done) result = CURLE_WEIRD_SERVER_REPLY; if(result) break; - mq->remaining_length = mqtt_decode_len(&pkt[0], mq->npacket, NULL); + mq->remaining_length = mqtt_decode_len(mq->pkt_hd, mq->npacket, NULL); mq->npacket = 0; if(mq->remaining_length) { mqstate(data, mqtt->nextstate, MQTT_NOSTATE); diff --git a/lib/mqtt.h b/lib/mqtt.h index 84f177022..99ab12a98 100644 --- a/lib/mqtt.h +++ b/lib/mqtt.h @@ -57,6 +57,7 @@ struct MQTT { unsigned char firstbyte; size_t remaining_length; struct dynbuf recvbuf; + unsigned char pkt_hd[4]; /* for decoding the arriving packet length */ }; #endif /* HEADER_CURL_MQTT_H */ diff --git a/lib/multi.c b/lib/multi.c index ff753ac8c..0926b0d85 100644 --- a/lib/multi.c +++ b/lib/multi.c @@ -55,22 +55,6 @@ #include "curl_memory.h" #include "memdebug.h" -#ifdef __APPLE__ - -#define wakeup_write write -#define wakeup_read read -#define wakeup_close close -#define wakeup_create pipe - -#else /* __APPLE__ */ - -#define wakeup_write swrite -#define wakeup_read sread -#define wakeup_close sclose -#define wakeup_create(p) Curl_socketpair(AF_UNIX, SOCK_STREAM, 0, p) - -#endif /* __APPLE__ */ - /* CURL_SOCKET_HASH_TABLE_SIZE should be a prime number. Increasing it from 97 to 911 takes on a 32-bit machine 4 x 804 = 3211 more bytes. Still, every @@ -231,10 +215,6 @@ struct Curl_sh_entry { unsigned int readers; /* this many transfers want to read */ unsigned int writers; /* this many transfers want to write */ }; -/* bits for 'action' having no bits means this socket is not expecting any - action */ -#define SH_READ 1 -#define SH_WRITE 2 /* look up a given socket in the socket hash, skip invalid sockets */ static struct Curl_sh_entry *sh_getentry(struct Curl_hash *sh, @@ -416,9 +396,6 @@ struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */ Curl_llist_init(&multi->msgsent, NULL); multi->multiplexing = TRUE; - - /* -1 means it not set by user, use the default value */ - multi->maxconnects = -1; multi->max_concurrent_streams = 100; #ifdef USE_WINSOCK @@ -695,6 +672,7 @@ static CURLcode multi_done(struct Curl_easy *data, many callbacks and protocols work differently, we could potentially do this more fine-grained in the future. */ premature = TRUE; + FALLTHROUGH(); default: break; } @@ -1016,73 +994,162 @@ void Curl_attach_connection(struct Curl_easy *data, Curl_conn_ev_data_attach(conn, data); } -static int domore_getsock(struct Curl_easy *data, - struct connectdata *conn, - curl_socket_t *socks) +static int connecting_getsock(struct Curl_easy *data, curl_socket_t *socks) { + struct connectdata *conn = data->conn; + (void)socks; + /* Not using `conn->sockfd` as `Curl_setup_transfer()` initializes + * that *after* the connect. */ + if(conn && conn->sock[FIRSTSOCKET] != CURL_SOCKET_BAD) { + /* Default is to wait to something from the server */ + socks[0] = conn->sock[FIRSTSOCKET]; + return GETSOCK_READSOCK(0); + } + return GETSOCK_BLANK; +} + +static int protocol_getsock(struct Curl_easy *data, curl_socket_t *socks) +{ + struct connectdata *conn = data->conn; + if(conn && conn->handler->proto_getsock) + return conn->handler->proto_getsock(data, conn, socks); + else if(conn && conn->sockfd != CURL_SOCKET_BAD) { + /* Default is to wait to something from the server */ + socks[0] = conn->sockfd; + return GETSOCK_READSOCK(0); + } + return GETSOCK_BLANK; +} + +static int domore_getsock(struct Curl_easy *data, curl_socket_t *socks) +{ + struct connectdata *conn = data->conn; if(conn && conn->handler->domore_getsock) return conn->handler->domore_getsock(data, conn, socks); + else if(conn && conn->sockfd != CURL_SOCKET_BAD) { + /* Default is that we want to send something to the server */ + socks[0] = conn->sockfd; + return GETSOCK_WRITESOCK(0); + } return GETSOCK_BLANK; } -static int doing_getsock(struct Curl_easy *data, - struct connectdata *conn, - curl_socket_t *socks) +static int doing_getsock(struct Curl_easy *data, curl_socket_t *socks) { + struct connectdata *conn = data->conn; if(conn && conn->handler->doing_getsock) return conn->handler->doing_getsock(data, conn, socks); + else if(conn && conn->sockfd != CURL_SOCKET_BAD) { + /* Default is that we want to send something to the server */ + socks[0] = conn->sockfd; + return GETSOCK_WRITESOCK(0); + } return GETSOCK_BLANK; } -static int protocol_getsock(struct Curl_easy *data, - struct connectdata *conn, - curl_socket_t *socks) +static int perform_getsock(struct Curl_easy *data, curl_socket_t *sock) { - if(conn->handler->proto_getsock) - return conn->handler->proto_getsock(data, conn, socks); - return Curl_conn_get_select_socks(data, FIRSTSOCKET, socks); + struct connectdata *conn = data->conn; + + if(!conn) + return GETSOCK_BLANK; + else if(conn->handler->perform_getsock) + return conn->handler->perform_getsock(data, conn, sock); + else { + /* Default is to obey the data->req.keepon flags for send/recv */ + int bitmap = GETSOCK_BLANK; + unsigned sockindex = 0; + if(CURL_WANT_RECV(data)) { + DEBUGASSERT(conn->sockfd != CURL_SOCKET_BAD); + bitmap |= GETSOCK_READSOCK(sockindex); + sock[sockindex] = conn->sockfd; + } + + if(CURL_WANT_SEND(data)) { + if((conn->sockfd != conn->writesockfd) || + bitmap == GETSOCK_BLANK) { + /* only if they are not the same socket and we have a readable + one, we increase index */ + if(bitmap != GETSOCK_BLANK) + sockindex++; /* increase index if we need two entries */ + + DEBUGASSERT(conn->writesockfd != CURL_SOCKET_BAD); + sock[sockindex] = conn->writesockfd; + } + bitmap |= GETSOCK_WRITESOCK(sockindex); + } + return bitmap; + } } -/* returns bitmapped flags for this handle and its sockets. The 'socks[]' - array contains MAX_SOCKSPEREASYHANDLE entries. */ -static int multi_getsock(struct Curl_easy *data, - curl_socket_t *socks) +/* Initializes `poll_set` with the current socket poll actions needed + * for transfer `data`. */ +static void multi_getsock(struct Curl_easy *data, + struct easy_pollset *ps) { - struct connectdata *conn = data->conn; /* The no connection case can happen when this is called from curl_multi_remove_handle() => singlesocket() => multi_getsock(). */ - if(!conn) - return 0; + Curl_pollset_reset(data, ps); + if(!data->conn) + return; switch(data->mstate) { - default: - return 0; + case MSTATE_INIT: + case MSTATE_PENDING: + case MSTATE_CONNECT: + /* nothing to poll for yet */ + break; case MSTATE_RESOLVING: - return Curl_resolv_getsock(data, socks); + Curl_pollset_add_socks(data, ps, Curl_resolv_getsock); + /* connection filters are not involved in this phase */ + break; + + case MSTATE_CONNECTING: + case MSTATE_TUNNELING: + Curl_pollset_add_socks(data, ps, connecting_getsock); + Curl_conn_adjust_pollset(data, ps); + break; - case MSTATE_PROTOCONNECTING: case MSTATE_PROTOCONNECT: - return protocol_getsock(data, conn, socks); + case MSTATE_PROTOCONNECTING: + Curl_pollset_add_socks(data, ps, protocol_getsock); + Curl_conn_adjust_pollset(data, ps); + break; case MSTATE_DO: case MSTATE_DOING: - return doing_getsock(data, conn, socks); - - case MSTATE_TUNNELING: - case MSTATE_CONNECTING: - return Curl_conn_get_select_socks(data, FIRSTSOCKET, socks); + Curl_pollset_add_socks(data, ps, doing_getsock); + Curl_conn_adjust_pollset(data, ps); + break; case MSTATE_DOING_MORE: - return domore_getsock(data, conn, socks); + Curl_pollset_add_socks(data, ps, domore_getsock); + Curl_conn_adjust_pollset(data, ps); + break; - case MSTATE_DID: /* since is set after DO is completed, we switch to - waiting for the same as the PERFORMING state */ + case MSTATE_DID: /* same as PERFORMING in regard to polling */ case MSTATE_PERFORMING: - return Curl_single_getsock(data, conn, socks); - } + Curl_pollset_add_socks(data, ps, perform_getsock); + Curl_conn_adjust_pollset(data, ps); + break; + case MSTATE_RATELIMITING: + /* we need to let time pass, ignore socket(s) */ + break; + + case MSTATE_DONE: + case MSTATE_COMPLETED: + case MSTATE_MSGSENT: + /* nothing more to poll for */ + break; + + default: + failf(data, "multi_getsock: unexpected multi state %d", data->mstate); + DEBUGASSERT(0); + break; + } } CURLMcode curl_multi_fdset(struct Curl_multi *multi, @@ -1094,8 +1161,8 @@ CURLMcode curl_multi_fdset(struct Curl_multi *multi, and then we must make sure that is done. */ struct Curl_easy *data; int this_max_fd = -1; - curl_socket_t sockbunch[MAX_SOCKSPEREASYHANDLE]; - int i; + struct easy_pollset ps; + unsigned int i; (void)exc_fd_set; /* not used */ if(!GOOD_MULTI_HANDLE(multi)) @@ -1104,29 +1171,20 @@ CURLMcode curl_multi_fdset(struct Curl_multi *multi, if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; + memset(&ps, 0, sizeof(ps)); for(data = multi->easyp; data; data = data->next) { - int bitmap; -#ifdef __clang_analyzer_ - /* to prevent "The left operand of '>=' is a garbage value" warnings */ - memset(sockbunch, 0, sizeof(sockbunch)); -#endif - bitmap = multi_getsock(data, sockbunch); - - for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++) { - if((bitmap & GETSOCK_MASK_RW(i)) && VALID_SOCK((sockbunch[i]))) { - if(!FDSET_SOCK(sockbunch[i])) - /* pretend it doesn't exist */ - continue; - if(bitmap & GETSOCK_READSOCK(i)) - FD_SET(sockbunch[i], read_fd_set); - if(bitmap & GETSOCK_WRITESOCK(i)) - FD_SET(sockbunch[i], write_fd_set); - if((int)sockbunch[i] > this_max_fd) - this_max_fd = (int)sockbunch[i]; - } - else { - break; - } + multi_getsock(data, &ps); + + for(i = 0; i < ps.num; i++) { + if(!FDSET_SOCK(ps.sockets[i])) + /* pretend it doesn't exist */ + continue; + if(ps.actions[i] & CURL_POLL_IN) + FD_SET(ps.sockets[i], read_fd_set); + if(ps.actions[i] & CURL_POLL_OUT) + FD_SET(ps.sockets[i], write_fd_set); + if((int)ps.sockets[i] > this_max_fd) + this_max_fd = (int)ps.sockets[i]; } } @@ -1162,9 +1220,8 @@ static CURLMcode multi_wait(struct Curl_multi *multi, bool use_wakeup) { struct Curl_easy *data; - curl_socket_t sockbunch[MAX_SOCKSPEREASYHANDLE]; - int bitmap; - unsigned int i; + struct easy_pollset ps; + size_t i; unsigned int nfds = 0; unsigned int curlfds; long timeout_internal; @@ -1190,17 +1247,10 @@ static CURLMcode multi_wait(struct Curl_multi *multi, return CURLM_BAD_FUNCTION_ARGUMENT; /* Count up how many fds we have from the multi handle */ + memset(&ps, 0, sizeof(ps)); for(data = multi->easyp; data; data = data->next) { - bitmap = multi_getsock(data, sockbunch); - - for(i = 0; i < MAX_SOCKSPEREASYHANDLE; i++) { - if((bitmap & GETSOCK_MASK_RW(i)) && VALID_SOCK((sockbunch[i]))) { - ++nfds; - } - else { - break; - } - } + multi_getsock(data, &ps); + nfds += ps.num; } /* If the internally desired timeout is actually shorter than requested from @@ -1241,40 +1291,35 @@ static CURLMcode multi_wait(struct Curl_multi *multi, if(curlfds) { /* Add the curl handles to our pollfds first */ for(data = multi->easyp; data; data = data->next) { - bitmap = multi_getsock(data, sockbunch); + multi_getsock(data, &ps); - for(i = 0; i < MAX_SOCKSPEREASYHANDLE; i++) { - if((bitmap & GETSOCK_MASK_RW(i)) && VALID_SOCK((sockbunch[i]))) { - struct pollfd *ufd = &ufds[nfds++]; -#ifdef USE_WINSOCK - long mask = 0; -#endif - ufd->fd = sockbunch[i]; - ufd->events = 0; - if(bitmap & GETSOCK_READSOCK(i)) { + for(i = 0; i < ps.num; i++) { + struct pollfd *ufd = &ufds[nfds++]; #ifdef USE_WINSOCK - mask |= FD_READ|FD_ACCEPT|FD_CLOSE; + long mask = 0; #endif - ufd->events |= POLLIN; - } - if(bitmap & GETSOCK_WRITESOCK(i)) { + ufd->fd = ps.sockets[i]; + ufd->events = 0; + if(ps.actions[i] & CURL_POLL_IN) { #ifdef USE_WINSOCK - mask |= FD_WRITE|FD_CONNECT|FD_CLOSE; - reset_socket_fdwrite(sockbunch[i]); + mask |= FD_READ|FD_ACCEPT|FD_CLOSE; #endif - ufd->events |= POLLOUT; - } + ufd->events |= POLLIN; + } + if(ps.actions[i] & CURL_POLL_OUT) { #ifdef USE_WINSOCK - if(WSAEventSelect(sockbunch[i], multi->wsa_event, mask) != 0) { - if(ufds_malloc) - free(ufds); - return CURLM_INTERNAL_ERROR; - } + mask |= FD_WRITE|FD_CONNECT|FD_CLOSE; + reset_socket_fdwrite(ps.sockets[i]); #endif + ufd->events |= POLLOUT; } - else { - break; +#ifdef USE_WINSOCK + if(WSAEventSelect(ps.sockets[i], multi->wsa_event, mask) != 0) { + if(ufds_malloc) + free(ufds); + return CURLM_INTERNAL_ERROR; } +#endif } } } @@ -1386,21 +1431,16 @@ static CURLMcode multi_wait(struct Curl_multi *multi, if(curlfds) { for(data = multi->easyp; data; data = data->next) { - bitmap = multi_getsock(data, sockbunch); - - for(i = 0; i < MAX_SOCKSPEREASYHANDLE; i++) { - if(bitmap & (GETSOCK_READSOCK(i) | GETSOCK_WRITESOCK(i))) { - wsa_events.lNetworkEvents = 0; - if(WSAEnumNetworkEvents(sockbunch[i], NULL, &wsa_events) == 0) { - if(ret && !pollrc && wsa_events.lNetworkEvents) - retcode++; - } - WSAEventSelect(sockbunch[i], multi->wsa_event, 0); - } - else { - /* break on entry not checked for being readable or writable */ - break; + multi_getsock(data, &ps); + + for(i = 0; i < ps.num; i++) { + wsa_events.lNetworkEvents = 0; + if(WSAEnumNetworkEvents(ps.sockets[i], NULL, + &wsa_events) == 0) { + if(ret && !pollrc && wsa_events.lNetworkEvents) + retcode++; } + WSAEventSelect(ps.sockets[i], multi->wsa_event, 0); } } } @@ -1980,6 +2020,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } if(!result) { + *nowp = Curl_pgrsTime(data, TIMER_POSTQUEUE); if(async) /* We're now waiting for an asynchronous name lookup */ multistate(data, MSTATE_RESOLVING); @@ -2409,7 +2450,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, { char *newurl = NULL; bool retry = FALSE; - bool comeback = FALSE; DEBUGASSERT(data->state.buffer); /* check if over send speed */ send_timeout_ms = 0; @@ -2440,7 +2480,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } /* read/write data if it is ready to do so */ - result = Curl_readwrite(data->conn, data, &done, &comeback); + result = Curl_readwrite(data, &done); if(done || (result == CURLE_RECV_ERROR)) { /* If CURLE_RECV_ERROR happens early enough, we assume it was a race @@ -2550,7 +2590,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, } } } - else if(comeback) { + else if(data->state.select_bits) { /* This avoids CURLM_CALL_MULTI_PERFORM so that a very fast transfer won't get stuck on this transfer at the expense of other concurrent transfers */ @@ -2895,53 +2935,36 @@ CURLMsg *curl_multi_info_read(struct Curl_multi *multi, int *msgs_in_queue) static CURLMcode singlesocket(struct Curl_multi *multi, struct Curl_easy *data) { - curl_socket_t socks[MAX_SOCKSPEREASYHANDLE]; - int i; + struct easy_pollset cur_poll; + unsigned int i; struct Curl_sh_entry *entry; curl_socket_t s; - int num; - unsigned int curraction; - unsigned char actions[MAX_SOCKSPEREASYHANDLE]; int rc; - for(i = 0; i< MAX_SOCKSPEREASYHANDLE; i++) - socks[i] = CURL_SOCKET_BAD; - /* Fill in the 'current' struct with the state as it is now: what sockets to supervise and for what actions */ - curraction = multi_getsock(data, socks); + multi_getsock(data, &cur_poll); /* We have 0 .. N sockets already and we get to know about the 0 .. M sockets we should have from now on. Detect the differences, remove no longer supervised ones and add new ones */ /* walk over the sockets we got right now */ - for(i = 0; (i< MAX_SOCKSPEREASYHANDLE) && - (curraction & GETSOCK_MASK_RW(i)); - i++) { - unsigned char action = CURL_POLL_NONE; - unsigned char prevaction = 0; + for(i = 0; i < cur_poll.num; i++) { + unsigned char cur_action = cur_poll.actions[i]; + unsigned char last_action = 0; int comboaction; - bool sincebefore = FALSE; - s = socks[i]; + s = cur_poll.sockets[i]; /* get it from the hash */ entry = sh_getentry(&multi->sockhash, s); - - if(curraction & GETSOCK_READSOCK(i)) - action |= CURL_POLL_IN; - if(curraction & GETSOCK_WRITESOCK(i)) - action |= CURL_POLL_OUT; - - actions[i] = action; if(entry) { /* check if new for this transfer */ - int j; - for(j = 0; j< data->numsocks; j++) { - if(s == data->sockets[j]) { - prevaction = data->actions[j]; - sincebefore = TRUE; + unsigned int j; + for(j = 0; j< data->last_poll.num; j++) { + if(s == data->last_poll.sockets[j]) { + last_action = data->last_poll.actions[j]; break; } } @@ -2953,23 +2976,23 @@ static CURLMcode singlesocket(struct Curl_multi *multi, /* fatal */ return CURLM_OUT_OF_MEMORY; } - if(sincebefore && (prevaction != action)) { + if(last_action && (last_action != cur_action)) { /* Socket was used already, but different action now */ - if(prevaction & CURL_POLL_IN) + if(last_action & CURL_POLL_IN) entry->readers--; - if(prevaction & CURL_POLL_OUT) + if(last_action & CURL_POLL_OUT) entry->writers--; - if(action & CURL_POLL_IN) + if(cur_action & CURL_POLL_IN) entry->readers++; - if(action & CURL_POLL_OUT) + if(cur_action & CURL_POLL_OUT) entry->writers++; } - else if(!sincebefore) { - /* a new user */ + else if(!last_action) { + /* a new transfer using this socket */ entry->users++; - if(action & CURL_POLL_IN) + if(cur_action & CURL_POLL_IN) entry->readers++; - if(action & CURL_POLL_OUT) + if(cur_action & CURL_POLL_OUT) entry->writers++; /* add 'data' to the transfer hash on this socket! */ @@ -2980,11 +3003,11 @@ static CURLMcode singlesocket(struct Curl_multi *multi, } } - comboaction = (entry->writers? CURL_POLL_OUT : 0) | + comboaction = (entry->writers ? CURL_POLL_OUT : 0) | (entry->readers ? CURL_POLL_IN : 0); /* socket existed before and has the same action set as before */ - if(sincebefore && ((int)entry->action == comboaction)) + if(last_action && ((int)entry->action == comboaction)) /* same, continue */ continue; @@ -2992,6 +3015,7 @@ static CURLMcode singlesocket(struct Curl_multi *multi, set_in_callback(multi, TRUE); rc = multi->socket_cb(data, s, comboaction, multi->socket_userp, entry->socketp); + set_in_callback(multi, FALSE); if(rc == -1) { multi->dead = TRUE; @@ -3002,16 +3026,15 @@ static CURLMcode singlesocket(struct Curl_multi *multi, entry->action = comboaction; /* store the current action state */ } - num = i; /* number of sockets */ - - /* when we've walked over all the sockets we should have right now, we must - make sure to detect sockets that are removed */ - for(i = 0; i< data->numsocks; i++) { - int j; + /* Check for last_poll.sockets that no longer appear in cur_poll.sockets. + * Need to remove the easy handle from the multi->sockhash->transfers and + * remove multi->sockhash entry when this was the last transfer */ + for(i = 0; i< data->last_poll.num; i++) { + unsigned int j; bool stillused = FALSE; - s = data->sockets[i]; - for(j = 0; j < num; j++) { - if(s == socks[j]) { + s = data->last_poll.sockets[i]; + for(j = 0; j < cur_poll.num; j++) { + if(s == cur_poll.sockets[j]) { /* this is still supervised */ stillused = TRUE; break; @@ -3024,7 +3047,7 @@ static CURLMcode singlesocket(struct Curl_multi *multi, /* if this is NULL here, the socket has been closed and notified so already by Curl_multi_closed() */ if(entry) { - unsigned char oldactions = data->actions[i]; + unsigned char oldactions = data->last_poll.actions[i]; /* this socket has been removed. Decrease user count */ entry->users--; if(oldactions & CURL_POLL_OUT) @@ -3052,11 +3075,10 @@ static CURLMcode singlesocket(struct Curl_multi *multi, } } } - } /* for loop over numsocks */ + } /* for loop over num */ - memcpy(data->sockets, socks, num*sizeof(curl_socket_t)); - memcpy(data->actions, actions, num*sizeof(char)); - data->numsocks = num; + /* Remember for next time */ + memcpy(&data->last_poll, &cur_poll, sizeof(data->last_poll)); return CURLM_OK; } @@ -3220,7 +3242,7 @@ static CURLMcode multi_socket(struct Curl_multi *multi, if(data->conn && !(data->conn->handler->flags & PROTOPT_DIRLOCK)) /* set socket event bitmask if they're not locked */ - data->conn->cselect_bits = (unsigned char)ev_bitmask; + data->state.select_bits = (unsigned char)ev_bitmask; Curl_expire(data, 0, EXPIRE_RUN_NOW); } @@ -3296,6 +3318,7 @@ CURLMcode curl_multi_setopt(struct Curl_multi *multi, { CURLMcode res = CURLM_OK; va_list param; + unsigned long uarg; if(!GOOD_MULTI_HANDLE(multi)) return CURLM_BAD_HANDLE; @@ -3328,7 +3351,9 @@ CURLMcode curl_multi_setopt(struct Curl_multi *multi, multi->timer_userp = va_arg(param, void *); break; case CURLMOPT_MAXCONNECTS: - multi->maxconnects = va_arg(param, long); + uarg = va_arg(param, unsigned long); + if(uarg <= UINT_MAX) + multi->maxconnects = (unsigned int)uarg; break; case CURLMOPT_MAX_HOST_CONNECTIONS: multi->max_host_connections = va_arg(param, long); @@ -3350,9 +3375,9 @@ CURLMcode curl_multi_setopt(struct Curl_multi *multi, case CURLMOPT_MAX_CONCURRENT_STREAMS: { long streams = va_arg(param, long); - if(streams < 1) + if((streams < 1) || (streams > INT_MAX)) streams = 100; - multi->max_concurrent_streams = curlx_sltoui(streams); + multi->max_concurrent_streams = (unsigned int)streams; } break; default: @@ -3782,11 +3807,11 @@ struct Curl_easy **curl_multi_get_handles(struct Curl_multi *multi) struct Curl_easy **a = malloc(sizeof(struct Curl_easy *) * (multi->num_easy + 1)); if(a) { - int i = 0; + unsigned int i = 0; struct Curl_easy *e = multi->easyp; while(e) { DEBUGASSERT(i < multi->num_easy); - if(!e->internal) + if(!e->state.internal) a[i++] = e; e = e->next; } diff --git a/lib/multihandle.h b/lib/multihandle.h index 5b16bb605..e03e382e2 100644 --- a/lib/multihandle.h +++ b/lib/multihandle.h @@ -93,9 +93,9 @@ struct Curl_multi { struct Curl_easy *easyp; struct Curl_easy *easylp; /* last node */ - int num_easy; /* amount of entries in the linked list above. */ - int num_alive; /* amount of easy handles that are added but have not yet - reached COMPLETE state */ + unsigned int num_easy; /* amount of entries in the linked list above. */ + unsigned int num_alive; /* amount of easy handles that are added but have + not yet reached COMPLETE state */ struct Curl_llist msglist; /* a list of messages from completed transfers */ @@ -136,9 +136,6 @@ struct Curl_multi { /* Shared connection cache (bundles)*/ struct conncache conn_cache; - long maxconnects; /* if >0, a fixed limit of the maximum number of entries - we're allowed to grow the connection cache to */ - long max_host_connections; /* if >0, a fixed limit of the maximum number of connections per host */ @@ -150,8 +147,6 @@ struct Curl_multi { void *timer_userp; struct curltime timer_lastcall; /* the fixed time for the timeout for the previous callback */ - unsigned int max_concurrent_streams; - #ifdef USE_WINSOCK WSAEVENT wsa_event; /* winsock event used for waits */ #else @@ -160,6 +155,10 @@ struct Curl_multi { 0 is used for read, 1 is used for write */ #endif #endif + unsigned int max_concurrent_streams; + unsigned int maxconnects; /* if >0, a fixed limit of the maximum number of + entries we're allowed to grow the connection + cache to */ #define IPV6_UNKNOWN 0 #define IPV6_DEAD 1 #define IPV6_WORKS 2 diff --git a/lib/netrc.c b/lib/netrc.c index e6a09b187..038c6dca6 100644 --- a/lib/netrc.c +++ b/lib/netrc.c @@ -327,7 +327,7 @@ int Curl_parsenetrc(const char *host, char **loginp, char **passwordp, } retcode = parsenetrc(host, loginp, passwordp, filealloc); free(filealloc); -#ifdef WIN32 +#ifdef _WIN32 if(retcode == NETRC_FILE_MISSING) { /* fallback to the old-style "_netrc" file */ filealloc = curl_maprintf("%s%s_netrc", home, DIR_CHAR); diff --git a/lib/noproxy.c b/lib/noproxy.c index 2b9908d89..5241640a3 100644 --- a/lib/noproxy.c +++ b/lib/noproxy.c @@ -216,7 +216,6 @@ bool Curl_check_noproxy(const char *name, const char *no_proxy, /* case C passes through, not a match */ break; case TYPE_IPV4: - /* FALLTHROUGH */ case TYPE_IPV6: { const char *check = token; char *slash; diff --git a/lib/openldap.c b/lib/openldap.c index 3aff3060a..1e60ff738 100644 --- a/lib/openldap.c +++ b/lib/openldap.c @@ -130,7 +130,7 @@ const struct Curl_handler Curl_handler_ldap = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ oldap_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_LDAP, /* defport */ @@ -158,7 +158,7 @@ const struct Curl_handler Curl_handler_ldaps = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ oldap_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_LDAPS, /* defport */ @@ -319,31 +319,12 @@ static CURLcode oldap_setup_connection(struct Curl_easy *data, { CURLcode result; LDAPURLDesc *lud; - struct ldapconninfo *li; + (void)conn; /* Early URL syntax check. */ result = oldap_url_parse(data, &lud); ldap_free_urldesc(lud); - if(!result) { - li = calloc(1, sizeof(struct ldapconninfo)); - if(!li) - result = CURLE_OUT_OF_MEMORY; - else { - li->proto = ldap_pvt_url_scheme2proto(data->state.up.scheme); - conn->proto.ldapc = li; - connkeep(conn, "OpenLDAP default"); - - /* Initialize the SASL storage */ - Curl_sasl_init(&li->sasl, data, &saslldap); - - /* Clear the TLS upgraded flag */ - conn->bits.tls_upgraded = FALSE; - - result = oldap_parse_login_options(conn); - } - } - return result; } @@ -537,7 +518,7 @@ static CURLcode oldap_perform_starttls(struct Curl_easy *data) static CURLcode oldap_connect(struct Curl_easy *data, bool *done) { struct connectdata *conn = data->conn; - struct ldapconninfo *li = conn->proto.ldapc; + struct ldapconninfo *li; static const int version = LDAP_VERSION3; int rc; char *hosturl; @@ -547,6 +528,26 @@ static CURLcode oldap_connect(struct Curl_easy *data, bool *done) (void)done; + DEBUGASSERT(!conn->proto.ldapc); + li = calloc(1, sizeof(struct ldapconninfo)); + if(!li) + return CURLE_OUT_OF_MEMORY; + else { + CURLcode result; + li->proto = ldap_pvt_url_scheme2proto(data->state.up.scheme); + conn->proto.ldapc = li; + + /* Initialize the SASL storage */ + Curl_sasl_init(&li->sasl, data, &saslldap); + + /* Clear the TLS upgraded flag */ + conn->bits.tls_upgraded = FALSE; + + result = oldap_parse_login_options(conn); + if(result) + return result; + } + hosturl = aprintf("ldap%s://%s:%d", conn->handler->flags & PROTOPT_SSL? "s": "", conn->host.name, conn->remote_port); @@ -644,7 +645,7 @@ static CURLcode oldap_state_mechs_resp(struct Curl_easy *data, switch(code) { case LDAP_SIZELIMIT_EXCEEDED: infof(data, "Too many authentication mechanisms\n"); - /* FALLTHROUGH */ + FALLTHROUGH(); case LDAP_SUCCESS: case LDAP_NO_RESULTS_RETURNED: if(Curl_sasl_can_authenticate(&li->sasl, data)) @@ -792,10 +793,13 @@ static CURLcode oldap_connecting(struct Curl_easy *data, bool *done) result = oldap_perform_bind(data, OLDAP_BIND); break; } - /* FALLTHROUGH */ + result = Curl_ssl_cfilter_add(data, conn, FIRSTSOCKET); + if(result) + break; + FALLTHROUGH(); case OLDAP_TLS: result = oldap_ssl_connect(data, OLDAP_TLS); - if(result && data->set.use_ssl != CURLUSESSL_TRY) + if(result) result = oldap_map_error(code, CURLE_USE_SSL_FAILED); else if(ssl_installed(conn)) { conn->bits.tls_upgraded = TRUE; @@ -886,6 +890,15 @@ static CURLcode oldap_do(struct Curl_easy *data, bool *done) result = oldap_url_parse(data, &lud); if(!result) { +#ifdef USE_SSL + if(ssl_installed(conn)) { + Sockbuf *sb; + /* re-install the libcurl SSL handlers into the sockbuf. */ + ldap_get_option(li->ld, LDAP_OPT_SOCKBUF, &sb); + ber_sockbuf_add_io(sb, &ldapsb_tls, LBER_SBIOD_LEVEL_TRANSPORT, data); + } +#endif + rc = ldap_search_ext(li->ld, lud->lud_dn, lud->lud_scope, lud->lud_filter, lud->lud_attrs, 0, NULL, NULL, NULL, 0, &msgid); @@ -947,18 +960,12 @@ static CURLcode client_write(struct Curl_easy *data, if(!len && plen && prefix[plen - 1] == ' ') plen--; result = Curl_client_write(data, CLIENTWRITE_BODY, (char *) prefix, plen); - if(!result) - data->req.bytecount += plen; } if(!result && value) { result = Curl_client_write(data, CLIENTWRITE_BODY, (char *) value, len); - if(!result) - data->req.bytecount += len; } if(!result && suffix) { result = Curl_client_write(data, CLIENTWRITE_BODY, (char *) suffix, slen); - if(!result) - data->req.bytecount += slen; } return result; } @@ -1014,7 +1021,7 @@ static ssize_t oldap_recv(struct Curl_easy *data, int sockindex, char *buf, switch(code) { case LDAP_SIZELIMIT_EXCEEDED: infof(data, "There are more than %d entries", lr->nument); - /* FALLTHROUGH */ + FALLTHROUGH(); case LDAP_SUCCESS: data->req.size = data->req.bytecount; break; diff --git a/lib/pingpong.c b/lib/pingpong.c index 0081c9ca6..b976ffbea 100644 --- a/lib/pingpong.c +++ b/lib/pingpong.c @@ -36,6 +36,7 @@ #include "pingpong.h" #include "multiif.h" #include "vtls/vtls.h" +#include "strdup.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -105,7 +106,7 @@ CURLcode Curl_pp_statemach(struct Curl_easy *data, if(Curl_conn_data_pending(data, FIRSTSOCKET)) rc = 1; - else if(Curl_pp_moredata(pp)) + else if(pp->overflow) /* We are receiving and there is data in the cache so just read it */ rc = 1; else if(!pp->sendleft && Curl_conn_data_pending(data, FIRSTSOCKET)) @@ -139,19 +140,13 @@ CURLcode Curl_pp_statemach(struct Curl_easy *data, } /* initialize stuff to prepare for reading a fresh new response */ -void Curl_pp_init(struct Curl_easy *data, struct pingpong *pp) +void Curl_pp_init(struct pingpong *pp) { - DEBUGASSERT(data); pp->nread_resp = 0; - pp->linestart_resp = data->state.buffer; - pp->pending_resp = TRUE; pp->response = Curl_now(); /* start response time-out now! */ -} - -/* setup for the coming transfer */ -void Curl_pp_setup(struct pingpong *pp) -{ + pp->pending_resp = TRUE; Curl_dyn_init(&pp->sendbuf, DYN_PINGPPONG_CMD); + Curl_dyn_init(&pp->recvbuf, DYN_PINGPPONG_CMD); } /*********************************************************************** @@ -197,9 +192,9 @@ CURLcode Curl_pp_vsendf(struct Curl_easy *data, if(result) return result; + pp->pending_resp = TRUE; write_len = Curl_dyn_len(&pp->sendbuf); s = Curl_dyn_ptr(&pp->sendbuf); - Curl_pp_init(data, pp); #ifdef HAVE_GSSAPI conn->data_prot = PROT_CMD; @@ -255,6 +250,25 @@ CURLcode Curl_pp_sendf(struct Curl_easy *data, struct pingpong *pp, return result; } +static CURLcode pingpong_read(struct Curl_easy *data, + curl_socket_t sockfd, + char *buffer, + size_t buflen, + ssize_t *nread) +{ + CURLcode result; +#ifdef HAVE_GSSAPI + enum protection_level prot = data->conn->data_prot; + data->conn->data_prot = PROT_CLEAR; +#endif + result = Curl_read(data, sockfd, buffer, buflen, nread); +#ifdef HAVE_GSSAPI + DEBUGASSERT(prot > PROT_NONE && prot < PROT_LAST); + data->conn->data_prot = (unsigned char)prot; +#endif + return result; +} + /* * Curl_pp_readresp() * @@ -266,181 +280,96 @@ CURLcode Curl_pp_readresp(struct Curl_easy *data, int *code, /* return the server code if done */ size_t *size) /* size of the response */ { - ssize_t perline; /* count bytes per line */ - bool keepon = TRUE; - ssize_t gotbytes; - char *ptr; struct connectdata *conn = data->conn; - char * const buf = data->state.buffer; CURLcode result = CURLE_OK; *code = 0; /* 0 for errors or not done */ *size = 0; - ptr = buf + pp->nread_resp; + if(pp->nfinal) { + /* a previous call left this many bytes in the beginning of the buffer as + that was the final line; now ditch that */ + size_t full = Curl_dyn_len(&pp->recvbuf); - /* number of bytes in the current line, so far */ - perline = (ssize_t)(ptr-pp->linestart_resp); + /* trim off the "final" leading part */ + Curl_dyn_tail(&pp->recvbuf, full - pp->nfinal); - while((pp->nread_resp < (size_t)data->set.buffer_size) && - (keepon && !result)) { + pp->nfinal = 0; /* now gone */ + } + if(!pp->overflow) { + ssize_t gotbytes = 0; + char buffer[900]; - if(pp->cache) { - /* we had data in the "cache", copy that instead of doing an actual - * read - * - * pp->cache_size is cast to ssize_t here. This should be safe, because - * it would have been populated with something of size int to begin - * with, even though its datatype may be larger than an int. - */ - if((ptr + pp->cache_size) > (buf + data->set.buffer_size + 1)) { - failf(data, "cached response data too big to handle"); - return CURLE_WEIRD_SERVER_REPLY; - } - memcpy(ptr, pp->cache, pp->cache_size); - gotbytes = (ssize_t)pp->cache_size; - free(pp->cache); /* free the cache */ - pp->cache = NULL; /* clear the pointer */ - pp->cache_size = 0; /* zero the size just in case */ - } - else { -#ifdef HAVE_GSSAPI - enum protection_level prot = conn->data_prot; - conn->data_prot = PROT_CLEAR; -#endif - DEBUGASSERT((ptr + data->set.buffer_size - pp->nread_resp) <= - (buf + data->set.buffer_size + 1)); - result = Curl_read(data, sockfd, ptr, - data->set.buffer_size - pp->nread_resp, - &gotbytes); -#ifdef HAVE_GSSAPI - DEBUGASSERT(prot > PROT_NONE && prot < PROT_LAST); - conn->data_prot = (unsigned char)prot; -#endif - if(result == CURLE_AGAIN) - return CURLE_OK; /* return */ + result = pingpong_read(data, sockfd, buffer, sizeof(buffer), &gotbytes); + if(result == CURLE_AGAIN) + return CURLE_OK; - if(result) - /* Set outer result variable to this error. */ - keepon = FALSE; - } + if(result) + return result; - if(!keepon) - ; - else if(gotbytes <= 0) { - keepon = FALSE; - result = CURLE_RECV_ERROR; + if(gotbytes <= 0) { failf(data, "response reading failed (errno: %d)", SOCKERRNO); + return CURLE_RECV_ERROR; } - else { - /* we got a whole chunk of data, which can be anything from one - * byte to a set of lines and possible just a piece of the last - * line */ - ssize_t i; - ssize_t clipamount = 0; - bool restart = FALSE; - - data->req.headerbytecount += (unsigned int)gotbytes; - - pp->nread_resp += gotbytes; - for(i = 0; i < gotbytes; ptr++, i++) { - perline++; - if(*ptr == '\n') { - /* a newline is CRLF in pp-talk, so the CR is ignored as - the line isn't really terminated until the LF comes */ - - /* output debug output if that is requested */ + + result = Curl_dyn_addn(&pp->recvbuf, buffer, gotbytes); + if(result) + return result; + + data->req.headerbytecount += (unsigned int)gotbytes; + + pp->nread_resp += gotbytes; + } + + do { + char *line = Curl_dyn_ptr(&pp->recvbuf); + char *nl = memchr(line, '\n', Curl_dyn_len(&pp->recvbuf)); + if(nl) { + /* a newline is CRLF in pp-talk, so the CR is ignored as + the line isn't really terminated until the LF comes */ + size_t length = nl - line + 1; + + /* output debug output if that is requested */ #ifdef HAVE_GSSAPI - if(!conn->sec_complete) + if(!conn->sec_complete) #endif - Curl_debug(data, CURLINFO_HEADER_IN, - pp->linestart_resp, (size_t)perline); - - /* - * We pass all response-lines to the callback function registered - * for "headers". The response lines can be seen as a kind of - * headers. - */ - result = Curl_client_write(data, CLIENTWRITE_INFO, - pp->linestart_resp, perline); - if(result) - return result; - - if(pp->endofresp(data, conn, pp->linestart_resp, perline, code)) { - /* This is the end of the last line, copy the last line to the - start of the buffer and null-terminate, for old times sake */ - size_t n = ptr - pp->linestart_resp; - memmove(buf, pp->linestart_resp, n); - buf[n] = 0; /* null-terminate */ - keepon = FALSE; - pp->linestart_resp = ptr + 1; /* advance pointer */ - i++; /* skip this before getting out */ - - *size = pp->nread_resp; /* size of the response */ - pp->nread_resp = 0; /* restart */ - break; - } - perline = 0; /* line starts over here */ - pp->linestart_resp = ptr + 1; - } - } + Curl_debug(data, CURLINFO_HEADER_IN, line, length); - if(!keepon && (i != gotbytes)) { - /* We found the end of the response lines, but we didn't parse the - full chunk of data we have read from the server. We therefore need - to store the rest of the data to be checked on the next invoke as - it may actually contain another end of response already! */ - clipamount = gotbytes - i; - restart = TRUE; - DEBUGF(infof(data, "Curl_pp_readresp_ %d bytes of trailing " - "server response left", - (int)clipamount)); - } - else if(keepon) { - - if((perline == gotbytes) && - (gotbytes > (ssize_t)data->set.buffer_size/2)) { - /* We got an excessive line without newlines and we need to deal - with it. We keep the first bytes of the line then we throw - away the rest. */ - infof(data, "Excessive server response line length received, " - "%zd bytes. Stripping", gotbytes); - restart = TRUE; - - /* we keep 40 bytes since all our pingpong protocols are only - interested in the first piece */ - clipamount = 40; - } - else if(pp->nread_resp > (size_t)data->set.buffer_size/2) { - /* We got a large chunk of data and there's potentially still - trailing data to take care of, so we put any such part in the - "cache", clear the buffer to make space and restart. */ - clipamount = perline; - restart = TRUE; - } - } - else if(i == gotbytes) - restart = TRUE; - - if(clipamount) { - pp->cache_size = clipamount; - pp->cache = malloc(pp->cache_size); - if(pp->cache) - memcpy(pp->cache, pp->linestart_resp, pp->cache_size); + /* + * Pass all response-lines to the callback function registered for + * "headers". The response lines can be seen as a kind of headers. + */ + result = Curl_client_write(data, CLIENTWRITE_INFO, line, length); + if(result) + return result; + + if(pp->endofresp(data, conn, line, length, code)) { + /* When at "end of response", keep the endofresp line first in the + buffer since it will be accessed outside (by pingpong + parsers). Store the overflow counter to inform about additional + data in this buffer after the endofresp line. */ + pp->nfinal = length; + if(Curl_dyn_len(&pp->recvbuf) > length) + pp->overflow = Curl_dyn_len(&pp->recvbuf) - length; else - return CURLE_OUT_OF_MEMORY; + pp->overflow = 0; + *size = pp->nread_resp; /* size of the response */ + pp->nread_resp = 0; /* restart */ + break; } - if(restart) { - /* now reset a few variables to start over nicely from the start of - the big buffer */ - pp->nread_resp = 0; /* start over from scratch in the buffer */ - ptr = pp->linestart_resp = buf; - perline = 0; - } - - } /* there was data */ + if(Curl_dyn_len(&pp->recvbuf) > length) + /* keep the remaining piece */ + Curl_dyn_tail((&pp->recvbuf), Curl_dyn_len(&pp->recvbuf) - length); + else + Curl_dyn_reset(&pp->recvbuf); + } + else { + /* without a newline, there is no overflow */ + pp->overflow = 0; + break; + } - } /* while there's buffer left and loop is requested */ + } while(1); /* while there's buffer left to scan */ pp->pending_resp = FALSE; @@ -488,14 +417,13 @@ CURLcode Curl_pp_flushsend(struct Curl_easy *data, CURLcode Curl_pp_disconnect(struct pingpong *pp) { Curl_dyn_free(&pp->sendbuf); - Curl_safefree(pp->cache); + Curl_dyn_free(&pp->recvbuf); return CURLE_OK; } bool Curl_pp_moredata(struct pingpong *pp) { - return (!pp->sendleft && pp->cache && pp->nread_resp < pp->cache_size) ? - TRUE : FALSE; + return (!pp->sendleft && Curl_dyn_len(&pp->recvbuf)); } #endif diff --git a/lib/pingpong.h b/lib/pingpong.h index 80d3f7718..006b9c538 100644 --- a/lib/pingpong.h +++ b/lib/pingpong.h @@ -47,16 +47,11 @@ typedef enum { * It holds response cache and non-blocking sending data. */ struct pingpong { - char *cache; /* data cache between getresponse()-calls */ - size_t cache_size; /* size of cache in bytes */ size_t nread_resp; /* number of bytes currently read of a server response */ - char *linestart_resp; /* line start pointer for the server response - reader function */ bool pending_resp; /* set TRUE when a server response is pending or in progress, and is cleared once the last response is read */ - char *sendthis; /* allocated pointer to a buffer that is to be sent to the - server */ + char *sendthis; /* pointer to a buffer that is to be sent to the server */ size_t sendleft; /* number of bytes left to send from the sendthis buffer */ size_t sendsize; /* total size of the sendthis buffer */ struct curltime response; /* set to Curl_now() when a command has been sent @@ -64,6 +59,10 @@ struct pingpong { timediff_t response_time; /* When no timeout is given, this is the amount of milliseconds we await for a server response. */ struct dynbuf sendbuf; + struct dynbuf recvbuf; + size_t overflow; /* number of bytes left after a final response line */ + size_t nfinal; /* number of bytes in the final response line, which + after a match is first in the receice buffer */ /* Function pointers the protocols MUST implement and provide for the pingpong layer to function */ @@ -90,10 +89,7 @@ CURLcode Curl_pp_statemach(struct Curl_easy *data, struct pingpong *pp, bool block, bool disconnecting); /* initialize stuff to prepare for reading a fresh new response */ -void Curl_pp_init(struct Curl_easy *data, struct pingpong *pp); - -/* setup for the transfer */ -void Curl_pp_setup(struct pingpong *pp); +void Curl_pp_init(struct pingpong *pp); /* Returns timeout in ms. 0 or negative number means the timeout has already triggered */ @@ -113,7 +109,7 @@ timediff_t Curl_pp_state_timeout(struct Curl_easy *data, */ CURLcode Curl_pp_sendf(struct Curl_easy *data, struct pingpong *pp, - const char *fmt, ...); + const char *fmt, ...) CURL_PRINTF(3, 4); /*********************************************************************** * @@ -128,7 +124,7 @@ CURLcode Curl_pp_sendf(struct Curl_easy *data, CURLcode Curl_pp_vsendf(struct Curl_easy *data, struct pingpong *pp, const char *fmt, - va_list args); + va_list args) CURL_PRINTF(3, 0); /* * Curl_pp_readresp() diff --git a/lib/pop3.c b/lib/pop3.c index a9d5fdd69..cf2519282 100644 --- a/lib/pop3.c +++ b/lib/pop3.c @@ -77,6 +77,7 @@ #include "curl_sasl.h" #include "curl_md5.h" #include "warnless.h" +#include "strdup.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" @@ -124,7 +125,7 @@ const struct Curl_handler Curl_handler_pop3 = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ pop3_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_POP3, /* defport */ @@ -153,7 +154,7 @@ const struct Curl_handler Curl_handler_pop3s = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ pop3_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_POP3S, /* defport */ @@ -251,8 +252,8 @@ static bool pop3_endofresp(struct Curl_easy *data, struct connectdata *conn, */ static CURLcode pop3_get_message(struct Curl_easy *data, struct bufref *out) { - char *message = data->state.buffer; - size_t len = strlen(message); + char *message = Curl_dyn_ptr(&data->conn->proto.pop3c.pp.recvbuf); + size_t len = data->conn->proto.pop3c.pp.nfinal; if(len > 2) { /* Find the start of the message */ @@ -648,8 +649,8 @@ static CURLcode pop3_state_servergreet_resp(struct Curl_easy *data, CURLcode result = CURLE_OK; struct connectdata *conn = data->conn; struct pop3_conn *pop3c = &conn->proto.pop3c; - const char *line = data->state.buffer; - size_t len = strlen(line); + const char *line = Curl_dyn_ptr(&data->conn->proto.pop3c.pp.recvbuf); + size_t len = data->conn->proto.pop3c.pp.nfinal; (void)instate; /* no use for this yet */ @@ -657,44 +658,35 @@ static CURLcode pop3_state_servergreet_resp(struct Curl_easy *data, failf(data, "Got unexpected pop3-server response"); result = CURLE_WEIRD_SERVER_REPLY; } - else { + else if(len > 3) { /* Does the server support APOP authentication? */ - if(len >= 4 && line[len - 2] == '>') { - /* Look for the APOP timestamp */ - size_t i; - for(i = 3; i < len - 2; ++i) { - if(line[i] == '<') { - /* Calculate the length of the timestamp */ - size_t timestamplen = len - 1 - i; - char *at; - if(!timestamplen) - break; - - /* Allocate some memory for the timestamp */ - pop3c->apoptimestamp = (char *)calloc(1, timestamplen + 1); - - if(!pop3c->apoptimestamp) - break; - - /* Copy the timestamp */ - memcpy(pop3c->apoptimestamp, line + i, timestamplen); - pop3c->apoptimestamp[timestamplen] = '\0'; - - /* If the timestamp does not contain '@' it is not (as required by - RFC-1939) conformant to the RFC-822 message id syntax, and we - therefore do not use APOP authentication. */ - at = strchr(pop3c->apoptimestamp, '@'); - if(!at) - Curl_safefree(pop3c->apoptimestamp); - else - /* Store the APOP capability */ - pop3c->authtypes |= POP3_TYPE_APOP; - break; - } + char *lt; + char *gt = NULL; + + /* Look for the APOP timestamp */ + lt = memchr(line, '<', len); + if(lt) + /* search the remainder for '>' */ + gt = memchr(lt, '>', len - (lt - line)); + if(gt) { + /* the length of the timestamp, including the brackets */ + size_t timestamplen = gt - lt + 1; + char *at = memchr(lt, '@', timestamplen); + /* If the timestamp does not contain '@' it is not (as required by + RFC-1939) conformant to the RFC-822 message id syntax, and we + therefore do not use APOP authentication. */ + if(at) { + /* dupe the timestamp */ + pop3c->apoptimestamp = Curl_memdup0(lt, timestamplen); + if(!pop3c->apoptimestamp) + return CURLE_OUT_OF_MEMORY; + /* Store the APOP capability */ + pop3c->authtypes |= POP3_TYPE_APOP; } } - result = pop3_perform_capa(data, conn); + if(!result) + result = pop3_perform_capa(data, conn); } return result; @@ -707,8 +699,8 @@ static CURLcode pop3_state_capa_resp(struct Curl_easy *data, int pop3code, CURLcode result = CURLE_OK; struct connectdata *conn = data->conn; struct pop3_conn *pop3c = &conn->proto.pop3c; - const char *line = data->state.buffer; - size_t len = strlen(line); + const char *line = Curl_dyn_ptr(&data->conn->proto.pop3c.pp.recvbuf); + size_t len = data->conn->proto.pop3c.pp.nfinal; (void)instate; /* no use for this yet */ @@ -795,7 +787,7 @@ static CURLcode pop3_state_starttls_resp(struct Curl_easy *data, (void)instate; /* no use for this yet */ /* Pipelining in response is forbidden. */ - if(data->conn->proto.pop3c.pp.cache_size) + if(data->conn->proto.pop3c.pp.overflow) return CURLE_WEIRD_SERVER_REPLY; if(pop3code != '+') { @@ -944,24 +936,29 @@ static CURLcode pop3_state_command_resp(struct Curl_easy *data, /* POP3 download */ Curl_setup_transfer(data, FIRSTSOCKET, -1, FALSE, -1); - if(pp->cache) { - /* The header "cache" contains a bunch of data that is actually body - content so send it as such. Note that there may even be additional - "headers" after the body */ + if(pp->overflow) { + /* The recv buffer contains data that is actually body content so send + it as such. Note that there may even be additional "headers" after + the body */ + + /* keep only the overflow */ + Curl_dyn_tail(&pp->recvbuf, pp->overflow); + pp->nfinal = 0; /* done */ if(!data->req.no_body) { - result = Curl_pop3_write(data, pp->cache, pp->cache_size); + result = Curl_pop3_write(data, Curl_dyn_ptr(&pp->recvbuf), + Curl_dyn_len(&pp->recvbuf)); if(result) return result; } - /* Free the cache */ - Curl_safefree(pp->cache); - - /* Reset the cache size */ - pp->cache_size = 0; + /* reset the buffer */ + Curl_dyn_reset(&pp->recvbuf); + pp->overflow = 0; } } + else + pp->overflow = 0; /* End of DO phase */ pop3_state(data, POP3_STOP); @@ -1088,7 +1085,7 @@ static CURLcode pop3_init(struct Curl_easy *data) CURLcode result = CURLE_OK; struct POP3 *pop3; - pop3 = data->req.p.pop3 = calloc(sizeof(struct POP3), 1); + pop3 = data->req.p.pop3 = calloc(1, sizeof(struct POP3)); if(!pop3) result = CURLE_OUT_OF_MEMORY; @@ -1131,8 +1128,7 @@ static CURLcode pop3_connect(struct Curl_easy *data, bool *done) Curl_sasl_init(&pop3c->sasl, data, &saslpop3); /* Initialise the pingpong layer */ - Curl_pp_setup(pp); - Curl_pp_init(data, pp); + Curl_pp_init(pp); /* Parse the URL options */ result = pop3_parse_url_options(conn); diff --git a/lib/progress.c b/lib/progress.c index e783a9c86..d05fcc3eb 100644 --- a/lib/progress.c +++ b/lib/progress.c @@ -174,10 +174,18 @@ void Curl_pgrsTimeWas(struct Curl_easy *data, timerid timer, data->progress.t_startop = timestamp; break; case TIMER_STARTSINGLE: - /* This is set at the start of each single fetch */ + /* This is set at the start of each single transfer */ data->progress.t_startsingle = timestamp; data->progress.is_t_startransfer_set = false; break; + case TIMER_POSTQUEUE: + /* Set when the transfer starts (after potentially having been brought + back from the waiting queue). It needs to count from t_startop and not + t_startsingle since the latter is reset when a connection is brought + back from the pending queue. */ + data->progress.t_postqueue = + Curl_timediff_us(timestamp, data->progress.t_startop); + break; case TIMER_STARTACCEPT: data->progress.t_acceptdata = timestamp; break; @@ -304,7 +312,7 @@ timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize, * 'actual' is the time in milliseconds it took to actually download the * last 'size' bytes. */ - actual = Curl_timediff(now, start); + actual = Curl_timediff_ceil(now, start); if(actual < minimum) { /* if it downloaded the data faster than the limit, make it wait the difference */ @@ -319,12 +327,6 @@ timediff_t Curl_pgrsLimitWaitTime(curl_off_t cursize, */ CURLcode Curl_pgrsSetDownloadCounter(struct Curl_easy *data, curl_off_t size) { - if(data->set.max_filesize && (size > data->set.max_filesize)) { - failf(data, "Exceeded the maximum allowed file size " - "(%" CURL_FORMAT_CURL_OFF_T ")", - data->set.max_filesize); - return CURLE_FILESIZE_EXCEEDED; - } data->progress.downloaded = size; return CURLE_OK; } diff --git a/lib/progress.h b/lib/progress.h index fc39e34d2..73749419a 100644 --- a/lib/progress.h +++ b/lib/progress.h @@ -30,7 +30,8 @@ typedef enum { TIMER_NONE, TIMER_STARTOP, - TIMER_STARTSINGLE, + TIMER_STARTSINGLE, /* start of transfer, might get queued */ + TIMER_POSTQUEUE, /* start, immediately after dequeue */ TIMER_NAMELOOKUP, TIMER_CONNECT, TIMER_APPCONNECT, diff --git a/lib/rand.c b/lib/rand.c index 6bd96136f..c62b1a403 100644 --- a/lib/rand.c +++ b/lib/rand.c @@ -32,10 +32,6 @@ #ifdef HAVE_ARPA_INET_H #include #endif -#ifdef HAVE_ARC4RANDOM -/* Some platforms might have the prototype missing (ubuntu + libressl) */ -uint32_t arc4random(void); -#endif #include #include "urldata.h" @@ -50,7 +46,7 @@ uint32_t arc4random(void); #include "curl_memory.h" #include "memdebug.h" -#ifdef WIN32 +#ifdef _WIN32 #if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x600 # define HAVE_WIN_BCRYPTGENRANDOM @@ -105,7 +101,6 @@ CURLcode Curl_win32_random(unsigned char *entropy, size_t length) static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) { - unsigned int r; CURLcode result = CURLE_OK; static unsigned int randseed; static bool seeded = FALSE; @@ -138,7 +133,7 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) /* ---- non-cryptographic version following ---- */ -#ifdef WIN32 +#ifdef _WIN32 if(!seeded) { result = Curl_win32_random((unsigned char *)rnd, sizeof(*rnd)); if(result != CURLE_NOT_BUILT_IN) @@ -146,12 +141,14 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) } #endif -#ifdef HAVE_ARC4RANDOM - *rnd = (unsigned int)arc4random(); - return CURLE_OK; +#if defined(HAVE_ARC4RANDOM) && !defined(USE_OPENSSL) + if(!seeded) { + *rnd = (unsigned int)arc4random(); + return CURLE_OK; + } #endif -#if defined(RANDOM_FILE) && !defined(WIN32) +#if defined(RANDOM_FILE) && !defined(_WIN32) if(!seeded) { /* if there's a random file to read a seed from, use it */ int fd = open(RANDOM_FILE, O_RDONLY); @@ -175,9 +172,12 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) seeded = TRUE; } - /* Return an unsigned 32-bit pseudo-random number. */ - r = randseed = randseed * 1103515245 + 12345; - *rnd = (r << 16) | ((r >> 16) & 0xFFFF); + { + unsigned int r; + /* Return an unsigned 32-bit pseudo-random number. */ + r = randseed = randseed * 1103515245 + 12345; + *rnd = (r << 16) | ((r >> 16) & 0xFFFF); + } return CURLE_OK; } @@ -201,7 +201,7 @@ CURLcode Curl_rand(struct Curl_easy *data, unsigned char *rnd, size_t num) { CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT; - DEBUGASSERT(num > 0); + DEBUGASSERT(num); while(num) { unsigned int r; @@ -241,9 +241,11 @@ CURLcode Curl_rand_hex(struct Curl_easy *data, unsigned char *rnd, memset(buffer, 0, sizeof(buffer)); #endif - if((num/2 >= sizeof(buffer)) || !(num&1)) + if((num/2 >= sizeof(buffer)) || !(num&1)) { /* make sure it fits in the local buffer and that it is an odd number! */ + DEBUGF(infof(data, "invalid buffer size with Curl_rand_hex")); return CURLE_BAD_FUNCTION_ARGUMENT; + } num--; /* save one for null-termination */ diff --git a/lib/rand.h b/lib/rand.h index 1d009f52c..bc05239e4 100644 --- a/lib/rand.h +++ b/lib/rand.h @@ -41,7 +41,7 @@ CURLcode Curl_rand_hex(struct Curl_easy *data, unsigned char *rnd, CURLcode Curl_rand_alnum(struct Curl_easy *data, unsigned char *rnd, size_t num); -#ifdef WIN32 +#ifdef _WIN32 /* Random generator shared between the Schannel vtls and Curl_rand*() functions */ CURLcode Curl_win32_random(unsigned char *entropy, size_t length); diff --git a/lib/rename.c b/lib/rename.c index 97a66e947..4c8869806 100644 --- a/lib/rename.c +++ b/lib/rename.c @@ -40,7 +40,7 @@ /* return 0 on success, 1 on error */ int Curl_rename(const char *oldpath, const char *newpath) { -#ifdef WIN32 +#ifdef _WIN32 /* rename() on Windows doesn't overwrite, so we can't use it here. MoveFileEx() will overwrite and is usually atomic, however it fails when there are open handles to the file. */ diff --git a/lib/rtsp.c b/lib/rtsp.c index ccd7264b0..26f473534 100644 --- a/lib/rtsp.c +++ b/lib/rtsp.c @@ -45,8 +45,8 @@ #include "curl_memory.h" #include "memdebug.h" -#define RTP_PKT_LENGTH(p) ((((int)((unsigned char)((p)[2]))) << 8) | \ - ((int)((unsigned char)((p)[3])))) +#define RTP_PKT_LENGTH(p) ((((unsigned int)((unsigned char)((p)[2]))) << 8) | \ + ((unsigned int)((unsigned char)((p)[3])))) /* protocol-specific functions set up to be called by the main engine */ static CURLcode rtsp_do(struct Curl_easy *data, bool *done); @@ -58,16 +58,20 @@ static int rtsp_getsock_do(struct Curl_easy *data, struct connectdata *conn, curl_socket_t *socks); /* - * Parse and write out any available RTP data. - * - * nread: amount of data left after k->str. will be modified if RTP - * data is parsed and k->str is moved up - * readmore: whether or not the RTP parser needs more data right away + * Parse and write out an RTSP response. + * @param data the transfer + * @param conn the connection + * @param buf data read from connection + * @param blen amount of data in buf + * @param is_eos TRUE iff this is the last write + * @param readmore out, TRUE iff complete buf was consumed and more data + * is needed */ -static CURLcode rtsp_rtp_readwrite(struct Curl_easy *data, - struct connectdata *conn, - ssize_t *nread, - bool *readmore); +static CURLcode rtsp_rtp_write_resp(struct Curl_easy *data, + const char *buf, + size_t blen, + bool is_eos, + bool *done); static CURLcode rtsp_setup_connection(struct Curl_easy *data, struct connectdata *conn); @@ -88,7 +92,7 @@ static int rtsp_getsock_do(struct Curl_easy *data, struct connectdata *conn, } static -CURLcode rtp_client_write(struct Curl_easy *data, char *ptr, size_t len); +CURLcode rtp_client_write(struct Curl_easy *data, const char *ptr, size_t len); static CURLcode rtsp_parse_transport(struct Curl_easy *data, char *transport); @@ -110,7 +114,7 @@ const struct Curl_handler Curl_handler_rtsp = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ rtsp_disconnect, /* disconnect */ - rtsp_rtp_readwrite, /* readwrite */ + rtsp_rtp_write_resp, /* write_resp */ rtsp_conncheck, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_RTSP, /* defport */ @@ -585,153 +589,281 @@ static CURLcode rtsp_do(struct Curl_easy *data, bool *done) return result; } - -static CURLcode rtsp_rtp_readwrite(struct Curl_easy *data, - struct connectdata *conn, - ssize_t *nread, - bool *readmore) { - struct SingleRequest *k = &data->req; - struct rtsp_conn *rtspc = &(conn->proto.rtspc); - unsigned char *rtp_channel_mask = data->state.rtp_channel_mask; - - char *rtp; /* moving pointer to rtp data */ - ssize_t rtp_dataleft; /* how much data left to parse in this round */ - CURLcode result; - bool interleaved = false; - size_t skip_size = 0; - - if(Curl_dyn_len(&rtspc->buf)) { - /* There was some leftover data the last time. Append new buffers */ - if(Curl_dyn_addn(&rtspc->buf, k->str, *nread)) - return CURLE_OUT_OF_MEMORY; - rtp = Curl_dyn_ptr(&rtspc->buf); - rtp_dataleft = Curl_dyn_len(&rtspc->buf); +/** + * write any BODY bytes missing to the client, ignore the rest. + */ +static CURLcode rtp_write_body_junk(struct Curl_easy *data, + const char *buf, + size_t blen) +{ + struct rtsp_conn *rtspc = &(data->conn->proto.rtspc); + curl_off_t body_remain; + bool in_body; + + in_body = (data->req.headerline && !rtspc->in_header) && + (data->req.size >= 0) && + (data->req.bytecount < data->req.size); + body_remain = in_body? (data->req.size - data->req.bytecount) : 0; + DEBUGASSERT(body_remain >= 0); + if(body_remain) { + if((curl_off_t)blen > body_remain) + blen = (size_t)body_remain; + return Curl_client_write(data, CLIENTWRITE_BODY, (char *)buf, blen); } - else { - /* Just parse the request buffer directly */ - rtp = k->str; - rtp_dataleft = *nread; - } - - while(rtp_dataleft > 0) { - if(rtp[0] == '$') { - if(rtp_dataleft > 4) { - unsigned char rtp_channel; - int rtp_length; - int idx; - int off; - - /* Parse the header */ - /* The channel identifier immediately follows and is 1 byte */ - rtp_channel = (unsigned char)rtp[1]; - idx = rtp_channel / 8; - off = rtp_channel % 8; - if(!(rtp_channel_mask[idx] & (1 << off))) { - /* invalid channel number, maybe not an RTP packet */ - rtp++; - rtp_dataleft--; - skip_size++; - continue; + return CURLE_OK; +} + +static CURLcode rtsp_filter_rtp(struct Curl_easy *data, + const char *buf, + size_t blen, + size_t *pconsumed) +{ + struct rtsp_conn *rtspc = &(data->conn->proto.rtspc); + CURLcode result = CURLE_OK; + size_t skip_len = 0; + + *pconsumed = 0; + while(blen) { + bool in_body = (data->req.headerline && !rtspc->in_header) && + (data->req.size >= 0) && + (data->req.bytecount < data->req.size); + switch(rtspc->state) { + + case RTP_PARSE_SKIP: { + DEBUGASSERT(Curl_dyn_len(&rtspc->buf) == 0); + while(blen && buf[0] != '$') { + if(!in_body && buf[0] == 'R' && + data->set.rtspreq != RTSPREQ_RECEIVE) { + if(strncmp(buf, "RTSP/", (blen < 5) ? blen : 5) == 0) { + /* This could be the next response, no consume and return */ + if(*pconsumed) { + DEBUGF(infof(data, "RTP rtsp_filter_rtp[SKIP] RTSP/ prefix, " + "skipping %zd bytes of junk", *pconsumed)); + } + rtspc->state = RTP_PARSE_SKIP; + rtspc->in_header = TRUE; + goto out; + } } - if(skip_size > 0) { - DEBUGF(infof(data, "Skip the malformed interleaved data %lu " - "bytes", skip_size)); + /* junk/BODY, consume without buffering */ + *pconsumed += 1; + ++buf; + --blen; + ++skip_len; + } + if(blen && buf[0] == '$') { + /* possible start of an RTP message, buffer */ + if(skip_len) { + /* end of junk/BODY bytes, flush */ + result = rtp_write_body_junk(data, + (char *)(buf - skip_len), skip_len); + skip_len = 0; + if(result) + goto out; } - skip_size = 0; - rtspc->rtp_channel = rtp_channel; - - /* The length is two bytes */ - rtp_length = RTP_PKT_LENGTH(rtp); + if(Curl_dyn_addn(&rtspc->buf, buf, 1)) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } + *pconsumed += 1; + ++buf; + --blen; + rtspc->state = RTP_PARSE_CHANNEL; + } + break; + } - if(rtp_dataleft < rtp_length + 4) { - /* Need more - incomplete payload */ - *readmore = TRUE; - break; + case RTP_PARSE_CHANNEL: { + int idx = ((unsigned char)buf[0]) / 8; + int off = ((unsigned char)buf[0]) % 8; + DEBUGASSERT(Curl_dyn_len(&rtspc->buf) == 1); + if(!(data->state.rtp_channel_mask[idx] & (1 << off))) { + /* invalid channel number, junk or BODY data */ + rtspc->state = RTP_PARSE_SKIP; + DEBUGASSERT(skip_len == 0); + /* we do not consume this byte, it is BODY data */ + DEBUGF(infof(data, "RTSP: invalid RTP channel %d, skipping", idx)); + if(*pconsumed == 0) { + /* We did not consume the initial '$' in our buffer, but had + * it from an earlier call. We cannot un-consume it and have + * to write it directly as BODY data */ + result = rtp_write_body_junk(data, Curl_dyn_ptr(&rtspc->buf), 1); + if(result) + goto out; } - interleaved = true; - /* We have the full RTP interleaved packet - * Write out the header including the leading '$' */ - DEBUGF(infof(data, "RTP write channel %d rtp_length %d", - rtspc->rtp_channel, rtp_length)); - result = rtp_client_write(data, &rtp[0], rtp_length + 4); - if(result) { - *readmore = FALSE; - return result; + else { + /* count the '$' as skip and continue */ + skip_len = 1; } + Curl_dyn_free(&rtspc->buf); + break; + } + /* a valid channel, so we expect this to be a real RTP message */ + rtspc->rtp_channel = (unsigned char)buf[0]; + if(Curl_dyn_addn(&rtspc->buf, buf, 1)) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } + *pconsumed += 1; + ++buf; + --blen; + rtspc->state = RTP_PARSE_LEN; + break; + } - /* Move forward in the buffer */ - rtp_dataleft -= rtp_length + 4; - rtp += rtp_length + 4; + case RTP_PARSE_LEN: { + size_t rtp_len = Curl_dyn_len(&rtspc->buf); + const char *rtp_buf; + DEBUGASSERT(rtp_len >= 2 && rtp_len < 4); + if(Curl_dyn_addn(&rtspc->buf, buf, 1)) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } + *pconsumed += 1; + ++buf; + --blen; + if(rtp_len == 2) + break; + rtp_buf = Curl_dyn_ptr(&rtspc->buf); + rtspc->rtp_len = RTP_PKT_LENGTH(rtp_buf) + 4; + rtspc->state = RTP_PARSE_DATA; + break; + } - if(data->set.rtspreq == RTSPREQ_RECEIVE) { - /* If we are in a passive receive, give control back - * to the app as often as we can. - */ - k->keepon &= ~KEEP_RECV; + case RTP_PARSE_DATA: { + size_t rtp_len = Curl_dyn_len(&rtspc->buf); + size_t needed; + DEBUGASSERT(rtp_len < rtspc->rtp_len); + needed = rtspc->rtp_len - rtp_len; + if(needed <= blen) { + if(Curl_dyn_addn(&rtspc->buf, buf, needed)) { + result = CURLE_OUT_OF_MEMORY; + goto out; } + *pconsumed += needed; + buf += needed; + blen -= needed; + /* complete RTP message in buffer */ + DEBUGF(infof(data, "RTP write channel %d rtp_len %zu", + rtspc->rtp_channel, rtspc->rtp_len)); + result = rtp_client_write(data, Curl_dyn_ptr(&rtspc->buf), + rtspc->rtp_len); + Curl_dyn_free(&rtspc->buf); + rtspc->state = RTP_PARSE_SKIP; + if(result) + goto out; } else { - /* Need more - incomplete header */ - *readmore = TRUE; - break; - } - } - else { - /* If the following data begins with 'RTSP/', which might be an RTSP - message, we should stop skipping the data. */ - /* If `k-> headerline> 0 && !interleaved` is true, we are maybe in the - middle of an RTSP message. It is difficult to determine this, so we - stop skipping. */ - size_t prefix_len = (rtp_dataleft < 5) ? rtp_dataleft : 5; - if((k->headerline > 0 && !interleaved) || - strncmp(rtp, "RTSP/", prefix_len) == 0) { - if(skip_size > 0) { - DEBUGF(infof(data, "Skip the malformed interleaved data %lu " - "bytes", skip_size)); + if(Curl_dyn_addn(&rtspc->buf, buf, blen)) { + result = CURLE_OUT_OF_MEMORY; + goto out; } - break; /* maybe is an RTSP message */ + *pconsumed += blen; + buf += blen; + blen = 0; } - /* Skip incorrect data util the next RTP packet or RTSP message */ - do { - rtp++; - rtp_dataleft--; - skip_size++; - } while(rtp_dataleft > 0 && rtp[0] != '$' && rtp[0] != 'R'); + break; + } + + default: + DEBUGASSERT(0); + return CURLE_RECV_ERROR; } } +out: + if(!result && skip_len) + result = rtp_write_body_junk(data, (char *)(buf - skip_len), skip_len); + return result; +} - if(rtp_dataleft && rtp[0] == '$') { - DEBUGF(infof(data, "RTP Rewinding %zd %s", rtp_dataleft, - *readmore ? "(READMORE)" : "")); +static CURLcode rtsp_rtp_write_resp(struct Curl_easy *data, + const char *buf, + size_t blen, + bool is_eos, + bool *done) +{ + struct rtsp_conn *rtspc = &(data->conn->proto.rtspc); + CURLcode result = CURLE_OK; + size_t consumed = 0; - /* Store the incomplete RTP packet for a "rewind" */ - if(!Curl_dyn_len(&rtspc->buf)) { - /* nothing was stored, add this data */ - if(Curl_dyn_addn(&rtspc->buf, rtp, rtp_dataleft)) - return CURLE_OUT_OF_MEMORY; - } - else { - /* keep the remainder */ - Curl_dyn_tail(&rtspc->buf, rtp_dataleft); - } + if(!data->req.header) + rtspc->in_header = FALSE; + *done = FALSE; + if(!blen) { + goto out; + } - /* As far as the transfer is concerned, this data is consumed */ - *nread = 0; - return CURLE_OK; + DEBUGF(infof(data, "rtsp_rtp_write_resp(len=%zu, in_header=%d, eos=%d)", + blen, rtspc->in_header, is_eos)); + + /* If header parsing is not onging, extract RTP messages */ + if(!rtspc->in_header) { + result = rtsp_filter_rtp(data, buf, blen, &consumed); + if(result) + goto out; + buf += consumed; + blen -= consumed; + /* either we consumed all or are at the start of header parsing */ + if(blen && !data->req.header) + DEBUGF(infof(data, "RTSP: %zu bytes, possibly excess in response body", + blen)); } - /* Fix up k->str to point just after the last RTP packet */ - k->str += *nread - rtp_dataleft; - *nread = rtp_dataleft; + /* we want to parse headers, do so */ + if(data->req.header && blen) { + rtspc->in_header = TRUE; + result = Curl_http_write_resp_hds(data, buf, blen, &consumed, done); + if(result) + goto out; - /* If we get here, we have finished with the leftover/merge buffer */ - Curl_dyn_free(&rtspc->buf); + buf += consumed; + blen -= consumed; - return CURLE_OK; + if(!data->req.header) + rtspc->in_header = FALSE; + + if(!rtspc->in_header) { + /* If header parsing is done, extract interleaved RTP messages */ + if(data->req.size <= -1) { + /* Respect section 4.4 of rfc2326: If the Content-Length header is + absent, a length 0 must be assumed. */ + data->req.size = 0; + data->req.download_done = TRUE; + } + result = rtsp_filter_rtp(data, buf, blen, &consumed); + if(result) + goto out; + blen -= consumed; + } + } + + if(rtspc->state != RTP_PARSE_SKIP) + *done = FALSE; + /* we SHOULD have consumed all bytes, unless the response is borked. + * In which case we write out the left over bytes, letting the client + * writer deal with it (it will report EXCESS and fail the transfer). */ + DEBUGF(infof(data, "rtsp_rtp_write_resp(len=%zu, in_header=%d, done=%d " + " rtspc->state=%d, req.size=%" CURL_FORMAT_CURL_OFF_T ")", + blen, rtspc->in_header, *done, rtspc->state, data->req.size)); + if(!result && (is_eos || blen)) { + result = Curl_client_write(data, CLIENTWRITE_BODY| + (is_eos? CLIENTWRITE_EOS:0), + (char *)buf, blen); + } + +out: + if((data->set.rtspreq == RTSPREQ_RECEIVE) && + (rtspc->state == RTP_PARSE_SKIP)) { + /* In special mode RECEIVE, we just process one chunk of network + * data, so we stop the transfer here, if we have no incomplete + * RTP message pending. */ + data->req.download_done = TRUE; + } + return result; } static -CURLcode rtp_client_write(struct Curl_easy *data, char *ptr, size_t len) +CURLcode rtp_client_write(struct Curl_easy *data, const char *ptr, size_t len) { size_t wrote; curl_write_callback writeit; @@ -756,7 +888,7 @@ CURLcode rtp_client_write(struct Curl_easy *data, char *ptr, size_t len) } Curl_set_in_callback(data, true); - wrote = writeit(ptr, 1, len, user_ptr); + wrote = writeit((char *)ptr, 1, len, user_ptr); Curl_set_in_callback(data, false); if(CURL_WRITEFUNC_PAUSE == wrote) { @@ -821,7 +953,7 @@ CURLcode Curl_rtsp_parseheader(struct Curl_easy *data, char *header) /* If the Session ID is set, then compare */ if(strlen(data->set.str[STRING_RTSP_SESSION_ID]) != idlen || - strncmp(start, data->set.str[STRING_RTSP_SESSION_ID], idlen) != 0) { + strncmp(start, data->set.str[STRING_RTSP_SESSION_ID], idlen)) { failf(data, "Got RTSP Session ID Line [%s], but wanted ID [%s]", start, data->set.str[STRING_RTSP_SESSION_ID]); return CURLE_RTSP_SESSION_ERROR; @@ -833,11 +965,9 @@ CURLcode Curl_rtsp_parseheader(struct Curl_easy *data, char *header) */ /* Copy the id substring into a new buffer */ - data->set.str[STRING_RTSP_SESSION_ID] = malloc(idlen + 1); + data->set.str[STRING_RTSP_SESSION_ID] = Curl_memdup0(start, idlen); if(!data->set.str[STRING_RTSP_SESSION_ID]) return CURLE_OUT_OF_MEMORY; - memcpy(data->set.str[STRING_RTSP_SESSION_ID], start, idlen); - (data->set.str[STRING_RTSP_SESSION_ID])[idlen] = '\0'; } } else if(checkprefix("Transport:", header)) { diff --git a/lib/rtsp.h b/lib/rtsp.h index 111bac2a6..237b80f80 100644 --- a/lib/rtsp.h +++ b/lib/rtsp.h @@ -39,6 +39,12 @@ CURLcode Curl_rtsp_parseheader(struct Curl_easy *data, char *header); #endif /* CURL_DISABLE_RTSP */ +typedef enum { + RTP_PARSE_SKIP, + RTP_PARSE_CHANNEL, + RTP_PARSE_LEN, + RTP_PARSE_DATA +} rtp_parse_st; /* * RTSP Connection data * @@ -47,6 +53,9 @@ CURLcode Curl_rtsp_parseheader(struct Curl_easy *data, char *header); struct rtsp_conn { struct dynbuf buf; int rtp_channel; + size_t rtp_len; + rtp_parse_st state; + BIT(in_header); }; /**************************************************************************** diff --git a/lib/select.c b/lib/select.c index cae9beb6c..d92e745a7 100644 --- a/lib/select.c +++ b/lib/select.c @@ -76,7 +76,7 @@ int Curl_wait_ms(timediff_t timeout_ms) } #if defined(MSDOS) delay(timeout_ms); -#elif defined(WIN32) +#elif defined(_WIN32) /* prevent overflow, timeout_ms is typecast to ULONG/DWORD. */ #if TIMEDIFF_T_MAX >= ULONG_MAX if(timeout_ms >= ULONG_MAX) diff --git a/lib/sendf.c b/lib/sendf.c index 0482c5da4..db3189a29 100644 --- a/lib/sendf.c +++ b/lib/sendf.c @@ -50,6 +50,7 @@ #include "strdup.h" #include "http2.h" #include "headers.h" +#include "progress.h" #include "ws.h" /* The last 3 #include files should be in this order */ @@ -57,6 +58,9 @@ #include "curl_memory.h" #include "memdebug.h" + +static CURLcode do_init_stack(struct Curl_easy *data); + #if defined(CURL_DO_LINEEND_CONV) && !defined(CURL_DISABLE_FTP) /* * convert_lineends() changes CRLF (\r\n) end-of-line markers to a single LF @@ -292,13 +296,6 @@ static CURLcode chop_write(struct Curl_easy *data, if(!skip_body_write && ((type & CLIENTWRITE_BODY) || ((type & CLIENTWRITE_HEADER) && data->set.include_header))) { -#ifdef USE_WEBSOCKETS - if(conn->handler->protocol & (CURLPROTO_WS|CURLPROTO_WSS)) { - writebody = Curl_ws_writecb; - writebody_ptr = data; - } - else -#endif writebody = data->set.fwrite_func; } if((type & (CLIENTWRITE_HEADER|CLIENTWRITE_INFO)) && @@ -341,7 +338,7 @@ static CURLcode chop_write(struct Curl_easy *data, len -= chunklen; } -#ifndef CURL_DISABLE_HTTP +#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_HEADERS_API) /* HTTP header, but not status-line */ if((conn->handler->protocol & PROTO_FAMILY_HTTP) && (type & CLIENTWRITE_HEADER) && !(type & CLIENTWRITE_STATUS) ) { @@ -385,34 +382,36 @@ static CURLcode chop_write(struct Curl_easy *data, the future to leave the original data alone. */ CURLcode Curl_client_write(struct Curl_easy *data, - int type, - char *ptr, - size_t len) + int type, char *buf, size_t blen) { + CURLcode result; + #if !defined(CURL_DISABLE_FTP) && defined(CURL_DO_LINEEND_CONV) /* FTP data may need conversion. */ if((type & CLIENTWRITE_BODY) && (data->conn->handler->protocol & PROTO_FAMILY_FTP) && data->conn->proto.ftpc.transfertype == 'A') { /* convert end-of-line markers */ - len = convert_lineends(data, ptr, len); + blen = convert_lineends(data, buf, blen); } #endif /* it is one of those, at least */ DEBUGASSERT(type & (CLIENTWRITE_BODY|CLIENTWRITE_HEADER|CLIENTWRITE_INFO)); - /* BODY is only BODY */ - DEBUGASSERT(!(type & CLIENTWRITE_BODY) || (type == CLIENTWRITE_BODY)); - /* INFO is only INFO */ - DEBUGASSERT(!(type & CLIENTWRITE_INFO) || (type == CLIENTWRITE_INFO)); - - if(type == CLIENTWRITE_BODY) { - if(data->req.ignorebody) - return CURLE_OK; + /* BODY is only BODY (with optional EOS) */ + DEBUGASSERT(!(type & CLIENTWRITE_BODY) || + ((type & ~(CLIENTWRITE_BODY|CLIENTWRITE_EOS)) == 0)); + /* INFO is only INFO (with optional EOS) */ + DEBUGASSERT(!(type & CLIENTWRITE_INFO) || + ((type & ~(CLIENTWRITE_INFO|CLIENTWRITE_EOS)) == 0)); - if(data->req.writer_stack && !data->set.http_ce_skip) - return Curl_unencode_write(data, data->req.writer_stack, ptr, len); + if(!data->req.writer_stack) { + result = do_init_stack(data); + if(result) + return result; + DEBUGASSERT(data->req.writer_stack); } - return chop_write(data, type, FALSE, ptr, len); + + return Curl_cwriter_write(data, data->req.writer_stack, type, buf, blen); } CURLcode Curl_client_unpause(struct Curl_easy *data) @@ -449,12 +448,12 @@ CURLcode Curl_client_unpause(struct Curl_easy *data) void Curl_client_cleanup(struct Curl_easy *data) { - struct contenc_writer *writer = data->req.writer_stack; + struct Curl_cwriter *writer = data->req.writer_stack; size_t i; while(writer) { - data->req.writer_stack = writer->downstream; - writer->handler->close_writer(data, writer); + data->req.writer_stack = writer->next; + writer->cwt->do_close(data, writer); free(writer); writer = data->req.writer_stack; } @@ -463,61 +462,231 @@ void Curl_client_cleanup(struct Curl_easy *data) Curl_dyn_free(&data->state.tempwrite[i].b); } data->state.tempcount = 0; + data->req.bytecount = 0; + data->req.headerline = 0; +} +/* Write data using an unencoding writer stack. "nbytes" is not + allowed to be 0. */ +CURLcode Curl_cwriter_write(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, + const char *buf, size_t nbytes) +{ + if(!writer) + return CURLE_WRITE_ERROR; + return writer->cwt->do_write(data, writer, type, buf, nbytes); } -/* Real client writer: no downstream. */ -static CURLcode client_cew_init(struct Curl_easy *data, - struct contenc_writer *writer) +CURLcode Curl_cwriter_def_init(struct Curl_easy *data, + struct Curl_cwriter *writer) { - (void) data; + (void)data; (void)writer; return CURLE_OK; } -static CURLcode client_cew_write(struct Curl_easy *data, - struct contenc_writer *writer, - const char *buf, size_t nbytes) +CURLcode Curl_cwriter_def_write(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, + const char *buf, size_t nbytes) { - (void)writer; - if(!nbytes || data->req.ignorebody) - return CURLE_OK; - return chop_write(data, CLIENTWRITE_BODY, FALSE, (char *)buf, nbytes); + return Curl_cwriter_write(data, writer->next, type, buf, nbytes); } -static void client_cew_close(struct Curl_easy *data, - struct contenc_writer *writer) +void Curl_cwriter_def_close(struct Curl_easy *data, + struct Curl_cwriter *writer) { (void) data; (void) writer; } -static const struct content_encoding client_cew = { +/* Real client writer to installed callbacks. */ +static CURLcode cw_client_write(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, + const char *buf, size_t nbytes) +{ + (void)writer; + if(!nbytes) + return CURLE_OK; + return chop_write(data, type, FALSE, (char *)buf, nbytes); +} + +static const struct Curl_cwtype cw_client = { + "client", + NULL, + Curl_cwriter_def_init, + cw_client_write, + Curl_cwriter_def_close, + sizeof(struct Curl_cwriter) +}; + +static size_t get_max_body_write_len(struct Curl_easy *data, curl_off_t limit) +{ + if(limit != -1) { + /* How much more are we allowed to write? */ + curl_off_t remain_diff; + remain_diff = limit - data->req.bytecount; + if(remain_diff < 0) { + /* already written too much! */ + return 0; + } +#if SIZEOF_CURL_OFF_T > SIZEOF_SIZE_T + else if(remain_diff > SSIZE_T_MAX) { + return SIZE_T_MAX; + } +#endif + else { + return (size_t)remain_diff; + } + } + return SIZE_T_MAX; +} + +/* Download client writer in phase CURL_CW_PROTOCOL that + * sees the "real" download body data. */ +static CURLcode cw_download_write(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, + const char *buf, size_t nbytes) +{ + CURLcode result; + size_t nwrite, excess_len = 0; + + if(!(type & CLIENTWRITE_BODY)) { + if((type & CLIENTWRITE_CONNECT) && data->set.suppress_connect_headers) + return CURLE_OK; + return Curl_cwriter_write(data, writer->next, type, buf, nbytes); + } + + if(!data->req.bytecount) { + Curl_pgrsTime(data, TIMER_STARTTRANSFER); + if(data->req.exp100 > EXP100_SEND_DATA) + /* set time stamp to compare with when waiting for the 100 */ + data->req.start100 = Curl_now(); + } + + /* Here, we deal with REAL BODY bytes. All filtering and transfer + * encodings have been applied and only the true content, e.g. BODY, + * bytes are passed here. + * This allows us to check sizes, update stats, etc. independent + * from the protocol in play. */ + + if(data->req.no_body && nbytes > 0) { + /* BODY arrives although we want none, bail out */ + streamclose(data->conn, "ignoring body"); + DEBUGF(infof(data, "did not want a BODY, but seeing %zu bytes", + nbytes)); + data->req.download_done = TRUE; + return CURLE_WEIRD_SERVER_REPLY; + } + + /* Determine if we see any bytes in excess to what is allowed. + * We write the allowed bytes and handle excess further below. + * This gives deterministic BODY writes on varying buffer receive + * lengths. */ + nwrite = nbytes; + if(-1 != data->req.maxdownload) { + size_t wmax = get_max_body_write_len(data, data->req.maxdownload); + if(nwrite > wmax) { + excess_len = nbytes - wmax; + nwrite = wmax; + } + + if(nwrite == wmax) { + data->req.download_done = TRUE; + } + } + + /* Error on too large filesize is handled below, after writing + * the permitted bytes */ + if(data->set.max_filesize) { + size_t wmax = get_max_body_write_len(data, data->set.max_filesize); + if(nwrite > wmax) { + nwrite = wmax; + } + } + + /* Update stats, write and report progress */ + data->req.bytecount += nwrite; + ++data->req.bodywrites; + if(!data->req.ignorebody && nwrite) { + result = Curl_cwriter_write(data, writer->next, type, buf, nwrite); + if(result) + return result; + } + result = Curl_pgrsSetDownloadCounter(data, data->req.bytecount); + if(result) + return result; + + if(excess_len) { + if(!data->req.ignorebody) { + infof(data, + "Excess found writing body:" + " excess = %zu" + ", size = %" CURL_FORMAT_CURL_OFF_T + ", maxdownload = %" CURL_FORMAT_CURL_OFF_T + ", bytecount = %" CURL_FORMAT_CURL_OFF_T, + excess_len, data->req.size, data->req.maxdownload, + data->req.bytecount); + connclose(data->conn, "excess found in a read"); + } + } + else if(nwrite < nbytes) { + failf(data, "Exceeded the maximum allowed file size " + "(%" CURL_FORMAT_CURL_OFF_T ") with %" + CURL_FORMAT_CURL_OFF_T " bytes", + data->set.max_filesize, data->req.bytecount); + return CURLE_FILESIZE_EXCEEDED; + } + + return CURLE_OK; +} + +static const struct Curl_cwtype cw_download = { + "download", NULL, + Curl_cwriter_def_init, + cw_download_write, + Curl_cwriter_def_close, + sizeof(struct Curl_cwriter) +}; + +/* RAW client writer in phase CURL_CW_RAW that + * enabled tracing of raw data. */ +static CURLcode cw_raw_write(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, + const char *buf, size_t nbytes) +{ + if(type & CLIENTWRITE_BODY && data->set.verbose && !data->req.ignorebody) { + Curl_debug(data, CURLINFO_DATA_IN, (char *)buf, nbytes); + } + return Curl_cwriter_write(data, writer->next, type, buf, nbytes); +} + +static const struct Curl_cwtype cw_raw = { + "raw", NULL, - client_cew_init, - client_cew_write, - client_cew_close, - sizeof(struct contenc_writer) + Curl_cwriter_def_init, + cw_raw_write, + Curl_cwriter_def_close, + sizeof(struct Curl_cwriter) }; /* Create an unencoding writer stage using the given handler. */ -CURLcode Curl_client_create_writer(struct contenc_writer **pwriter, +CURLcode Curl_cwriter_create(struct Curl_cwriter **pwriter, struct Curl_easy *data, - const struct content_encoding *ce_handler, - int order) + const struct Curl_cwtype *cwt, + Curl_cwriter_phase phase) { - struct contenc_writer *writer; + struct Curl_cwriter *writer; CURLcode result = CURLE_OUT_OF_MEMORY; - DEBUGASSERT(ce_handler->writersize >= sizeof(struct contenc_writer)); - writer = (struct contenc_writer *) calloc(1, ce_handler->writersize); + DEBUGASSERT(cwt->cwriter_size >= sizeof(struct Curl_cwriter)); + writer = (struct Curl_cwriter *) calloc(1, cwt->cwriter_size); if(!writer) goto out; - writer->handler = ce_handler; - writer->order = order; - result = ce_handler->init_writer(data, writer); + writer->cwt = cwt; + writer->phase = phase; + result = cwt->do_init(data, writer); out: *pwriter = result? NULL : writer; @@ -526,58 +695,92 @@ out: return result; } -void Curl_client_free_writer(struct Curl_easy *data, - struct contenc_writer *writer) +void Curl_cwriter_free(struct Curl_easy *data, + struct Curl_cwriter *writer) { if(writer) { - writer->handler->close_writer(data, writer); + writer->cwt->do_close(data, writer); free(writer); } } -/* allow no more than 5 "chained" compression steps */ -#define MAX_ENCODE_STACK 5 +size_t Curl_cwriter_count(struct Curl_easy *data, Curl_cwriter_phase phase) +{ + struct Curl_cwriter *w; + size_t n = 0; + for(w = data->req.writer_stack; w; w = w->next) { + if(w->phase == phase) + ++n; + } + return n; +} -static CURLcode init_writer_stack(struct Curl_easy *data) +static CURLcode do_init_stack(struct Curl_easy *data) { + struct Curl_cwriter *writer; + CURLcode result; + DEBUGASSERT(!data->req.writer_stack); - return Curl_client_create_writer(&data->req.writer_stack, - data, &client_cew, 0); + result = Curl_cwriter_create(&data->req.writer_stack, + data, &cw_client, CURL_CW_CLIENT); + if(result) + return result; + + result = Curl_cwriter_create(&writer, data, &cw_download, CURL_CW_PROTOCOL); + if(result) + return result; + result = Curl_cwriter_add(data, writer); + if(result) { + Curl_cwriter_free(data, writer); + } + + result = Curl_cwriter_create(&writer, data, &cw_raw, CURL_CW_RAW); + if(result) + return result; + result = Curl_cwriter_add(data, writer); + if(result) { + Curl_cwriter_free(data, writer); + } + return result; } -CURLcode Curl_client_add_writer(struct Curl_easy *data, - struct contenc_writer *writer) +CURLcode Curl_cwriter_add(struct Curl_easy *data, + struct Curl_cwriter *writer) { CURLcode result; + struct Curl_cwriter **anchor = &data->req.writer_stack; - if(!data->req.writer_stack) { - result = init_writer_stack(data); + if(!*anchor) { + result = do_init_stack(data); if(result) return result; } - if(data->req.writer_stack_depth++ >= MAX_ENCODE_STACK) { - failf(data, "Reject response due to more than %u content encodings", - MAX_ENCODE_STACK); - return CURLE_BAD_CONTENT_ENCODING; - } - - /* Stack the unencoding stage. */ - if(writer->order >= data->req.writer_stack->order) { - writer->downstream = data->req.writer_stack; - data->req.writer_stack = writer; - } - else { - struct contenc_writer *w = data->req.writer_stack; - while(w->downstream && writer->order < w->downstream->order) - w = w->downstream; - writer->downstream = w->downstream; - w->downstream = writer; - } + /* Insert the writer as first in its phase. + * Skip existing writers of lower phases. */ + while(*anchor && (*anchor)->phase < writer->phase) + anchor = &((*anchor)->next); + writer->next = *anchor; + *anchor = writer; return CURLE_OK; } +void Curl_cwriter_remove_by_name(struct Curl_easy *data, + const char *name) +{ + struct Curl_cwriter **anchor = &data->req.writer_stack; + + while(*anchor) { + if(!strcmp(name, (*anchor)->cwt->name)) { + struct Curl_cwriter *w = (*anchor); + *anchor = w->next; + Curl_cwriter_free(data, w); + continue; + } + anchor = &((*anchor)->next); + } +} /* * Internal read-from-socket function. This is meant to deal with plain diff --git a/lib/sendf.h b/lib/sendf.h index 9ee00bb0d..7deae2ac3 100644 --- a/lib/sendf.h +++ b/lib/sendf.h @@ -49,44 +49,127 @@ #define CLIENTWRITE_CONNECT (1<<4) /* a CONNECT related HEADER */ #define CLIENTWRITE_1XX (1<<5) /* a 1xx response related HEADER */ #define CLIENTWRITE_TRAILER (1<<6) /* a trailer HEADER */ +#define CLIENTWRITE_EOS (1<<7) /* End Of transfer download Stream */ +/** + * Write `len` bytes at `prt` to the client. `type` indicates what + * kind of data is being written. + */ CURLcode Curl_client_write(struct Curl_easy *data, int type, char *ptr, size_t len) WARN_UNUSED_RESULT; +/** + * For a paused transfer, there might be buffered data held back. + * Attempt to flush this data to the client. This *may* trigger + * another pause of the transfer. + */ CURLcode Curl_client_unpause(struct Curl_easy *data); + +/** + * Free all resources related to client writing. + */ void Curl_client_cleanup(struct Curl_easy *data); -struct contenc_writer { - const struct content_encoding *handler; /* Encoding handler. */ - struct contenc_writer *downstream; /* Downstream writer. */ - unsigned int order; /* Ordering within writer stack. */ +/** + * Client Writers - a chain passing transfer BODY data to the client. + * Main application: HTTP and related protocols + * Other uses: monitoring of download progress + * + * Writers in the chain are order by their `phase`. First come all + * writers in CURL_CW_RAW, followed by any in CURL_CW_TRANSFER_DECODE, + * followed by any in CURL_CW_PROTOCOL, etc. + * + * When adding a writer, it is inserted as first in its phase. This means + * the order of adding writers of the same phase matters, but writers for + * different phases may be added in any order. + * + * Writers which do modify the BODY data written are expected to be of + * phases TRANSFER_DECODE or CONTENT_DECODE. The other phases are intended + * for monitoring writers. Which do *not* modify the data but gather + * statistics or update progress reporting. + */ + +/* Phase a writer operates at. */ +typedef enum { + CURL_CW_RAW, /* raw data written, before any decoding */ + CURL_CW_TRANSFER_DECODE, /* remove transfer-encodings */ + CURL_CW_PROTOCOL, /* after transfer, but before content decoding */ + CURL_CW_CONTENT_DECODE, /* remove content-encodings */ + CURL_CW_CLIENT /* data written to client */ +} Curl_cwriter_phase; + +/* Client Writer Type, provides the implementation */ +struct Curl_cwtype { + const char *name; /* writer name. */ + const char *alias; /* writer name alias, maybe NULL. */ + CURLcode (*do_init)(struct Curl_easy *data, + struct Curl_cwriter *writer); + CURLcode (*do_write)(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, + const char *buf, size_t nbytes); + void (*do_close)(struct Curl_easy *data, + struct Curl_cwriter *writer); + size_t cwriter_size; /* sizeof() allocated struct Curl_cwriter */ }; -/* Content encoding writer. */ -struct content_encoding { - const char *name; /* Encoding name. */ - const char *alias; /* Encoding name alias. */ - CURLcode (*init_writer)(struct Curl_easy *data, - struct contenc_writer *writer); - CURLcode (*unencode_write)(struct Curl_easy *data, - struct contenc_writer *writer, - const char *buf, size_t nbytes); - void (*close_writer)(struct Curl_easy *data, - struct contenc_writer *writer); - size_t writersize; +/* Client writer instance */ +struct Curl_cwriter { + const struct Curl_cwtype *cwt; /* type implementation */ + struct Curl_cwriter *next; /* Downstream writer. */ + Curl_cwriter_phase phase; /* phase at which it operates */ }; +/** + * Create a new cwriter instance with given type and phase. Is not + * inserted into the writer chain by this call. + * Invokes `writer->do_init()`. + */ +CURLcode Curl_cwriter_create(struct Curl_cwriter **pwriter, + struct Curl_easy *data, + const struct Curl_cwtype *ce_handler, + Curl_cwriter_phase phase); + +/** + * Free a cwriter instance. + * Invokes `writer->do_close()`. + */ +void Curl_cwriter_free(struct Curl_easy *data, + struct Curl_cwriter *writer); + +/** + * Count the number of writers installed of the given phase. + */ +size_t Curl_cwriter_count(struct Curl_easy *data, Curl_cwriter_phase phase); + +/** + * Adds a writer to the transfer's writer chain. + * The writers `phase` determines where in the chain it is inserted. + */ +CURLcode Curl_cwriter_add(struct Curl_easy *data, + struct Curl_cwriter *writer); -CURLcode Curl_client_create_writer(struct contenc_writer **pwriter, - struct Curl_easy *data, - const struct content_encoding *ce_handler, - int order); +void Curl_cwriter_remove_by_name(struct Curl_easy *data, + const char *name); -void Curl_client_free_writer(struct Curl_easy *data, - struct contenc_writer *writer); +/** + * Convenience method for calling `writer->do_write()` that + * checks for NULL writer. + */ +CURLcode Curl_cwriter_write(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, + const char *buf, size_t nbytes); -CURLcode Curl_client_add_writer(struct Curl_easy *data, - struct contenc_writer *writer); +/** + * Default implementations for do_init, do_write, do_close that + * do nothing and pass the data through. + */ +CURLcode Curl_cwriter_def_init(struct Curl_easy *data, + struct Curl_cwriter *writer); +CURLcode Curl_cwriter_def_write(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, + const char *buf, size_t nbytes); +void Curl_cwriter_def_close(struct Curl_easy *data, + struct Curl_cwriter *writer); /* internal read-function, does plain socket, SSL and krb4 */ diff --git a/lib/setopt.c b/lib/setopt.c index 0d399adfe..a5270773f 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -50,7 +50,8 @@ #include "multiif.h" #include "altsvc.h" #include "hsts.h" - +#include "tftp.h" +#include "strdup.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" #include "curl_memory.h" @@ -171,7 +172,7 @@ static CURLcode protocol2num(const char *str, curl_prot_t *val) str = strchr(str, ','); tlen = str? (size_t) (str - token): strlen(token); if(tlen) { - const struct Curl_handler *h = Curl_builtin_scheme(token, tlen); + const struct Curl_handler *h = Curl_getn_scheme_handler(token, tlen); if(!h) return CURLE_UNSUPPORTED_PROTOCOL; @@ -261,43 +262,43 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Set the absolute number of maximum simultaneous alive connection that * libcurl is allowed to have. */ - arg = va_arg(param, long); - if(arg < 0) + uarg = va_arg(param, unsigned long); + if(uarg > UINT_MAX) return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.maxconnects = arg; + data->set.maxconnects = (unsigned int)uarg; break; case CURLOPT_FORBID_REUSE: /* * When this transfer is done, it must not be left to be reused by a * subsequent transfer but shall be closed immediately. */ - data->set.reuse_forbid = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.reuse_forbid = (0 != va_arg(param, long)); break; case CURLOPT_FRESH_CONNECT: /* * This transfer shall not use a previously cached connection but * should be made with a fresh new connect! */ - data->set.reuse_fresh = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.reuse_fresh = (0 != va_arg(param, long)); break; case CURLOPT_VERBOSE: /* * Verbose means infof() calls that give a lot of information about * the connection and transfer procedures as well as internal choices. */ - data->set.verbose = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.verbose = (0 != va_arg(param, long)); break; case CURLOPT_HEADER: /* * Set to include the header in the general data output stream. */ - data->set.include_header = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.include_header = (0 != va_arg(param, long)); break; case CURLOPT_NOPROGRESS: /* * Shut off the internal supported progress meter */ - data->set.hide_progress = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.hide_progress = (0 != va_arg(param, long)); if(data->set.hide_progress) data->progress.flags |= PGRS_HIDE; else @@ -307,7 +308,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* * Do not include the body part in the output data stream. */ - data->set.opt_no_body = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.opt_no_body = (0 != va_arg(param, long)); #ifndef CURL_DISABLE_HTTP if(data->set.opt_no_body) /* in HTTP lingo, no body means using the HEAD request... */ @@ -321,11 +322,10 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Don't output the >=400 error code HTML-page, but instead only * return error. */ - data->set.http_fail_on_error = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.http_fail_on_error = (0 != va_arg(param, long)); break; case CURLOPT_KEEP_SENDING_ON_ERROR: - data->set.http_keep_sending_on_error = (0 != va_arg(param, long)) ? - TRUE : FALSE; + data->set.http_keep_sending_on_error = (0 != va_arg(param, long)); break; case CURLOPT_UPLOAD: case CURLOPT_PUT: @@ -353,7 +353,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Try to get the file time of the remote document. The time will * later (possibly) become available using curl_easy_getinfo(). */ - data->set.get_filetime = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.get_filetime = (0 != va_arg(param, long)); break; case CURLOPT_SERVER_RESPONSE_TIMEOUT: /* @@ -366,6 +366,17 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) else return CURLE_BAD_FUNCTION_ARGUMENT; break; + case CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: + /* + * Option that specifies how quickly a server response must be obtained + * before it is considered failure. For pingpong protocols. + */ + arg = va_arg(param, long); + if((arg >= 0) && (arg <= INT_MAX)) + data->set.server_response_timeout = (unsigned int)arg; + else + return CURLE_BAD_FUNCTION_ARGUMENT; + break; #ifndef CURL_DISABLE_TFTP case CURLOPT_TFTP_NO_OPTIONS: /* @@ -379,7 +390,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * TFTP option that specifies the block size to use for data transmission. */ arg = va_arg(param, long); - if(arg < 0) + if(arg > TFTP_BLKSIZE_MAX || arg < TFTP_BLKSIZE_MIN) return CURLE_BAD_FUNCTION_ARGUMENT; data->set.tftp_blksize = arg; break; @@ -409,7 +420,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * * Transfer using ASCII (instead of BINARY). */ - data->set.prefer_ascii = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.prefer_ascii = (0 != va_arg(param, long)); break; case CURLOPT_TIMECONDITION: /* @@ -497,26 +508,17 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) (data->set.postfieldsize > (curl_off_t)((size_t)-1)))) result = CURLE_OUT_OF_MEMORY; else { - char *p; - - (void) Curl_setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL); - /* Allocate even when size == 0. This satisfies the need of possible - later address compare to detect the COPYPOSTFIELDS mode, and - to mark that postfields is used rather than read function or - form data. + later address compare to detect the COPYPOSTFIELDS mode, and to + mark that postfields is used rather than read function or form + data. */ - p = malloc((size_t)(data->set.postfieldsize? - data->set.postfieldsize:1)); - + char *p = Curl_memdup0(argptr, (size_t)data->set.postfieldsize); + (void) Curl_setstropt(&data->set.str[STRING_COPYPOSTFIELDS], NULL); if(!p) result = CURLE_OUT_OF_MEMORY; - else { - if(data->set.postfieldsize) - memcpy(p, argptr, (size_t)data->set.postfieldsize); - + else data->set.str[STRING_COPYPOSTFIELDS] = p; - } } } @@ -577,7 +579,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* * Switch on automatic referer that gets set if curl follows locations. */ - data->set.http_auto_referer = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.http_auto_referer = (0 != va_arg(param, long)); break; case CURLOPT_ACCEPT_ENCODING: @@ -592,28 +594,23 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) */ argptr = va_arg(param, char *); if(argptr && !*argptr) { - argptr = Curl_all_content_encodings(); - if(!argptr) - result = CURLE_OUT_OF_MEMORY; - else { - result = Curl_setstropt(&data->set.str[STRING_ENCODING], argptr); - free(argptr); - } + char all[256]; + Curl_all_content_encodings(all, sizeof(all)); + result = Curl_setstropt(&data->set.str[STRING_ENCODING], all); } else result = Curl_setstropt(&data->set.str[STRING_ENCODING], argptr); break; case CURLOPT_TRANSFER_ENCODING: - data->set.http_transfer_encoding = (0 != va_arg(param, long)) ? - TRUE : FALSE; + data->set.http_transfer_encoding = (0 != va_arg(param, long)); break; case CURLOPT_FOLLOWLOCATION: /* * Follow Location: header hints on an HTTP-server. */ - data->set.http_follow_location = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.http_follow_location = (0 != va_arg(param, long)); break; case CURLOPT_UNRESTRICTED_AUTH: @@ -621,8 +618,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Send authentication (user+password) when following locations, even when * hostname changed. */ - data->set.allow_auth_to_other_hosts = - (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.allow_auth_to_other_hosts = (0 != va_arg(param, long)); break; case CURLOPT_MAXREDIRS: @@ -676,6 +672,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) data->set.opt_no_body = FALSE; /* this is implied */ Curl_mime_cleanpart(data->state.formp); Curl_safefree(data->state.formp); + data->state.mimepost = NULL; break; #endif @@ -736,7 +733,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Set header option. */ arg = va_arg(param, long); - data->set.sep_headers = (bool)((arg & CURLHEADER_SEPARATE)? TRUE: FALSE); + data->set.sep_headers = !!(arg & CURLHEADER_SEPARATE); break; #if !defined(CURL_DISABLE_COOKIES) @@ -760,18 +757,18 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) return CURLE_BAD_FUNCTION_ARGUMENT; /* append the cookie file name to the list of file names, and deal with them later */ - cl = curl_slist_append(data->set.cookielist, argptr); + cl = curl_slist_append(data->state.cookielist, argptr); if(!cl) { - curl_slist_free_all(data->set.cookielist); - data->set.cookielist = NULL; + curl_slist_free_all(data->state.cookielist); + data->state.cookielist = NULL; return CURLE_OUT_OF_MEMORY; } - data->set.cookielist = cl; /* store the list for later use */ + data->state.cookielist = cl; /* store the list for later use */ } else { /* clear the list of cookie files */ - curl_slist_free_all(data->set.cookielist); - data->set.cookielist = NULL; + curl_slist_free_all(data->state.cookielist); + data->state.cookielist = NULL; if(!data->share || !data->share->cookies) { /* throw away all existing cookies if this isn't a shared cookie @@ -811,17 +808,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * prevent the forthcoming read-cookies-from-file actions to accept * cookies that are marked as being session cookies, as they belong to a * previous session. - * - * In the original Netscape cookie spec, "session cookies" are cookies - * with no expire date set. RFC2109 describes the same action if no - * 'Max-Age' is set and RFC2965 includes the RFC2109 description and adds - * a 'Discard' action that can enforce the discard even for cookies that - * have a Max-Age. - * - * We run mostly with the original cookie spec, as hardly anyone implements - * anything else. */ - data->set.cookiesession = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.cookiesession = (0 != va_arg(param, long)); break; case CURLOPT_COOKIELIST: @@ -956,7 +944,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) if(arg) return CURLE_BAD_FUNCTION_ARGUMENT; #else - data->set.http09_allowed = arg ? TRUE : FALSE; + data->set.http09_allowed = !!arg; #endif break; @@ -992,13 +980,15 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #ifndef CURL_DISABLE_FORM_API Curl_mime_cleanpart(data->state.formp); Curl_safefree(data->state.formp); + data->state.mimepost = NULL; #endif } break; case CURLOPT_MIME_OPTIONS: - data->set.mime_options = (unsigned int)va_arg(param, long); - break; + arg = va_arg(param, long); + data->set.mime_formescape = !!(arg & CURLMIMEOPT_FORMESCAPE); + break; # endif #endif @@ -1018,8 +1008,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* the DIGEST_IE bit is only used to set a special marker, for all the rest we need to handle it as normal DIGEST */ - data->state.authhost.iestyle = - (bool)((auth & CURLAUTH_DIGEST_IE) ? TRUE : FALSE); + data->state.authhost.iestyle = !!(auth & CURLAUTH_DIGEST_IE); if(auth & CURLAUTH_DIGEST_IE) { auth |= CURLAUTH_DIGEST; /* set standard digest bit */ @@ -1072,8 +1061,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* * Tunnel operations through the proxy instead of normal proxy use */ - data->set.tunnel_thru_httpproxy = (0 != va_arg(param, long)) ? - TRUE : FALSE; + data->set.tunnel_thru_httpproxy = (0 != va_arg(param, long)); break; case CURLOPT_PROXYPORT: @@ -1102,8 +1090,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* the DIGEST_IE bit is only used to set a special marker, for all the rest we need to handle it as normal DIGEST */ - data->state.authproxy.iestyle = - (bool)((auth & CURLAUTH_DIGEST_IE) ? TRUE : FALSE); + data->state.authproxy.iestyle = !!(auth & CURLAUTH_DIGEST_IE); if(auth & CURLAUTH_DIGEST_IE) { auth |= CURLAUTH_DIGEST; /* set standard digest bit */ @@ -1203,7 +1190,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* * Set flag for NEC SOCK5 support */ - data->set.socks5_gssapi_nec = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.socks5_gssapi_nec = (0 != va_arg(param, long)); break; #endif #ifndef CURL_DISABLE_PROXY @@ -1251,7 +1238,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * An option that changes the command to one that asks for a list only, no * file info details. Used for FTP, POP3 and SFTP. */ - data->set.list_only = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.list_only = (0 != va_arg(param, long)); break; #endif case CURLOPT_APPEND: @@ -1259,7 +1246,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * We want to upload and append to an existing file. Used for FTP and * SFTP. */ - data->set.remote_append = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.remote_append = (0 != va_arg(param, long)); break; #ifndef CURL_DISABLE_FTP @@ -1270,7 +1257,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) arg = va_arg(param, long); if((arg < CURLFTPMETHOD_DEFAULT) || (arg >= CURLFTPMETHOD_LAST)) return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.ftp_filemethod = (unsigned char)(curl_ftpfile)arg; + data->set.ftp_filemethod = (unsigned char)arg; break; case CURLOPT_FTPPORT: /* @@ -1278,26 +1265,26 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) */ result = Curl_setstropt(&data->set.str[STRING_FTPPORT], va_arg(param, char *)); - data->set.ftp_use_port = (data->set.str[STRING_FTPPORT]) ? TRUE : FALSE; + data->set.ftp_use_port = !!(data->set.str[STRING_FTPPORT]); break; case CURLOPT_FTP_USE_EPRT: - data->set.ftp_use_eprt = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.ftp_use_eprt = (0 != va_arg(param, long)); break; case CURLOPT_FTP_USE_EPSV: - data->set.ftp_use_epsv = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.ftp_use_epsv = (0 != va_arg(param, long)); break; case CURLOPT_FTP_USE_PRET: - data->set.ftp_use_pret = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.ftp_use_pret = (0 != va_arg(param, long)); break; case CURLOPT_FTP_SSL_CCC: arg = va_arg(param, long); if((arg < CURLFTPSSL_CCC_NONE) || (arg >= CURLFTPSSL_CCC_LAST)) return CURLE_BAD_FUNCTION_ARGUMENT; - data->set.ftp_ccc = (unsigned char)(curl_ftpccc)arg; + data->set.ftp_ccc = (unsigned char)arg; break; case CURLOPT_FTP_SKIP_PASV_IP: @@ -1305,7 +1292,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Enable or disable FTP_SKIP_PASV_IP, which will disable/enable the * bypass of the IP address in PASV responses. */ - data->set.ftp_skip_ip = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.ftp_skip_ip = (0 != va_arg(param, long)); break; case CURLOPT_FTP_ACCOUNT: @@ -1333,7 +1320,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) */ result = Curl_setstropt(&data->set.str[STRING_KRB_LEVEL], va_arg(param, char *)); - data->set.krb = (data->set.str[STRING_KRB_LEVEL]) ? TRUE : FALSE; + data->set.krb = !!(data->set.str[STRING_KRB_LEVEL]); break; #endif #if !defined(CURL_DISABLE_FTP) || defined(USE_SSH) @@ -1867,14 +1854,14 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* * Kludgy option to enable CRLF conversions. Subject for removal. */ - data->set.crlf = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.crlf = (0 != va_arg(param, long)); break; #ifndef CURL_DISABLE_PROXY case CURLOPT_HAPROXYPROTOCOL: /* * Set to send the HAProxy Proxy Protocol header */ - data->set.haproxyprotocol = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.haproxyprotocol = (0 != va_arg(param, long)); break; case CURLOPT_HAPROXY_CLIENT_IP: /* @@ -1926,22 +1913,17 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* * Enable peer SSL verifying. */ - data->set.ssl.primary.verifypeer = (0 != va_arg(param, long)) ? - TRUE : FALSE; + data->set.ssl.primary.verifypeer = (0 != va_arg(param, long)); /* Update the current connection ssl_config. */ - if(data->conn) { - data->conn->ssl_config.verifypeer = - data->set.ssl.primary.verifypeer; - } + Curl_ssl_conn_config_update(data, FALSE); break; #ifndef CURL_DISABLE_DOH case CURLOPT_DOH_SSL_VERIFYPEER: /* * Enable peer SSL verifying for DoH. */ - data->set.doh_verifypeer = (0 != va_arg(param, long)) ? - TRUE : FALSE; + data->set.doh_verifypeer = (0 != va_arg(param, long)); break; #endif #ifndef CURL_DISABLE_PROXY @@ -1953,10 +1935,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) (0 != va_arg(param, long))?TRUE:FALSE; /* Update the current connection proxy_ssl_config. */ - if(data->conn) { - data->conn->proxy_ssl_config.verifypeer = - data->set.proxy_ssl.primary.verifypeer; - } + Curl_ssl_conn_config_update(data, TRUE); break; #endif case CURLOPT_SSL_VERIFYHOST: @@ -1968,13 +1947,10 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* Obviously people are not reading documentation and too many thought this argument took a boolean when it wasn't and misused it. Treat 1 and 2 the same */ - data->set.ssl.primary.verifyhost = (bool)((arg & 3) ? TRUE : FALSE); + data->set.ssl.primary.verifyhost = !!(arg & 3); /* Update the current connection ssl_config. */ - if(data->conn) { - data->conn->ssl_config.verifyhost = - data->set.ssl.primary.verifyhost; - } + Curl_ssl_conn_config_update(data, FALSE); break; #ifndef CURL_DISABLE_DOH case CURLOPT_DOH_SSL_VERIFYHOST: @@ -1984,7 +1960,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) arg = va_arg(param, long); /* Treat both 1 and 2 as TRUE */ - data->set.doh_verifyhost = (bool)((arg & 3) ? TRUE : FALSE); + data->set.doh_verifyhost = !!(arg & 3); break; #endif #ifndef CURL_DISABLE_PROXY @@ -1996,12 +1972,8 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* Treat both 1 and 2 as TRUE */ data->set.proxy_ssl.primary.verifyhost = (bool)((arg & 3)?TRUE:FALSE); - /* Update the current connection proxy_ssl_config. */ - if(data->conn) { - data->conn->proxy_ssl_config.verifyhost = - data->set.proxy_ssl.primary.verifyhost; - } + Curl_ssl_conn_config_update(data, TRUE); break; #endif case CURLOPT_SSL_VERIFYSTATUS: @@ -2013,14 +1985,10 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; } - data->set.ssl.primary.verifystatus = (0 != va_arg(param, long)) ? - TRUE : FALSE; + data->set.ssl.primary.verifystatus = (0 != va_arg(param, long)); /* Update the current connection ssl_config. */ - if(data->conn) { - data->conn->ssl_config.verifystatus = - data->set.ssl.primary.verifystatus; - } + Curl_ssl_conn_config_update(data, FALSE); break; #ifndef CURL_DISABLE_DOH case CURLOPT_DOH_SSL_VERIFYSTATUS: @@ -2032,8 +2000,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; } - data->set.doh_verifystatus = (0 != va_arg(param, long)) ? - TRUE : FALSE; + data->set.doh_verifystatus = (0 != va_arg(param, long)); break; #endif case CURLOPT_SSL_CTX_FUNCTION: @@ -2067,12 +2034,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; } - data->set.ssl.falsestart = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.ssl.falsestart = (0 != va_arg(param, long)); break; case CURLOPT_CERTINFO: #ifdef USE_SSL if(Curl_ssl_supports(data, SSLSUPP_CERTINFO)) - data->set.ssl.certinfo = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.ssl.certinfo = (0 != va_arg(param, long)); else #endif result = CURLE_NOT_BUILT_IN; @@ -2118,14 +2085,14 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Specify entire PEM of the CA certificate */ #ifdef USE_SSL - if(Curl_ssl_supports(data, SSLSUPP_CAINFO_BLOB)) + if(Curl_ssl_supports(data, SSLSUPP_CAINFO_BLOB)) { result = Curl_setblobopt(&data->set.blobs[BLOB_CAINFO], va_arg(param, struct curl_blob *)); + break; + } else #endif return CURLE_NOT_BUILT_IN; - - break; #ifndef CURL_DISABLE_PROXY case CURLOPT_PROXY_CAINFO: /* @@ -2141,13 +2108,14 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Specify entire PEM of the CA certificate */ #ifdef USE_SSL - if(Curl_ssl_supports(data, SSLSUPP_CAINFO_BLOB)) + if(Curl_ssl_supports(data, SSLSUPP_CAINFO_BLOB)) { result = Curl_setblobopt(&data->set.blobs[BLOB_CAINFO_PROXY], va_arg(param, struct curl_blob *)); + break; + } else #endif return CURLE_NOT_BUILT_IN; - break; #endif case CURLOPT_CAPATH: /* @@ -2278,7 +2246,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * The application asks not to set any signal() or alarm() handlers, * even when using a timeout. */ - data->set.no_signal = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.no_signal = (0 != va_arg(param, long)); break; case CURLOPT_SHARE: @@ -2453,11 +2421,11 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * Enable or disable TCP_NODELAY, which will disable/enable the Nagle * algorithm */ - data->set.tcp_nodelay = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.tcp_nodelay = (0 != va_arg(param, long)); break; case CURLOPT_IGNORE_CONTENT_LENGTH: - data->set.ignorecl = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.ignorecl = (0 != va_arg(param, long)); break; case CURLOPT_CONNECT_ONLY: @@ -2532,8 +2500,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; case CURLOPT_SSL_SESSIONID_CACHE: - data->set.ssl.primary.sessionid = (0 != va_arg(param, long)) ? - TRUE : FALSE; + data->set.ssl.primary.sessionid = (0 != va_arg(param, long)); #ifndef CURL_DISABLE_PROXY data->set.proxy_ssl.primary.sessionid = data->set.ssl.primary.sessionid; #endif @@ -2622,7 +2589,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) * disable libcurl transfer encoding is used */ #ifndef USE_HYPER - data->set.http_te_skip = (0 == va_arg(param, long)) ? TRUE : FALSE; + data->set.http_te_skip = (0 == va_arg(param, long)); break; #else return CURLE_NOT_BUILT_IN; /* hyper doesn't support */ @@ -2632,7 +2599,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* * raw data passed to the application when content encoding is used */ - data->set.http_ce_skip = (0 == va_arg(param, long)) ? TRUE : FALSE; + data->set.http_ce_skip = (0 == va_arg(param, long)); break; #if !defined(CURL_DISABLE_FTP) || defined(USE_SSH) @@ -2733,7 +2700,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; case CURLOPT_MAIL_RCPT_ALLOWFAILS: /* allow RCPT TO command to fail for some recipients */ - data->set.mail_rcpt_allowfails = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.mail_rcpt_allowfails = (0 != va_arg(param, long)); break; #endif @@ -2745,7 +2712,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_SASL_IR: /* Enable/disable SASL initial response */ - data->set.sasl_ir = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.sasl_ir = (0 != va_arg(param, long)); break; #ifndef CURL_DISABLE_RTSP case CURLOPT_RTSP_REQUEST: @@ -2859,7 +2826,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #endif #ifndef CURL_DISABLE_FTP case CURLOPT_WILDCARDMATCH: - data->set.wildcard_enabled = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.wildcard_enabled = (0 != va_arg(param, long)); break; case CURLOPT_CHUNK_BGN_FUNCTION: data->set.chunk_bgn = va_arg(param, curl_chunk_bgn_callback); @@ -2942,7 +2909,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; #endif case CURLOPT_TCP_KEEPALIVE: - data->set.tcp_keepalive = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.tcp_keepalive = (0 != va_arg(param, long)); break; case CURLOPT_TCP_KEEPIDLE: arg = va_arg(param, long); @@ -2971,7 +2938,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_SSL_ENABLE_NPN: break; case CURLOPT_SSL_ENABLE_ALPN: - data->set.ssl_enable_alpn = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.ssl_enable_alpn = (0 != va_arg(param, long)); break; #ifdef USE_UNIX_SOCKETS case CURLOPT_UNIX_SOCKET_PATH: @@ -2987,10 +2954,10 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) #endif case CURLOPT_PATH_AS_IS: - data->set.path_as_is = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.path_as_is = (0 != va_arg(param, long)); break; case CURLOPT_PIPEWAIT: - data->set.pipewait = (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.pipewait = (0 != va_arg(param, long)); break; case CURLOPT_STREAM_WEIGHT: #if defined(USE_HTTP2) || defined(USE_HTTP3) @@ -3025,12 +2992,11 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) break; #ifndef CURL_DISABLE_SHUFFLE_DNS case CURLOPT_DNS_SHUFFLE_ADDRESSES: - data->set.dns_shuffle_addresses = (0 != va_arg(param, long)) ? TRUE:FALSE; + data->set.dns_shuffle_addresses = (0 != va_arg(param, long)); break; #endif case CURLOPT_DISALLOW_USERNAME_IN_URL: - data->set.disallow_username_in_url = - (0 != va_arg(param, long)) ? TRUE : FALSE; + data->set.disallow_username_in_url = (0 != va_arg(param, long)); break; #ifndef CURL_DISABLE_DOH case CURLOPT_DOH_URL: @@ -3095,18 +3061,18 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* this needs to build a list of file names to read from, so that it can read them later, as we might get a shared HSTS handle to load them into */ - h = curl_slist_append(data->set.hstslist, argptr); + h = curl_slist_append(data->state.hstslist, argptr); if(!h) { - curl_slist_free_all(data->set.hstslist); - data->set.hstslist = NULL; + curl_slist_free_all(data->state.hstslist); + data->state.hstslist = NULL; return CURLE_OUT_OF_MEMORY; } - data->set.hstslist = h; /* store the list for later use */ + data->state.hstslist = h; /* store the list for later use */ } else { /* clear the list of HSTS files */ - curl_slist_free_all(data->set.hstslist); - data->set.hstslist = NULL; + curl_slist_free_all(data->state.hstslist); + data->state.hstslist = NULL; if(!data->share || !data->share->hsts) /* throw away the HSTS cache unless shared */ Curl_hsts_cleanup(&data->hsts); @@ -3147,6 +3113,10 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) return CURLE_OUT_OF_MEMORY; } arg = va_arg(param, long); + if(!arg) { + DEBUGF(infof(data, "bad CURLOPT_ALTSVC_CTRL input")); + return CURLE_BAD_FUNCTION_ARGUMENT; + } result = Curl_altsvc_ctrl(data->asi, arg); if(result) return result; @@ -3201,5 +3171,9 @@ CURLcode curl_easy_setopt(struct Curl_easy *data, CURLoption tag, ...) result = Curl_vsetopt(data, tag, arg); va_end(arg); +#ifdef DEBUGBUILD + if(result == CURLE_BAD_FUNCTION_ARGUMENT) + infof(data, "setopt arg 0x%x returned CURLE_BAD_FUNCTION_ARGUMENT", tag); +#endif return result; } diff --git a/lib/setup-win32.h b/lib/setup-win32.h index 13948389a..d7e2e6be1 100644 --- a/lib/setup-win32.h +++ b/lib/setup-win32.h @@ -24,18 +24,53 @@ * ***************************************************************************/ +#undef USE_WINSOCK +/* ---------------------------------------------------------------- */ +/* Watt-32 TCP/IP SPECIFIC */ +/* ---------------------------------------------------------------- */ +#ifdef USE_WATT32 +# include +# undef byte +# undef word +# define HAVE_SYS_IOCTL_H +# define HAVE_SYS_SOCKET_H +# define HAVE_NETINET_IN_H +# define HAVE_NETDB_H +# define HAVE_ARPA_INET_H +# define SOCKET int +/* ---------------------------------------------------------------- */ +/* BSD-style lwIP TCP/IP stack SPECIFIC */ +/* ---------------------------------------------------------------- */ +#elif defined(USE_LWIPSOCK) + /* Define to use BSD-style lwIP TCP/IP stack. */ + /* #define USE_LWIPSOCK 1 */ +# undef HAVE_GETHOSTNAME +# undef LWIP_POSIX_SOCKETS_IO_NAMES +# undef RECV_TYPE_ARG1 +# undef RECV_TYPE_ARG3 +# undef SEND_TYPE_ARG1 +# undef SEND_TYPE_ARG3 +# define HAVE_GETHOSTBYNAME_R +# define HAVE_GETHOSTBYNAME_R_6 +# define LWIP_POSIX_SOCKETS_IO_NAMES 0 +# define RECV_TYPE_ARG1 int +# define RECV_TYPE_ARG3 size_t +# define SEND_TYPE_ARG1 int +# define SEND_TYPE_ARG3 size_t +#elif defined(_WIN32) +# define USE_WINSOCK 2 +#endif + /* * Include header files for windows builds before redefining anything. * Use this preprocessor block only to include or exclude windows.h, * winsock2.h or ws2tcpip.h. Any other windows thing belongs * to any other further and independent block. Under Cygwin things work * just as under linux (e.g. ) and the winsock headers should - * never be included when __CYGWIN__ is defined. configure script takes - * care of this, not defining HAVE_WINDOWS_H, HAVE_WINSOCK2_H, - * neither HAVE_WS2TCPIP_H when __CYGWIN__ is defined. + * never be included when __CYGWIN__ is defined. */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # if defined(UNICODE) && !defined(_UNICODE) # error "UNICODE is defined but _UNICODE is not defined" # endif @@ -53,31 +88,16 @@ # ifndef NOGDI # define NOGDI # endif -# include +# include +# include # include -# ifdef HAVE_WINSOCK2_H -# include -# ifdef HAVE_WS2TCPIP_H -# include -# endif -# endif +# include # include # ifdef UNICODE typedef wchar_t *(*curl_wcsdup_callback)(const wchar_t *str); # endif #endif -/* - * Define USE_WINSOCK to 2 if we have and use WINSOCK2 API, else - * undefine USE_WINSOCK. - */ - -#undef USE_WINSOCK - -#ifdef HAVE_WINSOCK2_H -# define USE_WINSOCK 2 -#endif - /* * Define _WIN32_WINNT_[OS] symbols because not all Windows build systems have * those symbols to compare against, and even those that do may be missing @@ -96,18 +116,12 @@ #ifndef _WIN32_WINNT_WS03 #define _WIN32_WINNT_WS03 0x0502 /* Windows Server 2003 */ #endif -#ifndef _WIN32_WINNT_WIN6 -#define _WIN32_WINNT_WIN6 0x0600 /* Windows Vista */ -#endif #ifndef _WIN32_WINNT_VISTA #define _WIN32_WINNT_VISTA 0x0600 /* Windows Vista */ #endif #ifndef _WIN32_WINNT_WS08 #define _WIN32_WINNT_WS08 0x0600 /* Windows Server 2008 */ #endif -#ifndef _WIN32_WINNT_LONGHORN -#define _WIN32_WINNT_LONGHORN 0x0600 /* Windows Vista */ -#endif #ifndef _WIN32_WINNT_WIN7 #define _WIN32_WINNT_WIN7 0x0601 /* Windows 7 */ #endif @@ -117,9 +131,6 @@ #ifndef _WIN32_WINNT_WINBLUE #define _WIN32_WINNT_WINBLUE 0x0603 /* Windows 8.1 */ #endif -#ifndef _WIN32_WINNT_WINTHRESHOLD -#define _WIN32_WINNT_WINTHRESHOLD 0x0A00 /* Windows 10 */ -#endif #ifndef _WIN32_WINNT_WIN10 #define _WIN32_WINNT_WIN10 0x0A00 /* Windows 10 */ #endif diff --git a/lib/share.c b/lib/share.c index c0a8d806f..8fa5cda00 100644 --- a/lib/share.c +++ b/lib/share.c @@ -133,13 +133,13 @@ curl_share_setopt(struct Curl_share *share, CURLSHoption option, ...) res = CURLSHE_BAD_OPTION; } if(!res) - share->specifier |= (1<specifier |= (unsigned int)(1<specifier &= ~(1<specifier &= ~(unsigned int)(1<specifier & (1<specifier & (unsigned int)(1<lockfunc) /* only call this if set! */ share->lockfunc(data, type, accesstype, share->clientdata); } @@ -281,7 +281,7 @@ Curl_share_unlock(struct Curl_easy *data, curl_lock_data type) if(!share) return CURLSHE_INVALID; - if(share->specifier & (1<specifier & (unsigned int)(1<unlockfunc) /* only call this if set! */ share->unlockfunc (data, type, share->clientdata); } diff --git a/lib/share.h b/lib/share.h index 7f55aac85..632d9198f 100644 --- a/lib/share.h +++ b/lib/share.h @@ -31,14 +31,6 @@ #include "urldata.h" #include "conncache.h" -/* SalfordC says "A structure member may not be volatile". Hence: - */ -#ifdef __SALFORDC__ -#define CURL_VOLATILE -#else -#define CURL_VOLATILE volatile -#endif - #define CURL_GOOD_SHARE 0x7e117a1e #define GOOD_SHARE_HANDLE(x) ((x) && (x)->magic == CURL_GOOD_SHARE) @@ -46,7 +38,7 @@ struct Curl_share { unsigned int magic; /* CURL_GOOD_SHARE */ unsigned int specifier; - CURL_VOLATILE unsigned int dirty; + volatile unsigned int dirty; curl_lock_function lockfunc; curl_unlock_function unlockfunc; diff --git a/lib/smb.c b/lib/smb.c index 32c5137a4..1d1867cc2 100644 --- a/lib/smb.c +++ b/lib/smb.c @@ -27,7 +27,7 @@ #if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE) -#ifdef WIN32 +#ifdef _WIN32 #define getpid GetCurrentProcessId #endif @@ -272,7 +272,7 @@ const struct Curl_handler Curl_handler_smb = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ smb_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_SMB, /* defport */ @@ -299,7 +299,7 @@ const struct Curl_handler Curl_handler_smbs = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ smb_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_SMBS, /* defport */ @@ -1047,14 +1047,7 @@ static CURLcode smb_request_state(struct Curl_easy *data, bool *done) break; } } - data->req.bytecount += len; data->req.offset += len; - result = Curl_pgrsSetDownloadCounter(data, data->req.bytecount); - if(result) { - req->result = result; - next_state = SMB_CLOSE; - break; - } next_state = (len < MAX_PAYLOAD_SIZE) ? SMB_CLOSE : SMB_DOWNLOAD; break; diff --git a/lib/smtp.c b/lib/smtp.c index 81a17e38d..bfe7b8f12 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -130,7 +130,7 @@ const struct Curl_handler Curl_handler_smtp = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ smtp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_SMTP, /* defport */ @@ -159,7 +159,7 @@ const struct Curl_handler Curl_handler_smtps = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ smtp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_SMTPS, /* defport */ @@ -250,8 +250,8 @@ static bool smtp_endofresp(struct Curl_easy *data, struct connectdata *conn, */ static CURLcode smtp_get_message(struct Curl_easy *data, struct bufref *out) { - char *message = data->state.buffer; - size_t len = strlen(message); + char *message = Curl_dyn_ptr(&data->conn->proto.smtpc.pp.recvbuf); + size_t len = data->conn->proto.smtpc.pp.nfinal; if(len > 4) { /* Find the start of the message */ @@ -859,7 +859,7 @@ static CURLcode smtp_state_starttls_resp(struct Curl_easy *data, (void)instate; /* no use for this yet */ /* Pipelining in response is forbidden. */ - if(data->conn->proto.smtpc.pp.cache_size) + if(data->conn->proto.smtpc.pp.overflow) return CURLE_WEIRD_SERVER_REPLY; if(smtpcode != 220) { @@ -883,8 +883,8 @@ static CURLcode smtp_state_ehlo_resp(struct Curl_easy *data, { CURLcode result = CURLE_OK; struct smtp_conn *smtpc = &conn->proto.smtpc; - const char *line = data->state.buffer; - size_t len = strlen(line); + const char *line = Curl_dyn_ptr(&smtpc->pp.recvbuf); + size_t len = smtpc->pp.nfinal; (void)instate; /* no use for this yet */ @@ -1033,8 +1033,8 @@ static CURLcode smtp_state_command_resp(struct Curl_easy *data, int smtpcode, { CURLcode result = CURLE_OK; struct SMTP *smtp = data->req.p.smtp; - char *line = data->state.buffer; - size_t len = strlen(line); + char *line = Curl_dyn_ptr(&data->conn->proto.smtpc.pp.recvbuf); + size_t len = data->conn->proto.smtpc.pp.nfinal; (void)instate; /* no use for this yet */ @@ -1044,12 +1044,8 @@ static CURLcode smtp_state_command_resp(struct Curl_easy *data, int smtpcode, result = CURLE_WEIRD_SERVER_REPLY; } else { - /* Temporarily add the LF character back and send as body to the client */ - if(!data->req.no_body) { - line[len] = '\n'; - result = Curl_client_write(data, CLIENTWRITE_BODY, line, len + 1); - line[len] = '\0'; - } + if(!data->req.no_body) + result = Curl_client_write(data, CLIENTWRITE_BODY, line, len); if(smtpcode != 1) { if(smtp->rcpt) { @@ -1268,7 +1264,6 @@ static CURLcode smtp_statemachine(struct Curl_easy *data, break; case SMTP_QUIT: - /* fallthrough, just stop! */ default: /* internal error */ smtp_state(data, SMTP_STOP); @@ -1320,7 +1315,7 @@ static CURLcode smtp_init(struct Curl_easy *data) CURLcode result = CURLE_OK; struct SMTP *smtp; - smtp = data->req.p.smtp = calloc(sizeof(struct SMTP), 1); + smtp = data->req.p.smtp = calloc(1, sizeof(struct SMTP)); if(!smtp) result = CURLE_OUT_OF_MEMORY; @@ -1362,8 +1357,7 @@ static CURLcode smtp_connect(struct Curl_easy *data, bool *done) Curl_sasl_init(&smtpc->sasl, data, &saslsmtp); /* Initialise the pingpong layer */ - Curl_pp_setup(pp); - Curl_pp_init(data, pp); + Curl_pp_init(pp); /* Parse the URL options */ result = smtp_parse_url_options(conn); @@ -1541,6 +1535,8 @@ static CURLcode smtp_perform(struct Curl_easy *data, bool *connected, static CURLcode smtp_do(struct Curl_easy *data, bool *done) { CURLcode result = CURLE_OK; + DEBUGASSERT(data); + DEBUGASSERT(data->conn); *done = FALSE; /* default to false */ /* Parse the custom request */ diff --git a/lib/socketpair.c b/lib/socketpair.c index 963e1406f..d01b25513 100644 --- a/lib/socketpair.c +++ b/lib/socketpair.c @@ -28,14 +28,11 @@ #include "rand.h" #if !defined(HAVE_SOCKETPAIR) && !defined(CURL_DISABLE_SOCKETPAIR) -#ifdef WIN32 +#ifdef _WIN32 /* * This is a socketpair() implementation for Windows. */ #include -#include -#include -#include #include #else #ifdef HAVE_NETDB_H @@ -50,7 +47,7 @@ #ifndef INADDR_LOOPBACK #define INADDR_LOOPBACK 0x7f000001 #endif /* !INADDR_LOOPBACK */ -#endif /* !WIN32 */ +#endif /* !_WIN32 */ #include "nonblock.h" /* for curlx_nonblock */ #include "timeval.h" /* needed before select.h */ @@ -87,7 +84,7 @@ int Curl_socketpair(int domain, int type, int protocol, socks[0] = socks[1] = CURL_SOCKET_BAD; -#if defined(WIN32) || defined(__CYGWIN__) +#if defined(_WIN32) || defined(__CYGWIN__) /* don't set SO_REUSEADDR on Windows */ (void)reuse; #ifdef SO_EXCLUSIVEADDRUSE diff --git a/lib/socketpair.h b/lib/socketpair.h index 306ab5dc4..bd499abbe 100644 --- a/lib/socketpair.h +++ b/lib/socketpair.h @@ -25,6 +25,23 @@ ***************************************************************************/ #include "curl_setup.h" + +#ifdef HAVE_PIPE + +#define wakeup_write write +#define wakeup_read read +#define wakeup_close close +#define wakeup_create pipe + +#else /* HAVE_PIPE */ + +#define wakeup_write swrite +#define wakeup_read sread +#define wakeup_close sclose +#define wakeup_create(p) Curl_socketpair(AF_UNIX, SOCK_STREAM, 0, p) + +#endif /* HAVE_PIPE */ + #ifndef HAVE_SOCKETPAIR #include diff --git a/lib/socks.c b/lib/socks.c index a7b5ab07e..ecd2f7eab 100644 --- a/lib/socks.c +++ b/lib/socks.c @@ -71,9 +71,18 @@ enum connect_t { CONNECT_DONE /* 17 connected fine to the remote or the SOCKS proxy */ }; +#define CURL_SOCKS_BUF_SIZE 600 + +/* make sure we configure it not too low */ +#if CURL_SOCKS_BUF_SIZE < 600 +#error CURL_SOCKS_BUF_SIZE must be at least 600 +#endif + + struct socks_state { enum connect_t state; ssize_t outstanding; /* send this many bytes more */ + unsigned char buffer[CURL_SOCKS_BUF_SIZE]; unsigned char *outp; /* send from this pointer */ const char *hostname; @@ -249,7 +258,7 @@ static CURLproxycode socks_state_recv(struct Curl_cfilter *cf, failf(data, "connection to proxy closed"); return CURLPX_CLOSED; } - failf(data, "SOCKS4: Failed receiving %s: %s", description, + failf(data, "SOCKS: Failed receiving %s: %s", description, curl_easy_strerror(result)); return failcode; } @@ -278,14 +287,11 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf, struct connectdata *conn = cf->conn; const bool protocol4a = (conn->socks_proxy.proxytype == CURLPROXY_SOCKS4A) ? TRUE : FALSE; - unsigned char *socksreq = (unsigned char *)data->state.buffer; + unsigned char *socksreq = sx->buffer; CURLcode result; CURLproxycode presult; struct Curl_dns_entry *dns = NULL; - /* make sure that the buffer is at least 600 bytes */ - DEBUGASSERT(READBUFFER_MIN >= 600); - switch(sx->state) { case CONNECT_SOCKS_INIT: /* SOCKS4 can only do IPv4, insist! */ @@ -353,9 +359,10 @@ static CURLproxycode do_SOCKS4(struct Curl_cfilter *cf, return CURLPX_OK; } } - /* FALLTHROUGH */ + FALLTHROUGH(); + case CONNECT_RESOLVED: CONNECT_RESOLVED: - case CONNECT_RESOLVED: { + { struct Curl_addrinfo *hp = NULL; /* * We cannot use 'hostent' as a struct that Curl_resolv() returns. It @@ -393,17 +400,20 @@ CONNECT_RESOLVED: if(!hp) return CURLPX_RESOLVE_HOST; } - /* FALLTHROUGH */ -CONNECT_REQ_INIT: + FALLTHROUGH(); case CONNECT_REQ_INIT: +CONNECT_REQ_INIT: /* * This is currently not supporting "Identification Protocol (RFC1413)". */ socksreq[8] = 0; /* ensure empty userid is NUL-terminated */ if(sx->proxy_user) { size_t plen = strlen(sx->proxy_user); - if(plen >= (size_t)data->set.buffer_size - 8) { - failf(data, "Too long SOCKS proxy user name, can't use"); + if(plen > 255) { + /* there is no real size limit to this field in the protocol, but + SOCKS5 limits the proxy user field to 255 bytes and it seems likely + that a longer field is either a mistake or malicious input */ + failf(data, "Too long SOCKS proxy user name"); return CURLPX_LONG_USER; } /* copy the proxy name WITH trailing zero */ @@ -426,7 +436,8 @@ CONNECT_REQ_INIT: socksreq[7] = 1; /* append hostname */ hostnamelen = strlen(sx->hostname) + 1; /* length including NUL */ - if(hostnamelen <= 255) + if((hostnamelen <= 255) && + (packetsize + hostnamelen < sizeof(sx->buffer))) strcpy((char *)socksreq + packetsize, sx->hostname); else { failf(data, "SOCKS4: too long host name"); @@ -435,10 +446,11 @@ CONNECT_REQ_INIT: packetsize += hostnamelen; } sx->outp = socksreq; + DEBUGASSERT(packetsize <= sizeof(sx->buffer)); sx->outstanding = packetsize; sxstate(sx, data, CONNECT_REQ_SENDING); } - /* FALLTHROUGH */ + FALLTHROUGH(); case CONNECT_REQ_SENDING: /* Send request */ presult = socks_state_send(cf, sx, data, CURLPX_SEND_CONNECT, @@ -454,7 +466,7 @@ CONNECT_REQ_INIT: sx->outp = socksreq; sxstate(sx, data, CONNECT_SOCKS_READ); - /* FALLTHROUGH */ + FALLTHROUGH(); case CONNECT_SOCKS_READ: /* Receive response */ presult = socks_state_recv(cf, sx, data, CURLPX_RECV_CONNECT, @@ -566,14 +578,14 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, o X'00' succeeded */ struct connectdata *conn = cf->conn; - unsigned char *socksreq = (unsigned char *)data->state.buffer; - int idx; + unsigned char *socksreq = sx->buffer; + size_t idx; CURLcode result; CURLproxycode presult; bool socks5_resolve_local = (conn->socks_proxy.proxytype == CURLPROXY_SOCKS5) ? TRUE : FALSE; const size_t hostname_len = strlen(sx->hostname); - ssize_t len = 0; + size_t len = 0; const unsigned char auth = data->set.socks5auth; bool allow_gssapi = FALSE; struct Curl_dns_entry *dns = NULL; @@ -616,6 +628,7 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, socksreq[1] = (unsigned char) (idx - 2); sx->outp = socksreq; + DEBUGASSERT(idx <= sizeof(sx->buffer)); sx->outstanding = idx; presult = socks_state_send(cf, sx, data, CURLPX_SEND_CONNECT, "initial SOCKS5 request"); @@ -636,12 +649,12 @@ static CURLproxycode do_SOCKS5(struct Curl_cfilter *cf, /* remain in sending state */ return CURLPX_OK; } - /* FALLTHROUGH */ -CONNECT_SOCKS_READ_INIT: + FALLTHROUGH(); case CONNECT_SOCKS_READ_INIT: +CONNECT_SOCKS_READ_INIT: sx->outstanding = 2; /* expect two bytes */ sx->outp = socksreq; /* store it here */ - /* FALLTHROUGH */ + FALLTHROUGH(); case CONNECT_SOCKS_READ: presult = socks_state_recv(cf, sx, data, CURLPX_RECV_CONNECT, "initial SOCKS5 response"); @@ -742,10 +755,11 @@ CONNECT_AUTH_INIT: } len += proxy_password_len; sxstate(sx, data, CONNECT_AUTH_SEND); + DEBUGASSERT(len <= sizeof(sx->buffer)); sx->outstanding = len; sx->outp = socksreq; } - /* FALLTHROUGH */ + FALLTHROUGH(); case CONNECT_AUTH_SEND: presult = socks_state_send(cf, sx, data, CURLPX_SEND_AUTH, "SOCKS5 sub-negotiation request"); @@ -758,7 +772,7 @@ CONNECT_AUTH_INIT: sx->outp = socksreq; sx->outstanding = 2; sxstate(sx, data, CONNECT_AUTH_READ); - /* FALLTHROUGH */ + FALLTHROUGH(); case CONNECT_AUTH_READ: presult = socks_state_recv(cf, sx, data, CURLPX_RECV_AUTH, "SOCKS5 sub-negotiation response"); @@ -777,9 +791,9 @@ CONNECT_AUTH_INIT: /* Everything is good so far, user was authenticated! */ sxstate(sx, data, CONNECT_REQ_INIT); - /* FALLTHROUGH */ -CONNECT_REQ_INIT: + FALLTHROUGH(); case CONNECT_REQ_INIT: +CONNECT_REQ_INIT: if(socks5_resolve_local) { enum resolve_t rc = Curl_resolv(data, sx->hostname, sx->remote_port, TRUE, &dns); @@ -816,13 +830,23 @@ CONNECT_REQ_INIT: return CURLPX_OK; } } - /* FALLTHROUGH */ + FALLTHROUGH(); + case CONNECT_RESOLVED: CONNECT_RESOLVED: - case CONNECT_RESOLVED: { - char dest[MAX_IPADR_LEN] = "unknown"; /* printable address */ + { + char dest[MAX_IPADR_LEN]; /* printable address */ struct Curl_addrinfo *hp = NULL; if(dns) hp = dns->addr; +#ifdef ENABLE_IPV6 + if(data->set.ipver != CURL_IPRESOLVE_WHATEVER) { + int wanted_family = data->set.ipver == CURL_IPRESOLVE_V4 ? + AF_INET : AF_INET6; + /* scan for the first proper address */ + while(hp && (hp->ai_family != wanted_family)) + hp = hp->ai_next; + } +#endif if(!hp) { failf(data, "Failed to resolve \"%s\" for SOCKS5 connect.", sx->hostname); @@ -910,10 +934,10 @@ CONNECT_RESOLVE_REMOTE: infof(data, "SOCKS5 connect to %s:%d (remotely resolved)", sx->hostname, sx->remote_port); } - /* FALLTHROUGH */ + FALLTHROUGH(); -CONNECT_REQ_SEND: case CONNECT_REQ_SEND: +CONNECT_REQ_SEND: /* PORT MSB */ socksreq[len++] = (unsigned char)((sx->remote_port >> 8) & 0xff); /* PORT LSB */ @@ -926,9 +950,10 @@ CONNECT_REQ_SEND: } #endif sx->outp = socksreq; + DEBUGASSERT(len <= sizeof(sx->buffer)); sx->outstanding = len; sxstate(sx, data, CONNECT_REQ_SENDING); - /* FALLTHROUGH */ + FALLTHROUGH(); case CONNECT_REQ_SENDING: presult = socks_state_send(cf, sx, data, CURLPX_SEND_REQUEST, "SOCKS5 connect request"); @@ -947,7 +972,7 @@ CONNECT_REQ_SEND: sx->outstanding = 10; /* minimum packet size is 10 */ sx->outp = socksreq; sxstate(sx, data, CONNECT_REQ_READ); - /* FALLTHROUGH */ + FALLTHROUGH(); case CONNECT_REQ_READ: presult = socks_state_recv(cf, sx, data, CURLPX_RECV_REQACK, "SOCKS5 connect request ack"); @@ -1025,6 +1050,7 @@ CONNECT_REQ_SEND: /* decrypt_gssapi_blockread already read the whole packet */ #endif if(len > 10) { + DEBUGASSERT(len <= sizeof(sx->buffer)); sx->outstanding = len - 10; /* get the rest */ sx->outp = &socksreq[10]; sxstate(sx, data, CONNECT_REQ_READ_MORE); @@ -1036,7 +1062,7 @@ CONNECT_REQ_SEND: #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) } #endif - /* FALLTHROUGH */ + FALLTHROUGH(); case CONNECT_REQ_READ_MORE: presult = socks_state_recv(cf, sx, data, CURLPX_RECV_ADDRESS, "SOCKS5 connect request address"); @@ -1119,7 +1145,7 @@ static CURLcode socks_proxy_cf_connect(struct Curl_cfilter *cf, return result; if(!sx) { - sx = calloc(sizeof(*sx), 1); + sx = calloc(1, sizeof(*sx)); if(!sx) return CURLE_OUT_OF_MEMORY; cf->ctx = sx; @@ -1157,32 +1183,29 @@ static CURLcode socks_proxy_cf_connect(struct Curl_cfilter *cf, return result; } -static int socks_cf_get_select_socks(struct Curl_cfilter *cf, +static void socks_cf_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, - curl_socket_t *socks) + struct easy_pollset *ps) { struct socks_state *sx = cf->ctx; - int fds; - fds = cf->next->cft->get_select_socks(cf->next, data, socks); - if(!fds && cf->next->connected && !cf->connected && sx) { + if(!cf->connected && sx) { /* If we are not connected, the filter below is and has nothing * to wait on, we determine what to wait for. */ - socks[0] = Curl_conn_cf_get_socket(cf, data); + curl_socket_t sock = Curl_conn_cf_get_socket(cf, data); switch(sx->state) { case CONNECT_RESOLVING: case CONNECT_SOCKS_READ: case CONNECT_AUTH_READ: case CONNECT_REQ_READ: case CONNECT_REQ_READ_MORE: - fds = GETSOCK_READSOCK(0); + Curl_pollset_set_in_only(data, ps, sock); break; default: - fds = GETSOCK_WRITESOCK(0); + Curl_pollset_set_out_only(data, ps, sock); break; } } - return fds; } static void socks_proxy_cf_close(struct Curl_cfilter *cf, @@ -1227,7 +1250,7 @@ struct Curl_cftype Curl_cft_socks_proxy = { socks_proxy_cf_connect, socks_proxy_cf_close, socks_cf_get_host, - socks_cf_get_select_socks, + socks_cf_adjust_pollset, Curl_cf_def_data_pending, Curl_cf_def_send, Curl_cf_def_recv, diff --git a/lib/socks_gssapi.c b/lib/socks_gssapi.c index 2ede8c7c2..243715055 100644 --- a/lib/socks_gssapi.c +++ b/lib/socks_gssapi.c @@ -35,6 +35,7 @@ #include "timeval.h" #include "socks.h" #include "warnless.h" +#include "strdup.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -139,10 +140,9 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, /* prepare service name */ if(strchr(serviceptr, '/')) { service.length = serviceptr_length; - service.value = malloc(service.length); + service.value = Curl_memdup(serviceptr, service.length); if(!service.value) return CURLE_OUT_OF_MEMORY; - memcpy(service.value, serviceptr, service.length); gss_major_status = gss_import_name(&gss_minor_status, &service, (gss_OID) GSS_C_NULL_OID, &server); @@ -387,12 +387,11 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, } else { gss_send_token.length = 1; - gss_send_token.value = malloc(1); + gss_send_token.value = Curl_memdup(&gss_enc, 1); if(!gss_send_token.value) { gss_delete_sec_context(&gss_status, &gss_context, NULL); return CURLE_OUT_OF_MEMORY; } - memcpy(gss_send_token.value, &gss_enc, 1); gss_major_status = gss_wrap(&gss_minor_status, gss_context, 0, GSS_C_QOP_DEFAULT, &gss_send_token, diff --git a/lib/socks_sspi.c b/lib/socks_sspi.c index d1200ea03..2baae2c2b 100644 --- a/lib/socks_sspi.c +++ b/lib/socks_sspi.c @@ -331,9 +331,15 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, failf(data, "Failed to determine user name."); return CURLE_COULDNT_CONNECT; } - infof(data, "SOCKS5 server authenticated user %s with GSS-API.", - names.sUserName); - s_pSecFn->FreeContextBuffer(names.sUserName); + else { +#ifndef CURL_DISABLE_VERBOSE_STRINGS + char *user_utf8 = curlx_convert_tchar_to_UTF8(names.sUserName); + infof(data, "SOCKS5 server authenticated user %s with GSS-API.", + (user_utf8 ? user_utf8 : "(unknown)")); + curlx_unicodefree(user_utf8); +#endif + s_pSecFn->FreeContextBuffer(names.sUserName); + } /* Do encryption */ socksreq[0] = 1; /* GSS-API subnegotiation version */ diff --git a/lib/strdup.c b/lib/strdup.c index 07a61391a..299c9cc36 100644 --- a/lib/strdup.c +++ b/lib/strdup.c @@ -26,7 +26,7 @@ #include -#ifdef WIN32 +#ifdef _WIN32 #include #endif @@ -56,7 +56,7 @@ char *Curl_strdup(const char *str) } #endif -#ifdef WIN32 +#ifdef _WIN32 /*************************************************************************** * * Curl_wcsdup(source) @@ -99,6 +99,26 @@ void *Curl_memdup(const void *src, size_t length) return buffer; } +/*************************************************************************** + * + * Curl_memdup0(source, length) + * + * Copies the 'source' string to a newly allocated buffer (that is returned). + * Copies 'length' bytes then adds a null terminator. + * + * Returns the new pointer or NULL on failure. + * + ***************************************************************************/ +void *Curl_memdup0(const char *src, size_t length) +{ + char *buf = malloc(length + 1); + if(!buf) + return NULL; + memcpy(buf, src, length); + buf[length] = 0; + return buf; +} + /*************************************************************************** * * Curl_saferealloc(ptr, size) diff --git a/lib/strdup.h b/lib/strdup.h index c3430b54d..238a2611f 100644 --- a/lib/strdup.h +++ b/lib/strdup.h @@ -28,10 +28,11 @@ #ifndef HAVE_STRDUP char *Curl_strdup(const char *str); #endif -#ifdef WIN32 +#ifdef _WIN32 wchar_t* Curl_wcsdup(const wchar_t* src); #endif void *Curl_memdup(const void *src, size_t buffer_length); void *Curl_saferealloc(void *ptr, size_t size); +void *Curl_memdup0(const char *src, size_t length); #endif /* HEADER_CURL_STRDUP_H */ diff --git a/lib/strerror.c b/lib/strerror.c index be4191414..a900e78d1 100644 --- a/lib/strerror.c +++ b/lib/strerror.c @@ -48,7 +48,7 @@ #include "curl_memory.h" #include "memdebug.h" -#if defined(WIN32) || defined(_WIN32_WCE) +#if defined(_WIN32) || defined(_WIN32_WCE) #define PRESERVE_WINDOWS_ERROR_CODE #endif @@ -319,6 +319,9 @@ curl_easy_strerror(CURLcode error) case CURLE_UNRECOVERABLE_POLL: return "Unrecoverable error in select/poll"; + case CURLE_TOO_LARGE: + return "A value or data field grew larger than allowed"; + /* error codes not used by current libcurl */ case CURLE_OBSOLETE20: case CURLE_OBSOLETE24: @@ -553,6 +556,9 @@ curl_url_strerror(CURLUcode error) case CURLUE_LACKS_IDN: return "libcurl lacks IDN support"; + case CURLUE_TOO_LARGE: + return "A value or data field is larger than allowed"; + case CURLUE_LAST: break; } @@ -572,10 +578,11 @@ curl_url_strerror(CURLUcode error) * Returns NULL if no error message was found for error code. */ static const char * -get_winsock_error (int err, char *buf, size_t len) +get_winsock_error(int err, char *buf, size_t len) { #ifndef CURL_DISABLE_VERBOSE_STRINGS const char *p; + size_t alen; #endif if(!len) @@ -755,14 +762,15 @@ get_winsock_error (int err, char *buf, size_t len) default: return NULL; } - strncpy(buf, p, len); - buf [len-1] = '\0'; + alen = strlen(p); + if(alen < len) + strcpy(buf, p); return buf; #endif } #endif /* USE_WINSOCK */ -#if defined(WIN32) || defined(_WIN32_WCE) +#if defined(_WIN32) || defined(_WIN32_WCE) /* This is a helper function for Curl_strerror that converts Windows API error * codes (GetLastError) to error messages. * Returns NULL if no error message was found for error code. @@ -804,7 +812,7 @@ get_winapi_error(int err, char *buf, size_t buflen) return (*buf ? buf : NULL); } -#endif /* WIN32 || _WIN32_WCE */ +#endif /* _WIN32 || _WIN32_WCE */ /* * Our thread-safe and smart strerror() replacement. @@ -832,32 +840,30 @@ const char *Curl_strerror(int err, char *buf, size_t buflen) #endif int old_errno = errno; char *p; - size_t max; if(!buflen) return NULL; -#ifndef WIN32 +#ifndef _WIN32 DEBUGASSERT(err >= 0); #endif - max = buflen - 1; *buf = '\0'; -#if defined(WIN32) || defined(_WIN32_WCE) -#if defined(WIN32) +#if defined(_WIN32) || defined(_WIN32_WCE) +#if defined(_WIN32) /* 'sys_nerr' is the maximum errno number, it is not widely portable */ if(err >= 0 && err < sys_nerr) - strncpy(buf, sys_errlist[err], max); + msnprintf(buf, buflen, "%s", sys_errlist[err]); else #endif { if( #ifdef USE_WINSOCK - !get_winsock_error(err, buf, max) && + !get_winsock_error(err, buf, buflen) && #endif - !get_winapi_error((DWORD)err, buf, max)) - msnprintf(buf, max, "Unknown error %d (%#x)", err, err); + !get_winapi_error((DWORD)err, buf, buflen)) + msnprintf(buf, buflen, "Unknown error %d (%#x)", err, err); } #else /* not Windows coming up */ @@ -867,9 +873,9 @@ const char *Curl_strerror(int err, char *buf, size_t buflen) * storage is supplied via 'strerrbuf' and 'buflen' to hold the generated * message string, or EINVAL if 'errnum' is not a valid error number. */ - if(0 != strerror_r(err, buf, max)) { + if(0 != strerror_r(err, buf, buflen)) { if('\0' == buf[0]) - msnprintf(buf, max, "Unknown error %d", err); + msnprintf(buf, buflen, "Unknown error %d", err); } #elif defined(HAVE_STRERROR_R) && defined(HAVE_GLIBC_STRERROR_R) /* @@ -881,25 +887,23 @@ const char *Curl_strerror(int err, char *buf, size_t buflen) char buffer[256]; char *msg = strerror_r(err, buffer, sizeof(buffer)); if(msg) - strncpy(buf, msg, max); + msnprintf(buf, buflen, "%s", msg); else - msnprintf(buf, max, "Unknown error %d", err); + msnprintf(buf, buflen, "Unknown error %d", err); } #else { /* !checksrc! disable STRERROR 1 */ const char *msg = strerror(err); if(msg) - strncpy(buf, msg, max); + msnprintf(buf, buflen, "%s", msg); else - msnprintf(buf, max, "Unknown error %d", err); + msnprintf(buf, buflen, "Unknown error %d", err); } #endif #endif /* end of not Windows */ - buf[max] = '\0'; /* make sure the string is null-terminated */ - /* strip trailing '\r\n' or '\n'. */ p = strrchr(buf, '\n'); if(p && (p - buf) >= 2) @@ -923,7 +927,7 @@ const char *Curl_strerror(int err, char *buf, size_t buflen) * Curl_winapi_strerror: * Variant of Curl_strerror if the error code is definitely Windows API. */ -#if defined(WIN32) || defined(_WIN32_WCE) +#if defined(_WIN32) || defined(_WIN32_WCE) const char *Curl_winapi_strerror(DWORD err, char *buf, size_t buflen) { #ifdef PRESERVE_WINDOWS_ERROR_CODE @@ -943,8 +947,8 @@ const char *Curl_winapi_strerror(DWORD err, char *buf, size_t buflen) #else { const char *txt = (err == ERROR_SUCCESS) ? "No error" : "Error"; - strncpy(buf, txt, buflen); - buf[buflen - 1] = '\0'; + if(strlen(txt) < buflen) + strcpy(buf, txt); } #endif @@ -958,7 +962,7 @@ const char *Curl_winapi_strerror(DWORD err, char *buf, size_t buflen) return buf; } -#endif /* WIN32 || _WIN32_WCE */ +#endif /* _WIN32 || _WIN32_WCE */ #ifdef USE_WINDOWS_SSPI /* @@ -986,6 +990,10 @@ const char *Curl_sspi_strerror(int err, char *buf, size_t buflen) break; #define SEC2TXT(sec) case sec: txt = #sec; break SEC2TXT(CRYPT_E_REVOKED); + SEC2TXT(CRYPT_E_NO_REVOCATION_DLL); + SEC2TXT(CRYPT_E_NO_REVOCATION_CHECK); + SEC2TXT(CRYPT_E_REVOCATION_OFFLINE); + SEC2TXT(CRYPT_E_NOT_IN_REVOCATION_DATABASE); SEC2TXT(SEC_E_ALGORITHM_MISMATCH); SEC2TXT(SEC_E_BAD_BINDINGS); SEC2TXT(SEC_E_BAD_PKGID); @@ -1077,17 +1085,11 @@ const char *Curl_sspi_strerror(int err, char *buf, size_t buflen) err); } else { - char txtbuf[80]; char msgbuf[256]; - - msnprintf(txtbuf, sizeof(txtbuf), "%s (0x%08X)", txt, err); - if(get_winapi_error(err, msgbuf, sizeof(msgbuf))) - msnprintf(buf, buflen, "%s - %s", txtbuf, msgbuf); - else { - strncpy(buf, txtbuf, buflen); - buf[buflen - 1] = '\0'; - } + msnprintf(buf, buflen, "%s (0x%08X) - %s", txt, err, msgbuf); + else + msnprintf(buf, buflen, "%s (0x%08X)", txt, err); } #else @@ -1095,8 +1097,8 @@ const char *Curl_sspi_strerror(int err, char *buf, size_t buflen) txt = "No error"; else txt = "Error"; - strncpy(buf, txt, buflen); - buf[buflen - 1] = '\0'; + if(buflen > strlen(txt)) + strcpy(buf, txt); #endif if(errno != old_errno) diff --git a/lib/strerror.h b/lib/strerror.h index 399712f8e..680686734 100644 --- a/lib/strerror.h +++ b/lib/strerror.h @@ -29,7 +29,7 @@ #define STRERROR_LEN 256 /* a suitable length */ const char *Curl_strerror(int err, char *buf, size_t buflen); -#if defined(WIN32) || defined(_WIN32_WCE) +#if defined(_WIN32) || defined(_WIN32_WCE) const char *Curl_winapi_strerror(DWORD err, char *buf, size_t buflen); #endif #ifdef USE_WINDOWS_SSPI diff --git a/lib/system_win32.c b/lib/system_win32.c index 0cdaf3b2f..d2862de92 100644 --- a/lib/system_win32.c +++ b/lib/system_win32.c @@ -24,7 +24,7 @@ #include "curl_setup.h" -#if defined(WIN32) +#if defined(_WIN32) #include #include "system_win32.h" @@ -38,16 +38,23 @@ LARGE_INTEGER Curl_freq; bool Curl_isVistaOrGreater; +bool Curl_isWindows8OrGreater; /* Handle of iphlpapp.dll */ static HMODULE s_hIpHlpApiDll = NULL; -/* Pointer to the if_nametoindex function */ +/* Function pointers */ IF_NAMETOINDEX_FN Curl_if_nametoindex = NULL; +FREEADDRINFOEXW_FN Curl_FreeAddrInfoExW = NULL; +GETADDRINFOEXCANCEL_FN Curl_GetAddrInfoExCancel = NULL; +GETADDRINFOEXW_FN Curl_GetAddrInfoExW = NULL; /* Curl_win32_init() performs win32 global initialization */ CURLcode Curl_win32_init(long flags) { +#ifdef USE_WINSOCK + HMODULE ws2_32Dll; +#endif /* CURL_GLOBAL_WIN32 controls the *optional* part of the initialization which is just for Winsock at the moment. Any required win32 initialization should take place after this block. */ @@ -104,6 +111,18 @@ CURLcode Curl_win32_init(long flags) Curl_if_nametoindex = pIfNameToIndex; } +#ifdef USE_WINSOCK + ws2_32Dll = GetModuleHandleA("ws2_32"); + if(ws2_32Dll) { + Curl_FreeAddrInfoExW = CURLX_FUNCTION_CAST(FREEADDRINFOEXW_FN, + GetProcAddress(ws2_32Dll, "FreeAddrInfoExW")); + Curl_GetAddrInfoExCancel = CURLX_FUNCTION_CAST(GETADDRINFOEXCANCEL_FN, + GetProcAddress(ws2_32Dll, "GetAddrInfoExCancel")); + Curl_GetAddrInfoExW = CURLX_FUNCTION_CAST(GETADDRINFOEXW_FN, + GetProcAddress(ws2_32Dll, "GetAddrInfoExW")); + } +#endif + /* curlx_verify_windows_version must be called during init at least once because it has its own initialization routine. */ if(curlx_verify_windows_version(6, 0, 0, PLATFORM_WINNT, @@ -113,6 +132,13 @@ CURLcode Curl_win32_init(long flags) else Curl_isVistaOrGreater = FALSE; + if(curlx_verify_windows_version(6, 2, 0, PLATFORM_WINNT, + VERSION_GREATER_THAN_EQUAL)) { + Curl_isWindows8OrGreater = TRUE; + } + else + Curl_isWindows8OrGreater = FALSE; + QueryPerformanceFrequency(&Curl_freq); return CURLE_OK; } @@ -120,6 +146,9 @@ CURLcode Curl_win32_init(long flags) /* Curl_win32_cleanup() is the opposite of Curl_win32_init() */ void Curl_win32_cleanup(long init_flags) { + Curl_FreeAddrInfoExW = NULL; + Curl_GetAddrInfoExCancel = NULL; + Curl_GetAddrInfoExW = NULL; if(s_hIpHlpApiDll) { FreeLibrary(s_hIpHlpApiDll); s_hIpHlpApiDll = NULL; @@ -238,4 +267,4 @@ HMODULE Curl_load_library(LPCTSTR filename) #endif } -#endif /* WIN32 */ +#endif /* _WIN32 */ diff --git a/lib/system_win32.h b/lib/system_win32.h index 6482643fa..bd490cabc 100644 --- a/lib/system_win32.h +++ b/lib/system_win32.h @@ -26,10 +26,11 @@ #include "curl_setup.h" -#if defined(WIN32) +#ifdef _WIN32 extern LARGE_INTEGER Curl_freq; extern bool Curl_isVistaOrGreater; +extern bool Curl_isWindows8OrGreater; CURLcode Curl_win32_init(long flags); void Curl_win32_cleanup(long init_flags); @@ -40,10 +41,37 @@ typedef unsigned int(WINAPI *IF_NAMETOINDEX_FN)(const char *); /* This is used instead of if_nametoindex if available on Windows */ extern IF_NAMETOINDEX_FN Curl_if_nametoindex; +/* Identical copy of addrinfoexW/ADDRINFOEXW */ +typedef struct addrinfoexW_ +{ + int ai_flags; + int ai_family; + int ai_socktype; + int ai_protocol; + size_t ai_addrlen; + PWSTR ai_canonname; + struct sockaddr *ai_addr; + void *ai_blob; + size_t ai_bloblen; + LPGUID ai_provider; + struct addrinfoexW_ *ai_next; +} ADDRINFOEXW_; + +typedef void (CALLBACK *LOOKUP_COMPLETION_FN)(DWORD, DWORD, LPWSAOVERLAPPED); +typedef void (WSAAPI *FREEADDRINFOEXW_FN)(ADDRINFOEXW_*); +typedef int (WSAAPI *GETADDRINFOEXCANCEL_FN)(LPHANDLE); +typedef int (WSAAPI *GETADDRINFOEXW_FN)(PCWSTR, PCWSTR, DWORD, LPGUID, + const ADDRINFOEXW_*, ADDRINFOEXW_**, struct timeval*, LPOVERLAPPED, + LOOKUP_COMPLETION_FN, LPHANDLE); + +extern FREEADDRINFOEXW_FN Curl_FreeAddrInfoExW; +extern GETADDRINFOEXCANCEL_FN Curl_GetAddrInfoExCancel; +extern GETADDRINFOEXW_FN Curl_GetAddrInfoExW; + /* This is used to dynamically load DLLs */ HMODULE Curl_load_library(LPCTSTR filename); -#else /* WIN32 */ +#else /* _WIN32 */ #define Curl_win32_init(x) CURLE_OK -#endif /* !WIN32 */ +#endif /* !_WIN32 */ #endif /* HEADER_CURL_SYSTEM_WIN32_H */ diff --git a/lib/telnet.c b/lib/telnet.c index 836e255c9..34dc5e806 100644 --- a/lib/telnet.c +++ b/lib/telnet.c @@ -160,6 +160,7 @@ struct TELNET { unsigned short subopt_wsy; /* Set with suboption NAWS */ TelnetReceive telrcv_state; struct curl_slist *telnet_vars; /* Environment variables */ + struct dynbuf out; /* output buffer */ /* suboptions */ unsigned char subbuffer[SUBBUFSIZE]; @@ -185,7 +186,7 @@ const struct Curl_handler Curl_handler_telnet = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ ZERO_NULL, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_TELNET, /* defport */ @@ -204,6 +205,7 @@ CURLcode init_telnet(struct Curl_easy *data) if(!tn) return CURLE_OUT_OF_MEMORY; + Curl_dyn_init(&tn->out, 0xffff); data->req.p.telnet = tn; /* make us known */ tn->telrcv_state = CURL_TS_DATA; @@ -799,8 +801,10 @@ static CURLcode check_telnet_options(struct Curl_easy *data) was given on the command line */ if(data->state.aptr.user) { char buffer[256]; - if(str_is_nonascii(data->conn->user)) + if(str_is_nonascii(data->conn->user)) { + DEBUGF(infof(data, "set a non ASCII user name in telnet")); return CURLE_BAD_FUNCTION_ARGUMENT; + } msnprintf(buffer, sizeof(buffer), "USER,%s", data->conn->user); beg = curl_slist_append(tn->telnet_vars, buffer); if(!beg) { @@ -826,23 +830,27 @@ static CURLcode check_telnet_options(struct Curl_easy *data) case 5: /* Terminal type */ if(strncasecompare(option, "TTYPE", 5)) { - strncpy(tn->subopt_ttype, arg, 31); - tn->subopt_ttype[31] = 0; /* String termination */ - tn->us_preferred[CURL_TELOPT_TTYPE] = CURL_YES; + size_t l = strlen(arg); + if(l < sizeof(tn->subopt_ttype)) { + strcpy(tn->subopt_ttype, arg); + tn->us_preferred[CURL_TELOPT_TTYPE] = CURL_YES; + break; + } } - else - result = CURLE_UNKNOWN_OPTION; + result = CURLE_UNKNOWN_OPTION; break; case 8: /* Display variable */ if(strncasecompare(option, "XDISPLOC", 8)) { - strncpy(tn->subopt_xdisploc, arg, 127); - tn->subopt_xdisploc[127] = 0; /* String termination */ - tn->us_preferred[CURL_TELOPT_XDISPLOC] = CURL_YES; + size_t l = strlen(arg); + if(l < sizeof(tn->subopt_xdisploc)) { + strcpy(tn->subopt_xdisploc, arg); + tn->us_preferred[CURL_TELOPT_XDISPLOC] = CURL_YES; + break; + } } - else - result = CURLE_UNKNOWN_OPTION; + result = CURLE_UNKNOWN_OPTION; break; case 7: @@ -1223,37 +1231,33 @@ process_iac: static CURLcode send_telnet_data(struct Curl_easy *data, char *buffer, ssize_t nread) { - ssize_t escapes, i, outlen; - unsigned char *outbuf = NULL; + ssize_t i, outlen; + unsigned char *outbuf; CURLcode result = CURLE_OK; - ssize_t bytes_written, total_written; + ssize_t bytes_written, total_written = 0; struct connectdata *conn = data->conn; + struct TELNET *tn = data->req.p.telnet; - /* Determine size of new buffer after escaping */ - escapes = 0; - for(i = 0; i < nread; i++) - if((unsigned char)buffer[i] == CURL_IAC) - escapes++; - outlen = nread + escapes; + DEBUGASSERT(tn); - if(outlen == nread) - outbuf = (unsigned char *)buffer; - else { - ssize_t j; - outbuf = malloc(nread + escapes + 1); - if(!outbuf) - return CURLE_OUT_OF_MEMORY; + if(memchr(buffer, CURL_IAC, nread)) { + /* only use the escape buffer when necessary */ + Curl_dyn_reset(&tn->out); - j = 0; - for(i = 0; i < nread; i++) { - outbuf[j++] = (unsigned char)buffer[i]; - if((unsigned char)buffer[i] == CURL_IAC) - outbuf[j++] = CURL_IAC; + for(i = 0; i < nread && !result; i++) { + result = Curl_dyn_addn(&tn->out, &buffer[i], 1); + if(!result && ((unsigned char)buffer[i] == CURL_IAC)) + /* IAC is FF in hex */ + result = Curl_dyn_addn(&tn->out, "\xff", 1); } - outbuf[j] = '\0'; - } - total_written = 0; + outlen = Curl_dyn_len(&tn->out); + outbuf = Curl_dyn_uptr(&tn->out); + } + else { + outlen = nread; + outbuf = (unsigned char *)buffer; + } while(!result && total_written < outlen) { /* Make sure socket is writable to avoid EWOULDBLOCK condition */ struct pollfd pfd[1]; @@ -1266,19 +1270,13 @@ static CURLcode send_telnet_data(struct Curl_easy *data, break; default: /* write! */ bytes_written = 0; - result = Curl_nwrite(data, FIRSTSOCKET, - outbuf + total_written, - outlen - total_written, - &bytes_written); + result = Curl_nwrite(data, FIRSTSOCKET, outbuf + total_written, + outlen - total_written, &bytes_written); total_written += bytes_written; break; } } - /* Free malloc copy if escaped */ - if(outbuf != (unsigned char *)buffer) - free(outbuf); - return result; } @@ -1294,6 +1292,7 @@ static CURLcode telnet_done(struct Curl_easy *data, curl_slist_free_all(tn->telnet_vars); tn->telnet_vars = NULL; + Curl_dyn_free(&tn->out); return CURLE_OK; } @@ -1321,7 +1320,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) ssize_t nread; struct curltime now; bool keepon = TRUE; - char *buf = data->state.buffer; + char buffer[4*1024]; struct TELNET *tn; *done = TRUE; /* unconditionally */ @@ -1378,7 +1377,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) /* Keep on listening and act on events */ while(keepon) { - const DWORD buf_size = (DWORD)data->set.buffer_size; + const DWORD buf_size = (DWORD)sizeof(buffer); DWORD waitret = WaitForMultipleObjects(obj_count, objs, FALSE, wait_timeout); switch(waitret) { @@ -1389,7 +1388,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) if(data->set.is_fread_set) { size_t n; /* read from user-supplied method */ - n = data->state.fread_func(buf, 1, buf_size, data->state.in); + n = data->state.fread_func(buffer, 1, buf_size, data->state.in); if(n == CURL_READFUNC_ABORT) { keepon = FALSE; result = CURLE_READ_ERROR; @@ -1417,7 +1416,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) if(!readfile_read) break; - if(!ReadFile(stdin_handle, buf, buf_size, + if(!ReadFile(stdin_handle, buffer, buf_size, &readfile_read, NULL)) { keepon = FALSE; result = CURLE_READ_ERROR; @@ -1425,7 +1424,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) } } - result = send_telnet_data(data, buf, readfile_read); + result = send_telnet_data(data, buffer, readfile_read); if(result) { keepon = FALSE; break; @@ -1436,14 +1435,14 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) case WAIT_OBJECT_0 + 1: { - if(!ReadFile(stdin_handle, buf, buf_size, + if(!ReadFile(stdin_handle, buffer, buf_size, &readfile_read, NULL)) { keepon = FALSE; result = CURLE_READ_ERROR; break; } - result = send_telnet_data(data, buf, readfile_read); + result = send_telnet_data(data, buffer, readfile_read); if(result) { keepon = FALSE; break; @@ -1465,7 +1464,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) } if(events.lNetworkEvents & FD_READ) { /* read data from network */ - result = Curl_read(data, sockfd, buf, data->set.buffer_size, &nread); + result = Curl_read(data, sockfd, buffer, sizeof(buffer), &nread); /* read would've blocked. Loop again */ if(result == CURLE_AGAIN) break; @@ -1481,7 +1480,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) break; } - result = telrcv(data, (unsigned char *) buf, nread); + result = telrcv(data, (unsigned char *) buffer, nread); if(result) { keepon = FALSE; break; @@ -1542,11 +1541,11 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) case 0: /* timeout */ pfd[0].revents = 0; pfd[1].revents = 0; - /* FALLTHROUGH */ + FALLTHROUGH(); default: /* read! */ if(pfd[0].revents & POLLIN) { /* read data from network */ - result = Curl_read(data, sockfd, buf, data->set.buffer_size, &nread); + result = Curl_read(data, sockfd, buffer, sizeof(buffer), &nread); /* read would've blocked. Loop again */ if(result == CURLE_AGAIN) break; @@ -1572,7 +1571,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) total_dl += nread; result = Curl_pgrsSetDownloadCounter(data, total_dl); if(!result) - result = telrcv(data, (unsigned char *)buf, nread); + result = telrcv(data, (unsigned char *)buffer, nread); if(result) { keepon = FALSE; break; @@ -1590,12 +1589,12 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) nread = 0; if(poll_cnt == 2) { if(pfd[1].revents & POLLIN) { /* read from in file */ - nread = read(pfd[1].fd, buf, data->set.buffer_size); + nread = read(pfd[1].fd, buffer, sizeof(buffer)); } } else { /* read from user-supplied method */ - nread = (int)data->state.fread_func(buf, 1, data->set.buffer_size, + nread = (int)data->state.fread_func(buffer, 1, sizeof(buffer), data->state.in); if(nread == CURL_READFUNC_ABORT) { keepon = FALSE; @@ -1606,7 +1605,7 @@ static CURLcode telnet_do(struct Curl_easy *data, bool *done) } if(nread > 0) { - result = send_telnet_data(data, buf, nread); + result = send_telnet_data(data, buffer, nread); if(result) { keepon = FALSE; break; diff --git a/lib/tftp.c b/lib/tftp.c index e78140d52..4288110da 100644 --- a/lib/tftp.c +++ b/lib/tftp.c @@ -70,8 +70,6 @@ /* RFC2348 allows the block size to be negotiated */ #define TFTP_BLKSIZE_DEFAULT 512 -#define TFTP_BLKSIZE_MIN 8 -#define TFTP_BLKSIZE_MAX 65464 #define TFTP_OPTION_BLKSIZE "blksize" /* from RFC2349: */ @@ -183,7 +181,7 @@ const struct Curl_handler Curl_handler_tftp = { ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ tftp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_TFTP, /* defport */ @@ -978,11 +976,9 @@ static CURLcode tftp_connect(struct Curl_easy *data, bool *done) return CURLE_OUT_OF_MEMORY; /* alloc pkt buffers based on specified blksize */ - if(data->set.tftp_blksize) { + if(data->set.tftp_blksize) + /* range checked when set */ blksize = (int)data->set.tftp_blksize; - if(blksize > TFTP_BLKSIZE_MAX || blksize < TFTP_BLKSIZE_MIN) - return CURLE_TFTP_ILLEGAL; - } need_blksize = blksize; /* default size is the fallback when no OACK is received */ @@ -1107,7 +1103,6 @@ static CURLcode tftp_receive_packet(struct Curl_easy *data) CURLcode result = CURLE_OK; struct connectdata *conn = data->conn; struct tftp_state_data *state = conn->proto.tftpc; - struct SingleRequest *k = &data->req; /* Receive the packet */ fromlen = sizeof(fromaddr); @@ -1141,11 +1136,6 @@ static CURLcode tftp_receive_packet(struct Curl_easy *data) result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)state->rpacket.data + 4, state->rbytes-4); - if(!result) { - k->bytecount += state->rbytes-4; - result = Curl_pgrsSetDownloadCounter(data, - (curl_off_t) k->bytecount); - } if(result) { tftp_state_machine(state, TFTP_EVENT_ERROR); return result; diff --git a/lib/tftp.h b/lib/tftp.h index 5d2d5da61..12404bf6d 100644 --- a/lib/tftp.h +++ b/lib/tftp.h @@ -25,6 +25,9 @@ ***************************************************************************/ #ifndef CURL_DISABLE_TFTP extern const struct Curl_handler Curl_handler_tftp; + +#define TFTP_BLKSIZE_MIN 8 +#define TFTP_BLKSIZE_MAX 65464 #endif #endif /* HEADER_CURL_TFTP_H */ diff --git a/lib/timediff.c b/lib/timediff.c index 1b762bbd3..d0824d144 100644 --- a/lib/timediff.c +++ b/lib/timediff.c @@ -53,7 +53,7 @@ struct timeval *curlx_mstotv(struct timeval *tv, timediff_t ms) #endif tv->tv_sec = (time_t)tv_sec; tv->tv_usec = (suseconds_t)tv_usec; -#elif defined(WIN32) /* maybe also others in the future */ +#elif defined(_WIN32) /* maybe also others in the future */ #if TIMEDIFF_T_MAX > LONG_MAX /* tv_sec overflow check on Windows there we know it is long */ if(tv_sec > LONG_MAX) diff --git a/lib/timeval.c b/lib/timeval.c index 026d9d17c..5a6727cbc 100644 --- a/lib/timeval.c +++ b/lib/timeval.c @@ -24,11 +24,10 @@ #include "timeval.h" -#if defined(WIN32) && !defined(MSDOS) +#if defined(_WIN32) -/* set in win32_init() */ -extern LARGE_INTEGER Curl_freq; -extern bool Curl_isVistaOrGreater; +#include +#include "system_win32.h" /* In case of bug fix this function has a counterpart in tool_util.c */ struct curltime Curl_now(void) diff --git a/lib/transfer.c b/lib/transfer.c index 6886764f4..3ae4b61c0 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -163,9 +163,9 @@ CURLcode Curl_fillreadbuffer(struct Curl_easy *data, size_t bytes, { size_t buffersize = bytes; size_t nread; - curl_read_callback readfunc = NULL; void *extra_data = NULL; + int eof_index = 0; #ifndef CURL_DISABLE_HTTP if(data->state.trailers_state == TRAILERS_INITIALIZED) { @@ -223,6 +223,7 @@ CURLcode Curl_fillreadbuffer(struct Curl_easy *data, size_t bytes, */ readfunc = trailers_read; extra_data = (void *)data; + eof_index = 1; } else #endif @@ -231,10 +232,15 @@ CURLcode Curl_fillreadbuffer(struct Curl_easy *data, size_t bytes, extra_data = data->state.in; } - Curl_set_in_callback(data, true); - nread = readfunc(data->req.upload_fromhere, 1, - buffersize, extra_data); - Curl_set_in_callback(data, false); + if(!data->req.fread_eof[eof_index]) { + Curl_set_in_callback(data, true); + nread = readfunc(data->req.upload_fromhere, 1, buffersize, extra_data); + Curl_set_in_callback(data, false); + /* make sure the callback is not called again after EOF */ + data->req.fread_eof[eof_index] = !nread; + } + else + nread = 0; if(nread == CURL_READFUNC_ABORT) { failf(data, "operation aborted by callback"); @@ -407,363 +413,154 @@ bool Curl_meets_timecondition(struct Curl_easy *data, time_t timeofdoc) return TRUE; } +/** + * Receive raw response data for the transfer. + * @param data the transfer + * @param buf buffer to keep response data received + * @param blen length of `buf` + * @param eos_reliable if EOS detection in underlying connection is reliable + * @param err error code in case of -1 return + * @return number of bytes read or -1 for error + */ +static ssize_t Curl_xfer_recv_resp(struct Curl_easy *data, + char *buf, size_t blen, + bool eos_reliable, + CURLcode *err) +{ + ssize_t nread; + + DEBUGASSERT(blen > 0); + /* If we are reading BODY data and the connection does NOT handle EOF + * and we know the size of the BODY data, limit the read amount */ + if(!eos_reliable && !data->req.header && data->req.size != -1) { + curl_off_t totalleft = data->req.size - data->req.bytecount; + if(totalleft <= 0) + blen = 0; + else if(totalleft < (curl_off_t)blen) + blen = (size_t)totalleft; + } + + if(!blen) { + /* want nothing - continue as if read nothing. */ + DEBUGF(infof(data, "readwrite_data: we're done")); + *err = CURLE_OK; + return 0; + } + + *err = Curl_read(data, data->conn->sockfd, buf, blen, &nread); + if(*err) + return -1; + DEBUGASSERT(nread >= 0); + *err = CURLE_OK; + return nread; +} + /* * Go ahead and do a read if we have a readable socket or if * the stream was rewound (in which case we have data in a * buffer) - * - * return '*comeback' TRUE if we didn't properly drain the socket so this - * function should get called again without select() or similar in between! */ static CURLcode readwrite_data(struct Curl_easy *data, - struct connectdata *conn, struct SingleRequest *k, - int *didwhat, bool *done, - bool *comeback) + int *didwhat, bool *done) { + struct connectdata *conn = data->conn; CURLcode result = CURLE_OK; - ssize_t nread; /* number of bytes read */ - size_t excess = 0; /* excess bytes read */ - bool readmore = FALSE; /* used by RTP to signal for more data */ - int maxloops = 100; - curl_off_t max_recv = data->set.max_recv_speed? - data->set.max_recv_speed : CURL_OFF_T_MAX; - char *buf = data->state.buffer; - bool data_eof_handled = FALSE; - DEBUGASSERT(buf); + char *buf; + size_t blen; + int maxloops = 10; + curl_off_t total_received = 0; + bool is_multiplex = FALSE; + DEBUGASSERT(data->state.buffer); *done = FALSE; - *comeback = FALSE; /* This is where we loop until we have read everything there is to read or we get a CURLE_AGAIN */ do { - bool is_empty_data = FALSE; - size_t buffersize = data->set.buffer_size; - size_t bytestoread = buffersize; - /* For HTTP/2 and HTTP/3, read data without caring about the content - length. This is safe because body in HTTP/2 is always segmented - thanks to its framing layer. Meanwhile, we have to call Curl_read - to ensure that http2_handle_stream_close is called when we read all - incoming bytes for a particular stream. */ - bool is_http3 = Curl_conn_is_http3(data, conn, FIRSTSOCKET); - data_eof_handled = is_http3 || Curl_conn_is_http2(data, conn, FIRSTSOCKET); - - if(!data_eof_handled && k->size != -1 && !k->header) { - /* make sure we don't read too much */ - curl_off_t totalleft = k->size - k->bytecount; - if(totalleft < (curl_off_t)bytestoread) - bytestoread = (size_t)totalleft; + bool is_eos = FALSE; + size_t bytestoread; + ssize_t nread; + + if(!is_multiplex) { + /* Multiplexed connection have inherent handling of EOF and we do not + * have to carefully restrict the amount we try to read. + * Multiplexed changes only in one direction. */ + is_multiplex = Curl_conn_is_multiplex(conn, FIRSTSOCKET); } - if(bytestoread) { - /* receive data from the network! */ - result = Curl_read(data, conn->sockfd, buf, bytestoread, &nread); + buf = data->state.buffer; + bytestoread = data->set.buffer_size; + + /* Observe any imposed speed limit */ + if(bytestoread && data->set.max_recv_speed) { + curl_off_t net_limit = data->set.max_recv_speed - total_received; + if(net_limit <= 0) + break; + if((size_t)net_limit < bytestoread) + bytestoread = (size_t)net_limit; + } - /* read would've blocked */ + nread = Curl_xfer_recv_resp(data, buf, bytestoread, + is_multiplex, &result); + if(nread < 0) { if(CURLE_AGAIN == result) { result = CURLE_OK; break; /* get out of loop */ } - - if(result>0) - goto out; - } - else { - /* read nothing but since we wanted nothing we consider this an OK - situation to proceed from */ - DEBUGF(infof(data, "readwrite_data: we're done")); - nread = 0; - } - - if(!k->bytecount) { - Curl_pgrsTime(data, TIMER_STARTTRANSFER); - if(k->exp100 > EXP100_SEND_DATA) - /* set time stamp to compare with when waiting for the 100 */ - k->start100 = Curl_now(); + goto out; /* real error */ } + /* We only get a 0-length read on EndOfStream */ + blen = (size_t)nread; + is_eos = (blen == 0); *didwhat |= KEEP_RECV; - /* indicates data of zero size, i.e. empty file */ - is_empty_data = ((nread == 0) && (k->bodywrites == 0)) ? TRUE : FALSE; - if(0 < nread || is_empty_data) { - buf[nread] = 0; - } - if(!nread) { + if(!blen) { /* if we receive 0 or less here, either the data transfer is done or the server closed the connection and we bail out from this! */ - if(data_eof_handled) + if(is_multiplex) DEBUGF(infof(data, "nread == 0, stream closed, bailing")); else DEBUGF(infof(data, "nread <= 0, server closed connection, bailing")); - k->keepon = 0; /* stop sending as well */ - if(!is_empty_data) - break; - } - - /* Default buffer to use when we write the buffer, it may be changed - in the flow below before the actual storing is done. */ - k->str = buf; - - if(conn->handler->readwrite) { - result = conn->handler->readwrite(data, conn, &nread, &readmore); - if(result) - goto out; - if(readmore) - break; - } - -#ifndef CURL_DISABLE_HTTP - /* Since this is a two-state thing, we check if we are parsing - headers at the moment or not. */ - if(k->header) { - /* we are in parse-the-header-mode */ - bool stop_reading = FALSE; - result = Curl_http_readwrite_headers(data, conn, &nread, &stop_reading); - if(result) - goto out; - - if(conn->handler->readwrite && - (k->maxdownload <= 0 && nread > 0)) { - result = conn->handler->readwrite(data, conn, &nread, &readmore); - if(result) - goto out; - if(readmore) - break; - } - - if(stop_reading) { - /* We've stopped dealing with input, get out of the do-while loop */ - - if(nread > 0) { - infof(data, - "Excess found:" - " excess = %zd" - " url = %s (zero-length body)", - nread, data->state.up.path); - } - + if(k->eos_written) { /* already did write this to client, leave */ + k->keepon = 0; /* stop sending as well */ break; } } -#endif /* CURL_DISABLE_HTTP */ - - - /* This is not an 'else if' since it may be a rest from the header - parsing, where the beginning of the buffer is headers and the end - is non-headers. */ - if(!k->header && (nread > 0 || is_empty_data)) { - - if(data->req.no_body) { - /* data arrives although we want none, bail out */ - streamclose(conn, "ignoring body"); - *done = TRUE; - result = CURLE_WEIRD_SERVER_REPLY; - goto out; - } - -#ifndef CURL_DISABLE_HTTP - if(0 == k->bodywrites && !is_empty_data) { - /* These checks are only made the first time we are about to - write a piece of the body */ - if(conn->handler->protocol&(PROTO_FAMILY_HTTP|CURLPROTO_RTSP)) { - /* HTTP-only checks */ - result = Curl_http_firstwrite(data, conn, done); - if(result || *done) - goto out; - } - } /* this is the first time we write a body part */ -#endif /* CURL_DISABLE_HTTP */ - - k->bodywrites++; - - /* pass data to the debug function before it gets "dechunked" */ - if(data->set.verbose) { - if(k->badheader) { - Curl_debug(data, CURLINFO_DATA_IN, - Curl_dyn_ptr(&data->state.headerb), - Curl_dyn_len(&data->state.headerb)); - if(k->badheader == HEADER_PARTHEADER) - Curl_debug(data, CURLINFO_DATA_IN, - k->str, (size_t)nread); - } - else - Curl_debug(data, CURLINFO_DATA_IN, - k->str, (size_t)nread); - } - -#ifndef CURL_DISABLE_HTTP - if(k->chunk) { - /* - * Here comes a chunked transfer flying and we need to decode this - * properly. While the name says read, this function both reads - * and writes away the data. The returned 'nread' holds the number - * of actual data it wrote to the client. - */ - CURLcode extra; - CHUNKcode res = - Curl_httpchunk_read(data, k->str, nread, &nread, &extra); - - if(CHUNKE_OK < res) { - if(CHUNKE_PASSTHRU_ERROR == res) { - failf(data, "Failed reading the chunked-encoded stream"); - result = extra; - goto out; - } - failf(data, "%s in chunked-encoding", Curl_chunked_strerror(res)); - result = CURLE_RECV_ERROR; - goto out; - } - if(CHUNKE_STOP == res) { - /* we're done reading chunks! */ - k->keepon &= ~KEEP_RECV; /* read no more */ - - /* N number of bytes at the end of the str buffer that weren't - written to the client. */ - if(conn->chunk.datasize) { - infof(data, "Leftovers after chunking: % " - CURL_FORMAT_CURL_OFF_T "u bytes", - conn->chunk.datasize); - } - } - /* If it returned OK, we just keep going */ - } -#endif /* CURL_DISABLE_HTTP */ - - /* Account for body content stored in the header buffer */ - if((k->badheader == HEADER_PARTHEADER) && !k->ignorebody) { - size_t headlen = Curl_dyn_len(&data->state.headerb); - DEBUGF(infof(data, "Increasing bytecount by %zu", headlen)); - k->bytecount += headlen; - } - - if((-1 != k->maxdownload) && - (k->bytecount + nread >= k->maxdownload)) { - - excess = (size_t)(k->bytecount + nread - k->maxdownload); - if(excess > 0 && !k->ignorebody) { - infof(data, - "Excess found in a read:" - " excess = %zu" - ", size = %" CURL_FORMAT_CURL_OFF_T - ", maxdownload = %" CURL_FORMAT_CURL_OFF_T - ", bytecount = %" CURL_FORMAT_CURL_OFF_T, - excess, k->size, k->maxdownload, k->bytecount); - connclose(conn, "excess found in a read"); - } - - nread = (ssize_t) (k->maxdownload - k->bytecount); - if(nread < 0) /* this should be unusual */ - nread = 0; - - /* HTTP/3 over QUIC should keep reading until QUIC connection - is closed. In contrast to HTTP/2 which can stop reading - from TCP connection, HTTP/3 over QUIC needs ACK from server - to ensure stream closure. It should keep reading. */ - if(!is_http3) { - k->keepon &= ~KEEP_RECV; /* we're done reading */ - } - } - - k->bytecount += nread; - max_recv -= nread; - - result = Curl_pgrsSetDownloadCounter(data, k->bytecount); - if(result) - goto out; - - if(!k->chunk && (nread || k->badheader || is_empty_data)) { - /* If this is chunky transfer, it was already written */ - - if(k->badheader && !k->ignorebody) { - /* we parsed a piece of data wrongly assuming it was a header - and now we output it as body instead */ - size_t headlen = Curl_dyn_len(&data->state.headerb); - - /* Don't let excess data pollute body writes */ - if(k->maxdownload == -1 || (curl_off_t)headlen <= k->maxdownload) - result = Curl_client_write(data, CLIENTWRITE_BODY, - Curl_dyn_ptr(&data->state.headerb), - headlen); - else - result = Curl_client_write(data, CLIENTWRITE_BODY, - Curl_dyn_ptr(&data->state.headerb), - (size_t)k->maxdownload); - - if(result) - goto out; - } - if(k->badheader < HEADER_ALLBAD) { - /* This switch handles various content encodings. If there's an - error here, be sure to check over the almost identical code - in http_chunks.c. - Make sure that ALL_CONTENT_ENCODINGS contains all the - encodings handled here. */ - if(!k->ignorebody && nread) { -#ifndef CURL_DISABLE_POP3 - if(conn->handler->protocol & PROTO_FAMILY_POP3) - result = Curl_pop3_write(data, k->str, nread); - else -#endif /* CURL_DISABLE_POP3 */ - result = Curl_client_write(data, CLIENTWRITE_BODY, k->str, - nread); - } - } - k->badheader = HEADER_NORMAL; /* taken care of now */ - - if(result) - goto out; - } - - } /* if(!header and data to read) */ - - if(conn->handler->readwrite && excess) { - /* Parse the excess data */ - k->str += nread; + total_received += blen; - if(&k->str[excess] > &buf[data->set.buffer_size]) { - /* the excess amount was too excessive(!), make sure - it doesn't read out of buffer */ - excess = &buf[data->set.buffer_size] - k->str; - } - nread = (ssize_t)excess; - - result = conn->handler->readwrite(data, conn, &nread, &readmore); - if(result) - goto out; - - if(readmore) - k->keepon |= KEEP_RECV; /* we're not done reading */ - break; - } + result = Curl_xfer_write_resp(data, buf, blen, is_eos, done); + if(result || *done) + goto out; - if(is_empty_data) { - /* if we received nothing, the server closed the connection and we - are done */ - k->keepon &= ~KEEP_RECV; + /* if we are done, we stop receiving. On multiplexed connections, + * we should read the EOS. Which may arrive as meta data after + * the bytes. Not taking it in might lead to RST of streams. */ + if((!is_multiplex && data->req.download_done) || is_eos) { + data->req.keepon &= ~KEEP_RECV; } - - if((k->keepon & KEEP_RECV_PAUSE) || !(k->keepon & KEEP_RECV)) { - /* this is a paused or stopped transfer */ + /* if we are PAUSEd or stopped receiving, leave the loop */ + if((k->keepon & KEEP_RECV_PAUSE) || !(k->keepon & KEEP_RECV)) break; - } - } while((max_recv > 0) && data_pending(data) && maxloops--); + } while(maxloops-- && data_pending(data)); - if(maxloops <= 0 || max_recv <= 0) { - /* we mark it as read-again-please */ - data->state.dselect_bits = CURL_CSELECT_IN; - *comeback = TRUE; + if(maxloops <= 0) { + /* did not read until EAGAIN, mark read-again-please */ + data->state.select_bits = CURL_CSELECT_IN; + if((k->keepon & KEEP_SENDBITS) == KEEP_SEND) + data->state.select_bits |= CURL_CSELECT_OUT; } if(((k->keepon & (KEEP_RECV|KEEP_SEND)) == KEEP_SEND) && - (conn->bits.close || data_eof_handled)) { + (conn->bits.close || is_multiplex)) { /* When we've read the entire thing and the close bit is set, the server may now close the connection. If there's now any kind of sending going on from our side, we need to stop that immediately. */ infof(data, "we are done reading and this is set to close, stop send"); k->keepon &= ~KEEP_SEND; /* no writing anymore either */ + k->keepon &= ~KEEP_SEND_PAUSE; /* no pausing anymore either */ } out: @@ -783,7 +580,7 @@ CURLcode Curl_done_sending(struct Curl_easy *data, return CURLE_OK; } -#if defined(WIN32) && defined(USE_WINSOCK) +#if defined(_WIN32) && defined(USE_WINSOCK) #ifndef SIO_IDEAL_SEND_BACKLOG_QUERY #define SIO_IDEAL_SEND_BACKLOG_QUERY 0x4004747B #endif @@ -977,7 +774,7 @@ static CURLcode readwrite_upload(struct Curl_easy *data, if(result) return result; -#if defined(WIN32) && defined(USE_WINSOCK) +#if defined(_WIN32) && defined(USE_WINSOCK) { struct curltime n = Curl_now(); if(Curl_timediff(n, k->last_sndbuf_update) > 1000) { @@ -1053,46 +850,41 @@ static int select_bits_paused(struct Curl_easy *data, int select_bits) * of our state machine are handling PAUSED transfers correctly. So, we * do not want to go there. * NOTE: we are only interested in PAUSE, not HOLD. */ - return (((select_bits & CURL_CSELECT_IN) && - (data->req.keepon & KEEP_RECV_PAUSE)) || - ((select_bits & CURL_CSELECT_OUT) && - (data->req.keepon & KEEP_SEND_PAUSE))); + + /* if there is data in a direction not paused, return false */ + if(((select_bits & CURL_CSELECT_IN) && + !(data->req.keepon & KEEP_RECV_PAUSE)) || + ((select_bits & CURL_CSELECT_OUT) && + !(data->req.keepon & KEEP_SEND_PAUSE))) + return FALSE; + + return (data->req.keepon & (KEEP_RECV_PAUSE|KEEP_SEND_PAUSE)); } /* * Curl_readwrite() is the low-level function to be called when data is to * be read and written to/from the connection. - * - * return '*comeback' TRUE if we didn't properly drain the socket so this - * function should get called again without select() or similar in between! */ -CURLcode Curl_readwrite(struct connectdata *conn, - struct Curl_easy *data, - bool *done, - bool *comeback) +CURLcode Curl_readwrite(struct Curl_easy *data, + bool *done) { + struct connectdata *conn = data->conn; struct SingleRequest *k = &data->req; CURLcode result; struct curltime now; int didwhat = 0; int select_bits; - if(data->state.dselect_bits) { - if(select_bits_paused(data, data->state.dselect_bits)) { + if(data->state.select_bits) { + if(select_bits_paused(data, data->state.select_bits)) { /* leave the bits unchanged, so they'll tell us what to do when * this transfer gets unpaused. */ - DEBUGF(infof(data, "readwrite, dselect_bits, early return on PAUSED")); + DEBUGF(infof(data, "readwrite, select_bits, early return on PAUSED")); result = CURLE_OK; goto out; } - select_bits = data->state.dselect_bits; - data->state.dselect_bits = 0; - } - else if(conn->cselect_bits) { - /* CAVEAT: adding `select_bits_paused()` check here makes test640 hang - * (among others). Which hints at strange state handling in FTP land... */ - select_bits = conn->cselect_bits; - conn->cselect_bits = 0; + select_bits = data->state.select_bits; + data->state.select_bits = 0; } else { curl_socket_t fd_read; @@ -1130,7 +922,7 @@ CURLcode Curl_readwrite(struct connectdata *conn, the stream was rewound (in which case we have data in a buffer) */ if((k->keepon & KEEP_RECV) && (select_bits & CURL_CSELECT_IN)) { - result = readwrite_data(data, conn, k, &didwhat, done, comeback); + result = readwrite_data(data, k, &didwhat, done); if(result || *done) goto out; } @@ -1226,21 +1018,6 @@ CURLcode Curl_readwrite(struct connectdata *conn, result = CURLE_PARTIAL_FILE; goto out; } - if(!(data->req.no_body) && k->chunk && - (conn->chunk.state != CHUNK_STOP)) { - /* - * In chunked mode, return an error if the connection is closed prior to - * the empty (terminating) chunk is read. - * - * The condition above used to check for - * conn->proto.http->chunk.datasize != 0 which is true after reading - * *any* chunk, not just the empty chunk. - * - */ - failf(data, "transfer closed with outstanding read data remaining"); - result = CURLE_PARTIAL_FILE; - goto out; - } if(Curl_pgrsUpdate(data)) { result = CURLE_ABORTED_BY_CALLBACK; goto out; @@ -1255,52 +1032,6 @@ out: return result; } -/* - * Curl_single_getsock() gets called by the multi interface code when the app - * has requested to get the sockets for the current connection. This function - * will then be called once for every connection that the multi interface - * keeps track of. This function will only be called for connections that are - * in the proper state to have this information available. - */ -int Curl_single_getsock(struct Curl_easy *data, - struct connectdata *conn, - curl_socket_t *sock) -{ - int bitmap = GETSOCK_BLANK; - unsigned sockindex = 0; - - if(conn->handler->perform_getsock) - return conn->handler->perform_getsock(data, conn, sock); - - /* don't include HOLD and PAUSE connections */ - if((data->req.keepon & KEEP_RECVBITS) == KEEP_RECV) { - - DEBUGASSERT(conn->sockfd != CURL_SOCKET_BAD); - - bitmap |= GETSOCK_READSOCK(sockindex); - sock[sockindex] = conn->sockfd; - } - - /* don't include HOLD and PAUSE connections */ - if((data->req.keepon & KEEP_SENDBITS) == KEEP_SEND) { - if((conn->sockfd != conn->writesockfd) || - bitmap == GETSOCK_BLANK) { - /* only if they are not the same socket and we have a readable - one, we increase index */ - if(bitmap != GETSOCK_BLANK) - sockindex++; /* increase index if we need two entries */ - - DEBUGASSERT(conn->writesockfd != CURL_SOCKET_BAD); - - sock[sockindex] = conn->writesockfd; - } - - bitmap |= GETSOCK_WRITESOCK(sockindex); - } - - return bitmap; -} - /* Curl_init_CONNECT() gets called each time the handle switches to CONNECT which means this gets called once for each subsequent redirect etc */ void Curl_init_CONNECT(struct Curl_easy *data) @@ -1430,8 +1161,7 @@ CURLcode Curl_pretransfer(struct Curl_easy *data) return CURLE_OUT_OF_MEMORY; } wc = data->wildcard; - if((wc->state < CURLWC_INIT) || - (wc->state >= CURLWC_CLEAN)) { + if(wc->state < CURLWC_INIT) { if(wc->ftpwc) wc->dtor(wc->ftpwc); Curl_safefree(wc->pattern); @@ -1635,7 +1365,7 @@ CURLcode Curl_follow(struct Curl_easy *data, return Curl_uc_to_curlcode(uc); } - p = Curl_builtin_scheme(scheme, CURL_ZERO_TERMINATED); + p = Curl_get_scheme_handler(scheme); if(p && (p->protocol != data->info.conn_protocol)) { infof(data, "Clear auth, redirects scheme from %s to %s", data->info.conn_scheme, scheme); @@ -1948,3 +1678,41 @@ Curl_setup_transfer( } /* if(k->getheader || !data->req.no_body) */ } + +CURLcode Curl_xfer_write_resp(struct Curl_easy *data, + char *buf, size_t blen, + bool is_eos, bool *done) +{ + CURLcode result = CURLE_OK; + + if(data->conn->handler->write_resp) { + /* protocol handlers offering this function take full responsibility + * for writing all received download data to the client. */ + result = data->conn->handler->write_resp(data, buf, blen, is_eos, done); + } + else { + /* No special handling by protocol handler, write all received data + * as BODY to the client. */ + if(blen || is_eos) { + int cwtype = CLIENTWRITE_BODY; + if(is_eos) + cwtype |= CLIENTWRITE_EOS; + +#ifndef CURL_DISABLE_POP3 + if(blen && data->conn->handler->protocol & PROTO_FAMILY_POP3) { + result = data->req.ignorebody? CURLE_OK : + Curl_pop3_write(data, buf, blen); + } + else +#endif /* CURL_DISABLE_POP3 */ + result = Curl_client_write(data, cwtype, buf, blen); + } + } + + if(!result && is_eos) { + /* If we wrote the EOS, we are definitely done */ + data->req.eos_written = TRUE; + data->req.download_done = TRUE; + } + return result; +} diff --git a/lib/transfer.h b/lib/transfer.h index 536ac249b..0507f1a45 100644 --- a/lib/transfer.h +++ b/lib/transfer.h @@ -45,9 +45,7 @@ typedef enum { CURLcode Curl_follow(struct Curl_easy *data, char *newurl, followtype type); -CURLcode Curl_readwrite(struct connectdata *conn, - struct Curl_easy *data, bool *done, - bool *comeback); +CURLcode Curl_readwrite(struct Curl_easy *data, bool *done); int Curl_single_getsock(struct Curl_easy *data, struct connectdata *conn, curl_socket_t *socks); CURLcode Curl_fillreadbuffer(struct Curl_easy *data, size_t bytes, @@ -59,6 +57,23 @@ CURLcode Curl_get_upload_buffer(struct Curl_easy *data); CURLcode Curl_done_sending(struct Curl_easy *data, struct SingleRequest *k); +/** + * Write the transfer raw response bytes, as received from the connection. + * Will handle all passed bytes or return an error. By default, this will + * write the bytes as BODY to the client. Protocols may provide a + * "write_resp" callback in their handler to add specific treatment. E.g. + * HTTP parses response headers and passes them differently to the client. + * @param data the transfer + * @param buf the raw response bytes + * @param blen the amount of bytes in `buf` + * @param is_eos TRUE iff the connection indicates this to be the last + * bytes of the response + * @param done on returnm, TRUE iff the response is complete + */ +CURLcode Curl_xfer_write_resp(struct Curl_easy *data, + char *buf, size_t blen, + bool is_eos, bool *done); + /* This sets up a forthcoming transfer */ void Curl_setup_transfer (struct Curl_easy *data, diff --git a/lib/url.c b/lib/url.c index 61dad442d..36395a155 100644 --- a/lib/url.c +++ b/lib/url.c @@ -168,130 +168,6 @@ static curl_prot_t get_protocol_family(const struct Curl_handler *h) return h->family; } - -/* - * Protocol table. Schemes (roughly) in 2019 popularity order: - * - * HTTPS, HTTP, FTP, FTPS, SFTP, FILE, SCP, SMTP, LDAP, IMAPS, TELNET, IMAP, - * LDAPS, SMTPS, TFTP, SMB, POP3, GOPHER POP3S, RTSP, RTMP, SMBS, DICT - */ -static const struct Curl_handler * const protocols[] = { - -#if defined(USE_SSL) && !defined(CURL_DISABLE_HTTP) - &Curl_handler_https, -#endif - -#ifndef CURL_DISABLE_HTTP - &Curl_handler_http, -#endif - -#ifdef USE_WEBSOCKETS -#if defined(USE_SSL) && !defined(CURL_DISABLE_HTTP) - &Curl_handler_wss, -#endif - -#ifndef CURL_DISABLE_HTTP - &Curl_handler_ws, -#endif -#endif - -#ifndef CURL_DISABLE_FTP - &Curl_handler_ftp, -#endif - -#if defined(USE_SSL) && !defined(CURL_DISABLE_FTP) - &Curl_handler_ftps, -#endif - -#if defined(USE_SSH) - &Curl_handler_sftp, -#endif - -#ifndef CURL_DISABLE_FILE - &Curl_handler_file, -#endif - -#if defined(USE_SSH) && !defined(USE_WOLFSSH) - &Curl_handler_scp, -#endif - -#ifndef CURL_DISABLE_SMTP - &Curl_handler_smtp, -#ifdef USE_SSL - &Curl_handler_smtps, -#endif -#endif - -#ifndef CURL_DISABLE_LDAP - &Curl_handler_ldap, -#if !defined(CURL_DISABLE_LDAPS) && \ - ((defined(USE_OPENLDAP) && defined(USE_SSL)) || \ - (!defined(USE_OPENLDAP) && defined(HAVE_LDAP_SSL))) - &Curl_handler_ldaps, -#endif -#endif - -#ifndef CURL_DISABLE_IMAP - &Curl_handler_imap, -#ifdef USE_SSL - &Curl_handler_imaps, -#endif -#endif - -#ifndef CURL_DISABLE_TELNET - &Curl_handler_telnet, -#endif - -#ifndef CURL_DISABLE_TFTP - &Curl_handler_tftp, -#endif - -#ifndef CURL_DISABLE_POP3 - &Curl_handler_pop3, -#ifdef USE_SSL - &Curl_handler_pop3s, -#endif -#endif - -#if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE) && \ - (SIZEOF_CURL_OFF_T > 4) - &Curl_handler_smb, -#ifdef USE_SSL - &Curl_handler_smbs, -#endif -#endif - -#ifndef CURL_DISABLE_RTSP - &Curl_handler_rtsp, -#endif - -#ifndef CURL_DISABLE_MQTT - &Curl_handler_mqtt, -#endif - -#ifndef CURL_DISABLE_GOPHER - &Curl_handler_gopher, -#ifdef USE_SSL - &Curl_handler_gophers, -#endif -#endif - -#ifdef USE_LIBRTMP - &Curl_handler_rtmp, - &Curl_handler_rtmpt, - &Curl_handler_rtmpe, - &Curl_handler_rtmpte, - &Curl_handler_rtmps, - &Curl_handler_rtmpts, -#endif - -#ifndef CURL_DISABLE_DICT - &Curl_handler_dict, -#endif - - (struct Curl_handler *) NULL -}; - void Curl_freeset(struct Curl_easy *data) { /* Free all dynamic strings stored in the data->set substructure. */ @@ -320,8 +196,8 @@ void Curl_freeset(struct Curl_easy *data) Curl_mime_cleanpart(&data->set.mimepost); #ifndef CURL_DISABLE_COOKIES - curl_slist_free_all(data->set.cookielist); - data->set.cookielist = NULL; + curl_slist_free_all(data->state.cookielist); + data->state.cookielist = NULL; #endif } @@ -363,16 +239,18 @@ CURLcode Curl_close(struct Curl_easy **datap) /* Detach connection if any is left. This should not be normal, but can be the case for example with CONNECT_ONLY + recv/send (test 556) */ Curl_detach_connection(data); - if(data->multi) - /* This handle is still part of a multi handle, take care of this first - and detach this handle from there. */ - curl_multi_remove_handle(data->multi, data); + if(!data->state.internal) { + if(data->multi) + /* This handle is still part of a multi handle, take care of this first + and detach this handle from there. */ + curl_multi_remove_handle(data->multi, data); - if(data->multi_easy) { - /* when curl_easy_perform() is used, it creates its own multi handle to - use and this is the one */ - curl_multi_cleanup(data->multi_easy); - data->multi_easy = NULL; + if(data->multi_easy) { + /* when curl_easy_perform() is used, it creates its own multi handle to + use and this is the one */ + curl_multi_cleanup(data->multi_easy); + data->multi_easy = NULL; + } } data->magic = 0; /* force a clear AFTER the possibly enforced removal from @@ -412,7 +290,7 @@ CURLcode Curl_close(struct Curl_easy **datap) #ifndef CURL_DISABLE_HSTS if(!data->share || !data->share->hsts) Curl_hsts_cleanup(&data->hsts); - curl_slist_free_all(data->set.hstslist); /* clean up list */ + curl_slist_free_all(data->state.hstslist); /* clean up list */ #endif #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_DIGEST_AUTH) Curl_http_auth_cleanup_digest(data); @@ -457,8 +335,8 @@ CURLcode Curl_close(struct Curl_easy **datap) } #endif - Curl_mime_cleanpart(data->state.formp); #ifndef CURL_DISABLE_HTTP + Curl_mime_cleanpart(data->state.formp); Curl_safefree(data->state.formp); #endif @@ -530,26 +408,16 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) Curl_mime_initpart(&set->mimepost); - /* - * libcurl 7.10 introduced SSL verification *by default*! This needs to be - * switched off unless wanted. - */ + Curl_ssl_easy_config_init(data); #ifndef CURL_DISABLE_DOH set->doh_verifyhost = TRUE; set->doh_verifypeer = TRUE; #endif - set->ssl.primary.verifypeer = TRUE; - set->ssl.primary.verifyhost = TRUE; #ifdef USE_SSH /* defaults to any auth type */ set->ssh_auth_types = CURLSSH_AUTH_DEFAULT; set->new_directory_perms = 0755; /* Default permissions */ #endif - set->ssl.primary.sessionid = TRUE; /* session ID caching enabled by - default */ -#ifndef CURL_DISABLE_PROXY - set->proxy_ssl = set->ssl; -#endif set->new_file_perms = 0644; /* Default permissions */ set->allowed_protocols = (curl_prot_t) CURLPROTO_ALL; @@ -566,11 +434,13 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) /* Set the default CA cert bundle/path detected/specified at build time. * - * If Schannel is the selected SSL backend then these locations are - * ignored. We allow setting CA location for schannel only when explicitly - * specified by the user via CURLOPT_CAINFO / --cacert. + * If Schannel or SecureTransport is the selected SSL backend then these + * locations are ignored. We allow setting CA location for schannel and + * securetransport when explicitly specified by the user via + * CURLOPT_CAINFO / --cacert. */ - if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL) { + if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL && + Curl_ssl_backend() != CURLSSLBACKEND_SECURETRANSPORT) { #if defined(CURL_CA_BUNDLE) result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], CURL_CA_BUNDLE); if(result) @@ -718,22 +588,18 @@ static void conn_free(struct Curl_easy *data, struct connectdata *conn) Curl_safefree(conn->socks_proxy.passwd); Curl_safefree(conn->http_proxy.host.rawalloc); /* http proxy name buffer */ Curl_safefree(conn->socks_proxy.host.rawalloc); /* socks proxy name buffer */ - Curl_free_primary_ssl_config(&conn->proxy_ssl_config); #endif Curl_safefree(conn->user); Curl_safefree(conn->passwd); Curl_safefree(conn->sasl_authzid); Curl_safefree(conn->options); Curl_safefree(conn->oauth_bearer); -#ifndef CURL_DISABLE_HTTP - Curl_dyn_free(&conn->trailer); -#endif Curl_safefree(conn->host.rawalloc); /* host name buffer */ Curl_safefree(conn->conn_to_host.rawalloc); /* host name buffer */ Curl_safefree(conn->hostname_resolve); Curl_safefree(conn->secondaryhostname); Curl_safefree(conn->localdev); - Curl_free_primary_ssl_config(&conn->ssl_config); + Curl_ssl_conn_config_cleanup(conn); #ifdef USE_UNIX_SOCKETS Curl_safefree(conn->unix_domain_socket); @@ -1059,11 +925,11 @@ ConnectionExists(struct Curl_easy *data, bool *force_reuse, bool *waitpipe) { - struct connectdata *check; - struct connectdata *chosen = 0; + struct connectdata *chosen = NULL; bool foundPendingCandidate = FALSE; - bool canmultiplex = IsMultiplexingPossible(data, needle); + bool canmultiplex = FALSE; struct connectbundle *bundle; + struct Curl_llist_element *curr; #ifdef USE_NTLM bool wantNTLMhttp = ((data->state.authhost.want & @@ -1082,395 +948,368 @@ ConnectionExists(struct Curl_easy *data, bool h2upgrade = (data->state.httpwant == CURL_HTTP_VERSION_2_0) && (needle->handler->protocol & CURLPROTO_HTTP); + *usethis = NULL; *force_reuse = FALSE; *waitpipe = FALSE; /* Look up the bundle with all the connections to this particular host. Locks the connection cache, beware of early returns! */ bundle = Curl_conncache_find_bundle(data, needle, data->state.conn_cache); - if(bundle) { - /* Max pipe length is zero (unlimited) for multiplexed connections */ - struct Curl_llist_element *curr; - - infof(data, "Found bundle for host: %p [%s]", - (void *)bundle, (bundle->multiuse == BUNDLE_MULTIPLEX ? - "can multiplex" : "serially")); - - /* We can't multiplex if we don't know anything about the server */ - if(canmultiplex) { - if(bundle->multiuse == BUNDLE_UNKNOWN) { - if(data->set.pipewait) { - infof(data, "Server doesn't support multiplex yet, wait"); - *waitpipe = TRUE; - CONNCACHE_UNLOCK(data); - return FALSE; /* no reuse */ - } - - infof(data, "Server doesn't support multiplex (yet)"); - canmultiplex = FALSE; + if(!bundle) { + CONNCACHE_UNLOCK(data); + return FALSE; + } + infof(data, "Found bundle for host: %p [%s]", + (void *)bundle, (bundle->multiuse == BUNDLE_MULTIPLEX ? + "can multiplex" : "serially")); + + /* We can only multiplex iff the transfer allows it AND we know + * that the server we want to talk to supports it as well. */ + canmultiplex = FALSE; + if(IsMultiplexingPossible(data, needle)) { + if(bundle->multiuse == BUNDLE_UNKNOWN) { + if(data->set.pipewait) { + infof(data, "Server doesn't support multiplex yet, wait"); + *waitpipe = TRUE; + CONNCACHE_UNLOCK(data); + return FALSE; /* no reuse */ } - if((bundle->multiuse == BUNDLE_MULTIPLEX) && - !Curl_multiplex_wanted(data->multi)) { + infof(data, "Server doesn't support multiplex (yet)"); + } + else if(bundle->multiuse == BUNDLE_MULTIPLEX) { + if(Curl_multiplex_wanted(data->multi)) + canmultiplex = TRUE; + else infof(data, "Could multiplex, but not asked to"); - canmultiplex = FALSE; - } - if(bundle->multiuse == BUNDLE_NO_MULTIUSE) { - infof(data, "Can not multiplex, even if we wanted to"); - canmultiplex = FALSE; - } } + else if(bundle->multiuse == BUNDLE_NO_MULTIUSE) { + infof(data, "Can not multiplex, even if we wanted to"); + } + } - curr = bundle->conn_list.head; - while(curr) { - bool match = FALSE; - size_t multiplexed = 0; + curr = bundle->conn_list.head; + while(curr) { + struct connectdata *check = curr->ptr; + /* Get next node now. We might remove a dead `check` connection which + * would invalidate `curr` as well. */ + curr = curr->next; - /* - * Note that if we use an HTTP proxy in normal mode (no tunneling), we - * check connections to that proxy and not to the actual remote server. - */ - check = curr->ptr; - curr = curr->next; + /* Note that if we use an HTTP proxy in normal mode (no tunneling), we + * check connections to that proxy and not to the actual remote server. + */ + if(check->connect_only || check->bits.close) + /* connect-only or to-be-closed connections will not be reused */ + continue; - if(check->connect_only || check->bits.close) - /* connect-only or to-be-closed connections will not be reused */ - continue; + if(data->set.ipver != CURL_IPRESOLVE_WHATEVER + && data->set.ipver != check->ip_version) { + /* skip because the connection is not via the requested IP version */ + continue; + } - if(extract_if_dead(check, data)) { - /* disconnect it */ - Curl_disconnect(data, check, TRUE); + if(!canmultiplex) { + if(Curl_resolver_asynch() && + /* primary_ip[0] is NUL only if the resolving of the name hasn't + completed yet and until then we don't reuse this connection */ + !check->primary_ip[0]) continue; - } + } - if(data->set.ipver != CURL_IPRESOLVE_WHATEVER - && data->set.ipver != check->ip_version) { - /* skip because the connection is not via the requested IP version */ + if(CONN_INUSE(check)) { + if(!canmultiplex) { + /* transfer can't be multiplexed and check is in use */ continue; } - - if(bundle->multiuse == BUNDLE_MULTIPLEX) - multiplexed = CONN_INUSE(check); - - if(!canmultiplex) { - if(multiplexed) { - /* can only happen within multi handles, and means that another easy - handle is using this connection */ - continue; - } - - if(Curl_resolver_asynch() && - /* primary_ip[0] is NUL only if the resolving of the name hasn't - completed yet and until then we don't reuse this connection */ - !check->primary_ip[0]) + else { + /* Could multiplex, but not when check belongs to another multi */ + struct Curl_llist_element *e = check->easyq.head; + struct Curl_easy *entry = e->ptr; + if(entry->multi != data->multi) continue; } + } - if(!Curl_conn_is_connected(check, FIRSTSOCKET)) { - foundPendingCandidate = TRUE; - /* Don't pick a connection that hasn't connected yet */ - infof(data, "Connection #%" CURL_FORMAT_CURL_OFF_T - " isn't open enough, can't reuse", check->connection_id); - continue; - } + if(!Curl_conn_is_connected(check, FIRSTSOCKET)) { + foundPendingCandidate = TRUE; + /* Don't pick a connection that hasn't connected yet */ + infof(data, "Connection #%" CURL_FORMAT_CURL_OFF_T + " isn't open enough, can't reuse", check->connection_id); + continue; + } + + /* `check` is connected. if it is in use and does not support multiplex, + * we cannot use it. */ + if(!check->bits.multiplex && CONN_INUSE(check)) + continue; #ifdef USE_UNIX_SOCKETS - if(needle->unix_domain_socket) { - if(!check->unix_domain_socket) - continue; - if(strcmp(needle->unix_domain_socket, check->unix_domain_socket)) - continue; - if(needle->bits.abstract_unix_socket != - check->bits.abstract_unix_socket) - continue; - } - else if(check->unix_domain_socket) + if(needle->unix_domain_socket) { + if(!check->unix_domain_socket) continue; -#endif - - if((needle->handler->flags&PROTOPT_SSL) != - (check->handler->flags&PROTOPT_SSL)) - /* don't do mixed SSL and non-SSL connections */ - if(get_protocol_family(check->handler) != - needle->handler->protocol || !check->bits.tls_upgraded) - /* except protocols that have been upgraded via TLS */ - continue; - -#ifndef CURL_DISABLE_PROXY - if(needle->bits.httpproxy != check->bits.httpproxy || - needle->bits.socksproxy != check->bits.socksproxy) + if(strcmp(needle->unix_domain_socket, check->unix_domain_socket)) continue; - - if(needle->bits.socksproxy && - !socks_proxy_info_matches(&needle->socks_proxy, - &check->socks_proxy)) + if(needle->bits.abstract_unix_socket != + check->bits.abstract_unix_socket) continue; + } + else if(check->unix_domain_socket) + continue; #endif - if(needle->bits.conn_to_host != check->bits.conn_to_host) - /* don't mix connections that use the "connect to host" feature and - * connections that don't use this feature */ - continue; - if(needle->bits.conn_to_port != check->bits.conn_to_port) - /* don't mix connections that use the "connect to port" feature and - * connections that don't use this feature */ + if((needle->handler->flags&PROTOPT_SSL) != + (check->handler->flags&PROTOPT_SSL)) + /* don't do mixed SSL and non-SSL connections */ + if(get_protocol_family(check->handler) != + needle->handler->protocol || !check->bits.tls_upgraded) + /* except protocols that have been upgraded via TLS */ continue; -#ifndef CURL_DISABLE_PROXY - if(needle->bits.httpproxy) { - if(!proxy_info_matches(&needle->http_proxy, &check->http_proxy)) - continue; + if(needle->bits.conn_to_host != check->bits.conn_to_host) + /* don't mix connections that use the "connect to host" feature and + * connections that don't use this feature */ + continue; - if(needle->bits.tunnel_proxy != check->bits.tunnel_proxy) - continue; + if(needle->bits.conn_to_port != check->bits.conn_to_port) + /* don't mix connections that use the "connect to port" feature and + * connections that don't use this feature */ + continue; - if(IS_HTTPS_PROXY(needle->http_proxy.proxytype)) { - /* use https proxy */ - if(needle->http_proxy.proxytype != - check->http_proxy.proxytype) - continue; - else if(needle->handler->flags&PROTOPT_SSL) { - /* use double layer ssl */ - if(!Curl_ssl_config_matches(&needle->proxy_ssl_config, - &check->proxy_ssl_config)) - continue; - } - else if(!Curl_ssl_config_matches(&needle->ssl_config, - &check->ssl_config)) - continue; - } - } -#endif +#ifndef CURL_DISABLE_PROXY + if(needle->bits.httpproxy != check->bits.httpproxy || + needle->bits.socksproxy != check->bits.socksproxy) + continue; - if(h2upgrade && !check->httpversion && canmultiplex) { - if(data->set.pipewait) { - infof(data, "Server upgrade doesn't support multiplex yet, wait"); - *waitpipe = TRUE; - CONNCACHE_UNLOCK(data); - return FALSE; /* no reuse */ - } - infof(data, "Server upgrade cannot be used"); - continue; /* can't be used atm */ - } + if(needle->bits.socksproxy && + !socks_proxy_info_matches(&needle->socks_proxy, + &check->socks_proxy)) + continue; - if(!canmultiplex && CONN_INUSE(check)) - /* this request can't be multiplexed but the checked connection is - already in use so we skip it */ + if(needle->bits.httpproxy) { + if(needle->bits.tunnel_proxy != check->bits.tunnel_proxy) continue; - if(CONN_INUSE(check)) { - /* Subject for multiplex use if 'checks' belongs to the same multi - handle as 'data' is. */ - struct Curl_llist_element *e = check->easyq.head; - struct Curl_easy *entry = e->ptr; - if(entry->multi != data->multi) - continue; - } + if(!proxy_info_matches(&needle->http_proxy, &check->http_proxy)) + continue; - if(needle->localdev || needle->localport) { - /* If we are bound to a specific local end (IP+port), we must not - reuse a random other one, although if we didn't ask for a - particular one we can reuse one that was bound. - - This comparison is a bit rough and too strict. Since the input - parameters can be specified in numerous ways and still end up the - same it would take a lot of processing to make it really accurate. - Instead, this matching will assume that reuses of bound connections - will most likely also reuse the exact same binding parameters and - missing out a few edge cases shouldn't hurt anyone very much. - */ - if((check->localport != needle->localport) || - (check->localportrange != needle->localportrange) || - (needle->localdev && - (!check->localdev || strcmp(check->localdev, needle->localdev)))) + if(IS_HTTPS_PROXY(needle->http_proxy.proxytype)) { + /* https proxies come in different types, http/1.1, h2, ... */ + if(needle->http_proxy.proxytype != check->http_proxy.proxytype) continue; - } - - if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) { - /* This protocol requires credentials per connection, - so verify that we're using the same name and password as well */ - if(Curl_timestrcmp(needle->user, check->user) || - Curl_timestrcmp(needle->passwd, check->passwd) || - Curl_timestrcmp(needle->sasl_authzid, check->sasl_authzid) || - Curl_timestrcmp(needle->oauth_bearer, check->oauth_bearer)) { - /* one of them was different */ + /* match SSL config to proxy */ + if(!Curl_ssl_conn_config_match(data, check, TRUE)) { + DEBUGF(infof(data, + "Connection #%" CURL_FORMAT_CURL_OFF_T + " has different SSL proxy parameters, can't reuse", + check->connection_id)); continue; } + /* the SSL config to the server, which may apply here is checked + * further below */ } + } +#endif - /* GSS delegation differences do not actually affect every connection - and auth method, but this check takes precaution before efficiency */ - if(needle->gssapi_delegation != check->gssapi_delegation) + if(h2upgrade && !check->httpversion && canmultiplex) { + if(data->set.pipewait) { + infof(data, "Server upgrade doesn't support multiplex yet, wait"); + *waitpipe = TRUE; + CONNCACHE_UNLOCK(data); + return FALSE; /* no reuse */ + } + infof(data, "Server upgrade cannot be used"); + continue; /* can't be used atm */ + } + + if(needle->localdev || needle->localport) { + /* If we are bound to a specific local end (IP+port), we must not + reuse a random other one, although if we didn't ask for a + particular one we can reuse one that was bound. + + This comparison is a bit rough and too strict. Since the input + parameters can be specified in numerous ways and still end up the + same it would take a lot of processing to make it really accurate. + Instead, this matching will assume that reuses of bound connections + will most likely also reuse the exact same binding parameters and + missing out a few edge cases shouldn't hurt anyone very much. + */ + if((check->localport != needle->localport) || + (check->localportrange != needle->localportrange) || + (needle->localdev && + (!check->localdev || strcmp(check->localdev, needle->localdev)))) continue; + } - /* If multiplexing isn't enabled on the h2 connection and h1 is - explicitly requested, handle it: */ - if((needle->handler->protocol & PROTO_FAMILY_HTTP) && - (((check->httpversion >= 20) && - (data->state.httpwant < CURL_HTTP_VERSION_2_0)) - || ((check->httpversion >= 30) && - (data->state.httpwant < CURL_HTTP_VERSION_3)))) + if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) { + /* This protocol requires credentials per connection, + so verify that we're using the same name and password as well */ + if(Curl_timestrcmp(needle->user, check->user) || + Curl_timestrcmp(needle->passwd, check->passwd) || + Curl_timestrcmp(needle->sasl_authzid, check->sasl_authzid) || + Curl_timestrcmp(needle->oauth_bearer, check->oauth_bearer)) { + /* one of them was different */ continue; -#ifdef USE_SSH - else if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) { - if(!ssh_config_matches(needle, check)) - continue; } + } + + /* GSS delegation differences do not actually affect every connection + and auth method, but this check takes precaution before efficiency */ + if(needle->gssapi_delegation != check->gssapi_delegation) + continue; + + /* If looking for HTTP and the HTTP version we want is less + * than the HTTP version of the check connection, continue looking */ + if((needle->handler->protocol & PROTO_FAMILY_HTTP) && + (((check->httpversion >= 20) && + (data->state.httpwant < CURL_HTTP_VERSION_2_0)) + || ((check->httpversion >= 30) && + (data->state.httpwant < CURL_HTTP_VERSION_3)))) + continue; +#ifdef USE_SSH + else if(get_protocol_family(needle->handler) & PROTO_FAMILY_SSH) { + if(!ssh_config_matches(needle, check)) + continue; + } #endif #ifndef CURL_DISABLE_FTP - else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) { - /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */ - if(Curl_timestrcmp(needle->proto.ftpc.account, - check->proto.ftpc.account) || - Curl_timestrcmp(needle->proto.ftpc.alternative_to_user, - check->proto.ftpc.alternative_to_user) || - (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) || - (needle->proto.ftpc.ccc != check->proto.ftpc.ccc)) - continue; - } + else if(get_protocol_family(needle->handler) & PROTO_FAMILY_FTP) { + /* Also match ACCOUNT, ALTERNATIVE-TO-USER, USE_SSL and CCC options */ + if(Curl_timestrcmp(needle->proto.ftpc.account, + check->proto.ftpc.account) || + Curl_timestrcmp(needle->proto.ftpc.alternative_to_user, + check->proto.ftpc.alternative_to_user) || + (needle->proto.ftpc.use_ssl != check->proto.ftpc.use_ssl) || + (needle->proto.ftpc.ccc != check->proto.ftpc.ccc)) + continue; + } #endif - if((needle->handler->flags&PROTOPT_SSL) + /* Additional match requirements if talking TLS OR + * not talking to a HTTP proxy OR using a tunnel through a proxy */ + if((needle->handler->flags&PROTOPT_SSL) #ifndef CURL_DISABLE_PROXY - || !needle->bits.httpproxy || needle->bits.tunnel_proxy -#endif - ) { - /* The requested connection does not use an HTTP proxy or it uses SSL - or it is a non-SSL protocol tunneled or it is a non-SSL protocol - which is allowed to be upgraded via TLS */ - - if((strcasecompare(needle->handler->scheme, check->handler->scheme) || - (get_protocol_family(check->handler) == - needle->handler->protocol && check->bits.tls_upgraded)) && - (!needle->bits.conn_to_host || strcasecompare( - needle->conn_to_host.name, check->conn_to_host.name)) && - (!needle->bits.conn_to_port || - needle->conn_to_port == check->conn_to_port) && - strcasecompare(needle->host.name, check->host.name) && - needle->remote_port == check->remote_port) { - /* The schemes match or the protocol family is the same and the - previous connection was TLS upgraded, and the hostname and host - port match */ - if(needle->handler->flags & PROTOPT_SSL) { - /* This is a SSL connection so verify that we're using the same - SSL options as well */ - if(!Curl_ssl_config_matches(&needle->ssl_config, - &check->ssl_config)) { - DEBUGF(infof(data, - "Connection #%" CURL_FORMAT_CURL_OFF_T - " has different SSL parameters, can't reuse", - check->connection_id)); - continue; - } - } - match = TRUE; - } - } - else { - /* The requested connection is using the same HTTP proxy in normal - mode (no tunneling) */ - match = TRUE; + || !needle->bits.httpproxy || needle->bits.tunnel_proxy +#endif + ) { + /* Talking the same protocol scheme or a TLS upgraded protocol in the + * same protocol family? */ + if(!strcasecompare(needle->handler->scheme, check->handler->scheme) && + (get_protocol_family(check->handler) != + needle->handler->protocol || !check->bits.tls_upgraded)) + continue; + + /* If needle has "conn_to_*" set, check must match this */ + if((needle->bits.conn_to_host && !strcasecompare( + needle->conn_to_host.name, check->conn_to_host.name)) || + (needle->bits.conn_to_port && + needle->conn_to_port != check->conn_to_port)) + continue; + + /* hostname and port must match */ + if(!strcasecompare(needle->host.name, check->host.name) || + needle->remote_port != check->remote_port) + continue; + + /* If talking TLS, check needs to use the same SSL options. */ + if((needle->handler->flags & PROTOPT_SSL) && + !Curl_ssl_conn_config_match(data, check, FALSE)) { + DEBUGF(infof(data, + "Connection #%" CURL_FORMAT_CURL_OFF_T + " has different SSL parameters, can't reuse", + check->connection_id)); + continue; } + } - if(match) { #if defined(USE_NTLM) - /* If we are looking for an HTTP+NTLM connection, check if this is - already authenticating with the right credentials. If not, keep - looking so that we can reuse NTLM connections if - possible. (Especially we must not reuse the same connection if - partway through a handshake!) */ - if(wantNTLMhttp) { - if(Curl_timestrcmp(needle->user, check->user) || - Curl_timestrcmp(needle->passwd, check->passwd)) { - - /* we prefer a credential match, but this is at least a connection - that can be reused and "upgraded" to NTLM */ - if(check->http_ntlm_state == NTLMSTATE_NONE) - chosen = check; - continue; - } - } - else if(check->http_ntlm_state != NTLMSTATE_NONE) { - /* Connection is using NTLM auth but we don't want NTLM */ - continue; - } - -#ifndef CURL_DISABLE_PROXY - /* Same for Proxy NTLM authentication */ - if(wantProxyNTLMhttp) { - /* Both check->http_proxy.user and check->http_proxy.passwd can be - * NULL */ - if(!check->http_proxy.user || !check->http_proxy.passwd) - continue; - - if(Curl_timestrcmp(needle->http_proxy.user, - check->http_proxy.user) || - Curl_timestrcmp(needle->http_proxy.passwd, - check->http_proxy.passwd)) - continue; - } - else if(check->proxy_ntlm_state != NTLMSTATE_NONE) { - /* Proxy connection is using NTLM auth but we don't want NTLM */ - continue; - } -#endif - if(wantNTLMhttp || wantProxyNTLMhttp) { - /* Credentials are already checked, we can use this connection */ + /* If we are looking for an HTTP+NTLM connection, check if this is + already authenticating with the right credentials. If not, keep + looking so that we can reuse NTLM connections if + possible. (Especially we must not reuse the same connection if + partway through a handshake!) */ + if(wantNTLMhttp) { + if(Curl_timestrcmp(needle->user, check->user) || + Curl_timestrcmp(needle->passwd, check->passwd)) { + + /* we prefer a credential match, but this is at least a connection + that can be reused and "upgraded" to NTLM */ + if(check->http_ntlm_state == NTLMSTATE_NONE) chosen = check; + continue; + } + } + else if(check->http_ntlm_state != NTLMSTATE_NONE) { + /* Connection is using NTLM auth but we don't want NTLM */ + continue; + } - if((wantNTLMhttp && - (check->http_ntlm_state != NTLMSTATE_NONE)) || - (wantProxyNTLMhttp && - (check->proxy_ntlm_state != NTLMSTATE_NONE))) { - /* We must use this connection, no other */ - *force_reuse = TRUE; - break; - } +#ifndef CURL_DISABLE_PROXY + /* Same for Proxy NTLM authentication */ + if(wantProxyNTLMhttp) { + /* Both check->http_proxy.user and check->http_proxy.passwd can be + * NULL */ + if(!check->http_proxy.user || !check->http_proxy.passwd) + continue; - /* Continue look up for a better connection */ - continue; - } + if(Curl_timestrcmp(needle->http_proxy.user, + check->http_proxy.user) || + Curl_timestrcmp(needle->http_proxy.passwd, + check->http_proxy.passwd)) + continue; + } + else if(check->proxy_ntlm_state != NTLMSTATE_NONE) { + /* Proxy connection is using NTLM auth but we don't want NTLM */ + continue; + } +#endif + if(wantNTLMhttp || wantProxyNTLMhttp) { + /* Credentials are already checked, we may use this connection. + * With NTLM being weird as it is, we MUST use a + * connection where it has already been fully negotiated. + * If it has not, we keep on looking for a better one. */ + chosen = check; + + if((wantNTLMhttp && + (check->http_ntlm_state != NTLMSTATE_NONE)) || + (wantProxyNTLMhttp && + (check->proxy_ntlm_state != NTLMSTATE_NONE))) { + /* We must use this connection, no other */ + *force_reuse = TRUE; + break; + } + /* Continue look up for a better connection */ + continue; + } #endif - if(canmultiplex) { - /* We can multiplex if we want to. Let's continue looking for - the optimal connection to use. */ - - if(!multiplexed) { - /* We have the optimal connection. Let's stop looking. */ - chosen = check; - break; - } -#ifdef USE_NGHTTP2 - /* If multiplexed, make sure we don't go over concurrency limit */ - if(check->bits.multiplex) { - if(multiplexed >= Curl_conn_get_max_concurrent(data, check, - FIRSTSOCKET)) { - infof(data, "MAX_CONCURRENT_STREAMS reached, skip (%zu)", - multiplexed); - continue; - } - else if(multiplexed >= - Curl_multi_max_concurrent_streams(data->multi)) { - infof(data, "client side MAX_CONCURRENT_STREAMS reached" - ", skip (%zu)", - multiplexed); - continue; - } - } -#endif - /* When not multiplexed, we have a match here! */ - chosen = check; - infof(data, "Multiplexed connection found"); - break; - } - else { - /* We have found a connection. Let's stop searching. */ - chosen = check; - break; - } + if(CONN_INUSE(check)) { + DEBUGASSERT(canmultiplex); + DEBUGASSERT(check->bits.multiplex); + /* If multiplexed, make sure we don't go over concurrency limit */ + if(CONN_INUSE(check) >= + Curl_multi_max_concurrent_streams(data->multi)) { + infof(data, "client side MAX_CONCURRENT_STREAMS reached" + ", skip (%zu)", CONN_INUSE(check)); + continue; + } + if(CONN_INUSE(check) >= + Curl_conn_get_max_concurrent(data, check, FIRSTSOCKET)) { + infof(data, "MAX_CONCURRENT_STREAMS reached, skip (%zu)", + CONN_INUSE(check)); + continue; } + /* When not multiplexed, we have a match here! */ + infof(data, "Multiplexed connection found"); + } + else if(extract_if_dead(check, data)) { + /* disconnect it */ + Curl_disconnect(data, check, TRUE); + continue; } - } + + /* We have found a connection. Let's stop searching. */ + chosen = check; + break; + } /* loop over connection bundle */ if(chosen) { /* mark it as used before releasing the lock */ @@ -1516,6 +1355,8 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) conn->sock[FIRSTSOCKET] = CURL_SOCKET_BAD; /* no file descriptor */ conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD; /* no file descriptor */ + conn->sockfd = CURL_SOCKET_BAD; + conn->writesockfd = CURL_SOCKET_BAD; conn->connection_id = -1; /* no ID */ conn->port = -1; /* unknown at this point */ conn->remote_port = -1; /* unknown at this point */ @@ -1560,17 +1401,6 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) #ifndef CURL_DISABLE_FTP conn->bits.ftp_use_epsv = data->set.ftp_use_epsv; conn->bits.ftp_use_eprt = data->set.ftp_use_eprt; -#endif - conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus; - conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer; - conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost; - conn->ssl_config.ssl_options = data->set.ssl.primary.ssl_options; -#ifndef CURL_DISABLE_PROXY - conn->proxy_ssl_config.verifystatus = - data->set.proxy_ssl.primary.verifystatus; - conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer; - conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost; - conn->proxy_ssl_config.ssl_options = data->set.proxy_ssl.primary.ssl_options; #endif conn->ip_version = data->set.ipver; conn->connect_only = data->set.connect_only; @@ -1615,30 +1445,231 @@ error: return NULL; } -/* returns the handler if the given scheme is built-in */ -const struct Curl_handler *Curl_builtin_scheme(const char *scheme, - size_t schemelen) +const struct Curl_handler *Curl_get_scheme_handler(const char *scheme) { - const struct Curl_handler * const *pp; - const struct Curl_handler *p; - /* Scan protocol handler table and match against 'scheme'. The handler may - be changed later when the protocol specific setup function is called. */ - if(schemelen == CURL_ZERO_TERMINATED) - schemelen = strlen(scheme); - for(pp = protocols; (p = *pp) != NULL; pp++) - if(strncasecompare(p->scheme, scheme, schemelen) && !p->scheme[schemelen]) - /* Protocol found in table. */ - return p; - return NULL; /* not found */ + return Curl_getn_scheme_handler(scheme, strlen(scheme)); } +/* returns the handler if the given scheme is built-in */ +const struct Curl_handler *Curl_getn_scheme_handler(const char *scheme, + size_t len) +{ + /* table generated by schemetable.c: + 1. gcc schemetable.c && ./a.out + 2. check how small the table gets + 3. tweak the hash algorithm, then rerun from 1 + 4. when the table is good enough + 5. copy the table into this source code + 6. make sure this function uses the same hash function that worked for + schemetable.c + 7. if needed, adjust the #ifdefs in schemetable.c and rerun + */ + static const struct Curl_handler * const protocols[67] = { +#ifndef CURL_DISABLE_FILE + &Curl_handler_file, +#else + NULL, +#endif + NULL, NULL, +#if defined(USE_SSL) && !defined(CURL_DISABLE_GOPHER) + &Curl_handler_gophers, +#else + NULL, +#endif + NULL, +#ifdef USE_LIBRTMP + &Curl_handler_rtmpe, +#else + NULL, +#endif +#ifndef CURL_DISABLE_SMTP + &Curl_handler_smtp, +#else + NULL, +#endif +#if defined(USE_SSH) + &Curl_handler_sftp, +#else + NULL, +#endif +#if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE) && \ + (SIZEOF_CURL_OFF_T > 4) + &Curl_handler_smb, +#else + NULL, +#endif +#if defined(USE_SSL) && !defined(CURL_DISABLE_SMTP) + &Curl_handler_smtps, +#else + NULL, +#endif +#ifndef CURL_DISABLE_TELNET + &Curl_handler_telnet, +#else + NULL, +#endif +#ifndef CURL_DISABLE_GOPHER + &Curl_handler_gopher, +#else + NULL, +#endif +#ifndef CURL_DISABLE_TFTP + &Curl_handler_tftp, +#else + NULL, +#endif + NULL, NULL, NULL, +#if defined(USE_SSL) && !defined(CURL_DISABLE_FTP) + &Curl_handler_ftps, +#else + NULL, +#endif +#ifndef CURL_DISABLE_HTTP + &Curl_handler_http, +#else + NULL, +#endif +#ifndef CURL_DISABLE_IMAP + &Curl_handler_imap, +#else + NULL, +#endif +#ifdef USE_LIBRTMP + &Curl_handler_rtmps, +#else + NULL, +#endif +#ifdef USE_LIBRTMP + &Curl_handler_rtmpt, +#else + NULL, +#endif + NULL, NULL, NULL, +#if !defined(CURL_DISABLE_LDAP) && \ + !defined(CURL_DISABLE_LDAPS) && \ + ((defined(USE_OPENLDAP) && defined(USE_SSL)) || \ + (!defined(USE_OPENLDAP) && defined(HAVE_LDAP_SSL))) + &Curl_handler_ldaps, +#else + NULL, +#endif +#if defined(USE_WEBSOCKETS) && \ + defined(USE_SSL) && !defined(CURL_DISABLE_HTTP) + &Curl_handler_wss, +#else + NULL, +#endif +#if defined(USE_SSL) && !defined(CURL_DISABLE_HTTP) + &Curl_handler_https, +#else + NULL, +#endif + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, +#ifndef CURL_DISABLE_RTSP + &Curl_handler_rtsp, +#else + NULL, +#endif +#if defined(USE_SSL) && !defined(CURL_DISABLE_SMB) && \ + defined(USE_CURL_NTLM_CORE) && (SIZEOF_CURL_OFF_T > 4) + &Curl_handler_smbs, +#else + NULL, +#endif +#if defined(USE_SSH) && !defined(USE_WOLFSSH) + &Curl_handler_scp, +#else + NULL, +#endif + NULL, NULL, NULL, +#ifndef CURL_DISABLE_POP3 + &Curl_handler_pop3, +#else + NULL, +#endif + NULL, NULL, +#ifdef USE_LIBRTMP + &Curl_handler_rtmp, +#else + NULL, +#endif + NULL, NULL, NULL, +#ifdef USE_LIBRTMP + &Curl_handler_rtmpte, +#else + NULL, +#endif + NULL, NULL, NULL, +#ifndef CURL_DISABLE_DICT + &Curl_handler_dict, +#else + NULL, +#endif + NULL, NULL, NULL, +#ifndef CURL_DISABLE_MQTT + &Curl_handler_mqtt, +#else + NULL, +#endif +#if defined(USE_SSL) && !defined(CURL_DISABLE_POP3) + &Curl_handler_pop3s, +#else + NULL, +#endif +#if defined(USE_SSL) && !defined(CURL_DISABLE_IMAP) + &Curl_handler_imaps, +#else + NULL, +#endif + NULL, +#if defined(USE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) + &Curl_handler_ws, +#else + NULL, +#endif + NULL, +#ifdef USE_LIBRTMP + &Curl_handler_rtmpts, +#else + NULL, +#endif +#ifndef CURL_DISABLE_LDAP + &Curl_handler_ldap, +#else + NULL, +#endif + NULL, NULL, +#ifndef CURL_DISABLE_FTP + &Curl_handler_ftp, +#else + NULL, +#endif + }; + + if(len && (len <= 7)) { + const char *s = scheme; + size_t l = len; + const struct Curl_handler *h; + unsigned int c = 978; + while(l) { + c <<= 5; + c += Curl_raw_tolower(*s); + s++; + l--; + } + + h = protocols[c % 67]; + if(h && strncasecompare(scheme, h->scheme, len) && !h->scheme[len]) + return h; + } + return NULL; +} static CURLcode findprotocol(struct Curl_easy *data, struct connectdata *conn, const char *protostr) { - const struct Curl_handler *p = Curl_builtin_scheme(protostr, - CURL_ZERO_TERMINATED); + const struct Curl_handler *p = Curl_get_scheme_handler(protostr); if(p && /* Protocol found in table. Check if allowed */ (data->set.allowed_protocols & p->protocol)) { @@ -1652,7 +1683,6 @@ static CURLcode findprotocol(struct Curl_easy *data, else { /* Perform setup complement if some. */ conn->handler = conn->given = p; - /* 'port' and 'remote_port' are set in setup_connection_internals() */ return CURLE_OK; } @@ -1661,8 +1691,9 @@ static CURLcode findprotocol(struct Curl_easy *data, /* The protocol was not found in the table, but we don't have to assign it to anything since it is already assigned to a dummy-struct in the create_conn() function when the connectdata struct is allocated. */ - failf(data, "Protocol \"%s\" not supported or disabled in " LIBCURL_NAME, - protostr); + failf(data, "Protocol \"%s\" %s%s", protostr, + p ? "disabled" : "not supported", + data->state.this_is_a_follow ? " (in redirect)":""); return CURLE_UNSUPPORTED_PROTOCOL; } @@ -1705,14 +1736,14 @@ static void zonefrom_url(CURLU *uh, struct Curl_easy *data, conn->scope_id = (unsigned int)scope; #if defined(HAVE_IF_NAMETOINDEX) else { -#elif defined(WIN32) +#elif defined(_WIN32) else if(Curl_if_nametoindex) { #endif -#if defined(HAVE_IF_NAMETOINDEX) || defined(WIN32) +#if defined(HAVE_IF_NAMETOINDEX) || defined(_WIN32) /* Zone identifier is not numeric */ unsigned int scopeidx = 0; -#if defined(WIN32) +#if defined(_WIN32) scopeidx = Curl_if_nametoindex(zoneid); #else scopeidx = if_nametoindex(zoneid); @@ -1727,7 +1758,7 @@ static void zonefrom_url(CURLU *uh, struct Curl_easy *data, else conn->scope_id = scopeidx; } -#endif /* HAVE_IF_NAMETOINDEX || WIN32 */ +#endif /* HAVE_IF_NAMETOINDEX || _WIN32 */ free(zoneid); } @@ -3596,85 +3627,10 @@ static CURLcode create_conn(struct Curl_easy *data, conn->send[SECONDARYSOCKET] = Curl_conn_send; conn->bits.tcp_fastopen = data->set.tcp_fastopen; - /* Get a cloned copy of the SSL config situation stored in the - connection struct. But to get this going nicely, we must first make - sure that the strings in the master copy are pointing to the correct - strings in the session handle strings array! - - Keep in mind that the pointers in the master copy are pointing to strings - that will be freed as part of the Curl_easy struct, but all cloned - copies will be separately allocated. - */ - data->set.ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH]; - data->set.ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE]; - data->set.ssl.primary.issuercert = data->set.str[STRING_SSL_ISSUERCERT]; - data->set.ssl.primary.issuercert_blob = data->set.blobs[BLOB_SSL_ISSUERCERT]; - data->set.ssl.primary.cipher_list = - data->set.str[STRING_SSL_CIPHER_LIST]; - data->set.ssl.primary.cipher_list13 = - data->set.str[STRING_SSL_CIPHER13_LIST]; - data->set.ssl.primary.pinned_key = - data->set.str[STRING_SSL_PINNEDPUBLICKEY]; - data->set.ssl.primary.cert_blob = data->set.blobs[BLOB_CERT]; - data->set.ssl.primary.ca_info_blob = data->set.blobs[BLOB_CAINFO]; - data->set.ssl.primary.curves = data->set.str[STRING_SSL_EC_CURVES]; - -#ifndef CURL_DISABLE_PROXY - data->set.proxy_ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH_PROXY]; - data->set.proxy_ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE_PROXY]; - data->set.proxy_ssl.primary.cipher_list = - data->set.str[STRING_SSL_CIPHER_LIST_PROXY]; - data->set.proxy_ssl.primary.cipher_list13 = - data->set.str[STRING_SSL_CIPHER13_LIST_PROXY]; - data->set.proxy_ssl.primary.pinned_key = - data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]; - data->set.proxy_ssl.primary.cert_blob = data->set.blobs[BLOB_CERT_PROXY]; - data->set.proxy_ssl.primary.ca_info_blob = - data->set.blobs[BLOB_CAINFO_PROXY]; - data->set.proxy_ssl.primary.issuercert = - data->set.str[STRING_SSL_ISSUERCERT_PROXY]; - data->set.proxy_ssl.primary.issuercert_blob = - data->set.blobs[BLOB_SSL_ISSUERCERT_PROXY]; - data->set.proxy_ssl.primary.CRLfile = - data->set.str[STRING_SSL_CRLFILE_PROXY]; - data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY]; - data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY]; - data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY]; - data->set.proxy_ssl.key_passwd = data->set.str[STRING_KEY_PASSWD_PROXY]; - data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY]; - data->set.proxy_ssl.key_blob = data->set.blobs[BLOB_KEY_PROXY]; -#endif - data->set.ssl.primary.CRLfile = data->set.str[STRING_SSL_CRLFILE]; - data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE]; - data->set.ssl.key = data->set.str[STRING_KEY]; - data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE]; - data->set.ssl.key_passwd = data->set.str[STRING_KEY_PASSWD]; - data->set.ssl.primary.clientcert = data->set.str[STRING_CERT]; -#ifdef USE_TLS_SRP - data->set.ssl.primary.username = data->set.str[STRING_TLSAUTH_USERNAME]; - data->set.ssl.primary.password = data->set.str[STRING_TLSAUTH_PASSWORD]; -#ifndef CURL_DISABLE_PROXY - data->set.proxy_ssl.primary.username = - data->set.str[STRING_TLSAUTH_USERNAME_PROXY]; - data->set.proxy_ssl.primary.password = - data->set.str[STRING_TLSAUTH_PASSWORD_PROXY]; -#endif -#endif - data->set.ssl.key_blob = data->set.blobs[BLOB_KEY]; - - if(!Curl_clone_primary_ssl_config(&data->set.ssl.primary, - &conn->ssl_config)) { - result = CURLE_OUT_OF_MEMORY; - goto out; - } - -#ifndef CURL_DISABLE_PROXY - if(!Curl_clone_primary_ssl_config(&data->set.proxy_ssl.primary, - &conn->proxy_ssl_config)) { - result = CURLE_OUT_OF_MEMORY; + /* Complete the easy's SSL configuration for connection cache matching */ + result = Curl_ssl_easy_config_complete(data); + if(result) goto out; - } -#endif prune_dead_connections(data); @@ -3789,6 +3745,12 @@ static CURLcode create_conn(struct Curl_easy *data, * This is a brand new connection, so let's store it in the connection * cache of ours! */ + result = Curl_ssl_conn_config_init(data, conn); + if(result) { + DEBUGF(fprintf(stderr, "Error: init connection ssl config\n")); + goto out; + } + Curl_attach_connection(data, conn); result = Curl_conncache_add_conn(data); if(result) @@ -3976,6 +3938,7 @@ CURLcode Curl_init_do(struct Curl_easy *data, struct connectdata *conn) k->bytecount = 0; k->ignorebody = FALSE; + Curl_client_cleanup(data); Curl_speedinit(data); Curl_pgrsSetUploadCounter(data, 0); Curl_pgrsSetDownloadCounter(data, 0); diff --git a/lib/url.h b/lib/url.h index f6a5b2573..7c1a29bc3 100644 --- a/lib/url.h +++ b/lib/url.h @@ -46,8 +46,13 @@ CURLcode Curl_parse_login_details(const char *login, const size_t len, char **userptr, char **passwdptr, char **optionsptr); -const struct Curl_handler *Curl_builtin_scheme(const char *scheme, - size_t schemelen); +/* Get protocol handler for a URI scheme + * @param scheme URI scheme, case-insensitive + * @return NULL of handler not found + */ +const struct Curl_handler *Curl_get_scheme_handler(const char *scheme); +const struct Curl_handler *Curl_getn_scheme_handler(const char *scheme, + size_t len); #define CURL_DEFAULT_PROXY_PORT 1080 /* default proxy port unless specified */ #define CURL_DEFAULT_HTTPS_PROXY_PORT 443 /* default https proxy port unless diff --git a/lib/urlapi.c b/lib/urlapi.c index 4efab611c..3cd0362c5 100644 --- a/lib/urlapi.c +++ b/lib/urlapi.c @@ -126,6 +126,9 @@ static const char *find_host_sep(const char *url) return sep < query ? sep : query; } +/* convert CURLcode to CURLUcode */ +#define cc2cu(x) ((x) == CURLE_TOO_LARGE ? CURLUE_TOO_LARGE : \ + CURLUE_OUT_OF_MEMORY) /* * Decide whether a character in a URL must be escaped. */ @@ -146,6 +149,7 @@ static CURLUcode urlencode_str(struct dynbuf *o, const char *url, bool left = !query; const unsigned char *iptr; const unsigned char *host_sep = (const unsigned char *) url; + CURLcode result; if(!relative) host_sep = (const unsigned char *) find_host_sep(url); @@ -154,20 +158,19 @@ static CURLUcode urlencode_str(struct dynbuf *o, const char *url, len; iptr++, len--) { if(iptr < host_sep) { - if(Curl_dyn_addn(o, iptr, 1)) - return CURLUE_OUT_OF_MEMORY; + result = Curl_dyn_addn(o, iptr, 1); + if(result) + return cc2cu(result); continue; } if(*iptr == ' ') { - if(left) { - if(Curl_dyn_addn(o, "%20", 3)) - return CURLUE_OUT_OF_MEMORY; - } - else { - if(Curl_dyn_addn(o, "+", 1)) - return CURLUE_OUT_OF_MEMORY; - } + if(left) + result = Curl_dyn_addn(o, "%20", 3); + else + result = Curl_dyn_addn(o, "+", 1); + if(result) + return cc2cu(result); continue; } @@ -178,13 +181,12 @@ static CURLUcode urlencode_str(struct dynbuf *o, const char *url, char out[3]={'%'}; out[1] = hexdigits[*iptr>>4]; out[2] = hexdigits[*iptr & 0xf]; - if(Curl_dyn_addn(o, out, 3)) - return CURLUE_OUT_OF_MEMORY; - } - else { - if(Curl_dyn_addn(o, iptr, 1)) - return CURLUE_OUT_OF_MEMORY; + result = Curl_dyn_addn(o, out, 3); } + else + result = Curl_dyn_addn(o, iptr, 1); + if(result) + return cc2cu(result); } return CURLUE_OK; @@ -206,7 +208,7 @@ size_t Curl_is_absolute_url(const char *url, char *buf, size_t buflen, (void)buflen; /* only used in debug-builds */ if(buf) buf[0] = 0; /* always leave a defined value in buf */ -#ifdef WIN32 +#ifdef _WIN32 if(guess_scheme && STARTS_WITH_DRIVE_PREFIX(url)) return 0; #endif @@ -248,7 +250,7 @@ size_t Curl_is_absolute_url(const char *url, char *buf, size_t buflen, * * Note that this function destroys the 'base' string. */ -static char *concat_url(char *base, const char *relurl) +static CURLcode concat_url(char *base, const char *relurl, char **newurl) { /*** TRY to append this new path to the old URL @@ -260,6 +262,9 @@ static char *concat_url(char *base, const char *relurl) char *pathsep; bool host_changed = FALSE; const char *useurl = relurl; + CURLcode result = CURLE_OK; + CURLUcode uc; + *newurl = NULL; /* protsep points to the start of the host name */ protsep = strstr(base, "//"); @@ -360,21 +365,27 @@ static char *concat_url(char *base, const char *relurl) Curl_dyn_init(&newest, CURL_MAX_INPUT_LENGTH); /* copy over the root url part */ - if(Curl_dyn_add(&newest, base)) - return NULL; + result = Curl_dyn_add(&newest, base); + if(result) + return result; /* check if we need to append a slash */ if(('/' == useurl[0]) || (protsep && !*protsep) || ('?' == useurl[0])) ; else { - if(Curl_dyn_addn(&newest, "/", 1)) - return NULL; + result = Curl_dyn_addn(&newest, "/", 1); + if(result) + return result; } /* then append the new piece on the right side */ - urlencode_str(&newest, useurl, strlen(useurl), !host_changed, FALSE); + uc = urlencode_str(&newest, useurl, strlen(useurl), !host_changed, + FALSE); + if(uc) + return (uc == CURLUE_TOO_LARGE) ? CURLE_TOO_LARGE : CURLE_OUT_OF_MEMORY; - return Curl_dyn_ptr(&newest); + *newurl = Curl_dyn_ptr(&newest); + return CURLE_OK; } /* scan for byte values <= 31, 127 and sometimes space */ @@ -446,7 +457,7 @@ static CURLUcode parse_hostname_login(struct Curl_URL *u, /* if this is a known scheme, get some details */ if(u->scheme) - h = Curl_builtin_scheme(u->scheme, CURL_ZERO_TERMINATED); + h = Curl_get_scheme_handler(u->scheme); /* We could use the login information in the URL so extract it. Only parse options if the handler says we should. Note that 'h' might be NULL! */ @@ -712,24 +723,30 @@ static int ipv4_normalize(struct dynbuf *host) Curl_dyn_reset(host); result = Curl_dyn_addf(host, "%u.%u.%u.%u", - parts[0] >> 24, (parts[0] >> 16) & 0xff, - (parts[0] >> 8) & 0xff, parts[0] & 0xff); + (unsigned int)(parts[0] >> 24), + (unsigned int)((parts[0] >> 16) & 0xff), + (unsigned int)((parts[0] >> 8) & 0xff), + (unsigned int)(parts[0] & 0xff)); break; case 1: /* a.b -- 8.24 bits */ if((parts[0] > 0xff) || (parts[1] > 0xffffff)) return HOST_NAME; Curl_dyn_reset(host); result = Curl_dyn_addf(host, "%u.%u.%u.%u", - parts[0], (parts[1] >> 16) & 0xff, - (parts[1] >> 8) & 0xff, parts[1] & 0xff); + (unsigned int)(parts[0]), + (unsigned int)((parts[1] >> 16) & 0xff), + (unsigned int)((parts[1] >> 8) & 0xff), + (unsigned int)(parts[1] & 0xff)); break; case 2: /* a.b.c -- 8.8.16 bits */ if((parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xffff)) return HOST_NAME; Curl_dyn_reset(host); result = Curl_dyn_addf(host, "%u.%u.%u.%u", - parts[0], parts[1], (parts[2] >> 8) & 0xff, - parts[2] & 0xff); + (unsigned int)(parts[0]), + (unsigned int)(parts[1]), + (unsigned int)((parts[2] >> 8) & 0xff), + (unsigned int)(parts[2] & 0xff)); break; case 3: /* a.b.c.d -- 8.8.8.8 bits */ if((parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xff) || @@ -737,7 +754,10 @@ static int ipv4_normalize(struct dynbuf *host) return HOST_NAME; Curl_dyn_reset(host); result = Curl_dyn_addf(host, "%u.%u.%u.%u", - parts[0], parts[1], parts[2], parts[3]); + (unsigned int)(parts[0]), + (unsigned int)(parts[1]), + (unsigned int)(parts[2]), + (unsigned int)(parts[3])); break; } if(result) @@ -766,7 +786,7 @@ static CURLUcode urldecode_host(struct dynbuf *host) result = Curl_dyn_addn(host, decoded, dlen); free(decoded); if(result) - return CURLUE_OUT_OF_MEMORY; + return cc2cu(result); } return CURLUE_OK; @@ -779,22 +799,24 @@ static CURLUcode parse_authority(struct Curl_URL *u, bool has_scheme) { size_t offset; - CURLUcode result; + CURLUcode uc; + CURLcode result; /* * Parse the login details and strip them out of the host name. */ - result = parse_hostname_login(u, auth, authlen, flags, &offset); - if(result) + uc = parse_hostname_login(u, auth, authlen, flags, &offset); + if(uc) goto out; - if(Curl_dyn_addn(host, auth + offset, authlen - offset)) { - result = CURLUE_OUT_OF_MEMORY; + result = Curl_dyn_addn(host, auth + offset, authlen - offset); + if(result) { + uc = cc2cu(result); goto out; } - result = Curl_parse_port(u, host, has_scheme); - if(result) + uc = Curl_parse_port(u, host, has_scheme); + if(uc) goto out; if(!Curl_dyn_len(host)) @@ -804,24 +826,24 @@ static CURLUcode parse_authority(struct Curl_URL *u, case HOST_IPV4: break; case HOST_IPV6: - result = ipv6_parse(u, Curl_dyn_ptr(host), Curl_dyn_len(host)); + uc = ipv6_parse(u, Curl_dyn_ptr(host), Curl_dyn_len(host)); break; case HOST_NAME: - result = urldecode_host(host); - if(!result) - result = hostname_check(u, Curl_dyn_ptr(host), Curl_dyn_len(host)); + uc = urldecode_host(host); + if(!uc) + uc = hostname_check(u, Curl_dyn_ptr(host), Curl_dyn_len(host)); break; case HOST_ERROR: - result = CURLUE_OUT_OF_MEMORY; + uc = CURLUE_OUT_OF_MEMORY; break; case HOST_BAD: default: - result = CURLUE_BAD_HOSTNAME; /* Bad IPv4 address even */ + uc = CURLUE_BAD_HOSTNAME; /* Bad IPv4 address even */ break; } out: - return result; + return uc; } CURLUcode Curl_url_set_authority(CURLU *u, const char *authority, @@ -1056,7 +1078,7 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) ptr += 9; /* now points to the slash after the host */ } else { -#if defined(WIN32) +#if defined(_WIN32) size_t len; /* the host name, NetBIOS computer name, can not contain disallowed @@ -1070,8 +1092,9 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) len = path - ptr; if(len) { - if(Curl_dyn_addn(&host, ptr, len)) { - result = CURLUE_OUT_OF_MEMORY; + CURLcode code = Curl_dyn_addn(&host, ptr, len); + if(code) { + result = cc2cu(code); goto fail; } uncpath = TRUE; @@ -1095,7 +1118,7 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) /* no host for file: URLs by default */ Curl_dyn_reset(&host); -#if !defined(MSDOS) && !defined(WIN32) && !defined(__CYGWIN__) +#if !defined(_WIN32) && !defined(MSDOS) && !defined(__CYGWIN__) /* Don't allow Windows drive letters when not in Windows. * This catches both "file:/c:" and "file:c:" */ if(('/' == path[0] && STARTS_WITH_URL_DRIVE_PREFIX(&path[1])) || @@ -1129,7 +1152,7 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) } schemep = schemebuf; - if(!Curl_builtin_scheme(schemep, CURL_ZERO_TERMINATED) && + if(!Curl_get_scheme_handler(schemep) && !(flags & CURLU_NON_SUPPORT_SCHEME)) { result = CURLUE_UNSUPPORTED_SCHEME; goto fail; @@ -1224,14 +1247,13 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) if(flags & CURLU_URLENCODE) { struct dynbuf enc; Curl_dyn_init(&enc, CURL_MAX_INPUT_LENGTH); - if(urlencode_str(&enc, fragment + 1, fraglen, TRUE, FALSE)) { - result = CURLUE_OUT_OF_MEMORY; + result = urlencode_str(&enc, fragment + 1, fraglen - 1, TRUE, FALSE); + if(result) goto fail; - } u->fragment = Curl_dyn_ptr(&enc); } else { - u->fragment = Curl_memdup(fragment + 1, fraglen); + u->fragment = Curl_memdup0(fragment + 1, fraglen - 1); if(!u->fragment) { result = CURLUE_OUT_OF_MEMORY; goto fail; @@ -1242,7 +1264,6 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) pathlen -= fraglen; } - DEBUGASSERT(pathlen < urllen); query = memchr(path, '?', pathlen); if(query) { size_t qlen = fragment ? (size_t)(fragment - query) : @@ -1253,19 +1274,17 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) struct dynbuf enc; Curl_dyn_init(&enc, CURL_MAX_INPUT_LENGTH); /* skip the leading question mark */ - if(urlencode_str(&enc, query + 1, qlen - 1, TRUE, TRUE)) { - result = CURLUE_OUT_OF_MEMORY; + result = urlencode_str(&enc, query + 1, qlen - 1, TRUE, TRUE); + if(result) goto fail; - } u->query = Curl_dyn_ptr(&enc); } else { - u->query = Curl_memdup(query + 1, qlen); + u->query = Curl_memdup0(query + 1, qlen - 1); if(!u->query) { result = CURLUE_OUT_OF_MEMORY; goto fail; } - u->query[qlen - 1] = 0; } } else { @@ -1281,10 +1300,9 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) if(pathlen && (flags & CURLU_URLENCODE)) { struct dynbuf enc; Curl_dyn_init(&enc, CURL_MAX_INPUT_LENGTH); - if(urlencode_str(&enc, path, pathlen, TRUE, FALSE)) { - result = CURLUE_OUT_OF_MEMORY; + result = urlencode_str(&enc, path, pathlen, TRUE, FALSE); + if(result) goto fail; - } pathlen = Curl_dyn_len(&enc); path = u->path = Curl_dyn_ptr(&enc); } @@ -1295,12 +1313,11 @@ static CURLUcode parseurl(const char *url, CURLU *u, unsigned int flags) } else { if(!u->path) { - u->path = Curl_memdup(path, pathlen + 1); + u->path = Curl_memdup0(path, pathlen); if(!u->path) { result = CURLUE_OUT_OF_MEMORY; goto fail; } - u->path[pathlen] = 0; path = u->path; } else if(flags & CURLU_URLENCODE) @@ -1352,7 +1369,7 @@ static CURLUcode parseurl_and_replace(const char *url, CURLU *u, */ CURLU *curl_url(void) { - return calloc(sizeof(struct Curl_URL), 1); + return calloc(1, sizeof(struct Curl_URL)); } void curl_url_cleanup(CURLU *u) @@ -1374,7 +1391,7 @@ void curl_url_cleanup(CURLU *u) CURLU *curl_url_dup(const CURLU *in) { - struct Curl_URL *u = calloc(sizeof(struct Curl_URL), 1); + struct Curl_URL *u = calloc(1, sizeof(struct Curl_URL)); if(u) { DUP(u, in, scheme); DUP(u, in, user); @@ -1447,8 +1464,7 @@ CURLUcode curl_url_get(const CURLU *u, CURLUPart what, if(!ptr && (flags & CURLU_DEFAULT_PORT) && u->scheme) { /* there's no stored port number, but asked to deliver a default one for the scheme */ - const struct Curl_handler *h = - Curl_builtin_scheme(u->scheme, CURL_ZERO_TERMINATED); + const struct Curl_handler *h = Curl_get_scheme_handler(u->scheme); if(h) { msnprintf(portbuf, sizeof(portbuf), "%u", h->defport); ptr = portbuf; @@ -1457,8 +1473,7 @@ CURLUcode curl_url_get(const CURLU *u, CURLUPart what, else if(ptr && u->scheme) { /* there is a stored port number, but ask to inhibit if it matches the default one for the scheme */ - const struct Curl_handler *h = - Curl_builtin_scheme(u->scheme, CURL_ZERO_TERMINATED); + const struct Curl_handler *h = Curl_get_scheme_handler(u->scheme); if(h && (h->defport == u->portnum) && (flags & CURLU_NO_DEFAULT_PORT)) ptr = NULL; @@ -1503,7 +1518,7 @@ CURLUcode curl_url_get(const CURLU *u, CURLUPart what, else return CURLUE_NO_SCHEME; - h = Curl_builtin_scheme(scheme, CURL_ZERO_TERMINATED); + h = Curl_get_scheme_handler(scheme); if(!port && (flags & CURLU_DEFAULT_PORT)) { /* there's no stored port number, but asked to deliver a default one for the scheme */ @@ -1596,7 +1611,7 @@ CURLUcode curl_url_get(const CURLU *u, CURLUPart what, if(ptr) { size_t partlen = strlen(ptr); size_t i = 0; - *part = Curl_memdup(ptr, partlen + 1); + *part = Curl_memdup0(ptr, partlen); if(!*part) return CURLUE_OUT_OF_MEMORY; if(plusdecode) { @@ -1623,10 +1638,11 @@ CURLUcode curl_url_get(const CURLU *u, CURLUPart what, } if(urlencode) { struct dynbuf enc; + CURLUcode uc; Curl_dyn_init(&enc, CURL_MAX_INPUT_LENGTH); - if(urlencode_str(&enc, *part, partlen, TRUE, - what == CURLUPART_QUERY)) - return CURLUE_OUT_OF_MEMORY; + uc = urlencode_str(&enc, *part, partlen, TRUE, what == CURLUPART_QUERY); + if(uc) + return uc; free(*part); *part = Curl_dyn_ptr(&enc); } @@ -1743,9 +1759,8 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, if((plen > MAX_SCHEME_LEN) || (plen < 1)) /* too long or too short */ return CURLUE_BAD_SCHEME; - if(!(flags & CURLU_NON_SUPPORT_SCHEME) && - /* verify that it is a fine scheme */ - !Curl_builtin_scheme(part, CURL_ZERO_TERMINATED)) + /* verify that it is a fine scheme */ + if(!(flags & CURLU_NON_SUPPORT_SCHEME) && !Curl_get_scheme_handler(part)) return CURLUE_UNSUPPORTED_SCHEME; storep = &u->scheme; urlencode = FALSE; /* never */ @@ -1812,7 +1827,8 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, * If the existing contents is enough for a URL, allow a relative URL to * replace it. */ - CURLUcode result; + CURLcode result; + CURLUcode uc; char *oldurl; char *redired_url; @@ -1832,14 +1848,14 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, /* apply the relative part to create a new URL * and replace the existing one with it. */ - redired_url = concat_url(oldurl, part); + result = concat_url(oldurl, part, &redired_url); free(oldurl); - if(!redired_url) - return CURLUE_OUT_OF_MEMORY; + if(result) + return cc2cu(result); - result = parseurl_and_replace(redired_url, u, flags); + uc = parseurl_and_replace(redired_url, u, flags); free(redired_url); - return result; + return uc; } default: return CURLUE_UNKNOWN_PART; @@ -1853,7 +1869,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, if(leadingslash && (part[0] != '/')) { CURLcode result = Curl_dyn_addn(&enc, "/", 1); if(result) - return CURLUE_OUT_OF_MEMORY; + return cc2cu(result); } if(urlencode) { const unsigned char *i; @@ -1873,7 +1889,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, equalsencode = FALSE; result = Curl_dyn_addn(&enc, i, 1); if(result) - return CURLUE_OUT_OF_MEMORY; + return cc2cu(result); } else { char out[3]={'%'}; @@ -1881,7 +1897,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, out[2] = hexdigits[*i & 0xf]; result = Curl_dyn_addn(&enc, out, 3); if(result) - return CURLUE_OUT_OF_MEMORY; + return cc2cu(result); } } } @@ -1889,7 +1905,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, char *p; CURLcode result = Curl_dyn_add(&enc, part); if(result) - return CURLUE_OUT_OF_MEMORY; + return cc2cu(result); p = Curl_dyn_ptr(&enc); while(*p) { /* make sure percent encoded are lower case */ @@ -1905,7 +1921,7 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what, } newp = Curl_dyn_ptr(&enc); - if(appendquery) { + if(appendquery && newp) { /* Append the 'newp' string onto the old query. Add a '&' separator if none is present at the end of the existing query already */ @@ -1934,8 +1950,8 @@ nomem: } } - if(what == CURLUPART_HOST) { - size_t n = strlen(newp); + else if(what == CURLUPART_HOST) { + size_t n = Curl_dyn_len(&enc); if(!n && (flags & CURLU_NO_AUTHORITY)) { /* Skip hostname check, it's allowed to be empty. */ } diff --git a/lib/urldata.h b/lib/urldata.h index dff26e6b4..9dcccc703 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -266,6 +266,13 @@ typedef enum { /* SSL backend-specific data; declared differently by each SSL backend */ struct ssl_backend_data; +struct ssl_peer { + char *hostname; /* hostname for verification */ + char *dispname; /* display version of hostname */ + char *sni; /* SNI version of hostname or NULL if not usable */ + BIT(is_ip_address); /* if hostname is an IPv4|6 address */ +}; + struct ssl_primary_config { char *CApath; /* certificate dir (doesn't work on windows) */ char *CAfile; /* certificate to verify peer against */ @@ -571,6 +578,13 @@ struct hostname { #define KEEP_RECVBITS (KEEP_RECV | KEEP_RECV_HOLD | KEEP_RECV_PAUSE) #define KEEP_SENDBITS (KEEP_SEND | KEEP_SEND_HOLD | KEEP_SEND_PAUSE) +/* transfer wants to send is not PAUSE or HOLD */ +#define CURL_WANT_SEND(data) \ + (((data)->req.keepon & KEEP_SENDBITS) == KEEP_SEND) +/* transfer receive is not on PAUSE or HOLD */ +#define CURL_WANT_RECV(data) \ + (((data)->req.keepon & KEEP_RECVBITS) == KEEP_RECV) + #if defined(CURLRES_ASYNCH) || !defined(CURL_DISABLE_DOH) #define USE_CURL_ASYNC struct Curl_async { @@ -589,6 +603,15 @@ struct Curl_async { #define FIRSTSOCKET 0 #define SECONDARYSOCKET 1 +/* Polling requested by an easy handle. + * `action` is CURL_POLL_IN, CURL_POLL_OUT or CURL_POLL_INOUT. + */ +struct easy_pollset { + curl_socket_t sockets[MAX_SOCKSPEREASYHANDLE]; + unsigned int num; + unsigned char actions[MAX_SOCKSPEREASYHANDLE]; +}; + enum expect100 { EXP100_SEND_DATA, /* enough waiting, just send the body now */ EXP100_AWAITING_CONTINUE, /* waiting for the 100 Continue header */ @@ -649,16 +672,8 @@ struct SingleRequest { counter to make only a 100 reply (without a following second response code) result in a CURLE_GOT_NOTHING error code */ - enum { - HEADER_NORMAL, /* no bad header at all */ - HEADER_PARTHEADER, /* part of the chunk is a bad header, the rest - is normal data */ - HEADER_ALLBAD /* all was believed to be header */ - } badheader; /* the header was deemed bad and will be - written as body */ int headerline; /* counts header lines to better track the first one */ - char *str; /* within buf */ curl_off_t offset; /* possible resume offset read from the Content-Range: header */ int httpcode; /* error code from the 'HTTP/1.? XXX' or @@ -668,8 +683,9 @@ struct SingleRequest { enum expect100 exp100; /* expect 100 continue state */ enum upgrade101 upgr101; /* 101 upgrade state */ - /* Content unencoding stack. See sec 3.5, RFC2616. */ - struct contenc_writer *writer_stack; + /* Client Writer stack, handles trasnfer- and content-encodings, protocol + * checks, pausing by client callbacks. */ + struct Curl_cwriter *writer_stack; time_t timeofdoc; long bodywrites; char *location; /* This points to an allocated version of the Location: @@ -706,16 +722,19 @@ struct SingleRequest { #ifndef CURL_DISABLE_DOH struct dohdata *doh; /* DoH specific data for this request */ #endif -#if defined(WIN32) && defined(USE_WINSOCK) +#if defined(_WIN32) && defined(USE_WINSOCK) struct curltime last_sndbuf_update; /* last time readwrite_upload called win_update_buffer_size */ #endif + char fread_eof[2]; /* the body read callback (index 0) returned EOF or + the trailer read callback (index 1) returned EOF */ #ifndef CURL_DISABLE_COOKIES unsigned char setcookies; #endif - unsigned char writer_stack_depth; /* Unencoding stack depth. */ BIT(header); /* incoming data has HTTP header */ BIT(content_range); /* set TRUE if Content-Range: was found */ + BIT(download_done); /* set to TRUE when download is complete */ + BIT(eos_written); /* iff EOS has been written to client */ BIT(upload_done); /* set to TRUE when doing chunked transfer-encoding upload and we're uploading the last chunk */ BIT(ignorebody); /* we read a response-body but we ignore it! */ @@ -797,9 +816,10 @@ struct Curl_handler { bool dead_connection); /* If used, this function gets called from transfer.c:readwrite_data() to - allow the protocol to do extra reads/writes */ - CURLcode (*readwrite)(struct Curl_easy *data, struct connectdata *conn, - ssize_t *nread, bool *readmore); + allow the protocol to do extra handling in writing response to + the client. */ + CURLcode (*write_resp)(struct Curl_easy *data, const char *buf, size_t blen, + bool is_eos, bool *done); /* This function can perform various checks on the connection. See CONNCHECK_* for more information about the checks that can be performed, @@ -878,11 +898,6 @@ struct ldapconninfo; struct connectdata { struct Curl_llist_element bundle_node; /* conncache */ - /* chunk is for HTTP chunked encoding, but is in the general connectdata - struct only because we can do just about any protocol through an HTTP - proxy and an HTTP proxy may in fact respond using chunked encoding */ - struct Curl_chunker chunk; - curl_closesocket_callback fclosesocket; /* function closing the socket(s) */ void *closesocket_client; @@ -1005,11 +1020,6 @@ struct connectdata { struct negotiatedata proxyneg; /* state data for proxy Negotiate auth */ #endif -#ifndef CURL_DISABLE_HTTP - /* for chunked-encoded trailer */ - struct dynbuf trailer; -#endif - union { #ifndef CURL_DISABLE_FTP struct ftp_conn ftpc; @@ -1080,7 +1090,6 @@ struct connectdata { unsigned short localport; unsigned short secondary_port; /* secondary socket remote port to connect to (ftp) */ - unsigned char cselect_bits; /* bitmask of socket events */ unsigned char alpn; /* APLN TLS negotiated protocol, a CURL_HTTP_VERSION* value */ #ifndef CURL_DISABLE_PROXY @@ -1170,6 +1179,7 @@ struct Progress { curl_off_t dlspeed; curl_off_t ulspeed; + timediff_t t_postqueue; timediff_t t_nslookup; timediff_t t_connect; timediff_t t_appconnect; @@ -1325,7 +1335,8 @@ struct UrlState { curl_off_t recent_conn_id; /* The most recent connection used, might no * longer exist */ struct dynbuf headerb; /* buffer to store headers in */ - + struct curl_slist *hstslist; /* list of HSTS files set by + curl_easy_setopt(HSTS) calls */ char *buffer; /* download buffer */ char *ulbuf; /* allocated upload buffer or NULL */ curl_off_t current_speed; /* the ProgressShow() function sets this, @@ -1373,7 +1384,7 @@ struct UrlState { /* a place to store the most recently set (S)FTP entrypath */ char *most_recent_ftp_entrypath; -#if !defined(WIN32) && !defined(MSDOS) && !defined(__EMX__) +#if !defined(_WIN32) && !defined(MSDOS) && !defined(__EMX__) /* do FTP line-end conversions on most platforms */ #define CURL_DO_LINEEND_CONV /* for FTP downloads: track CRLF sequences that span blocks */ @@ -1411,7 +1422,7 @@ struct UrlState { this should be dealt with in pretransfer */ #ifndef CURL_DISABLE_HTTP curl_mimepart *mimepost; - curl_mimepart *formp; /* storage for old API form-posting, alloced on + curl_mimepart *formp; /* storage for old API form-posting, allocated on demand */ size_t trailers_bytes_sent; struct dynbuf trailers_buf; /* a buffer containing the compiled trailing @@ -1422,6 +1433,10 @@ struct UrlState { trailers_state trailers_state; /* whether we are sending trailers and what stage are we at */ #endif +#ifndef CURL_DISABLE_COOKIES + struct curl_slist *cookielist; /* list of cookie files set by + curl_easy_setopt(COOKIEFILE) calls */ +#endif #ifdef USE_HYPER bool hconnect; /* set if a CONNECT request */ CURLcode hresult; /* used to pass return codes back from hyper callbacks */ @@ -1454,7 +1469,7 @@ struct UrlState { server involved in this request */ unsigned char httpreq; /* Curl_HttpReq; what kind of HTTP request (if any) is this */ - unsigned char dselect_bits; /* != 0 -> bitmask of socket events for this + unsigned char select_bits; /* != 0 -> bitmask of socket events for this transfer overriding anything the socket may report */ #ifdef CURLDEBUG @@ -1498,6 +1513,9 @@ struct UrlState { though it will be discarded. We must call the data rewind callback before trying to send again. */ BIT(upload); /* upload request */ + BIT(internal); /* internal: true if this easy handle was created for + internal use and the user does not have ownership of the + handle. */ }; /* @@ -1674,13 +1692,7 @@ struct UserDefined { void *prereq_userp; /* pre-initial request user data */ void *seek_client; /* pointer to pass to the seek callback */ -#ifndef CURL_DISABLE_COOKIES - struct curl_slist *cookielist; /* list of cookie files set by - curl_easy_setopt(COOKIEFILE) calls */ -#endif #ifndef CURL_DISABLE_HSTS - struct curl_slist *hstslist; /* list of HSTS files set by - curl_easy_setopt(HSTS) calls */ curl_hstsread_callback hsts_read; void *hsts_read_userp; curl_hstswrite_callback hsts_write; @@ -1780,9 +1792,6 @@ struct UserDefined { #endif curl_prot_t allowed_protocols; curl_prot_t redir_protocols; -#ifndef CURL_DISABLE_MIME - unsigned int mime_options; /* Mime option flags. */ -#endif #ifndef CURL_DISABLE_RTSP void *rtp_out; /* write RTP to this if non-NULL */ /* Common RTSP header options */ @@ -1805,8 +1814,6 @@ struct UserDefined { int tcp_keepidle; /* seconds in idle before sending keepalive probe */ int tcp_keepintvl; /* seconds between TCP keepalive probes */ - size_t maxconnects; /* Max idle connections in the connection cache */ - long expect_100_timeout; /* in milliseconds */ #if defined(USE_HTTP2) || defined(USE_HTTP3) struct Curl_data_priority priority; @@ -1831,10 +1838,14 @@ struct UserDefined { BIT(mail_rcpt_allowfails); /* allow RCPT TO command to fail for some recipients */ #endif + unsigned int maxconnects; /* Max idle connections in the connection cache */ unsigned char use_ssl; /* if AUTH TLS is to be attempted etc, for FTP or IMAP or POP3 or others! (type: curl_usessl)*/ unsigned char connect_only; /* make connection/request, then let application use the socket */ +#ifndef CURL_DISABLE_MIME + BIT(mime_formescape); +#endif BIT(is_fread_set); /* has read callback been set to non-NULL? */ #ifndef CURL_DISABLE_TFTP BIT(tftp_no_options); /* do not send TFTP options requests */ @@ -1971,10 +1982,7 @@ struct Curl_easy { particular order. Note that all sockets are added to the sockhash, where the state etc are also kept. This array is mostly used to detect when a socket is to be removed from the hash. See singlesocket(). */ - curl_socket_t sockets[MAX_SOCKSPEREASYHANDLE]; - unsigned char actions[MAX_SOCKSPEREASYHANDLE]; /* action for each socket in - sockets[] */ - int numsocks; + struct easy_pollset last_poll; struct Names dns; struct Curl_multi *multi; /* if non-NULL, points to the multi handle @@ -2013,10 +2021,6 @@ struct Curl_easy { #ifdef USE_HYPER struct hyptransfer hyp; #endif - - /* internal: true if this easy handle was created for internal use and the - user does not have ownership of the handle. */ - bool internal; }; #define LIBCURL_NAME "libcurl" diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c index 12c6f7dd5..416da0fcc 100644 --- a/lib/vauth/digest.c +++ b/lib/vauth/digest.c @@ -125,7 +125,6 @@ bool Curl_auth_digest_get_pair(const char *str, char *value, char *content, } else return FALSE; - break; } } diff --git a/lib/vauth/digest_sspi.c b/lib/vauth/digest_sspi.c index 02e36ea5e..4696f29ad 100644 --- a/lib/vauth/digest_sspi.c +++ b/lib/vauth/digest_sspi.c @@ -211,8 +211,10 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, if(status == SEC_E_INSUFFICIENT_MEMORY) return CURLE_OUT_OF_MEMORY; +#if !defined(CURL_DISABLE_VERBOSE_STRINGS) infof(data, "schannel: InitializeSecurityContext failed: %s", Curl_sspi_strerror(status, buffer, sizeof(buffer))); +#endif return CURLE_AUTH_ERROR; } @@ -603,8 +605,10 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data, if(status == SEC_E_INSUFFICIENT_MEMORY) return CURLE_OUT_OF_MEMORY; +#if !defined(CURL_DISABLE_VERBOSE_STRINGS) infof(data, "schannel: InitializeSecurityContext failed: %s", Curl_sspi_strerror(status, buffer, sizeof(buffer))); +#endif return CURLE_AUTH_ERROR; } diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c index 65eb3e1b5..16b6e4037 100644 --- a/lib/vauth/krb5_gssapi.c +++ b/lib/vauth/krb5_gssapi.c @@ -226,7 +226,8 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, /* Extract the security layer and the maximum message size */ indata = output_token.value; sec_layer = indata[0]; - max_size = (indata[1] << 16) | (indata[2] << 8) | indata[3]; + max_size = ((unsigned int)indata[1] << 16) | + ((unsigned int)indata[2] << 8) | indata[3]; /* Free the challenge as it is not required anymore */ gss_release_buffer(&unused_status, &output_token); diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c index c487149b9..17a517a97 100644 --- a/lib/vauth/krb5_sspi.c +++ b/lib/vauth/krb5_sspi.c @@ -319,7 +319,8 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data, /* Extract the security layer and the maximum message size */ indata = input_buf[1].pvBuffer; sec_layer = indata[0]; - max_size = (indata[1] << 16) | (indata[2] << 8) | indata[3]; + max_size = ((unsigned long)indata[1] << 16) | + ((unsigned long)indata[2] << 8) | indata[3]; /* Free the challenge as it is not required anymore */ s_pSecFn->FreeContextBuffer(input_buf[1].pvBuffer); diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c index ed7cee8de..018e6a67e 100644 --- a/lib/vauth/ntlm.c +++ b/lib/vauth/ntlm.c @@ -44,6 +44,7 @@ #include "warnless.h" #include "rand.h" #include "vtls/vtls.h" +#include "strdup.h" #define BUILDING_CURL_NTLM_MSGS_C #include "vauth/vauth.h" @@ -184,11 +185,10 @@ static CURLcode ntlm_decode_type2_target(struct Curl_easy *data, } free(ntlm->target_info); /* replace any previous data */ - ntlm->target_info = malloc(target_info_len); + ntlm->target_info = Curl_memdup(&type2[target_info_offset], + target_info_len); if(!ntlm->target_info) return CURLE_OUT_OF_MEMORY; - - memcpy(ntlm->target_info, &type2[target_info_offset], target_info_len); } } diff --git a/lib/vauth/ntlm_sspi.c b/lib/vauth/ntlm_sspi.c index 5118963f4..92054316d 100644 --- a/lib/vauth/ntlm_sspi.c +++ b/lib/vauth/ntlm_sspi.c @@ -34,6 +34,7 @@ #include "warnless.h" #include "curl_multibyte.h" #include "sendf.h" +#include "strdup.h" /* The last #include files should be: */ #include "curl_memory.h" @@ -213,11 +214,10 @@ CURLcode Curl_auth_decode_ntlm_type2_message(struct Curl_easy *data, } /* Store the challenge for later use */ - ntlm->input_token = malloc(Curl_bufref_len(type2) + 1); + ntlm->input_token = Curl_memdup0((const char *)Curl_bufref_ptr(type2), + Curl_bufref_len(type2)); if(!ntlm->input_token) return CURLE_OUT_OF_MEMORY; - memcpy(ntlm->input_token, Curl_bufref_ptr(type2), Curl_bufref_len(type2)); - ntlm->input_token[Curl_bufref_len(type2)] = '\0'; ntlm->input_token_len = Curl_bufref_len(type2); return CURLE_OK; @@ -314,7 +314,7 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, &type_3_desc, &attrs, &expiry); if(status != SEC_E_OK) { - infof(data, "NTLM handshake failure (type-3 message): Status=%x", + infof(data, "NTLM handshake failure (type-3 message): Status=%lx", status); if(status == SEC_E_INSUFFICIENT_MEMORY) diff --git a/lib/version.c b/lib/version.c index 47304259e..01c2a315e 100644 --- a/lib/version.c +++ b/lib/version.c @@ -39,7 +39,7 @@ #ifdef USE_ARES # if defined(CURL_STATICLIB) && !defined(CARES_STATICLIB) && \ - defined(WIN32) + defined(_WIN32) # define CARES_STATICLIB # endif # include @@ -211,8 +211,12 @@ char *curl_version(void) #endif #ifdef USE_LIBPSL - msnprintf(psl_version, sizeof(psl_version), "libpsl/%s", psl_get_version()); - src[i++] = psl_version; + { + int num = psl_check_version_number(0); + msnprintf(psl_version, sizeof(psl_version), "libpsl/%d.%d.%d", + num >> 16, (num >> 8) & 0xff, num & 0xff); + src[i++] = psl_version; + } #endif #ifdef USE_SSH @@ -409,7 +413,8 @@ static int idn_present(curl_version_info_data *info) #define idn_present NULL #endif -#if defined(USE_SSL) && !defined(CURL_DISABLE_PROXY) +#if defined(USE_SSL) && !defined(CURL_DISABLE_PROXY) && \ + !defined(CURL_DISABLE_HTTP) static int https_proxy_present(curl_version_info_data *info) { (void) info; @@ -454,13 +459,14 @@ static const struct feat features_table[] = { #ifndef CURL_DISABLE_HSTS FEATURE("HSTS", NULL, CURL_VERSION_HSTS), #endif -#if defined(USE_NGHTTP2) || defined(USE_HYPER) +#if defined(USE_NGHTTP2) FEATURE("HTTP2", NULL, CURL_VERSION_HTTP2), #endif #if defined(ENABLE_QUIC) FEATURE("HTTP3", NULL, CURL_VERSION_HTTP3), #endif -#if defined(USE_SSL) && !defined(CURL_DISABLE_PROXY) +#if defined(USE_SSL) && !defined(CURL_DISABLE_PROXY) && \ + !defined(CURL_DISABLE_HTTP) FEATURE("HTTPS-proxy", https_proxy_present, CURL_VERSION_HTTPS_PROXY), #endif #if defined(USE_LIBIDN2) || defined(USE_WIN32_IDN) @@ -510,7 +516,7 @@ static const struct feat features_table[] = { #ifdef CURLDEBUG FEATURE("TrackMemory", NULL, CURL_VERSION_CURLDEBUG), #endif -#if defined(WIN32) && defined(UNICODE) && defined(_UNICODE) +#if defined(_WIN32) && defined(UNICODE) && defined(_UNICODE) FEATURE("Unicode", NULL, CURL_VERSION_UNICODE), #endif #ifdef USE_UNIX_SOCKETS diff --git a/lib/version_win32.c b/lib/version_win32.c index 872d5b4f3..e0f239e15 100644 --- a/lib/version_win32.c +++ b/lib/version_win32.c @@ -24,7 +24,7 @@ #include "curl_setup.h" -#if defined(WIN32) +#if defined(_WIN32) #include #include "version_win32.h" @@ -316,4 +316,4 @@ bool curlx_verify_windows_version(const unsigned int majorVersion, return matched; } -#endif /* WIN32 */ +#endif /* _WIN32 */ diff --git a/lib/version_win32.h b/lib/version_win32.h index 3899174a3..95c066112 100644 --- a/lib/version_win32.h +++ b/lib/version_win32.h @@ -26,7 +26,7 @@ #include "curl_setup.h" -#if defined(WIN32) +#if defined(_WIN32) /* Version condition */ typedef enum { @@ -51,6 +51,6 @@ bool curlx_verify_windows_version(const unsigned int majorVersion, const PlatformIdentifier platform, const VersionCondition condition); -#endif /* WIN32 */ +#endif /* _WIN32 */ #endif /* HEADER_CURL_VERSION_WIN32_H */ diff --git a/lib/vquic/curl_msh3.c b/lib/vquic/curl_msh3.c index 6bd0d2331..7674bc1fc 100644 --- a/lib/vquic/curl_msh3.c +++ b/lib/vquic/curl_msh3.c @@ -38,6 +38,7 @@ #include "http1.h" #include "curl_msh3.h" #include "socketpair.h" +#include "vtls/vtls.h" #include "vquic/vquic.h" /* The last 3 #include files should be in this order */ @@ -45,6 +46,10 @@ #include "curl_memory.h" #include "memdebug.h" +#ifdef CURL_DISABLE_SOCKETPAIR +#error "MSH3 cannot be build with CURL_DISABLE_SOCKETPAIR set" +#endif + #define H3_STREAM_WINDOW_SIZE (128 * 1024) #define H3_STREAM_CHUNK_SIZE (16 * 1024) #define H3_STREAM_RECV_CHUNKS \ @@ -199,8 +204,8 @@ static void drain_stream_from_other_thread(struct Curl_easy *data, bits = CURL_CSELECT_IN; if(stream && !stream->upload_done) bits |= CURL_CSELECT_OUT; - if(data->state.dselect_bits != bits) { - data->state.dselect_bits = bits; + if(data->state.select_bits != bits) { + data->state.select_bits = bits; /* cannot expire from other thread */ } } @@ -215,8 +220,8 @@ static void drain_stream(struct Curl_cfilter *cf, bits = CURL_CSELECT_IN; if(stream && !stream->upload_done) bits |= CURL_CSELECT_OUT; - if(data->state.dselect_bits != bits) { - data->state.dselect_bits = bits; + if(data->state.select_bits != bits) { + data->state.select_bits = bits; Curl_expire(data, 0, EXPIRE_RUN_NOW); } } @@ -672,31 +677,25 @@ out: return nwritten; } -static int cf_msh3_get_select_socks(struct Curl_cfilter *cf, - struct Curl_easy *data, - curl_socket_t *socks) +static void cf_msh3_adjust_pollset(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct easy_pollset *ps) { struct cf_msh3_ctx *ctx = cf->ctx; struct stream_ctx *stream = H3_STREAM_CTX(data); - int bitmap = GETSOCK_BLANK; struct cf_call_data save; CF_DATA_SAVE(save, cf, data); if(stream && ctx->sock[SP_LOCAL] != CURL_SOCKET_BAD) { - socks[0] = ctx->sock[SP_LOCAL]; - if(stream->recv_error) { - bitmap |= GETSOCK_READSOCK(0); + Curl_pollset_add_in(data, ps, ctx->sock[SP_LOCAL]); drain_stream(cf, data); } else if(stream->req) { - bitmap |= GETSOCK_READSOCK(0); + Curl_pollset_add_out(data, ps, ctx->sock[SP_LOCAL]); drain_stream(cf, data); } } - CURL_TRC_CF(data, cf, "select_sock -> %d", bitmap); - CF_DATA_RESTORE(cf, save); - return bitmap; } static bool cf_msh3_data_pending(struct Curl_cfilter *cf, @@ -802,14 +801,20 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, struct Curl_easy *data) { struct cf_msh3_ctx *ctx = cf->ctx; - bool verify = !!cf->conn->ssl_config.verifypeer; + struct ssl_primary_config *conn_config; MSH3_ADDR addr = {0}; CURLcode result; + bool verify; + + conn_config = Curl_ssl_cf_get_primary_config(cf); + if(!conn_config) + return CURLE_FAILED_INIT; + verify = !!conn_config->verifypeer; memcpy(&addr, &ctx->addr.sa_addr, ctx->addr.addrlen); MSH3_SET_PORT(&addr, (uint16_t)cf->conn->remote_port); - if(verify && (cf->conn->ssl_config.CAfile || cf->conn->ssl_config.CApath)) { + if(verify && (conn_config->CAfile || conn_config->CApath)) { /* TODO: need a way to provide trust anchors to MSH3 */ #ifdef DEBUGBUILD /* we need this for our test cases to run */ @@ -1025,7 +1030,7 @@ struct Curl_cftype Curl_cft_http3 = { cf_msh3_connect, cf_msh3_close, Curl_cf_def_get_host, - cf_msh3_get_select_socks, + cf_msh3_adjust_pollset, cf_msh3_data_pending, cf_msh3_send, cf_msh3_recv, @@ -1047,7 +1052,7 @@ CURLcode Curl_cf_msh3_create(struct Curl_cfilter **pcf, (void)data; (void)conn; (void)ai; /* TODO: msh3 resolves itself? */ - ctx = calloc(sizeof(*ctx), 1); + ctx = calloc(1, sizeof(*ctx)); if(!ctx) { result = CURLE_OUT_OF_MEMORY; goto out; diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c index 7d681e585..a26b3e429 100644 --- a/lib/vquic/curl_ngtcp2.c +++ b/lib/vquic/curl_ngtcp2.c @@ -41,7 +41,6 @@ #include "vtls/gtls.h" #elif defined(USE_WOLFSSL) #include -#include "vtls/wolfssl.h" #endif #include "urldata.h" @@ -61,6 +60,7 @@ #include "inet_pton.h" #include "vquic.h" #include "vquic_int.h" +#include "vquic-tls.h" #include "vtls/keylog.h" #include "vtls/vtls.h" #include "curl_ngtcp2.h" @@ -73,12 +73,8 @@ #include "memdebug.h" -#define H3_ALPN_H3_29 "\x5h3-29" -#define H3_ALPN_H3 "\x2h3" - #define QUIC_MAX_STREAMS (256*1024) #define QUIC_MAX_DATA (1*1024*1024) -#define QUIC_IDLE_TIMEOUT (60*NGTCP2_SECONDS) #define QUIC_HANDSHAKE_TIMEOUT (10*NGTCP2_SECONDS) /* A stream window is the maximum amount we need to buffer for @@ -102,25 +98,6 @@ (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE) -#ifdef USE_OPENSSL -#define QUIC_CIPHERS \ - "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_" \ - "POLY1305_SHA256:TLS_AES_128_CCM_SHA256" -#define QUIC_GROUPS "P-256:X25519:P-384:P-521" -#elif defined(USE_GNUTLS) -#define QUIC_PRIORITY \ - "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+AES-256-GCM:" \ - "+CHACHA20-POLY1305:+AES-128-CCM:-GROUP-ALL:+GROUP-SECP256R1:" \ - "+GROUP-X25519:+GROUP-SECP384R1:+GROUP-SECP521R1:" \ - "%DISABLE_TLS13_COMPAT_MODE" -#elif defined(USE_WOLFSSL) -#define QUIC_CIPHERS \ - "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_" \ - "POLY1305_SHA256:TLS_AES_128_CCM_SHA256" -#define QUIC_GROUPS "P-256:P-384:P-521" -#endif - - /* * Store ngtcp2 version info in this buffer. */ @@ -134,6 +111,8 @@ void Curl_ngtcp2_ver(char *p, size_t len) struct cf_ngtcp2_ctx { struct cf_quic_ctx q; + struct ssl_peer peer; + struct quic_tls_ctx tls; ngtcp2_path connected_path; ngtcp2_conn *qconn; ngtcp2_cid dcid; @@ -143,29 +122,16 @@ struct cf_ngtcp2_ctx { ngtcp2_transport_params transport_params; ngtcp2_ccerr last_error; ngtcp2_crypto_conn_ref conn_ref; -#ifdef USE_OPENSSL - SSL_CTX *sslctx; - SSL *ssl; -#elif defined(USE_GNUTLS) - struct gtls_instance *gtls; -#elif defined(USE_WOLFSSL) - WOLFSSL_CTX *sslctx; - WOLFSSL *ssl; -#endif struct cf_call_data call_data; nghttp3_conn *h3conn; nghttp3_settings h3settings; struct curltime started_at; /* time the current attempt started */ struct curltime handshake_at; /* time connect handshake finished */ - struct curltime first_byte_at; /* when first byte was recvd */ struct curltime reconnect_at; /* time the next attempt should start */ struct bufc_pool stream_bufcp; /* chunk pool for streams */ size_t max_stream_window; /* max flow window for one stream */ + uint64_t max_idle_ms; /* max idle time for QUIC connection */ int qlogfd; - BIT(got_first_byte); /* if first byte was received */ -#ifdef USE_OPENSSL - BIT(x509_store_setup); /* if x509 store has been set up */ -#endif }; /* How to access `call_data` from a cf_ngtcp2 filter */ @@ -191,6 +157,7 @@ struct h3_stream_ctx { bool closed; /* TRUE on stream close */ bool reset; /* TRUE on stream reset */ bool send_closed; /* stream is local closed */ + BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */ }; #define H3_STREAM_CTX(d) ((struct h3_stream_ctx *)(((d) && (d)->req.p.http)? \ @@ -236,11 +203,21 @@ static CURLcode h3_data_setup(struct Curl_cfilter *cf, static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) { + struct cf_ngtcp2_ctx *ctx = cf->ctx; struct h3_stream_ctx *stream = H3_STREAM_CTX(data); (void)cf; if(stream) { CURL_TRC_CF(data, cf, "[%"PRId64"] easy handle is done", stream->id); + if(ctx->h3conn && !stream->closed) { + nghttp3_conn_shutdown_stream_read(ctx->h3conn, stream->id); + nghttp3_conn_close_stream(ctx->h3conn, stream->id, + NGHTTP3_H3_REQUEST_CANCELLED); + nghttp3_conn_set_stream_user_data(ctx->h3conn, stream->id, NULL); + ngtcp2_conn_set_stream_user_data(ctx->qconn, stream->id, NULL); + stream->closed = TRUE; + } + Curl_bufq_free(&stream->sendbuf); Curl_bufq_free(&stream->recvbuf); Curl_h1_req_parse_free(&stream->h1); @@ -249,6 +226,43 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) } } +static struct Curl_easy *get_stream_easy(struct Curl_cfilter *cf, + struct Curl_easy *data, + int64_t stream_id) +{ + struct Curl_easy *sdata; + + (void)cf; + if(H3_STREAM_ID(data) == stream_id) { + return data; + } + else { + DEBUGASSERT(data->multi); + for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + if((sdata->conn == data->conn) && H3_STREAM_ID(sdata) == stream_id) { + return sdata; + } + } + } + return NULL; +} + +static void h3_drain_stream(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + unsigned char bits; + + (void)cf; + bits = CURL_CSELECT_IN; + if(stream && stream->upload_left && !stream->send_closed) + bits |= CURL_CSELECT_OUT; + if(data->state.select_bits != bits) { + data->state.select_bits = bits; + Curl_expire(data, 0, EXPIRE_RUN_NOW); + } +} + /* ngtcp2 default congestion controller does not perform pacing. Limit the maximum packet burst to MAX_PKT_BURST packets. */ #define MAX_PKT_BURST 10 @@ -261,10 +275,14 @@ struct pkt_io_ctx { ngtcp2_path_storage ps; }; -static ngtcp2_tstamp timestamp(void) +static void pktx_update_time(struct pkt_io_ctx *pktx, + struct Curl_cfilter *cf) { - struct curltime ct = Curl_now(); - return ct.tv_sec * NGTCP2_SECONDS + ct.tv_usec * NGTCP2_MICROSECONDS; + struct cf_ngtcp2_ctx *ctx = cf->ctx; + + vquic_ctx_update_time(&ctx->q); + pktx->ts = ctx->q.last_op.tv_sec * NGTCP2_SECONDS + + ctx->q.last_op.tv_usec * NGTCP2_MICROSECONDS; } static void pktx_init(struct pkt_io_ctx *pktx, @@ -273,9 +291,9 @@ static void pktx_init(struct pkt_io_ctx *pktx, { pktx->cf = cf; pktx->data = data; - pktx->ts = timestamp(); pktx->pkt_count = 0; ngtcp2_path_storage_zero(&pktx->ps); + pktx_update_time(pktx, cf); } static CURLcode cf_progress_ingress(struct Curl_cfilter *cf, @@ -354,383 +372,14 @@ static void quic_settings(struct cf_ngtcp2_ctx *ctx, t->initial_max_stream_data_uni = ctx->max_stream_window; t->initial_max_streams_bidi = QUIC_MAX_STREAMS; t->initial_max_streams_uni = QUIC_MAX_STREAMS; - t->max_idle_timeout = QUIC_IDLE_TIMEOUT; + t->max_idle_timeout = (ctx->max_idle_ms * NGTCP2_MILLISECONDS); if(ctx->qlogfd != -1) { s->qlog_write = qlog_callback; } } -#ifdef USE_OPENSSL -static void keylog_callback(const SSL *ssl, const char *line) -{ - (void)ssl; - Curl_tls_keylog_write_line(line); -} -#elif defined(USE_GNUTLS) -static int keylog_callback(gnutls_session_t session, const char *label, - const gnutls_datum_t *secret) -{ - gnutls_datum_t crandom; - gnutls_datum_t srandom; - - gnutls_session_get_random(session, &crandom, &srandom); - if(crandom.size != 32) { - return -1; - } - - Curl_tls_keylog_write(label, crandom.data, secret->data, secret->size); - return 0; -} -#elif defined(USE_WOLFSSL) -#if defined(HAVE_SECRET_CALLBACK) -static void keylog_callback(const WOLFSSL *ssl, const char *line) -{ - (void)ssl; - Curl_tls_keylog_write_line(line); -} -#endif -#endif - static int init_ngh3_conn(struct Curl_cfilter *cf); -#ifdef USE_OPENSSL -static CURLcode quic_ssl_ctx(SSL_CTX **pssl_ctx, - struct Curl_cfilter *cf, struct Curl_easy *data) -{ - struct cf_ngtcp2_ctx *ctx = cf->ctx; - struct connectdata *conn = cf->conn; - CURLcode result = CURLE_FAILED_INIT; - SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method()); - - if(!ssl_ctx) { - result = CURLE_OUT_OF_MEMORY; - goto out; - } - -#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) - if(ngtcp2_crypto_boringssl_configure_client_context(ssl_ctx) != 0) { - failf(data, "ngtcp2_crypto_boringssl_configure_client_context failed"); - goto out; - } -#else - if(ngtcp2_crypto_quictls_configure_client_context(ssl_ctx) != 0) { - failf(data, "ngtcp2_crypto_quictls_configure_client_context failed"); - goto out; - } -#endif - - SSL_CTX_set_default_verify_paths(ssl_ctx); - - { - const char *curves = conn->ssl_config.curves ? - conn->ssl_config.curves : QUIC_GROUPS; - if(!SSL_CTX_set1_curves_list(ssl_ctx, curves)) { - failf(data, "failed setting curves list for QUIC: '%s'", curves); - return CURLE_SSL_CIPHER; - } - } - -#ifndef OPENSSL_IS_BORINGSSL - { - const char *ciphers13 = conn->ssl_config.cipher_list13 ? - conn->ssl_config.cipher_list13 : QUIC_CIPHERS; - if(SSL_CTX_set_ciphersuites(ssl_ctx, ciphers13) != 1) { - failf(data, "failed setting QUIC cipher suite: %s", ciphers13); - return CURLE_SSL_CIPHER; - } - infof(data, "QUIC cipher selection: %s", ciphers13); - } -#endif - - /* Open the file if a TLS or QUIC backend has not done this before. */ - Curl_tls_keylog_open(); - if(Curl_tls_keylog_enabled()) { - SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback); - } - - /* OpenSSL always tries to verify the peer, this only says whether it should - * fail to connect if the verification fails, or if it should continue - * anyway. In the latter case the result of the verification is checked with - * SSL_get_verify_result() below. */ - SSL_CTX_set_verify(ssl_ctx, conn->ssl_config.verifypeer ? - SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL); - - /* give application a chance to interfere with SSL set up. */ - if(data->set.ssl.fsslctx) { - /* When a user callback is installed to modify the SSL_CTX, - * we need to do the full initialization before calling it. - * See: #11800 */ - if(!ctx->x509_store_setup) { - result = Curl_ssl_setup_x509_store(cf, data, ssl_ctx); - if(result) - goto out; - ctx->x509_store_setup = TRUE; - } - Curl_set_in_callback(data, true); - result = (*data->set.ssl.fsslctx)(data, ssl_ctx, - data->set.ssl.fsslctxp); - Curl_set_in_callback(data, false); - if(result) { - failf(data, "error signaled by ssl ctx callback"); - goto out; - } - } - result = CURLE_OK; - -out: - *pssl_ctx = result? NULL : ssl_ctx; - if(result && ssl_ctx) - SSL_CTX_free(ssl_ctx); - return result; -} - -static CURLcode quic_set_client_cert(struct Curl_cfilter *cf, - struct Curl_easy *data) -{ - struct cf_ngtcp2_ctx *ctx = cf->ctx; - SSL_CTX *ssl_ctx = ctx->sslctx; - const struct ssl_config_data *ssl_config; - - ssl_config = Curl_ssl_get_config(data, FIRSTSOCKET); - DEBUGASSERT(ssl_config); - - if(ssl_config->primary.clientcert || ssl_config->primary.cert_blob - || ssl_config->cert_type) { - return Curl_ossl_set_client_cert( - data, ssl_ctx, ssl_config->primary.clientcert, - ssl_config->primary.cert_blob, ssl_config->cert_type, - ssl_config->key, ssl_config->key_blob, - ssl_config->key_type, ssl_config->key_passwd); - } - - return CURLE_OK; -} - -/** SSL callbacks ***/ - -static CURLcode quic_init_ssl(struct Curl_cfilter *cf, - struct Curl_easy *data) -{ - struct cf_ngtcp2_ctx *ctx = cf->ctx; - const uint8_t *alpn = NULL; - size_t alpnlen = 0; - unsigned char checkip[16]; - - DEBUGASSERT(!ctx->ssl); - ctx->ssl = SSL_new(ctx->sslctx); - - SSL_set_app_data(ctx->ssl, &ctx->conn_ref); - SSL_set_connect_state(ctx->ssl); - SSL_set_quic_use_legacy_codepoint(ctx->ssl, 0); - - alpn = (const uint8_t *)H3_ALPN_H3_29 H3_ALPN_H3; - alpnlen = sizeof(H3_ALPN_H3_29) - 1 + sizeof(H3_ALPN_H3) - 1; - if(alpn) - SSL_set_alpn_protos(ctx->ssl, alpn, (int)alpnlen); - - /* set SNI */ - if((0 == Curl_inet_pton(AF_INET, cf->conn->host.name, checkip)) -#ifdef ENABLE_IPV6 - && (0 == Curl_inet_pton(AF_INET6, cf->conn->host.name, checkip)) -#endif - ) { - char *snihost = Curl_ssl_snihost(data, cf->conn->host.name, NULL); - if(!snihost || !SSL_set_tlsext_host_name(ctx->ssl, snihost)) { - failf(data, "Failed set SNI"); - SSL_free(ctx->ssl); - ctx->ssl = NULL; - return CURLE_QUIC_CONNECT_ERROR; - } - } - return CURLE_OK; -} -#elif defined(USE_GNUTLS) -static CURLcode quic_init_ssl(struct Curl_cfilter *cf, - struct Curl_easy *data) -{ - struct cf_ngtcp2_ctx *ctx = cf->ctx; - CURLcode result; - gnutls_datum_t alpn[2]; - /* this will need some attention when HTTPS proxy over QUIC get fixed */ - const char * const hostname = cf->conn->host.name; - long * const pverifyresult = &data->set.ssl.certverifyresult; - int rc; - - DEBUGASSERT(ctx->gtls == NULL); - ctx->gtls = calloc(1, sizeof(*(ctx->gtls))); - if(!ctx->gtls) - return CURLE_OUT_OF_MEMORY; - - result = gtls_client_init(data, &cf->conn->ssl_config, &data->set.ssl, - hostname, ctx->gtls, pverifyresult); - if(result) - return result; - - gnutls_session_set_ptr(ctx->gtls->session, &ctx->conn_ref); - - if(ngtcp2_crypto_gnutls_configure_client_session(ctx->gtls->session) != 0) { - CURL_TRC_CF(data, cf, - "ngtcp2_crypto_gnutls_configure_client_session failed\n"); - return CURLE_QUIC_CONNECT_ERROR; - } - - rc = gnutls_priority_set_direct(ctx->gtls->session, QUIC_PRIORITY, NULL); - if(rc < 0) { - CURL_TRC_CF(data, cf, "gnutls_priority_set_direct failed: %s\n", - gnutls_strerror(rc)); - return CURLE_QUIC_CONNECT_ERROR; - } - - /* Open the file if a TLS or QUIC backend has not done this before. */ - Curl_tls_keylog_open(); - if(Curl_tls_keylog_enabled()) { - gnutls_session_set_keylog_function(ctx->gtls->session, keylog_callback); - } - - /* strip the first byte (the length) from NGHTTP3_ALPN_H3 */ - alpn[0].data = (unsigned char *)H3_ALPN_H3_29 + 1; - alpn[0].size = sizeof(H3_ALPN_H3_29) - 2; - alpn[1].data = (unsigned char *)H3_ALPN_H3 + 1; - alpn[1].size = sizeof(H3_ALPN_H3) - 2; - - gnutls_alpn_set_protocols(ctx->gtls->session, - alpn, 2, GNUTLS_ALPN_MANDATORY); - return CURLE_OK; -} -#elif defined(USE_WOLFSSL) - -static CURLcode quic_ssl_ctx(WOLFSSL_CTX **pssl_ctx, - struct Curl_cfilter *cf, struct Curl_easy *data) -{ - struct connectdata *conn = cf->conn; - CURLcode result = CURLE_FAILED_INIT; - WOLFSSL_CTX *ssl_ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); - - if(!ssl_ctx) { - result = CURLE_OUT_OF_MEMORY; - goto out; - } - - if(ngtcp2_crypto_wolfssl_configure_client_context(ssl_ctx) != 0) { - failf(data, "ngtcp2_crypto_wolfssl_configure_client_context failed"); - goto out; - } - - wolfSSL_CTX_set_default_verify_paths(ssl_ctx); - - if(wolfSSL_CTX_set_cipher_list(ssl_ctx, conn->ssl_config.cipher_list13 ? - conn->ssl_config.cipher_list13 : - QUIC_CIPHERS) != 1) { - char error_buffer[256]; - ERR_error_string_n(ERR_get_error(), error_buffer, sizeof(error_buffer)); - failf(data, "wolfSSL failed to set ciphers: %s", error_buffer); - goto out; - } - - if(wolfSSL_CTX_set1_groups_list(ssl_ctx, conn->ssl_config.curves ? - conn->ssl_config.curves : - (char *)QUIC_GROUPS) != 1) { - failf(data, "wolfSSL failed to set curves"); - goto out; - } - - /* Open the file if a TLS or QUIC backend has not done this before. */ - Curl_tls_keylog_open(); - if(Curl_tls_keylog_enabled()) { -#if defined(HAVE_SECRET_CALLBACK) - wolfSSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback); -#else - failf(data, "wolfSSL was built without keylog callback"); - goto out; -#endif - } - - if(conn->ssl_config.verifypeer) { - const char * const ssl_cafile = conn->ssl_config.CAfile; - const char * const ssl_capath = conn->ssl_config.CApath; - - wolfSSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); - if(ssl_cafile || ssl_capath) { - /* tell wolfSSL where to find CA certificates that are used to verify - the server's certificate. */ - int rc = - wolfSSL_CTX_load_verify_locations_ex(ssl_ctx, ssl_cafile, ssl_capath, - WOLFSSL_LOAD_FLAG_IGNORE_ERR); - if(SSL_SUCCESS != rc) { - /* Fail if we insist on successfully verifying the server. */ - failf(data, "error setting certificate verify locations:" - " CAfile: %s CApath: %s", - ssl_cafile ? ssl_cafile : "none", - ssl_capath ? ssl_capath : "none"); - goto out; - } - infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); - infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); - } -#ifdef CURL_CA_FALLBACK - else { - /* verifying the peer without any CA certificates won't work so - use wolfssl's built-in default as fallback */ - wolfSSL_CTX_set_default_verify_paths(ssl_ctx); - } -#endif - } - else { - wolfSSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL); - } - - /* give application a chance to interfere with SSL set up. */ - if(data->set.ssl.fsslctx) { - Curl_set_in_callback(data, true); - result = (*data->set.ssl.fsslctx)(data, ssl_ctx, - data->set.ssl.fsslctxp); - Curl_set_in_callback(data, false); - if(result) { - failf(data, "error signaled by ssl ctx callback"); - goto out; - } - } - result = CURLE_OK; - -out: - *pssl_ctx = result? NULL : ssl_ctx; - if(result && ssl_ctx) - SSL_CTX_free(ssl_ctx); - return result; -} - -/** SSL callbacks ***/ - -static CURLcode quic_init_ssl(struct Curl_cfilter *cf, - struct Curl_easy *data) -{ - struct cf_ngtcp2_ctx *ctx = cf->ctx; - const uint8_t *alpn = NULL; - size_t alpnlen = 0; - /* this will need some attention when HTTPS proxy over QUIC get fixed */ - const char * const hostname = cf->conn->host.name; - - (void)data; - DEBUGASSERT(!ctx->ssl); - ctx->ssl = wolfSSL_new(ctx->sslctx); - - wolfSSL_set_app_data(ctx->ssl, &ctx->conn_ref); - wolfSSL_set_connect_state(ctx->ssl); - wolfSSL_set_quic_use_legacy_codepoint(ctx->ssl, 0); - - alpn = (const uint8_t *)H3_ALPN_H3_29 H3_ALPN_H3; - alpnlen = sizeof(H3_ALPN_H3_29) - 1 + sizeof(H3_ALPN_H3) - 1; - if(alpn) - wolfSSL_set_alpn_protos(ctx->ssl, alpn, (int)alpnlen); - - /* set SNI */ - wolfSSL_UseSNI(ctx->ssl, WOLFSSL_SNI_HOST_NAME, - hostname, (unsigned short)strlen(hostname)); - - return CURLE_OK; -} -#endif /* defined(USE_WOLFSSL) */ - static int cb_handshake_completed(ngtcp2_conn *tconn, void *user_data) { (void)user_data; @@ -786,6 +435,12 @@ static int cb_recv_stream_data(ngtcp2_conn *tconn, uint32_t flags, CURL_TRC_CF(data, cf, "[%" PRId64 "] read_stream(len=%zu) -> %zd", stream_id, buflen, nconsumed); if(nconsumed < 0) { + if(!data) { + struct Curl_easy *cdata = CF_DATA_CURRENT(cf); + CURL_TRC_CF(cdata, cf, "[%" PRId64 "] nghttp3 error on stream not " + "used by us, ignored", stream_id); + return 0; + } ngtcp2_ccerr_set_application_error( &ctx->last_error, nghttp3_err_infer_quic_app_error_code((int)nconsumed), NULL, 0); @@ -816,7 +471,7 @@ cb_acked_stream_data_offset(ngtcp2_conn *tconn, int64_t stream_id, (void)stream_user_data; rv = nghttp3_conn_add_ack_offset(ctx->h3conn, stream_id, datalen); - if(rv) { + if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { return NGTCP2_ERR_CALLBACK_FAILURE; } @@ -844,7 +499,7 @@ static int cb_stream_close(ngtcp2_conn *tconn, uint32_t flags, app_error_code); CURL_TRC_CF(data, cf, "[%" PRId64 "] quic close(err=%" PRIu64 ") -> %d", stream3_id, app_error_code, rv); - if(rv) { + if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { ngtcp2_ccerr_set_application_error( &ctx->last_error, nghttp3_err_infer_quic_app_error_code(rv), NULL, 0); return NGTCP2_ERR_CALLBACK_FAILURE; @@ -868,7 +523,7 @@ static int cb_stream_reset(ngtcp2_conn *tconn, int64_t stream_id, rv = nghttp3_conn_shutdown_stream_read(ctx->h3conn, stream_id); CURL_TRC_CF(data, cf, "[%" PRId64 "] reset -> %d", stream_id, rv); - if(rv) { + if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { return NGTCP2_ERR_CALLBACK_FAILURE; } @@ -887,7 +542,7 @@ static int cb_stream_stop_sending(ngtcp2_conn *tconn, int64_t stream_id, (void)stream_user_data; rv = nghttp3_conn_shutdown_stream_read(ctx->h3conn, stream_id); - if(rv) { + if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { return NGTCP2_ERR_CALLBACK_FAILURE; } @@ -911,16 +566,25 @@ static int cb_extend_max_stream_data(ngtcp2_conn *tconn, int64_t stream_id, { struct Curl_cfilter *cf = user_data; struct cf_ngtcp2_ctx *ctx = cf->ctx; + struct Curl_easy *data = CF_DATA_CURRENT(cf); + struct Curl_easy *s_data; + struct h3_stream_ctx *stream; int rv; (void)tconn; (void)max_data; (void)stream_user_data; rv = nghttp3_conn_unblock_stream(ctx->h3conn, stream_id); - if(rv) { + if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { return NGTCP2_ERR_CALLBACK_FAILURE; } - + s_data = get_stream_easy(cf, data, stream_id); + stream = H3_STREAM_CTX(s_data); + if(stream && stream->quic_flow_blocked) { + CURL_TRC_CF(data, cf, "[%" PRId64 "] unblock quic flow", stream_id); + stream->quic_flow_blocked = FALSE; + h3_drain_stream(cf, data); + } return 0; } @@ -1038,7 +702,7 @@ static CURLcode check_and_set_expiry(struct Curl_cfilter *cf, pktx = &local_pktx; } else { - pktx->ts = timestamp(); + pktx_update_time(pktx, cf); } expiry = ngtcp2_conn_get_expiry(ctx->qconn); @@ -1073,46 +737,33 @@ static CURLcode check_and_set_expiry(struct Curl_cfilter *cf, return CURLE_OK; } -static int cf_ngtcp2_get_select_socks(struct Curl_cfilter *cf, +static void cf_ngtcp2_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, - curl_socket_t *socks) + struct easy_pollset *ps) { struct cf_ngtcp2_ctx *ctx = cf->ctx; - struct SingleRequest *k = &data->req; - int rv = GETSOCK_BLANK; - struct h3_stream_ctx *stream = H3_STREAM_CTX(data); - struct cf_call_data save; - - CF_DATA_SAVE(save, cf, data); - socks[0] = ctx->q.sockfd; - - /* in HTTP/3 we can always get a frame, so check read */ - rv |= GETSOCK_READSOCK(0); + bool want_recv, want_send; - /* we're still uploading or the HTTP/2 layer wants to send data */ - if((k->keepon & KEEP_SENDBITS) == KEEP_SEND && - ngtcp2_conn_get_cwnd_left(ctx->qconn) && - ngtcp2_conn_get_max_data_left(ctx->qconn) && - stream && nghttp3_conn_is_stream_writable(ctx->h3conn, stream->id)) - rv |= GETSOCK_WRITESOCK(0); - - CF_DATA_RESTORE(cf, save); - return rv; -} + if(!ctx->qconn) + return; -static void h3_drain_stream(struct Curl_cfilter *cf, - struct Curl_easy *data) -{ - struct h3_stream_ctx *stream = H3_STREAM_CTX(data); - unsigned char bits; + Curl_pollset_check(data, ps, ctx->q.sockfd, &want_recv, &want_send); + if(want_recv || want_send) { + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + struct cf_call_data save; + bool c_exhaust, s_exhaust; - (void)cf; - bits = CURL_CSELECT_IN; - if(stream && stream->upload_left && !stream->send_closed) - bits |= CURL_CSELECT_OUT; - if(data->state.dselect_bits != bits) { - data->state.dselect_bits = bits; - Curl_expire(data, 0, EXPIRE_RUN_NOW); + CF_DATA_SAVE(save, cf, data); + c_exhaust = want_send && (!ngtcp2_conn_get_cwnd_left(ctx->qconn) || + !ngtcp2_conn_get_max_data_left(ctx->qconn)); + s_exhaust = want_send && stream && stream->id >= 0 && + stream->quic_flow_blocked; + want_recv = (want_recv || c_exhaust || s_exhaust); + want_send = (!s_exhaust && want_send) || + !Curl_bufq_is_empty(&ctx->q.sendbuf); + + Curl_pollset_set(data, ps, ctx->q.sockfd, want_recv, want_send); + CF_DATA_RESTORE(cf, save); } } @@ -1141,7 +792,6 @@ static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id, else { CURL_TRC_CF(data, cf, "[%" PRId64 "] CLOSED", stream->id); } - data->req.keepon &= ~KEEP_SEND_HOLD; h3_drain_stream(cf, data); return 0; } @@ -1570,15 +1220,9 @@ static int cb_h3_acked_req_body(nghttp3_conn *conn, int64_t stream_id, /* Everything ACKed, we resume upload processing */ if(!stream->sendbuf_len_in_flight) { int rv = nghttp3_conn_resume_stream(conn, stream_id); - if(rv) { + if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { return NGTCP2_ERR_CALLBACK_FAILURE; } - if((data->req.keepon & KEEP_SEND_HOLD) && - (data->req.keepon & KEEP_SEND)) { - data->req.keepon &= ~KEEP_SEND_HOLD; - h3_drain_stream(cf, data); - CURL_TRC_CF(data, cf, "[%" PRId64 "] unpausing acks", stream_id); - } } return 0; } @@ -1676,6 +1320,10 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, goto out; stream = H3_STREAM_CTX(data); DEBUGASSERT(stream); + if(!stream) { + *err = CURLE_FAILED_INIT; + goto out; + } nwritten = Curl_h1_req_parse_read(&stream->h1, buf, len, NULL, 0, err); if(nwritten < 0) @@ -1711,7 +1359,7 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, nva[i].flags = NGHTTP3_NV_FLAG_NONE; } - rc = ngtcp2_conn_open_bidi_stream(ctx->qconn, &stream->id, NULL); + rc = ngtcp2_conn_open_bidi_stream(ctx->qconn, &stream->id, data); if(rc) { failf(data, "can get bidi streams"); *err = CURLE_SEND_ERROR; @@ -1835,6 +1483,8 @@ static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data, sent = (ssize_t)len; goto out; } + CURL_TRC_CF(data, cf, "[%" PRId64 "] send_body(len=%zu) " + "-> stream closed", stream->id, len); *err = CURLE_HTTP3; sent = -1; goto out; @@ -1860,15 +1510,13 @@ static ssize_t cf_ngtcp2_send(struct Curl_cfilter *cf, struct Curl_easy *data, if(stream && sent > 0 && stream->sendbuf_len_in_flight) { /* We have unacknowledged DATA and cannot report success to our * caller. Instead we EAGAIN and remember how much we have already - * "written" into our various internal connection buffers. - * We put the stream upload on HOLD, until this gets ACKed. */ + * "written" into our various internal connection buffers. */ stream->upload_blocked_len = sent; CURL_TRC_CF(data, cf, "[%" PRId64 "] cf_send(len=%zu), " "%zu bytes in flight -> EGAIN", stream->id, len, stream->sendbuf_len_in_flight); *err = CURLE_AGAIN; sent = -1; - data->req.keepon |= KEEP_SEND_HOLD; } out: @@ -1887,52 +1535,12 @@ static CURLcode qng_verify_peer(struct Curl_cfilter *cf, struct Curl_easy *data) { struct cf_ngtcp2_ctx *ctx = cf->ctx; - CURLcode result = CURLE_OK; - const char *hostname, *disp_hostname; - int port; - char *snihost; - - Curl_conn_get_host(data, cf->sockindex, &hostname, &disp_hostname, &port); - snihost = Curl_ssl_snihost(data, hostname, NULL); - if(!snihost) - return CURLE_PEER_FAILED_VERIFICATION; cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ cf->conn->httpversion = 30; cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX; - if(cf->conn->ssl_config.verifyhost) { -#ifdef USE_OPENSSL - X509 *server_cert; - server_cert = SSL_get_peer_certificate(ctx->ssl); - if(!server_cert) { - return CURLE_PEER_FAILED_VERIFICATION; - } - result = Curl_ossl_verifyhost(data, cf->conn, server_cert); - X509_free(server_cert); - if(result) - return result; -#elif defined(USE_GNUTLS) - result = Curl_gtls_verifyserver(data, ctx->gtls->session, - &cf->conn->ssl_config, &data->set.ssl, - hostname, disp_hostname, - data->set.str[STRING_SSL_PINNEDPUBLICKEY]); - if(result) - return result; -#elif defined(USE_WOLFSSL) - if(wolfSSL_check_domain_name(ctx->ssl, snihost) == SSL_FAILURE) - return CURLE_PEER_FAILED_VERIFICATION; -#endif - infof(data, "Verified certificate just fine"); - } - else - infof(data, "Skipped certificate verification"); -#ifdef USE_OPENSSL - if(data->set.ssl.certinfo) - /* asked to gather certificate info */ - (void)Curl_ossl_certchain(data, ctx->ssl); -#endif - return result; + return Curl_vquic_tls_verify_peer(&ctx->tls, cf, data, &ctx->peer); } static CURLcode recv_pkt(const unsigned char *pkt, size_t pktlen, @@ -1955,8 +1563,8 @@ static CURLcode recv_pkt(const unsigned char *pkt, size_t pktlen, rv = ngtcp2_conn_read_pkt(ctx->qconn, &path, &pi, pkt, pktlen, pktx->ts); if(rv) { - CURL_TRC_CF(pktx->data, pktx->cf, "ingress, read_pkt -> %s", - ngtcp2_strerror(rv)); + CURL_TRC_CF(pktx->data, pktx->cf, "ingress, read_pkt -> %s (%d)", + ngtcp2_strerror(rv), rv); if(!ctx->last_error.error_code) { if(rv == NGTCP2_ERR_CRYPTO) { ngtcp2_ccerr_set_tls_alert(&ctx->last_error, @@ -1993,17 +1601,12 @@ static CURLcode cf_progress_ingress(struct Curl_cfilter *cf, pktx = &local_pktx; } else { - pktx->ts = timestamp(); + pktx_update_time(pktx, cf); } -#ifdef USE_OPENSSL - if(!ctx->x509_store_setup) { - result = Curl_ssl_setup_x509_store(cf, data, ctx->sslctx); - if(result) - return result; - ctx->x509_store_setup = TRUE; - } -#endif + result = Curl_vquic_tls_before_recv(&ctx->tls, cf, data); + if(result) + return result; for(i = 0; i < pkts_max; i += pkts_chunk) { pktx->pkt_count = 0; @@ -2081,11 +1684,18 @@ static ssize_t read_pkt_to_send(void *userp, } else if(n < 0) { switch(n) { - case NGTCP2_ERR_STREAM_DATA_BLOCKED: + case NGTCP2_ERR_STREAM_DATA_BLOCKED: { + struct h3_stream_ctx *stream = H3_STREAM_CTX(x->data); DEBUGASSERT(ndatalen == -1); nghttp3_conn_block_stream(ctx->h3conn, stream_id); + CURL_TRC_CF(x->data, x->cf, "[%" PRId64 "] block quic flow", + stream_id); + DEBUGASSERT(stream); + if(stream) + stream->quic_flow_blocked = TRUE; n = 0; break; + } case NGTCP2_ERR_STREAM_SHUT_WR: DEBUGASSERT(ndatalen == -1); nghttp3_conn_shutdown_stream_write(ctx->h3conn, stream_id); @@ -2145,7 +1755,7 @@ static CURLcode cf_progress_egress(struct Curl_cfilter *cf, pktx = &local_pktx; } else { - pktx->ts = timestamp(); + pktx_update_time(pktx, cf); ngtcp2_path_storage_zero(&pktx->ps); } @@ -2282,10 +1892,12 @@ static CURLcode cf_ngtcp2_data_event(struct Curl_cfilter *cf, case CF_CTRL_DATA_PAUSE: result = h3_data_pause(cf, data, (arg1 != 0)); break; - case CF_CTRL_DATA_DONE: { + case CF_CTRL_DATA_DETACH: + h3_data_done(cf, data); + break; + case CF_CTRL_DATA_DONE: h3_data_done(cf, data); break; - } case CF_CTRL_DATA_DONE_SEND: { struct h3_stream_ctx *stream = H3_STREAM_CTX(data); if(stream && !stream->send_closed) { @@ -2319,31 +1931,14 @@ static void cf_ngtcp2_ctx_clear(struct cf_ngtcp2_ctx *ctx) if(ctx->qlogfd != -1) { close(ctx->qlogfd); } -#ifdef USE_OPENSSL - if(ctx->ssl) - SSL_free(ctx->ssl); - if(ctx->sslctx) - SSL_CTX_free(ctx->sslctx); -#elif defined(USE_GNUTLS) - if(ctx->gtls) { - if(ctx->gtls->cred) - gnutls_certificate_free_credentials(ctx->gtls->cred); - if(ctx->gtls->session) - gnutls_deinit(ctx->gtls->session); - free(ctx->gtls); - } -#elif defined(USE_WOLFSSL) - if(ctx->ssl) - wolfSSL_free(ctx->ssl); - if(ctx->sslctx) - wolfSSL_CTX_free(ctx->sslctx); -#endif + Curl_vquic_tls_cleanup(&ctx->tls); vquic_ctx_free(&ctx->q); if(ctx->h3conn) nghttp3_conn_del(ctx->h3conn); if(ctx->qconn) ngtcp2_conn_del(ctx->qconn); Curl_bufcp_free(&ctx->stream_bufcp); + Curl_ssl_peer_cleanup(&ctx->peer); memset(ctx, 0, sizeof(*ctx)); ctx->qlogfd = -1; @@ -2358,15 +1953,15 @@ static void cf_ngtcp2_close(struct Curl_cfilter *cf, struct Curl_easy *data) CF_DATA_SAVE(save, cf, data); if(ctx && ctx->qconn) { char buffer[NGTCP2_MAX_UDP_PAYLOAD_SIZE]; - ngtcp2_tstamp ts; + struct pkt_io_ctx pktx; ngtcp2_ssize rc; CURL_TRC_CF(data, cf, "close"); - ts = timestamp(); + pktx_init(&pktx, cf, data); rc = ngtcp2_conn_write_connection_close(ctx->qconn, NULL, /* path */ NULL, /* pkt_info */ (uint8_t *)buffer, sizeof(buffer), - &ctx->last_error, ts); + &ctx->last_error, pktx.ts); if(rc > 0) { while((send(ctx->q.sockfd, buffer, (SEND_TYPE_ARG3)rc, 0) == -1) && SOCKERRNO == EINTR); @@ -2395,6 +1990,37 @@ static void cf_ngtcp2_destroy(struct Curl_cfilter *cf, struct Curl_easy *data) (void)save; } +static CURLcode tls_ctx_setup(struct quic_tls_ctx *ctx, + struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + (void)cf; +#ifdef USE_OPENSSL +#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) + if(ngtcp2_crypto_boringssl_configure_client_context(ctx->ssl_ctx) != 0) { + failf(data, "ngtcp2_crypto_boringssl_configure_client_context failed"); + return CURLE_FAILED_INIT; + } +#else + if(ngtcp2_crypto_quictls_configure_client_context(ctx->ssl_ctx) != 0) { + failf(data, "ngtcp2_crypto_quictls_configure_client_context failed"); + return CURLE_FAILED_INIT; + } +#endif /* !OPENSSL_IS_BORINGSSL && !OPENSSL_IS_AWSLC */ +#elif defined(USE_GNUTLS) + if(ngtcp2_crypto_gnutls_configure_client_session(ctx->gtls->session) != 0) { + failf(data, "ngtcp2_crypto_gnutls_configure_client_session failed"); + return CURLE_FAILED_INIT; + } +#elif defined(USE_WOLFSSL) + if(ngtcp2_crypto_wolfssl_configure_client_context(ctx->ssl_ctx) != 0) { + failf(data, "ngtcp2_crypto_wolfssl_configure_client_context failed"); + return CURLE_FAILED_INIT; + } +#endif + return CURLE_OK; +} + /* * Might be called twice for happy eyeballs. */ @@ -2411,24 +2037,18 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, ctx->version = NGTCP2_PROTO_VER_MAX; ctx->max_stream_window = H3_STREAM_WINDOW_SIZE; + ctx->max_idle_ms = CURL_QUIC_MAX_IDLE_MS; Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE, H3_STREAM_POOL_SPARES); -#ifdef USE_OPENSSL - result = quic_ssl_ctx(&ctx->sslctx, cf, data); + result = Curl_ssl_peer_init(&ctx->peer, cf); if(result) return result; - result = quic_set_client_cert(cf, data); - if(result) - return result; -#elif defined(USE_WOLFSSL) - result = quic_ssl_ctx(&ctx->sslctx, cf, data); - if(result) - return result; -#endif - - result = quic_init_ssl(cf, data); +#define H3_ALPN "\x2h3\x5h3-29" + result = Curl_vquic_tls_init(&ctx->tls, cf, data, &ctx->peer, + H3_ALPN, sizeof(H3_ALPN) - 1, + tls_ctx_setup, &ctx->conn_ref); if(result) return result; @@ -2475,9 +2095,9 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, return CURLE_QUIC_CONNECT_ERROR; #ifdef USE_GNUTLS - ngtcp2_conn_set_tls_native_handle(ctx->qconn, ctx->gtls->session); + ngtcp2_conn_set_tls_native_handle(ctx->qconn, ctx->tls.gtls->session); #else - ngtcp2_conn_set_tls_native_handle(ctx->qconn, ctx->ssl); + ngtcp2_conn_set_tls_native_handle(ctx->qconn, ctx->tls.ssl); #endif ngtcp2_ccerr_default(&ctx->last_error); @@ -2559,27 +2179,9 @@ out: ngtcp2_conn_in_draining_period(ctx->qconn)) { /* When a QUIC server instance is shutting down, it may send us a * CONNECTION_CLOSE right away. Our connection then enters the DRAINING - * state. - * This may be a stopping of the service or it may be that the server - * is reloading and a new instance will start serving soon. - * In any case, we tear down our socket and start over with a new one. - * We re-open the underlying UDP cf right now, but do not start - * connecting until called again. - */ - int reconn_delay_ms = 200; - - CURL_TRC_CF(data, cf, "connect, remote closed, reconnect after %dms", - reconn_delay_ms); - Curl_conn_cf_close(cf->next, data); - cf_ngtcp2_ctx_clear(ctx); - result = Curl_conn_cf_connect(cf->next, data, FALSE, done); - if(!result && *done) { - *done = FALSE; - ctx->reconnect_at = now; - ctx->reconnect_at.tv_usec += reconn_delay_ms * 1000; - Curl_expire(data, reconn_delay_ms, EXPIRE_QUIC); - result = CURLE_OK; - } + * state. The CONNECT may work in the near future again. Indicate + * that as a "weird" reply. */ + result = CURLE_WEIRD_SERVER_REPLY; } #ifndef CURL_DISABLE_VERBOSE_STRINGS @@ -2626,8 +2228,8 @@ static CURLcode cf_ngtcp2_query(struct Curl_cfilter *cf, return CURLE_OK; } case CF_QUERY_CONNECT_REPLY_MS: - if(ctx->got_first_byte) { - timediff_t ms = Curl_timediff(ctx->first_byte_at, ctx->started_at); + if(ctx->q.got_first_byte) { + timediff_t ms = Curl_timediff(ctx->q.first_byte_at, ctx->started_at); *pres1 = (ms < INT_MAX)? (int)ms : INT_MAX; } else @@ -2635,8 +2237,8 @@ static CURLcode cf_ngtcp2_query(struct Curl_cfilter *cf, return CURLE_OK; case CF_QUERY_TIMER_CONNECT: { struct curltime *when = pres2; - if(ctx->got_first_byte) - *when = ctx->first_byte_at; + if(ctx->q.got_first_byte) + *when = ctx->q.first_byte_at; return CURLE_OK; } case CF_QUERY_TIMER_APPCONNECT: { @@ -2657,24 +2259,51 @@ static bool cf_ngtcp2_conn_is_alive(struct Curl_cfilter *cf, struct Curl_easy *data, bool *input_pending) { - bool alive = TRUE; + struct cf_ngtcp2_ctx *ctx = cf->ctx; + bool alive = FALSE; + const ngtcp2_transport_params *rp; + struct cf_call_data save; + CF_DATA_SAVE(save, cf, data); *input_pending = FALSE; + if(!ctx->qconn) + goto out; + + /* Both sides of the QUIC connection announce they max idle times in + * the transport parameters. Look at the minimum of both and if + * we exceed this, regard the connection as dead. The other side + * may have completely purged it and will no longer respond + * to any packets from us. */ + rp = ngtcp2_conn_get_remote_transport_params(ctx->qconn); + if(rp) { + timediff_t idletime; + uint64_t idle_ms = ctx->max_idle_ms; + + if(rp->max_idle_timeout && + (rp->max_idle_timeout / NGTCP2_MILLISECONDS) < idle_ms) + idle_ms = (rp->max_idle_timeout / NGTCP2_MILLISECONDS); + idletime = Curl_timediff(Curl_now(), ctx->q.last_io); + if(idletime > 0 && (uint64_t)idletime > idle_ms) + goto out; + } + if(!cf->next || !cf->next->cft->is_alive(cf->next, data, input_pending)) - return FALSE; + goto out; + alive = TRUE; if(*input_pending) { + CURLcode result; /* This happens before we've sent off a request and the connection is not in use by any other transfer, there shouldn't be any data here, only "protocol frames" */ *input_pending = FALSE; - if(cf_progress_ingress(cf, data, NULL)) - alive = FALSE; - else { - alive = TRUE; - } + result = cf_progress_ingress(cf, data, NULL); + CURL_TRC_CF(data, cf, "is_alive, progress ingress -> %d", result); + alive = result? FALSE : TRUE; } +out: + CF_DATA_RESTORE(cf, save); return alive; } @@ -2686,7 +2315,7 @@ struct Curl_cftype Curl_cft_http3 = { cf_ngtcp2_connect, cf_ngtcp2_close, Curl_cf_def_get_host, - cf_ngtcp2_get_select_socks, + cf_ngtcp2_adjust_pollset, cf_ngtcp2_data_pending, cf_ngtcp2_send, cf_ngtcp2_recv, @@ -2706,7 +2335,7 @@ CURLcode Curl_cf_ngtcp2_create(struct Curl_cfilter **pcf, CURLcode result; (void)data; - ctx = calloc(sizeof(*ctx), 1); + ctx = calloc(1, sizeof(*ctx)); if(!ctx) { result = CURLE_OUT_OF_MEMORY; goto out; diff --git a/lib/vquic/curl_osslq.c b/lib/vquic/curl_osslq.c new file mode 100644 index 000000000..c499a004b --- /dev/null +++ b/lib/vquic/curl_osslq.c @@ -0,0 +1,2237 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + +#include "curl_setup.h" + +#if defined(USE_OPENSSL_QUIC) && defined(USE_NGHTTP3) + +#include +#include +#include +#include + +#include "urldata.h" +#include "sendf.h" +#include "strdup.h" +#include "rand.h" +#include "multiif.h" +#include "strcase.h" +#include "cfilters.h" +#include "cf-socket.h" +#include "connect.h" +#include "progress.h" +#include "strerror.h" +#include "dynbuf.h" +#include "http1.h" +#include "select.h" +#include "inet_pton.h" +#include "vquic.h" +#include "vquic_int.h" +#include "vquic-tls.h" +#include "vtls/keylog.h" +#include "vtls/vtls.h" +#include "vtls/openssl.h" +#include "curl_osslq.h" + +#include "warnless.h" + +/* The last 3 #include files should be in this order */ +#include "curl_printf.h" +#include "curl_memory.h" +#include "memdebug.h" + +/* A stream window is the maximum amount we need to buffer for + * each active transfer. We use HTTP/3 flow control and only ACK + * when we take things out of the buffer. + * Chunk size is large enough to take a full DATA frame */ +#define H3_STREAM_WINDOW_SIZE (128 * 1024) +#define H3_STREAM_CHUNK_SIZE (16 * 1024) +/* The pool keeps spares around and half of a full stream windows + * seems good. More does not seem to improve performance. + * The benefit of the pool is that stream buffer to not keep + * spares. So memory consumption goes down when streams run empty, + * have a large upload done, etc. */ +#define H3_STREAM_POOL_SPARES \ + (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE ) / 2 +/* Receive and Send max number of chunks just follows from the + * chunk size and window size */ +#define H3_STREAM_RECV_CHUNKS \ + (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE) +#define H3_STREAM_SEND_CHUNKS \ + (H3_STREAM_WINDOW_SIZE / H3_STREAM_CHUNK_SIZE) + +#ifndef ARRAYSIZE +#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) +#endif + +#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) +typedef uint32_t sslerr_t; +#else +typedef unsigned long sslerr_t; +#endif + + +/* How to access `call_data` from a cf_osslq filter */ +#undef CF_CTX_CALL_DATA +#define CF_CTX_CALL_DATA(cf) \ + ((struct cf_osslq_ctx *)(cf)->ctx)->call_data + +static CURLcode cf_progress_ingress(struct Curl_cfilter *cf, + struct Curl_easy *data); + +static const char *SSL_ERROR_to_str(int err) +{ + switch(err) { + case SSL_ERROR_NONE: + return "SSL_ERROR_NONE"; + case SSL_ERROR_SSL: + return "SSL_ERROR_SSL"; + case SSL_ERROR_WANT_READ: + return "SSL_ERROR_WANT_READ"; + case SSL_ERROR_WANT_WRITE: + return "SSL_ERROR_WANT_WRITE"; + case SSL_ERROR_WANT_X509_LOOKUP: + return "SSL_ERROR_WANT_X509_LOOKUP"; + case SSL_ERROR_SYSCALL: + return "SSL_ERROR_SYSCALL"; + case SSL_ERROR_ZERO_RETURN: + return "SSL_ERROR_ZERO_RETURN"; + case SSL_ERROR_WANT_CONNECT: + return "SSL_ERROR_WANT_CONNECT"; + case SSL_ERROR_WANT_ACCEPT: + return "SSL_ERROR_WANT_ACCEPT"; +#if defined(SSL_ERROR_WANT_ASYNC) + case SSL_ERROR_WANT_ASYNC: + return "SSL_ERROR_WANT_ASYNC"; +#endif +#if defined(SSL_ERROR_WANT_ASYNC_JOB) + case SSL_ERROR_WANT_ASYNC_JOB: + return "SSL_ERROR_WANT_ASYNC_JOB"; +#endif +#if defined(SSL_ERROR_WANT_EARLY) + case SSL_ERROR_WANT_EARLY: + return "SSL_ERROR_WANT_EARLY"; +#endif + default: + return "SSL_ERROR unknown"; + } +} + +/* Return error string for last OpenSSL error */ +static char *ossl_strerror(unsigned long error, char *buf, size_t size) +{ + DEBUGASSERT(size); + *buf = '\0'; + +#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC) + ERR_error_string_n((uint32_t)error, buf, size); +#else + ERR_error_string_n(error, buf, size); +#endif + + if(!*buf) { + const char *msg = error ? "Unknown error" : "No error"; + if(strlen(msg) < size) + strcpy(buf, msg); + } + + return buf; +} + +static CURLcode make_bio_addr(BIO_ADDR **pbio_addr, + const struct Curl_sockaddr_ex *addr) +{ + BIO_ADDR *ba; + CURLcode result = CURLE_FAILED_INIT; + + ba = BIO_ADDR_new(); + if(!ba) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } + + switch(addr->family) { + case AF_INET: { + struct sockaddr_in * const sin = + (struct sockaddr_in * const)(void *)&addr->sa_addr; + if(!BIO_ADDR_rawmake(ba, AF_INET, &sin->sin_addr, + sizeof(sin->sin_addr), sin->sin_port)) { + goto out; + } + result = CURLE_OK; + break; + } +#ifdef ENABLE_IPV6 + case AF_INET6: { + struct sockaddr_in6 * const sin = + (struct sockaddr_in6 * const)(void *)&addr->sa_addr; + if(!BIO_ADDR_rawmake(ba, AF_INET6, &sin->sin6_addr, + sizeof(sin->sin6_addr), sin->sin6_port)) { + } + result = CURLE_OK; + break; + } +#endif /* ENABLE_IPV6 */ + default: + /* sunsupported */ + DEBUGASSERT(0); + break; + } + +out: + if(result && ba) { + BIO_ADDR_free(ba); + ba = NULL; + } + *pbio_addr = ba; + return result; +} + +/* QUIC stream (not necessarily H3) */ +struct cf_osslq_stream { + int64_t id; + SSL *ssl; + struct bufq recvbuf; /* QUIC war data recv buffer */ + BIT(recvd_eos); + BIT(closed); + BIT(reset); + BIT(send_blocked); +}; + +static CURLcode cf_osslq_stream_open(struct cf_osslq_stream *s, + SSL *conn, + uint64_t flags, + struct bufc_pool *bufcp, + void *user_data) +{ + DEBUGASSERT(!s->ssl); + Curl_bufq_initp(&s->recvbuf, bufcp, 1, BUFQ_OPT_NONE); + s->ssl = SSL_new_stream(conn, flags); + if(!s->ssl) { + return CURLE_FAILED_INIT; + } + s->id = SSL_get_stream_id(s->ssl); + SSL_set_app_data(s->ssl, user_data); + return CURLE_OK; +} + +static void cf_osslq_stream_cleanup(struct cf_osslq_stream *s) +{ + if(s->ssl) { + SSL_set_app_data(s->ssl, NULL); + SSL_free(s->ssl); + } + Curl_bufq_free(&s->recvbuf); + memset(s, 0, sizeof(*s)); +} + +static void cf_osslq_stream_close(struct cf_osslq_stream *s) +{ + if(s->ssl) { + SSL_free(s->ssl); + s->ssl = NULL; + } +} + +struct cf_osslq_h3conn { + nghttp3_conn *conn; + nghttp3_settings settings; + struct cf_osslq_stream s_ctrl; + struct cf_osslq_stream s_qpack_enc; + struct cf_osslq_stream s_qpack_dec; + struct cf_osslq_stream remote_ctrl[3]; /* uni streams opened by the peer */ + size_t remote_ctrl_n; /* number of peer streams opened */ +}; + +static void cf_osslq_h3conn_cleanup(struct cf_osslq_h3conn *h3) +{ + size_t i; + + if(h3->conn) + nghttp3_conn_del(h3->conn); + cf_osslq_stream_cleanup(&h3->s_ctrl); + cf_osslq_stream_cleanup(&h3->s_qpack_enc); + cf_osslq_stream_cleanup(&h3->s_qpack_dec); + for(i = 0; i < h3->remote_ctrl_n; ++i) { + cf_osslq_stream_cleanup(&h3->remote_ctrl[i]); + } +} + +struct cf_osslq_ctx { + struct cf_quic_ctx q; + struct ssl_peer peer; + struct quic_tls_ctx tls; + struct cf_call_data call_data; + struct cf_osslq_h3conn h3; + struct curltime started_at; /* time the current attempt started */ + struct curltime handshake_at; /* time connect handshake finished */ + struct curltime first_byte_at; /* when first byte was recvd */ + struct curltime reconnect_at; /* time the next attempt should start */ + struct bufc_pool stream_bufcp; /* chunk pool for streams */ + size_t max_stream_window; /* max flow window for one stream */ + uint64_t max_idle_ms; /* max idle time for QUIC connection */ + BIT(got_first_byte); /* if first byte was received */ +#ifdef USE_OPENSSL + BIT(x509_store_setup); /* if x509 store has been set up */ + BIT(protocol_shutdown); /* QUIC connection is shut down */ +#endif +}; + +static void cf_osslq_ctx_clear(struct cf_osslq_ctx *ctx) +{ + struct cf_call_data save = ctx->call_data; + + cf_osslq_h3conn_cleanup(&ctx->h3); + Curl_vquic_tls_cleanup(&ctx->tls); + vquic_ctx_free(&ctx->q); + Curl_bufcp_free(&ctx->stream_bufcp); + Curl_ssl_peer_cleanup(&ctx->peer); + + memset(ctx, 0, sizeof(*ctx)); + ctx->call_data = save; +} + +static void cf_osslq_close(struct Curl_cfilter *cf, struct Curl_easy *data) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + struct cf_call_data save; + + CF_DATA_SAVE(save, cf, data); + if(ctx && ctx->tls.ssl) { + /* TODO: send connection close */ + CURL_TRC_CF(data, cf, "cf_osslq_close()"); + cf_osslq_ctx_clear(ctx); + } + + cf->connected = FALSE; + CF_DATA_RESTORE(cf, save); +} + +static void cf_osslq_destroy(struct Curl_cfilter *cf, struct Curl_easy *data) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + struct cf_call_data save; + + CF_DATA_SAVE(save, cf, data); + CURL_TRC_CF(data, cf, "destroy"); + if(ctx) { + CURL_TRC_CF(data, cf, "cf_osslq_destroy()"); + cf_osslq_ctx_clear(ctx); + free(ctx); + } + cf->ctx = NULL; + /* No CF_DATA_RESTORE(cf, save) possible */ + (void)save; +} + +static CURLcode cf_osslq_h3conn_add_stream(struct cf_osslq_h3conn *h3, + SSL *stream_ssl, + struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + int64_t stream_id = SSL_get_stream_id(stream_ssl); + + if(h3->remote_ctrl_n >= ARRAYSIZE(h3->remote_ctrl)) { + /* rejected, we are full */ + CURL_TRC_CF(data, cf, "[%" PRId64 "] rejecting additional remote stream", + stream_id); + SSL_free(stream_ssl); + return CURLE_FAILED_INIT; + } + switch(SSL_get_stream_type(stream_ssl)) { + case SSL_STREAM_TYPE_READ: { + struct cf_osslq_stream *nstream = &h3->remote_ctrl[h3->remote_ctrl_n++]; + nstream->id = stream_id; + nstream->ssl = stream_ssl; + Curl_bufq_initp(&nstream->recvbuf, &ctx->stream_bufcp, 1, BUFQ_OPT_NONE); + CURL_TRC_CF(data, cf, "[%" PRId64 "] accepted new remote uni stream", + stream_id); + break; + } + default: + CURL_TRC_CF(data, cf, "[%" PRId64 "] rejecting remote non-uni-read" + " stream", stream_id); + SSL_free(stream_ssl); + return CURLE_FAILED_INIT; + } + return CURLE_OK; + +} + +static CURLcode cf_osslq_ssl_err(struct Curl_cfilter *cf, + struct Curl_easy *data, + int detail, CURLcode def_result) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + CURLcode result = def_result; + sslerr_t errdetail; + char ebuf[256] = "unknown"; + const char *err_descr = ebuf; + long lerr; + int lib; + int reason; + struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); + + errdetail = ERR_get_error(); + lib = ERR_GET_LIB(errdetail); + reason = ERR_GET_REASON(errdetail); + + if((lib == ERR_LIB_SSL) && + ((reason == SSL_R_CERTIFICATE_VERIFY_FAILED) || + (reason == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED))) { + result = CURLE_PEER_FAILED_VERIFICATION; + + lerr = SSL_get_verify_result(ctx->tls.ssl); + if(lerr != X509_V_OK) { + ssl_config->certverifyresult = lerr; + msnprintf(ebuf, sizeof(ebuf), + "SSL certificate problem: %s", + X509_verify_cert_error_string(lerr)); + } + else + err_descr = "SSL certificate verification failed"; + } +#if defined(SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED) + /* SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED is only available on + OpenSSL version above v1.1.1, not LibreSSL, BoringSSL, or AWS-LC */ + else if((lib == ERR_LIB_SSL) && + (reason == SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED)) { + /* If client certificate is required, communicate the + error to client */ + result = CURLE_SSL_CLIENTCERT; + ossl_strerror(errdetail, ebuf, sizeof(ebuf)); + } +#endif + else if((lib == ERR_LIB_SSL) && (reason == SSL_R_PROTOCOL_IS_SHUTDOWN)) { + ctx->protocol_shutdown = TRUE; + err_descr = "QUIC connectin has been shut down"; + result = def_result; + } + else { + result = def_result; + ossl_strerror(errdetail, ebuf, sizeof(ebuf)); + } + + /* detail is already set to the SSL error above */ + + /* If we e.g. use SSLv2 request-method and the server doesn't like us + * (RST connection, etc.), OpenSSL gives no explanation whatsoever and + * the SO_ERROR is also lost. + */ + if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) { + char extramsg[80]=""; + int sockerr = SOCKERRNO; + const char *r_ip = NULL; + int r_port = 0; + + Curl_cf_socket_peek(cf->next, data, NULL, NULL, + &r_ip, &r_port, NULL, NULL); + if(sockerr && detail == SSL_ERROR_SYSCALL) + Curl_strerror(sockerr, extramsg, sizeof(extramsg)); + failf(data, "QUIC connect: %s in connection to %s:%d (%s)", + extramsg[0] ? extramsg : SSL_ERROR_to_str(detail), + ctx->peer.dispname, r_port, r_ip); + } + else { + /* Could be a CERT problem */ + failf(data, "%s", err_descr); + } + return result; +} + +static CURLcode cf_osslq_verify_peer(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + + cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ + cf->conn->httpversion = 30; + cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX; + + return Curl_vquic_tls_verify_peer(&ctx->tls, cf, data, &ctx->peer); +} + +/** + * All about the H3 internals of a stream + */ +struct h3_stream_ctx { + struct cf_osslq_stream s; + struct bufq sendbuf; /* h3 request body */ + struct bufq recvbuf; /* h3 response body */ + struct h1_req_parser h1; /* h1 request parsing */ + size_t sendbuf_len_in_flight; /* sendbuf amount "in flight" */ + size_t upload_blocked_len; /* the amount written last and EGAINed */ + size_t recv_buf_nonflow; /* buffered bytes, not counting for flow control */ + uint64_t error3; /* HTTP/3 stream error code */ + curl_off_t upload_left; /* number of request bytes left to upload */ + curl_off_t download_recvd; /* number of response DATA bytes received */ + int status_code; /* HTTP status code */ + bool resp_hds_complete; /* we have a complete, final response */ + bool closed; /* TRUE on stream close */ + bool reset; /* TRUE on stream reset */ + bool send_closed; /* stream is local closed */ + BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */ +}; + +#define H3_STREAM_CTX(d) ((struct h3_stream_ctx *)(((d) && (d)->req.p.http)? \ + ((struct HTTP *)(d)->req.p.http)->h3_ctx \ + : NULL)) +#define H3_STREAM_LCTX(d) ((struct HTTP *)(d)->req.p.http)->h3_ctx +#define H3_STREAM_ID(d) (H3_STREAM_CTX(d)? \ + H3_STREAM_CTX(d)->s.id : -2) + +static CURLcode h3_data_setup(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + + if(!data || !data->req.p.http) { + failf(data, "initialization failure, transfer not http initialized"); + return CURLE_FAILED_INIT; + } + + if(stream) + return CURLE_OK; + + stream = calloc(1, sizeof(*stream)); + if(!stream) + return CURLE_OUT_OF_MEMORY; + + stream->s.id = -1; + /* on send, we control how much we put into the buffer */ + Curl_bufq_initp(&stream->sendbuf, &ctx->stream_bufcp, + H3_STREAM_SEND_CHUNKS, BUFQ_OPT_NONE); + stream->sendbuf_len_in_flight = 0; + /* on recv, we need a flexible buffer limit since we also write + * headers to it that are not counted against the nghttp3 flow limits. */ + Curl_bufq_initp(&stream->recvbuf, &ctx->stream_bufcp, + H3_STREAM_RECV_CHUNKS, BUFQ_OPT_SOFT_LIMIT); + stream->recv_buf_nonflow = 0; + Curl_h1_req_parse_init(&stream->h1, H1_PARSE_DEFAULT_MAX_LINE_LEN); + + H3_STREAM_LCTX(data) = stream; + return CURLE_OK; +} + +static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + + (void)cf; + if(stream) { + CURL_TRC_CF(data, cf, "[%"PRId64"] easy handle is done", stream->s.id); + if(ctx->h3.conn && !stream->closed) { + nghttp3_conn_shutdown_stream_read(ctx->h3.conn, stream->s.id); + nghttp3_conn_close_stream(ctx->h3.conn, stream->s.id, + NGHTTP3_H3_REQUEST_CANCELLED); + nghttp3_conn_set_stream_user_data(ctx->h3.conn, stream->s.id, NULL); + stream->closed = TRUE; + } + + cf_osslq_stream_cleanup(&stream->s); + Curl_bufq_free(&stream->sendbuf); + Curl_bufq_free(&stream->recvbuf); + Curl_h1_req_parse_free(&stream->h1); + free(stream); + H3_STREAM_LCTX(data) = NULL; + } +} + +static struct cf_osslq_stream *cf_osslq_get_qstream(struct Curl_cfilter *cf, + struct Curl_easy *data, + int64_t stream_id) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + struct Curl_easy *sdata; + + if(stream && stream->s.id == stream_id) { + return &stream->s; + } + else if(ctx->h3.s_ctrl.id == stream_id) { + return &ctx->h3.s_ctrl; + } + else if(ctx->h3.s_qpack_enc.id == stream_id) { + return &ctx->h3.s_qpack_enc; + } + else if(ctx->h3.s_qpack_dec.id == stream_id) { + return &ctx->h3.s_qpack_dec; + } + else { + DEBUGASSERT(data->multi); + for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + if((sdata->conn == data->conn) && H3_STREAM_ID(sdata) == stream_id) { + stream = H3_STREAM_CTX(sdata); + return stream? &stream->s : NULL; + } + } + } + return NULL; +} + +static void h3_drain_stream(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + unsigned char bits; + + (void)cf; + bits = CURL_CSELECT_IN; + if(stream && stream->upload_left && !stream->send_closed) + bits |= CURL_CSELECT_OUT; + if(data->state.select_bits != bits) { + data->state.select_bits = bits; + Curl_expire(data, 0, EXPIRE_RUN_NOW); + } +} + +static CURLcode h3_data_pause(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool pause) +{ + if(!pause) { + /* unpaused. make it run again right away */ + h3_drain_stream(cf, data); + Curl_expire(data, 0, EXPIRE_RUN_NOW); + } + return CURLE_OK; +} + +static int cb_h3_stream_close(nghttp3_conn *conn, int64_t stream_id, + uint64_t app_error_code, void *user_data, + void *stream_user_data) +{ + struct Curl_cfilter *cf = user_data; + struct Curl_easy *data = stream_user_data; + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + (void)conn; + (void)stream_id; + + /* we might be called by nghttp3 after we already cleaned up */ + if(!stream) + return 0; + + stream->closed = TRUE; + stream->error3 = app_error_code; + if(stream->error3 != NGHTTP3_H3_NO_ERROR) { + stream->reset = TRUE; + stream->send_closed = TRUE; + CURL_TRC_CF(data, cf, "[%" PRId64 "] RESET: error %" PRId64, + stream->s.id, stream->error3); + } + else { + CURL_TRC_CF(data, cf, "[%" PRId64 "] CLOSED", stream->s.id); + } + h3_drain_stream(cf, data); + return 0; +} + +/* + * write_resp_raw() copies response data in raw format to the `data`'s + * receive buffer. If not enough space is available, it appends to the + * `data`'s overflow buffer. + */ +static CURLcode write_resp_raw(struct Curl_cfilter *cf, + struct Curl_easy *data, + const void *mem, size_t memlen, + bool flow) +{ + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + CURLcode result = CURLE_OK; + ssize_t nwritten; + + (void)cf; + if(!stream) { + return CURLE_RECV_ERROR; + } + nwritten = Curl_bufq_write(&stream->recvbuf, mem, memlen, &result); + if(nwritten < 0) { + return result; + } + + if(!flow) + stream->recv_buf_nonflow += (size_t)nwritten; + + if((size_t)nwritten < memlen) { + /* This MUST not happen. Our recbuf is dimensioned to hold the + * full max_stream_window and then some for this very reason. */ + DEBUGASSERT(0); + return CURLE_RECV_ERROR; + } + return result; +} + +static int cb_h3_recv_data(nghttp3_conn *conn, int64_t stream3_id, + const uint8_t *buf, size_t buflen, + void *user_data, void *stream_user_data) +{ + struct Curl_cfilter *cf = user_data; + struct Curl_easy *data = stream_user_data; + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + CURLcode result; + + (void)conn; + (void)stream3_id; + + if(!stream) + return NGHTTP3_ERR_CALLBACK_FAILURE; + + result = write_resp_raw(cf, data, buf, buflen, TRUE); + if(result) { + CURL_TRC_CF(data, cf, "[%" PRId64 "] DATA len=%zu, ERROR receiving %d", + stream->s.id, buflen, result); + return NGHTTP3_ERR_CALLBACK_FAILURE; + } + stream->download_recvd += (curl_off_t)buflen; + CURL_TRC_CF(data, cf, "[%" PRId64 "] DATA len=%zu, total=%zd", + stream->s.id, buflen, stream->download_recvd); + h3_drain_stream(cf, data); + return 0; +} + +static int cb_h3_deferred_consume(nghttp3_conn *conn, int64_t stream_id, + size_t consumed, void *user_data, + void *stream_user_data) +{ + struct Curl_cfilter *cf = user_data; + struct Curl_easy *data = stream_user_data; + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + + (void)conn; + (void)stream_id; + if(stream) + CURL_TRC_CF(data, cf, "[%" PRId64 "] deferred consume %zu bytes", + stream->s.id, consumed); + return 0; +} + +static int cb_h3_recv_header(nghttp3_conn *conn, int64_t stream_id, + int32_t token, nghttp3_rcbuf *name, + nghttp3_rcbuf *value, uint8_t flags, + void *user_data, void *stream_user_data) +{ + struct Curl_cfilter *cf = user_data; + nghttp3_vec h3name = nghttp3_rcbuf_get_buf(name); + nghttp3_vec h3val = nghttp3_rcbuf_get_buf(value); + struct Curl_easy *data = stream_user_data; + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + CURLcode result = CURLE_OK; + (void)conn; + (void)stream_id; + (void)token; + (void)flags; + (void)cf; + + /* we might have cleaned up this transfer already */ + if(!stream) + return 0; + + if(token == NGHTTP3_QPACK_TOKEN__STATUS) { + char line[14]; /* status line is always 13 characters long */ + size_t ncopy; + + result = Curl_http_decode_status(&stream->status_code, + (const char *)h3val.base, h3val.len); + if(result) + return -1; + ncopy = msnprintf(line, sizeof(line), "HTTP/3 %03d \r\n", + stream->status_code); + CURL_TRC_CF(data, cf, "[%" PRId64 "] status: %s", stream_id, line); + result = write_resp_raw(cf, data, line, ncopy, FALSE); + if(result) { + return -1; + } + } + else { + /* store as an HTTP1-style header */ + CURL_TRC_CF(data, cf, "[%" PRId64 "] header: %.*s: %.*s", + stream_id, (int)h3name.len, h3name.base, + (int)h3val.len, h3val.base); + result = write_resp_raw(cf, data, h3name.base, h3name.len, FALSE); + if(result) { + return -1; + } + result = write_resp_raw(cf, data, ": ", 2, FALSE); + if(result) { + return -1; + } + result = write_resp_raw(cf, data, h3val.base, h3val.len, FALSE); + if(result) { + return -1; + } + result = write_resp_raw(cf, data, "\r\n", 2, FALSE); + if(result) { + return -1; + } + } + return 0; +} + +static int cb_h3_end_headers(nghttp3_conn *conn, int64_t stream_id, + int fin, void *user_data, void *stream_user_data) +{ + struct Curl_cfilter *cf = user_data; + struct Curl_easy *data = stream_user_data; + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + CURLcode result = CURLE_OK; + (void)conn; + (void)stream_id; + (void)fin; + (void)cf; + + if(!stream) + return 0; + /* add a CRLF only if we've received some headers */ + result = write_resp_raw(cf, data, "\r\n", 2, FALSE); + if(result) { + return -1; + } + + CURL_TRC_CF(data, cf, "[%" PRId64 "] end_headers, status=%d", + stream_id, stream->status_code); + if(stream->status_code / 100 != 1) { + stream->resp_hds_complete = TRUE; + } + h3_drain_stream(cf, data); + return 0; +} + +static int cb_h3_stop_sending(nghttp3_conn *conn, int64_t stream_id, + uint64_t app_error_code, void *user_data, + void *stream_user_data) +{ + struct Curl_cfilter *cf = user_data; + struct Curl_easy *data = stream_user_data; + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + (void)conn; + (void)app_error_code; + + if(!stream || !stream->s.ssl) + return 0; + + CURL_TRC_CF(data, cf, "[%" PRId64 "] stop_sending", stream_id); + cf_osslq_stream_close(&stream->s); + return 0; +} + +static int cb_h3_reset_stream(nghttp3_conn *conn, int64_t stream_id, + uint64_t app_error_code, void *user_data, + void *stream_user_data) { + struct Curl_cfilter *cf = user_data; + struct Curl_easy *data = stream_user_data; + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + int rv; + (void)conn; + + if(stream && stream->s.ssl) { + SSL_STREAM_RESET_ARGS args = {0}; + args.quic_error_code = app_error_code; + rv = !SSL_stream_reset(stream->s.ssl, &args, sizeof(args)); + CURL_TRC_CF(data, cf, "[%" PRId64 "] reset -> %d", stream_id, rv); + if(!rv) { + return NGHTTP3_ERR_CALLBACK_FAILURE; + } + } + return 0; +} + +static nghttp3_ssize +cb_h3_read_req_body(nghttp3_conn *conn, int64_t stream_id, + nghttp3_vec *vec, size_t veccnt, + uint32_t *pflags, void *user_data, + void *stream_user_data) +{ + struct Curl_cfilter *cf = user_data; + struct Curl_easy *data = stream_user_data; + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + ssize_t nwritten = 0; + size_t nvecs = 0; + (void)cf; + (void)conn; + (void)stream_id; + (void)user_data; + (void)veccnt; + + if(!stream) + return NGHTTP3_ERR_CALLBACK_FAILURE; + /* nghttp3 keeps references to the sendbuf data until it is ACKed + * by the server (see `cb_h3_acked_req_body()` for updates). + * `sendbuf_len_in_flight` is the amount of bytes in `sendbuf` + * that we have already passed to nghttp3, but which have not been + * ACKed yet. + * Any amount beyond `sendbuf_len_in_flight` we need still to pass + * to nghttp3. Do that now, if we can. */ + if(stream->sendbuf_len_in_flight < Curl_bufq_len(&stream->sendbuf)) { + nvecs = 0; + while(nvecs < veccnt && + Curl_bufq_peek_at(&stream->sendbuf, + stream->sendbuf_len_in_flight, + (const unsigned char **)&vec[nvecs].base, + &vec[nvecs].len)) { + stream->sendbuf_len_in_flight += vec[nvecs].len; + nwritten += vec[nvecs].len; + ++nvecs; + } + DEBUGASSERT(nvecs > 0); /* we SHOULD have been be able to peek */ + } + + if(nwritten > 0 && stream->upload_left != -1) + stream->upload_left -= nwritten; + + /* When we stopped sending and everything in `sendbuf` is "in flight", + * we are at the end of the request body. */ + if(stream->upload_left == 0) { + *pflags = NGHTTP3_DATA_FLAG_EOF; + stream->send_closed = TRUE; + } + else if(!nwritten) { + /* Not EOF, and nothing to give, we signal WOULDBLOCK. */ + CURL_TRC_CF(data, cf, "[%" PRId64 "] read req body -> AGAIN", + stream->s.id); + return NGHTTP3_ERR_WOULDBLOCK; + } + + CURL_TRC_CF(data, cf, "[%" PRId64 "] read req body -> " + "%d vecs%s with %zu (buffered=%zu, left=%" + CURL_FORMAT_CURL_OFF_T ")", + stream->s.id, (int)nvecs, + *pflags == NGHTTP3_DATA_FLAG_EOF?" EOF":"", + nwritten, Curl_bufq_len(&stream->sendbuf), + stream->upload_left); + return (nghttp3_ssize)nvecs; +} + +static int cb_h3_acked_stream_data(nghttp3_conn *conn, int64_t stream_id, + uint64_t datalen, void *user_data, + void *stream_user_data) +{ + struct Curl_cfilter *cf = user_data; + struct Curl_easy *data = stream_user_data; + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + size_t skiplen; + + (void)cf; + if(!stream) + return 0; + /* The server acknowledged `datalen` of bytes from our request body. + * This is a delta. We have kept this data in `sendbuf` for + * re-transmissions and can free it now. */ + if(datalen >= (uint64_t)stream->sendbuf_len_in_flight) + skiplen = stream->sendbuf_len_in_flight; + else + skiplen = (size_t)datalen; + Curl_bufq_skip(&stream->sendbuf, skiplen); + stream->sendbuf_len_in_flight -= skiplen; + + /* Everything ACKed, we resume upload processing */ + if(!stream->sendbuf_len_in_flight) { + int rv = nghttp3_conn_resume_stream(conn, stream_id); + if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { + return NGHTTP3_ERR_CALLBACK_FAILURE; + } + } + return 0; +} + +static nghttp3_callbacks ngh3_callbacks = { + cb_h3_acked_stream_data, + cb_h3_stream_close, + cb_h3_recv_data, + cb_h3_deferred_consume, + NULL, /* begin_headers */ + cb_h3_recv_header, + cb_h3_end_headers, + NULL, /* begin_trailers */ + cb_h3_recv_header, + NULL, /* end_trailers */ + cb_h3_stop_sending, + NULL, /* end_stream */ + cb_h3_reset_stream, + NULL, /* shutdown */ + NULL /* recv_settings */ +}; + +static CURLcode cf_osslq_h3conn_init(struct cf_osslq_ctx *ctx, SSL *conn, + void *user_data) +{ + struct cf_osslq_h3conn *h3 = &ctx->h3; + CURLcode result; + int rc; + + nghttp3_settings_default(&h3->settings); + rc = nghttp3_conn_client_new(&h3->conn, + &ngh3_callbacks, + &h3->settings, + nghttp3_mem_default(), + user_data); + if(rc) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } + + result = cf_osslq_stream_open(&h3->s_ctrl, conn, + SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI, + &ctx->stream_bufcp, NULL); + if(result) { + result = CURLE_QUIC_CONNECT_ERROR; + goto out; + } + result = cf_osslq_stream_open(&h3->s_qpack_enc, conn, + SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI, + &ctx->stream_bufcp, NULL); + if(result) { + result = CURLE_QUIC_CONNECT_ERROR; + goto out; + } + result = cf_osslq_stream_open(&h3->s_qpack_dec, conn, + SSL_STREAM_FLAG_ADVANCE|SSL_STREAM_FLAG_UNI, + &ctx->stream_bufcp, NULL); + if(result) { + result = CURLE_QUIC_CONNECT_ERROR; + goto out; + } + + rc = nghttp3_conn_bind_control_stream(h3->conn, h3->s_ctrl.id); + if(rc) { + result = CURLE_QUIC_CONNECT_ERROR; + goto out; + } + rc = nghttp3_conn_bind_qpack_streams(h3->conn, h3->s_qpack_enc.id, + h3->s_qpack_dec.id); + if(rc) { + result = CURLE_QUIC_CONNECT_ERROR; + goto out; + } + + result = CURLE_OK; +out: + return result; +} + +static CURLcode cf_osslq_ctx_start(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + CURLcode result; + int rv; + const struct Curl_sockaddr_ex *peer_addr = NULL; + int peer_port; + BIO *bio = NULL; + BIO_ADDR *baddr = NULL; + + Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE, + H3_STREAM_POOL_SPARES); + result = Curl_ssl_peer_init(&ctx->peer, cf); + if(result) + goto out; + +#define H3_ALPN "\x2h3" + result = Curl_vquic_tls_init(&ctx->tls, cf, data, &ctx->peer, + H3_ALPN, sizeof(H3_ALPN) - 1, + NULL, NULL); + if(result) + goto out; + + result = vquic_ctx_init(&ctx->q); + if(result) + goto out; + + result = CURLE_QUIC_CONNECT_ERROR; + Curl_cf_socket_peek(cf->next, data, &ctx->q.sockfd, + &peer_addr, NULL, &peer_port, NULL, NULL); + if(!peer_addr) + goto out; + + ctx->q.local_addrlen = sizeof(ctx->q.local_addr); + rv = getsockname(ctx->q.sockfd, (struct sockaddr *)&ctx->q.local_addr, + &ctx->q.local_addrlen); + if(rv == -1) + goto out; + + result = make_bio_addr(&baddr, peer_addr); + if(result) { + failf(data, "error creating BIO_ADDR from sockaddr"); + goto out; + } + + bio = BIO_new_dgram(ctx->q.sockfd, BIO_NOCLOSE); + if(!bio) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } + + if(!SSL_set1_initial_peer_addr(ctx->tls.ssl, baddr)) { + failf(data, "failed to set the initial peer address"); + result = CURLE_FAILED_INIT; + goto out; + } + if(!SSL_set_blocking_mode(ctx->tls.ssl, 0)) { + failf(data, "failed to turn off blocking mode"); + result = CURLE_FAILED_INIT; + goto out; + } + + SSL_set_bio(ctx->tls.ssl, bio, bio); + bio = NULL; + SSL_set_connect_state(ctx->tls.ssl); + SSL_set_incoming_stream_policy(ctx->tls.ssl, + SSL_INCOMING_STREAM_POLICY_ACCEPT, 0); + /* setup the H3 things on top of the QUIC connection */ + result = cf_osslq_h3conn_init(ctx, ctx->tls.ssl, cf); + +out: + if(bio) + BIO_free(bio); + if(baddr) + BIO_ADDR_free(baddr); + CURL_TRC_CF(data, cf, "QUIC tls init -> %d", result); + return result; +} + +struct h3_quic_recv_ctx { + struct Curl_cfilter *cf; + struct Curl_easy *data; + struct cf_osslq_stream *s; +}; + +static ssize_t h3_quic_recv(void *reader_ctx, + unsigned char *buf, size_t len, + CURLcode *err) +{ + struct h3_quic_recv_ctx *x = reader_ctx; + size_t nread; + int rv; + + *err = CURLE_OK; + rv = SSL_read_ex(x->s->ssl, buf, len, &nread); + if(rv <= 0) { + int detail = SSL_get_error(x->s->ssl, rv); + if(detail == SSL_ERROR_WANT_READ || detail == SSL_ERROR_WANT_WRITE) { + *err = CURLE_AGAIN; + return -1; + } + else if(detail == SSL_ERROR_ZERO_RETURN) { + CURL_TRC_CF(x->data, x->cf, "[%" PRId64 "] h3_quic_recv -> EOS", + x->s->id); + x->s->recvd_eos = TRUE; + return 0; + } + else if(SSL_get_stream_read_state(x->s->ssl) == + SSL_STREAM_STATE_RESET_REMOTE) { + uint64_t app_error_code = NGHTTP3_H3_NO_ERROR; + SSL_get_stream_read_error_code(x->s->ssl, &app_error_code); + CURL_TRC_CF(x->data, x->cf, "[%" PRId64 "] h3_quic_recv -> RESET, " + "rv=%d, app_err=%" PRIu64, + x->s->id, rv, app_error_code); + if(app_error_code != NGHTTP3_H3_NO_ERROR) { + x->s->reset = TRUE; + } + x->s->recvd_eos = TRUE; + return 0; + } + else { + *err = cf_osslq_ssl_err(x->cf, x->data, detail, CURLE_RECV_ERROR); + return -1; + } + } + else { + /* CURL_TRC_CF(x->data, x->cf, "[%" PRId64 "] h3_quic_recv -> %zu bytes", + x->s->id, nread); */ + } + return (ssize_t)nread; +} + +static CURLcode cf_osslq_stream_recv(struct cf_osslq_stream *s, + struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + CURLcode result = CURLE_OK; + ssize_t nread; + struct h3_quic_recv_ctx x; + int rv, eagain = FALSE; + size_t total_recv_len = 0; + + DEBUGASSERT(s); + if(s->closed) + return CURLE_OK; + + x.cf = cf; + x.data = data; + x.s = s; + while(s->ssl && !s->closed && !eagain && + (total_recv_len < H3_STREAM_CHUNK_SIZE)) { + if(Curl_bufq_is_empty(&s->recvbuf) && !s->recvd_eos) { + while(!eagain && !s->recvd_eos && !Curl_bufq_is_full(&s->recvbuf)) { + nread = Curl_bufq_sipn(&s->recvbuf, 0, h3_quic_recv, &x, &result); + if(nread < 0) { + if(result != CURLE_AGAIN) + goto out; + result = CURLE_OK; + eagain = TRUE; + } + } + } + + /* Forward what we have to nghttp3 */ + if(!Curl_bufq_is_empty(&s->recvbuf)) { + const unsigned char *buf; + size_t blen; + + while(Curl_bufq_peek(&s->recvbuf, &buf, &blen)) { + nread = nghttp3_conn_read_stream(ctx->h3.conn, s->id, + buf, blen, 0); + CURL_TRC_CF(data, cf, "[%" PRId64 "] forward %zu bytes " + "to nghttp3 -> %zd", s->id, blen, nread); + if(nread < 0) { + failf(data, "nghttp3_conn_read_stream(len=%zu) error: %s", + blen, nghttp3_strerror((int)nread)); + result = CURLE_RECV_ERROR; + goto out; + } + /* success, `nread` is the flow for QUIC to count as "consumed", + * not sure how that will work with OpenSSL. Anyways, without error, + * all data that we passed is not owned by nghttp3. */ + Curl_bufq_skip(&s->recvbuf, blen); + total_recv_len += blen; + } + } + + /* When we forwarded everything, handle RESET/EOS */ + if(Curl_bufq_is_empty(&s->recvbuf) && !s->closed) { + result = CURLE_OK; + if(s->reset) { + uint64_t app_error; + if(!SSL_get_stream_read_error_code(s->ssl, &app_error)) { + failf(data, "SSL_get_stream_read_error_code returned error"); + result = CURLE_RECV_ERROR; + goto out; + } + rv = nghttp3_conn_close_stream(ctx->h3.conn, s->id, app_error); + s->closed = TRUE; + if(rv < 0 && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { + failf(data, "nghttp3_conn_close_stream returned error: %s", + nghttp3_strerror(rv)); + result = CURLE_RECV_ERROR; + goto out; + } + } + else if(s->recvd_eos) { + rv = nghttp3_conn_close_stream(ctx->h3.conn, s->id, + NGHTTP3_H3_NO_ERROR); + s->closed = TRUE; + CURL_TRC_CF(data, cf, "[%" PRId64 "] close nghttp3 stream -> %d", + s->id, rv); + if(rv < 0 && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { + failf(data, "nghttp3_conn_close_stream returned error: %s", + nghttp3_strerror(rv)); + result = CURLE_RECV_ERROR; + goto out; + } + } + } + } +out: + if(result) + CURL_TRC_CF(data, cf, "[%" PRId64 "] cf_osslq_stream_recv -> %d", + s->id, result); + return result; +} + +static CURLcode cf_progress_ingress(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + CURLcode result = CURLE_OK; + + if(!ctx->tls.ssl) + goto out; + + ERR_clear_error(); + + /* 1. Check for new incoming streams */ + while(1) { + SSL *snew = SSL_accept_stream(ctx->tls.ssl, SSL_ACCEPT_STREAM_NO_BLOCK); + if(!snew) + break; + + (void)cf_osslq_h3conn_add_stream(&ctx->h3, snew, cf, data); + } + + if(!SSL_handle_events(ctx->tls.ssl)) { + int detail = SSL_get_error(ctx->tls.ssl, 0); + result = cf_osslq_ssl_err(cf, data, detail, CURLE_RECV_ERROR); + } + + if(ctx->h3.conn) { + size_t i; + for(i = 0; i < ctx->h3.remote_ctrl_n; ++i) { + result = cf_osslq_stream_recv(&ctx->h3.remote_ctrl[i], cf, data); + if(result) + goto out; + } + } + + if(ctx->h3.conn) { + struct Curl_easy *sdata; + struct h3_stream_ctx *stream; + /* PULL all open streams */ + DEBUGASSERT(data->multi); + for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + if(sdata->conn == data->conn && CURL_WANT_RECV(sdata)) { + stream = H3_STREAM_CTX(sdata); + if(stream && !stream->closed && + !Curl_bufq_is_full(&stream->recvbuf)) { + result = cf_osslq_stream_recv(&stream->s, cf, sdata); + if(result) + goto out; + } + } + } + } + +out: + CURL_TRC_CF(data, cf, "progress_ingress -> %d", result); + return result; +} + +/* Iterate over all streams and check if blocked can be unblocked */ +static CURLcode cf_osslq_check_and_unblock(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + struct Curl_easy *sdata; + struct h3_stream_ctx *stream; + + if(ctx->h3.conn) { + for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + if(sdata->conn == data->conn) { + stream = H3_STREAM_CTX(sdata); + if(stream && stream->s.ssl && stream->s.send_blocked && + !SSL_want_write(stream->s.ssl)) { + nghttp3_conn_unblock_stream(ctx->h3.conn, stream->s.id); + stream->s.send_blocked = FALSE; + h3_drain_stream(cf, sdata); + CURL_TRC_CF(sdata, cf, "unblocked"); + } + } + } + } + return CURLE_OK; +} + +static CURLcode h3_send_streams(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + CURLcode result = CURLE_OK; + + if(!ctx->tls.ssl || !ctx->h3.conn) + goto out; + + for(;;) { + struct cf_osslq_stream *s = NULL; + nghttp3_vec vec[16]; + nghttp3_ssize n, i; + int64_t stream_id; + size_t written; + int eos, ok, rv; + size_t total_len, acked_len = 0; + bool blocked = FALSE; + + n = nghttp3_conn_writev_stream(ctx->h3.conn, &stream_id, &eos, + vec, ARRAYSIZE(vec)); + if(n < 0) { + failf(data, "nghttp3_conn_writev_stream returned error: %s", + nghttp3_strerror((int)n)); + result = CURLE_SEND_ERROR; + goto out; + } + if(stream_id < 0) { + result = CURLE_OK; + goto out; + } + + /* Get the stream for this data */ + s = cf_osslq_get_qstream(cf, data, stream_id); + if(!s) { + failf(data, "nghttp3_conn_writev_stream gave unknown stream %" PRId64, + stream_id); + result = CURLE_SEND_ERROR; + goto out; + } + /* Now write the data to the stream's SSL*, it may not all fit! */ + DEBUGASSERT(s->id == stream_id); + for(i = 0, total_len = 0; i < n; ++i) { + total_len += vec[i].len; + } + for(i = 0; (i < n) && !blocked; ++i) { + /* Without stream->s.ssl, we closed that already, so + * pretend the write did succeed. */ + written = vec[i].len; + ok = !s->ssl || SSL_write_ex(s->ssl, vec[i].base, vec[i].len, + &written); + if(ok) { + /* As OpenSSL buffers the data, we count this as acknowledged + * from nghttp3's point of view */ + CURL_TRC_CF(data, cf, "[%"PRId64"] send %zu bytes to QUIC ok", + s->id, vec[i].len); + acked_len += vec[i].len; + } + else { + int detail = SSL_get_error(s->ssl, 0); + switch(detail) { + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_READ: + /* QUIC blocked us from writing more */ + CURL_TRC_CF(data, cf, "[%"PRId64"] send %zu bytes to QUIC blocked", + s->id, vec[i].len); + written = 0; + nghttp3_conn_block_stream(ctx->h3.conn, s->id); + s->send_blocked = blocked = TRUE; + break; + default: + failf(data, "[%"PRId64"] send %zu bytes to QUIC, SSL error %d", + s->id, vec[i].len, detail); + result = cf_osslq_ssl_err(cf, data, detail, CURLE_SEND_ERROR); + goto out; + } + } + } + + if(acked_len > 0 || (eos && !s->send_blocked)) { + /* Since QUIC buffers the data written internally, we can tell + * nghttp3 that it can move forward on it */ + rv = nghttp3_conn_add_write_offset(ctx->h3.conn, s->id, acked_len); + if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { + failf(data, "nghttp3_conn_add_write_offset returned error: %s\n", + nghttp3_strerror(rv)); + result = CURLE_SEND_ERROR; + goto out; + } + rv = nghttp3_conn_add_ack_offset(ctx->h3.conn, s->id, acked_len); + if(rv && rv != NGHTTP3_ERR_STREAM_NOT_FOUND) { + failf(data, "nghttp3_conn_add_ack_offset returned error: %s\n", + nghttp3_strerror(rv)); + result = CURLE_SEND_ERROR; + goto out; + } + CURL_TRC_CF(data, cf, "[%" PRId64 "] forwarded %zu/%zu h3 bytes " + "to QUIC, eos=%d", s->id, acked_len, total_len, eos); + } + + if(eos && !s->send_blocked) { + /* wrote everything and H3 indicates end of stream */ + CURL_TRC_CF(data, cf, "[%" PRId64 "] closing QUIC stream", s->id); + SSL_stream_conclude(s->ssl, 0); + } + } + +out: + CURL_TRC_CF(data, cf, "h3_send_streams -> %d", result); + return result; +} + +static CURLcode cf_progress_egress(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + CURLcode result = CURLE_OK; + + if(!ctx->tls.ssl) + goto out; + + ERR_clear_error(); + result = h3_send_streams(cf, data); + if(result) + goto out; + + if(!SSL_handle_events(ctx->tls.ssl)) { + int detail = SSL_get_error(ctx->tls.ssl, 0); + result = cf_osslq_ssl_err(cf, data, detail, CURLE_SEND_ERROR); + } + + result = cf_osslq_check_and_unblock(cf, data); + +out: + CURL_TRC_CF(data, cf, "progress_egress -> %d", result); + return result; +} + +static CURLcode check_and_set_expiry(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + CURLcode result = CURLE_OK; + struct timeval tv; + timediff_t timeoutms; + int is_infinite = TRUE; + + if(ctx->tls.ssl && + SSL_get_event_timeout(ctx->tls.ssl, &tv, &is_infinite) && + !is_infinite) { + timeoutms = curlx_tvtoms(&tv); + /* QUIC want to be called again latest at the returned timeout */ + if(timeoutms <= 0) { + result = cf_progress_ingress(cf, data); + if(result) + goto out; + result = cf_progress_egress(cf, data); + if(result) + goto out; + if(SSL_get_event_timeout(ctx->tls.ssl, &tv, &is_infinite)) { + timeoutms = curlx_tvtoms(&tv); + } + } + if(!is_infinite) { + Curl_expire(data, timeoutms, EXPIRE_QUIC); + CURL_TRC_CF(data, cf, "QUIC expiry in %ldms", (long)timeoutms); + } + } +out: + return result; +} + +static CURLcode cf_osslq_connect(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool blocking, bool *done) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + CURLcode result = CURLE_OK; + struct cf_call_data save; + struct curltime now; + int err; + + if(cf->connected) { + *done = TRUE; + return CURLE_OK; + } + + /* Connect the UDP filter first */ + if(!cf->next->connected) { + result = Curl_conn_cf_connect(cf->next, data, blocking, done); + if(result || !*done) + return result; + } + + *done = FALSE; + now = Curl_now(); + CF_DATA_SAVE(save, cf, data); + + if(ctx->reconnect_at.tv_sec && Curl_timediff(now, ctx->reconnect_at) < 0) { + /* Not time yet to attempt the next connect */ + CURL_TRC_CF(data, cf, "waiting for reconnect time"); + goto out; + } + + if(!ctx->tls.ssl) { + ctx->started_at = now; + result = cf_osslq_ctx_start(cf, data); + if(result) + goto out; + } + + if(!ctx->got_first_byte) { + int readable = SOCKET_READABLE(ctx->q.sockfd, 0); + if(readable > 0 && (readable & CURL_CSELECT_IN)) { + ctx->got_first_byte = TRUE; + ctx->first_byte_at = Curl_now(); + } + } + + ERR_clear_error(); + err = SSL_do_handshake(ctx->tls.ssl); + + if(err == 1) { + /* connected */ + ctx->handshake_at = now; + CURL_TRC_CF(data, cf, "handshake complete after %dms", + (int)Curl_timediff(now, ctx->started_at)); + result = cf_osslq_verify_peer(cf, data); + if(!result) { + CURL_TRC_CF(data, cf, "peer verified"); + cf->connected = TRUE; + cf->conn->alpn = CURL_HTTP_VERSION_3; + *done = TRUE; + connkeep(cf->conn, "HTTP/3 default"); + } + } + else { + int detail = SSL_get_error(ctx->tls.ssl, err); + switch(detail) { + case SSL_ERROR_WANT_READ: + CURL_TRC_CF(data, cf, "QUIC SSL_connect() -> WANT_RECV"); + result = Curl_vquic_tls_before_recv(&ctx->tls, cf, data); + goto out; + case SSL_ERROR_WANT_WRITE: + CURL_TRC_CF(data, cf, "QUIC SSL_connect() -> WANT_SEND"); + result = CURLE_OK; + goto out; +#ifdef SSL_ERROR_WANT_ASYNC + case SSL_ERROR_WANT_ASYNC: + CURL_TRC_CF(data, cf, "QUIC SSL_connect() -> WANT_ASYNC"); + result = CURLE_OK; + goto out; +#endif +#ifdef SSL_ERROR_WANT_RETRY_VERIFY + case SSL_ERROR_WANT_RETRY_VERIFY: + result = CURLE_OK; + goto out; +#endif + default: + result = cf_osslq_ssl_err(cf, data, detail, CURLE_COULDNT_CONNECT); + goto out; + } + } + +out: + if(result == CURLE_RECV_ERROR && ctx->tls.ssl && ctx->protocol_shutdown) { + /* When a QUIC server instance is shutting down, it may send us a + * CONNECTION_CLOSE right away. Our connection then enters the DRAINING + * state. The CONNECT may work in the near future again. Indicate + * that as a "weird" reply. */ + result = CURLE_WEIRD_SERVER_REPLY; + } + +#ifndef CURL_DISABLE_VERBOSE_STRINGS + if(result) { + const char *r_ip = NULL; + int r_port = 0; + + Curl_cf_socket_peek(cf->next, data, NULL, NULL, + &r_ip, &r_port, NULL, NULL); + infof(data, "QUIC connect to %s port %u failed: %s", + r_ip, r_port, curl_easy_strerror(result)); + } +#endif + if(!result) + result = check_and_set_expiry(cf, data); + if(result || *done) + CURL_TRC_CF(data, cf, "connect -> %d, done=%d", result, *done); + CF_DATA_RESTORE(cf, save); + return result; +} + +static ssize_t h3_stream_open(struct Curl_cfilter *cf, + struct Curl_easy *data, + const void *buf, size_t len, + CURLcode *err) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + struct h3_stream_ctx *stream = NULL; + struct dynhds h2_headers; + size_t nheader; + nghttp3_nv *nva = NULL; + int rc = 0; + unsigned int i; + ssize_t nwritten = -1; + nghttp3_data_reader reader; + nghttp3_data_reader *preader = NULL; + + Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST); + + *err = h3_data_setup(cf, data); + if(*err) + goto out; + stream = H3_STREAM_CTX(data); + DEBUGASSERT(stream); + if(!stream) { + *err = CURLE_FAILED_INIT; + goto out; + } + + nwritten = Curl_h1_req_parse_read(&stream->h1, buf, len, NULL, 0, err); + if(nwritten < 0) + goto out; + if(!stream->h1.done) { + /* need more data */ + goto out; + } + DEBUGASSERT(stream->h1.req); + + *err = Curl_http_req_to_h2(&h2_headers, stream->h1.req, data); + if(*err) { + nwritten = -1; + goto out; + } + /* no longer needed */ + Curl_h1_req_parse_free(&stream->h1); + + nheader = Curl_dynhds_count(&h2_headers); + nva = malloc(sizeof(nghttp3_nv) * nheader); + if(!nva) { + *err = CURLE_OUT_OF_MEMORY; + nwritten = -1; + goto out; + } + + for(i = 0; i < nheader; ++i) { + struct dynhds_entry *e = Curl_dynhds_getn(&h2_headers, i); + nva[i].name = (unsigned char *)e->name; + nva[i].namelen = e->namelen; + nva[i].value = (unsigned char *)e->value; + nva[i].valuelen = e->valuelen; + nva[i].flags = NGHTTP3_NV_FLAG_NONE; + } + + DEBUGASSERT(stream->s.id == -1); + *err = cf_osslq_stream_open(&stream->s, ctx->tls.ssl, 0, + &ctx->stream_bufcp, data); + if(*err) { + failf(data, "can't get bidi streams"); + *err = CURLE_SEND_ERROR; + goto out; + } + + switch(data->state.httpreq) { + case HTTPREQ_POST: + case HTTPREQ_POST_FORM: + case HTTPREQ_POST_MIME: + case HTTPREQ_PUT: + /* known request body size or -1 */ + if(data->state.infilesize != -1) + stream->upload_left = data->state.infilesize; + else + /* data sending without specifying the data amount up front */ + stream->upload_left = -1; /* unknown */ + break; + default: + /* there is not request body */ + stream->upload_left = 0; /* no request body */ + break; + } + + stream->send_closed = (stream->upload_left == 0); + if(!stream->send_closed) { + reader.read_data = cb_h3_read_req_body; + preader = &reader; + } + + rc = nghttp3_conn_submit_request(ctx->h3.conn, stream->s.id, + nva, nheader, preader, data); + if(rc) { + switch(rc) { + case NGHTTP3_ERR_CONN_CLOSING: + CURL_TRC_CF(data, cf, "h3sid[%"PRId64"] failed to send, " + "connection is closing", stream->s.id); + break; + default: + CURL_TRC_CF(data, cf, "h3sid[%"PRId64"] failed to send -> %d (%s)", + stream->s.id, rc, nghttp3_strerror(rc)); + break; + } + *err = CURLE_SEND_ERROR; + nwritten = -1; + goto out; + } + + if(Curl_trc_is_verbose(data)) { + infof(data, "[HTTP/3] [%" PRId64 "] OPENED stream for %s", + stream->s.id, data->state.url); + for(i = 0; i < nheader; ++i) { + infof(data, "[HTTP/3] [%" PRId64 "] [%.*s: %.*s]", stream->s.id, + (int)nva[i].namelen, nva[i].name, + (int)nva[i].valuelen, nva[i].value); + } + } + +out: + free(nva); + Curl_dynhds_free(&h2_headers); + return nwritten; +} + +static ssize_t cf_osslq_send(struct Curl_cfilter *cf, struct Curl_easy *data, + const void *buf, size_t len, CURLcode *err) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + struct cf_call_data save; + ssize_t nwritten; + CURLcode result; + + CF_DATA_SAVE(save, cf, data); + DEBUGASSERT(cf->connected); + DEBUGASSERT(ctx->tls.ssl); + DEBUGASSERT(ctx->h3.conn); + *err = CURLE_OK; + + result = cf_progress_ingress(cf, data); + if(result) { + *err = result; + nwritten = -1; + goto out; + } + + result = cf_progress_egress(cf, data); + if(result) { + *err = result; + nwritten = -1; + goto out; + } + + if(!stream || stream->s.id < 0) { + nwritten = h3_stream_open(cf, data, buf, len, err); + if(nwritten < 0) { + CURL_TRC_CF(data, cf, "failed to open stream -> %d", *err); + goto out; + } + stream = H3_STREAM_CTX(data); + } + else if(stream->upload_blocked_len) { + /* the data in `buf` has already been submitted or added to the + * buffers, but have been EAGAINed on the last invocation. */ + DEBUGASSERT(len >= stream->upload_blocked_len); + if(len < stream->upload_blocked_len) { + /* Did we get called again with a smaller `len`? This should not + * happen. We are not prepared to handle that. */ + failf(data, "HTTP/3 send again with decreased length"); + *err = CURLE_HTTP3; + nwritten = -1; + goto out; + } + nwritten = (ssize_t)stream->upload_blocked_len; + stream->upload_blocked_len = 0; + } + else if(stream->closed) { + if(stream->resp_hds_complete) { + /* Server decided to close the stream after having sent us a final + * response. This is valid if it is not interested in the request + * body. This happens on 30x or 40x responses. + * We silently discard the data sent, since this is not a transport + * error situation. */ + CURL_TRC_CF(data, cf, "[%" PRId64 "] discarding data" + "on closed stream with response", stream->s.id); + *err = CURLE_OK; + nwritten = (ssize_t)len; + goto out; + } + CURL_TRC_CF(data, cf, "[%" PRId64 "] send_body(len=%zu) " + "-> stream closed", stream->s.id, len); + *err = CURLE_HTTP3; + nwritten = -1; + goto out; + } + else { + nwritten = Curl_bufq_write(&stream->sendbuf, buf, len, err); + CURL_TRC_CF(data, cf, "[%" PRId64 "] cf_send, add to " + "sendbuf(len=%zu) -> %zd, %d", + stream->s.id, len, nwritten, *err); + if(nwritten < 0) { + goto out; + } + + (void)nghttp3_conn_resume_stream(ctx->h3.conn, stream->s.id); + } + + result = cf_progress_egress(cf, data); + if(result) { + *err = result; + nwritten = -1; + } + + if(stream && nwritten > 0 && stream->sendbuf_len_in_flight) { + /* We have unacknowledged DATA and cannot report success to our + * caller. Instead we EAGAIN and remember how much we have already + * "written" into our various internal connection buffers. */ + stream->upload_blocked_len = nwritten; + CURL_TRC_CF(data, cf, "[%" PRId64 "] cf_send(len=%zu), " + "%zu bytes in flight -> EGAIN", stream->s.id, len, + stream->sendbuf_len_in_flight); + *err = CURLE_AGAIN; + nwritten = -1; + } + +out: + result = check_and_set_expiry(cf, data); + CURL_TRC_CF(data, cf, "[%" PRId64 "] cf_send(len=%zu) -> %zd, %d", + stream? stream->s.id : -1, len, nwritten, *err); + CF_DATA_RESTORE(cf, save); + return nwritten; +} + +static ssize_t recv_closed_stream(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct h3_stream_ctx *stream, + CURLcode *err) +{ + ssize_t nread = -1; + + (void)cf; + if(stream->reset) { + failf(data, + "HTTP/3 stream %" PRId64 " reset by server", stream->s.id); + *err = stream->resp_hds_complete? CURLE_PARTIAL_FILE : CURLE_HTTP3; + goto out; + } + else if(!stream->resp_hds_complete) { + failf(data, + "HTTP/3 stream %" PRId64 " was closed cleanly, but before getting" + " all response header fields, treated as error", + stream->s.id); + *err = CURLE_HTTP3; + goto out; + } + *err = CURLE_OK; + nread = 0; + +out: + return nread; +} + +static ssize_t cf_osslq_recv(struct Curl_cfilter *cf, struct Curl_easy *data, + char *buf, size_t len, CURLcode *err) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + ssize_t nread = -1; + struct cf_call_data save; + CURLcode result; + + (void)ctx; + CF_DATA_SAVE(save, cf, data); + DEBUGASSERT(cf->connected); + DEBUGASSERT(ctx); + DEBUGASSERT(ctx->tls.ssl); + DEBUGASSERT(ctx->h3.conn); + *err = CURLE_OK; + + if(!stream) { + *err = CURLE_RECV_ERROR; + goto out; + } + + if(!Curl_bufq_is_empty(&stream->recvbuf)) { + nread = Curl_bufq_read(&stream->recvbuf, + (unsigned char *)buf, len, err); + if(nread < 0) { + CURL_TRC_CF(data, cf, "[%" PRId64 "] read recvbuf(len=%zu) " + "-> %zd, %d", stream->s.id, len, nread, *err); + goto out; + } + } + + result = cf_progress_ingress(cf, data); + if(result) { + *err = result; + nread = -1; + goto out; + } + + /* recvbuf had nothing before, maybe after progressing ingress? */ + if(nread < 0 && !Curl_bufq_is_empty(&stream->recvbuf)) { + nread = Curl_bufq_read(&stream->recvbuf, + (unsigned char *)buf, len, err); + if(nread < 0) { + CURL_TRC_CF(data, cf, "[%" PRId64 "] read recvbuf(len=%zu) " + "-> %zd, %d", stream->s.id, len, nread, *err); + goto out; + } + } + + if(nread > 0) { + h3_drain_stream(cf, data); + } + else { + if(stream->closed) { + nread = recv_closed_stream(cf, data, stream, err); + goto out; + } + *err = CURLE_AGAIN; + nread = -1; + } + +out: + if(cf_progress_egress(cf, data)) { + *err = CURLE_SEND_ERROR; + nread = -1; + } + else { + CURLcode result2 = check_and_set_expiry(cf, data); + if(result2) { + *err = result2; + nread = -1; + } + } + CURL_TRC_CF(data, cf, "[%" PRId64 "] cf_recv(len=%zu) -> %zd, %d", + stream? stream->s.id : -1, len, nread, *err); + CF_DATA_RESTORE(cf, save); + return nread; +} + +/* + * Called from transfer.c:data_pending to know if we should keep looping + * to receive more data from the connection. + */ +static bool cf_osslq_data_pending(struct Curl_cfilter *cf, + const struct Curl_easy *data) +{ + const struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + (void)cf; + return stream && !Curl_bufq_is_empty(&stream->recvbuf); +} + +static CURLcode cf_osslq_data_event(struct Curl_cfilter *cf, + struct Curl_easy *data, + int event, int arg1, void *arg2) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + CURLcode result = CURLE_OK; + struct cf_call_data save; + + CF_DATA_SAVE(save, cf, data); + (void)arg1; + (void)arg2; + switch(event) { + case CF_CTRL_DATA_SETUP: + break; + case CF_CTRL_DATA_PAUSE: + result = h3_data_pause(cf, data, (arg1 != 0)); + break; + case CF_CTRL_DATA_DETACH: + h3_data_done(cf, data); + break; + case CF_CTRL_DATA_DONE: + h3_data_done(cf, data); + break; + case CF_CTRL_DATA_DONE_SEND: { + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + if(stream && !stream->send_closed) { + stream->send_closed = TRUE; + stream->upload_left = Curl_bufq_len(&stream->sendbuf); + (void)nghttp3_conn_resume_stream(ctx->h3.conn, stream->s.id); + } + break; + } + case CF_CTRL_DATA_IDLE: { + struct h3_stream_ctx *stream = H3_STREAM_CTX(data); + CURL_TRC_CF(data, cf, "data idle"); + if(stream && !stream->closed) { + result = check_and_set_expiry(cf, data); + } + break; + } + default: + break; + } + CF_DATA_RESTORE(cf, save); + return result; +} + +static bool cf_osslq_conn_is_alive(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool *input_pending) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + bool alive = FALSE; + struct cf_call_data save; + + CF_DATA_SAVE(save, cf, data); + *input_pending = FALSE; + if(!ctx->tls.ssl) + goto out; + + /* TODO: how to check negotiated connection idle time? */ + + if(!cf->next || !cf->next->cft->is_alive(cf->next, data, input_pending)) + goto out; + + alive = TRUE; + if(*input_pending) { + CURLcode result; + /* This happens before we've sent off a request and the connection is + not in use by any other transfer, there shouldn't be any data here, + only "protocol frames" */ + *input_pending = FALSE; + result = cf_progress_ingress(cf, data); + CURL_TRC_CF(data, cf, "is_alive, progress ingress -> %d", result); + alive = result? FALSE : TRUE; + } + +out: + CF_DATA_RESTORE(cf, save); + return alive; +} + +static void cf_osslq_adjust_pollset(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct easy_pollset *ps) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + + if(!ctx->tls.ssl) { + /* NOP */ + } + else if(!cf->connected) { + /* during handshake, transfer has not started yet. we always + * add our socket for polling if SSL wants to send/recv */ + Curl_pollset_set(data, ps, ctx->q.sockfd, + SSL_net_read_desired(ctx->tls.ssl), + SSL_net_write_desired(ctx->tls.ssl)); + } + else { + /* once connected, we only modify the socket if it is present. + * this avoids adding it for paused transfers. */ + bool want_recv, want_send; + Curl_pollset_check(data, ps, ctx->q.sockfd, &want_recv, &want_send); + if(want_recv || want_send) { + Curl_pollset_set(data, ps, ctx->q.sockfd, + SSL_net_read_desired(ctx->tls.ssl), + SSL_net_write_desired(ctx->tls.ssl)); + } + } +} + +static CURLcode cf_osslq_query(struct Curl_cfilter *cf, + struct Curl_easy *data, + int query, int *pres1, void *pres2) +{ + struct cf_osslq_ctx *ctx = cf->ctx; + struct cf_call_data save; + + switch(query) { + case CF_QUERY_MAX_CONCURRENT: { + /* TODO: how to get this? */ + CF_DATA_SAVE(save, cf, data); + *pres1 = 100; + CURL_TRC_CF(data, cf, "query max_conncurrent -> %d", *pres1); + CF_DATA_RESTORE(cf, save); + return CURLE_OK; + } + case CF_QUERY_CONNECT_REPLY_MS: + if(ctx->got_first_byte) { + timediff_t ms = Curl_timediff(ctx->first_byte_at, ctx->started_at); + *pres1 = (ms < INT_MAX)? (int)ms : INT_MAX; + } + else + *pres1 = -1; + return CURLE_OK; + case CF_QUERY_TIMER_CONNECT: { + struct curltime *when = pres2; + if(ctx->got_first_byte) + *when = ctx->first_byte_at; + return CURLE_OK; + } + case CF_QUERY_TIMER_APPCONNECT: { + struct curltime *when = pres2; + if(cf->connected) + *when = ctx->handshake_at; + return CURLE_OK; + } + default: + break; + } + return cf->next? + cf->next->cft->query(cf->next, data, query, pres1, pres2) : + CURLE_UNKNOWN_OPTION; +} + +struct Curl_cftype Curl_cft_http3 = { + "HTTP/3", + CF_TYPE_IP_CONNECT | CF_TYPE_SSL | CF_TYPE_MULTIPLEX, + 0, + cf_osslq_destroy, + cf_osslq_connect, + cf_osslq_close, + Curl_cf_def_get_host, + cf_osslq_adjust_pollset, + cf_osslq_data_pending, + cf_osslq_send, + cf_osslq_recv, + cf_osslq_data_event, + cf_osslq_conn_is_alive, + Curl_cf_def_conn_keep_alive, + cf_osslq_query, +}; + +CURLcode Curl_cf_osslq_create(struct Curl_cfilter **pcf, + struct Curl_easy *data, + struct connectdata *conn, + const struct Curl_addrinfo *ai) +{ + struct cf_osslq_ctx *ctx = NULL; + struct Curl_cfilter *cf = NULL, *udp_cf = NULL; + CURLcode result; + + (void)data; + ctx = calloc(1, sizeof(*ctx)); + if(!ctx) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } + cf_osslq_ctx_clear(ctx); + + result = Curl_cf_create(&cf, &Curl_cft_http3, ctx); + if(result) + goto out; + + result = Curl_cf_udp_create(&udp_cf, data, conn, ai, TRNSPRT_QUIC); + if(result) + goto out; + + cf->conn = conn; + udp_cf->conn = cf->conn; + udp_cf->sockindex = cf->sockindex; + cf->next = udp_cf; + +out: + *pcf = (!result)? cf : NULL; + if(result) { + if(udp_cf) + Curl_conn_cf_discard_sub(cf, udp_cf, data, TRUE); + Curl_safefree(cf); + Curl_safefree(ctx); + } + return result; +} + +bool Curl_conn_is_osslq(const struct Curl_easy *data, + const struct connectdata *conn, + int sockindex) +{ + struct Curl_cfilter *cf = conn? conn->cfilter[sockindex] : NULL; + + (void)data; + for(; cf; cf = cf->next) { + if(cf->cft == &Curl_cft_http3) + return TRUE; + if(cf->cft->flags & CF_TYPE_IP_CONNECT) + return FALSE; + } + return FALSE; +} + +/* + * Store ngtcp2 version info in this buffer. + */ +void Curl_osslq_ver(char *p, size_t len) +{ + const nghttp3_info *ht3 = nghttp3_version(0); + (void)msnprintf(p, len, "nghttp3/%s", ht3->version_str); +} + +#endif /* USE_OPENSSL_QUIC && USE_NGHTTP3 */ diff --git a/lib/vquic/curl_osslq.h b/lib/vquic/curl_osslq.h new file mode 100644 index 000000000..0e12d7023 --- /dev/null +++ b/lib/vquic/curl_osslq.h @@ -0,0 +1,51 @@ +#ifndef HEADER_CURL_VQUIC_CURL_OSSLQ_H +#define HEADER_CURL_VQUIC_CURL_OSSLQ_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + +#include "curl_setup.h" + +#if defined(USE_OPENSSL_QUIC) && defined(USE_NGHTTP3) + +#ifdef HAVE_NETINET_UDP_H +#include +#endif + +struct Curl_cfilter; + +#include "urldata.h" + +void Curl_osslq_ver(char *p, size_t len); + +CURLcode Curl_cf_osslq_create(struct Curl_cfilter **pcf, + struct Curl_easy *data, + struct connectdata *conn, + const struct Curl_addrinfo *ai); + +bool Curl_conn_is_osslq(const struct Curl_easy *data, + const struct connectdata *conn, + int sockindex); +#endif + +#endif /* HEADER_CURL_VQUIC_CURL_OSSLQ_H */ diff --git a/lib/vquic/curl_quiche.c b/lib/vquic/curl_quiche.c index 3f5d32743..fcb0eb8f8 100644 --- a/lib/vquic/curl_quiche.c +++ b/lib/vquic/curl_quiche.c @@ -43,6 +43,7 @@ #include "http1.h" #include "vquic.h" #include "vquic_int.h" +#include "vquic-tls.h" #include "curl_quiche.h" #include "transfer.h" #include "inet_pton.h" @@ -55,10 +56,10 @@ #include "curl_memory.h" #include "memdebug.h" -/* #define DEBUG_QUICHE */ +/* HTTP/3 error values defined in RFC 9114, ch. 8.1 */ +#define CURL_H3_NO_ERROR (0x0100) #define QUIC_MAX_STREAMS (100) -#define QUIC_IDLE_TIMEOUT (60 * 1000) /* milliseconds */ #define H3_STREAM_WINDOW_SIZE (128 * 1024) #define H3_STREAM_CHUNK_SIZE (16 * 1024) @@ -84,30 +85,22 @@ void Curl_quiche_ver(char *p, size_t len) (void)msnprintf(p, len, "quiche/%s", quiche_version()); } -static void keylog_callback(const SSL *ssl, const char *line) -{ - (void)ssl; - Curl_tls_keylog_write_line(line); -} - struct cf_quiche_ctx { struct cf_quic_ctx q; + struct ssl_peer peer; + struct quic_tls_ctx tls; quiche_conn *qconn; quiche_config *cfg; quiche_h3_conn *h3c; quiche_h3_config *h3config; uint8_t scid[QUICHE_MAX_CONN_ID_LEN]; - SSL_CTX *sslctx; - SSL *ssl; struct curltime started_at; /* time the current attempt started */ struct curltime handshake_at; /* time connect handshake finished */ - struct curltime first_byte_at; /* when first byte was recvd */ struct curltime reconnect_at; /* time the next attempt should start */ struct bufc_pool stream_bufcp; /* chunk pool for streams */ curl_off_t data_recvd; - size_t sends_on_hold; /* # of streams with SEND_HOLD set */ + uint64_t max_idle_ms; /* max idle time for QUIC conn */ BIT(goaway); /* got GOAWAY from server */ - BIT(got_first_byte); /* if first byte was received */ BIT(x509_store_setup); /* if x509 store has been set up */ }; @@ -122,108 +115,23 @@ static void quiche_debug_log(const char *line, void *argp) static void cf_quiche_ctx_clear(struct cf_quiche_ctx *ctx) { if(ctx) { - vquic_ctx_free(&ctx->q); - if(ctx->qconn) - quiche_conn_free(ctx->qconn); - if(ctx->h3config) - quiche_h3_config_free(ctx->h3config); if(ctx->h3c) quiche_h3_conn_free(ctx->h3c); + if(ctx->h3config) + quiche_h3_config_free(ctx->h3config); + if(ctx->qconn) + quiche_conn_free(ctx->qconn); if(ctx->cfg) quiche_config_free(ctx->cfg); + /* quiche just freed ctx->tls.ssl */ + ctx->tls.ssl = NULL; + Curl_vquic_tls_cleanup(&ctx->tls); + Curl_ssl_peer_cleanup(&ctx->peer); + vquic_ctx_free(&ctx->q); Curl_bufcp_free(&ctx->stream_bufcp); - memset(ctx, 0, sizeof(*ctx)); - } -} - -static CURLcode quic_x509_store_setup(struct Curl_cfilter *cf, - struct Curl_easy *data) -{ - struct cf_quiche_ctx *ctx = cf->ctx; - - if(!ctx->x509_store_setup) { - if(cf->conn->ssl_config.verifypeer) { - const char * const ssl_cafile = cf->conn->ssl_config.CAfile; - const char * const ssl_capath = cf->conn->ssl_config.CApath; - if(ssl_cafile || ssl_capath) { - SSL_CTX_set_verify(ctx->sslctx, SSL_VERIFY_PEER, NULL); - /* tell OpenSSL where to find CA certificates that are used to verify - the server's certificate. */ - if(!SSL_CTX_load_verify_locations(ctx->sslctx, ssl_cafile, - ssl_capath)) { - /* Fail if we insist on successfully verifying the server. */ - failf(data, "error setting certificate verify locations:" - " CAfile: %s CApath: %s", - ssl_cafile ? ssl_cafile : "none", - ssl_capath ? ssl_capath : "none"); - return CURLE_SSL_CACERT_BADFILE; - } - infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); - infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); - } -#ifdef CURL_CA_FALLBACK - else { - /* verifying the peer without any CA certificates won't work so - use openssl's built-in default as fallback */ - SSL_CTX_set_default_verify_paths(ctx->sslctx); - } -#endif - } - ctx->x509_store_setup = TRUE; - } - return CURLE_OK; -} - -static CURLcode quic_ssl_setup(struct Curl_cfilter *cf, struct Curl_easy *data) -{ - struct cf_quiche_ctx *ctx = cf->ctx; - unsigned char checkip[16]; - struct connectdata *conn = data->conn; - const char *curves = conn->ssl_config.curves; - - DEBUGASSERT(!ctx->sslctx); - ctx->sslctx = SSL_CTX_new(TLS_method()); - if(!ctx->sslctx) - return CURLE_OUT_OF_MEMORY; - - SSL_CTX_set_alpn_protos(ctx->sslctx, - (const uint8_t *)QUICHE_H3_APPLICATION_PROTOCOL, - sizeof(QUICHE_H3_APPLICATION_PROTOCOL) - 1); - - SSL_CTX_set_default_verify_paths(ctx->sslctx); - /* Open the file if a TLS or QUIC backend has not done this before. */ - Curl_tls_keylog_open(); - if(Curl_tls_keylog_enabled()) { - SSL_CTX_set_keylog_callback(ctx->sslctx, keylog_callback); - } - - if(curves && !SSL_CTX_set1_curves_list(ctx->sslctx, curves)) { - failf(data, "failed setting curves list for QUIC: '%s'", curves); - return CURLE_SSL_CIPHER; - } - - ctx->ssl = SSL_new(ctx->sslctx); - if(!ctx->ssl) - return CURLE_QUIC_CONNECT_ERROR; - - SSL_set_app_data(ctx->ssl, cf); - - if((0 == Curl_inet_pton(AF_INET, cf->conn->host.name, checkip)) -#ifdef ENABLE_IPV6 - && (0 == Curl_inet_pton(AF_INET6, cf->conn->host.name, checkip)) -#endif - ) { - char *snihost = Curl_ssl_snihost(data, cf->conn->host.name, NULL); - if(!snihost || !SSL_set_tlsext_host_name(ctx->ssl, snihost)) { - failf(data, "Failed set SNI"); - SSL_free(ctx->ssl); - ctx->ssl = NULL; - return CURLE_QUIC_CONNECT_ERROR; - } + memset(ctx, 0, sizeof(*ctx)); } - - return CURLE_OK; } /** @@ -240,6 +148,7 @@ struct stream_ctx { bool send_closed; /* stream is locally closed */ bool resp_hds_complete; /* complete, final response has been received */ bool resp_got_header; /* TRUE when h3 stream has recvd some HEADER */ + BIT(quic_flow_blocked); /* stream is blocked by QUIC flow control */ }; #define H3_STREAM_CTX(d) ((struct stream_ctx *)(((d) && (d)->req.p.http)? \ @@ -249,56 +158,20 @@ struct stream_ctx { #define H3_STREAM_ID(d) (H3_STREAM_CTX(d)? \ H3_STREAM_CTX(d)->id : -2) -static bool stream_send_is_suspended(struct Curl_easy *data) -{ - return (data->req.keepon & KEEP_SEND_HOLD); -} - -static void stream_send_suspend(struct Curl_cfilter *cf, - struct Curl_easy *data) -{ - struct cf_quiche_ctx *ctx = cf->ctx; - - if((data->req.keepon & KEEP_SENDBITS) == KEEP_SEND) { - data->req.keepon |= KEEP_SEND_HOLD; - ++ctx->sends_on_hold; - if(H3_STREAM_ID(data) >= 0) - CURL_TRC_CF(data, cf, "[%"PRId64"] suspend sending", - H3_STREAM_ID(data)); - else - CURL_TRC_CF(data, cf, "[%s] suspend sending", data->state.url); - } -} - -static void stream_send_resume(struct Curl_cfilter *cf, - struct Curl_easy *data) -{ - struct cf_quiche_ctx *ctx = cf->ctx; - - if(stream_send_is_suspended(data)) { - data->req.keepon &= ~KEEP_SEND_HOLD; - --ctx->sends_on_hold; - if(H3_STREAM_ID(data) >= 0) - CURL_TRC_CF(data, cf, "[%"PRId64"] resume sending", - H3_STREAM_ID(data)); - else - CURL_TRC_CF(data, cf, "[%s] resume sending", data->state.url); - Curl_expire(data, 0, EXPIRE_RUN_NOW); - } -} - static void check_resumes(struct Curl_cfilter *cf, struct Curl_easy *data) { - struct cf_quiche_ctx *ctx = cf->ctx; struct Curl_easy *sdata; - - if(ctx->sends_on_hold) { - DEBUGASSERT(data->multi); - for(sdata = data->multi->easyp; - sdata && ctx->sends_on_hold; sdata = sdata->next) { - if(stream_send_is_suspended(sdata)) { - stream_send_resume(cf, sdata); + struct stream_ctx *stream; + + DEBUGASSERT(data->multi); + for(sdata = data->multi->easyp; sdata; sdata = sdata->next) { + if(sdata->conn == data->conn) { + stream = H3_STREAM_CTX(sdata); + if(stream && stream->quic_flow_blocked) { + stream->quic_flow_blocked = FALSE; + Curl_expire(data, 0, EXPIRE_RUN_NOW); + CURL_TRC_CF(data, cf, "[%"PRId64"] unblock", stream->id); } } } @@ -333,9 +206,15 @@ static void h3_data_done(struct Curl_cfilter *cf, struct Curl_easy *data) (void)cf; if(stream) { CURL_TRC_CF(data, cf, "[%"PRId64"] easy handle is done", stream->id); - if(stream_send_is_suspended(data)) { - data->req.keepon &= ~KEEP_SEND_HOLD; - --ctx->sends_on_hold; + if(ctx->qconn && !stream->closed) { + quiche_conn_stream_shutdown(ctx->qconn, stream->id, + QUICHE_SHUTDOWN_READ, CURL_H3_NO_ERROR); + if(!stream->send_closed) { + quiche_conn_stream_shutdown(ctx->qconn, stream->id, + QUICHE_SHUTDOWN_WRITE, CURL_H3_NO_ERROR); + stream->send_closed = TRUE; + } + stream->closed = TRUE; } Curl_bufq_free(&stream->recvbuf); Curl_h1_req_parse_free(&stream->h1); @@ -354,8 +233,8 @@ static void drain_stream(struct Curl_cfilter *cf, bits = CURL_CSELECT_IN; if(stream && !stream->send_closed && stream->upload_left) bits |= CURL_CSELECT_OUT; - if(data->state.dselect_bits != bits) { - data->state.dselect_bits = bits; + if(data->state.select_bits != bits) { + data->state.select_bits = bits; Curl_expire(data, 0, EXPIRE_RUN_NOW); } } @@ -590,7 +469,6 @@ static CURLcode h3_process_event(struct Curl_cfilter *cf, } stream->closed = TRUE; streamclose(cf->conn, "End of stream"); - data->req.keepon &= ~KEEP_SEND_HOLD; break; case QUICHE_H3_EVENT_GOAWAY: @@ -686,7 +564,7 @@ static CURLcode recv_pkt(const unsigned char *pkt, size_t pktlen, return CURLE_OK; } else if(QUICHE_ERR_TLS_FAIL == nread) { - long verify_ok = SSL_get_verify_result(ctx->ssl); + long verify_ok = SSL_get_verify_result(ctx->tls.ssl); if(verify_ok != X509_V_OK) { failf(r->data, "SSL certificate problem: %s", X509_verify_cert_error_string(verify_ok)); @@ -714,7 +592,7 @@ static CURLcode cf_process_ingress(struct Curl_cfilter *cf, CURLcode result; DEBUGASSERT(ctx->qconn); - result = quic_x509_store_setup(cf, data); + result = Curl_vquic_tls_before_recv(&ctx->tls, cf, data); if(result) return result; @@ -854,7 +732,7 @@ static ssize_t recv_closed_stream(struct Curl_cfilter *cf, if(stream->reset) { failf(data, "HTTP/3 stream %" PRId64 " reset by server", stream->id); - *err = stream->resp_got_header? CURLE_PARTIAL_FILE : CURLE_RECV_ERROR; + *err = stream->resp_got_header? CURLE_PARTIAL_FILE : CURLE_HTTP3; CURL_TRC_CF(data, cf, "[%" PRId64 "] cf_recv, was reset -> %d", stream->id, *err); } @@ -864,7 +742,7 @@ static ssize_t recv_closed_stream(struct Curl_cfilter *cf, " all response header fields, treated as error", stream->id); /* *err = CURLE_PARTIAL_FILE; */ - *err = CURLE_RECV_ERROR; + *err = CURLE_HTTP3; CURL_TRC_CF(data, cf, "[%" PRId64 "] cf_recv, closed incomplete" " -> %d", stream->id, *err); } @@ -883,6 +761,8 @@ static ssize_t cf_quiche_recv(struct Curl_cfilter *cf, struct Curl_easy *data, ssize_t nread = -1; CURLcode result; + vquic_ctx_update_time(&ctx->q); + if(!stream) { *err = CURLE_RECV_ERROR; return -1; @@ -1035,9 +915,8 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf, if(QUICHE_H3_ERR_STREAM_BLOCKED == stream3_id) { /* quiche seems to report this error if the connection window is * exhausted. Which happens frequently and intermittent. */ - CURL_TRC_CF(data, cf, "send_request(%s) rejected with BLOCKED", - data->state.url); - stream_send_suspend(cf, data); + CURL_TRC_CF(data, cf, "[%"PRId64"] blocked", stream->id); + stream->quic_flow_blocked = TRUE; *err = CURLE_AGAIN; nwritten = -1; goto out; @@ -1081,6 +960,8 @@ static ssize_t cf_quiche_send(struct Curl_cfilter *cf, struct Curl_easy *data, CURLcode result; ssize_t nwritten; + vquic_ctx_update_time(&ctx->q); + *err = cf_process_ingress(cf, data); if(*err) { nwritten = -1; @@ -1093,6 +974,28 @@ static ssize_t cf_quiche_send(struct Curl_cfilter *cf, struct Curl_easy *data, goto out; stream = H3_STREAM_CTX(data); } + else if(stream->closed) { + if(stream->resp_hds_complete) { + /* sending request body on a stream that has been closed by the + * server. If the server has send us a final response, we should + * silently discard the send data. + * This happens for example on redirects where the server, instead + * of reading the full request body just closed the stream after + * sending the 30x response. + * This is sort of a race: had the transfer loop called recv first, + * it would see the response and stop/discard sending on its own- */ + CURL_TRC_CF(data, cf, "[%" PRId64 "] discarding data" + "on closed stream with response", stream->id); + *err = CURLE_OK; + nwritten = (ssize_t)len; + goto out; + } + CURL_TRC_CF(data, cf, "[%" PRId64 "] send_body(len=%zu) " + "-> stream closed", stream->id, len); + *err = CURLE_HTTP3; + nwritten = -1; + goto out; + } else { bool eof = (stream->upload_left >= 0 && (curl_off_t)len >= stream->upload_left); @@ -1104,26 +1007,17 @@ static ssize_t cf_quiche_send(struct Curl_cfilter *cf, struct Curl_easy *data, if(!quiche_conn_stream_writable(ctx->qconn, stream->id, len)) { CURL_TRC_CF(data, cf, "[%" PRId64 "] send_body(len=%zu) " "-> window exhausted", stream->id, len); - stream_send_suspend(cf, data); + stream->quic_flow_blocked = TRUE; } *err = CURLE_AGAIN; nwritten = -1; goto out; } - else if(nwritten == QUICHE_H3_TRANSPORT_ERR_INVALID_STREAM_STATE && - stream->closed && stream->resp_hds_complete) { - /* sending request body on a stream that has been closed by the - * server. If the server has send us a final response, we should - * silently discard the send data. - * This happens for example on redirects where the server, instead - * of reading the full request body just closed the stream after - * sending the 30x response. - * This is sort of a race: had the transfer loop called recv first, - * it would see the response and stop/discard sending on its own- */ - CURL_TRC_CF(data, cf, "[%" PRId64 "] discarding data" - "on closed stream with response", stream->id); - *err = CURLE_OK; - nwritten = (ssize_t)len; + else if(nwritten == QUICHE_H3_TRANSPORT_ERR_INVALID_STREAM_STATE) { + CURL_TRC_CF(data, cf, "[%" PRId64 "] send_body(len=%zu) " + "-> invalid stream state", stream->id, len); + *err = CURLE_HTTP3; + nwritten = -1; goto out; } else if(nwritten == QUICHE_H3_TRANSPORT_ERR_FINAL_SIZE) { @@ -1173,30 +1067,35 @@ static bool stream_is_writeable(struct Curl_cfilter *cf, struct cf_quiche_ctx *ctx = cf->ctx; struct stream_ctx *stream = H3_STREAM_CTX(data); - return stream && - quiche_conn_stream_writable(ctx->qconn, (uint64_t)stream->id, 1); + return stream && (quiche_conn_stream_writable(ctx->qconn, + (uint64_t)stream->id, 1) > 0); } -static int cf_quiche_get_select_socks(struct Curl_cfilter *cf, - struct Curl_easy *data, - curl_socket_t *socks) +static void cf_quiche_adjust_pollset(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct easy_pollset *ps) { struct cf_quiche_ctx *ctx = cf->ctx; - struct SingleRequest *k = &data->req; - int rv = GETSOCK_BLANK; + bool want_recv, want_send; - socks[0] = ctx->q.sockfd; + if(!ctx->qconn) + return; - /* in an HTTP/3 connection we can basically always get a frame so we should - always be ready for one */ - rv |= GETSOCK_READSOCK(0); + Curl_pollset_check(data, ps, ctx->q.sockfd, &want_recv, &want_send); + if(want_recv || want_send) { + struct stream_ctx *stream = H3_STREAM_CTX(data); + bool c_exhaust, s_exhaust; - /* we're still uploading or the HTTP/3 layer wants to send data */ - if(((k->keepon & KEEP_SENDBITS) == KEEP_SEND) - && stream_is_writeable(cf, data)) - rv |= GETSOCK_WRITESOCK(0); + c_exhaust = FALSE; /* Have not found any call in quiche that tells + us if the connection itself is blocked */ + s_exhaust = want_send && stream && stream->id >= 0 && + (stream->quic_flow_blocked || !stream_is_writeable(cf, data)); + want_recv = (want_recv || c_exhaust || s_exhaust); + want_send = (!s_exhaust && want_send) || + !Curl_bufq_is_empty(&ctx->q.sendbuf); - return rv; + Curl_pollset_set(data, ps, ctx->q.sockfd, want_recv, want_send); + } } /* @@ -1238,10 +1137,12 @@ static CURLcode cf_quiche_data_event(struct Curl_cfilter *cf, case CF_CTRL_DATA_PAUSE: result = h3_data_pause(cf, data, (arg1 != 0)); break; - case CF_CTRL_DATA_DONE: { + case CF_CTRL_DATA_DETACH: + h3_data_done(cf, data); + break; + case CF_CTRL_DATA_DONE: h3_data_done(cf, data); break; - } case CF_CTRL_DATA_DONE_SEND: { struct stream_ctx *stream = H3_STREAM_CTX(data); if(stream && !stream->send_closed) { @@ -1272,61 +1173,6 @@ static CURLcode cf_quiche_data_event(struct Curl_cfilter *cf, return result; } -static CURLcode cf_verify_peer(struct Curl_cfilter *cf, - struct Curl_easy *data) -{ - struct cf_quiche_ctx *ctx = cf->ctx; - CURLcode result = CURLE_OK; - - cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ - cf->conn->httpversion = 30; - cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX; - - if(cf->conn->ssl_config.verifyhost) { - X509 *server_cert; - server_cert = SSL_get_peer_certificate(ctx->ssl); - if(!server_cert) { - result = CURLE_PEER_FAILED_VERIFICATION; - goto out; - } - result = Curl_ossl_verifyhost(data, cf->conn, server_cert); - X509_free(server_cert); - if(result) - goto out; - } - else - CURL_TRC_CF(data, cf, "Skipped certificate verification"); - - ctx->h3config = quiche_h3_config_new(); - if(!ctx->h3config) { - result = CURLE_OUT_OF_MEMORY; - goto out; - } - - /* Create a new HTTP/3 connection on the QUIC connection. */ - ctx->h3c = quiche_h3_conn_new_with_transport(ctx->qconn, ctx->h3config); - if(!ctx->h3c) { - result = CURLE_OUT_OF_MEMORY; - goto out; - } - if(data->set.ssl.certinfo) - /* asked to gather certificate info */ - (void)Curl_ossl_certchain(data, ctx->ssl); - -out: - if(result) { - if(ctx->h3config) { - quiche_h3_config_free(ctx->h3config); - ctx->h3config = NULL; - } - if(ctx->h3c) { - quiche_h3_conn_free(ctx->h3c); - ctx->h3c = NULL; - } - } - return result; -} - static CURLcode cf_connect_start(struct Curl_cfilter *cf, struct Curl_easy *data) { @@ -1345,6 +1191,7 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, debug_log_init = 1; } #endif + ctx->max_idle_ms = CURL_QUIC_MAX_IDLE_MS; Curl_bufcp_init(&ctx->stream_bufcp, H3_STREAM_CHUNK_SIZE, H3_STREAM_POOL_SPARES); ctx->data_recvd = 0; @@ -1353,13 +1200,17 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, if(result) return result; + result = Curl_ssl_peer_init(&ctx->peer, cf); + if(result) + return result; + ctx->cfg = quiche_config_new(QUICHE_PROTOCOL_VERSION); if(!ctx->cfg) { failf(data, "can't create quiche config"); return CURLE_FAILED_INIT; } quiche_config_enable_pacing(ctx->cfg, false); - quiche_config_set_max_idle_timeout(ctx->cfg, QUIC_IDLE_TIMEOUT); + quiche_config_set_max_idle_timeout(ctx->cfg, ctx->max_idle_ms * 1000); quiche_config_set_initial_max_data(ctx->cfg, (1 * 1024 * 1024) /* (QUIC_MAX_STREAMS/2) * H3_STREAM_WINDOW_SIZE */); quiche_config_set_initial_max_streams_bidi(ctx->cfg, QUIC_MAX_STREAMS); @@ -1381,9 +1232,10 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, sizeof(QUICHE_H3_APPLICATION_PROTOCOL) - 1); - DEBUGASSERT(!ctx->ssl); - DEBUGASSERT(!ctx->sslctx); - result = quic_ssl_setup(cf, data); + result = Curl_vquic_tls_init(&ctx->tls, cf, data, &ctx->peer, + QUICHE_H3_APPLICATION_PROTOCOL, + sizeof(QUICHE_H3_APPLICATION_PROTOCOL) - 1, + NULL, cf); if(result) return result; @@ -1404,14 +1256,14 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, (struct sockaddr *)&ctx->q.local_addr, ctx->q.local_addrlen, &sockaddr->sa_addr, sockaddr->addrlen, - ctx->cfg, ctx->ssl, false); + ctx->cfg, ctx->tls.ssl, false); if(!ctx->qconn) { failf(data, "can't create quiche connection"); return CURLE_OUT_OF_MEMORY; } /* Known to not work on Windows */ -#if !defined(WIN32) && defined(HAVE_QUICHE_CONN_SET_QLOG_FD) +#if !defined(_WIN32) && defined(HAVE_QUICHE_CONN_SET_QLOG_FD) { int qfd; (void)Curl_qlogdir(data, ctx->scid, sizeof(ctx->scid), &qfd); @@ -1443,13 +1295,24 @@ static CURLcode cf_connect_start(struct Curl_cfilter *cf, return CURLE_OK; } +static CURLcode cf_quiche_verify_peer(struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + struct cf_quiche_ctx *ctx = cf->ctx; + + cf->conn->bits.multiplex = TRUE; /* at least potentially multiplexed */ + cf->conn->httpversion = 30; + cf->conn->bundle->multiuse = BUNDLE_MULTIPLEX; + + return Curl_vquic_tls_verify_peer(&ctx->tls, cf, data, &ctx->peer); +} + static CURLcode cf_quiche_connect(struct Curl_cfilter *cf, struct Curl_easy *data, bool blocking, bool *done) { struct cf_quiche_ctx *ctx = cf->ctx; CURLcode result = CURLE_OK; - struct curltime now; if(cf->connected) { *done = TRUE; @@ -1464,9 +1327,10 @@ static CURLcode cf_quiche_connect(struct Curl_cfilter *cf, } *done = FALSE; - now = Curl_now(); + vquic_ctx_update_time(&ctx->q); - if(ctx->reconnect_at.tv_sec && Curl_timediff(now, ctx->reconnect_at) < 0) { + if(ctx->reconnect_at.tv_sec && + Curl_timediff(ctx->q.last_op, ctx->reconnect_at) < 0) { /* Not time yet to attempt the next connect */ CURL_TRC_CF(data, cf, "waiting for reconnect time"); goto out; @@ -1476,7 +1340,7 @@ static CURLcode cf_quiche_connect(struct Curl_cfilter *cf, result = cf_connect_start(cf, data); if(result) goto out; - ctx->started_at = now; + ctx->started_at = ctx->q.last_op; result = cf_flush_egress(cf, data); /* we do not expect to be able to recv anything yet */ goto out; @@ -1491,12 +1355,24 @@ static CURLcode cf_quiche_connect(struct Curl_cfilter *cf, goto out; if(quiche_conn_is_established(ctx->qconn)) { + ctx->handshake_at = ctx->q.last_op; CURL_TRC_CF(data, cf, "handshake complete after %dms", - (int)Curl_timediff(now, ctx->started_at)); - ctx->handshake_at = now; - result = cf_verify_peer(cf, data); + (int)Curl_timediff(ctx->handshake_at, ctx->started_at)); + result = cf_quiche_verify_peer(cf, data); if(!result) { CURL_TRC_CF(data, cf, "peer verified"); + ctx->h3config = quiche_h3_config_new(); + if(!ctx->h3config) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } + + /* Create a new HTTP/3 connection on the QUIC connection. */ + ctx->h3c = quiche_h3_conn_new_with_transport(ctx->qconn, ctx->h3config); + if(!ctx->h3c) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } cf->connected = TRUE; cf->conn->alpn = CURL_HTTP_VERSION_3; *done = TRUE; @@ -1506,27 +1382,9 @@ static CURLcode cf_quiche_connect(struct Curl_cfilter *cf, else if(quiche_conn_is_draining(ctx->qconn)) { /* When a QUIC server instance is shutting down, it may send us a * CONNECTION_CLOSE right away. Our connection then enters the DRAINING - * state. - * This may be a stopping of the service or it may be that the server - * is reloading and a new instance will start serving soon. - * In any case, we tear down our socket and start over with a new one. - * We re-open the underlying UDP cf right now, but do not start - * connecting until called again. - */ - int reconn_delay_ms = 200; - - CURL_TRC_CF(data, cf, "connect, remote closed, reconnect after %dms", - reconn_delay_ms); - Curl_conn_cf_close(cf->next, data); - cf_quiche_ctx_clear(ctx); - result = Curl_conn_cf_connect(cf->next, data, FALSE, done); - if(!result && *done) { - *done = FALSE; - ctx->reconnect_at = Curl_now(); - ctx->reconnect_at.tv_usec += reconn_delay_ms * 1000; - Curl_expire(data, reconn_delay_ms, EXPIRE_QUIC); - result = CURLE_OK; - } + * state. The CONNECT may work in the near future again. Indicate + * that as a "weird" reply. */ + result = CURLE_WEIRD_SERVER_REPLY; } out: @@ -1550,6 +1408,7 @@ static void cf_quiche_close(struct Curl_cfilter *cf, struct Curl_easy *data) if(ctx) { if(ctx->qconn) { + vquic_ctx_update_time(&ctx->q); (void)quiche_conn_close(ctx->qconn, TRUE, 0, NULL, 0); /* flushing the egress is not a failsafe way to deliver all the outstanding packets, but we also don't want to get stuck here... */ @@ -1586,8 +1445,8 @@ static CURLcode cf_quiche_query(struct Curl_cfilter *cf, return CURLE_OK; } case CF_QUERY_CONNECT_REPLY_MS: - if(ctx->got_first_byte) { - timediff_t ms = Curl_timediff(ctx->first_byte_at, ctx->started_at); + if(ctx->q.got_first_byte) { + timediff_t ms = Curl_timediff(ctx->q.first_byte_at, ctx->started_at); *pres1 = (ms < INT_MAX)? (int)ms : INT_MAX; } else @@ -1595,8 +1454,8 @@ static CURLcode cf_quiche_query(struct Curl_cfilter *cf, return CURLE_OK; case CF_QUERY_TIMER_CONNECT: { struct curltime *when = pres2; - if(ctx->got_first_byte) - *when = ctx->first_byte_at; + if(ctx->q.got_first_byte) + *when = ctx->q.first_byte_at; return CURLE_OK; } case CF_QUERY_TIMER_APPCONNECT: { @@ -1617,9 +1476,32 @@ static bool cf_quiche_conn_is_alive(struct Curl_cfilter *cf, struct Curl_easy *data, bool *input_pending) { + struct cf_quiche_ctx *ctx = cf->ctx; bool alive = TRUE; *input_pending = FALSE; + if(!ctx->qconn) + return FALSE; + + /* Both sides of the QUIC connection announce they max idle times in + * the transport parameters. Look at the minimum of both and if + * we exceed this, regard the connection as dead. The other side + * may have completely purged it and will no longer respond + * to any packets from us. */ + { + quiche_transport_params qpeerparams; + timediff_t idletime; + uint64_t idle_ms = ctx->max_idle_ms; + + if(quiche_conn_peer_transport_params(ctx->qconn, &qpeerparams) && + qpeerparams.peer_max_idle_timeout && + qpeerparams.peer_max_idle_timeout < idle_ms) + idle_ms = qpeerparams.peer_max_idle_timeout; + idletime = Curl_timediff(Curl_now(), cf->conn->lastused); + if(idletime > 0 && (uint64_t)idletime > idle_ms) + return FALSE; + } + if(!cf->next || !cf->next->cft->is_alive(cf->next, data, input_pending)) return FALSE; @@ -1646,7 +1528,7 @@ struct Curl_cftype Curl_cft_http3 = { cf_quiche_connect, cf_quiche_close, Curl_cf_def_get_host, - cf_quiche_get_select_socks, + cf_quiche_adjust_pollset, cf_quiche_data_pending, cf_quiche_send, cf_quiche_recv, @@ -1667,7 +1549,7 @@ CURLcode Curl_cf_quiche_create(struct Curl_cfilter **pcf, (void)data; (void)conn; - ctx = calloc(sizeof(*ctx), 1); + ctx = calloc(1, sizeof(*ctx)); if(!ctx) { result = CURLE_OUT_OF_MEMORY; goto out; diff --git a/lib/vquic/vquic-tls.c b/lib/vquic/vquic-tls.c new file mode 100644 index 000000000..cc7794e40 --- /dev/null +++ b/lib/vquic/vquic-tls.c @@ -0,0 +1,609 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + +#include "curl_setup.h" + +#if defined(ENABLE_QUIC) && \ + (defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_WOLFSSL)) + +#ifdef USE_OPENSSL +#include +#include "vtls/openssl.h" +#elif defined(USE_GNUTLS) +#include +#include +#include +#include +#include +#include "vtls/gtls.h" +#elif defined(USE_WOLFSSL) +#include +#include +#include +#include "vtls/wolfssl.h" +#endif + +#include "urldata.h" +#include "curl_trc.h" +#include "cfilters.h" +#include "multiif.h" +#include "vtls/keylog.h" +#include "vtls/vtls.h" +#include "vquic-tls.h" + +/* The last 3 #include files should be in this order */ +#include "curl_printf.h" +#include "curl_memory.h" +#include "memdebug.h" + +#ifndef ARRAYSIZE +#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) +#endif + +#ifdef USE_OPENSSL +#define QUIC_CIPHERS \ + "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_" \ + "POLY1305_SHA256:TLS_AES_128_CCM_SHA256" +#define QUIC_GROUPS "P-256:X25519:P-384:P-521" +#elif defined(USE_GNUTLS) +#define QUIC_PRIORITY \ + "NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-128-GCM:+AES-256-GCM:" \ + "+CHACHA20-POLY1305:+AES-128-CCM:-GROUP-ALL:+GROUP-SECP256R1:" \ + "+GROUP-X25519:+GROUP-SECP384R1:+GROUP-SECP521R1:" \ + "%DISABLE_TLS13_COMPAT_MODE" +#elif defined(USE_WOLFSSL) +#define QUIC_CIPHERS \ + "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_" \ + "POLY1305_SHA256:TLS_AES_128_CCM_SHA256" +#define QUIC_GROUPS "P-256:P-384:P-521" +#endif + + +#ifdef USE_OPENSSL + +static void keylog_callback(const SSL *ssl, const char *line) +{ + (void)ssl; + Curl_tls_keylog_write_line(line); +} + +static CURLcode curl_ossl_init_ctx(struct quic_tls_ctx *ctx, + struct Curl_cfilter *cf, + struct Curl_easy *data, + Curl_vquic_tls_ctx_setup *ctx_setup) +{ + struct ssl_primary_config *conn_config; + CURLcode result = CURLE_FAILED_INIT; + + DEBUGASSERT(!ctx->ssl_ctx); +#ifdef USE_OPENSSL_QUIC + ctx->ssl_ctx = SSL_CTX_new(OSSL_QUIC_client_method()); +#else + ctx->ssl_ctx = SSL_CTX_new(TLS_method()); +#endif + if(!ctx->ssl_ctx) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } + conn_config = Curl_ssl_cf_get_primary_config(cf); + if(!conn_config) { + result = CURLE_FAILED_INIT; + goto out; + } + + if(ctx_setup) { + result = ctx_setup(ctx, cf, data); + if(result) + goto out; + } + + SSL_CTX_set_default_verify_paths(ctx->ssl_ctx); + + { + const char *curves = conn_config->curves ? + conn_config->curves : QUIC_GROUPS; + if(!SSL_CTX_set1_curves_list(ctx->ssl_ctx, curves)) { + failf(data, "failed setting curves list for QUIC: '%s'", curves); + return CURLE_SSL_CIPHER; + } + } + +#ifndef OPENSSL_IS_BORINGSSL + { + const char *ciphers13 = conn_config->cipher_list13 ? + conn_config->cipher_list13 : QUIC_CIPHERS; + if(SSL_CTX_set_ciphersuites(ctx->ssl_ctx, ciphers13) != 1) { + failf(data, "failed setting QUIC cipher suite: %s", ciphers13); + return CURLE_SSL_CIPHER; + } + infof(data, "QUIC cipher selection: %s", ciphers13); + } +#endif + + /* Open the file if a TLS or QUIC backend has not done this before. */ + Curl_tls_keylog_open(); + if(Curl_tls_keylog_enabled()) { + SSL_CTX_set_keylog_callback(ctx->ssl_ctx, keylog_callback); + } + + /* OpenSSL always tries to verify the peer, this only says whether it should + * fail to connect if the verification fails, or if it should continue + * anyway. In the latter case the result of the verification is checked with + * SSL_get_verify_result() below. */ + SSL_CTX_set_verify(ctx->ssl_ctx, conn_config->verifypeer ? + SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL); + + /* give application a chance to interfere with SSL set up. */ + if(data->set.ssl.fsslctx) { + /* When a user callback is installed to modify the SSL_CTX, + * we need to do the full initialization before calling it. + * See: #11800 */ + if(!ctx->x509_store_setup) { + result = Curl_ssl_setup_x509_store(cf, data, ctx->ssl_ctx); + if(result) + goto out; + ctx->x509_store_setup = TRUE; + } + Curl_set_in_callback(data, true); + result = (*data->set.ssl.fsslctx)(data, ctx->ssl_ctx, + data->set.ssl.fsslctxp); + Curl_set_in_callback(data, false); + if(result) { + failf(data, "error signaled by ssl ctx callback"); + goto out; + } + } + result = CURLE_OK; + +out: + if(result && ctx->ssl_ctx) { + SSL_CTX_free(ctx->ssl_ctx); + ctx->ssl_ctx = NULL; + } + return result; +} + +static CURLcode curl_ossl_set_client_cert(struct quic_tls_ctx *ctx, + struct Curl_cfilter *cf, + struct Curl_easy *data) +{ + SSL_CTX *ssl_ctx = ctx->ssl_ctx; + const struct ssl_config_data *ssl_config; + + ssl_config = Curl_ssl_cf_get_config(cf, data); + DEBUGASSERT(ssl_config); + + if(ssl_config->primary.clientcert || + ssl_config->primary.cert_blob || + ssl_config->cert_type) { + return Curl_ossl_set_client_cert( + data, ssl_ctx, ssl_config->primary.clientcert, + ssl_config->primary.cert_blob, ssl_config->cert_type, + ssl_config->key, ssl_config->key_blob, + ssl_config->key_type, ssl_config->key_passwd); + } + + return CURLE_OK; +} + +/** SSL callbacks ***/ + +static CURLcode curl_ossl_init_ssl(struct quic_tls_ctx *ctx, + struct Curl_easy *data, + struct ssl_peer *peer, + const char *alpn, size_t alpn_len, + void *user_data) +{ + DEBUGASSERT(!ctx->ssl); + ctx->ssl = SSL_new(ctx->ssl_ctx); + + SSL_set_app_data(ctx->ssl, user_data); + SSL_set_connect_state(ctx->ssl); +#ifndef USE_OPENSSL_QUIC + SSL_set_quic_use_legacy_codepoint(ctx->ssl, 0); +#endif + + if(alpn) + SSL_set_alpn_protos(ctx->ssl, (const uint8_t *)alpn, (int)alpn_len); + + if(peer->sni) { + if(!SSL_set_tlsext_host_name(ctx->ssl, peer->sni)) { + failf(data, "Failed set SNI"); + SSL_free(ctx->ssl); + ctx->ssl = NULL; + return CURLE_QUIC_CONNECT_ERROR; + } + } + return CURLE_OK; +} + +#elif defined(USE_GNUTLS) +static int keylog_callback(gnutls_session_t session, const char *label, + const gnutls_datum_t *secret) +{ + gnutls_datum_t crandom; + gnutls_datum_t srandom; + + gnutls_session_get_random(session, &crandom, &srandom); + if(crandom.size != 32) { + return -1; + } + + Curl_tls_keylog_write(label, crandom.data, secret->data, secret->size); + return 0; +} + +static CURLcode curl_gtls_init_ctx(struct quic_tls_ctx *ctx, + struct Curl_cfilter *cf, + struct Curl_easy *data, + struct ssl_peer *peer, + const char *alpn, size_t alpn_len, + Curl_vquic_tls_ctx_setup *ctx_setup, + void *user_data) +{ + struct ssl_primary_config *conn_config; + CURLcode result; + gnutls_datum_t alpns[5]; + /* this will need some attention when HTTPS proxy over QUIC get fixed */ + long * const pverifyresult = &data->set.ssl.certverifyresult; + int rc; + + conn_config = Curl_ssl_cf_get_primary_config(cf); + if(!conn_config) + return CURLE_FAILED_INIT; + + DEBUGASSERT(ctx->gtls == NULL); + ctx->gtls = calloc(1, sizeof(*(ctx->gtls))); + if(!ctx->gtls) + return CURLE_OUT_OF_MEMORY; + + result = gtls_client_init(data, conn_config, &data->set.ssl, + peer, ctx->gtls, pverifyresult); + if(result) + return result; + + gnutls_session_set_ptr(ctx->gtls->session, user_data); + + if(ctx_setup) { + result = ctx_setup(ctx, cf, data); + if(result) + return result; + } + + rc = gnutls_priority_set_direct(ctx->gtls->session, QUIC_PRIORITY, NULL); + if(rc < 0) { + CURL_TRC_CF(data, cf, "gnutls_priority_set_direct failed: %s\n", + gnutls_strerror(rc)); + return CURLE_QUIC_CONNECT_ERROR; + } + + /* Open the file if a TLS or QUIC backend has not done this before. */ + Curl_tls_keylog_open(); + if(Curl_tls_keylog_enabled()) { + gnutls_session_set_keylog_function(ctx->gtls->session, keylog_callback); + } + + /* convert the ALPN string from our arguments to a list of strings + * that gnutls wants and will convert internally back to this very + * string for sending to the server. nice. */ + if(alpn) { + size_t i, alen = alpn_len; + unsigned char *s = (unsigned char *)alpn; + unsigned char slen; + for(i = 0; (i < ARRAYSIZE(alpns)) && alen; ++i) { + slen = s[0]; + if(slen >= alen) + return CURLE_FAILED_INIT; + alpns[i].data = s + 1; + alpns[i].size = slen; + s += slen + 1; + alen -= (size_t)slen + 1; + } + if(alen) /* not all alpn chars used, wrong format or too many */ + return CURLE_FAILED_INIT; + if(i) { + gnutls_alpn_set_protocols(ctx->gtls->session, + alpns, (unsigned int)i, + GNUTLS_ALPN_MANDATORY); + } + } + + return CURLE_OK; +} +#elif defined(USE_WOLFSSL) + +#if defined(HAVE_SECRET_CALLBACK) +static void keylog_callback(const WOLFSSL *ssl, const char *line) +{ + (void)ssl; + Curl_tls_keylog_write_line(line); +} +#endif + +static CURLcode curl_wssl_init_ctx(struct quic_tls_ctx *ctx, + struct Curl_cfilter *cf, + struct Curl_easy *data, + Curl_vquic_tls_ctx_setup *ctx_setup) +{ + struct ssl_primary_config *conn_config; + CURLcode result = CURLE_FAILED_INIT; + + conn_config = Curl_ssl_cf_get_primary_config(cf); + if(!conn_config) { + result = CURLE_FAILED_INIT; + goto out; + } + + ctx->ssl_ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + if(!ctx->ssl_ctx) { + result = CURLE_OUT_OF_MEMORY; + goto out; + } + + if(ctx_setup) { + result = ctx_setup(ctx, cf, data); + if(result) + goto out; + } + + wolfSSL_CTX_set_default_verify_paths(ctx->ssl_ctx); + + if(wolfSSL_CTX_set_cipher_list(ctx->ssl_ctx, conn_config->cipher_list13 ? + conn_config->cipher_list13 : + QUIC_CIPHERS) != 1) { + char error_buffer[256]; + ERR_error_string_n(ERR_get_error(), error_buffer, sizeof(error_buffer)); + failf(data, "wolfSSL failed to set ciphers: %s", error_buffer); + goto out; + } + + if(wolfSSL_CTX_set1_groups_list(ctx->ssl_ctx, conn_config->curves ? + conn_config->curves : + (char *)QUIC_GROUPS) != 1) { + failf(data, "wolfSSL failed to set curves"); + goto out; + } + + /* Open the file if a TLS or QUIC backend has not done this before. */ + Curl_tls_keylog_open(); + if(Curl_tls_keylog_enabled()) { +#if defined(HAVE_SECRET_CALLBACK) + wolfSSL_CTX_set_keylog_callback(ctx->ssl_ctx, keylog_callback); +#else + failf(data, "wolfSSL was built without keylog callback"); + goto out; +#endif + } + + if(conn_config->verifypeer) { + const char * const ssl_cafile = conn_config->CAfile; + const char * const ssl_capath = conn_config->CApath; + + wolfSSL_CTX_set_verify(ctx->ssl_ctx, SSL_VERIFY_PEER, NULL); + if(ssl_cafile || ssl_capath) { + /* tell wolfSSL where to find CA certificates that are used to verify + the server's certificate. */ + int rc = + wolfSSL_CTX_load_verify_locations_ex(ctx->ssl_ctx, ssl_cafile, + ssl_capath, + WOLFSSL_LOAD_FLAG_IGNORE_ERR); + if(SSL_SUCCESS != rc) { + /* Fail if we insist on successfully verifying the server. */ + failf(data, "error setting certificate verify locations:" + " CAfile: %s CApath: %s", + ssl_cafile ? ssl_cafile : "none", + ssl_capath ? ssl_capath : "none"); + goto out; + } + infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); + infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); + } +#ifdef CURL_CA_FALLBACK + else { + /* verifying the peer without any CA certificates won't work so + use wolfssl's built-in default as fallback */ + wolfSSL_CTX_set_default_verify_paths(ctx->ssl_ctx); + } +#endif + } + else { + wolfSSL_CTX_set_verify(ctx->ssl_ctx, SSL_VERIFY_NONE, NULL); + } + + /* give application a chance to interfere with SSL set up. */ + if(data->set.ssl.fsslctx) { + Curl_set_in_callback(data, true); + result = (*data->set.ssl.fsslctx)(data, ctx->ssl_ctx, + data->set.ssl.fsslctxp); + Curl_set_in_callback(data, false); + if(result) { + failf(data, "error signaled by ssl ctx callback"); + goto out; + } + } + result = CURLE_OK; + +out: + if(result && ctx->ssl_ctx) { + SSL_CTX_free(ctx->ssl_ctx); + ctx->ssl_ctx = NULL; + } + return result; +} + +/** SSL callbacks ***/ + +static CURLcode curl_wssl_init_ssl(struct quic_tls_ctx *ctx, + struct Curl_easy *data, + struct ssl_peer *peer, + const char *alpn, size_t alpn_len, + void *user_data) +{ + (void)data; + DEBUGASSERT(!ctx->ssl); + DEBUGASSERT(ctx->ssl_ctx); + ctx->ssl = wolfSSL_new(ctx->ssl_ctx); + + wolfSSL_set_app_data(ctx->ssl, user_data); + wolfSSL_set_connect_state(ctx->ssl); + wolfSSL_set_quic_use_legacy_codepoint(ctx->ssl, 0); + + if(alpn) + wolfSSL_set_alpn_protos(ctx->ssl, (const unsigned char *)alpn, + (int)alpn_len); + + if(peer->sni) { + wolfSSL_UseSNI(ctx->ssl, WOLFSSL_SNI_HOST_NAME, + peer->sni, (unsigned short)strlen(peer->sni)); + } + + return CURLE_OK; +} +#endif /* defined(USE_WOLFSSL) */ + +CURLcode Curl_vquic_tls_init(struct quic_tls_ctx *ctx, + struct Curl_cfilter *cf, + struct Curl_easy *data, + struct ssl_peer *peer, + const char *alpn, size_t alpn_len, + Curl_vquic_tls_ctx_setup *ctx_setup, + void *user_data) +{ + CURLcode result; + +#ifdef USE_OPENSSL + result = curl_ossl_init_ctx(ctx, cf, data, ctx_setup); + if(result) + return result; + + result = curl_ossl_set_client_cert(ctx, cf, data); + if(result) + return result; + + return curl_ossl_init_ssl(ctx, data, peer, alpn, alpn_len, user_data); +#elif defined(USE_GNUTLS) + (void)result; + return curl_gtls_init_ctx(ctx, cf, data, peer, alpn, alpn_len, + ctx_setup, user_data); +#elif defined(USE_WOLFSSL) + result = curl_wssl_init_ctx(ctx, cf, data, ctx_setup); + if(result) + return result; + + return curl_wssl_init_ssl(ctx, data, peer, alpn, alpn_len, user_data); +#else +#error "no TLS lib in used, should not happen" + return CURLE_FAILED_INIT; +#endif +} + +void Curl_vquic_tls_cleanup(struct quic_tls_ctx *ctx) +{ +#ifdef USE_OPENSSL + if(ctx->ssl) + SSL_free(ctx->ssl); + if(ctx->ssl_ctx) + SSL_CTX_free(ctx->ssl_ctx); +#elif defined(USE_GNUTLS) + if(ctx->gtls) { + if(ctx->gtls->cred) + gnutls_certificate_free_credentials(ctx->gtls->cred); + if(ctx->gtls->session) + gnutls_deinit(ctx->gtls->session); + free(ctx->gtls); + } +#elif defined(USE_WOLFSSL) + if(ctx->ssl) + wolfSSL_free(ctx->ssl); + if(ctx->ssl_ctx) + wolfSSL_CTX_free(ctx->ssl_ctx); +#endif + memset(ctx, 0, sizeof(*ctx)); +} + +CURLcode Curl_vquic_tls_before_recv(struct quic_tls_ctx *ctx, + struct Curl_cfilter *cf, + struct Curl_easy *data) +{ +#ifdef USE_OPENSSL + if(!ctx->x509_store_setup) { + CURLcode result = Curl_ssl_setup_x509_store(cf, data, ctx->ssl_ctx); + if(result) + return result; + ctx->x509_store_setup = TRUE; + } +#else + (void)ctx; (void)cf; (void)data; +#endif + return CURLE_OK; +} + +CURLcode Curl_vquic_tls_verify_peer(struct quic_tls_ctx *ctx, + struct Curl_cfilter *cf, + struct Curl_easy *data, + struct ssl_peer *peer) +{ + struct ssl_primary_config *conn_config; + CURLcode result = CURLE_OK; + + conn_config = Curl_ssl_cf_get_primary_config(cf); + if(!conn_config) + return CURLE_FAILED_INIT; + + if(conn_config->verifyhost) { +#ifdef USE_OPENSSL + X509 *server_cert; + server_cert = SSL_get1_peer_certificate(ctx->ssl); + if(!server_cert) { + return CURLE_PEER_FAILED_VERIFICATION; + } + result = Curl_ossl_verifyhost(data, cf->conn, peer, server_cert); + X509_free(server_cert); + if(result) + return result; +#elif defined(USE_GNUTLS) + result = Curl_gtls_verifyserver(data, ctx->gtls->session, + conn_config, &data->set.ssl, peer, + data->set.str[STRING_SSL_PINNEDPUBLICKEY]); + if(result) + return result; +#elif defined(USE_WOLFSSL) + if(!peer->sni || + wolfSSL_check_domain_name(ctx->ssl, peer->sni) == SSL_FAILURE) + return CURLE_PEER_FAILED_VERIFICATION; +#endif + infof(data, "Verified certificate just fine"); + } + else + infof(data, "Skipped certificate verification"); +#ifdef USE_OPENSSL + if(data->set.ssl.certinfo) + /* asked to gather certificate info */ + (void)Curl_ossl_certchain(data, ctx->ssl); +#endif + return result; +} + + +#endif /* !ENABLE_QUIC && (USE_OPENSSL || USE_GNUTLS || USE_WOLFSSL) */ diff --git a/lib/vquic/vquic-tls.h b/lib/vquic/vquic-tls.h new file mode 100644 index 000000000..9c0dfd8d5 --- /dev/null +++ b/lib/vquic/vquic-tls.h @@ -0,0 +1,98 @@ +#ifndef HEADER_CURL_VQUIC_TLS_H +#define HEADER_CURL_VQUIC_TLS_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + +#include "curl_setup.h" +#include "bufq.h" + +#if defined(ENABLE_QUIC) && \ + (defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_WOLFSSL)) + +struct quic_tls_ctx { +#ifdef USE_OPENSSL + SSL_CTX *ssl_ctx; + SSL *ssl; +#elif defined(USE_GNUTLS) + struct gtls_instance *gtls; +#elif defined(USE_WOLFSSL) + WOLFSSL_CTX *ssl_ctx; + WOLFSSL *ssl; +#endif + BIT(x509_store_setup); /* if x509 store has been set up */ +}; + +/** + * Callback passed to `Curl_vquic_tls_init()` that can + * do early initializations on the not otherwise configured TLS + * instances created. This varies by TLS backend: + * - openssl/wolfssl: SSL_CTX* has just been created + * - gnutls: gtls_client_init() has run + */ +typedef CURLcode Curl_vquic_tls_ctx_setup(struct quic_tls_ctx *ctx, + struct Curl_cfilter *cf, + struct Curl_easy *data); + +/** + * Initialize the QUIC TLS instances based of the SSL configurations + * for the connection filter, transfer and peer. + * @param ctx the TLS context to initialize + * @param cf the connection filter involved + * @param data the transfer involved + * @param peer the peer that will be connected to + * @param alpn the ALPN string in protocol format ((len+bytes+)+), + * may be NULL + * @param alpn_len the overall number of bytes in `alpn` + * @param ctx_setup optional callback for very early TLS config + * @param user_data optional pointer to set in TLS application context + */ +CURLcode Curl_vquic_tls_init(struct quic_tls_ctx *ctx, + struct Curl_cfilter *cf, + struct Curl_easy *data, + struct ssl_peer *peer, + const char *alpn, size_t alpn_len, + Curl_vquic_tls_ctx_setup *ctx_setup, + void *user_data); + +/** + * Cleanup all data that has been initialized. + */ +void Curl_vquic_tls_cleanup(struct quic_tls_ctx *ctx); + +CURLcode Curl_vquic_tls_before_recv(struct quic_tls_ctx *ctx, + struct Curl_cfilter *cf, + struct Curl_easy *data); + +/** + * After the QUIC basic handshake has been, verify that the peer + * (and its certificate) fulfill our requirements. + */ +CURLcode Curl_vquic_tls_verify_peer(struct quic_tls_ctx *ctx, + struct Curl_cfilter *cf, + struct Curl_easy *data, + struct ssl_peer *peer); + +#endif /* !ENABLE_QUIC && (USE_OPENSSL || USE_GNUTLS || USE_WOLFSSL) */ + +#endif /* HEADER_CURL_VQUIC_TLS_H */ diff --git a/lib/vquic/vquic.c b/lib/vquic/vquic.c index 9a1a1bbb3..612d25bb0 100644 --- a/lib/vquic/vquic.c +++ b/lib/vquic/vquic.c @@ -46,6 +46,7 @@ #include "curl_trc.h" #include "curl_msh3.h" #include "curl_ngtcp2.h" +#include "curl_osslq.h" #include "curl_quiche.h" #include "rand.h" #include "vquic.h" @@ -74,6 +75,8 @@ void Curl_quic_ver(char *p, size_t len) { #if defined(USE_NGTCP2) && defined(USE_NGHTTP3) Curl_ngtcp2_ver(p, len); +#elif defined(USE_OPENSSL_QUIC) && defined(USE_NGHTTP3) + Curl_osslq_ver(p, len); #elif defined(USE_QUICHE) Curl_quiche_ver(p, len); #elif defined(USE_MSH3) @@ -100,6 +103,7 @@ CURLcode vquic_ctx_init(struct cf_quic_ctx *qctx) } } #endif + vquic_ctx_update_time(qctx); return CURLE_OK; } @@ -109,6 +113,11 @@ void vquic_ctx_free(struct cf_quic_ctx *qctx) Curl_bufq_free(&qctx->sendbuf); } +void vquic_ctx_update_time(struct cf_quic_ctx *qctx) +{ + qctx->last_op = Curl_now(); +} + static CURLcode send_packet_no_gso(struct Curl_cfilter *cf, struct Curl_easy *data, struct cf_quic_ctx *qctx, @@ -173,7 +182,7 @@ static CURLcode do_sendmsg(struct Curl_cfilter *cf, qctx->no_gso = TRUE; return send_packet_no_gso(cf, data, qctx, pkt, pktlen, gsolen, psent); } - /* FALLTHROUGH */ + FALLTHROUGH(); default: failf(data, "sendmsg() returned %zd (errno %d)", sent, SOCKERRNO); return CURLE_SEND_ERROR; @@ -242,6 +251,7 @@ static CURLcode vquic_send_packets(struct Curl_cfilter *cf, const uint8_t *pkt, size_t pktlen, size_t gsolen, size_t *psent) { + CURLcode result; #ifdef DEBUGBUILD /* simulate network blocking/partial writes */ if(qctx->wblock_percent > 0) { @@ -254,10 +264,14 @@ static CURLcode vquic_send_packets(struct Curl_cfilter *cf, } #endif if(qctx->no_gso && pktlen > gsolen) { - return send_packet_no_gso(cf, data, qctx, pkt, pktlen, gsolen, psent); + result = send_packet_no_gso(cf, data, qctx, pkt, pktlen, gsolen, psent); } - - return do_sendmsg(cf, data, qctx, pkt, pktlen, gsolen, psent); + else { + result = do_sendmsg(cf, data, qctx, pkt, pktlen, gsolen, psent); + } + if(!result) + qctx->last_io = qctx->last_op; + return result; } CURLcode vquic_flush(struct Curl_cfilter *cf, struct Curl_easy *data, @@ -524,13 +538,22 @@ CURLcode vquic_recv_packets(struct Curl_cfilter *cf, size_t max_pkts, vquic_recv_pkt_cb *recv_cb, void *userp) { + CURLcode result; #if defined(HAVE_SENDMMSG) - return recvmmsg_packets(cf, data, qctx, max_pkts, recv_cb, userp); + result = recvmmsg_packets(cf, data, qctx, max_pkts, recv_cb, userp); #elif defined(HAVE_SENDMSG) - return recvmsg_packets(cf, data, qctx, max_pkts, recv_cb, userp); + result = recvmsg_packets(cf, data, qctx, max_pkts, recv_cb, userp); #else - return recvfrom_packets(cf, data, qctx, max_pkts, recv_cb, userp); + result = recvfrom_packets(cf, data, qctx, max_pkts, recv_cb, userp); #endif + if(!result) { + if(!qctx->got_first_byte) { + qctx->got_first_byte = TRUE; + qctx->first_byte_at = qctx->last_op; + } + qctx->last_io = qctx->last_op; + } + return result; } /* @@ -588,6 +611,8 @@ CURLcode Curl_cf_quic_create(struct Curl_cfilter **pcf, DEBUGASSERT(transport == TRNSPRT_QUIC); #if defined(USE_NGTCP2) && defined(USE_NGHTTP3) return Curl_cf_ngtcp2_create(pcf, data, conn, ai); +#elif defined(USE_OPENSSL_QUIC) && defined(USE_NGHTTP3) + return Curl_cf_osslq_create(pcf, data, conn, ai); #elif defined(USE_QUICHE) return Curl_cf_quiche_create(pcf, data, conn, ai); #elif defined(USE_MSH3) @@ -607,6 +632,8 @@ bool Curl_conn_is_http3(const struct Curl_easy *data, { #if defined(USE_NGTCP2) && defined(USE_NGHTTP3) return Curl_conn_is_ngtcp2(data, conn, sockindex); +#elif defined(USE_OPENSSL_QUIC) && defined(USE_NGHTTP3) + return Curl_conn_is_osslq(data, conn, sockindex); #elif defined(USE_QUICHE) return Curl_conn_is_quiche(data, conn, sockindex); #elif defined(USE_MSH3) diff --git a/lib/vquic/vquic_int.h b/lib/vquic/vquic_int.h index dbcd009d7..c218a949c 100644 --- a/lib/vquic/vquic_int.h +++ b/lib/vquic/vquic_int.h @@ -31,6 +31,8 @@ #define MAX_PKT_BURST 10 #define MAX_UDP_PAYLOAD_SIZE 1452 +/* Default QUIC connection timeout we announce from our side */ +#define CURL_QUIC_MAX_IDLE_MS (120 * 1000) struct cf_quic_ctx { curl_socket_t sockfd; /* connected UDP socket */ @@ -38,18 +40,24 @@ struct cf_quic_ctx { socklen_t local_addrlen; /* length of local address */ struct bufq sendbuf; /* buffer for sending one or more packets */ + struct curltime first_byte_at; /* when first byte was recvd */ + struct curltime last_op; /* last (attempted) send/recv operation */ + struct curltime last_io; /* last successful socket IO */ size_t gsolen; /* length of individual packets in send buf */ size_t split_len; /* if != 0, buffer length after which GSO differs */ size_t split_gsolen; /* length of individual packets after split_len */ #ifdef DEBUGBUILD int wblock_percent; /* percent of writes doing EAGAIN */ #endif - bool no_gso; /* do not use gso on sending */ + BIT(got_first_byte); /* if first byte was received */ + BIT(no_gso); /* do not use gso on sending */ }; CURLcode vquic_ctx_init(struct cf_quic_ctx *qctx); void vquic_ctx_free(struct cf_quic_ctx *qctx); +void vquic_ctx_update_time(struct cf_quic_ctx *qctx); + void vquic_push_blocked_pkt(struct Curl_cfilter *cf, struct cf_quic_ctx *qctx, const uint8_t *pkt, size_t pktlen, size_t gsolen); diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c index b0f49d60c..c6dc63ae6 100644 --- a/lib/vssh/libssh.c +++ b/lib/vssh/libssh.c @@ -31,6 +31,8 @@ #include +/* in 0.10.0 or later, ignore deprecated warnings */ +#define SSH_SUPPRESS_DEPRECATED #include #include @@ -89,13 +91,6 @@ #include "curl_memory.h" #include "memdebug.h" -/* in 0.10.0 or later, ignore deprecated warnings */ -#if defined(__GNUC__) && \ - (LIBSSH_VERSION_MINOR >= 10) || \ - (LIBSSH_VERSION_MAJOR > 0) -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" -#endif - /* A recent macro provided by libssh. Or make our own. */ #ifndef SSH_STRING_FREE_CHAR #define SSH_STRING_FREE_CHAR(x) \ @@ -166,7 +161,7 @@ const struct Curl_handler Curl_handler_scp = { ZERO_NULL, /* domore_getsock */ myssh_getsock, /* perform_getsock */ scp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_SSH, /* defport */ @@ -193,7 +188,7 @@ const struct Curl_handler Curl_handler_sftp = { ZERO_NULL, /* domore_getsock */ myssh_getsock, /* perform_getsock */ sftp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_SSH, /* defport */ @@ -444,11 +439,8 @@ static int myssh_is_known(struct Curl_easy *data) keymatch = CURLKHMATCH_OK; break; case SSH_KNOWN_HOSTS_OTHER: - /* fallthrough */ case SSH_KNOWN_HOSTS_NOT_FOUND: - /* fallthrough */ case SSH_KNOWN_HOSTS_UNKNOWN: - /* fallthrough */ case SSH_KNOWN_HOSTS_ERROR: keymatch = CURLKHMATCH_MISSING; break; @@ -464,7 +456,6 @@ static int myssh_is_known(struct Curl_easy *data) keymatch = CURLKHMATCH_OK; break; case SSH_SERVER_FILE_NOT_FOUND: - /* fallthrough */ case SSH_SERVER_NOT_KNOWN: keymatch = CURLKHMATCH_MISSING; break; @@ -628,7 +619,7 @@ restart: if(rc < 0) return SSH_ERROR; - /* FALLTHROUGH */ + FALLTHROUGH(); case 1: sshc->kbd_state = 1; @@ -703,7 +694,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) ssh_set_blocking(sshc->ssh_session, 0); state(data, SSH_S_STARTUP); - /* FALLTHROUGH */ + FALLTHROUGH(); case SSH_S_STARTUP: rc = ssh_connect(sshc->ssh_session); @@ -718,7 +709,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) state(data, SSH_HOSTKEY); - /* FALLTHROUGH */ + FALLTHROUGH(); case SSH_HOSTKEY: rc = myssh_is_known(data); @@ -728,7 +719,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) } state(data, SSH_AUTHLIST); - /* FALLTHROUGH */ + FALLTHROUGH(); case SSH_AUTHLIST:{ sshc->authed = FALSE; @@ -909,7 +900,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) break; } state(data, SSH_AUTH_PASS); - /* FALLTHROUGH */ + FALLTHROUGH(); case SSH_AUTH_PASS: rc = ssh_userauth_password(sshc->ssh_session, NULL, conn->passwd); @@ -972,7 +963,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) break; } state(data, SSH_SFTP_REALPATH); - /* FALLTHROUGH */ + FALLTHROUGH(); case SSH_SFTP_REALPATH: /* * Get the "home" directory @@ -1159,13 +1150,23 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) break; } else if(statvfs) { + #ifdef _MSC_VER + #define CURL_LIBSSH_VFS_SIZE_MASK "I64u" + #else + #define CURL_LIBSSH_VFS_SIZE_MASK PRIu64 + #endif char *tmp = aprintf("statvfs:\n" - "f_bsize: %llu\n" "f_frsize: %llu\n" - "f_blocks: %llu\n" "f_bfree: %llu\n" - "f_bavail: %llu\n" "f_files: %llu\n" - "f_ffree: %llu\n" "f_favail: %llu\n" - "f_fsid: %llu\n" "f_flag: %llu\n" - "f_namemax: %llu\n", + "f_bsize: %" CURL_LIBSSH_VFS_SIZE_MASK "\n" + "f_frsize: %" CURL_LIBSSH_VFS_SIZE_MASK "\n" + "f_blocks: %" CURL_LIBSSH_VFS_SIZE_MASK "\n" + "f_bfree: %" CURL_LIBSSH_VFS_SIZE_MASK "\n" + "f_bavail: %" CURL_LIBSSH_VFS_SIZE_MASK "\n" + "f_files: %" CURL_LIBSSH_VFS_SIZE_MASK "\n" + "f_ffree: %" CURL_LIBSSH_VFS_SIZE_MASK "\n" + "f_favail: %" CURL_LIBSSH_VFS_SIZE_MASK "\n" + "f_fsid: %" CURL_LIBSSH_VFS_SIZE_MASK "\n" + "f_flag: %" CURL_LIBSSH_VFS_SIZE_MASK "\n" + "f_namemax: %" CURL_LIBSSH_VFS_SIZE_MASK "\n", statvfs->f_bsize, statvfs->f_frsize, statvfs->f_blocks, statvfs->f_bfree, statvfs->f_bavail, statvfs->f_files, @@ -1307,13 +1308,14 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) } /* seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */ do { + char scratch[4*1024]; size_t readthisamountnow = - (data->state.resume_from - passed > data->set.buffer_size) ? - (size_t)data->set.buffer_size : - curlx_sotouz(data->state.resume_from - passed); + (data->state.resume_from - passed > + (curl_off_t)sizeof(scratch)) ? + sizeof(scratch) : curlx_sotouz(data->state.resume_from - passed); size_t actuallyread = - data->state.fread_func(data->state.buffer, 1, + data->state.fread_func(scratch, 1, readthisamountnow, data->state.in); passed += actuallyread; @@ -1359,7 +1361,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) /* we want to use the _sending_ function even when the socket turns out readable as the underlying libssh sftp send function will deal with both accordingly */ - conn->cselect_bits = CURL_CSELECT_OUT; + data->state.select_bits = CURL_CSELECT_OUT; /* since we don't really wait for anything at this point, we want the state machine to move on as soon as possible so we set a very short @@ -1466,13 +1468,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) state(data, SSH_STOP); break; } - /* since this counts what we send to the client, we include the - newline in this counter */ - data->req.bytecount += sshc->readdir_len + 1; - /* output debug output if that is requested */ - Curl_debug(data, CURLINFO_DATA_OUT, (char *)sshc->readdir_filename, - sshc->readdir_len); } else { if(Curl_dyn_add(&sshc->readdir_buf, sshc->readdir_longentry)) { @@ -1555,7 +1551,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) sshc->readdir_longentry = NULL; state(data, SSH_SFTP_READDIR_BOTTOM); - /* FALLTHROUGH */ + FALLTHROUGH(); case SSH_SFTP_READDIR_BOTTOM: if(Curl_dyn_addn(&sshc->readdir_buf, "\n", 1)) result = CURLE_OUT_OF_MEMORY; @@ -1564,12 +1560,6 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) Curl_dyn_ptr(&sshc->readdir_buf), Curl_dyn_len(&sshc->readdir_buf)); - if(!result) { - /* output debug output if that is requested */ - Curl_debug(data, CURLINFO_DATA_OUT, Curl_dyn_ptr(&sshc->readdir_buf), - Curl_dyn_len(&sshc->readdir_buf)); - data->req.bytecount += Curl_dyn_len(&sshc->readdir_buf); - } ssh_string_free_char(sshc->readdir_tmp); sshc->readdir_tmp = NULL; @@ -1741,7 +1731,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) /* we want to use the _receiving_ function even when the socket turns out writableable as the underlying libssh recv function will deal with both accordingly */ - conn->cselect_bits = CURL_CSELECT_IN; + data->state.select_bits = CURL_CSELECT_IN; if(result) { /* this should never occur; the close state should be entered @@ -1869,7 +1859,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) /* we want to use the _sending_ function even when the socket turns out readable as the underlying libssh scp send function will deal with both accordingly */ - conn->cselect_bits = CURL_CSELECT_OUT; + data->state.select_bits = CURL_CSELECT_OUT; state(data, SSH_STOP); @@ -1885,7 +1875,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) break; } state(data, SSH_SCP_DOWNLOAD); - /* FALLTHROUGH */ + FALLTHROUGH(); case SSH_SCP_DOWNLOAD:{ curl_off_t bytecount; @@ -1909,7 +1899,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) /* we want to use the _receiving_ function even when the socket turns out writableable as the underlying libssh recv function will deal with both accordingly */ - conn->cselect_bits = CURL_CSELECT_IN; + data->state.select_bits = CURL_CSELECT_IN; state(data, SSH_STOP); break; @@ -1949,7 +1939,7 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) ssh_set_blocking(sshc->ssh_session, 0); state(data, SSH_SESSION_DISCONNECT); - /* FALLTHROUGH */ + FALLTHROUGH(); case SSH_SESSION_DISCONNECT: /* during weird times when we've been prematurely aborted, the channel @@ -1963,17 +1953,16 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) ssh_disconnect(sshc->ssh_session); if(!ssh_version(SSH_VERSION_INT(0, 10, 0))) { /* conn->sock[FIRSTSOCKET] is closed by ssh_disconnect behind our back, - explicitly mark it as closed with the memdebug macro. This libssh + tell the connection to forget about it. This libssh bug is fixed in 0.10.0. */ - fake_sclose(conn->sock[FIRSTSOCKET]); - conn->sock[FIRSTSOCKET] = CURL_SOCKET_BAD; + Curl_conn_forget_socket(data, FIRSTSOCKET); } SSH_STRING_FREE_CHAR(sshc->homedir); data->state.most_recent_ftp_entrypath = NULL; state(data, SSH_SESSION_FREE); - /* FALLTHROUGH */ + FALLTHROUGH(); case SSH_SESSION_FREE: if(sshc->ssh_session) { ssh_free(sshc->ssh_session); @@ -2024,7 +2013,6 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) break; case SSH_QUIT: - /* fallthrough, just stop! */ default: /* internal error */ sshc->nextstate = SSH_NO_STATE; @@ -2615,7 +2603,7 @@ static ssize_t sftp_recv(struct Curl_easy *data, int sockindex, return -1; } - /* FALLTHROUGH */ + FALLTHROUGH(); case 1: conn->proto.sshc.sftp_recv_state = 1; diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c index f539b393b..e9dfef950 100644 --- a/lib/vssh/libssh2.c +++ b/lib/vssh/libssh2.c @@ -138,7 +138,7 @@ const struct Curl_handler Curl_handler_scp = { ZERO_NULL, /* domore_getsock */ ssh_getsock, /* perform_getsock */ scp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ssh_attach, /* attach */ PORT_SSH, /* defport */ @@ -167,7 +167,7 @@ const struct Curl_handler Curl_handler_sftp = { ZERO_NULL, /* domore_getsock */ ssh_getsock, /* perform_getsock */ sftp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ssh_attach, /* attach */ PORT_SSH, /* defport */ @@ -589,10 +589,9 @@ static CURLcode ssh_knownhost(struct Curl_easy *data) switch(rc) { default: /* unknown return codes will equal reject */ - /* FALLTHROUGH */ case CURLKHSTAT_REJECT: state(data, SSH_SESSION_FREE); - /* FALLTHROUGH */ + FALLTHROUGH(); case CURLKHSTAT_DEFER: /* DEFER means bail out but keep the SSH_HOSTKEY state */ result = sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION; @@ -601,9 +600,8 @@ static CURLcode ssh_knownhost(struct Curl_easy *data) /* remove old host+key that doesn't match */ if(host) libssh2_knownhost_del(sshc->kh, host); - /* FALLTHROUGH */ + FALLTHROUGH(); case CURLKHSTAT_FINE: - /* FALLTHROUGH */ case CURLKHSTAT_FINE_ADD_TO_FILE: /* proceed */ if(keycheck != LIBSSH2_KNOWNHOST_CHECK_MATCH) { @@ -997,7 +995,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) } state(data, SSH_S_STARTUP); - /* FALLTHROUGH */ + FALLTHROUGH(); case SSH_S_STARTUP: rc = session_startup(sshc->ssh_session, sock); @@ -1016,7 +1014,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) state(data, SSH_HOSTKEY); - /* FALLTHROUGH */ + FALLTHROUGH(); case SSH_HOSTKEY: /* * Before we authenticate we should check the hostkey's fingerprint @@ -1537,139 +1535,137 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) state(data, SSH_SFTP_NEXT_QUOTE); break; } - { - /* - * the arguments following the command must be separated from the - * command with a space so we can check for it unconditionally - */ - cp = strchr(cmd, ' '); - if(!cp) { - failf(data, "Syntax error command '%s', missing parameter", - cmd); + + /* + * the arguments following the command must be separated from the + * command with a space so we can check for it unconditionally + */ + cp = strchr(cmd, ' '); + if(!cp) { + failf(data, "Syntax error command '%s', missing parameter", + cmd); + state(data, SSH_SFTP_CLOSE); + sshc->nextstate = SSH_NO_STATE; + sshc->actualcode = CURLE_QUOTE_ERROR; + break; + } + + /* + * also, every command takes at least one argument so we get that + * first argument right now + */ + result = Curl_get_pathname(&cp, &sshc->quote_path1, sshc->homedir); + if(result) { + if(result == CURLE_OUT_OF_MEMORY) + failf(data, "Out of memory"); + else + failf(data, "Syntax error: Bad first parameter to '%s'", cmd); + state(data, SSH_SFTP_CLOSE); + sshc->nextstate = SSH_NO_STATE; + sshc->actualcode = result; + break; + } + + /* + * SFTP is a binary protocol, so we don't send text commands + * to the server. Instead, we scan for commands used by + * OpenSSH's sftp program and call the appropriate libssh2 + * functions. + */ + if(strncasecompare(cmd, "chgrp ", 6) || + strncasecompare(cmd, "chmod ", 6) || + strncasecompare(cmd, "chown ", 6) || + strncasecompare(cmd, "atime ", 6) || + strncasecompare(cmd, "mtime ", 6)) { + /* attribute change */ + + /* sshc->quote_path1 contains the mode to set */ + /* get the destination */ + result = Curl_get_pathname(&cp, &sshc->quote_path2, sshc->homedir); + if(result) { + if(result == CURLE_OUT_OF_MEMORY) + failf(data, "Out of memory"); + else + failf(data, "Syntax error in %s: Bad second parameter", cmd); + Curl_safefree(sshc->quote_path1); state(data, SSH_SFTP_CLOSE); sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = CURLE_QUOTE_ERROR; + sshc->actualcode = result; break; } - - /* - * also, every command takes at least one argument so we get that - * first argument right now - */ - result = Curl_get_pathname(&cp, &sshc->quote_path1, sshc->homedir); + memset(&sshp->quote_attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); + state(data, SSH_SFTP_QUOTE_STAT); + break; + } + if(strncasecompare(cmd, "ln ", 3) || + strncasecompare(cmd, "symlink ", 8)) { + /* symbolic linking */ + /* sshc->quote_path1 is the source */ + /* get the destination */ + result = Curl_get_pathname(&cp, &sshc->quote_path2, sshc->homedir); if(result) { if(result == CURLE_OUT_OF_MEMORY) failf(data, "Out of memory"); else - failf(data, "Syntax error: Bad first parameter to '%s'", cmd); + failf(data, + "Syntax error in ln/symlink: Bad second parameter"); + Curl_safefree(sshc->quote_path1); state(data, SSH_SFTP_CLOSE); sshc->nextstate = SSH_NO_STATE; sshc->actualcode = result; break; } - - /* - * SFTP is a binary protocol, so we don't send text commands - * to the server. Instead, we scan for commands used by - * OpenSSH's sftp program and call the appropriate libssh2 - * functions. - */ - if(strncasecompare(cmd, "chgrp ", 6) || - strncasecompare(cmd, "chmod ", 6) || - strncasecompare(cmd, "chown ", 6) || - strncasecompare(cmd, "atime ", 6) || - strncasecompare(cmd, "mtime ", 6)) { - /* attribute change */ - - /* sshc->quote_path1 contains the mode to set */ - /* get the destination */ - result = Curl_get_pathname(&cp, &sshc->quote_path2, sshc->homedir); - if(result) { - if(result == CURLE_OUT_OF_MEMORY) - failf(data, "Out of memory"); - else - failf(data, "Syntax error in %s: Bad second parameter", cmd); - Curl_safefree(sshc->quote_path1); - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = result; - break; - } - memset(&sshp->quote_attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); - state(data, SSH_SFTP_QUOTE_STAT); - break; - } - if(strncasecompare(cmd, "ln ", 3) || - strncasecompare(cmd, "symlink ", 8)) { - /* symbolic linking */ - /* sshc->quote_path1 is the source */ - /* get the destination */ - result = Curl_get_pathname(&cp, &sshc->quote_path2, sshc->homedir); - if(result) { - if(result == CURLE_OUT_OF_MEMORY) - failf(data, "Out of memory"); - else - failf(data, - "Syntax error in ln/symlink: Bad second parameter"); - Curl_safefree(sshc->quote_path1); - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = result; - break; - } - state(data, SSH_SFTP_QUOTE_SYMLINK); - break; - } - else if(strncasecompare(cmd, "mkdir ", 6)) { - /* create dir */ - state(data, SSH_SFTP_QUOTE_MKDIR); - break; - } - else if(strncasecompare(cmd, "rename ", 7)) { - /* rename file */ - /* first param is the source path */ - /* second param is the dest. path */ - result = Curl_get_pathname(&cp, &sshc->quote_path2, sshc->homedir); - if(result) { - if(result == CURLE_OUT_OF_MEMORY) - failf(data, "Out of memory"); - else - failf(data, "Syntax error in rename: Bad second parameter"); - Curl_safefree(sshc->quote_path1); - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = result; - break; - } - state(data, SSH_SFTP_QUOTE_RENAME); - break; - } - else if(strncasecompare(cmd, "rmdir ", 6)) { - /* delete dir */ - state(data, SSH_SFTP_QUOTE_RMDIR); - break; - } - else if(strncasecompare(cmd, "rm ", 3)) { - state(data, SSH_SFTP_QUOTE_UNLINK); + state(data, SSH_SFTP_QUOTE_SYMLINK); + break; + } + else if(strncasecompare(cmd, "mkdir ", 6)) { + /* create dir */ + state(data, SSH_SFTP_QUOTE_MKDIR); + break; + } + else if(strncasecompare(cmd, "rename ", 7)) { + /* rename file */ + /* first param is the source path */ + /* second param is the dest. path */ + result = Curl_get_pathname(&cp, &sshc->quote_path2, sshc->homedir); + if(result) { + if(result == CURLE_OUT_OF_MEMORY) + failf(data, "Out of memory"); + else + failf(data, "Syntax error in rename: Bad second parameter"); + Curl_safefree(sshc->quote_path1); + state(data, SSH_SFTP_CLOSE); + sshc->nextstate = SSH_NO_STATE; + sshc->actualcode = result; break; } + state(data, SSH_SFTP_QUOTE_RENAME); + break; + } + else if(strncasecompare(cmd, "rmdir ", 6)) { + /* delete dir */ + state(data, SSH_SFTP_QUOTE_RMDIR); + break; + } + else if(strncasecompare(cmd, "rm ", 3)) { + state(data, SSH_SFTP_QUOTE_UNLINK); + break; + } #ifdef HAS_STATVFS_SUPPORT - else if(strncasecompare(cmd, "statvfs ", 8)) { - state(data, SSH_SFTP_QUOTE_STATVFS); - break; - } -#endif - - failf(data, "Unknown SFTP command"); - Curl_safefree(sshc->quote_path1); - Curl_safefree(sshc->quote_path2); - state(data, SSH_SFTP_CLOSE); - sshc->nextstate = SSH_NO_STATE; - sshc->actualcode = CURLE_QUOTE_ERROR; + else if(strncasecompare(cmd, "statvfs ", 8)) { + state(data, SSH_SFTP_QUOTE_STATVFS); break; } +#endif + + failf(data, "Unknown SFTP command"); + Curl_safefree(sshc->quote_path1); + Curl_safefree(sshc->quote_path2); + state(data, SSH_SFTP_CLOSE); + sshc->nextstate = SSH_NO_STATE; + sshc->actualcode = CURLE_QUOTE_ERROR; + break; } - break; case SSH_SFTP_NEXT_QUOTE: Curl_safefree(sshc->quote_path1); @@ -1962,13 +1958,23 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; } else if(rc == 0) { + #ifdef _MSC_VER + #define CURL_LIBSSH2_VFS_SIZE_MASK "I64u" + #else + #define CURL_LIBSSH2_VFS_SIZE_MASK "llu" + #endif char *tmp = aprintf("statvfs:\n" - "f_bsize: %llu\n" "f_frsize: %llu\n" - "f_blocks: %llu\n" "f_bfree: %llu\n" - "f_bavail: %llu\n" "f_files: %llu\n" - "f_ffree: %llu\n" "f_favail: %llu\n" - "f_fsid: %llu\n" "f_flag: %llu\n" - "f_namemax: %llu\n", + "f_bsize: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n" + "f_frsize: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n" + "f_blocks: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n" + "f_bfree: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n" + "f_bavail: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n" + "f_files: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n" + "f_ffree: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n" + "f_favail: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n" + "f_fsid: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n" + "f_flag: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n" + "f_namemax: %" CURL_LIBSSH2_VFS_SIZE_MASK "\n", statvfs.f_bsize, statvfs.f_frsize, statvfs.f_blocks, statvfs.f_bfree, statvfs.f_bavail, statvfs.f_files, @@ -2152,14 +2158,15 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) } /* seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */ do { + char scratch[4*1024]; size_t readthisamountnow = - (data->state.resume_from - passed > data->set.buffer_size) ? - (size_t)data->set.buffer_size : - curlx_sotouz(data->state.resume_from - passed); + (data->state.resume_from - passed > + (curl_off_t)sizeof(scratch)) ? + sizeof(scratch) : curlx_sotouz(data->state.resume_from - passed); size_t actuallyread; Curl_set_in_callback(data, true); - actuallyread = data->state.fread_func(data->state.buffer, 1, + actuallyread = data->state.fread_func(scratch, 1, readthisamountnow, data->state.in); Curl_set_in_callback(data, false); @@ -2205,7 +2212,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) /* we want to use the _sending_ function even when the socket turns out readable as the underlying libssh2 sftp send function will deal with both accordingly */ - conn->cselect_bits = CURL_CSELECT_OUT; + data->state.select_bits = CURL_CSELECT_OUT; /* since we don't really wait for anything at this point, we want the state machine to move on as soon as possible so we set a very short @@ -2341,14 +2348,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) state(data, SSH_STOP); break; } - /* since this counts what we send to the client, we include the - newline in this counter */ - data->req.bytecount += readdir_len + 1; - /* output debug output if that is requested */ - Curl_debug(data, CURLINFO_DATA_IN, sshp->readdir_filename, - readdir_len); - Curl_debug(data, CURLINFO_DATA_IN, (char *)"\n", 1); } else { result = Curl_dyn_add(&sshp->readdir, sshp->readdir_longentry); @@ -2427,13 +2427,6 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) Curl_dyn_ptr(&sshp->readdir), Curl_dyn_len(&sshp->readdir)); - if(!result) { - /* output debug output if that is requested */ - Curl_debug(data, CURLINFO_DATA_IN, - Curl_dyn_ptr(&sshp->readdir), - Curl_dyn_len(&sshp->readdir)); - data->req.bytecount += Curl_dyn_len(&sshp->readdir); - } if(result) { Curl_dyn_free(&sshp->readdir); state(data, SSH_STOP); @@ -2608,7 +2601,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) /* we want to use the _receiving_ function even when the socket turns out writableable as the underlying libssh2 recv function will deal with both accordingly */ - conn->cselect_bits = CURL_CSELECT_IN; + data->state.select_bits = CURL_CSELECT_IN; if(result) { /* this should never occur; the close state should be entered @@ -2763,7 +2756,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) /* we want to use the _sending_ function even when the socket turns out readable as the underlying libssh2 scp send function will deal with both accordingly */ - conn->cselect_bits = CURL_CSELECT_OUT; + data->state.select_bits = CURL_CSELECT_OUT; state(data, SSH_STOP); } @@ -2825,7 +2818,7 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) /* we want to use the _receiving_ function even when the socket turns out writableable as the underlying libssh2 recv function will deal with both accordingly */ - conn->cselect_bits = CURL_CSELECT_IN; + data->state.select_bits = CURL_CSELECT_IN; if(result) { state(data, SSH_SCP_CHANNEL_FREE); @@ -3030,7 +3023,6 @@ static CURLcode ssh_statemach_act(struct Curl_easy *data, bool *block) break; case SSH_QUIT: - /* fallthrough, just stop! */ default: /* internal error */ sshc->nextstate = SSH_NO_STATE; @@ -3298,6 +3290,27 @@ static CURLcode ssh_connect(struct Curl_easy *data, bool *done) #ifndef CURL_DISABLE_PROXY if(conn->http_proxy.proxytype == CURLPROXY_HTTPS) { + /* + Setup libssh2 callbacks to make it read/write TLS from the socket. + + ssize_t + recvcb(libssh2_socket_t sock, void *buffer, size_t length, + int flags, void **abstract); + + ssize_t + sendcb(libssh2_socket_t sock, const void *buffer, size_t length, + int flags, void **abstract); + + */ +#if LIBSSH2_VERSION_NUM >= 0x010b01 + infof(data, "Uses HTTPS proxy"); + libssh2_session_callback_set2(sshc->ssh_session, + LIBSSH2_CALLBACK_RECV, + (libssh2_cb_generic *)ssh_tls_recv); + libssh2_session_callback_set2(sshc->ssh_session, + LIBSSH2_CALLBACK_SEND, + (libssh2_cb_generic *)ssh_tls_send); +#else /* * This crazy union dance is here to avoid assigning a void pointer a * function pointer as it is invalid C. The problem is of course that @@ -3318,22 +3331,11 @@ static CURLcode ssh_connect(struct Curl_easy *data, bool *done) sshsend.sendptr = ssh_tls_send; infof(data, "Uses HTTPS proxy"); - /* - Setup libssh2 callbacks to make it read/write TLS from the socket. - - ssize_t - recvcb(libssh2_socket_t sock, void *buffer, size_t length, - int flags, void **abstract); - - ssize_t - sendcb(libssh2_socket_t sock, const void *buffer, size_t length, - int flags, void **abstract); - - */ libssh2_session_callback_set(sshc->ssh_session, LIBSSH2_CALLBACK_RECV, sshrecv.recvp); libssh2_session_callback_set(sshc->ssh_session, LIBSSH2_CALLBACK_SEND, sshsend.sendp); +#endif /* Store the underlying TLS recv/send function pointers to be used when reading from the proxy */ diff --git a/lib/vssh/ssh.h b/lib/vssh/ssh.h index 1e1b1379c..ca0533aa5 100644 --- a/lib/vssh/ssh.h +++ b/lib/vssh/ssh.h @@ -267,6 +267,7 @@ void Curl_ssh_attach(struct Curl_easy *data, /* for non-SSH builds */ #define Curl_ssh_cleanup() #define Curl_ssh_attach(x,y) +#define Curl_ssh_init() 0 #endif #endif /* HEADER_CURL_SSH_H */ diff --git a/lib/vssh/wolfssh.c b/lib/vssh/wolfssh.c index 39cee5076..7396791ce 100644 --- a/lib/vssh/wolfssh.c +++ b/lib/vssh/wolfssh.c @@ -42,6 +42,7 @@ #include "select.h" #include "multiif.h" #include "warnless.h" +#include "strdup.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -92,7 +93,7 @@ const struct Curl_handler Curl_handler_scp = { ZERO_NULL, /* domore_getsock */ wssh_getsock, /* perform_getsock */ wscp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_SSH, /* defport */ @@ -121,7 +122,7 @@ const struct Curl_handler Curl_handler_sftp = { ZERO_NULL, /* domore_getsock */ wssh_getsock, /* perform_getsock */ wsftp_disconnect, /* disconnect */ - ZERO_NULL, /* readwrite */ + ZERO_NULL, /* write_resp */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_SSH, /* defport */ @@ -343,9 +344,6 @@ static CURLcode wssh_setup_connection(struct Curl_easy *data, return CURLE_OK; } -static Curl_recv wscp_recv, wsftp_recv; -static Curl_send wscp_send, wsftp_send; - static int userauth(byte authtype, WS_UserAuthData* authdata, void *ctx) @@ -515,15 +513,9 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) return CURLE_OK; } else if(name && (rc == WS_SUCCESS)) { - sshc->homedir = malloc(name->fSz + 1); - if(!sshc->homedir) { + sshc->homedir = Curl_memdup0(name->fName, name->fSz); + if(!sshc->homedir) sshc->actualcode = CURLE_OUT_OF_MEMORY; - } - else { - memcpy(sshc->homedir, name->fName, name->fSz); - sshc->homedir[name->fSz] = 0; - infof(data, "wolfssh SFTP realpath succeeded"); - } wolfSSH_SFTPNAME_list_free(name); state(data, SSH_STOP); return CURLE_OK; @@ -649,14 +641,15 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) } /* seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */ do { + char scratch[4*1024]; size_t readthisamountnow = - (data->state.resume_from - passed > data->set.buffer_size) ? - (size_t)data->set.buffer_size : - curlx_sotouz(data->state.resume_from - passed); + (data->state.resume_from - passed > + (curl_off_t)sizeof(scratch)) ? + sizeof(scratch) : curlx_sotouz(data->state.resume_from - passed); size_t actuallyread; Curl_set_in_callback(data, true); - actuallyread = data->state.fread_func(data->state.buffer, 1, + actuallyread = data->state.fread_func(scratch, 1, readthisamountnow, data->state.in); Curl_set_in_callback(data, false); @@ -702,7 +695,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) /* we want to use the _sending_ function even when the socket turns out readable as the underlying libssh2 sftp send function will deal with both accordingly */ - conn->cselect_bits = CURL_CSELECT_OUT; + data->state.select_bits = CURL_CSELECT_OUT; /* since we don't really wait for anything at this point, we want the state machine to move on as soon as possible so we set a very short @@ -798,7 +791,7 @@ static CURLcode wssh_statemach_act(struct Curl_easy *data, bool *block) /* we want to use the _receiving_ function even when the socket turns out writableable as the underlying libssh2 recv function will deal with both accordingly */ - conn->cselect_bits = CURL_CSELECT_IN; + data->state.select_bits = CURL_CSELECT_IN; if(result) { /* this should never occur; the close state should be entered diff --git a/lib/vtls/bearssl.c b/lib/vtls/bearssl.c index 934149c1b..58394bab9 100644 --- a/lib/vtls/bearssl.c +++ b/lib/vtls/bearssl.c @@ -509,7 +509,6 @@ static CURLcode bearssl_set_selected_ciphers(struct Curl_easy *data, { uint16_t selected_ciphers[NUM_OF_CIPHERS]; size_t selected_count = 0; - char cipher_name[CIPHER_NAME_BUF_LEN]; const char *cipher_start = ciphers; const char *cipher_end; size_t i, j; @@ -518,41 +517,48 @@ static CURLcode bearssl_set_selected_ciphers(struct Curl_easy *data, return CURLE_SSL_CIPHER; while(true) { + const char *cipher; + size_t clen; + /* Extract the next cipher name from the ciphers string */ while(is_separator(*cipher_start)) ++cipher_start; - if(*cipher_start == '\0') + if(!*cipher_start) break; cipher_end = cipher_start; - while(*cipher_end != '\0' && !is_separator(*cipher_end)) + while(*cipher_end && !is_separator(*cipher_end)) ++cipher_end; - j = cipher_end - cipher_start < CIPHER_NAME_BUF_LEN - 1 ? - cipher_end - cipher_start : CIPHER_NAME_BUF_LEN - 1; - strncpy(cipher_name, cipher_start, j); - cipher_name[j] = '\0'; + + clen = cipher_end - cipher_start; + cipher = cipher_start; + cipher_start = cipher_end; /* Lookup the cipher name in the table of available ciphers. If the cipher name starts with "TLS_" we do the lookup by IANA name. Otherwise, we try to match cipher name by an (OpenSSL) alias. */ - if(strncasecompare(cipher_name, "TLS_", 4)) { + if(strncasecompare(cipher, "TLS_", 4)) { for(i = 0; i < NUM_OF_CIPHERS && - !strcasecompare(cipher_name, ciphertable[i].name); ++i); + (strlen(ciphertable[i].name) == clen) && + !strncasecompare(cipher, ciphertable[i].name, clen); ++i); } else { for(i = 0; i < NUM_OF_CIPHERS && - !strcasecompare(cipher_name, ciphertable[i].alias_name); ++i); + (strlen(ciphertable[i].alias_name) == clen) && + !strncasecompare(cipher, ciphertable[i].alias_name, clen); ++i); } if(i == NUM_OF_CIPHERS) { - infof(data, "BearSSL: unknown cipher in list: %s", cipher_name); + infof(data, "BearSSL: unknown cipher in list: %.*s", + (int)clen, cipher); continue; } /* No duplicates allowed */ for(j = 0; j < selected_count && - selected_ciphers[j] != ciphertable[i].num; j++); + selected_ciphers[j] != ciphertable[i].num; j++); if(j < selected_count) { - infof(data, "BearSSL: duplicate cipher in list: %s", cipher_name); + infof(data, "BearSSL: duplicate cipher in list: %.*s", + (int)clen, cipher); continue; } @@ -582,17 +588,12 @@ static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf, const char * const ssl_cafile = /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */ (ca_info_blob ? NULL : conn_config->CAfile); - const char *hostname = connssl->hostname; + const char *hostname = connssl->peer.hostname; const bool verifypeer = conn_config->verifypeer; const bool verifyhost = conn_config->verifyhost; CURLcode ret; unsigned version_min, version_max; int session_set = 0; -#ifdef ENABLE_IPV6 - struct in6_addr addr; -#else - struct in_addr addr; -#endif DEBUGASSERT(backend); CURL_TRC_CF(data, cf, "connect_step1"); @@ -706,11 +707,7 @@ static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf, infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data); } - if((1 == Curl_inet_pton(AF_INET, hostname, &addr)) -#ifdef ENABLE_IPV6 - || (1 == Curl_inet_pton(AF_INET6, hostname, &addr)) -#endif - ) { + if(connssl->peer.is_ip_address) { if(verifyhost) { failf(data, "BearSSL: " "host verification of IP address is not supported"); @@ -719,12 +716,11 @@ static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf, hostname = NULL; } else { - char *snihost = Curl_ssl_snihost(data, hostname, NULL); - if(!snihost) { + if(!connssl->peer.sni) { failf(data, "Failed to set SNI"); return CURLE_SSL_CONNECT_ERROR; } - hostname = snihost; + hostname = connssl->peer.sni; CURL_TRC_CF(data, cf, "connect_step1, SNI set"); } @@ -749,26 +745,26 @@ static CURLcode bearssl_connect_step1(struct Curl_cfilter *cf, return CURLE_OK; } -static int bearssl_get_select_socks(struct Curl_cfilter *cf, - struct Curl_easy *data, - curl_socket_t *socks) +static void bearssl_adjust_pollset(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct easy_pollset *ps) { - struct ssl_connect_data *connssl = cf->ctx; - curl_socket_t sock = Curl_conn_cf_get_socket(cf->next, data); - - if(sock == CURL_SOCKET_BAD) - return GETSOCK_BLANK; - else { - struct bearssl_ssl_backend_data *backend = - (struct bearssl_ssl_backend_data *)connssl->backend; - unsigned state = br_ssl_engine_current_state(&backend->ctx.eng); - if(state & BR_SSL_SENDREC) { - socks[0] = sock; - return GETSOCK_WRITESOCK(0); + if(!cf->connected) { + curl_socket_t sock = Curl_conn_cf_get_socket(cf->next, data); + if(sock != CURL_SOCKET_BAD) { + struct ssl_connect_data *connssl = cf->ctx; + struct bearssl_ssl_backend_data *backend = + (struct bearssl_ssl_backend_data *)connssl->backend; + unsigned state = br_ssl_engine_current_state(&backend->ctx.eng); + + if(state & BR_SSL_SENDREC) { + Curl_pollset_set_out_only(data, ps, sock); + } + else { + Curl_pollset_set_in_only(data, ps, sock); + } } } - socks[0] = sock; - return GETSOCK_READSOCK(0); } static CURLcode bearssl_run_until(struct Curl_cfilter *cf, @@ -1210,7 +1206,7 @@ const struct Curl_ssl Curl_ssl_bearssl = { Curl_none_cert_status_request, /* cert_status_request */ bearssl_connect, /* connect */ bearssl_connect_nonblocking, /* connect_nonblocking */ - bearssl_get_select_socks, /* getsock */ + bearssl_adjust_pollset, /* adjust_pollset */ bearssl_get_internals, /* get_internals */ bearssl_close, /* close_one */ Curl_none_close_all, /* close_all */ diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index c538a966e..b95c5be3c 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -402,18 +402,13 @@ set_ssl_version_min_max(struct Curl_easy *data, CURLcode gtls_client_init(struct Curl_easy *data, struct ssl_primary_config *config, struct ssl_config_data *ssl_config, - const char *hostname, + struct ssl_peer *peer, struct gtls_instance *gtls, long *pverifyresult) { unsigned int init_flags; int rc; bool sni = TRUE; /* default is SNI enabled */ -#ifdef ENABLE_IPV6 - struct in6_addr addr; -#else - struct in_addr addr; -#endif const char *prioritylist; const char *err = NULL; const char *tls13support; @@ -460,50 +455,60 @@ CURLcode gtls_client_init(struct Curl_easy *data, } #endif - if(config->CAfile) { - /* set the trusted CA cert bundle file */ - gnutls_certificate_set_verify_flags(gtls->cred, - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); + if(config->verifypeer) { + bool imported_native_ca = false; - rc = gnutls_certificate_set_x509_trust_file(gtls->cred, - config->CAfile, - GNUTLS_X509_FMT_PEM); - if(rc < 0) { - infof(data, "error reading ca cert file %s (%s)", - config->CAfile, gnutls_strerror(rc)); - if(config->verifypeer) { - *pverifyresult = rc; - return CURLE_SSL_CACERT_BADFILE; + if(ssl_config->native_ca_store) { + rc = gnutls_certificate_set_x509_system_trust(gtls->cred); + if(rc < 0) + infof(data, "error reading native ca store (%s), continuing anyway", + gnutls_strerror(rc)); + else { + infof(data, "found %d certificates in native ca store", rc); + if(rc > 0) + imported_native_ca = true; } } - else - infof(data, "found %d certificates in %s", rc, config->CAfile); - } - if(config->CApath) { - /* set the trusted CA cert directory */ - rc = gnutls_certificate_set_x509_trust_dir(gtls->cred, - config->CApath, - GNUTLS_X509_FMT_PEM); - if(rc < 0) { - infof(data, "error reading ca cert file %s (%s)", - config->CApath, gnutls_strerror(rc)); - if(config->verifypeer) { - *pverifyresult = rc; - return CURLE_SSL_CACERT_BADFILE; + if(config->CAfile) { + /* set the trusted CA cert bundle file */ + gnutls_certificate_set_verify_flags(gtls->cred, + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); + + rc = gnutls_certificate_set_x509_trust_file(gtls->cred, + config->CAfile, + GNUTLS_X509_FMT_PEM); + if(rc < 0) { + infof(data, "error reading ca cert file %s (%s)%s", + config->CAfile, gnutls_strerror(rc), + (imported_native_ca ? ", continuing anyway" : "")); + if(!imported_native_ca) { + *pverifyresult = rc; + return CURLE_SSL_CACERT_BADFILE; + } } + else + infof(data, "found %d certificates in %s", rc, config->CAfile); } - else - infof(data, "found %d certificates in %s", rc, config->CApath); - } -#ifdef CURL_CA_FALLBACK - /* use system ca certificate store as fallback */ - if(config->verifypeer && !(config->CAfile || config->CApath)) { - /* this ignores errors on purpose */ - gnutls_certificate_set_x509_system_trust(gtls->cred); + if(config->CApath) { + /* set the trusted CA cert directory */ + rc = gnutls_certificate_set_x509_trust_dir(gtls->cred, + config->CApath, + GNUTLS_X509_FMT_PEM); + if(rc < 0) { + infof(data, "error reading ca cert file %s (%s)%s", + config->CApath, gnutls_strerror(rc), + (imported_native_ca ? ", continuing anyway" : "")); + if(!imported_native_ca) { + *pverifyresult = rc; + return CURLE_SSL_CACERT_BADFILE; + } + } + else + infof(data, "found %d certificates in %s", rc, config->CApath); + } } -#endif if(config->CRLfile) { /* set the CRL list file */ @@ -537,15 +542,9 @@ CURLcode gtls_client_init(struct Curl_easy *data, return CURLE_SSL_CONNECT_ERROR; } - if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) && -#ifdef ENABLE_IPV6 - (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) && -#endif - sni) { - size_t snilen; - char *snihost = Curl_ssl_snihost(data, hostname, &snilen); - if(!snihost || gnutls_server_name_set(gtls->session, GNUTLS_NAME_DNS, - snihost, snilen) < 0) { + if(sni && peer->sni) { + if(gnutls_server_name_set(gtls->session, GNUTLS_NAME_DNS, + peer->sni, strlen(peer->sni)) < 0) { failf(data, "Failed to set SNI"); return CURLE_SSL_CONNECT_ERROR; } @@ -585,13 +584,9 @@ CURLcode gtls_client_init(struct Curl_easy *data, /* Only add SRP to the cipher list if SRP is requested. Otherwise * GnuTLS will disable TLS 1.3 support. */ if(config->username) { - size_t len = strlen(prioritylist); - - char *prioritysrp = malloc(len + sizeof(GNUTLS_SRP) + 1); + char *prioritysrp = aprintf("%s:" GNUTLS_SRP, prioritylist); if(!prioritysrp) return CURLE_OUT_OF_MEMORY; - strcpy(prioritysrp, prioritylist); - strcpy(prioritysrp + len, ":" GNUTLS_SRP); rc = gnutls_priority_set_direct(gtls->session, prioritysrp, &err); free(prioritysrp); @@ -699,7 +694,7 @@ gtls_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) return CURLE_OK; result = gtls_client_init(data, conn_config, ssl_config, - connssl->hostname, + &connssl->peer, &backend->gtls, pverifyresult); if(result) return result; @@ -811,8 +806,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, gnutls_session_t session, struct ssl_primary_config *config, struct ssl_config_data *ssl_config, - const char *hostname, - const char *dispname, + struct ssl_peer *peer, const char *pinned_key) { unsigned int cert_list_size; @@ -824,16 +818,17 @@ Curl_gtls_verifyserver(struct Curl_easy *data, char certname[65] = ""; /* limited to 64 chars by ASN.1 */ size_t size; time_t certclock; - const char *ptr; int rc; CURLcode result = CURLE_OK; #ifndef CURL_DISABLE_VERBOSE_STRINGS + const char *ptr; unsigned int algo; unsigned int bits; gnutls_protocol_t version = gnutls_protocol_get_version(session); #endif long * const certverifyresult = &ssl_config->certverifyresult; +#ifndef CURL_DISABLE_VERBOSE_STRINGS /* the name of the cipher suite used, e.g. ECDHE_RSA_AES_256_GCM_SHA384. */ ptr = gnutls_cipher_suite_get_name(gnutls_kx_get(session), gnutls_cipher_get(session), @@ -841,6 +836,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, infof(data, "SSL connection using %s / %s", gnutls_protocol_get_name(version), ptr); +#endif /* This function will return the peer's raw certificate (chain) as sent by the peer. These certificates are in raw format (DER encoded for @@ -1068,7 +1064,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, in RFC2818 (HTTPS), which takes into account wildcards, and the subject alternative name PKIX extension. Returns non zero on success, and zero on failure. */ - rc = gnutls_x509_crt_check_hostname(x509_cert, hostname); + rc = gnutls_x509_crt_check_hostname(x509_cert, peer->hostname); #if GNUTLS_VERSION_NUMBER < 0x030306 /* Before 3.3.6, gnutls_x509_crt_check_hostname() didn't check IP addresses. */ @@ -1081,10 +1077,10 @@ Curl_gtls_verifyserver(struct Curl_easy *data, unsigned char addrbuf[sizeof(struct use_addr)]; size_t addrlen = 0; - if(Curl_inet_pton(AF_INET, hostname, addrbuf) > 0) + if(Curl_inet_pton(AF_INET, peer->hostname, addrbuf) > 0) addrlen = 4; #ifdef ENABLE_IPV6 - else if(Curl_inet_pton(AF_INET6, hostname, addrbuf) > 0) + else if(Curl_inet_pton(AF_INET6, peer->hostname, addrbuf) > 0) addrlen = 16; #endif @@ -1114,13 +1110,13 @@ Curl_gtls_verifyserver(struct Curl_easy *data, if(!rc) { if(config->verifyhost) { failf(data, "SSL: certificate subject name (%s) does not match " - "target host name '%s'", certname, dispname); + "target host name '%s'", certname, peer->dispname); gnutls_x509_crt_deinit(x509_cert); return CURLE_PEER_FAILED_VERIFICATION; } else infof(data, " common name: %s (does not match '%s')", - certname, dispname); + certname, peer->dispname); } else infof(data, " common name: %s (matched)", certname); @@ -1253,8 +1249,7 @@ static CURLcode gtls_verifyserver(struct Curl_cfilter *cf, CURLcode result; result = Curl_gtls_verifyserver(data, session, conn_config, ssl_config, - connssl->hostname, connssl->dispname, - pinned_key); + &connssl->peer, pinned_key); if(result) goto out; @@ -1662,7 +1657,7 @@ const struct Curl_ssl Curl_ssl_gnutls = { gtls_cert_status_request, /* cert_status_request */ gtls_connect, /* connect */ gtls_connect_nonblocking, /* connect_nonblocking */ - Curl_ssl_get_select_socks, /* getsock */ + Curl_ssl_adjust_pollset, /* adjust_pollset */ gtls_get_internals, /* get_internals */ gtls_close, /* close_one */ Curl_none_close_all, /* close_all */ diff --git a/lib/vtls/gtls.h b/lib/vtls/gtls.h index ac141e1c6..1a81c01e9 100644 --- a/lib/vtls/gtls.h +++ b/lib/vtls/gtls.h @@ -43,6 +43,7 @@ struct Curl_easy; struct Curl_cfilter; struct ssl_primary_config; struct ssl_config_data; +struct ssl_peer; struct gtls_instance { gnutls_session_t session; @@ -56,7 +57,7 @@ CURLcode gtls_client_init(struct Curl_easy *data, struct ssl_primary_config *config, struct ssl_config_data *ssl_config, - const char *hostname, + struct ssl_peer *peer, struct gtls_instance *gtls, long *pverifyresult); @@ -65,8 +66,7 @@ Curl_gtls_verifyserver(struct Curl_easy *data, gnutls_session_t session, struct ssl_primary_config *config, struct ssl_config_data *ssl_config, - const char *hostname, - const char *dispname, + struct ssl_peer *peer, const char *pinned_key); extern const struct Curl_ssl Curl_ssl_gnutls; diff --git a/lib/vtls/keylog.c b/lib/vtls/keylog.c index d37bb183e..fbcb25cfb 100644 --- a/lib/vtls/keylog.c +++ b/lib/vtls/keylog.c @@ -23,6 +23,11 @@ ***************************************************************************/ #include "curl_setup.h" +#if defined(USE_OPENSSL) || \ + defined(USE_WOLFSSL) || \ + (defined(USE_NGTCP2) && defined(USE_NGHTTP3)) || \ + defined(USE_QUICHE) + #include "keylog.h" #include @@ -55,7 +60,7 @@ Curl_tls_keylog_open(void) if(keylog_file_name) { keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT); if(keylog_file_fp) { -#ifdef WIN32 +#ifdef _WIN32 if(setvbuf(keylog_file_fp, NULL, _IONBF, 0)) #else if(setvbuf(keylog_file_fp, NULL, _IOLBF, 4096)) @@ -157,3 +162,5 @@ Curl_tls_keylog_write(const char *label, fputs(line, keylog_file_fp); return true; } + +#endif /* TLS or QUIC backend */ diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 2f994d741..7d70de53b 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -36,6 +36,13 @@ /* Define this to enable lots of debugging for mbedTLS */ /* #define MBEDTLS_DEBUG */ +#ifdef __GNUC__ +#pragma GCC diagnostic push +/* mbedTLS (as of v3.5.1) has a duplicate function declaration + in its public headers. Disable the warning that detects it. */ +#pragma GCC diagnostic ignored "-Wredundant-decls" +#endif + #include #if MBEDTLS_VERSION_NUMBER >= 0x02040000 #include @@ -56,6 +63,10 @@ # endif #endif +#ifdef __GNUC__ +#pragma GCC diagnostic pop +#endif + #include "urldata.h" #include "sendf.h" #include "inet_pton.h" @@ -67,6 +78,7 @@ #include "select.h" #include "multiif.h" #include "mbedtls_threadlock.h" +#include "strdup.h" /* The last 3 #include files should be in this order */ #include "curl_printf.h" @@ -153,7 +165,6 @@ static void mbed_debug(void *context, int level, const char *f_name, infof(data, "%s", line); (void) level; } -#else #endif static int mbedtls_bio_cf_write(void *bio, @@ -165,6 +176,9 @@ static int mbedtls_bio_cf_write(void *bio, CURLcode result; DEBUGASSERT(data); + if(!data) + return 0; + nwritten = Curl_conn_cf_send(cf->next, data, (char *)buf, blen, &result); CURL_TRC_CF(data, cf, "mbedtls_bio_cf_out_write(len=%zu) -> %zd, err=%d", blen, nwritten, result); @@ -182,6 +196,8 @@ static int mbedtls_bio_cf_read(void *bio, unsigned char *buf, size_t blen) CURLcode result; DEBUGASSERT(data); + if(!data) + return 0; /* OpenSSL catches this case, so should we. */ if(!buf) return 0; @@ -322,7 +338,7 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) char * const ssl_cert = ssl_config->primary.clientcert; const struct curl_blob *ssl_cert_blob = ssl_config->primary.cert_blob; const char * const ssl_crlfile = ssl_config->primary.CRLfile; - const char *hostname = connssl->hostname; + const char *hostname = connssl->peer.hostname; int ret = -1; char errorbuf[128]; @@ -367,11 +383,10 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) /* Unfortunately, mbedtls_x509_crt_parse() requires the data to be null terminated even when provided the exact length, forcing us to waste extra memory here. */ - unsigned char *newblob = malloc(ca_info_blob->len + 1); + unsigned char *newblob = Curl_memdup0(ca_info_blob->data, + ca_info_blob->len); if(!newblob) return CURLE_OUT_OF_MEMORY; - memcpy(newblob, ca_info_blob->data, ca_info_blob->len); - newblob[ca_info_blob->len] = 0; /* null terminate */ ret = mbedtls_x509_crt_parse(&backend->cacert, newblob, ca_info_blob->len + 1); free(newblob); @@ -441,11 +456,10 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) /* Unfortunately, mbedtls_x509_crt_parse() requires the data to be null terminated even when provided the exact length, forcing us to waste extra memory here. */ - unsigned char *newblob = malloc(ssl_cert_blob->len + 1); + unsigned char *newblob = Curl_memdup0(ssl_cert_blob->data, + ssl_cert_blob->len); if(!newblob) return CURLE_OUT_OF_MEMORY; - memcpy(newblob, ssl_cert_blob->data, ssl_cert_blob->len); - newblob[ssl_cert_blob->len] = 0; /* null terminate */ ret = mbedtls_x509_crt_parse(&backend->clicert, newblob, ssl_cert_blob->len + 1); free(newblob); @@ -639,9 +653,9 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) mbedtls_ssl_conf_own_cert(&backend->config, &backend->clicert, &backend->pk); } - { - char *snihost = Curl_ssl_snihost(data, hostname, NULL); - if(!snihost || mbedtls_ssl_set_hostname(&backend->ssl, snihost)) { + + if(connssl->peer.sni) { + if(mbedtls_ssl_set_hostname(&backend->ssl, connssl->peer.sni)) { /* mbedtls_ssl_set_hostname() sets the name to use in CN/SAN checks and the name to set in the SNI extension. So even if curl connects to a host specified as an IP address, this function must be used. */ @@ -1207,6 +1221,9 @@ static int mbedtls_init(void) static void mbedtls_cleanup(void) { +#ifdef THREADING_SUPPORT + mbedtls_entropy_free(&ts_entropy); +#endif /* THREADING_SUPPORT */ (void)Curl_mbedtlsthreadlock_thread_cleanup(); } @@ -1274,7 +1291,7 @@ const struct Curl_ssl Curl_ssl_mbedtls = { Curl_none_cert_status_request, /* cert_status_request */ mbedtls_connect, /* connect */ mbedtls_connect_nonblocking, /* connect_nonblocking */ - Curl_ssl_get_select_socks, /* getsock */ + Curl_ssl_adjust_pollset, /* adjust_pollset */ mbedtls_get_internals, /* get_internals */ mbedtls_close, /* close_one */ mbedtls_close_all, /* close_all */ diff --git a/lib/vtls/mbedtls_threadlock.c b/lib/vtls/mbedtls_threadlock.c index bcb7106a6..22b1b221e 100644 --- a/lib/vtls/mbedtls_threadlock.c +++ b/lib/vtls/mbedtls_threadlock.c @@ -51,7 +51,7 @@ int Curl_mbedtlsthreadlock_thread_setup(void) { int i; - mutex_buf = calloc(NUMT * sizeof(MBEDTLS_MUTEX_T), 1); + mutex_buf = calloc(1, NUMT * sizeof(MBEDTLS_MUTEX_T)); if(!mutex_buf) return 0; /* error, no number of threads defined */ diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 9f9c8d136..8d6087022 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -79,6 +79,8 @@ #include #include #include +#include +#include #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP) #include @@ -96,6 +98,9 @@ #include "curl_memory.h" #include "memdebug.h" +#ifndef ARRAYSIZE +#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0])) +#endif /* Uncomment the ALLOW_RENEG line to a real #define if you want to allow TLS renegotiations when built with BoringSSL. Renegotiating is non-compliant @@ -173,8 +178,6 @@ #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) #define HAVE_EVP_PKEY_GET_PARAMS 1 -#else -#define SSL_get1_peer_certificate SSL_get_peer_certificate #endif #ifdef HAVE_EVP_PKEY_GET_PARAMS @@ -235,7 +238,11 @@ #elif defined(OPENSSL_IS_AWSLC) #define OSSL_PACKAGE "AWS-LC" #else -#define OSSL_PACKAGE "OpenSSL" +# if defined(USE_NGTCP2) && defined(USE_NGHTTP3) +# define OSSL_PACKAGE "quictls" +# else +# define OSSL_PACKAGE "OpenSSL" +#endif #endif #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) @@ -538,9 +545,9 @@ CURLcode Curl_ossl_certchain(struct Curl_easy *data, SSL *ssl) #else RSA_get0_key(rsa, &n, &e, NULL); #endif /* HAVE_EVP_PKEY_GET_PARAMS */ - BIO_printf(mem, "%d", BN_num_bits(n)); + BIO_printf(mem, "%d", n ? BN_num_bits(n) : 0); #else - BIO_printf(mem, "%d", BN_num_bits(rsa->n)); + BIO_printf(mem, "%d", rsa->n ? BN_num_bits(rsa->n) : 0); #endif /* HAVE_OPAQUE_RSA_DSA_DH */ push_certinfo("RSA Public Key", i); print_pubkey_BN(rsa, n, i); @@ -947,8 +954,9 @@ static char *ossl_strerror(unsigned long error, char *buf, size_t size) #endif if(!*buf) { - strncpy(buf, (error ? "Unknown error" : "No error"), size); - buf[size - 1] = '\0'; + const char *msg = error ? "Unknown error" : "No error"; + if(strlen(msg) < size) + strcpy(buf, msg); } return buf; @@ -1080,6 +1088,7 @@ static int ssl_ui_reader(UI *ui, UI_STRING *uis) UI_set_result(ui, uis, password); return 1; } + FALLTHROUGH(); default: break; } @@ -1098,6 +1107,7 @@ static int ssl_ui_writer(UI *ui, UI_STRING *uis) (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD)) { return 1; } + FALLTHROUGH(); default: break; } @@ -1515,7 +1525,7 @@ fail: case SSL_FILETYPE_PEM: if(cert_done) break; - /* FALLTHROUGH */ + FALLTHROUGH(); case SSL_FILETYPE_ASN1: cert_use_result = key_blob ? SSL_CTX_use_PrivateKey_blob(ctx, key_blob, file_type, key_passwd) : @@ -1745,7 +1755,7 @@ static int ossl_init(void) static void ossl_cleanup(void) { #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ - !defined(LIBRESSL_VERSION_NUMBER) + (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x2070000fL) /* OpenSSL 1.1 deprecates all these cleanup functions and turns them into no-ops in OpenSSL 1.0 compatibility mode */ #else @@ -2098,22 +2108,6 @@ static bool subj_alt_hostcheck(struct Curl_easy *data, return FALSE; } -static CURLcode -ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, - X509 *server_cert, const char *hostname, - const char *dispname); - -CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, - X509 *server_cert) -{ - const char *hostname, *dispname; - int port; - - (void)conn; - Curl_conn_get_host(data, FIRSTSOCKET, &hostname, &dispname, &port); - return ossl_verifyhost(data, conn, server_cert, hostname, dispname); -} - /* Quote from RFC2818 section 3.1 "Server Identity" If a subjectAltName extension of type dNSName is present, that MUST @@ -2136,10 +2130,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, This function is now used from ngtcp2 (QUIC) as well. */ -static CURLcode -ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, - X509 *server_cert, const char *hostname, - const char *dispname) +CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, + struct ssl_peer *peer, X509 *server_cert) { bool matched = FALSE; int target = GEN_DNS; /* target type, GEN_DNS or GEN_IPADD */ @@ -2156,25 +2148,21 @@ ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, size_t hostlen; (void)conn; - hostlen = strlen(hostname); - -#ifndef ENABLE_IPV6 - /* Silence compiler warnings for unused params */ - (void) conn; -#endif - + hostlen = strlen(peer->hostname); + if(peer->is_ip_address) { #ifdef ENABLE_IPV6 - if(conn->bits.ipv6_ip && - Curl_inet_pton(AF_INET6, hostname, &addr)) { - target = GEN_IPADD; - addrlen = sizeof(struct in6_addr); - } - else -#endif - if(Curl_inet_pton(AF_INET, hostname, &addr)) { + if(conn->bits.ipv6_ip && + Curl_inet_pton(AF_INET6, peer->hostname, &addr)) { target = GEN_IPADD; - addrlen = sizeof(struct in_addr); + addrlen = sizeof(struct in6_addr); } + else +#endif + if(Curl_inet_pton(AF_INET, peer->hostname, &addr)) { + target = GEN_IPADD; + addrlen = sizeof(struct in_addr); + } + } /* get a "list" of alternative names */ altnames = X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL); @@ -2224,9 +2212,9 @@ ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, if((altlen == strlen(altptr)) && /* if this isn't true, there was an embedded zero in the name string and we cannot match it. */ - subj_alt_hostcheck(data, - altptr, - altlen, hostname, hostlen, dispname)) { + subj_alt_hostcheck(data, altptr, altlen, + peer->hostname, hostlen, + peer->dispname)) { dnsmatched = TRUE; } break; @@ -2238,7 +2226,7 @@ ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, ipmatched = TRUE; infof(data, " subjectAltName: host \"%s\" matched cert's IP address!", - dispname); + peer->dispname); } break; } @@ -2254,9 +2242,9 @@ ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, /* an alternative name matched */ ; else if(dNSName || iPAddress) { - infof(data, " subjectAltName does not match %s", dispname); + infof(data, " subjectAltName does not match %s", peer->dispname); failf(data, "SSL: no alternative certificate subject name matches " - "target host name '%s'", dispname); + "target host name '%s'", peer->dispname); result = CURLE_PEER_FAILED_VERIFICATION; } else { @@ -2320,9 +2308,9 @@ ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, result = CURLE_PEER_FAILED_VERIFICATION; } else if(!Curl_cert_hostcheck((const char *)peer_CN, - peerlen, hostname, hostlen)) { + peerlen, peer->hostname, hostlen)) { failf(data, "SSL: certificate subject name '%s' does not match " - "target host name '%s'", peer_CN, dispname); + "target host name '%s'", peer_CN, peer->dispname); result = CURLE_PEER_FAILED_VERIFICATION; } else { @@ -2731,12 +2719,6 @@ static void ossl_trace(int direction, int ssl_ver, int content_type, #ifdef USE_OPENSSL /* ====================================================== */ -#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME -# define use_sni(x) sni = (x) -#else -# define use_sni(x) Curl_nop_stmt -#endif - /* Check for OpenSSL 1.0.2 which has ALPN support. */ #undef HAS_ALPN #if OPENSSL_VERSION_NUMBER >= 0x10002000L \ @@ -2869,7 +2851,7 @@ ossl_set_ssl_version_min_max_legacy(ctx_option_t *ctx_options, failf(data, OSSL_PACKAGE " was built without TLS 1.3 support"); return CURLE_NOT_BUILT_IN; #endif - /* FALLTHROUGH */ + FALLTHROUGH(); case CURL_SSLVERSION_TLSv1_2: #if OPENSSL_VERSION_NUMBER >= 0x1000100FL *ctx_options |= SSL_OP_NO_TLSv1_1; @@ -2877,7 +2859,7 @@ ossl_set_ssl_version_min_max_legacy(ctx_option_t *ctx_options, failf(data, OSSL_PACKAGE " was built without TLS 1.2 support"); return CURLE_NOT_BUILT_IN; #endif - /* FALLTHROUGH */ + FALLTHROUGH(); case CURL_SSLVERSION_TLSv1_1: #if OPENSSL_VERSION_NUMBER >= 0x1000100FL *ctx_options |= SSL_OP_NO_TLSv1; @@ -2885,7 +2867,7 @@ ossl_set_ssl_version_min_max_legacy(ctx_option_t *ctx_options, failf(data, OSSL_PACKAGE " was built without TLS 1.1 support"); return CURLE_NOT_BUILT_IN; #endif - /* FALLTHROUGH */ + FALLTHROUGH(); case CURL_SSLVERSION_TLSv1_0: case CURL_SSLVERSION_TLSv1: break; @@ -2896,12 +2878,12 @@ ossl_set_ssl_version_min_max_legacy(ctx_option_t *ctx_options, #if OPENSSL_VERSION_NUMBER >= 0x1000100FL *ctx_options |= SSL_OP_NO_TLSv1_1; #endif - /* FALLTHROUGH */ + FALLTHROUGH(); case CURL_SSLVERSION_MAX_TLSv1_1: #if OPENSSL_VERSION_NUMBER >= 0x1000100FL *ctx_options |= SSL_OP_NO_TLSv1_2; #endif - /* FALLTHROUGH */ + FALLTHROUGH(); case CURL_SSLVERSION_MAX_TLSv1_2: #ifdef TLS1_3_VERSION *ctx_options |= SSL_OP_NO_TLSv1_3; @@ -3032,6 +3014,151 @@ static CURLcode load_cacert_from_memory(X509_STORE *store, return (count > 0) ? CURLE_OK : CURLE_SSL_CACERT_BADFILE; } +#if defined(USE_WIN32_CRYPTO) +static CURLcode import_windows_cert_store(struct Curl_easy *data, + const char *name, + X509_STORE *store, + bool *imported) +{ + CURLcode result = CURLE_OK; + HCERTSTORE hStore; + + *imported = false; + + hStore = CertOpenSystemStoreA(0, name); + if(hStore) { + PCCERT_CONTEXT pContext = NULL; + /* The array of enhanced key usage OIDs will vary per certificate and + is declared outside of the loop so that rather than malloc/free each + iteration we can grow it with realloc, when necessary. */ + CERT_ENHKEY_USAGE *enhkey_usage = NULL; + DWORD enhkey_usage_size = 0; + + /* This loop makes a best effort to import all valid certificates from + the MS root store. If a certificate cannot be imported it is + skipped. 'result' is used to store only hard-fail conditions (such + as out of memory) that cause an early break. */ + result = CURLE_OK; + for(;;) { + X509 *x509; + FILETIME now; + BYTE key_usage[2]; + DWORD req_size; + const unsigned char *encoded_cert; +#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) + char cert_name[256]; +#endif + + pContext = CertEnumCertificatesInStore(hStore, pContext); + if(!pContext) + break; + +#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) + if(!CertGetNameStringA(pContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, + NULL, cert_name, sizeof(cert_name))) { + strcpy(cert_name, "Unknown"); + } + infof(data, "SSL: Checking cert \"%s\"", cert_name); +#endif + encoded_cert = (const unsigned char *)pContext->pbCertEncoded; + if(!encoded_cert) + continue; + + GetSystemTimeAsFileTime(&now); + if(CompareFileTime(&pContext->pCertInfo->NotBefore, &now) > 0 || + CompareFileTime(&now, &pContext->pCertInfo->NotAfter) > 0) + continue; + + /* If key usage exists check for signing attribute */ + if(CertGetIntendedKeyUsage(pContext->dwCertEncodingType, + pContext->pCertInfo, + key_usage, sizeof(key_usage))) { + if(!(key_usage[0] & CERT_KEY_CERT_SIGN_KEY_USAGE)) + continue; + } + else if(GetLastError()) + continue; + + /* If enhanced key usage exists check for server auth attribute. + * + * Note "In a Microsoft environment, a certificate might also have + * EKU extended properties that specify valid uses for the + * certificate." The call below checks both, and behavior varies + * depending on what is found. For more details see + * CertGetEnhancedKeyUsage doc. + */ + if(CertGetEnhancedKeyUsage(pContext, 0, NULL, &req_size)) { + if(req_size && req_size > enhkey_usage_size) { + void *tmp = realloc(enhkey_usage, req_size); + + if(!tmp) { + failf(data, "SSL: Out of memory allocating for OID list"); + result = CURLE_OUT_OF_MEMORY; + break; + } + + enhkey_usage = (CERT_ENHKEY_USAGE *)tmp; + enhkey_usage_size = req_size; + } + + if(CertGetEnhancedKeyUsage(pContext, 0, enhkey_usage, &req_size)) { + if(!enhkey_usage->cUsageIdentifier) { + /* "If GetLastError returns CRYPT_E_NOT_FOUND, the certificate + is good for all uses. If it returns zero, the certificate + has no valid uses." */ + if((HRESULT)GetLastError() != CRYPT_E_NOT_FOUND) + continue; + } + else { + DWORD i; + bool found = false; + + for(i = 0; i < enhkey_usage->cUsageIdentifier; ++i) { + if(!strcmp("1.3.6.1.5.5.7.3.1" /* OID server auth */, + enhkey_usage->rgpszUsageIdentifier[i])) { + found = true; + break; + } + } + + if(!found) + continue; + } + } + else + continue; + } + else + continue; + + x509 = d2i_X509(NULL, &encoded_cert, pContext->cbCertEncoded); + if(!x509) + continue; + + /* Try to import the certificate. This may fail for legitimate + reasons such as duplicate certificate, which is allowed by MS but + not OpenSSL. */ + if(X509_STORE_add_cert(store, x509) == 1) { +#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) + infof(data, "SSL: Imported cert \"%s\"", cert_name); +#endif + *imported = true; + } + X509_free(x509); + } + + free(enhkey_usage); + CertFreeCertificateContext(pContext); + CertCloseStore(hStore, 0); + + if(result) + return result; + } + + return result; +} +#endif + static CURLcode populate_x509_store(struct Curl_cfilter *cf, struct Curl_easy *data, X509_STORE *store) @@ -3050,6 +3177,8 @@ static CURLcode populate_x509_store(struct Curl_cfilter *cf, bool imported_native_ca = false; bool imported_ca_info_blob = false; + CURL_TRC_CF(data, cf, "populate_x509_store, path=%s, blob=%d", + ssl_cafile? ssl_cafile : "none", !!ca_info_blob); if(!store) return CURLE_OUT_OF_MEMORY; @@ -3061,140 +3190,25 @@ static CURLcode populate_x509_store(struct Curl_cfilter *cf, https://github.com/d3x0r/SACK/blob/master/src/netlib/ssl_layer.c#L1037 https://datatracker.ietf.org/doc/html/rfc5280 */ if(ssl_config->native_ca_store) { - HCERTSTORE hStore = CertOpenSystemStore(0, TEXT("ROOT")); - - if(hStore) { - PCCERT_CONTEXT pContext = NULL; - /* The array of enhanced key usage OIDs will vary per certificate and - is declared outside of the loop so that rather than malloc/free each - iteration we can grow it with realloc, when necessary. */ - CERT_ENHKEY_USAGE *enhkey_usage = NULL; - DWORD enhkey_usage_size = 0; - - /* This loop makes a best effort to import all valid certificates from - the MS root store. If a certificate cannot be imported it is - skipped. 'result' is used to store only hard-fail conditions (such - as out of memory) that cause an early break. */ - result = CURLE_OK; - for(;;) { - X509 *x509; - FILETIME now; - BYTE key_usage[2]; - DWORD req_size; - const unsigned char *encoded_cert; -#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) - char cert_name[256]; -#endif - - pContext = CertEnumCertificatesInStore(hStore, pContext); - if(!pContext) - break; - -#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) - if(!CertGetNameStringA(pContext, CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, - NULL, cert_name, sizeof(cert_name))) { - strcpy(cert_name, "Unknown"); - } - infof(data, "SSL: Checking cert \"%s\"", cert_name); -#endif - encoded_cert = (const unsigned char *)pContext->pbCertEncoded; - if(!encoded_cert) - continue; - - GetSystemTimeAsFileTime(&now); - if(CompareFileTime(&pContext->pCertInfo->NotBefore, &now) > 0 || - CompareFileTime(&now, &pContext->pCertInfo->NotAfter) > 0) - continue; - - /* If key usage exists check for signing attribute */ - if(CertGetIntendedKeyUsage(pContext->dwCertEncodingType, - pContext->pCertInfo, - key_usage, sizeof(key_usage))) { - if(!(key_usage[0] & CERT_KEY_CERT_SIGN_KEY_USAGE)) - continue; - } - else if(GetLastError()) - continue; - - /* If enhanced key usage exists check for server auth attribute. - * - * Note "In a Microsoft environment, a certificate might also have - * EKU extended properties that specify valid uses for the - * certificate." The call below checks both, and behavior varies - * depending on what is found. For more details see - * CertGetEnhancedKeyUsage doc. - */ - if(CertGetEnhancedKeyUsage(pContext, 0, NULL, &req_size)) { - if(req_size && req_size > enhkey_usage_size) { - void *tmp = realloc(enhkey_usage, req_size); - - if(!tmp) { - failf(data, "SSL: Out of memory allocating for OID list"); - result = CURLE_OUT_OF_MEMORY; - break; - } - - enhkey_usage = (CERT_ENHKEY_USAGE *)tmp; - enhkey_usage_size = req_size; - } - - if(CertGetEnhancedKeyUsage(pContext, 0, enhkey_usage, &req_size)) { - if(!enhkey_usage->cUsageIdentifier) { - /* "If GetLastError returns CRYPT_E_NOT_FOUND, the certificate - is good for all uses. If it returns zero, the certificate - has no valid uses." */ - if((HRESULT)GetLastError() != CRYPT_E_NOT_FOUND) - continue; - } - else { - DWORD i; - bool found = false; - - for(i = 0; i < enhkey_usage->cUsageIdentifier; ++i) { - if(!strcmp("1.3.6.1.5.5.7.3.1" /* OID server auth */, - enhkey_usage->rgpszUsageIdentifier[i])) { - found = true; - break; - } - } - - if(!found) - continue; - } - } - else - continue; - } - else - continue; - - x509 = d2i_X509(NULL, &encoded_cert, pContext->cbCertEncoded); - if(!x509) - continue; - - /* Try to import the certificate. This may fail for legitimate - reasons such as duplicate certificate, which is allowed by MS but - not OpenSSL. */ - if(X509_STORE_add_cert(store, x509) == 1) { -#if defined(DEBUGBUILD) && !defined(CURL_DISABLE_VERBOSE_STRINGS) - infof(data, "SSL: Imported cert \"%s\"", cert_name); -#endif - imported_native_ca = true; - } - X509_free(x509); - } - - free(enhkey_usage); - CertFreeCertificateContext(pContext); - CertCloseStore(hStore, 0); - + const char *storeNames[] = { + "ROOT", /* Trusted Root Certification Authorities */ + "CA" /* Intermediate Certification Authorities */ + }; + size_t i; + for(i = 0; i < ARRAYSIZE(storeNames); ++i) { + bool imported = false; + result = import_windows_cert_store(data, storeNames[i], store, + &imported); if(result) return result; + if(imported) { + infof(data, "successfully imported Windows %s store", storeNames[i]); + imported_native_ca = true; + } + else + infof(data, "error importing Windows %s store, continuing anyway", + storeNames[i]); } - if(imported_native_ca) - infof(data, "successfully imported Windows CA store"); - else - infof(data, "error importing Windows CA store, continuing anyway"); } #endif if(ca_info_blob) { @@ -3210,7 +3224,7 @@ static CURLcode populate_x509_store(struct Curl_cfilter *cf, } if(ssl_cafile || ssl_capath) { -#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) +#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) /* OpenSSL 3.0.0 has deprecated SSL_CTX_load_verify_locations */ if(ssl_cafile && !X509_STORE_load_file(store, ssl_cafile)) { if(!imported_native_ca && !imported_ca_info_blob) { @@ -3339,6 +3353,7 @@ static X509_STORE *get_cached_x509_store(struct Curl_cfilter *cf, struct Curl_multi *multi = data->multi_easy ? data->multi_easy : data->multi; X509_STORE *store = NULL; + DEBUGASSERT(multi); if(multi && multi->ssl_backend_data && multi->ssl_backend_data->store && @@ -3358,6 +3373,7 @@ static void set_cached_x509_store(struct Curl_cfilter *cf, struct Curl_multi *multi = data->multi_easy ? data->multi_easy : data->multi; struct multi_ssl_backend_data *mbackend; + DEBUGASSERT(multi); if(!multi) return; @@ -3449,17 +3465,6 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf, struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data); BIO *bio; - -#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME - bool sni; - const char *hostname = connssl->hostname; - -#ifdef ENABLE_IPV6 - struct in6_addr addr; -#else - struct in_addr addr; -#endif -#endif const long int ssl_version = conn_config->version; char * const ssl_cert = ssl_config->primary.clientcert; const struct curl_blob *ssl_cert_blob = ssl_config->primary.cert_blob; @@ -3494,7 +3499,6 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf, #else req_method = SSLv23_client_method(); #endif - use_sni(TRUE); break; case CURL_SSLVERSION_SSLv2: failf(data, "No SSLv2 support"); @@ -3787,13 +3791,8 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf, backend->server_cert = 0x0; #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME - if((0 == Curl_inet_pton(AF_INET, hostname, &addr)) && -#ifdef ENABLE_IPV6 - (0 == Curl_inet_pton(AF_INET6, hostname, &addr)) && -#endif - sni) { - char *snihost = Curl_ssl_snihost(data, hostname, NULL); - if(!snihost || !SSL_set_tlsext_host_name(backend->handle, snihost)) { + if(connssl->peer.sni) { + if(!SSL_set_tlsext_host_name(backend->handle, connssl->peer.sni)) { failf(data, "Failed set SNI"); return CURLE_SSL_CONNECT_ERROR; } @@ -3802,6 +3801,7 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf, SSL_set_app_data(backend->handle, cf); + connssl->reused_session = FALSE; if(ssl_config->primary.sessionid) { Curl_ssl_sessionid_lock(data); if(!Curl_ssl_getsessionid(cf, data, &ssl_sessionid, NULL)) { @@ -3815,6 +3815,7 @@ static CURLcode ossl_connect_step1(struct Curl_cfilter *cf, } /* Informational message */ infof(data, "SSL reusing session ID"); + connssl->reused_session = TRUE; } Curl_ssl_sessionid_unlock(data); } @@ -3975,7 +3976,7 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, Curl_strerror(sockerr, extramsg, sizeof(extramsg)); failf(data, OSSL_PACKAGE " SSL_connect: %s in connection to %s:%d ", extramsg[0] ? extramsg : SSL_ERROR_to_str(detail), - connssl->hostname, connssl->port); + connssl->peer.hostname, connssl->port); return result; } @@ -3986,13 +3987,28 @@ static CURLcode ossl_connect_step2(struct Curl_cfilter *cf, } } else { + int psigtype_nid = NID_undef; + const char *negotiated_group_name = NULL; + /* we connected fine, we're not waiting for anything else. */ connssl->connecting_state = ssl_connect_3; +#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) + SSL_get_peer_signature_type_nid(backend->handle, &psigtype_nid); +#if (OPENSSL_VERSION_NUMBER >= 0x30200000L) + negotiated_group_name = SSL_get0_group_name(backend->handle); +#else + negotiated_group_name = + OBJ_nid2sn(SSL_get_negotiated_group(backend->handle) & 0x0000FFFF); +#endif +#endif + /* Informational message */ - infof(data, "SSL connection using %s / %s", + infof(data, "SSL connection using %s / %s / %s / %s", SSL_get_version(backend->handle), - SSL_get_cipher(backend->handle)); + SSL_get_cipher(backend->handle), + negotiated_group_name? negotiated_group_name : "[blank]", + OBJ_nid2sn(psigtype_nid)); #ifdef HAS_ALPN /* Sets data and len to negotiated protocol, len is 0 if no protocol was @@ -4069,6 +4085,75 @@ static CURLcode ossl_pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert, return result; } +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ + !(defined(LIBRESSL_VERSION_NUMBER) && \ + LIBRESSL_VERSION_NUMBER < 0x3060000fL) && \ + !defined(OPENSSL_IS_BORINGSSL) && \ + !defined(OPENSSL_IS_AWSLC) && \ + !defined(CURL_DISABLE_VERBOSE_STRINGS) +static void infof_certstack(struct Curl_easy *data, const SSL *ssl) +{ + STACK_OF(X509) *certstack; + long verify_result; + int num_cert_levels; + int cert_level; + + verify_result = SSL_get_verify_result(ssl); + if(verify_result != X509_V_OK) + certstack = SSL_get_peer_cert_chain(ssl); + else + certstack = SSL_get0_verified_chain(ssl); + num_cert_levels = sk_X509_num(certstack); + + for(cert_level = 0; cert_level < num_cert_levels; cert_level++) { + char cert_algorithm[80] = ""; + char group_name_final[80] = ""; + const X509_ALGOR *palg_cert = NULL; + const ASN1_OBJECT *paobj_cert = NULL; + X509 *current_cert; + EVP_PKEY *current_pkey; + int key_bits; + int key_sec_bits; + int get_group_name; + const char *type_name; + + current_cert = sk_X509_value(certstack, cert_level); + + X509_get0_signature(NULL, &palg_cert, current_cert); + X509_ALGOR_get0(&paobj_cert, NULL, NULL, palg_cert); + OBJ_obj2txt(cert_algorithm, sizeof(cert_algorithm), paobj_cert, 0); + + current_pkey = X509_get0_pubkey(current_cert); + key_bits = EVP_PKEY_bits(current_pkey); +#if (OPENSSL_VERSION_NUMBER < 0x30000000L) +#define EVP_PKEY_get_security_bits EVP_PKEY_security_bits +#endif + key_sec_bits = EVP_PKEY_get_security_bits(current_pkey); +#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) + { + char group_name[80] = ""; + get_group_name = EVP_PKEY_get_group_name(current_pkey, group_name, + sizeof(group_name), NULL); + msnprintf(group_name_final, sizeof(group_name_final), "/%s", group_name); + } + type_name = EVP_PKEY_get0_type_name(current_pkey); +#else + get_group_name = 0; + type_name = NULL; +#endif + + infof(data, + " Certificate level %d: " + "Public key type %s%s (%d/%d Bits/secBits), signed using %s", + cert_level, type_name ? type_name : "?", + get_group_name == 0 ? "" : group_name_final, + key_bits, key_sec_bits, cert_algorithm); + } +} +#else +#define infof_certstack(data, ssl) +#endif + /* * Get the server cert, verify it and show it, etc., only call failf() if the * 'strict' argument is TRUE as otherwise all this is for informational @@ -4147,8 +4232,8 @@ static CURLcode servercert(struct Curl_cfilter *cf, BIO_free(mem); if(conn_config->verifyhost) { - result = ossl_verifyhost(data, conn, backend->server_cert, - connssl->hostname, connssl->dispname); + result = Curl_ossl_verifyhost(data, conn, &connssl->peer, + backend->server_cert); if(result) { X509_free(backend->server_cert); backend->server_cert = NULL; @@ -4258,11 +4343,28 @@ static CURLcode servercert(struct Curl_cfilter *cf, infof(data, " SSL certificate verify ok."); } + infof_certstack(data, backend->handle); + #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_TLSEXT) && \ !defined(OPENSSL_NO_OCSP) - if(conn_config->verifystatus) { + if(conn_config->verifystatus && !connssl->reused_session) { + /* don't do this after Session ID reuse */ result = verifystatus(cf, data); if(result) { + /* when verifystatus failed, remove the session id from the cache again + if present */ + if(!Curl_ssl_cf_is_proxy(cf)) { + void *old_ssl_sessionid = NULL; + bool incache; + Curl_ssl_sessionid_lock(data); + incache = !(Curl_ssl_getsessionid(cf, data, &old_ssl_sessionid, NULL)); + if(incache) { + infof(data, "Remove session ID again from cache"); + Curl_ssl_delsessionid(data, old_ssl_sessionid); + } + Curl_ssl_sessionid_unlock(data); + } + X509_free(backend->server_cert); backend->server_cert = NULL; return result; @@ -4509,10 +4611,10 @@ static ssize_t ossl_send(struct Curl_cfilter *cf, ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)); else if(sockerr) Curl_strerror(sockerr, error_buffer, sizeof(error_buffer)); - else { - strncpy(error_buffer, SSL_ERROR_to_str(err), sizeof(error_buffer)); - error_buffer[sizeof(error_buffer) - 1] = '\0'; - } + else + msnprintf(error_buffer, sizeof(error_buffer), "%s", + SSL_ERROR_to_str(err)); + failf(data, OSSL_PACKAGE " SSL_write: %s, errno %d", error_buffer, sockerr); *curlcode = CURLE_SEND_ERROR; @@ -4522,22 +4624,9 @@ static ssize_t ossl_send(struct Curl_cfilter *cf, case SSL_ERROR_SSL: { /* A failure in the SSL library occurred, usually a protocol error. The OpenSSL error queue contains more information on the error. */ - struct Curl_cfilter *cf_ssl_next = Curl_ssl_cf_get_ssl(cf->next); - struct ssl_connect_data *connssl_next = cf_ssl_next? - cf_ssl_next->ctx : NULL; sslerror = ERR_get_error(); - if(ERR_GET_LIB(sslerror) == ERR_LIB_SSL && - ERR_GET_REASON(sslerror) == SSL_R_BIO_NOT_SET && - connssl->state == ssl_connection_complete && - (connssl_next && connssl_next->state == ssl_connection_complete) - ) { - char ver[120]; - (void)ossl_version(ver, sizeof(ver)); - failf(data, "Error: %s does not support double SSL tunneling.", ver); - } - else - failf(data, "SSL_write() error: %s", - ossl_strerror(sslerror, error_buffer, sizeof(error_buffer))); + failf(data, "SSL_write() error: %s", + ossl_strerror(sslerror, error_buffer, sizeof(error_buffer))); *curlcode = CURLE_SEND_ERROR; rc = -1; goto out; @@ -4618,10 +4707,9 @@ static ssize_t ossl_recv(struct Curl_cfilter *cf, ossl_strerror(sslerror, error_buffer, sizeof(error_buffer)); else if(sockerr && err == SSL_ERROR_SYSCALL) Curl_strerror(sockerr, error_buffer, sizeof(error_buffer)); - else { - strncpy(error_buffer, SSL_ERROR_to_str(err), sizeof(error_buffer)); - error_buffer[sizeof(error_buffer) - 1] = '\0'; - } + else + msnprintf(error_buffer, sizeof(error_buffer), "%s", + SSL_ERROR_to_str(err)); failf(data, OSSL_PACKAGE " SSL_read: %s, errno %d", error_buffer, sockerr); *curlcode = CURLE_RECV_ERROR; @@ -4842,7 +4930,7 @@ const struct Curl_ssl Curl_ssl_openssl = { ossl_cert_status_request, /* cert_status_request */ ossl_connect, /* connect */ ossl_connect_nonblocking, /* connect_nonblocking */ - Curl_ssl_get_select_socks,/* getsock */ + Curl_ssl_adjust_pollset, /* adjust_pollset */ ossl_get_internals, /* get_internals */ ossl_close, /* close_one */ ossl_close_all, /* close_all */ diff --git a/lib/vtls/openssl.h b/lib/vtls/openssl.h index 950faab88..e802363a4 100644 --- a/lib/vtls/openssl.h +++ b/lib/vtls/openssl.h @@ -31,24 +31,21 @@ * This header should only be needed to get included by vtls.c, openssl.c * and ngtcp2.c */ +#include #include #include "urldata.h" -/* - * In an effort to avoid using 'X509 *' here, we instead use the struct - * x509_st version of the type so that we can forward-declare it here without - * having to include . Including that header causes name - * conflicts when libcurl is built with both Schannel and OpenSSL support. - */ -struct x509_st; +#if (OPENSSL_VERSION_NUMBER < 0x30000000L) +#define SSL_get1_peer_certificate SSL_get_peer_certificate +#endif + CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, - struct x509_st *server_cert); + struct ssl_peer *peer, X509 *server_cert); extern const struct Curl_ssl Curl_ssl_openssl; -struct ssl_ctx_st; CURLcode Curl_ossl_set_client_cert(struct Curl_easy *data, - struct ssl_ctx_st *ctx, char *cert_file, + SSL_CTX *ctx, char *cert_file, const struct curl_blob *cert_blob, const char *cert_type, char *key_file, const struct curl_blob *key_blob, @@ -65,5 +62,9 @@ CURLcode Curl_ssl_setup_x509_store(struct Curl_cfilter *cf, struct Curl_easy *data, SSL_CTX *ssl_ctx); +CURLcode Curl_ossl_ctx_configure(struct Curl_cfilter *cf, + struct Curl_easy *data, + SSL_CTX *ssl_ctx); + #endif /* USE_OPENSSL */ #endif /* HEADER_CURL_SSLUSE_H */ diff --git a/lib/vtls/rustls.c b/lib/vtls/rustls.c index a3e9d964c..d58970910 100644 --- a/lib/vtls/rustls.c +++ b/lib/vtls/rustls.c @@ -39,6 +39,7 @@ #include "select.h" #include "strerror.h" #include "multiif.h" +#include "connect.h" /* for the connect timeout */ struct rustls_ssl_backend_data { @@ -75,14 +76,6 @@ cr_data_pending(struct Curl_cfilter *cf, const struct Curl_easy *data) return backend->data_pending; } -static CURLcode -cr_connect(struct Curl_cfilter *cf UNUSED_PARAM, - struct Curl_easy *data UNUSED_PARAM) -{ - infof(data, "rustls_connect: unimplemented"); - return CURLE_SSL_CONNECT_ERROR; -} - struct io_ctx { struct Curl_cfilter *cf; struct Curl_easy *data; @@ -163,7 +156,7 @@ static ssize_t tls_recv_more(struct Curl_cfilter *cf, size_t errorlen; rustls_error(rresult, errorbuf, sizeof(errorbuf), &errorlen); failf(data, "rustls_connection_process_new_packets: %.*s", - errorlen, errorbuf); + (int)errorlen, errorbuf); *err = map_error(rresult); return -1; } @@ -232,7 +225,7 @@ cr_recv(struct Curl_cfilter *cf, struct Curl_easy *data, char errorbuf[255]; size_t errorlen; rustls_error(rresult, errorbuf, sizeof(errorbuf), &errorlen); - failf(data, "rustls_connection_read: %.*s", errorlen, errorbuf); + failf(data, "rustls_connection_read: %.*s", (int)errorlen, errorbuf); *err = CURLE_READ_ERROR; nread = -1; goto out; @@ -308,7 +301,7 @@ cr_send(struct Curl_cfilter *cf, struct Curl_easy *data, &plainwritten); if(rresult != RUSTLS_RESULT_OK) { rustls_error(rresult, errorbuf, sizeof(errorbuf), &errorlen); - failf(data, "rustls_connection_write: %.*s", errorlen, errorbuf); + failf(data, "rustls_connection_write: %.*s", (int)errorlen, errorbuf); *err = CURLE_WRITE_ERROR; return -1; } @@ -386,7 +379,7 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, /* CURLOPT_CAINFO_BLOB overrides CURLOPT_CAINFO */ (ca_info_blob ? NULL : conn_config->CAfile); const bool verifypeer = conn_config->verifypeer; - const char *hostname = connssl->hostname; + const char *hostname = connssl->peer.hostname; char errorbuf[256]; size_t errorlen; int result; @@ -458,16 +451,15 @@ cr_init_backend(struct Curl_cfilter *cf, struct Curl_easy *data, backend->config = rustls_client_config_builder_build(config_builder); DEBUGASSERT(rconn == NULL); { - char *snihost = Curl_ssl_snihost(data, hostname, NULL); - if(!snihost) { - failf(data, "rustls: failed to get SNI"); - return CURLE_SSL_CONNECT_ERROR; - } - result = rustls_client_connection_new(backend->config, snihost, &rconn); + /* rustls claims to manage ip address hostnames as well here. So, + * if we have an SNI, we use it, otherwise we pass the hostname */ + char *server = connssl->peer.sni? + connssl->peer.sni : connssl->peer.hostname; + result = rustls_client_connection_new(backend->config, server, &rconn); } if(result != RUSTLS_RESULT_OK) { rustls_error(result, errorbuf, sizeof(errorbuf), &errorlen); - failf(data, "rustls_client_connection_new: %.*s", errorlen, errorbuf); + failf(data, "rustls_client_connection_new: %.*s", (int)errorlen, errorbuf); return CURLE_COULDNT_CONNECT; } rustls_connection_set_userdata(rconn, backend); @@ -486,9 +478,20 @@ cr_set_negotiated_alpn(struct Curl_cfilter *cf, struct Curl_easy *data, Curl_alpn_set_negotiated(cf, data, protocol, len); } +/* Given an established network connection, do a TLS handshake. + * + * If `blocking` is true, this function will block until the handshake is + * complete. Otherwise it will return as soon as I/O would block. + * + * For the non-blocking I/O case, this function will set `*done` to true + * once the handshake is complete. This function never reads the value of + * `*done*`. + */ static CURLcode -cr_connect_nonblocking(struct Curl_cfilter *cf, - struct Curl_easy *data, bool *done) +cr_connect_common(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool blocking, + bool *done) { struct ssl_connect_data *const connssl = cf->ctx; curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data); @@ -502,6 +505,8 @@ cr_connect_nonblocking(struct Curl_cfilter *cf, bool wants_write; curl_socket_t writefd; curl_socket_t readfd; + timediff_t timeout_ms; + timediff_t socket_check_timeout; DEBUGASSERT(backend); @@ -539,12 +544,29 @@ cr_connect_nonblocking(struct Curl_cfilter *cf, writefd = wants_write?sockfd:CURL_SOCKET_BAD; readfd = wants_read?sockfd:CURL_SOCKET_BAD; - what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, 0); + /* check allowed time left */ + timeout_ms = Curl_timeleft(data, NULL, TRUE); + + if(timeout_ms < 0) { + /* no need to continue if time already is up */ + failf(data, "rustls: operation timed out before socket check"); + return CURLE_OPERATION_TIMEDOUT; + } + + socket_check_timeout = blocking?timeout_ms:0; + + what = Curl_socket_check( + readfd, CURL_SOCKET_BAD, writefd, socket_check_timeout); if(what < 0) { /* fatal error */ failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); return CURLE_SSL_CONNECT_ERROR; } + if(blocking && 0 == what) { + failf(data, "rustls connection timeout after %" + CURL_FORMAT_TIMEDIFF_T " ms", socket_check_timeout); + return CURLE_OPERATION_TIMEDOUT; + } if(0 == what) { infof(data, "Curl_socket_check: %s would block", wants_read&&wants_write ? "writing and reading" : @@ -589,32 +611,43 @@ cr_connect_nonblocking(struct Curl_cfilter *cf, DEBUGASSERT(false); } -/* returns a bitmap of flags for this connection's first socket indicating - whether we want to read or write */ -static int -cr_get_select_socks(struct Curl_cfilter *cf, struct Curl_easy *data, - curl_socket_t *socks) +static CURLcode +cr_connect_nonblocking(struct Curl_cfilter *cf, + struct Curl_easy *data, bool *done) { - struct ssl_connect_data *const connssl = cf->ctx; - curl_socket_t sockfd = Curl_conn_cf_get_socket(cf, data); - struct rustls_ssl_backend_data *const backend = - (struct rustls_ssl_backend_data *)connssl->backend; - struct rustls_connection *rconn = NULL; + return cr_connect_common(cf, data, false, done); +} - (void)data; - DEBUGASSERT(backend); - rconn = backend->conn; +static CURLcode +cr_connect_blocking(struct Curl_cfilter *cf UNUSED_PARAM, + struct Curl_easy *data UNUSED_PARAM) +{ + bool done; /* unused */ + return cr_connect_common(cf, data, true, &done); +} - if(rustls_connection_wants_write(rconn)) { - socks[0] = sockfd; - return GETSOCK_WRITESOCK(0); - } - if(rustls_connection_wants_read(rconn)) { - socks[0] = sockfd; - return GETSOCK_READSOCK(0); +static void cr_adjust_pollset(struct Curl_cfilter *cf, + struct Curl_easy *data, + struct easy_pollset *ps) +{ + if(!cf->connected) { + curl_socket_t sock = Curl_conn_cf_get_socket(cf->next, data); + struct ssl_connect_data *const connssl = cf->ctx; + struct rustls_ssl_backend_data *const backend = + (struct rustls_ssl_backend_data *)connssl->backend; + struct rustls_connection *rconn = NULL; + + (void)data; + DEBUGASSERT(backend); + rconn = backend->conn; + + if(rustls_connection_wants_write(rconn)) { + Curl_pollset_add_out(data, ps, sock); + } + if(rustls_connection_wants_read(rconn)) { + Curl_pollset_add_in(data, ps, sock); + } } - - return GETSOCK_BLANK; } static void * @@ -675,9 +708,9 @@ const struct Curl_ssl Curl_ssl_rustls = { cr_data_pending, /* data_pending */ Curl_none_random, /* random */ Curl_none_cert_status_request, /* cert_status_request */ - cr_connect, /* connect */ + cr_connect_blocking, /* connect */ cr_connect_nonblocking, /* connect_nonblocking */ - cr_get_select_socks, /* get_select_socks */ + cr_adjust_pollset, /* adjust_pollset */ cr_get_internals, /* get_internals */ cr_close, /* close_one */ Curl_none_close_all, /* close_all */ diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index 410a5c4ec..45c337371 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -439,6 +439,12 @@ get_cert_location(TCHAR *path, DWORD *store_name, TCHAR **store_path, return CURLE_OK; } #endif + +static bool algo(const char *check, char *namep, size_t nlen) +{ + return (strlen(check) == nlen) && !strncmp(check, namep, nlen); +} + static CURLcode schannel_acquire_credential_handle(struct Curl_cfilter *cf, struct Curl_easy *data) @@ -660,7 +666,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, cert_showfilename_error); else failf(data, "schannel: Failed to import cert file %s, " - "last error is 0x%x", + "last error is 0x%lx", cert_showfilename_error, errorcode); return CURLE_SSL_CERTPROBLEM; } @@ -671,7 +677,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, if(!client_certs[0]) { failf(data, "schannel: Failed to get certificate from file %s" - ", last error is 0x%x", + ", last error is 0x%lx", cert_showfilename_error, GetLastError()); CertCloseStore(cert_store, 0); return CURLE_SSL_CERTPROBLEM; @@ -684,10 +690,15 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, CERT_STORE_OPEN_EXISTING_FLAG | cert_store_name, cert_store_path); if(!cert_store) { - failf(data, "schannel: Failed to open cert store %x %s, " - "last error is 0x%x", - cert_store_name, cert_store_path, GetLastError()); + char *path_utf8 = + curlx_convert_tchar_to_UTF8(cert_store_path); + failf(data, "schannel: Failed to open cert store %lx %s, " + "last error is 0x%lx", + cert_store_name, + (path_utf8 ? path_utf8 : "(unknown)"), + GetLastError()); free(cert_store_path); + curlx_unicodefree(path_utf8); curlx_unicodefree(cert_path); return CURLE_SSL_CERTPROBLEM; } @@ -790,9 +801,7 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, char *startCur = ciphers13; int algCount = 0; - char tmp[LONGEST_ALG_ID] = { 0 }; char *nameEnd; - size_t n; disable_aes_gcm_sha384 = TRUE; disable_aes_gcm_sha256 = TRUE; @@ -801,40 +810,34 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf, disable_aes_ccm_sha256 = TRUE; while(startCur && (0 != *startCur) && (algCount < remaining_ciphers)) { + size_t n; + char *namep; nameEnd = strchr(startCur, ':'); n = nameEnd ? (size_t)(nameEnd - startCur) : strlen(startCur); + namep = startCur; - /* reject too-long cipher names */ - if(n > (LONGEST_ALG_ID - 1)) { - failf(data, "schannel: Cipher name too long, not checked"); - return CURLE_SSL_CIPHER; - } - - strncpy(tmp, startCur, n); - tmp[n] = 0; - - if(disable_aes_gcm_sha384 - && !strcmp("TLS_AES_256_GCM_SHA384", tmp)) { + if(disable_aes_gcm_sha384 && + algo("TLS_AES_256_GCM_SHA384", namep, n)) { disable_aes_gcm_sha384 = FALSE; } else if(disable_aes_gcm_sha256 - && !strcmp("TLS_AES_128_GCM_SHA256", tmp)) { + && algo("TLS_AES_128_GCM_SHA256", namep, n)) { disable_aes_gcm_sha256 = FALSE; } else if(disable_chacha_poly - && !strcmp("TLS_CHACHA20_POLY1305_SHA256", tmp)) { + && algo("TLS_CHACHA20_POLY1305_SHA256", namep, n)) { disable_chacha_poly = FALSE; } else if(disable_aes_ccm_8_sha256 - && !strcmp("TLS_AES_128_CCM_8_SHA256", tmp)) { + && algo("TLS_AES_128_CCM_8_SHA256", namep, n)) { disable_aes_ccm_8_sha256 = FALSE; } else if(disable_aes_ccm_sha256 - && !strcmp("TLS_AES_128_CCM_SHA256", tmp)) { + && algo("TLS_AES_128_CCM_SHA256", namep, n)) { disable_aes_ccm_sha256 = FALSE; } else { - failf(data, "schannel: Unknown TLS 1.3 cipher: %s", tmp); + failf(data, "schannel: Unknown TLS 1.3 cipher: %.*s", (int)n, namep); return CURLE_SSL_CIPHER; } @@ -1063,17 +1066,12 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) #endif SECURITY_STATUS sspi_status = SEC_E_OK; struct Curl_schannel_cred *old_cred = NULL; - struct in_addr addr; -#ifdef ENABLE_IPV6 - struct in6_addr addr6; -#endif CURLcode result; - const char *hostname = connssl->hostname; DEBUGASSERT(backend); DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %d (step 1/3)", - hostname, connssl->port)); + connssl->peer.hostname, connssl->port)); if(curlx_verify_windows_version(5, 1, 0, PLATFORM_WINNT, VERSION_LESS_THAN_EQUAL)) { @@ -1154,22 +1152,14 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) /* A hostname associated with the credential is needed by InitializeSecurityContext for SNI and other reasons. */ - snihost = Curl_ssl_snihost(data, hostname, NULL); - if(!snihost) { - failf(data, "Failed to set SNI"); - return CURLE_SSL_CONNECT_ERROR; - } + snihost = connssl->peer.sni? connssl->peer.sni : connssl->peer.hostname; backend->cred->sni_hostname = curlx_convert_UTF8_to_tchar(snihost); if(!backend->cred->sni_hostname) return CURLE_OUT_OF_MEMORY; } /* Warn if SNI is disabled due to use of an IP address */ - if(Curl_inet_pton(AF_INET, hostname, &addr) -#ifdef ENABLE_IPV6 - || Curl_inet_pton(AF_INET6, hostname, &addr6) -#endif - ) { + if(connssl->peer.is_ip_address) { infof(data, "schannel: using IP address, SNI is not supported by OS."); } @@ -1208,9 +1198,8 @@ schannel_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) cur += proto.len; *list_len = curlx_uitous(cur - list_start_index); - *extension_len = *list_len + - (unsigned short)sizeof(unsigned int) + - (unsigned short)sizeof(unsigned short); + *extension_len = (unsigned int)(*list_len + + sizeof(unsigned int) + sizeof(unsigned short)); InitSecBuffer(&inbuf, SECBUFFER_APPLICATION_PROTOCOLS, alpn_buffer, cur); InitSecBufferDesc(&inbuf_desc, &inbuf, 1); @@ -1346,7 +1335,7 @@ schannel_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %d (step 2/3)", - connssl->hostname, connssl->port)); + connssl->peer.hostname, connssl->port)); if(!backend->cred || !backend->ctxt) return CURLE_SSL_CONNECT_ERROR; @@ -1700,7 +1689,7 @@ schannel_connect_step3(struct Curl_cfilter *cf, struct Curl_easy *data) DEBUGF(infof(data, "schannel: SSL/TLS connection with %s port %d (step 3/3)", - connssl->hostname, connssl->port)); + connssl->peer.hostname, connssl->port)); if(!backend->cred) return CURLE_SSL_CONNECT_ERROR; @@ -2345,10 +2334,10 @@ schannel_recv(struct Curl_cfilter *cf, struct Curl_easy *data, else { #ifndef CURL_DISABLE_VERBOSE_STRINGS char buffer[STRERROR_LEN]; -#endif - *err = CURLE_RECV_ERROR; infof(data, "schannel: failed to read data from server: %s", Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer))); +#endif + *err = CURLE_RECV_ERROR; goto cleanup; } } @@ -2498,7 +2487,7 @@ static int schannel_shutdown(struct Curl_cfilter *cf, if(backend->ctxt) { infof(data, "schannel: shutting down SSL/TLS connection with %s port %d", - connssl->hostname, connssl->port); + connssl->peer.hostname, connssl->port); } if(backend->cred && backend->ctxt) { @@ -2754,6 +2743,151 @@ static void *schannel_get_internals(struct ssl_connect_data *connssl, return &backend->ctxt->ctxt_handle; } +HCERTSTORE Curl_schannel_get_cached_cert_store(struct Curl_cfilter *cf, + const struct Curl_easy *data) +{ + struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); + struct Curl_multi *multi = data->multi_easy ? data->multi_easy : data->multi; + const struct curl_blob *ca_info_blob = conn_config->ca_info_blob; + struct schannel_multi_ssl_backend_data *mbackend; + const struct ssl_general_config *cfg = &data->set.general_ssl; + timediff_t timeout_ms; + timediff_t elapsed_ms; + struct curltime now; + unsigned char info_blob_digest[CURL_SHA256_DIGEST_LENGTH]; + + DEBUGASSERT(multi); + + if(!multi || !multi->ssl_backend_data) { + return NULL; + } + + mbackend = (struct schannel_multi_ssl_backend_data *)multi->ssl_backend_data; + if(!mbackend->cert_store) { + return NULL; + } + + /* zero ca_cache_timeout completely disables caching */ + if(!cfg->ca_cache_timeout) { + return NULL; + } + + /* check for cache timeout by using the cached_x509_store_expired timediff + calculation pattern from openssl.c. + negative timeout means retain forever. */ + timeout_ms = cfg->ca_cache_timeout * (timediff_t)1000; + if(timeout_ms >= 0) { + now = Curl_now(); + elapsed_ms = Curl_timediff(now, mbackend->time); + if(elapsed_ms >= timeout_ms) { + return NULL; + } + } + + if(ca_info_blob) { + if(!mbackend->CAinfo_blob_digest) { + return NULL; + } + if(mbackend->CAinfo_blob_size != ca_info_blob->len) { + return NULL; + } + schannel_sha256sum((const unsigned char *)ca_info_blob->data, + ca_info_blob->len, + info_blob_digest, + CURL_SHA256_DIGEST_LENGTH); + if(memcmp(mbackend->CAinfo_blob_digest, + info_blob_digest, + CURL_SHA256_DIGEST_LENGTH)) { + return NULL; + } + } + else { + if(!conn_config->CAfile || !mbackend->CAfile || + strcmp(mbackend->CAfile, conn_config->CAfile)) { + return NULL; + } + } + + return mbackend->cert_store; +} + +bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf, + const struct Curl_easy *data, + HCERTSTORE cert_store) +{ + struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); + struct Curl_multi *multi = data->multi_easy ? data->multi_easy : data->multi; + const struct curl_blob *ca_info_blob = conn_config->ca_info_blob; + struct schannel_multi_ssl_backend_data *mbackend; + unsigned char *CAinfo_blob_digest = NULL; + size_t CAinfo_blob_size = 0; + char *CAfile = NULL; + + DEBUGASSERT(multi); + + if(!multi) { + return false; + } + + if(!multi->ssl_backend_data) { + multi->ssl_backend_data = + calloc(1, sizeof(struct schannel_multi_ssl_backend_data)); + if(!multi->ssl_backend_data) { + return false; + } + } + + mbackend = (struct schannel_multi_ssl_backend_data *)multi->ssl_backend_data; + + + if(ca_info_blob) { + CAinfo_blob_digest = malloc(CURL_SHA256_DIGEST_LENGTH); + if(!CAinfo_blob_digest) { + return false; + } + schannel_sha256sum((const unsigned char *)ca_info_blob->data, + ca_info_blob->len, + CAinfo_blob_digest, + CURL_SHA256_DIGEST_LENGTH); + CAinfo_blob_size = ca_info_blob->len; + } + else { + if(conn_config->CAfile) { + CAfile = strdup(conn_config->CAfile); + if(!CAfile) { + return false; + } + } + } + + /* free old cache data */ + if(mbackend->cert_store) { + CertCloseStore(mbackend->cert_store, 0); + } + free(mbackend->CAinfo_blob_digest); + free(mbackend->CAfile); + + mbackend->time = Curl_now(); + mbackend->cert_store = cert_store; + mbackend->CAinfo_blob_digest = CAinfo_blob_digest; + mbackend->CAinfo_blob_size = CAinfo_blob_size; + mbackend->CAfile = CAfile; + return true; +} + +static void schannel_free_multi_ssl_backend_data( + struct multi_ssl_backend_data *msbd) +{ + struct schannel_multi_ssl_backend_data *mbackend = + (struct schannel_multi_ssl_backend_data*)msbd; + if(mbackend->cert_store) { + CertCloseStore(mbackend->cert_store, 0); + } + free(mbackend->CAinfo_blob_digest); + free(mbackend->CAfile); + free(mbackend); +} + const struct Curl_ssl Curl_ssl_schannel = { { CURLSSLBACKEND_SCHANNEL, "schannel" }, /* info */ @@ -2777,7 +2911,7 @@ const struct Curl_ssl Curl_ssl_schannel = { Curl_none_cert_status_request, /* cert_status_request */ schannel_connect, /* connect */ schannel_connect_nonblocking, /* connect_nonblocking */ - Curl_ssl_get_select_socks, /* getsock */ + Curl_ssl_adjust_pollset, /* adjust_pollset */ schannel_get_internals, /* get_internals */ schannel_close, /* close_one */ Curl_none_close_all, /* close_all */ @@ -2789,7 +2923,7 @@ const struct Curl_ssl Curl_ssl_schannel = { schannel_sha256sum, /* sha256sum */ NULL, /* associate_connection */ NULL, /* disassociate_connection */ - NULL, /* free_multi_ssl_backend_data */ + schannel_free_multi_ssl_backend_data, /* free_multi_ssl_backend_data */ schannel_recv, /* recv decrypted data */ schannel_send, /* send data to encrypt */ }; diff --git a/lib/vtls/schannel_int.h b/lib/vtls/schannel_int.h index a128e04f6..fe7450d45 100644 --- a/lib/vtls/schannel_int.h +++ b/lib/vtls/schannel_int.h @@ -149,5 +149,22 @@ struct schannel_ssl_backend_data { #endif }; +struct schannel_multi_ssl_backend_data { + unsigned char *CAinfo_blob_digest; /* CA info blob digest */ + size_t CAinfo_blob_size; /* CA info blob size */ + char *CAfile; /* CAfile path used to generate + certificate store */ + HCERTSTORE cert_store; /* cached certificate store or + NULL if none */ + struct curltime time; /* when the cached store was created */ +}; + +HCERTSTORE Curl_schannel_get_cached_cert_store(struct Curl_cfilter *cf, + const struct Curl_easy *data); + +bool Curl_schannel_set_cached_cert_store(struct Curl_cfilter *cf, + const struct Curl_easy *data, + HCERTSTORE cert_store); + #endif /* USE_SCHANNEL */ #endif /* HEADER_CURL_SCHANNEL_INT_H */ diff --git a/lib/vtls/schannel_verify.c b/lib/vtls/schannel_verify.c index a5d5c98bb..24146d0bd 100644 --- a/lib/vtls/schannel_verify.c +++ b/lib/vtls/schannel_verify.c @@ -172,7 +172,7 @@ static CURLcode add_certs_data_to_store(HCERTSTORE trust_store, /* Sanity check that the cert_context object is the right type */ if(CERT_QUERY_CONTENT_CERT != actual_content_type) { failf(data, - "schannel: unexpected content type '%d' when extracting " + "schannel: unexpected content type '%lu' when extracting " "certificate from CA file '%s'", actual_content_type, ca_file_text); result = CURLE_SSL_CACERT_BADFILE; @@ -470,7 +470,7 @@ CURLcode Curl_verify_host(struct Curl_cfilter *cf, CERT_CONTEXT *pCertContextServer = NULL; TCHAR *cert_hostname_buff = NULL; size_t cert_hostname_buff_index = 0; - const char *conn_hostname = connssl->hostname; + const char *conn_hostname = connssl->peer.hostname; size_t hostlen = strlen(conn_hostname); DWORD len = 0; DWORD actual_len = 0; @@ -600,6 +600,7 @@ CURLcode Curl_verify_certificate(struct Curl_cfilter *cf, const CERT_CHAIN_CONTEXT *pChainContext = NULL; HCERTCHAINENGINE cert_chain_engine = NULL; HCERTSTORE trust_store = NULL; + HCERTSTORE own_trust_store = NULL; DEBUGASSERT(BACKEND); @@ -630,31 +631,46 @@ CURLcode Curl_verify_certificate(struct Curl_cfilter *cf, result = CURLE_SSL_CACERT_BADFILE; } else { - /* Open the certificate store */ - trust_store = CertOpenStore(CERT_STORE_PROV_MEMORY, - 0, - (HCRYPTPROV)NULL, - CERT_STORE_CREATE_NEW_FLAG, - NULL); - if(!trust_store) { - char buffer[STRERROR_LEN]; - failf(data, "schannel: failed to create certificate store: %s", - Curl_winapi_strerror(GetLastError(), buffer, sizeof(buffer))); - result = CURLE_SSL_CACERT_BADFILE; + /* try cache */ + trust_store = Curl_schannel_get_cached_cert_store(cf, data); + + if(trust_store) { + infof(data, "schannel: reusing certificate store from cache"); } else { - const struct curl_blob *ca_info_blob = conn_config->ca_info_blob; - if(ca_info_blob) { - result = add_certs_data_to_store(trust_store, - (const char *)ca_info_blob->data, - ca_info_blob->len, - "(memory blob)", - data); + /* Open the certificate store */ + trust_store = CertOpenStore(CERT_STORE_PROV_MEMORY, + 0, + (HCRYPTPROV)NULL, + CERT_STORE_CREATE_NEW_FLAG, + NULL); + if(!trust_store) { + char buffer[STRERROR_LEN]; + failf(data, "schannel: failed to create certificate store: %s", + Curl_winapi_strerror(GetLastError(), buffer, sizeof(buffer))); + result = CURLE_SSL_CACERT_BADFILE; } else { - result = add_certs_file_to_store(trust_store, - conn_config->CAfile, - data); + const struct curl_blob *ca_info_blob = conn_config->ca_info_blob; + own_trust_store = trust_store; + + if(ca_info_blob) { + result = add_certs_data_to_store(trust_store, + (const char *)ca_info_blob->data, + ca_info_blob->len, + "(memory blob)", + data); + } + else { + result = add_certs_file_to_store(trust_store, + conn_config->CAfile, + data); + } + if(result == CURLE_OK) { + if(Curl_schannel_set_cached_cert_store(cf, data, trust_store)) { + own_trust_store = NULL; + } + } } } } @@ -737,7 +753,7 @@ CURLcode Curl_verify_certificate(struct Curl_cfilter *cf, failf(data, "schannel: CertGetCertificateChain trust error" " CERT_TRUST_REVOCATION_STATUS_UNKNOWN"); else - failf(data, "schannel: CertGetCertificateChain error mask: 0x%08x", + failf(data, "schannel: CertGetCertificateChain error mask: 0x%08lx", dwTrustErrorMask); result = CURLE_PEER_FAILED_VERIFICATION; } @@ -754,8 +770,8 @@ CURLcode Curl_verify_certificate(struct Curl_cfilter *cf, CertFreeCertificateChainEngine(cert_chain_engine); } - if(trust_store) { - CertCloseStore(trust_store, 0); + if(own_trust_store) { + CertCloseStore(own_trust_store, 0); } if(pChainContext) diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c index 3378f7619..1f37305ce 100644 --- a/lib/vtls/sectransp.c +++ b/lib/vtls/sectransp.c @@ -46,8 +46,10 @@ #endif /* __clang__ */ #ifdef __GNUC__ +#pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Waddress" #pragma GCC diagnostic ignored "-Wundef" +#pragma GCC diagnostic ignored "-Wunreachable-code" #endif #include @@ -904,7 +906,6 @@ static OSStatus sectransp_bio_cf_out_write(SSLConnectionRef connection, return rtn; } -#ifndef CURL_DISABLE_VERBOSE_STRINGS CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher) { /* The first ciphers in the ciphertable are continuous. Here we do small @@ -923,7 +924,6 @@ CF_INLINE const char *TLSCipherNameForNumber(SSLCipherSuite cipher) } return ciphertable[SSL_NULL_WITH_NULL_NULL].name; } -#endif /* !CURL_DISABLE_VERBOSE_STRINGS */ #if CURL_BUILD_MAC CF_INLINE void GetDarwinVersionNumber(int *major, int *minor) @@ -1013,7 +1013,7 @@ static CURLcode CopyCertSubject(struct Curl_easy *data, } else { size_t cbuf_size = ((size_t)CFStringGetLength(c) * 4) + 1; - cbuf = calloc(cbuf_size, 1); + cbuf = calloc(1, cbuf_size); if(cbuf) { if(!CFStringGetCString(c, cbuf, cbuf_size, kCFStringEncodingUTF8)) { @@ -1651,11 +1651,6 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, const bool verifypeer = conn_config->verifypeer; char * const ssl_cert = ssl_config->primary.clientcert; const struct curl_blob *ssl_cert_blob = ssl_config->primary.cert_blob; -#ifdef ENABLE_IPV6 - struct in6_addr addr; -#else - struct in_addr addr; -#endif /* ENABLE_IPV6 */ char *ciphers; OSStatus err = noErr; #if CURL_BUILD_MAC @@ -2003,13 +1998,9 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, * Both hostname check and SNI require SSLSetPeerDomainName(). * Also: the verifyhost setting influences SNI usage */ if(conn_config->verifyhost) { - size_t snilen; - char *snihost = Curl_ssl_snihost(data, connssl->hostname, &snilen); - if(!snihost) { - failf(data, "Failed to set SNI"); - return CURLE_SSL_CONNECT_ERROR; - } - err = SSLSetPeerDomainName(backend->ssl_ctx, snihost, snilen); + char *server = connssl->peer.sni? + connssl->peer.sni : connssl->peer.hostname; + err = SSLSetPeerDomainName(backend->ssl_ctx, server, strlen(server)); if(err != noErr) { failf(data, "SSL: SSLSetPeerDomainName() failed: OSStatus %d", @@ -2017,11 +2008,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, return CURLE_SSL_CONNECT_ERROR; } - if((Curl_inet_pton(AF_INET, connssl->hostname, &addr)) - #ifdef ENABLE_IPV6 - || (Curl_inet_pton(AF_INET6, connssl->hostname, &addr)) - #endif - ) { + if(connssl->peer.is_ip_address) { infof(data, "WARNING: using IP address, SNI is being disabled by " "the OS."); } @@ -2079,7 +2066,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, ssl_sessionid = aprintf("%s:%d:%d:%s:%d", ssl_cafile ? ssl_cafile : "(blob memory)", - verifypeer, conn_config->verifyhost, connssl->hostname, + verifypeer, conn_config->verifyhost, connssl->peer.hostname, connssl->port); ssl_sessionid_len = strlen(ssl_sessionid); @@ -2380,19 +2367,15 @@ static CURLcode verify_cert(struct Curl_cfilter *cf, const struct curl_blob *ca_info_blob, SSLContextRef ctx) { - int result; + CURLcode result; unsigned char *certbuf; size_t buflen; + bool free_certbuf = FALSE; if(ca_info_blob) { CURL_TRC_CF(data, cf, "verify_peer, CA from config blob"); - certbuf = (unsigned char *)malloc(ca_info_blob->len + 1); - if(!certbuf) { - return CURLE_OUT_OF_MEMORY; - } + certbuf = ca_info_blob->data; buflen = ca_info_blob->len; - memcpy(certbuf, ca_info_blob->data, ca_info_blob->len); - certbuf[ca_info_blob->len]='\0'; } else if(cafile) { CURL_TRC_CF(data, cf, "verify_peer, CA from file '%s'", cafile); @@ -2400,12 +2383,14 @@ static CURLcode verify_cert(struct Curl_cfilter *cf, failf(data, "SSL: failed to read or invalid CA certificate"); return CURLE_SSL_CACERT_BADFILE; } + free_certbuf = TRUE; } else return CURLE_SSL_CACERT_BADFILE; result = verify_cert_buf(cf, data, certbuf, buflen, ctx); - free(certbuf); + if(free_certbuf) + free(certbuf); return result; } @@ -2665,7 +2650,7 @@ check_handshake: host name: */ case errSSLHostNameMismatch: failf(data, "SSL certificate peer verification failed, the " - "certificate did not match \"%s\"\n", connssl->dispname); + "certificate did not match \"%s\"\n", connssl->peer.dispname); return CURLE_PEER_FAILED_VERIFICATION; /* Problem with SSL / TLS negotiation */ @@ -2757,7 +2742,7 @@ check_handshake: default: /* May also return codes listed in Security Framework Result Codes */ failf(data, "Unknown SSL protocol error in connection to %s:%d", - connssl->hostname, err); + connssl->peer.hostname, err); break; } return CURLE_SSL_CONNECT_ERROR; @@ -3415,7 +3400,6 @@ again: } *curlcode = CURLE_AGAIN; return -1L; - break; /* errSSLClosedGraceful - server gracefully shut down the SSL session errSSLClosedNoNotify - server hung up on us instead of sending a @@ -3425,7 +3409,6 @@ again: case errSSLClosedNoNotify: *curlcode = CURLE_OK; return 0; - break; /* The below is errSSLPeerAuthCompleted; it's not defined in Leopard's headers */ @@ -3445,7 +3428,6 @@ again: failf(data, "SSLRead() return error %d", err); *curlcode = CURLE_RECV_ERROR; return -1L; - break; } } return (ssize_t)processed; @@ -3483,7 +3465,7 @@ const struct Curl_ssl Curl_ssl_sectransp = { Curl_none_cert_status_request, /* cert_status_request */ sectransp_connect, /* connect */ sectransp_connect_nonblocking, /* connect_nonblocking */ - Curl_ssl_get_select_socks, /* getsock */ + Curl_ssl_adjust_pollset, /* adjust_pollset */ sectransp_get_internals, /* get_internals */ sectransp_close, /* close_one */ Curl_none_close_all, /* close_all */ @@ -3500,6 +3482,10 @@ const struct Curl_ssl Curl_ssl_sectransp = { sectransp_send, /* send data to encrypt */ }; +#ifdef __GNUC__ +#pragma GCC diagnostic pop +#endif + #ifdef __clang__ #pragma clang diagnostic pop #endif diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 494b660a9..e928ba5d0 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -67,6 +67,7 @@ #include "warnless.h" #include "curl_base64.h" #include "curl_printf.h" +#include "inet_pton.h" #include "strdup.h" /* The last #include files should be: */ @@ -131,9 +132,6 @@ static bool blobcmp(struct curl_blob *first, struct curl_blob *second) } #ifdef USE_SSL -static const struct alpn_spec ALPN_SPEC_H10 = { - { ALPN_HTTP_1_0 }, 1 -}; static const struct alpn_spec ALPN_SPEC_H11 = { { ALPN_HTTP_1_1 }, 1 }; @@ -147,51 +145,83 @@ static const struct alpn_spec *alpn_get_spec(int httpwant, bool use_alpn) { if(!use_alpn) return NULL; - if(httpwant == CURL_HTTP_VERSION_1_0) - return &ALPN_SPEC_H10; #ifdef USE_HTTP2 if(httpwant >= CURL_HTTP_VERSION_2) return &ALPN_SPEC_H2_H11; +#else + (void)httpwant; #endif + /* Use the ALPN protocol "http/1.1" for HTTP/1.x. + Avoid "http/1.0" because some servers don't support it. */ return &ALPN_SPEC_H11; } #endif /* USE_SSL */ -bool -Curl_ssl_config_matches(struct ssl_primary_config *data, - struct ssl_primary_config *needle) -{ - if((data->version == needle->version) && - (data->version_max == needle->version_max) && - (data->ssl_options == needle->ssl_options) && - (data->verifypeer == needle->verifypeer) && - (data->verifyhost == needle->verifyhost) && - (data->verifystatus == needle->verifystatus) && - blobcmp(data->cert_blob, needle->cert_blob) && - blobcmp(data->ca_info_blob, needle->ca_info_blob) && - blobcmp(data->issuercert_blob, needle->issuercert_blob) && - Curl_safecmp(data->CApath, needle->CApath) && - Curl_safecmp(data->CAfile, needle->CAfile) && - Curl_safecmp(data->issuercert, needle->issuercert) && - Curl_safecmp(data->clientcert, needle->clientcert) && +void Curl_ssl_easy_config_init(struct Curl_easy *data) +{ + /* + * libcurl 7.10 introduced SSL verification *by default*! This needs to be + * switched off unless wanted. + */ + data->set.ssl.primary.verifypeer = TRUE; + data->set.ssl.primary.verifyhost = TRUE; + data->set.ssl.primary.sessionid = TRUE; /* session ID caching by default */ +#ifndef CURL_DISABLE_PROXY + data->set.proxy_ssl = data->set.ssl; +#endif +} + +static bool +match_ssl_primary_config(struct Curl_easy *data, + struct ssl_primary_config *c1, + struct ssl_primary_config *c2) +{ + (void)data; + if((c1->version == c2->version) && + (c1->version_max == c2->version_max) && + (c1->ssl_options == c2->ssl_options) && + (c1->verifypeer == c2->verifypeer) && + (c1->verifyhost == c2->verifyhost) && + (c1->verifystatus == c2->verifystatus) && + blobcmp(c1->cert_blob, c2->cert_blob) && + blobcmp(c1->ca_info_blob, c2->ca_info_blob) && + blobcmp(c1->issuercert_blob, c2->issuercert_blob) && + Curl_safecmp(c1->CApath, c2->CApath) && + Curl_safecmp(c1->CAfile, c2->CAfile) && + Curl_safecmp(c1->issuercert, c2->issuercert) && + Curl_safecmp(c1->clientcert, c2->clientcert) && #ifdef USE_TLS_SRP - !Curl_timestrcmp(data->username, needle->username) && - !Curl_timestrcmp(data->password, needle->password) && + !Curl_timestrcmp(c1->username, c2->username) && + !Curl_timestrcmp(c1->password, c2->password) && #endif - strcasecompare(data->cipher_list, needle->cipher_list) && - strcasecompare(data->cipher_list13, needle->cipher_list13) && - strcasecompare(data->curves, needle->curves) && - strcasecompare(data->CRLfile, needle->CRLfile) && - strcasecompare(data->pinned_key, needle->pinned_key)) + strcasecompare(c1->cipher_list, c2->cipher_list) && + strcasecompare(c1->cipher_list13, c2->cipher_list13) && + strcasecompare(c1->curves, c2->curves) && + strcasecompare(c1->CRLfile, c2->CRLfile) && + strcasecompare(c1->pinned_key, c2->pinned_key)) return TRUE; return FALSE; } -bool -Curl_clone_primary_ssl_config(struct ssl_primary_config *source, - struct ssl_primary_config *dest) +bool Curl_ssl_conn_config_match(struct Curl_easy *data, + struct connectdata *candidate, + bool proxy) +{ +#ifndef CURL_DISABLE_PROXY + if(proxy) + return match_ssl_primary_config(data, &data->set.proxy_ssl.primary, + &candidate->proxy_ssl_config); +#else + (void)proxy; +#endif + return match_ssl_primary_config(data, &data->set.ssl.primary, + &candidate->ssl_config); +} + +static bool clone_ssl_primary_config(struct ssl_primary_config *source, + struct ssl_primary_config *dest) { dest->version = source->version; dest->version_max = source->version_max; @@ -221,7 +251,7 @@ Curl_clone_primary_ssl_config(struct ssl_primary_config *source, return TRUE; } -void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc) +static void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc) { Curl_safefree(sslc->CApath); Curl_safefree(sslc->CAfile); @@ -241,6 +271,111 @@ void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc) #endif } +CURLcode Curl_ssl_easy_config_complete(struct Curl_easy *data) +{ + data->set.ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH]; + data->set.ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE]; + data->set.ssl.primary.CRLfile = data->set.str[STRING_SSL_CRLFILE]; + data->set.ssl.primary.issuercert = data->set.str[STRING_SSL_ISSUERCERT]; + data->set.ssl.primary.issuercert_blob = data->set.blobs[BLOB_SSL_ISSUERCERT]; + data->set.ssl.primary.cipher_list = + data->set.str[STRING_SSL_CIPHER_LIST]; + data->set.ssl.primary.cipher_list13 = + data->set.str[STRING_SSL_CIPHER13_LIST]; + data->set.ssl.primary.pinned_key = + data->set.str[STRING_SSL_PINNEDPUBLICKEY]; + data->set.ssl.primary.cert_blob = data->set.blobs[BLOB_CERT]; + data->set.ssl.primary.ca_info_blob = data->set.blobs[BLOB_CAINFO]; + data->set.ssl.primary.curves = data->set.str[STRING_SSL_EC_CURVES]; +#ifdef USE_TLS_SRP + data->set.ssl.primary.username = data->set.str[STRING_TLSAUTH_USERNAME]; + data->set.ssl.primary.password = data->set.str[STRING_TLSAUTH_PASSWORD]; +#endif + data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE]; + data->set.ssl.key = data->set.str[STRING_KEY]; + data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE]; + data->set.ssl.key_passwd = data->set.str[STRING_KEY_PASSWD]; + data->set.ssl.primary.clientcert = data->set.str[STRING_CERT]; + data->set.ssl.key_blob = data->set.blobs[BLOB_KEY]; + +#ifndef CURL_DISABLE_PROXY + data->set.proxy_ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH_PROXY]; + data->set.proxy_ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE_PROXY]; + data->set.proxy_ssl.primary.cipher_list = + data->set.str[STRING_SSL_CIPHER_LIST_PROXY]; + data->set.proxy_ssl.primary.cipher_list13 = + data->set.str[STRING_SSL_CIPHER13_LIST_PROXY]; + data->set.proxy_ssl.primary.pinned_key = + data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]; + data->set.proxy_ssl.primary.cert_blob = data->set.blobs[BLOB_CERT_PROXY]; + data->set.proxy_ssl.primary.ca_info_blob = + data->set.blobs[BLOB_CAINFO_PROXY]; + data->set.proxy_ssl.primary.issuercert = + data->set.str[STRING_SSL_ISSUERCERT_PROXY]; + data->set.proxy_ssl.primary.issuercert_blob = + data->set.blobs[BLOB_SSL_ISSUERCERT_PROXY]; + data->set.proxy_ssl.primary.CRLfile = + data->set.str[STRING_SSL_CRLFILE_PROXY]; + data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY]; + data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY]; + data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY]; + data->set.proxy_ssl.key_passwd = data->set.str[STRING_KEY_PASSWD_PROXY]; + data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY]; + data->set.proxy_ssl.key_blob = data->set.blobs[BLOB_KEY_PROXY]; +#ifdef USE_TLS_SRP + data->set.proxy_ssl.primary.username = + data->set.str[STRING_TLSAUTH_USERNAME_PROXY]; + data->set.proxy_ssl.primary.password = + data->set.str[STRING_TLSAUTH_PASSWORD_PROXY]; +#endif +#endif /* CURL_DISABLE_PROXY */ + + return CURLE_OK; +} + +CURLcode Curl_ssl_conn_config_init(struct Curl_easy *data, + struct connectdata *conn) +{ + /* Clone "primary" SSL configurations from the esay handle to + * the connection. They are used for connection cache matching and + * probably outlive the easy handle */ + if(!clone_ssl_primary_config(&data->set.ssl.primary, &conn->ssl_config)) + return CURLE_OUT_OF_MEMORY; +#ifndef CURL_DISABLE_PROXY + if(!clone_ssl_primary_config(&data->set.proxy_ssl.primary, + &conn->proxy_ssl_config)) + return CURLE_OUT_OF_MEMORY; +#endif + return CURLE_OK; +} + +void Curl_ssl_conn_config_cleanup(struct connectdata *conn) +{ + Curl_free_primary_ssl_config(&conn->ssl_config); +#ifndef CURL_DISABLE_PROXY + Curl_free_primary_ssl_config(&conn->proxy_ssl_config); +#endif +} + +void Curl_ssl_conn_config_update(struct Curl_easy *data, bool for_proxy) +{ + /* May be called on an easy that has no connection yet */ + if(data->conn) { + struct ssl_primary_config *src, *dest; +#ifndef CURL_DISABLE_PROXY + src = for_proxy? &data->set.proxy_ssl.primary : &data->set.ssl.primary; + dest = for_proxy? &data->conn->proxy_ssl_config : &data->conn->ssl_config; +#else + (void)for_proxy; + src = &data->set.ssl.primary; + dest = &data->conn->ssl_config; +#endif + dest->verifyhost = src->verifyhost; + dest->verifypeer = src->verifypeer; + dest->verifystatus = src->verifystatus; + } +} + #ifdef USE_SSL static int multissl_setup(const struct Curl_ssl *backend); #endif @@ -432,7 +567,7 @@ bool Curl_ssl_getsessionid(struct Curl_cfilter *cf, if(!check->sessionid) /* not session ID means blank entry */ continue; - if(strcasecompare(connssl->hostname, check->name) && + if(strcasecompare(connssl->peer.hostname, check->name) && ((!cf->conn->bits.conn_to_host && !check->conn_to_host) || (cf->conn->bits.conn_to_host && check->conn_to_host && strcasecompare(cf->conn->conn_to_host.name, check->conn_to_host))) && @@ -441,7 +576,7 @@ bool Curl_ssl_getsessionid(struct Curl_cfilter *cf, cf->conn->conn_to_port == check->conn_to_port)) && (connssl->port == check->remote_port) && strcasecompare(cf->conn->handler->scheme, check->scheme) && - Curl_ssl_config_matches(conn_config, &check->ssl_config)) { + match_ssl_primary_config(data, conn_config, &check->ssl_config)) { /* yes, we have a session ID! */ (*general_age)++; /* increase general age */ check->age = *general_age; /* set this as used in this age */ @@ -456,7 +591,8 @@ bool Curl_ssl_getsessionid(struct Curl_cfilter *cf, DEBUGF(infof(data, "%s Session ID in cache for %s %s://%s:%d", no_match? "Didn't find": "Found", Curl_ssl_cf_is_proxy(cf) ? "proxy" : "host", - cf->conn->handler->scheme, connssl->hostname, connssl->port)); + cf->conn->handler->scheme, connssl->peer.hostname, + connssl->port)); return no_match; } @@ -532,7 +668,7 @@ CURLcode Curl_ssl_addsessionid(struct Curl_cfilter *cf, (void)ssl_config; DEBUGASSERT(ssl_config->primary.sessionid); - clone_host = strdup(connssl->hostname); + clone_host = strdup(connssl->peer.hostname); if(!clone_host) return CURLE_OUT_OF_MEMORY; /* bail out */ @@ -590,7 +726,7 @@ CURLcode Curl_ssl_addsessionid(struct Curl_cfilter *cf, store->remote_port = connssl->port; store->scheme = cf->conn->handler->scheme; - if(!Curl_clone_primary_ssl_config(conn_config, &store->ssl_config)) { + if(!clone_ssl_primary_config(conn_config, &store->ssl_config)) { Curl_free_primary_ssl_config(&store->ssl_config); store->sessionid = NULL; /* let caller free sessionid */ free(clone_host); @@ -629,22 +765,21 @@ void Curl_ssl_close_all(struct Curl_easy *data) Curl_ssl->close_all(data); } -int Curl_ssl_get_select_socks(struct Curl_cfilter *cf, struct Curl_easy *data, - curl_socket_t *socks) +void Curl_ssl_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, + struct easy_pollset *ps) { - struct ssl_connect_data *connssl = cf->ctx; - curl_socket_t sock = Curl_conn_cf_get_socket(cf->next, data); - - if(sock == CURL_SOCKET_BAD) - return GETSOCK_BLANK; - - if(connssl->connecting_state == ssl_connect_2_writing) { - /* we are only interested in writing */ - socks[0] = sock; - return GETSOCK_WRITESOCK(0); + if(!cf->connected) { + struct ssl_connect_data *connssl = cf->ctx; + curl_socket_t sock = Curl_conn_cf_get_socket(cf->next, data); + if(sock != CURL_SOCKET_BAD) { + if(connssl->connecting_state == ssl_connect_2_writing) { + Curl_pollset_set_out_only(data, ps, sock); + } + else { + Curl_pollset_set_in_only(data, ps, sock); + } + } } - socks[0] = sock; - return GETSOCK_READSOCK(0); } /* Selects an SSL crypto engine @@ -748,28 +883,21 @@ CURLcode Curl_ssl_push_certinfo_len(struct Curl_easy *data, size_t valuelen) { struct curl_certinfo *ci = &data->info.certs; - char *output; struct curl_slist *nl; CURLcode result = CURLE_OK; - size_t labellen = strlen(label); - size_t outlen = labellen + 1 + valuelen + 1; /* label:value\0 */ - - output = malloc(outlen); - if(!output) - return CURLE_OUT_OF_MEMORY; + struct dynbuf build; - /* sprintf the label and colon */ - msnprintf(output, outlen, "%s:", label); + Curl_dyn_init(&build, 10000); - /* memcpy the value (it might not be null-terminated) */ - memcpy(&output[labellen + 1], value, valuelen); - - /* null-terminate the output */ - output[labellen + 1 + valuelen] = 0; + if(Curl_dyn_add(&build, label) || + Curl_dyn_addn(&build, ":", 1) || + Curl_dyn_addn(&build, value, valuelen)) + return CURLE_OUT_OF_MEMORY; - nl = Curl_slist_append_nodup(ci->certinfo[certnum], output); + nl = Curl_slist_append_nodup(ci->certinfo[certnum], + Curl_dyn_ptr(&build)); if(!nl) { - free(output); + Curl_dyn_free(&build); curl_slist_free_all(ci->certinfo[certnum]); result = CURLE_OUT_OF_MEMORY; } @@ -785,32 +913,6 @@ CURLcode Curl_ssl_random(struct Curl_easy *data, return Curl_ssl->random(data, entropy, length); } -/* - * Curl_ssl_snihost() converts the input host name to a suitable SNI name put - * in data->state.buffer. Returns a pointer to the name (or NULL if a problem) - * and stores the new length in 'olen'. - * - * SNI fields must not have any trailing dot and while RFC 6066 section 3 says - * the SNI field is case insensitive, browsers always send the data lowercase - * and subsequently there are numerous servers out there that don't work - * unless the name is lowercased. - */ - -char *Curl_ssl_snihost(struct Curl_easy *data, const char *host, size_t *olen) -{ - size_t len = strlen(host); - if(len && (host[len-1] == '.')) - len--; - if(len >= data->set.buffer_size) - return NULL; - - Curl_strntolower(data->state.buffer, host, len); - data->state.buffer[len] = 0; - if(olen) - *olen = len; - return data->state.buffer; -} - /* * Public key pem to der conversion */ @@ -893,7 +995,7 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, /* only do this if pinnedpubkey starts with "sha256//", length 8 */ if(strncmp(pinnedpubkey, "sha256//", 8) == 0) { CURLcode encode; - size_t encodedlen = 0, pinkeylen; + size_t encodedlen = 0; char *encoded = NULL, *pinkeycopy, *begin_pos, *end_pos; unsigned char *sha256sumdigest; @@ -921,13 +1023,11 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, infof(data, " public key hash: sha256//%s", encoded); /* it starts with sha256//, copy so we can modify it */ - pinkeylen = strlen(pinnedpubkey) + 1; - pinkeycopy = malloc(pinkeylen); + pinkeycopy = strdup(pinnedpubkey); if(!pinkeycopy) { Curl_safefree(encoded); return CURLE_OUT_OF_MEMORY; } - memcpy(pinkeycopy, pinnedpubkey, pinkeylen); /* point begin_pos to the copy, and start extracting keys */ begin_pos = pinkeycopy; do { @@ -1156,13 +1256,13 @@ static CURLcode multissl_connect_nonblocking(struct Curl_cfilter *cf, return Curl_ssl->connect_nonblocking(cf, data, done); } -static int multissl_get_select_socks(struct Curl_cfilter *cf, +static void multissl_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, - curl_socket_t *socks) + struct easy_pollset *ps) { if(multissl_setup(NULL)) - return 0; - return Curl_ssl->get_select_socks(cf, data, socks); + return; + Curl_ssl->adjust_pollset(cf, data, ps); } static void *multissl_get_internals(struct ssl_connect_data *connssl, @@ -1214,7 +1314,7 @@ static const struct Curl_ssl Curl_ssl_multi = { Curl_none_cert_status_request, /* cert_status_request */ multissl_connect, /* connect */ multissl_connect_nonblocking, /* connect_nonblocking */ - multissl_get_select_socks, /* getsock */ + multissl_adjust_pollset, /* adjust_pollset */ multissl_get_internals, /* get_internals */ multissl_close, /* close_one */ Curl_none_close_all, /* close_all */ @@ -1313,17 +1413,13 @@ static size_t multissl_version(char *buffer, size_t size) backends_len = p - backends; } - if(!size) - return 0; - - if(size <= backends_len) { - strncpy(buffer, backends, size - 1); - buffer[size - 1] = '\0'; - return size - 1; + if(size) { + if(backends_len < size) + strcpy(buffer, backends); + else + *buffer = 0; /* did not fit */ } - - strcpy(buffer, backends); - return backends_len; + return 0; } static int multissl_setup(const struct Curl_ssl *backend) @@ -1409,12 +1505,14 @@ CURLsslset Curl_init_sslset_nolock(curl_sslbackend id, const char *name, #ifdef USE_SSL -static void free_hostname(struct ssl_connect_data *connssl) +void Curl_ssl_peer_cleanup(struct ssl_peer *peer) { - if(connssl->dispname != connssl->hostname) - free(connssl->dispname); - free(connssl->hostname); - connssl->hostname = connssl->dispname = NULL; + if(peer->dispname != peer->hostname) + free(peer->dispname); + free(peer->sni); + free(peer->hostname); + peer->hostname = peer->sni = peer->dispname = NULL; + peer->is_ip_address = FALSE; } static void cf_close(struct Curl_cfilter *cf, struct Curl_easy *data) @@ -1423,12 +1521,26 @@ static void cf_close(struct Curl_cfilter *cf, struct Curl_easy *data) if(connssl) { Curl_ssl->close(cf, data); connssl->state = ssl_connection_none; - free_hostname(connssl); + Curl_ssl_peer_cleanup(&connssl->peer); } cf->connected = FALSE; } -static CURLcode reinit_hostname(struct Curl_cfilter *cf) +static int is_ip_address(const char *hostname) +{ +#ifdef ENABLE_IPV6 + struct in6_addr addr; +#else + struct in_addr addr; +#endif + return (hostname && hostname[0] && (Curl_inet_pton(AF_INET, hostname, &addr) +#ifdef ENABLE_IPV6 + || Curl_inet_pton(AF_INET6, hostname, &addr) +#endif + )); +} + +CURLcode Curl_ssl_peer_init(struct ssl_peer *peer, struct Curl_cfilter *cf) { struct ssl_connect_data *connssl = cf->ctx; const char *ehostname, *edispname; @@ -1454,23 +1566,43 @@ static CURLcode reinit_hostname(struct Curl_cfilter *cf) } /* change if ehostname changed */ - if(ehostname && (!connssl->hostname - || strcmp(ehostname, connssl->hostname))) { - free_hostname(connssl); - connssl->hostname = strdup(ehostname); - if(!connssl->hostname) { - free_hostname(connssl); + if(ehostname && (!peer->hostname + || strcmp(ehostname, peer->hostname))) { + Curl_ssl_peer_cleanup(peer); + peer->hostname = strdup(ehostname); + if(!peer->hostname) { + Curl_ssl_peer_cleanup(peer); return CURLE_OUT_OF_MEMORY; } if(!edispname || !strcmp(ehostname, edispname)) - connssl->dispname = connssl->hostname; + peer->dispname = peer->hostname; else { - connssl->dispname = strdup(edispname); - if(!connssl->dispname) { - free_hostname(connssl); + peer->dispname = strdup(edispname); + if(!peer->dispname) { + Curl_ssl_peer_cleanup(peer); return CURLE_OUT_OF_MEMORY; } } + + peer->sni = NULL; + peer->is_ip_address = is_ip_address(peer->hostname)? TRUE : FALSE; + if(peer->hostname[0] && !peer->is_ip_address) { + /* not an IP address, normalize according to RCC 6066 ch. 3, + * max len of SNI is 2^16-1, no trailing dot */ + size_t len = strlen(peer->hostname); + if(len && (peer->hostname[len-1] == '.')) + len--; + if(len < USHRT_MAX) { + peer->sni = calloc(1, len + 1); + if(!peer->sni) { + Curl_ssl_peer_cleanup(peer); + return CURLE_OUT_OF_MEMORY; + } + Curl_strntolower(peer->sni, peer->hostname, len); + peer->sni[len] = 0; + } + } + } connssl->port = eport; return CURLE_OK; @@ -1525,7 +1657,7 @@ static CURLcode ssl_cf_connect(struct Curl_cfilter *cf, goto out; *done = FALSE; - result = reinit_hostname(cf); + result = Curl_ssl_peer_init(&connssl->peer, cf); if(result) goto out; @@ -1583,38 +1715,49 @@ static ssize_t ssl_cf_recv(struct Curl_cfilter *cf, { struct cf_call_data save; ssize_t nread; + size_t ntotal = 0; CF_DATA_SAVE(save, cf, data); *err = CURLE_OK; - nread = Curl_ssl->recv_plain(cf, data, buf, len, err); - if(nread > 0) { - DEBUGASSERT((size_t)nread <= len); - } - else if(nread == 0) { - /* eof */ + /* Do receive until we fill the buffer somehwhat or EGAIN, error or EOF */ + while(!ntotal || (len - ntotal) > (4*1024)) { *err = CURLE_OK; + nread = Curl_ssl->recv_plain(cf, data, buf + ntotal, len - ntotal, err); + if(nread < 0) { + if(*err == CURLE_AGAIN && ntotal > 0) { + /* we EAGAINed after having reed data, return the success amount */ + *err = CURLE_OK; + break; + } + /* we have a an error to report */ + goto out; + } + else if(nread == 0) { + /* eof */ + break; + } + ntotal += (size_t)nread; + DEBUGASSERT((size_t)ntotal <= len); } - CURL_TRC_CF(data, cf, "cf_recv(len=%zu) -> %zd, %d", len, nread, *err); + nread = (ssize_t)ntotal; +out: + CURL_TRC_CF(data, cf, "cf_recv(len=%zu) -> %zd, %d", len, + nread, *err); CF_DATA_RESTORE(cf, save); return nread; } -static int ssl_cf_get_select_socks(struct Curl_cfilter *cf, +static void ssl_cf_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, - curl_socket_t *socks) + struct easy_pollset *ps) { struct cf_call_data save; - int fds = GETSOCK_BLANK; - if(!cf->next->connected) { - fds = cf->next->cft->get_select_socks(cf->next, data, socks); - } - else if(!cf->connected) { + if(!cf->connected) { CF_DATA_SAVE(save, cf, data); - fds = Curl_ssl->get_select_socks(cf, data, socks); + Curl_ssl->adjust_pollset(cf, data, ps); CF_DATA_RESTORE(cf, save); } - return fds; } static CURLcode ssl_cf_cntrl(struct Curl_cfilter *cf, @@ -1705,7 +1848,7 @@ struct Curl_cftype Curl_cft_ssl = { ssl_cf_connect, ssl_cf_close, Curl_cf_def_get_host, - ssl_cf_get_select_socks, + ssl_cf_adjust_pollset, ssl_cf_data_pending, ssl_cf_send, ssl_cf_recv, @@ -1715,6 +1858,8 @@ struct Curl_cftype Curl_cft_ssl = { ssl_cf_query, }; +#ifndef CURL_DISABLE_PROXY + struct Curl_cftype Curl_cft_ssl_proxy = { "SSL-PROXY", CF_TYPE_SSL, @@ -1723,7 +1868,7 @@ struct Curl_cftype Curl_cft_ssl_proxy = { ssl_cf_connect, ssl_cf_close, Curl_cf_def_get_host, - ssl_cf_get_select_socks, + ssl_cf_adjust_pollset, ssl_cf_data_pending, ssl_cf_send, ssl_cf_recv, @@ -1733,6 +1878,8 @@ struct Curl_cftype Curl_cft_ssl_proxy = { Curl_cf_def_query, }; +#endif /* !CURL_DISABLE_PROXY */ + static CURLcode cf_ssl_create(struct Curl_cfilter **pcf, struct Curl_easy *data, struct connectdata *conn) @@ -1837,6 +1984,20 @@ bool Curl_ssl_supports(struct Curl_easy *data, int option) return (Curl_ssl->supports & option)? TRUE : FALSE; } +static struct Curl_cfilter *get_ssl_filter(struct Curl_cfilter *cf) +{ + for(; cf; cf = cf->next) { + if(cf->cft == &Curl_cft_ssl) + return cf; +#ifndef CURL_DISABLE_PROXY + if(cf->cft == &Curl_cft_ssl_proxy) + return cf; +#endif + } + return NULL; +} + + void *Curl_ssl_get_internals(struct Curl_easy *data, int sockindex, CURLINFO info, int n) { @@ -1844,8 +2005,8 @@ void *Curl_ssl_get_internals(struct Curl_easy *data, int sockindex, (void)n; if(data->conn) { struct Curl_cfilter *cf; - /* get first filter in chain, if any is present */ - cf = Curl_ssl_cf_get_ssl(data->conn->cfilter[sockindex]); + /* get first SSL filter in chain, if any is present */ + cf = get_ssl_filter(data->conn->cfilter[sockindex]); if(cf) { struct cf_call_data save; CF_DATA_SAVE(save, cf, data); @@ -1875,26 +2036,14 @@ CURLcode Curl_ssl_cfilter_remove(struct Curl_easy *data, return result; } -static struct Curl_cfilter *get_ssl_cf_engaged(struct connectdata *conn, - int sockindex) -{ - struct Curl_cfilter *cf, *lowest_ssl_cf = NULL; - - for(cf = conn->cfilter[sockindex]; cf; cf = cf->next) { - if(cf->cft == &Curl_cft_ssl || cf->cft == &Curl_cft_ssl_proxy) { - lowest_ssl_cf = cf; - if(cf->connected || (cf->next && cf->next->connected)) { - /* connected or about to start */ - return cf; - } - } - } - return lowest_ssl_cf; -} - bool Curl_ssl_cf_is_proxy(struct Curl_cfilter *cf) { +#ifndef CURL_DISABLE_PROXY return (cf->cft == &Curl_cft_ssl_proxy); +#else + (void)cf; + return FALSE; +#endif } struct ssl_config_data * @@ -1908,17 +2057,6 @@ Curl_ssl_cf_get_config(struct Curl_cfilter *cf, struct Curl_easy *data) #endif } -struct ssl_config_data * -Curl_ssl_get_config(struct Curl_easy *data, int sockindex) -{ - struct Curl_cfilter *cf; - - (void)data; - DEBUGASSERT(data->conn); - cf = get_ssl_cf_engaged(data->conn, sockindex); - return cf? Curl_ssl_cf_get_config(cf, data) : &data->set.ssl; -} - struct ssl_primary_config * Curl_ssl_cf_get_primary_config(struct Curl_cfilter *cf) { @@ -1930,15 +2068,6 @@ Curl_ssl_cf_get_primary_config(struct Curl_cfilter *cf) #endif } -struct Curl_cfilter *Curl_ssl_cf_get_ssl(struct Curl_cfilter *cf) -{ - for(; cf; cf = cf->next) { - if(cf->cft == &Curl_cft_ssl || cf->cft == &Curl_cft_ssl_proxy) - return cf; - } - return NULL; -} - CURLcode Curl_alpn_to_proto_buf(struct alpn_proto_buf *buf, const struct alpn_spec *spec) { @@ -2005,10 +2134,6 @@ CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf, !memcmp(ALPN_HTTP_1_1, proto, ALPN_HTTP_1_1_LENGTH)) { *palpn = CURL_HTTP_VERSION_1_1; } - else if(proto_len == ALPN_HTTP_1_0_LENGTH && - !memcmp(ALPN_HTTP_1_0, proto, ALPN_HTTP_1_0_LENGTH)) { - *palpn = CURL_HTTP_VERSION_1_0; - } #ifdef USE_HTTP2 else if(proto_len == ALPN_H2_LENGTH && !memcmp(ALPN_H2, proto, ALPN_H2_LENGTH)) { diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h index 8ad1cf6de..744bbf8fd 100644 --- a/lib/vtls/vtls.h +++ b/lib/vtls/vtls.h @@ -65,15 +65,54 @@ CURLsslset Curl_init_sslset_nolock(curl_sslbackend id, const char *name, #define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */ #endif -char *Curl_ssl_snihost(struct Curl_easy *data, const char *host, size_t *olen); -bool Curl_ssl_config_matches(struct ssl_primary_config *data, - struct ssl_primary_config *needle); -bool Curl_clone_primary_ssl_config(struct ssl_primary_config *source, - struct ssl_primary_config *dest); -void Curl_free_primary_ssl_config(struct ssl_primary_config *sslc); - curl_sslbackend Curl_ssl_backend(void); +/** + * Init ssl config for a new easy handle. + */ +void Curl_ssl_easy_config_init(struct Curl_easy *data); + +/** + * Init the `data->set.ssl` and `data->set.proxy_ssl` for + * connection matching use. + */ +CURLcode Curl_ssl_easy_config_complete(struct Curl_easy *data); + +/** + * Init SSL configs (main + proxy) for a new connection from the easy handle. + */ +CURLcode Curl_ssl_conn_config_init(struct Curl_easy *data, + struct connectdata *conn); + +/** + * Free allocated resources in SSL configs (main + proxy) for + * the given connection. + */ +void Curl_ssl_conn_config_cleanup(struct connectdata *conn); + +/** + * Return TRUE iff SSL configuration from `conn` is functionally the + * same as the one on `candidate`. + * @param proxy match the proxy SSL config or the main one + */ +bool Curl_ssl_conn_config_match(struct Curl_easy *data, + struct connectdata *candidate, + bool proxy); + +/* Update certain connection SSL config flags after they have + * been changed on the easy handle. Will work for `verifypeer`, + * `verifyhost` and `verifystatus`. */ +void Curl_ssl_conn_config_update(struct Curl_easy *data, bool for_proxy); + +/** + * Init SSL peer information for filter. Can be called repeatedly. + */ +CURLcode Curl_ssl_peer_init(struct ssl_peer *peer, struct Curl_cfilter *cf); +/** + * Free all allocated data and reset peer information. + */ +void Curl_ssl_peer_cleanup(struct ssl_peer *peer); + #ifdef USE_SSL int Curl_ssl_init(void); void Curl_ssl_cleanup(void); @@ -159,18 +198,6 @@ CURLcode Curl_cf_ssl_proxy_insert_after(struct Curl_cfilter *cf_at, struct Curl_easy *data); #endif /* !CURL_DISABLE_PROXY */ -/** - * Get the SSL configuration that is used on the connection. - * This returns NULL if no SSL is configured. - * Otherwise it returns the config of the first (highest) one that is - * either connected, in handshake or about to start - * (e.g. all filters below it are connected). If SSL filters are present, - * but neither can start operating, return the config of the lowest one - * that will first come into effect when connecting. - */ -struct ssl_config_data *Curl_ssl_get_config(struct Curl_easy *data, - int sockindex); - /** * True iff the underlying SSL implementation supports the option. * Option is one of the defined SSLSUPP_* values. @@ -188,8 +215,22 @@ bool Curl_ssl_supports(struct Curl_easy *data, int ssl_option); void *Curl_ssl_get_internals(struct Curl_easy *data, int sockindex, CURLINFO info, int n); +/** + * Get the ssl_config_data in `data` that is relevant for cfilter `cf`. + */ +struct ssl_config_data *Curl_ssl_cf_get_config(struct Curl_cfilter *cf, + struct Curl_easy *data); + +/** + * Get the primary config relevant for the filter from its connection. + */ +struct ssl_primary_config * + Curl_ssl_cf_get_primary_config(struct Curl_cfilter *cf); + extern struct Curl_cftype Curl_cft_ssl; +#ifndef CURL_DISABLE_PROXY extern struct Curl_cftype Curl_cft_ssl_proxy; +#endif #else /* if not USE_SSL */ @@ -209,8 +250,9 @@ extern struct Curl_cftype Curl_cft_ssl_proxy; #define Curl_ssl_get_internals(a,b,c,d) NULL #define Curl_ssl_supports(a,b) FALSE #define Curl_ssl_cfilter_add(a,b,c) CURLE_NOT_BUILT_IN -#define Curl_ssl_get_config(a,b) NULL #define Curl_ssl_cfilter_remove(a,b) CURLE_OK +#define Curl_ssl_cf_get_config(a,b) NULL +#define Curl_ssl_cf_get_primary_config(a) NULL #endif #endif /* HEADER_CURL_VTLS_H */ diff --git a/lib/vtls/vtls_int.h b/lib/vtls/vtls_int.h index a6e4544a8..af7ae552e 100644 --- a/lib/vtls/vtls_int.h +++ b/lib/vtls/vtls_int.h @@ -32,8 +32,6 @@ /* see https://www.iana.org/assignments/tls-extensiontype-values/ */ #define ALPN_HTTP_1_1_LENGTH 8 #define ALPN_HTTP_1_1 "http/1.1" -#define ALPN_HTTP_1_0_LENGTH 8 -#define ALPN_HTTP_1_0 "http/1.0" #define ALPN_H2_LENGTH 2 #define ALPN_H2 "h2" #define ALPN_H3_LENGTH 2 @@ -70,14 +68,14 @@ CURLcode Curl_alpn_set_negotiated(struct Curl_cfilter *cf, struct ssl_connect_data { ssl_connection_state state; ssl_connect_state connecting_state; - char *hostname; /* hostname for verification */ - char *dispname; /* display version of hostname */ + struct ssl_peer peer; const struct alpn_spec *alpn; /* ALPN to use or NULL for none */ void *backend; /* vtls backend specific props */ struct cf_call_data call_data; /* data handle used in current call */ struct curltime handshake_done; /* time when handshake finished */ int port; /* remote port at origin */ BIT(use_alpn); /* if ALPN shall be used in handshake */ + BIT(reused_session); /* session-ID was reused for this */ }; @@ -118,14 +116,11 @@ struct Curl_ssl { struct Curl_easy *data, bool *done); - /* If the SSL backend wants to read or write on this connection during a - handshake, set socks[0] to the connection's FIRSTSOCKET, and return - a bitmap indicating read or write with GETSOCK_WRITESOCK(0) or - GETSOCK_READSOCK(0). Otherwise return GETSOCK_BLANK. - Mandatory. */ - int (*get_select_socks)(struct Curl_cfilter *cf, struct Curl_easy *data, - curl_socket_t *socks); - + /* During handshake, adjust the pollset to include the socket + * for POLLOUT or POLLIN as needed. + * Mandatory. */ + void (*adjust_pollset)(struct Curl_cfilter *cf, struct Curl_easy *data, + struct easy_pollset *ps); void *(*get_internals)(struct ssl_connect_data *connssl, CURLINFO info); void (*close)(struct Curl_cfilter *cf, struct Curl_easy *data); void (*close_all)(struct Curl_easy *data); @@ -169,25 +164,8 @@ CURLcode Curl_none_set_engine(struct Curl_easy *data, const char *engine); CURLcode Curl_none_set_engine_default(struct Curl_easy *data); struct curl_slist *Curl_none_engines_list(struct Curl_easy *data); bool Curl_none_false_start(void); -int Curl_ssl_get_select_socks(struct Curl_cfilter *cf, struct Curl_easy *data, - curl_socket_t *socks); - -/** - * Get the ssl_config_data in `data` that is relevant for cfilter `cf`. - */ -struct ssl_config_data *Curl_ssl_cf_get_config(struct Curl_cfilter *cf, - struct Curl_easy *data); - -/** - * Get the primary config relevant for the filter from its connection. - */ -struct ssl_primary_config * - Curl_ssl_cf_get_primary_config(struct Curl_cfilter *cf); - -/** - * Get the first SSL filter in the chain starting with `cf`, or NULL. - */ -struct Curl_cfilter *Curl_ssl_cf_get_ssl(struct Curl_cfilter *cf); +void Curl_ssl_adjust_pollset(struct Curl_cfilter *cf, struct Curl_easy *data, + struct easy_pollset *ps); /** * Get the SSL filter below the given one or NULL if there is none. diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index b1384a644..a3c017cea 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -480,6 +480,7 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) return CURLE_SSL_CONNECT_ERROR; } #endif + default: break; } @@ -513,7 +514,7 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) } } -#ifndef NO_FILESYSTEM +#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SYS_CA_CERTS) /* load native CA certificates */ if(ssl_config->native_ca_store) { if(wolfSSL_CTX_load_system_CA_certs(backend->ctx) != WOLFSSL_SUCCESS) { @@ -582,12 +583,25 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) if(ssl_config->primary.clientcert && ssl_config->key) { int file_type = do_file_type(ssl_config->cert_type); - if(wolfSSL_CTX_use_certificate_file(backend->ctx, - ssl_config->primary.clientcert, - file_type) != 1) { - failf(data, "unable to use client certificate (no key or wrong pass" - " phrase?)"); - return CURLE_SSL_CONNECT_ERROR; + if(file_type == WOLFSSL_FILETYPE_PEM) { + if(wolfSSL_CTX_use_certificate_chain_file(backend->ctx, + ssl_config->primary.clientcert) + != 1) { + failf(data, "unable to use client certificate"); + return CURLE_SSL_CONNECT_ERROR; + } + } + else if(file_type == WOLFSSL_FILETYPE_ASN1) { + if(wolfSSL_CTX_use_certificate_file(backend->ctx, + ssl_config->primary.clientcert, + file_type) != 1) { + failf(data, "unable to use client certificate"); + return CURLE_SSL_CONNECT_ERROR; + } + } + else { + failf(data, "unknown cert type"); + return CURLE_BAD_FUNCTION_ARGUMENT; } file_type = do_file_type(ssl_config->key_type); @@ -608,24 +622,12 @@ wolfssl_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) SSL_VERIFY_NONE, NULL); #ifdef HAVE_SNI - if(sni) { - struct in_addr addr4; -#ifdef ENABLE_IPV6 - struct in6_addr addr6; -#endif - size_t hostname_len = strlen(connssl->hostname); - - if((hostname_len < USHRT_MAX) && - !Curl_inet_pton(AF_INET, connssl->hostname, &addr4) -#ifdef ENABLE_IPV6 - && !Curl_inet_pton(AF_INET6, connssl->hostname, &addr6) -#endif - ) { - size_t snilen; - char *snihost = Curl_ssl_snihost(data, connssl->hostname, &snilen); - if(!snihost || - wolfSSL_CTX_UseSNI(backend->ctx, WOLFSSL_SNI_HOST_NAME, snihost, - (unsigned short)snilen) != 1) { + if(sni && connssl->peer.sni) { + size_t sni_len = strlen(connssl->peer.sni); + if((sni_len < USHRT_MAX)) { + if(wolfSSL_CTX_UseSNI(backend->ctx, WOLFSSL_SNI_HOST_NAME, + connssl->peer.sni, + (unsigned short)sni_len) != 1) { failf(data, "Failed to set SNI"); return CURLE_SSL_CONNECT_ERROR; } @@ -763,9 +765,9 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) /* Enable RFC2818 checks */ if(conn_config->verifyhost) { - char *snihost = Curl_ssl_snihost(data, connssl->hostname, NULL); - if(!snihost || - (wolfSSL_check_domain_name(backend->handle, snihost) == SSL_FAILURE)) + char *snihost = connssl->peer.sni? + connssl->peer.sni : connssl->peer.hostname; + if(wolfSSL_check_domain_name(backend->handle, snihost) == SSL_FAILURE) return CURLE_SSL_CONNECT_ERROR; } @@ -813,7 +815,7 @@ wolfssl_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) else if(DOMAIN_NAME_MISMATCH == detail) { #if 1 failf(data, " subject alt name(s) or common name do not match \"%s\"", - connssl->dispname); + connssl->peer.dispname); return CURLE_PEER_FAILED_VERIFICATION; #else /* When the wolfssl_check_domain_name() is used and you desire to @@ -1095,9 +1097,7 @@ static ssize_t wolfssl_recv(struct Curl_cfilter *cf, *curlcode = CURLE_OK; return 0; case SSL_ERROR_NONE: - /* FALLTHROUGH */ case SSL_ERROR_WANT_READ: - /* FALLTHROUGH */ case SSL_ERROR_WANT_WRITE: /* there's data pending, re-invoke wolfSSL_read() */ CURL_TRC_CF(data, cf, "wolfssl_recv(len=%zu) -> AGAIN", blen); @@ -1398,7 +1398,7 @@ const struct Curl_ssl Curl_ssl_wolfssl = { Curl_none_cert_status_request, /* cert_status_request */ wolfssl_connect, /* connect */ wolfssl_connect_nonblocking, /* connect_nonblocking */ - Curl_ssl_get_select_socks, /* getsock */ + Curl_ssl_adjust_pollset, /* adjust_pollset */ wolfssl_get_internals, /* get_internals */ wolfssl_close, /* close_one */ Curl_none_close_all, /* close_all */ diff --git a/lib/vtls/x509asn1.c b/lib/vtls/x509asn1.c index c3fd3a30b..da079361d 100644 --- a/lib/vtls/x509asn1.c +++ b/lib/vtls/x509asn1.c @@ -97,6 +97,11 @@ #define CURL_ASN1_CHARACTER_STRING 29 #define CURL_ASN1_BMP_STRING 30 +/* Max sixes */ + +#define MAX_X509_STR 10000 +#define MAX_X509_CERT 100000 + #ifdef WANT_EXTRACT_CERTINFO /* ASN.1 OID table entry. */ struct Curl_OID { @@ -255,61 +260,61 @@ static const struct Curl_OID *searchOID(const char *oid) } /* - * Convert an ASN.1 Boolean value into its string representation. Return the - * dynamically allocated string, or NULL if source is not an ASN.1 Boolean - * value. + * Convert an ASN.1 Boolean value into its string representation. + * + * Return error code. */ -static const char *bool2str(const char *beg, const char *end) +static CURLcode bool2str(struct dynbuf *store, + const char *beg, const char *end) { if(end - beg != 1) - return NULL; - return strdup(*beg? "TRUE": "FALSE"); + return CURLE_BAD_FUNCTION_ARGUMENT; + return Curl_dyn_add(store, *beg? "TRUE": "FALSE"); } /* * Convert an ASN.1 octet string to a printable string. - * Return the dynamically allocated string, or NULL if an error occurs. + * + * Return error code. */ -static const char *octet2str(const char *beg, const char *end) +static CURLcode octet2str(struct dynbuf *store, + const char *beg, const char *end) { - struct dynbuf buf; - CURLcode result; - - Curl_dyn_init(&buf, 3 * CURL_ASN1_MAX + 1); - result = Curl_dyn_addn(&buf, "", 0); + CURLcode result = CURLE_OK; while(!result && beg < end) - result = Curl_dyn_addf(&buf, "%02x:", (unsigned char) *beg++); + result = Curl_dyn_addf(store, "%02x:", (unsigned char) *beg++); - return Curl_dyn_ptr(&buf); + return result; } -static const char *bit2str(const char *beg, const char *end) +static CURLcode bit2str(struct dynbuf *store, + const char *beg, const char *end) { - /* Convert an ASN.1 bit string to a printable string. - Return the dynamically allocated string, or NULL if an error occurs. */ + /* Convert an ASN.1 bit string to a printable string. */ if(++beg > end) - return NULL; - return octet2str(beg, end); + return CURLE_BAD_FUNCTION_ARGUMENT; + return octet2str(store, beg, end); } /* * Convert an ASN.1 integer value into its string representation. - * Return the dynamically allocated string, or NULL if source is not an - * ASN.1 integer value. + * + * Returns error. */ -static const char *int2str(const char *beg, const char *end) +static CURLcode int2str(struct dynbuf *store, + const char *beg, const char *end) { unsigned int val = 0; size_t n = end - beg; if(!n) - return NULL; + return CURLE_BAD_FUNCTION_ARGUMENT; if(n > 4) - return octet2str(beg, end); + return octet2str(store, beg, end); /* Represent integers <= 32-bit as a single value. */ if(*beg & 0x80) @@ -318,25 +323,24 @@ static const char *int2str(const char *beg, const char *end) do val = (val << 8) | *(const unsigned char *) beg++; while(beg < end); - return curl_maprintf("%s%x", val >= 10? "0x": "", val); + return Curl_dyn_addf(store, "%s%x", val >= 10? "0x": "", val); } /* - * Perform a lazy conversion from an ASN.1 typed string to UTF8. Allocate the - * destination buffer dynamically. The allocation size will normally be too - * large: this is to avoid buffer overflows. - * Terminate the string with a nul byte and return the converted - * string length. + * Convert from an ASN.1 typed string to UTF8. + * + * The result is stored in a dynbuf that is inited by the user of this + * function. + * + * Returns error. */ -static ssize_t -utf8asn1str(char **to, int type, const char *from, const char *end) +static CURLcode +utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end) { size_t inlength = end - from; int size = 1; - size_t outlength; - char *buf; + CURLcode result = CURLE_OK; - *to = NULL; switch(type) { case CURL_ASN1_BMP_STRING: size = 2; @@ -352,133 +356,85 @@ utf8asn1str(char **to, int type, const char *from, const char *end) case CURL_ASN1_UTF8_STRING: break; default: - return -1; /* Conversion not supported. */ + return CURLE_BAD_FUNCTION_ARGUMENT; /* Conversion not supported. */ } if(inlength % size) - return -1; /* Length inconsistent with character size. */ - if(inlength / size > (SIZE_T_MAX - 1) / 4) - return -1; /* Too big. */ - buf = malloc(4 * (inlength / size) + 1); - if(!buf) - return -1; /* Not enough memory. */ + /* Length inconsistent with character size. */ + return CURLE_BAD_FUNCTION_ARGUMENT; if(type == CURL_ASN1_UTF8_STRING) { /* Just copy. */ - outlength = inlength; - if(outlength) - memcpy(buf, from, outlength); + if(inlength) + result = Curl_dyn_addn(to, from, inlength); } else { - for(outlength = 0; from < end;) { - int charsize; - unsigned int wc; + while(!result && (from < end)) { + char buf[4]; /* decode buffer */ + int charsize = 1; + unsigned int wc = 0; - wc = 0; switch(size) { case 4: wc = (wc << 8) | *(const unsigned char *) from++; wc = (wc << 8) | *(const unsigned char *) from++; - /* FALLTHROUGH */ + FALLTHROUGH(); case 2: wc = (wc << 8) | *(const unsigned char *) from++; - /* FALLTHROUGH */ + FALLTHROUGH(); default: /* case 1: */ wc = (wc << 8) | *(const unsigned char *) from++; } - charsize = 1; if(wc >= 0x00000080) { if(wc >= 0x00000800) { if(wc >= 0x00010000) { if(wc >= 0x00200000) { free(buf); - return -1; /* Invalid char. size for target encoding. */ + /* Invalid char. size for target encoding. */ + return CURLE_WEIRD_SERVER_REPLY; } - buf[outlength + 3] = (char) (0x80 | (wc & 0x3F)); + buf[3] = (char) (0x80 | (wc & 0x3F)); wc = (wc >> 6) | 0x00010000; charsize++; } - buf[outlength + 2] = (char) (0x80 | (wc & 0x3F)); + buf[2] = (char) (0x80 | (wc & 0x3F)); wc = (wc >> 6) | 0x00000800; charsize++; } - buf[outlength + 1] = (char) (0x80 | (wc & 0x3F)); + buf[1] = (char) (0x80 | (wc & 0x3F)); wc = (wc >> 6) | 0x000000C0; charsize++; } - buf[outlength] = (char) wc; - outlength += charsize; + buf[0] = (char) wc; + result = Curl_dyn_addn(to, buf, charsize); } } - buf[outlength] = '\0'; - *to = buf; - return outlength; -} - -/* - * Convert an ASN.1 String into its UTF-8 string representation. - * Return the dynamically allocated string, or NULL if an error occurs. - */ -static const char *string2str(int type, const char *beg, const char *end) -{ - char *buf; - if(utf8asn1str(&buf, type, beg, end) < 0) - return NULL; - return buf; -} - -/* - * Decimal ASCII encode unsigned integer `x' into the buflen sized buffer at - * buf. Return the total number of encoded digits, even if larger than - * `buflen'. - */ -static size_t encodeUint(char *buf, size_t buflen, unsigned int x) -{ - size_t i = 0; - unsigned int y = x / 10; - - if(y) { - i = encodeUint(buf, buflen, y); - x -= y * 10; - } - if(i < buflen) - buf[i] = (char) ('0' + x); - i++; - if(i < buflen) - buf[i] = '\0'; /* Store a terminator if possible. */ - return i; + return result; } /* * Convert an ASN.1 OID into its dotted string representation. - * Store the result in th `n'-byte buffer at `buf'. - * Return the converted string length, or 0 on errors. + * + * Return error code. */ -static size_t encodeOID(char *buf, size_t buflen, - const char *beg, const char *end) +static CURLcode encodeOID(struct dynbuf *store, + const char *beg, const char *end) { - size_t i; unsigned int x; unsigned int y; + CURLcode result = CURLE_OK; /* Process the first two numbers. */ y = *(const unsigned char *) beg++; x = y / 40; y -= x * 40; - i = encodeUint(buf, buflen, x); - if(i < buflen) - buf[i] = '.'; - i++; - if(i >= buflen) - i += encodeUint(NULL, 0, y); - else - i += encodeUint(buf + i, buflen - i, y); + + result = Curl_dyn_addf(store, "%u.%u", x, y); + if(result) + return result; /* Process the trailing numbers. */ while(beg < end) { - if(i < buflen) - buf[i] = '.'; - i++; x = 0; do { if(x & 0xFF000000) @@ -486,46 +442,42 @@ static size_t encodeOID(char *buf, size_t buflen, y = *(const unsigned char *) beg++; x = (x << 7) | (y & 0x7F); } while(y & 0x80); - if(i >= buflen) - i += encodeUint(NULL, 0, x); - else - i += encodeUint(buf + i, buflen - i, x); + result = Curl_dyn_addf(store, ".%u", x); } - if(i < buflen) - buf[i] = '\0'; - return i; + return result; } /* * Convert an ASN.1 OID into its dotted or symbolic string representation. - * Return the dynamically allocated string, or NULL if an error occurs. + * + * Return error code. */ -static const char *OID2str(const char *beg, const char *end, bool symbolic) +static CURLcode OID2str(struct dynbuf *store, + const char *beg, const char *end, bool symbolic) { - char *buf = NULL; + CURLcode result = CURLE_OK; if(beg < end) { - size_t buflen = encodeOID(NULL, 0, beg, end); - if(buflen) { - buf = malloc(buflen + 1); /* one extra for the zero byte */ - if(buf) { - encodeOID(buf, buflen, beg, end); - buf[buflen] = '\0'; - - if(symbolic) { - const struct Curl_OID *op = searchOID(buf); - if(op) { - free(buf); - buf = strdup(op->textoid); - } - } + if(symbolic) { + struct dynbuf buf; + Curl_dyn_init(&buf, MAX_X509_STR); + result = encodeOID(&buf, beg, end); + + if(!result) { + const struct Curl_OID *op = searchOID(Curl_dyn_ptr(&buf)); + if(op) + result = Curl_dyn_add(store, op->textoid); + Curl_dyn_free(&buf); } } + else + result = encodeOID(store, beg, end); } - return buf; + return result; } -static const char *GTime2str(const char *beg, const char *end) +static CURLcode GTime2str(struct dynbuf *store, + const char *beg, const char *end) { const char *tzp; const char *fracp; @@ -548,12 +500,12 @@ static const char *GTime2str(const char *beg, const char *end) break; case 2: sec1 = fracp[-2]; - /* FALLTHROUGH */ + FALLTHROUGH(); case 1: sec2 = fracp[-1]; break; default: - return NULL; + return CURLE_BAD_FUNCTION_ARGUMENT; } /* Scan for timezone, measure fractional seconds. */ @@ -582,7 +534,8 @@ static const char *GTime2str(const char *beg, const char *end) } tzl = end - tzp; - return curl_maprintf("%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s", + return Curl_dyn_addf(store, + "%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s", beg, beg + 4, beg + 6, beg + 8, beg + 10, sec1, sec2, fracl? ".": "", (int)fracl, fracp, @@ -590,10 +543,12 @@ static const char *GTime2str(const char *beg, const char *end) } /* - * Convert an ASN.1 UTC time to a printable string. - * Return the dynamically allocated string, or NULL if an error occurs. + * Convert an ASN.1 UTC time to a printable string. + * + * Return error code. */ -static const char *UTime2str(const char *beg, const char *end) +static CURLcode UTime2str(struct dynbuf *store, + const char *beg, const char *end) { const char *tzp; size_t tzl; @@ -606,15 +561,16 @@ static const char *UTime2str(const char *beg, const char *end) switch(tzp - sec) { case 0: sec = "00"; + FALLTHROUGH(); case 2: break; default: - return NULL; + return CURLE_BAD_FUNCTION_ARGUMENT; } /* Process timezone. */ if(tzp >= end) - return NULL; + return CURLE_BAD_FUNCTION_ARGUMENT; if(*tzp == 'Z') { tzp = "GMT"; end = tzp + 3; @@ -623,7 +579,7 @@ static const char *UTime2str(const char *beg, const char *end) tzp++; tzl = end - tzp; - return curl_maprintf("%u%.2s-%.2s-%.2s %.2s:%.2s:%.2s %.*s", + return Curl_dyn_addf(store, "%u%.2s-%.2s-%.2s %.2s:%.2s:%.2s %.*s", 20 - (*beg >= '5'), beg, beg + 2, beg + 4, beg + 6, beg + 8, sec, (int)tzl, tzp); @@ -631,34 +587,45 @@ static const char *UTime2str(const char *beg, const char *end) /* * Convert an ASN.1 element to a printable string. - * Return the dynamically allocated string, or NULL if an error occurs. + * + * Return error */ -static const char *ASN1tostr(struct Curl_asn1Element *elem, int type) +static CURLcode ASN1tostr(struct dynbuf *store, + struct Curl_asn1Element *elem, int type) { + CURLcode result = CURLE_BAD_FUNCTION_ARGUMENT; if(elem->constructed) - return NULL; /* No conversion of structured elements. */ + return CURLE_OK; /* No conversion of structured elements. */ if(!type) type = elem->tag; /* Type not forced: use element tag as type. */ switch(type) { case CURL_ASN1_BOOLEAN: - return bool2str(elem->beg, elem->end); + result = bool2str(store, elem->beg, elem->end); + break; case CURL_ASN1_INTEGER: case CURL_ASN1_ENUMERATED: - return int2str(elem->beg, elem->end); + result = int2str(store, elem->beg, elem->end); + break; case CURL_ASN1_BIT_STRING: - return bit2str(elem->beg, elem->end); + result = bit2str(store, elem->beg, elem->end); + break; case CURL_ASN1_OCTET_STRING: - return octet2str(elem->beg, elem->end); + result = octet2str(store, elem->beg, elem->end); + break; case CURL_ASN1_NULL: - return strdup(""); + result = Curl_dyn_addn(store, "", 1); + break; case CURL_ASN1_OBJECT_IDENTIFIER: - return OID2str(elem->beg, elem->end, TRUE); + result = OID2str(store, elem->beg, elem->end, TRUE); + break; case CURL_ASN1_UTC_TIME: - return UTime2str(elem->beg, elem->end); + result = UTime2str(store, elem->beg, elem->end); + break; case CURL_ASN1_GENERALIZED_TIME: - return GTime2str(elem->beg, elem->end); + result = GTime2str(store, elem->beg, elem->end); + break; case CURL_ASN1_UTF8_STRING: case CURL_ASN1_NUMERIC_STRING: case CURL_ASN1_PRINTABLE_STRING: @@ -667,87 +634,96 @@ static const char *ASN1tostr(struct Curl_asn1Element *elem, int type) case CURL_ASN1_VISIBLE_STRING: case CURL_ASN1_UNIVERSAL_STRING: case CURL_ASN1_BMP_STRING: - return string2str(type, elem->beg, elem->end); + result = utf8asn1str(store, type, elem->beg, elem->end); + break; } - return NULL; /* Unsupported. */ + return result; } /* - * ASCII encode distinguished name at `dn' into the `buflen'-sized buffer at - * `buf'. + * ASCII encode distinguished name at `dn' into the store dynbuf. * - * Returns the total string length, even if larger than `buflen' or -1 on - * error. + * Returns error. */ -static ssize_t encodeDN(char *buf, size_t buflen, struct Curl_asn1Element *dn) +static CURLcode encodeDN(struct dynbuf *store, struct Curl_asn1Element *dn) { struct Curl_asn1Element rdn; struct Curl_asn1Element atv; struct Curl_asn1Element oid; struct Curl_asn1Element value; - size_t l = 0; const char *p1; const char *p2; const char *p3; const char *str; + CURLcode result = CURLE_OK; + bool added = FALSE; + struct dynbuf temp; + Curl_dyn_init(&temp, MAX_X509_STR); for(p1 = dn->beg; p1 < dn->end;) { p1 = getASN1Element(&rdn, p1, dn->end); - if(!p1) - return -1; + if(!p1) { + result = CURLE_BAD_FUNCTION_ARGUMENT; + goto error; + } for(p2 = rdn.beg; p2 < rdn.end;) { p2 = getASN1Element(&atv, p2, rdn.end); - if(!p2) - return -1; + if(!p2) { + result = CURLE_BAD_FUNCTION_ARGUMENT; + goto error; + } p3 = getASN1Element(&oid, atv.beg, atv.end); - if(!p3) - return -1; - if(!getASN1Element(&value, p3, atv.end)) - return -1; - str = ASN1tostr(&oid, 0); - if(!str) - return -1; + if(!p3) { + result = CURLE_BAD_FUNCTION_ARGUMENT; + goto error; + } + if(!getASN1Element(&value, p3, atv.end)) { + result = CURLE_BAD_FUNCTION_ARGUMENT; + goto error; + } + Curl_dyn_reset(&temp); + result = ASN1tostr(&temp, &oid, 0); + if(result) + goto error; + + str = Curl_dyn_ptr(&temp); /* Encode delimiter. If attribute has a short uppercase name, delimiter is ", ". */ - if(l) { - for(p3 = str; ISUPPER(*p3); p3++) - ; - for(p3 = (*p3 || p3 - str > 2)? "/": ", "; *p3; p3++) { - if(l < buflen) - buf[l] = *p3; - l++; - } + for(p3 = str; ISUPPER(*p3); p3++) + ; + if(added) { + if(p3 - str > 2) + result = Curl_dyn_addn(store, "/", 1); + else + result = Curl_dyn_addn(store, ", ", 2); + if(result) + goto error; } /* Encode attribute name. */ - for(p3 = str; *p3; p3++) { - if(l < buflen) - buf[l] = *p3; - l++; - } - free((char *) str); + result = Curl_dyn_add(store, str); + if(result) + goto error; /* Generate equal sign. */ - if(l < buflen) - buf[l] = '='; - l++; + result = Curl_dyn_addn(store, "=", 1); + if(result) + goto error; /* Generate value. */ - str = ASN1tostr(&value, 0); - if(!str) - return -1; - for(p3 = str; *p3; p3++) { - if(l < buflen) - buf[l] = *p3; - l++; - } - free((char *) str); + result = ASN1tostr(store, &value, 0); + if(result) + goto error; + Curl_dyn_reset(&temp); + added = TRUE; /* use separator for next */ } } +error: + Curl_dyn_free(&temp); - return l; + return result; } #endif /* WANT_EXTRACT_CERTINFO */ @@ -876,25 +852,9 @@ int Curl_parseX509(struct Curl_X509certificate *cert, #ifdef WANT_EXTRACT_CERTINFO -/* - * Copy at most 64-characters, terminate with a newline and returns the - * effective number of stored characters. - */ -static size_t copySubstring(char *to, const char *from) -{ - size_t i; - for(i = 0; i < 64; i++) { - to[i] = *from; - if(!*from++) - break; - } - - to[i++] = '\n'; - return i; -} - -static const char *dumpAlgo(struct Curl_asn1Element *param, - const char *beg, const char *end) +static CURLcode dumpAlgo(struct dynbuf *store, + struct Curl_asn1Element *param, + const char *beg, const char *end) { struct Curl_asn1Element oid; @@ -902,14 +862,16 @@ static const char *dumpAlgo(struct Curl_asn1Element *param, beg = getASN1Element(&oid, beg, end); if(!beg) - return NULL; + return CURLE_BAD_FUNCTION_ARGUMENT; param->header = NULL; param->tag = 0; param->beg = param->end = end; - if(beg < end) - if(!getASN1Element(param, beg, end)) - return NULL; - return OID2str(oid.beg, oid.end, TRUE); + if(beg < end) { + const char *p = getASN1Element(param, beg, end); + if(!p) + return CURLE_BAD_FUNCTION_ARGUMENT; + } + return OID2str(store, oid.beg, oid.end, TRUE); } /* @@ -926,24 +888,47 @@ static CURLcode ssl_push_certinfo(struct Curl_easy *data, return Curl_ssl_push_certinfo_len(data, certnum, label, value, valuelen); } -/* return 0 on success, 1 on error */ -static int do_pubkey_field(struct Curl_easy *data, int certnum, - const char *label, struct Curl_asn1Element *elem) +/* + * This is a convenience function for push_certinfo_len that takes a + * dynbuf value. + * + * It also does the verbose output if !certnum. + */ +static CURLcode ssl_push_certinfo_dyn(struct Curl_easy *data, + int certnum, + const char *label, + struct dynbuf *ptr) { - const char *output; - CURLcode result = CURLE_OK; + size_t valuelen = Curl_dyn_len(ptr); + char *value = Curl_dyn_ptr(ptr); + + CURLcode result = Curl_ssl_push_certinfo_len(data, certnum, label, + value, valuelen); + + if(!certnum && !result) + infof(data, " %s: %s", label, value); + + return result; +} + +static CURLcode do_pubkey_field(struct Curl_easy *data, int certnum, + const char *label, + struct Curl_asn1Element *elem) +{ + CURLcode result; + struct dynbuf out; + + Curl_dyn_init(&out, MAX_X509_STR); /* Generate a certificate information record for the public key. */ - output = ASN1tostr(elem, 0); - if(output) { + result = ASN1tostr(&out, elem, 0); + if(!result) { if(data->set.ssl.certinfo) - result = ssl_push_certinfo(data, certnum, label, output); - if(!certnum && !result) - infof(data, " %s: %s", label, output); - free((char *) output); + result = ssl_push_certinfo_dyn(data, certnum, label, &out); + Curl_dyn_free(&out); } - return result ? 1 : 0; + return result; } /* return 0 on success, 1 on error */ @@ -964,7 +949,7 @@ static int do_pubkey(struct Curl_easy *data, int certnum, */ const size_t len = ((pubkey->end - pubkey->beg - 2) * 4); if(!certnum) - infof(data, " ECC Public Key (%lu bits)", len); + infof(data, " ECC Public Key (%zu bits)", len); if(data->set.ssl.certinfo) { char q[sizeof(len) * 8 / 3 + 1]; (void)msnprintf(q, sizeof(q), "%zu", len); @@ -998,7 +983,7 @@ static int do_pubkey(struct Curl_easy *data, int certnum, if(len > 32) elem.beg = q; /* Strip leading zero bytes. */ if(!certnum) - infof(data, " RSA Public Key (%lu bits)", len); + infof(data, " RSA Public Key (%zu bits)", len); if(data->set.ssl.certinfo) { char r[sizeof(len) * 8 / 3 + 1]; msnprintf(r, sizeof(r), "%zu", len); @@ -1049,24 +1034,12 @@ static int do_pubkey(struct Curl_easy *data, int certnum, /* * Convert an ASN.1 distinguished name into a printable string. - * Return the dynamically allocated string, or NULL if an error occurs. + * Return error. */ -static const char *DNtostr(struct Curl_asn1Element *dn) +static CURLcode DNtostr(struct dynbuf *store, + struct Curl_asn1Element *dn) { - char *buf = NULL; - ssize_t buflen = encodeDN(NULL, 0, dn); - - if(buflen >= 0) { - buf = malloc(buflen + 1); - if(buf) { - if(encodeDN(buf, buflen + 1, dn) == -1) { - free(buf); - return NULL; - } - buf[buflen] = '\0'; - } - } - return buf; + return encodeDN(store, dn); } CURLcode Curl_extract_certinfo(struct Curl_easy *data, @@ -1076,19 +1049,19 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, { struct Curl_X509certificate cert; struct Curl_asn1Element param; - const char *ccp; - char *cp1; - size_t cl1; - char *cp2; + char *certptr; + size_t clen; + struct dynbuf out; CURLcode result = CURLE_OK; unsigned int version; - size_t i; - size_t j; + const char *ptr; + int rc; if(!data->set.ssl.certinfo) if(certnum) return CURLE_OK; + Curl_dyn_init(&out, MAX_X509_STR); /* Prepare the certificate information for curl_easy_getinfo(). */ /* Extract the certificate ASN.1 elements. */ @@ -1096,135 +1069,126 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, return CURLE_PEER_FAILED_VERIFICATION; /* Subject. */ - ccp = DNtostr(&cert.subject); - if(!ccp) - return CURLE_OUT_OF_MEMORY; + result = DNtostr(&out, &cert.subject); + if(result) + goto done; if(data->set.ssl.certinfo) { - result = ssl_push_certinfo(data, certnum, "Subject", ccp); + result = ssl_push_certinfo_dyn(data, certnum, "Subject", &out); if(result) - return result; + goto done; } - if(!certnum) - infof(data, "%2d Subject: %s", certnum, ccp); - free((char *) ccp); + Curl_dyn_reset(&out); /* Issuer. */ - ccp = DNtostr(&cert.issuer); - if(!ccp) - return CURLE_OUT_OF_MEMORY; + result = DNtostr(&out, &cert.issuer); + if(result) + goto done; if(data->set.ssl.certinfo) { - result = ssl_push_certinfo(data, certnum, "Issuer", ccp); + result = ssl_push_certinfo_dyn(data, certnum, "Issuer", &out); + if(result) + goto done; } - if(!certnum) - infof(data, " Issuer: %s", ccp); - free((char *) ccp); - if(result) - return result; + Curl_dyn_reset(&out); /* Version (always fits in less than 32 bits). */ version = 0; - for(ccp = cert.version.beg; ccp < cert.version.end; ccp++) - version = (version << 8) | *(const unsigned char *) ccp; + for(ptr = cert.version.beg; ptr < cert.version.end; ptr++) + version = (version << 8) | *(const unsigned char *) ptr; if(data->set.ssl.certinfo) { - ccp = curl_maprintf("%x", version); - if(!ccp) - return CURLE_OUT_OF_MEMORY; - result = ssl_push_certinfo(data, certnum, "Version", ccp); - free((char *) ccp); + result = Curl_dyn_addf(&out, "%x", version); + if(result) + goto done; + result = ssl_push_certinfo_dyn(data, certnum, "Version", &out); if(result) - return result; + goto done; + Curl_dyn_reset(&out); } - if(!certnum) - infof(data, " Version: %u (0x%x)", version + 1, version); /* Serial number. */ - ccp = ASN1tostr(&cert.serialNumber, 0); - if(!ccp) - return CURLE_OUT_OF_MEMORY; - if(data->set.ssl.certinfo) - result = ssl_push_certinfo(data, certnum, "Serial Number", ccp); - if(!certnum) - infof(data, " Serial Number: %s", ccp); - free((char *) ccp); + result = ASN1tostr(&out, &cert.serialNumber, 0); if(result) - return result; + goto done; + if(data->set.ssl.certinfo) { + result = ssl_push_certinfo_dyn(data, certnum, "Serial Number", &out); + if(result) + goto done; + } + Curl_dyn_reset(&out); /* Signature algorithm .*/ - ccp = dumpAlgo(¶m, cert.signatureAlgorithm.beg, - cert.signatureAlgorithm.end); - if(!ccp) - return CURLE_OUT_OF_MEMORY; - if(data->set.ssl.certinfo) - result = ssl_push_certinfo(data, certnum, "Signature Algorithm", ccp); - if(!certnum) - infof(data, " Signature Algorithm: %s", ccp); - free((char *) ccp); + result = dumpAlgo(&out, ¶m, cert.signatureAlgorithm.beg, + cert.signatureAlgorithm.end); if(result) - return result; + goto done; + if(data->set.ssl.certinfo) { + result = ssl_push_certinfo_dyn(data, certnum, "Signature Algorithm", + &out); + if(result) + goto done; + } + Curl_dyn_reset(&out); /* Start Date. */ - ccp = ASN1tostr(&cert.notBefore, 0); - if(!ccp) - return CURLE_OUT_OF_MEMORY; - if(data->set.ssl.certinfo) - result = ssl_push_certinfo(data, certnum, "Start Date", ccp); - if(!certnum) - infof(data, " Start Date: %s", ccp); - free((char *) ccp); + result = ASN1tostr(&out, &cert.notBefore, 0); if(result) - return result; + goto done; + if(data->set.ssl.certinfo) { + result = ssl_push_certinfo_dyn(data, certnum, "Start Date", &out); + if(result) + goto done; + } + Curl_dyn_reset(&out); /* Expire Date. */ - ccp = ASN1tostr(&cert.notAfter, 0); - if(!ccp) - return CURLE_OUT_OF_MEMORY; - if(data->set.ssl.certinfo) - result = ssl_push_certinfo(data, certnum, "Expire Date", ccp); - if(!certnum) - infof(data, " Expire Date: %s", ccp); - free((char *) ccp); + result = ASN1tostr(&out, &cert.notAfter, 0); if(result) - return result; + goto done; + if(data->set.ssl.certinfo) { + result = ssl_push_certinfo_dyn(data, certnum, "Expire Date", &out); + if(result) + goto done; + } + Curl_dyn_reset(&out); /* Public Key Algorithm. */ - ccp = dumpAlgo(¶m, cert.subjectPublicKeyAlgorithm.beg, - cert.subjectPublicKeyAlgorithm.end); - if(!ccp) - return CURLE_OUT_OF_MEMORY; - if(data->set.ssl.certinfo) - result = ssl_push_certinfo(data, certnum, "Public Key Algorithm", - ccp); - if(!result) { - int ret; - if(!certnum) - infof(data, " Public Key Algorithm: %s", ccp); - ret = do_pubkey(data, certnum, ccp, ¶m, &cert.subjectPublicKey); - if(ret) - result = CURLE_OUT_OF_MEMORY; /* the most likely error */ - } - free((char *) ccp); + result = dumpAlgo(&out, ¶m, cert.subjectPublicKeyAlgorithm.beg, + cert.subjectPublicKeyAlgorithm.end); if(result) - return result; + goto done; + if(data->set.ssl.certinfo) { + result = ssl_push_certinfo_dyn(data, certnum, "Public Key Algorithm", + &out); + if(result) + goto done; + } + + rc = do_pubkey(data, certnum, Curl_dyn_ptr(&out), + ¶m, &cert.subjectPublicKey); + if(rc) { + result = CURLE_OUT_OF_MEMORY; /* the most likely error */ + goto done; + } + Curl_dyn_reset(&out); /* Signature. */ - ccp = ASN1tostr(&cert.signature, 0); - if(!ccp) - return CURLE_OUT_OF_MEMORY; - if(data->set.ssl.certinfo) - result = ssl_push_certinfo(data, certnum, "Signature", ccp); - if(!certnum) - infof(data, " Signature: %s", ccp); - free((char *) ccp); + result = ASN1tostr(&out, &cert.signature, 0); if(result) - return result; + goto done; + if(data->set.ssl.certinfo) { + result = ssl_push_certinfo_dyn(data, certnum, "Signature", &out); + if(result) + goto done; + } + Curl_dyn_reset(&out); /* Generate PEM certificate. */ result = Curl_base64_encode(cert.certificate.beg, cert.certificate.end - cert.certificate.beg, - &cp1, &cl1); + &certptr, &clen); if(result) - return result; - /* Compute the number of characters in final certificate string. Format is: + goto done; + + /* Generate the final output certificate string. Format is: -----BEGIN CERTIFICATE-----\n \n . @@ -1232,207 +1196,34 @@ CURLcode Curl_extract_certinfo(struct Curl_easy *data, . -----END CERTIFICATE-----\n */ - i = 28 + cl1 + (cl1 + 64 - 1) / 64 + 26; - cp2 = malloc(i + 1); - if(!cp2) { - free(cp1); - return CURLE_OUT_OF_MEMORY; - } - /* Build the certificate string. */ - i = copySubstring(cp2, "-----BEGIN CERTIFICATE-----"); - for(j = 0; j < cl1; j += 64) - i += copySubstring(cp2 + i, cp1 + j); - i += copySubstring(cp2 + i, "-----END CERTIFICATE-----"); - cp2[i] = '\0'; - free(cp1); - if(data->set.ssl.certinfo) - result = ssl_push_certinfo(data, certnum, "Cert", cp2); - if(!certnum) - infof(data, "%s", cp2); - free(cp2); - return result; -} -#endif /* WANT_EXTRACT_CERTINFO */ - -#endif /* USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL or USE_SECTRANSP */ + Curl_dyn_reset(&out); -#ifdef WANT_VERIFYHOST - -static const char *checkOID(const char *beg, const char *end, - const char *oid) -{ - struct Curl_asn1Element e; - const char *ccp; - const char *p; - bool matched; - - /* Check if first ASN.1 element at `beg' is the given OID. - Return a pointer in the source after the OID if found, else NULL. */ - - ccp = getASN1Element(&e, beg, end); - if(!ccp || e.tag != CURL_ASN1_OBJECT_IDENTIFIER) - return NULL; - - p = OID2str(e.beg, e.end, FALSE); - if(!p) - return NULL; - - matched = !strcmp(p, oid); - free((char *) p); - return matched? ccp: NULL; -} - -CURLcode Curl_verifyhost(struct Curl_cfilter *cf, - struct Curl_easy *data, - const char *beg, const char *end) -{ - struct ssl_connect_data *connssl = cf->ctx; - struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf); - struct Curl_X509certificate cert; - struct Curl_asn1Element dn; - struct Curl_asn1Element elem; - struct Curl_asn1Element ext; - struct Curl_asn1Element name; - const char *p; - const char *q; - char *dnsname; - int matched = -1; - size_t addrlen = (size_t) -1; - ssize_t len; - size_t hostlen; - -#ifdef ENABLE_IPV6 - struct in6_addr addr; -#else - struct in_addr addr; -#endif - - /* Verify that connection server matches info in X509 certificate at - `beg'..`end'. */ - - if(!conn_config->verifyhost) - return CURLE_OK; - - if(Curl_parseX509(&cert, beg, end)) - return CURLE_PEER_FAILED_VERIFICATION; - - hostlen = strlen(connssl->hostname); - - /* Get the server IP address. */ -#ifdef ENABLE_IPV6 - if(cf->conn->bits.ipv6_ip && - Curl_inet_pton(AF_INET6, connssl->hostname, &addr)) - addrlen = sizeof(struct in6_addr); - else -#endif - if(Curl_inet_pton(AF_INET, connssl->hostname, &addr)) - addrlen = sizeof(struct in_addr); - - /* Process extensions. */ - for(p = cert.extensions.beg; p < cert.extensions.end && matched != 1;) { - p = getASN1Element(&ext, p, cert.extensions.end); - if(!p) - return CURLE_PEER_FAILED_VERIFICATION; - - /* Check if extension is a subjectAlternativeName. */ - ext.beg = checkOID(ext.beg, ext.end, sanOID); - if(ext.beg) { - ext.beg = getASN1Element(&elem, ext.beg, ext.end); - if(!ext.beg) - return CURLE_PEER_FAILED_VERIFICATION; - /* Skip critical if present. */ - if(elem.tag == CURL_ASN1_BOOLEAN) { - ext.beg = getASN1Element(&elem, ext.beg, ext.end); - if(!ext.beg) - return CURLE_PEER_FAILED_VERIFICATION; - } - /* Parse the octet string contents: is a single sequence. */ - if(!getASN1Element(&elem, elem.beg, elem.end)) - return CURLE_PEER_FAILED_VERIFICATION; - /* Check all GeneralNames. */ - for(q = elem.beg; matched != 1 && q < elem.end;) { - q = getASN1Element(&name, q, elem.end); - if(!q) - break; - switch(name.tag) { - case 2: /* DNS name. */ - len = utf8asn1str(&dnsname, CURL_ASN1_IA5_STRING, - name.beg, name.end); - if(len > 0 && (size_t)len == strlen(dnsname)) - matched = Curl_cert_hostcheck(dnsname, (size_t)len, - connssl->hostname, hostlen); - else - matched = 0; - free(dnsname); - break; - - case 7: /* IP address. */ - matched = (size_t)(name.end - name.beg) == addrlen && - !memcmp(&addr, name.beg, addrlen); - break; - } - } - } - } - - switch(matched) { - case 1: - /* an alternative name matched the server hostname */ - infof(data, " subjectAltName: %s matched", connssl->dispname); - return CURLE_OK; - case 0: - /* an alternative name field existed, but didn't match and then - we MUST fail */ - infof(data, " subjectAltName does not match %s", connssl->dispname); - return CURLE_PEER_FAILED_VERIFICATION; - } - - /* Process subject. */ - name.header = NULL; - name.beg = name.end = ""; - q = cert.subject.beg; - /* we have to look to the last occurrence of a commonName in the - distinguished one to get the most significant one. */ - while(q < cert.subject.end) { - q = getASN1Element(&dn, q, cert.subject.end); - if(!q) - break; - for(p = dn.beg; p < dn.end;) { - p = getASN1Element(&elem, p, dn.end); - if(!p) - return CURLE_PEER_FAILED_VERIFICATION; - /* We have a DN's AttributeTypeAndValue: check it in case it's a CN. */ - elem.beg = checkOID(elem.beg, elem.end, cnOID); - if(elem.beg) - name = elem; /* Latch CN. */ - } - } - - /* Check the CN if found. */ - if(!getASN1Element(&elem, name.beg, name.end)) - failf(data, "SSL: unable to obtain common name from peer certificate"); - else { - len = utf8asn1str(&dnsname, elem.tag, elem.beg, elem.end); - if(len < 0) { - free(dnsname); - return CURLE_OUT_OF_MEMORY; - } - if(strlen(dnsname) != (size_t) len) /* Nul byte in string ? */ - failf(data, "SSL: illegal cert name field"); - else if(Curl_cert_hostcheck((const char *) dnsname, - len, connssl->hostname, hostlen)) { - infof(data, " common name: %s (matched)", dnsname); - free(dnsname); - return CURLE_OK; + /* Build the certificate string. */ + result = Curl_dyn_add(&out, "-----BEGIN CERTIFICATE-----\n"); + if(!result) { + size_t j = 0; + + while(!result && (j < clen)) { + size_t chunksize = (clen - j) > 64 ? 64 : (clen - j); + result = Curl_dyn_addn(&out, &certptr[j], chunksize); + if(!result) + result = Curl_dyn_addn(&out, "\n", 1); + j += chunksize; } - else - failf(data, "SSL: certificate subject name '%s' does not match " - "target host name '%s'", dnsname, connssl->dispname); - free(dnsname); + if(!result) + result = Curl_dyn_add(&out, "-----END CERTIFICATE-----\n"); } + free(certptr); + if(!result) + if(data->set.ssl.certinfo) + result = ssl_push_certinfo_dyn(data, certnum, "Cert", &out); - return CURLE_PEER_FAILED_VERIFICATION; +done: + Curl_dyn_free(&out); + return result; } -#endif /* WANT_VERIFYHOST */ +#endif /* WANT_EXTRACT_CERTINFO */ + +#endif /* USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL or USE_SECTRANSP */ diff --git a/lib/warnless.c b/lib/warnless.c index 7e077f8d8..c80937b84 100644 --- a/lib/warnless.c +++ b/lib/warnless.c @@ -37,7 +37,7 @@ #include "warnless.h" -#ifdef WIN32 +#ifdef _WIN32 #undef read #undef write #endif @@ -367,7 +367,7 @@ curl_socket_t curlx_sitosk(int i) #endif /* USE_WINSOCK */ -#if defined(WIN32) +#if defined(_WIN32) ssize_t curlx_read(int fd, void *buf, size_t count) { @@ -379,8 +379,8 @@ ssize_t curlx_write(int fd, const void *buf, size_t count) return (ssize_t)write(fd, buf, curlx_uztoui(count)); } -/* Ensure that warnless.h continues to have an effect in "unity" builds. */ -#undef HEADER_CURL_WARNLESS_H - -#endif /* WIN32 */ +#endif /* _WIN32 */ +/* Ensure that warnless.h redefinitions continue to have an effect + in "unity" builds. */ +#undef HEADER_CURL_WARNLESS_H_REDEFS diff --git a/lib/warnless.h b/lib/warnless.h index 2a5301628..e5a02c8d9 100644 --- a/lib/warnless.h +++ b/lib/warnless.h @@ -69,18 +69,13 @@ curl_socket_t curlx_sitosk(int i); #endif /* USE_WINSOCK */ -#if defined(WIN32) +#if defined(_WIN32) ssize_t curlx_read(int fd, void *buf, size_t count); ssize_t curlx_write(int fd, const void *buf, size_t count); -#undef read -#define read(fd, buf, count) curlx_read(fd, buf, count) -#undef write -#define write(fd, buf, count) curlx_write(fd, buf, count) - -#endif /* WIN32 */ +#endif /* _WIN32 */ #if defined(__INTEL_COMPILER) && defined(__unix__) @@ -97,3 +92,15 @@ unsigned short curlx_ntohs(unsigned short usnum); #endif /* __INTEL_COMPILER && __unix__ */ #endif /* HEADER_CURL_WARNLESS_H */ + +#ifndef HEADER_CURL_WARNLESS_H_REDEFS +#define HEADER_CURL_WARNLESS_H_REDEFS + +#if defined(_WIN32) +#undef read +#define read(fd, buf, count) curlx_read(fd, buf, count) +#undef write +#define write(fd, buf, count) curlx_write(fd, buf, count) +#endif + +#endif /* HEADER_CURL_WARNLESS_H_REDEFS */ diff --git a/lib/ws.c b/lib/ws.c index 3c1964b86..d9765182d 100644 --- a/lib/ws.c +++ b/lib/ws.c @@ -24,7 +24,7 @@ #include "curl_setup.h" #include -#ifdef USE_WEBSOCKETS +#if defined(USE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) #include "urldata.h" #include "bufq.h" @@ -225,6 +225,10 @@ static CURLcode ws_dec_read_head(struct ws_decoder *dec, dec->payload_len = (dec->head[2] << 8) | dec->head[3]; break; case 10: + if(dec->head[2] > 127) { + failf(data, "WS: frame length longer than 64 signed not supported"); + return CURLE_RECV_ERROR; + } dec->payload_len = ((curl_off_t)dec->head[2] << 56) | (curl_off_t)dec->head[3] << 48 | (curl_off_t)dec->head[4] << 40 | @@ -274,8 +278,8 @@ static CURLcode ws_dec_pass_payload(struct ws_decoder *dec, dec->payload_offset += (curl_off_t)nwritten; remain = dec->payload_len - dec->payload_offset; /* infof(data, "WS-DEC: passed %zd bytes payload, %" - CURL_FORMAT_CURL_OFF_T " remain", - nwritten, remain); */ + CURL_FORMAT_CURL_OFF_T " remain", + nwritten, remain); */ } return remain? CURLE_AGAIN : CURLE_OK; @@ -296,7 +300,7 @@ static CURLcode ws_dec_pass(struct ws_decoder *dec, case WS_DEC_INIT: ws_dec_reset(dec); dec->state = WS_DEC_HEAD; - /* FALLTHROUGH */ + FALLTHROUGH(); case WS_DEC_HEAD: result = ws_dec_read_head(dec, data, inraw); if(result) { @@ -321,7 +325,7 @@ static CURLcode ws_dec_pass(struct ws_decoder *dec, dec->state = WS_DEC_INIT; break; } - /* FALLTHROUGH */ + FALLTHROUGH(); case WS_DEC_PAYLOAD: result = ws_dec_pass_payload(dec, data, inraw, write_payload, write_ctx); ws_dec_info(dec, data, "passing"); @@ -350,6 +354,136 @@ static void update_meta(struct websocket *ws, ws->frame.bytesleft = (payload_len - payload_offset - cur_len); } +/* WebSockets decoding client writer */ +struct ws_cw_ctx { + struct Curl_cwriter super; + struct bufq buf; +}; + +static CURLcode ws_cw_init(struct Curl_easy *data, + struct Curl_cwriter *writer) +{ + struct ws_cw_ctx *ctx = (struct ws_cw_ctx *)writer; + (void)data; + Curl_bufq_init2(&ctx->buf, WS_CHUNK_SIZE, 1, BUFQ_OPT_SOFT_LIMIT); + return CURLE_OK; +} + +static void ws_cw_close(struct Curl_easy *data, struct Curl_cwriter *writer) +{ + struct ws_cw_ctx *ctx = (struct ws_cw_ctx *)writer; + (void) data; + Curl_bufq_free(&ctx->buf); +} + +struct ws_cw_dec_ctx { + struct Curl_easy *data; + struct websocket *ws; + struct Curl_cwriter *next_writer; + int cw_type; +}; + +static ssize_t ws_cw_dec_next(const unsigned char *buf, size_t buflen, + int frame_age, int frame_flags, + curl_off_t payload_offset, + curl_off_t payload_len, + void *user_data, + CURLcode *err) +{ + struct ws_cw_dec_ctx *ctx = user_data; + struct Curl_easy *data = ctx->data; + struct websocket *ws = ctx->ws; + curl_off_t remain = (payload_len - (payload_offset + buflen)); + + (void)frame_age; + if((frame_flags & CURLWS_PING) && !remain) { + /* auto-respond to PINGs, only works for single-frame payloads atm */ + size_t bytes; + infof(data, "WS: auto-respond to PING with a PONG"); + /* send back the exact same content as a PONG */ + *err = curl_ws_send(data, buf, buflen, &bytes, 0, CURLWS_PONG); + if(*err) + return -1; + } + else if(buflen || !remain) { + /* forward the decoded frame to the next client writer. */ + update_meta(ws, frame_age, frame_flags, payload_offset, + payload_len, buflen); + + *err = Curl_cwriter_write(data, ctx->next_writer, ctx->cw_type, + (const char *)buf, buflen); + if(*err) + return -1; + } + *err = CURLE_OK; + return (ssize_t)buflen; +} + +static CURLcode ws_cw_write(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, + const char *buf, size_t nbytes) +{ + struct ws_cw_ctx *ctx = (struct ws_cw_ctx *)writer; + struct websocket *ws; + CURLcode result; + + if(!(type & CLIENTWRITE_BODY) || data->set.ws_raw_mode) + return Curl_cwriter_write(data, writer->next, type, buf, nbytes); + + ws = data->conn->proto.ws; + if(!ws) { + failf(data, "WS: not a websocket transfer"); + return CURLE_FAILED_INIT; + } + + if(nbytes) { + ssize_t nwritten; + nwritten = Curl_bufq_write(&ctx->buf, (const unsigned char *)buf, + nbytes, &result); + if(nwritten < 0) { + infof(data, "WS: error adding data to buffer %d", result); + return result; + } + } + + while(!Curl_bufq_is_empty(&ctx->buf)) { + struct ws_cw_dec_ctx pass_ctx; + pass_ctx.data = data; + pass_ctx.ws = ws; + pass_ctx.next_writer = writer->next; + pass_ctx.cw_type = type; + result = ws_dec_pass(&ws->dec, data, &ctx->buf, + ws_cw_dec_next, &pass_ctx); + if(result == CURLE_AGAIN) + /* insufficient amount of data, keep it for later. + * we pretend to have written all since we have a copy */ + return CURLE_OK; + else if(result) { + infof(data, "WS: decode error %d", (int)result); + return result; + } + } + + if((type & CLIENTWRITE_EOS) && !Curl_bufq_is_empty(&ctx->buf)) { + infof(data, "WS: decode ending with %zd frame bytes remaining", + Curl_bufq_len(&ctx->buf)); + return CURLE_RECV_ERROR; + } + + return CURLE_OK; +} + +/* WebSocket payload decoding client writer. */ +static const struct Curl_cwtype ws_cw_decode = { + "ws-decode", + NULL, + ws_cw_init, + ws_cw_write, + ws_cw_close, + sizeof(struct ws_cw_ctx) +}; + + static void ws_enc_info(struct ws_encoder *enc, struct Curl_easy *data, const char *msg) { @@ -410,6 +544,13 @@ static ssize_t ws_enc_write_head(struct Curl_easy *data, size_t hlen; ssize_t n; + if(payload_len < 0) { + failf(data, "WS: starting new frame with negative payload length %" + CURL_FORMAT_CURL_OFF_T, payload_len); + *err = CURLE_SEND_ERROR; + return -1; + } + if(enc->payload_remain > 0) { /* trying to write a new frame before the previous one is finished */ failf(data, "WS: starting new frame with %zd bytes from last one" @@ -607,6 +748,7 @@ CURLcode Curl_ws_accept(struct Curl_easy *data, { struct SingleRequest *k = &data->req; struct websocket *ws; + struct Curl_cwriter *ws_dec_writer; CURLcode result; DEBUGASSERT(data->conn); @@ -616,7 +758,8 @@ CURLcode Curl_ws_accept(struct Curl_easy *data, if(!ws) return CURLE_OUT_OF_MEMORY; data->conn->proto.ws = ws; - Curl_bufq_init(&ws->recvbuf, WS_CHUNK_SIZE, WS_CHUNK_COUNT); + Curl_bufq_init2(&ws->recvbuf, WS_CHUNK_SIZE, WS_CHUNK_COUNT, + BUFQ_OPT_SOFT_LIMIT); Curl_bufq_init2(&ws->sendbuf, WS_CHUNK_SIZE, WS_CHUNK_COUNT, BUFQ_OPT_SOFT_LIMIT); ws_dec_init(&ws->dec); @@ -655,6 +798,18 @@ CURLcode Curl_ws_accept(struct Curl_easy *data, infof(data, "Received 101, switch to WebSocket; mask %02x%02x%02x%02x", ws->enc.mask[0], ws->enc.mask[1], ws->enc.mask[2], ws->enc.mask[3]); + /* Install our client writer that decodes WS frames payload */ + result = Curl_cwriter_create(&ws_dec_writer, data, &ws_cw_decode, + CURL_CW_CONTENT_DECODE); + if(result) + return result; + + result = Curl_cwriter_add(data, ws_dec_writer); + if(result) { + Curl_cwriter_free(data, ws_dec_writer); + return result; + } + if(data->set.connect_only) { ssize_t nwritten; /* In CONNECT_ONLY setup, the payloads from `mem` need to be received @@ -666,105 +821,15 @@ CURLcode Curl_ws_accept(struct Curl_easy *data, return result; infof(data, "%zu bytes websocket payload", nread); } - k->upgr101 = UPGR101_RECEIVED; - - return result; -} - -static ssize_t ws_client_write(const unsigned char *buf, size_t buflen, - int frame_age, int frame_flags, - curl_off_t payload_offset, - curl_off_t payload_len, - void *userp, - CURLcode *err) -{ - struct Curl_easy *data = userp; - struct websocket *ws; - size_t wrote; - curl_off_t remain = (payload_len - (payload_offset + buflen)); - - (void)frame_age; - if(!data->conn || !data->conn->proto.ws) { - *err = CURLE_FAILED_INIT; - return -1; - } - ws = data->conn->proto.ws; - - if((frame_flags & CURLWS_PING) && !remain) { - /* auto-respond to PINGs, only works for single-frame payloads atm */ - size_t bytes; - infof(data, "WS: auto-respond to PING with a PONG"); - /* send back the exact same content as a PONG */ - *err = curl_ws_send(data, buf, buflen, &bytes, 0, CURLWS_PONG); - if(*err) - return -1; - } - else if(buflen || !remain) { - /* deliver the decoded frame to the user callback. The application - * may invoke curl_ws_meta() to access frame information. */ - update_meta(ws, frame_age, frame_flags, payload_offset, - payload_len, buflen); - Curl_set_in_callback(data, true); - wrote = data->set.fwrite_func((char *)buf, 1, - buflen, data->set.out); - Curl_set_in_callback(data, false); - if(wrote != buflen) { - *err = CURLE_RECV_ERROR; - return -1; + else { /* !connect_only */ + /* And pass any additional data to the writers */ + if(nread) { + result = Curl_client_write(data, CLIENTWRITE_BODY, (char *)mem, nread); } } - *err = CURLE_OK; - return (ssize_t)buflen; -} - -/* Curl_ws_writecb() is the write callback for websocket traffic. The - websocket data is provided to this raw, in chunks. This function should - handle/decode the data and call the "real" underlying callback accordingly. -*/ -size_t Curl_ws_writecb(char *buffer, size_t size /* 1 */, - size_t nitems, void *userp) -{ - struct Curl_easy *data = userp; - - if(data->set.ws_raw_mode) - return data->set.fwrite_func(buffer, size, nitems, data->set.out); - else if(nitems) { - struct websocket *ws; - CURLcode result; - - if(!data->conn || !data->conn->proto.ws) { - failf(data, "WS: not a websocket transfer"); - return nitems - 1; - } - ws = data->conn->proto.ws; - - if(buffer) { - ssize_t nwritten; - - nwritten = Curl_bufq_write(&ws->recvbuf, (const unsigned char *)buffer, - nitems, &result); - if(nwritten < 0) { - infof(data, "WS: error adding data to buffer %d", (int)result); - return nitems - 1; - } - buffer = NULL; - } - - while(!Curl_bufq_is_empty(&ws->recvbuf)) { + k->upgr101 = UPGR101_RECEIVED; - result = ws_dec_pass(&ws->dec, data, &ws->recvbuf, - ws_client_write, data); - if(result == CURLE_AGAIN) - /* insufficient amount of data, keep it for later. - * we pretend to have written all since we have a copy */ - return nitems; - else if(result) { - infof(data, "WS: decode error %d", (int)result); - return nitems - 1; - } - } - } - return nitems; + return result; } struct ws_collect { @@ -925,8 +990,8 @@ CURL_EXTERN CURLcode curl_ws_recv(struct Curl_easy *data, void *buffer, *metap = &ws->frame; *nread = ws->frame.len; /* infof(data, "curl_ws_recv(len=%zu) -> %zu bytes (frame at %" - CURL_FORMAT_CURL_OFF_T ", %" CURL_FORMAT_CURL_OFF_T " left)", - buflen, *nread, ws->frame.offset, ws->frame.bytesleft); */ + CURL_FORMAT_CURL_OFF_T ", %" CURL_FORMAT_CURL_OFF_T " left)", + buflen, *nread, ws->frame.offset, ws->frame.bytesleft); */ return CURLE_OK; } @@ -997,8 +1062,11 @@ CURL_EXTERN CURLcode curl_ws_send(CURL *data, const void *buffer, ws = data->conn->proto.ws; if(data->set.ws_raw_mode) { - if(fragsize || flags) + if(fragsize || flags) { + DEBUGF(infof(data, "ws_send: " + "fragsize and flags cannot be non-zero in raw mode")); return CURLE_BAD_FUNCTION_ARGUMENT; + } if(!buflen) /* nothing to do */ return CURLE_OK; @@ -1071,14 +1139,23 @@ static void ws_free(struct connectdata *conn) } } +static CURLcode ws_setup_conn(struct Curl_easy *data, + struct connectdata *conn) +{ + /* websockets is 1.1 only (for now) */ + data->state.httpwant = CURL_HTTP_VERSION_1_1; + return Curl_http_setup_conn(data, conn); +} + + void Curl_ws_done(struct Curl_easy *data) { (void)data; } -CURLcode Curl_ws_disconnect(struct Curl_easy *data, - struct connectdata *conn, - bool dead_connection) +static CURLcode ws_disconnect(struct Curl_easy *data, + struct connectdata *conn, + bool dead_connection) { (void)data; (void)dead_connection; @@ -1096,6 +1173,57 @@ CURL_EXTERN const struct curl_ws_frame *curl_ws_meta(struct Curl_easy *data) return NULL; } +const struct Curl_handler Curl_handler_ws = { + "WS", /* scheme */ + ws_setup_conn, /* setup_connection */ + Curl_http, /* do_it */ + Curl_http_done, /* done */ + ZERO_NULL, /* do_more */ + Curl_http_connect, /* connect_it */ + ZERO_NULL, /* connecting */ + ZERO_NULL, /* doing */ + ZERO_NULL, /* proto_getsock */ + Curl_http_getsock_do, /* doing_getsock */ + ZERO_NULL, /* domore_getsock */ + ZERO_NULL, /* perform_getsock */ + ws_disconnect, /* disconnect */ + Curl_http_write_resp, /* write_resp */ + ZERO_NULL, /* connection_check */ + ZERO_NULL, /* attach connection */ + PORT_HTTP, /* defport */ + CURLPROTO_WS, /* protocol */ + CURLPROTO_HTTP, /* family */ + PROTOPT_CREDSPERREQUEST | /* flags */ + PROTOPT_USERPWDCTRL +}; + +#ifdef USE_SSL +const struct Curl_handler Curl_handler_wss = { + "WSS", /* scheme */ + ws_setup_conn, /* setup_connection */ + Curl_http, /* do_it */ + Curl_http_done, /* done */ + ZERO_NULL, /* do_more */ + Curl_http_connect, /* connect_it */ + NULL, /* connecting */ + ZERO_NULL, /* doing */ + NULL, /* proto_getsock */ + Curl_http_getsock_do, /* doing_getsock */ + ZERO_NULL, /* domore_getsock */ + ZERO_NULL, /* perform_getsock */ + ws_disconnect, /* disconnect */ + Curl_http_write_resp, /* write_resp */ + ZERO_NULL, /* connection_check */ + ZERO_NULL, /* attach connection */ + PORT_HTTPS, /* defport */ + CURLPROTO_WSS, /* protocol */ + CURLPROTO_HTTP, /* family */ + PROTOPT_SSL | PROTOPT_CREDSPERREQUEST | /* flags */ + PROTOPT_USERPWDCTRL +}; +#endif + + #else CURL_EXTERN CURLcode curl_ws_recv(CURL *curl, void *buffer, size_t buflen, diff --git a/lib/ws.h b/lib/ws.h index 0308a4254..5f40d4528 100644 --- a/lib/ws.h +++ b/lib/ws.h @@ -25,7 +25,7 @@ ***************************************************************************/ #include "curl_setup.h" -#ifdef USE_WEBSOCKETS +#if defined(USE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP) #ifdef USE_HYPER #define REQTYPE void @@ -75,11 +75,14 @@ struct websocket { CURLcode Curl_ws_request(struct Curl_easy *data, REQTYPE *req); CURLcode Curl_ws_accept(struct Curl_easy *data, const char *mem, size_t len); -size_t Curl_ws_writecb(char *buffer, size_t size, size_t nitems, void *userp); void Curl_ws_done(struct Curl_easy *data); -CURLcode Curl_ws_disconnect(struct Curl_easy *data, - struct connectdata *conn, - bool dead_connection); + +extern const struct Curl_handler Curl_handler_ws; +#ifdef USE_SSL +extern const struct Curl_handler Curl_handler_wss; +#endif + + #else #define Curl_ws_request(x,y) CURLE_OK #define Curl_ws_done(x) Curl_nop_stmt diff --git a/m4/curl-amissl.m4 b/m4/curl-amissl.m4 index 95208f0c2..48067e720 100644 --- a/m4/curl-amissl.m4 +++ b/m4/curl-amissl.m4 @@ -33,7 +33,7 @@ if test "$HAVE_PROTO_BSDSOCKET_H" = "1"; then #include ]],[[ #if defined(AMISSL_CURRENT_VERSION) && defined(AMISSL_V3xx) && \ - defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) && \ + (OPENSSL_VERSION_NUMBER >= 0x30000000L) && \ defined(PROTO_AMISSL_H) return 0; #else diff --git a/m4/curl-compilers.m4 b/m4/curl-compilers.m4 index caa2b14cb..9a4547709 100644 --- a/m4/curl-compilers.m4 +++ b/m4/curl-compilers.m4 @@ -48,7 +48,6 @@ AC_DEFUN([CURL_CHECK_COMPILER], [ CURL_CHECK_COMPILER_INTEL_C CURL_CHECK_COMPILER_CLANG CURL_CHECK_COMPILER_GNU_C - CURL_CHECK_COMPILER_LCC CURL_CHECK_COMPILER_SGI_MIPSPRO_C CURL_CHECK_COMPILER_SGI_MIPS_C CURL_CHECK_COMPILER_SUNPRO_C @@ -92,19 +91,40 @@ AC_DEFUN([CURL_CHECK_COMPILER_CLANG], [ AC_MSG_RESULT([no]) compiler_id="CLANG" fi + AC_MSG_CHECKING([compiler version]) fullclangver=`$CC -v 2>&1 | grep version` + if echo $fullclangver | grep 'Apple' >/dev/null; then + appleclang=1 + else + appleclang=0 + fi clangver=`echo $fullclangver | grep "based on LLVM " | "$SED" 's/.*(based on LLVM \(@<:@0-9@:>@*\.@<:@0-9@:>@*\).*)/\1/'` if test -z "$clangver"; then - if echo $fullclangver | grep "Apple LLVM version " >/dev/null; then - dnl Starting with XCode 7 / clang 3.7, Apple clang won't tell its upstream version - clangver="3.7" - else - clangver=`echo $fullclangver | "$SED" 's/.*version \(@<:@0-9@:>@*\.@<:@0-9@:>@*\).*/\1/'` - fi + clangver=`echo $fullclangver | "$SED" 's/.*version \(@<:@0-9@:>@*\.@<:@0-9@:>@*\).*/\1/'` + oldapple=0 + else + oldapple=1 fi clangvhi=`echo $clangver | cut -d . -f1` clangvlo=`echo $clangver | cut -d . -f2` compiler_num=`(expr $clangvhi "*" 100 + $clangvlo) 2>/dev/null` + if test "$appleclang" = '1' && test "$oldapple" = '0'; then + dnl Starting with Xcode 7 / clang 3.7, Apple clang won't tell its upstream version + if test "$compiler_num" -ge '1300'; then compiler_num='1200' + elif test "$compiler_num" -ge '1205'; then compiler_num='1101' + elif test "$compiler_num" -ge '1204'; then compiler_num='1000' + elif test "$compiler_num" -ge '1107'; then compiler_num='900' + elif test "$compiler_num" -ge '1103'; then compiler_num='800' + elif test "$compiler_num" -ge '1003'; then compiler_num='700' + elif test "$compiler_num" -ge '1001'; then compiler_num='600' + elif test "$compiler_num" -ge '904'; then compiler_num='500' + elif test "$compiler_num" -ge '902'; then compiler_num='400' + elif test "$compiler_num" -ge '803'; then compiler_num='309' + elif test "$compiler_num" -ge '703'; then compiler_num='308' + else compiler_num='307' + fi + fi + AC_MSG_RESULT([clang '$compiler_num' (raw: '$fullclangver' / '$clangver')]) flags_dbg_yes="-g" flags_opt_all="-O -O0 -O1 -O2 -Os -O3 -O4" flags_opt_yes="-O2" @@ -159,15 +179,21 @@ AC_DEFUN([CURL_CHECK_COMPILER_GNU_C], [ test "$compiler_id" = "unknown"; then AC_MSG_RESULT([yes]) compiler_id="GNU_C" - gccver=`$CC -dumpversion` + AC_MSG_CHECKING([compiler version]) + # strip '-suffix' parts, e.g. Ubuntu Windows cross-gcc returns '10-win32' + gccver=`$CC -dumpversion | sed -E 's/-.+$//'` gccvhi=`echo $gccver | cut -d . -f1` - gccvlo=`echo $gccver | cut -d . -f2` + if echo $gccver | grep -F '.' >/dev/null; then + gccvlo=`echo $gccver | cut -d . -f2` + else + gccvlo="0" + fi compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` + AC_MSG_RESULT([gcc '$compiler_num' (raw: '$gccver')]) flags_dbg_yes="-g" flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast" flags_opt_yes="-O2" flags_opt_off="-O0" - CURL_CHECK_DEF([_WIN32], [], [silent]) else AC_MSG_RESULT([no]) fi @@ -232,7 +258,9 @@ AC_DEFUN([CURL_CHECK_COMPILER_INTEL_C], [ CURL_CHECK_DEF([__INTEL_COMPILER], [], [silent]) if test "$curl_cv_have_def___INTEL_COMPILER" = "yes"; then AC_MSG_RESULT([yes]) + AC_MSG_CHECKING([compiler version]) compiler_num="$curl_cv_def___INTEL_COMPILER" + AC_MSG_RESULT([Intel C '$compiler_num']) CURL_CHECK_DEF([__unix__], [], [silent]) if test "$curl_cv_have_def___unix__" = "yes"; then compiler_id="INTEL_UNIX_C" @@ -253,26 +281,6 @@ AC_DEFUN([CURL_CHECK_COMPILER_INTEL_C], [ ]) -dnl CURL_CHECK_COMPILER_LCC -dnl ------------------------------------------------- -dnl Verify if compiler being used is LCC. - -AC_DEFUN([CURL_CHECK_COMPILER_LCC], [ - AC_MSG_CHECKING([if compiler is LCC]) - CURL_CHECK_DEF([__LCC__], [], [silent]) - if test "$curl_cv_have_def___LCC__" = "yes"; then - AC_MSG_RESULT([yes]) - compiler_id="LCC" - flags_dbg_yes="-g" - flags_opt_all="" - flags_opt_yes="" - flags_opt_off="" - else - AC_MSG_RESULT([no]) - fi -]) - - dnl CURL_CHECK_COMPILER_SGI_MIPS_C dnl ------------------------------------------------- dnl Verify if compiler being used is SGI MIPS C. @@ -580,12 +588,6 @@ AC_DEFUN([CURL_SET_COMPILER_BASIC_OPTS], [ tmp_CFLAGS="$tmp_CFLAGS" ;; # - LCC) - # - dnl Disallow run-time dereferencing of null pointers - tmp_CFLAGS="$tmp_CFLAGS -n" - ;; - # SGI_MIPS_C) # dnl Placeholder @@ -787,7 +789,8 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [ CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-prototypes]) tmp_CFLAGS="$tmp_CFLAGS -Wno-long-long" CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [float-equal]) - CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [no-multichar sign-compare]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [sign-compare]) + tmp_CFLAGS="$tmp_CFLAGS -Wno-multichar" CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [undef]) tmp_CFLAGS="$tmp_CFLAGS -Wno-format-nonliteral" CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [endif-labels strict-prototypes]) @@ -801,29 +804,48 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [ CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unused]) fi # + dnl Only clang 2.7 or later + if test "$compiler_num" -ge "207"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [address]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [attributes]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [bad-function-cast]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [conversion]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [div-by-zero format-security]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [empty-body]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-field-initializers]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-noreturn]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [old-style-definition]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [redundant-decls]) + # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [switch-enum]) # Not used because this basically disallows default case + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [type-limits]) + # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unused-macros]) # Not practical + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unreachable-code unused-parameter]) + fi + # dnl Only clang 2.8 or later if test "$compiler_num" -ge "208"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [ignored-qualifiers]) CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [vla]) fi # dnl Only clang 2.9 or later if test "$compiler_num" -ge "209"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [sign-conversion]) + tmp_CFLAGS="$tmp_CFLAGS -Wno-error=sign-conversion" # FIXME CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [shift-sign-overflow]) + # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [padded]) # Not used because we cannot change public structs fi # - dnl Only clang 3.0 or later (possibly earlier) + dnl Only clang 3.0 or later if test "$compiler_num" -ge "300"; then - CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [bad-function-cast]) - CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [conversion]) - CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [empty-body]) - CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [ignored-qualifiers]) - CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [type-limits]) - CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [no-sign-conversion]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [language-extension-token]) + tmp_CFLAGS="$tmp_CFLAGS -Wformat=2" fi # dnl Only clang 3.2 or later if test "$compiler_num" -ge "302"; then CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [enum-conversion]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [sometimes-uninitialized]) case $host_os in cygwin* | mingw*) dnl skip missing-variable-declarations warnings for cygwin and @@ -837,9 +859,16 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [ # dnl Only clang 3.4 or later if test "$compiler_num" -ge "304"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [header-guard]) CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unused-const-variable]) fi # + dnl Only clang 3.5 or later + if test "$compiler_num" -ge "305"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [pragmas]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unreachable-code-break]) + fi + # dnl Only clang 3.6 or later if test "$compiler_num" -ge "306"; then CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [double-promotion]) @@ -859,6 +888,10 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [ CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [assign-enum]) CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [extra-semi-stmt]) fi + dnl clang 10 or later + if test "$compiler_num" -ge "1000"; then + tmp_CFLAGS="$tmp_CFLAGS -Wimplicit-fallthrough" # we have silencing markup for clang 10.0 and above only + fi fi dnl Disable pointer to bool conversion warnings since they cause dnl lib/securetransp.c cause several warnings for checks we want. @@ -877,7 +910,6 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [ GNU_C) # if test "$want_warnings" = "yes"; then - tmp_CFLAGS="$tmp_CFLAGS -std=gnu89" # dnl Do not enable -pedantic when cross-compiling with a gcc older dnl than 3.0, to avoid warnings from third party system headers. @@ -958,6 +990,26 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [ tmp_CFLAGS="$tmp_CFLAGS -Wstrict-aliasing=3" fi # + dnl Only gcc 4.1 or later + if test "$compiler_num" -ge "401"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [attributes]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [div-by-zero format-security]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-field-initializers]) + case $host in + *-*-msys*) + ;; + *) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-noreturn]) # Seen to clash with libtool-generated stub code + ;; + esac + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unreachable-code unused-parameter]) + # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [padded]) # Not used because we cannot change public structs + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [pragmas]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [redundant-decls]) + # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [switch-enum]) # Not used because this basically disallows default case + # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unused-macros]) # Not practical + fi + # dnl Only gcc 4.2 or later if test "$compiler_num" -ge "402"; then CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [cast-align]) @@ -965,11 +1017,13 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [ # dnl Only gcc 4.3 or later if test "$compiler_num" -ge "403"; then + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [address]) CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [type-limits old-style-declaration]) CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [missing-parameter-type empty-body]) CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [clobbered ignored-qualifiers]) - CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [conversion]) - tmp_CFLAGS="$tmp_CFLAGS -Wno-sign-conversion" + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [conversion trampolines]) + CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [sign-conversion]) + tmp_CFLAGS="$tmp_CFLAGS -Wno-error=sign-conversion" # FIXME CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [vla]) dnl required for -Warray-bounds, included in -Wall tmp_CFLAGS="$tmp_CFLAGS -ftree-vrp" @@ -978,7 +1032,7 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [ dnl Only gcc 4.5 or later if test "$compiler_num" -ge "405"; then dnl Only windows targets - if test "$curl_cv_have_def__WIN32" = "yes"; then + if test "$curl_cv_native_windows" = "yes"; then tmp_CFLAGS="$tmp_CFLAGS -Wno-pedantic-ms-format" fi fi @@ -1015,10 +1069,7 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [ CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [alloc-zero]) tmp_CFLAGS="$tmp_CFLAGS -Wformat-overflow=2" tmp_CFLAGS="$tmp_CFLAGS -Wformat-truncation=2" - if test "$compiler_num" -lt "1200"; then - dnl gcc 12 doesn't acknowledge our comment markups - tmp_CFLAGS="$tmp_CFLAGS -Wimplicit-fallthrough=4" - fi + tmp_CFLAGS="$tmp_CFLAGS -Wimplicit-fallthrough" fi # dnl Only gcc 10 or later @@ -1105,17 +1156,6 @@ AC_DEFUN([CURL_SET_COMPILER_WARNING_OPTS], [ tmp_CFLAGS="$tmp_CFLAGS" ;; # - LCC) - # - if test "$want_warnings" = "yes"; then - dnl Highest warning level is double -A, next is single -A. - dnl Due to the big number of warnings these trigger on third - dnl party header files it is impractical for us to use any of - dnl them here. If you want them simply define it in CPPFLAGS. - tmp_CFLAGS="$tmp_CFLAGS" - fi - ;; - # SGI_MIPS_C) # if test "$want_warnings" = "yes"; then diff --git a/m4/curl-functions.m4 b/m4/curl-functions.m4 index 7fefa3967..425d9f96f 100644 --- a/m4/curl-functions.m4 +++ b/m4/curl-functions.m4 @@ -46,7 +46,7 @@ curl_includes_arpa_inet="\ #ifdef HAVE_ARPA_INET_H # include #endif -#ifdef HAVE_WINSOCK2_H +#ifdef _WIN32 #include #include #endif @@ -108,35 +108,6 @@ curl_includes_ifaddrs="\ ]) -dnl CURL_INCLUDES_INTTYPES -dnl ------------------------------------------------- -dnl Set up variable with list of headers that must be -dnl included when inttypes.h is to be included. - -AC_DEFUN([CURL_INCLUDES_INTTYPES], [ -curl_includes_inttypes="\ -/* includes start */ -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#ifdef HAVE_STDINT_H -# include -#endif -#ifdef HAVE_INTTYPES_H -# include -#endif -/* includes end */" - case $host_os in - irix*) - ac_cv_header_stdint_h="no" - ;; - esac - AC_CHECK_HEADERS( - sys/types.h stdint.h inttypes.h, - [], [], [$curl_includes_inttypes]) -]) - - dnl CURL_INCLUDES_LIBGEN dnl ------------------------------------------------- dnl Set up variable with list of headers that must be @@ -443,18 +414,14 @@ dnl included when winsock2.h is to be included. AC_DEFUN([CURL_INCLUDES_WINSOCK2], [ curl_includes_winsock2="\ /* includes start */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # ifndef WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN # endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# endif +# include #endif /* includes end */" - CURL_CHECK_HEADER_WINDOWS - CURL_CHECK_HEADER_WINSOCK2 + CURL_CHECK_NATIVE_WINDOWS ]) @@ -466,22 +433,15 @@ dnl included when ws2tcpip.h is to be included. AC_DEFUN([CURL_INCLUDES_WS2TCPIP], [ curl_includes_ws2tcpip="\ /* includes start */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # ifndef WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN # endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# ifdef HAVE_WS2TCPIP_H -# include -# endif -# endif +# include +# include #endif /* includes end */" - CURL_CHECK_HEADER_WINDOWS - CURL_CHECK_HEADER_WINSOCK2 - CURL_CHECK_HEADER_WS2TCPIP + CURL_CHECK_NATIVE_WINDOWS ]) @@ -539,7 +499,7 @@ dnl defines function calling convention. AC_DEFUN([CURL_PREPROCESS_CALLCONV], [ curl_preprocess_callconv="\ /* preprocess start */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # define FUNCALLCONV __stdcall #else # define FUNCALLCONV @@ -1823,10 +1783,10 @@ AC_DEFUN([CURL_CHECK_FUNC_GETADDRINFO], [ struct addrinfo *ai = 0; int error; - #ifdef HAVE_WINSOCK2_H + #ifdef _WIN32 WSADATA wsa; - if (WSAStartup(MAKEWORD(2,2), &wsa)) - exit(2); + if(WSAStartup(MAKEWORD(2, 2), &wsa)) + exit(2); #endif memset(&hints, 0, sizeof(hints)); diff --git a/m4/curl-gnutls.m4 b/m4/curl-gnutls.m4 index 48813dfad..d4f553d69 100644 --- a/m4/curl-gnutls.m4 +++ b/m4/curl-gnutls.m4 @@ -104,6 +104,7 @@ if test "x$OPT_GNUTLS" != xno; then GNUTLS_ENABLED=1 USE_GNUTLS="yes" ssl_msg="GnuTLS" + QUIC_ENABLED=yes test gnutls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes ], [ diff --git a/m4/curl-openssl.m4 b/m4/curl-openssl.m4 index a4811d2a3..2fb2abecc 100644 --- a/m4/curl-openssl.m4 +++ b/m4/curl-openssl.m4 @@ -271,6 +271,7 @@ if test "x$OPT_OPENSSL" != xno; then ],[ AC_MSG_RESULT([yes]) ssl_msg="BoringSSL" + OPENSSL_IS_BORINGSSL=1 ],[ AC_MSG_RESULT([no]) ]) @@ -287,6 +288,7 @@ if test "x$OPT_OPENSSL" != xno; then ],[ AC_MSG_RESULT([yes]) ssl_msg="AWS-LC" + OPENSSL_IS_BORINGSSL=1 ],[ AC_MSG_RESULT([no]) ]) @@ -312,7 +314,7 @@ if test "x$OPT_OPENSSL" != xno; then AC_LANG_PROGRAM([[ #include ]],[[ - #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) + #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) return 0; #else #error older than 3 @@ -328,6 +330,15 @@ if test "x$OPT_OPENSSL" != xno; then ]) fi + dnl is this OpenSSL (fork) providing the original QUIC API? + AC_CHECK_FUNCS([SSL_set_quic_use_legacy_codepoint], + [QUIC_ENABLED=yes]) + if test "$QUIC_ENABLED" = "yes"; then + AC_MSG_NOTICE([OpenSSL fork speaks QUIC API]) + else + AC_MSG_NOTICE([OpenSSL version does not speak QUIC API]) + fi + if test "$OPENSSL_ENABLED" = "1"; then if test -n "$LIB_OPENSSL"; then dnl when the ssl shared libs were found in a path that the run-time @@ -413,4 +424,23 @@ AS_HELP_STRING([--disable-openssl-auto-load-config],[Disable automatic loading o ]) fi +dnl --- +dnl We may use OpenSSL QUIC. +dnl --- +if test "$OPENSSL_ENABLED" = "1"; then + AC_MSG_CHECKING([for QUIC support in OpenSSL]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +#include + ]],[[ + OSSL_QUIC_client_method(); + ]]) + ],[ + AC_MSG_RESULT([yes]) + AC_DEFINE(HAVE_OPENSSL_QUIC, 1, [if you have the functions OSSL_QUIC_client_method]) + AC_SUBST(HAVE_OPENSSL_QUIC, [1]) + ],[ + AC_MSG_RESULT([no]) + ]) +fi ]) diff --git a/m4/curl-wolfssl.m4 b/m4/curl-wolfssl.m4 index f630685bc..1da47a91e 100644 --- a/m4/curl-wolfssl.m4 +++ b/m4/curl-wolfssl.m4 @@ -107,6 +107,7 @@ if test "x$OPT_WOLFSSL" != xno; then WOLFSSL_ENABLED=1 USE_WOLFSSL="yes" ssl_msg="WolfSSL" + QUIC_ENABLED=yes test wolfssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes ], [ diff --git a/maketgz b/maketgz index a0fcd878f..4ebda82a9 100644 --- a/maketgz +++ b/maketgz @@ -145,13 +145,8 @@ fi ############################################################################ # -# Modify the man pages to display the version number and date. -# - -echo "update man pages" -./scripts/updatemanpages.pl $version >/dev/null - # make the generated file newer than the man page + touch src/tool_hugehelp.c ############################################################################ diff --git a/packages/OS400/.gitattributes b/packages/OS400/.gitattributes new file mode 100644 index 000000000..e9b8201b5 --- /dev/null +++ b/packages/OS400/.gitattributes @@ -0,0 +1,6 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +# OS400 .cmd files are not windows scripts. +*.cmd text eol=auto diff --git a/packages/OS400/ccsidcurl.c b/packages/OS400/ccsidcurl.c index 48f1f5fbd..596c1f1e1 100644 --- a/packages/OS400/ccsidcurl.c +++ b/packages/OS400/ccsidcurl.c @@ -1282,7 +1282,7 @@ curl_easy_setopt_ccsid(CURL *easy, CURLoption tag, ...) result = curl_easy_setopt(easy, tag, &blob); break; } - /* FALLTHROUGH */ + FALLTHROUGH(); case CURLOPT_ERRORBUFFER: /* This is an output buffer. */ result = Curl_vsetopt(easy, tag, arg); break; diff --git a/packages/OS400/curl.inc.in b/packages/OS400/curl.inc.in index d1254ce49..b3a4e9efd 100644 --- a/packages/OS400/curl.inc.in +++ b/packages/OS400/curl.inc.in @@ -667,6 +667,8 @@ d c 98 d CURLE_UNRECOVERABLE_POLL... d c 99 + d CURLE_TOO_LARGE... + d c 100 * /if not defined(CURL_NO_OLDIES) d CURLE_URL_MALFORMAT_USER... @@ -1655,6 +1657,10 @@ d c 00321 d CURLOPT_QUICK_EXIT... d c 00322 + d CURLOPT_HAPROXY_CLIENT_IP... + d c 10323 + d CURLOPT_SERVER_RESPONSE_TIMEOUT_MS... + d c 00324 * /if not defined(CURL_NO_OLDIES) d CURLOPT_FILE c 10001 @@ -1890,6 +1896,12 @@ d c X'0010003D' d CURLINFO_CAPATH... CURLINFO_STRING + 62 d c X'0010003E' + d CURLINFO_XFER_ID... CURLINFO_OFF_T + 63 + d c X'0060003F' + d CURLINFO_CONN_ID... CURLINFO_OFF_T + 64 + d c X'00600040' + d CURLINFO_QUEUE_TIME_T... CURLINFO_OFF_T + 65 + d c X'00600041' * d CURLINFO_HTTP_CODE... Old ...RESPONSE_CODE d c X'00200002' @@ -2251,6 +2263,8 @@ d c 29 d CURLUE_LACKS_IDN... d c 30 + d CURLUE_TOO_LARGE... + d c 31 * d CURLUPart s 10i 0 based(######ptr######) Enum d CURLUPART_URL c 0 @@ -3062,6 +3076,10 @@ d sockfd value like(curl_socket_t) d sockp * value void * * + d curl_multi_get_handles... + d pr * extproc('curl_multi_get_handles') CURL ** + d multi_handle * value CURLM * + * d curl_url pr * extproc('curl_url') CURLU * * d curl_url_cleanup... diff --git a/packages/vms/config_h.com b/packages/vms/config_h.com index 6e4e03963..6378802ad 100644 --- a/packages/vms/config_h.com +++ b/packages/vms/config_h.com @@ -1386,38 +1386,6 @@ $ write tf "#define ''key2' 1" $ write tf "#endif" $ goto cfgh_in_loop1 $ endif -$! -$! This is really do we have the newer MIT Kerberos -$!---------------------------------------------------------------------- -$ if (key2 .eqs. "HAVE_GSSMIT") -$ then -$ if f$search(test_mit) .nes. "" -$ then -$ write tf "#ifndef ''key2'" -$ write tf "#define ''key2' 1" -$ else -$ write tf "#ifdef ''key2'" -$ write tf "#undef ''key2'" -$ endif -$ write tf "#endif" -$ goto cfgh_in_loop1 -$ endif -$! -$! Older MIT looks like Heimdal -$!------------------------------------------------ -$ if (key2 .eqs. "HAVE_HEIMDAL") -$ then -$ if f$search(test_mit) .eqs. "" -$ then -$ write tf "#ifndef ''key2'" -$ write tf "#define ''key2' 1" -$ else -$ write tf "#ifdef ''key2'" -$ write tf "#undef ''key2'" -$ endif -$ write tf "#endif" -$ goto cfgh_in_loop1 -$ endif $ endif $! $ endif diff --git a/projects/Windows/VC14.20/.gitignore b/projects/Windows/VC14.20/.gitignore new file mode 100644 index 000000000..11504d2c1 --- /dev/null +++ b/projects/Windows/VC14.20/.gitignore @@ -0,0 +1,9 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +/*.opendb +/*.opensdf +/*.sdf +/*.vc.db +/.vs diff --git a/projects/Windows/VC14.20/curl-all.sln b/projects/Windows/VC14.20/curl-all.sln new file mode 100644 index 000000000..992310090 --- /dev/null +++ b/projects/Windows/VC14.20/curl-all.sln @@ -0,0 +1,298 @@ +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 16 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "curl", "src\curl.vcxproj", "{5228E9CE-A216-422F-A5E6-58E95E2DD71D}" + ProjectSection(ProjectDependencies) = postProject + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB} = {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB} + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libcurl", "lib\libcurl.vcxproj", "{DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32 = DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32 + DLL Debug - DLL OpenSSL - DLL LibSSH2|x64 = DLL Debug - DLL OpenSSL - DLL LibSSH2|x64 + DLL Debug - DLL OpenSSL|Win32 = DLL Debug - DLL OpenSSL|Win32 + DLL Debug - DLL OpenSSL|x64 = DLL Debug - DLL OpenSSL|x64 + DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32 = DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32 + DLL Debug - DLL Windows SSPI - DLL WinIDN|x64 = DLL Debug - DLL Windows SSPI - DLL WinIDN|x64 + DLL Debug - DLL Windows SSPI|Win32 = DLL Debug - DLL Windows SSPI|Win32 + DLL Debug - DLL Windows SSPI|x64 = DLL Debug - DLL Windows SSPI|x64 + DLL Debug - DLL wolfSSL|Win32 = DLL Debug - DLL wolfSSL|Win32 + DLL Debug - DLL wolfSSL|x64 = DLL Debug - DLL wolfSSL|x64 + DLL Debug|Win32 = DLL Debug|Win32 + DLL Debug|x64 = DLL Debug|x64 + DLL Release - DLL OpenSSL - DLL LibSSH2|Win32 = DLL Release - DLL OpenSSL - DLL LibSSH2|Win32 + DLL Release - DLL OpenSSL - DLL LibSSH2|x64 = DLL Release - DLL OpenSSL - DLL LibSSH2|x64 + DLL Release - DLL OpenSSL|Win32 = DLL Release - DLL OpenSSL|Win32 + DLL Release - DLL OpenSSL|x64 = DLL Release - DLL OpenSSL|x64 + DLL Release - DLL Windows SSPI - DLL WinIDN|Win32 = DLL Release - DLL Windows SSPI - DLL WinIDN|Win32 + DLL Release - DLL Windows SSPI - DLL WinIDN|x64 = DLL Release - DLL Windows SSPI - DLL WinIDN|x64 + DLL Release - DLL Windows SSPI|Win32 = DLL Release - DLL Windows SSPI|Win32 + DLL Release - DLL Windows SSPI|x64 = DLL Release - DLL Windows SSPI|x64 + DLL Release - DLL wolfSSL|Win32 = DLL Release - DLL wolfSSL|Win32 + DLL Release - DLL wolfSSL|x64 = DLL Release - DLL wolfSSL|x64 + DLL Release|Win32 = DLL Release|Win32 + DLL Release|x64 = DLL Release|x64 + LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32 = LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32 + LIB Debug - DLL OpenSSL - DLL LibSSH2|x64 = LIB Debug - DLL OpenSSL - DLL LibSSH2|x64 + LIB Debug - DLL OpenSSL|Win32 = LIB Debug - DLL OpenSSL|Win32 + LIB Debug - DLL OpenSSL|x64 = LIB Debug - DLL OpenSSL|x64 + LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32 = LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32 + LIB Debug - DLL Windows SSPI - DLL WinIDN|x64 = LIB Debug - DLL Windows SSPI - DLL WinIDN|x64 + LIB Debug - DLL Windows SSPI|Win32 = LIB Debug - DLL Windows SSPI|Win32 + LIB Debug - DLL Windows SSPI|x64 = LIB Debug - DLL Windows SSPI|x64 + LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32 = LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32 + LIB Debug - LIB OpenSSL - LIB LibSSH2|x64 = LIB Debug - LIB OpenSSL - LIB LibSSH2|x64 + LIB Debug - LIB OpenSSL|Win32 = LIB Debug - LIB OpenSSL|Win32 + LIB Debug - LIB OpenSSL|x64 = LIB Debug - LIB OpenSSL|x64 + LIB Debug - LIB wolfSSL|Win32 = LIB Debug - LIB wolfSSL|Win32 + LIB Debug - LIB wolfSSL|x64 = LIB Debug - LIB wolfSSL|x64 + LIB Debug|Win32 = LIB Debug|Win32 + LIB Debug|x64 = LIB Debug|x64 + LIB Release - DLL OpenSSL - DLL LibSSH2|Win32 = LIB Release - DLL OpenSSL - DLL LibSSH2|Win32 + LIB Release - DLL OpenSSL - DLL LibSSH2|x64 = LIB Release - DLL OpenSSL - DLL LibSSH2|x64 + LIB Release - DLL OpenSSL|Win32 = LIB Release - DLL OpenSSL|Win32 + LIB Release - DLL OpenSSL|x64 = LIB Release - DLL OpenSSL|x64 + LIB Release - DLL Windows SSPI - DLL WinIDN|Win32 = LIB Release - DLL Windows SSPI - DLL WinIDN|Win32 + LIB Release - DLL Windows SSPI - DLL WinIDN|x64 = LIB Release - DLL Windows SSPI - DLL WinIDN|x64 + LIB Release - DLL Windows SSPI|Win32 = LIB Release - DLL Windows SSPI|Win32 + LIB Release - DLL Windows SSPI|x64 = LIB Release - DLL Windows SSPI|x64 + LIB Release - LIB OpenSSL - LIB LibSSH2|Win32 = LIB Release - LIB OpenSSL - LIB LibSSH2|Win32 + LIB Release - LIB OpenSSL - LIB LibSSH2|x64 = LIB Release - LIB OpenSSL - LIB LibSSH2|x64 + LIB Release - LIB OpenSSL|Win32 = LIB Release - LIB OpenSSL|Win32 + LIB Release - LIB OpenSSL|x64 = LIB Release - LIB OpenSSL|x64 + LIB Release - LIB wolfSSL|Win32 = LIB Release - LIB wolfSSL|Win32 + LIB Release - LIB wolfSSL|x64 = LIB Release - LIB wolfSSL|x64 + LIB Release|Win32 = LIB Release|Win32 + LIB Release|x64 = LIB Release|x64 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32.ActiveCfg = DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32.Build.0 = DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL OpenSSL - DLL LibSSH2|x64.ActiveCfg = DLL Debug - DLL OpenSSL - DLL LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL OpenSSL - DLL LibSSH2|x64.Build.0 = DLL Debug - DLL OpenSSL - DLL LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL OpenSSL|Win32.ActiveCfg = DLL Debug - DLL OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL OpenSSL|Win32.Build.0 = DLL Debug - DLL OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL OpenSSL|x64.ActiveCfg = DLL Debug - DLL OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL OpenSSL|x64.Build.0 = DLL Debug - DLL OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32.ActiveCfg = DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32.Build.0 = DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL Windows SSPI - DLL WinIDN|x64.ActiveCfg = DLL Debug - DLL Windows SSPI - DLL WinIDN|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL Windows SSPI - DLL WinIDN|x64.Build.0 = DLL Debug - DLL Windows SSPI - DLL WinIDN|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL Windows SSPI|Win32.ActiveCfg = DLL Debug - DLL Windows SSPI|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL Windows SSPI|Win32.Build.0 = DLL Debug - DLL Windows SSPI|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL Windows SSPI|x64.ActiveCfg = DLL Debug - DLL Windows SSPI|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL Windows SSPI|x64.Build.0 = DLL Debug - DLL Windows SSPI|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL wolfSSL|Win32.ActiveCfg = DLL Debug - DLL wolfSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL wolfSSL|Win32.Build.0 = DLL Debug - DLL wolfSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL wolfSSL|x64.ActiveCfg = DLL Debug - DLL wolfSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL wolfSSL|x64.Build.0 = DLL Debug - DLL wolfSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL OpenSSL - DLL LibSSH2|Win32.ActiveCfg = DLL Release - DLL OpenSSL - DLL LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL OpenSSL - DLL LibSSH2|Win32.Build.0 = DLL Release - DLL OpenSSL - DLL LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL OpenSSL - DLL LibSSH2|x64.ActiveCfg = DLL Release - DLL OpenSSL - DLL LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL OpenSSL - DLL LibSSH2|x64.Build.0 = DLL Release - DLL OpenSSL - DLL LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL OpenSSL|Win32.ActiveCfg = DLL Release - DLL OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL OpenSSL|Win32.Build.0 = DLL Release - DLL OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL OpenSSL|x64.ActiveCfg = DLL Release - DLL OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL OpenSSL|x64.Build.0 = DLL Release - DLL OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL Windows SSPI - DLL WinIDN|Win32.ActiveCfg = DLL Release - DLL Windows SSPI - DLL WinIDN|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL Windows SSPI - DLL WinIDN|Win32.Build.0 = DLL Release - DLL Windows SSPI - DLL WinIDN|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL Windows SSPI - DLL WinIDN|x64.ActiveCfg = DLL Release - DLL Windows SSPI - DLL WinIDN|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL Windows SSPI - DLL WinIDN|x64.Build.0 = DLL Release - DLL Windows SSPI - DLL WinIDN|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL Windows SSPI|Win32.ActiveCfg = DLL Release - DLL Windows SSPI|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL Windows SSPI|Win32.Build.0 = DLL Release - DLL Windows SSPI|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL Windows SSPI|x64.ActiveCfg = DLL Release - DLL Windows SSPI|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL Windows SSPI|x64.Build.0 = DLL Release - DLL Windows SSPI|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL wolfSSL|Win32.ActiveCfg = DLL Release - DLL wolfSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL wolfSSL|Win32.Build.0 = DLL Release - DLL wolfSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL wolfSSL|x64.ActiveCfg = DLL Release - DLL wolfSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL wolfSSL|x64.Build.0 = DLL Release - DLL wolfSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release|Win32.Build.0 = DLL Release|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release|x64.ActiveCfg = DLL Release|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release|x64.Build.0 = DLL Release|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32.ActiveCfg = LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32.Build.0 = LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL OpenSSL - DLL LibSSH2|x64.ActiveCfg = LIB Debug - DLL OpenSSL - DLL LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL OpenSSL - DLL LibSSH2|x64.Build.0 = LIB Debug - DLL OpenSSL - DLL LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL OpenSSL|Win32.ActiveCfg = LIB Debug - DLL OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL OpenSSL|Win32.Build.0 = LIB Debug - DLL OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL OpenSSL|x64.ActiveCfg = LIB Debug - DLL OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL OpenSSL|x64.Build.0 = LIB Debug - DLL OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32.ActiveCfg = LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32.Build.0 = LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL Windows SSPI - DLL WinIDN|x64.ActiveCfg = LIB Debug - DLL Windows SSPI - DLL WinIDN|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL Windows SSPI - DLL WinIDN|x64.Build.0 = LIB Debug - DLL Windows SSPI - DLL WinIDN|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL Windows SSPI|Win32.ActiveCfg = LIB Debug - DLL Windows SSPI|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL Windows SSPI|Win32.Build.0 = LIB Debug - DLL Windows SSPI|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL Windows SSPI|x64.ActiveCfg = LIB Debug - DLL Windows SSPI|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL Windows SSPI|x64.Build.0 = LIB Debug - DLL Windows SSPI|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32.ActiveCfg = LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32.Build.0 = LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB OpenSSL - LIB LibSSH2|x64.ActiveCfg = LIB Debug - LIB OpenSSL - LIB LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB OpenSSL - LIB LibSSH2|x64.Build.0 = LIB Debug - LIB OpenSSL - LIB LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB OpenSSL|Win32.ActiveCfg = LIB Debug - LIB OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB OpenSSL|Win32.Build.0 = LIB Debug - LIB OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB OpenSSL|x64.ActiveCfg = LIB Debug - LIB OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB OpenSSL|x64.Build.0 = LIB Debug - LIB OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB wolfSSL|Win32.ActiveCfg = LIB Debug - LIB wolfSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB wolfSSL|Win32.Build.0 = LIB Debug - LIB wolfSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB wolfSSL|x64.ActiveCfg = LIB Debug - LIB wolfSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB wolfSSL|x64.Build.0 = LIB Debug - LIB wolfSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug|Win32.ActiveCfg = LIB Debug|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug|Win32.Build.0 = LIB Debug|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug|x64.ActiveCfg = LIB Debug|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug|x64.Build.0 = LIB Debug|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL OpenSSL - DLL LibSSH2|Win32.ActiveCfg = LIB Release - DLL OpenSSL - DLL LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL OpenSSL - DLL LibSSH2|Win32.Build.0 = LIB Release - DLL OpenSSL - DLL LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL OpenSSL - DLL LibSSH2|x64.ActiveCfg = LIB Release - DLL OpenSSL - DLL LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL OpenSSL - DLL LibSSH2|x64.Build.0 = LIB Release - DLL OpenSSL - DLL LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL OpenSSL|Win32.ActiveCfg = LIB Release - DLL OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL OpenSSL|Win32.Build.0 = LIB Release - DLL OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL OpenSSL|x64.ActiveCfg = LIB Release - DLL OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL OpenSSL|x64.Build.0 = LIB Release - DLL OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL Windows SSPI - DLL WinIDN|Win32.ActiveCfg = LIB Release - DLL Windows SSPI - DLL WinIDN|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL Windows SSPI - DLL WinIDN|Win32.Build.0 = LIB Release - DLL Windows SSPI - DLL WinIDN|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL Windows SSPI - DLL WinIDN|x64.ActiveCfg = LIB Release - DLL Windows SSPI - DLL WinIDN|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL Windows SSPI - DLL WinIDN|x64.Build.0 = LIB Release - DLL Windows SSPI - DLL WinIDN|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL Windows SSPI|Win32.ActiveCfg = LIB Release - DLL Windows SSPI|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL Windows SSPI|Win32.Build.0 = LIB Release - DLL Windows SSPI|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL Windows SSPI|x64.ActiveCfg = LIB Release - DLL Windows SSPI|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL Windows SSPI|x64.Build.0 = LIB Release - DLL Windows SSPI|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB OpenSSL - LIB LibSSH2|Win32.ActiveCfg = LIB Release - LIB OpenSSL - LIB LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB OpenSSL - LIB LibSSH2|Win32.Build.0 = LIB Release - LIB OpenSSL - LIB LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB OpenSSL - LIB LibSSH2|x64.ActiveCfg = LIB Release - LIB OpenSSL - LIB LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB OpenSSL - LIB LibSSH2|x64.Build.0 = LIB Release - LIB OpenSSL - LIB LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB OpenSSL|Win32.ActiveCfg = LIB Release - LIB OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB OpenSSL|Win32.Build.0 = LIB Release - LIB OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB OpenSSL|x64.ActiveCfg = LIB Release - LIB OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB OpenSSL|x64.Build.0 = LIB Release - LIB OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB wolfSSL|Win32.ActiveCfg = LIB Release - LIB wolfSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB wolfSSL|Win32.Build.0 = LIB Release - LIB wolfSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB wolfSSL|x64.ActiveCfg = LIB Release - LIB wolfSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB wolfSSL|x64.Build.0 = LIB Release - LIB wolfSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release|Win32.ActiveCfg = LIB Release|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release|Win32.Build.0 = LIB Release|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release|x64.ActiveCfg = LIB Release|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release|x64.Build.0 = LIB Release|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32.ActiveCfg = DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32.Build.0 = DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL OpenSSL - DLL LibSSH2|x64.ActiveCfg = DLL Debug - DLL OpenSSL - DLL LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL OpenSSL - DLL LibSSH2|x64.Build.0 = DLL Debug - DLL OpenSSL - DLL LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL OpenSSL|Win32.ActiveCfg = DLL Debug - DLL OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL OpenSSL|Win32.Build.0 = DLL Debug - DLL OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL OpenSSL|x64.ActiveCfg = DLL Debug - DLL OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL OpenSSL|x64.Build.0 = DLL Debug - DLL OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32.ActiveCfg = DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32.Build.0 = DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL Windows SSPI - DLL WinIDN|x64.ActiveCfg = DLL Debug - DLL Windows SSPI - DLL WinIDN|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL Windows SSPI - DLL WinIDN|x64.Build.0 = DLL Debug - DLL Windows SSPI - DLL WinIDN|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL Windows SSPI|Win32.ActiveCfg = DLL Debug - DLL Windows SSPI|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL Windows SSPI|Win32.Build.0 = DLL Debug - DLL Windows SSPI|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL Windows SSPI|x64.ActiveCfg = DLL Debug - DLL Windows SSPI|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL Windows SSPI|x64.Build.0 = DLL Debug - DLL Windows SSPI|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL wolfSSL|Win32.ActiveCfg = DLL Debug - DLL wolfSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL wolfSSL|Win32.Build.0 = DLL Debug - DLL wolfSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL wolfSSL|x64.ActiveCfg = DLL Debug - DLL wolfSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL wolfSSL|x64.Build.0 = DLL Debug - DLL wolfSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL OpenSSL - DLL LibSSH2|Win32.ActiveCfg = DLL Release - DLL OpenSSL - DLL LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL OpenSSL - DLL LibSSH2|Win32.Build.0 = DLL Release - DLL OpenSSL - DLL LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL OpenSSL - DLL LibSSH2|x64.ActiveCfg = DLL Release - DLL OpenSSL - DLL LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL OpenSSL - DLL LibSSH2|x64.Build.0 = DLL Release - DLL OpenSSL - DLL LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL OpenSSL|Win32.ActiveCfg = DLL Release - DLL OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL OpenSSL|Win32.Build.0 = DLL Release - DLL OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL OpenSSL|x64.ActiveCfg = DLL Release - DLL OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL OpenSSL|x64.Build.0 = DLL Release - DLL OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL Windows SSPI - DLL WinIDN|Win32.ActiveCfg = DLL Release - DLL Windows SSPI - DLL WinIDN|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL Windows SSPI - DLL WinIDN|Win32.Build.0 = DLL Release - DLL Windows SSPI - DLL WinIDN|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL Windows SSPI - DLL WinIDN|x64.ActiveCfg = DLL Release - DLL Windows SSPI - DLL WinIDN|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL Windows SSPI - DLL WinIDN|x64.Build.0 = DLL Release - DLL Windows SSPI - DLL WinIDN|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL Windows SSPI|Win32.ActiveCfg = DLL Release - DLL Windows SSPI|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL Windows SSPI|Win32.Build.0 = DLL Release - DLL Windows SSPI|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL Windows SSPI|x64.ActiveCfg = DLL Release - DLL Windows SSPI|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL Windows SSPI|x64.Build.0 = DLL Release - DLL Windows SSPI|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL wolfSSL|Win32.ActiveCfg = DLL Release - DLL wolfSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL wolfSSL|Win32.Build.0 = DLL Release - DLL wolfSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL wolfSSL|x64.ActiveCfg = DLL Release - DLL wolfSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL wolfSSL|x64.Build.0 = DLL Release - DLL wolfSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release|Win32.Build.0 = DLL Release|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release|x64.ActiveCfg = DLL Release|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release|x64.Build.0 = DLL Release|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32.ActiveCfg = LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32.Build.0 = LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL OpenSSL - DLL LibSSH2|x64.ActiveCfg = LIB Debug - DLL OpenSSL - DLL LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL OpenSSL - DLL LibSSH2|x64.Build.0 = LIB Debug - DLL OpenSSL - DLL LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL OpenSSL|Win32.ActiveCfg = LIB Debug - DLL OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL OpenSSL|Win32.Build.0 = LIB Debug - DLL OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL OpenSSL|x64.ActiveCfg = LIB Debug - DLL OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL OpenSSL|x64.Build.0 = LIB Debug - DLL OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32.ActiveCfg = LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32.Build.0 = LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL Windows SSPI - DLL WinIDN|x64.ActiveCfg = LIB Debug - DLL Windows SSPI - DLL WinIDN|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL Windows SSPI - DLL WinIDN|x64.Build.0 = LIB Debug - DLL Windows SSPI - DLL WinIDN|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL Windows SSPI|Win32.ActiveCfg = LIB Debug - DLL Windows SSPI|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL Windows SSPI|Win32.Build.0 = LIB Debug - DLL Windows SSPI|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL Windows SSPI|x64.ActiveCfg = LIB Debug - DLL Windows SSPI|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL Windows SSPI|x64.Build.0 = LIB Debug - DLL Windows SSPI|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32.ActiveCfg = LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32.Build.0 = LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB OpenSSL - LIB LibSSH2|x64.ActiveCfg = LIB Debug - LIB OpenSSL - LIB LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB OpenSSL - LIB LibSSH2|x64.Build.0 = LIB Debug - LIB OpenSSL - LIB LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB OpenSSL|Win32.ActiveCfg = LIB Debug - LIB OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB OpenSSL|Win32.Build.0 = LIB Debug - LIB OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB OpenSSL|x64.ActiveCfg = LIB Debug - LIB OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB OpenSSL|x64.Build.0 = LIB Debug - LIB OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB wolfSSL|Win32.ActiveCfg = LIB Debug - LIB wolfSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB wolfSSL|Win32.Build.0 = LIB Debug - LIB wolfSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB wolfSSL|x64.ActiveCfg = LIB Debug - LIB wolfSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB wolfSSL|x64.Build.0 = LIB Debug - LIB wolfSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug|Win32.ActiveCfg = LIB Debug|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug|Win32.Build.0 = LIB Debug|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug|x64.ActiveCfg = LIB Debug|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug|x64.Build.0 = LIB Debug|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL OpenSSL - DLL LibSSH2|Win32.ActiveCfg = LIB Release - DLL OpenSSL - DLL LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL OpenSSL - DLL LibSSH2|Win32.Build.0 = LIB Release - DLL OpenSSL - DLL LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL OpenSSL - DLL LibSSH2|x64.ActiveCfg = LIB Release - DLL OpenSSL - DLL LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL OpenSSL - DLL LibSSH2|x64.Build.0 = LIB Release - DLL OpenSSL - DLL LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL OpenSSL|Win32.ActiveCfg = LIB Release - DLL OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL OpenSSL|Win32.Build.0 = LIB Release - DLL OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL OpenSSL|x64.ActiveCfg = LIB Release - DLL OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL OpenSSL|x64.Build.0 = LIB Release - DLL OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL Windows SSPI - DLL WinIDN|Win32.ActiveCfg = LIB Release - DLL Windows SSPI - DLL WinIDN|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL Windows SSPI - DLL WinIDN|Win32.Build.0 = LIB Release - DLL Windows SSPI - DLL WinIDN|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL Windows SSPI - DLL WinIDN|x64.ActiveCfg = LIB Release - DLL Windows SSPI - DLL WinIDN|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL Windows SSPI - DLL WinIDN|x64.Build.0 = LIB Release - DLL Windows SSPI - DLL WinIDN|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL Windows SSPI|Win32.ActiveCfg = LIB Release - DLL Windows SSPI|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL Windows SSPI|Win32.Build.0 = LIB Release - DLL Windows SSPI|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL Windows SSPI|x64.ActiveCfg = LIB Release - DLL Windows SSPI|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL Windows SSPI|x64.Build.0 = LIB Release - DLL Windows SSPI|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB OpenSSL - LIB LibSSH2|Win32.ActiveCfg = LIB Release - LIB OpenSSL - LIB LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB OpenSSL - LIB LibSSH2|Win32.Build.0 = LIB Release - LIB OpenSSL - LIB LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB OpenSSL - LIB LibSSH2|x64.ActiveCfg = LIB Release - LIB OpenSSL - LIB LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB OpenSSL - LIB LibSSH2|x64.Build.0 = LIB Release - LIB OpenSSL - LIB LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB OpenSSL|Win32.ActiveCfg = LIB Release - LIB OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB OpenSSL|Win32.Build.0 = LIB Release - LIB OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB OpenSSL|x64.ActiveCfg = LIB Release - LIB OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB OpenSSL|x64.Build.0 = LIB Release - LIB OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB wolfSSL|Win32.ActiveCfg = LIB Release - LIB wolfSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB wolfSSL|Win32.Build.0 = LIB Release - LIB wolfSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB wolfSSL|x64.ActiveCfg = LIB Release - LIB wolfSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB wolfSSL|x64.Build.0 = LIB Release - LIB wolfSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release|Win32.ActiveCfg = LIB Release|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release|Win32.Build.0 = LIB Release|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release|x64.ActiveCfg = LIB Release|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release|x64.Build.0 = LIB Release|x64 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/projects/Windows/VC14.20/lib/.gitignore b/projects/Windows/VC14.20/lib/.gitignore new file mode 100644 index 000000000..5baee8342 --- /dev/null +++ b/projects/Windows/VC14.20/lib/.gitignore @@ -0,0 +1,10 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +/*.opensdf +/*.sdf +/*.user +/*.vc.db +/*.vcxproj +/.vs diff --git a/projects/Windows/VC14.20/lib/libcurl.sln b/projects/Windows/VC14.20/lib/libcurl.sln new file mode 100644 index 000000000..e34b5eb5d --- /dev/null +++ b/projects/Windows/VC14.20/lib/libcurl.sln @@ -0,0 +1,181 @@ +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 17 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libcurl", "libcurl.vcxproj", "{DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32 = DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32 + DLL Debug - DLL OpenSSL - DLL LibSSH2|x64 = DLL Debug - DLL OpenSSL - DLL LibSSH2|x64 + DLL Debug - DLL OpenSSL|Win32 = DLL Debug - DLL OpenSSL|Win32 + DLL Debug - DLL OpenSSL|x64 = DLL Debug - DLL OpenSSL|x64 + DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32 = DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32 + DLL Debug - DLL Windows SSPI - DLL WinIDN|x64 = DLL Debug - DLL Windows SSPI - DLL WinIDN|x64 + DLL Debug - DLL Windows SSPI|Win32 = DLL Debug - DLL Windows SSPI|Win32 + DLL Debug - DLL Windows SSPI|x64 = DLL Debug - DLL Windows SSPI|x64 + DLL Debug - DLL wolfSSL|Win32 = DLL Debug - DLL wolfSSL|Win32 + DLL Debug - DLL wolfSSL|x64 = DLL Debug - DLL wolfSSL|x64 + DLL Debug|Win32 = DLL Debug|Win32 + DLL Debug|x64 = DLL Debug|x64 + DLL Release - DLL OpenSSL - DLL LibSSH2|Win32 = DLL Release - DLL OpenSSL - DLL LibSSH2|Win32 + DLL Release - DLL OpenSSL - DLL LibSSH2|x64 = DLL Release - DLL OpenSSL - DLL LibSSH2|x64 + DLL Release - DLL OpenSSL|Win32 = DLL Release - DLL OpenSSL|Win32 + DLL Release - DLL OpenSSL|x64 = DLL Release - DLL OpenSSL|x64 + DLL Release - DLL Windows SSPI - DLL WinIDN|Win32 = DLL Release - DLL Windows SSPI - DLL WinIDN|Win32 + DLL Release - DLL Windows SSPI - DLL WinIDN|x64 = DLL Release - DLL Windows SSPI - DLL WinIDN|x64 + DLL Release - DLL Windows SSPI|Win32 = DLL Release - DLL Windows SSPI|Win32 + DLL Release - DLL Windows SSPI|x64 = DLL Release - DLL Windows SSPI|x64 + DLL Release - DLL wolfSSL|Win32 = DLL Release - DLL wolfSSL|Win32 + DLL Release - DLL wolfSSL|x64 = DLL Release - DLL wolfSSL|x64 + DLL Release|Win32 = DLL Release|Win32 + DLL Release|x64 = DLL Release|x64 + LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32 = LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32 + LIB Debug - DLL OpenSSL - DLL LibSSH2|x64 = LIB Debug - DLL OpenSSL - DLL LibSSH2|x64 + LIB Debug - DLL OpenSSL|Win32 = LIB Debug - DLL OpenSSL|Win32 + LIB Debug - DLL OpenSSL|x64 = LIB Debug - DLL OpenSSL|x64 + LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32 = LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32 + LIB Debug - DLL Windows SSPI - DLL WinIDN|x64 = LIB Debug - DLL Windows SSPI - DLL WinIDN|x64 + LIB Debug - DLL Windows SSPI|Win32 = LIB Debug - DLL Windows SSPI|Win32 + LIB Debug - DLL Windows SSPI|x64 = LIB Debug - DLL Windows SSPI|x64 + LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32 = LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32 + LIB Debug - LIB OpenSSL - LIB LibSSH2|x64 = LIB Debug - LIB OpenSSL - LIB LibSSH2|x64 + LIB Debug - LIB OpenSSL|Win32 = LIB Debug - LIB OpenSSL|Win32 + LIB Debug - LIB OpenSSL|x64 = LIB Debug - LIB OpenSSL|x64 + LIB Debug - LIB wolfSSL|Win32 = LIB Debug - LIB wolfSSL|Win32 + LIB Debug - LIB wolfSSL|x64 = LIB Debug - LIB wolfSSL|x64 + LIB Debug|Win32 = LIB Debug|Win32 + LIB Debug|x64 = LIB Debug|x64 + LIB Release - DLL OpenSSL - DLL LibSSH2|Win32 = LIB Release - DLL OpenSSL - DLL LibSSH2|Win32 + LIB Release - DLL OpenSSL - DLL LibSSH2|x64 = LIB Release - DLL OpenSSL - DLL LibSSH2|x64 + LIB Release - DLL OpenSSL|Win32 = LIB Release - DLL OpenSSL|Win32 + LIB Release - DLL OpenSSL|x64 = LIB Release - DLL OpenSSL|x64 + LIB Release - DLL Windows SSPI - DLL WinIDN|Win32 = LIB Release - DLL Windows SSPI - DLL WinIDN|Win32 + LIB Release - DLL Windows SSPI - DLL WinIDN|x64 = LIB Release - DLL Windows SSPI - DLL WinIDN|x64 + LIB Release - DLL Windows SSPI|Win32 = LIB Release - DLL Windows SSPI|Win32 + LIB Release - DLL Windows SSPI|x64 = LIB Release - DLL Windows SSPI|x64 + LIB Release - LIB OpenSSL - LIB LibSSH2|Win32 = LIB Release - LIB OpenSSL - LIB LibSSH2|Win32 + LIB Release - LIB OpenSSL - LIB LibSSH2|x64 = LIB Release - LIB OpenSSL - LIB LibSSH2|x64 + LIB Release - LIB OpenSSL|Win32 = LIB Release - LIB OpenSSL|Win32 + LIB Release - LIB OpenSSL|x64 = LIB Release - LIB OpenSSL|x64 + LIB Release - LIB wolfSSL|Win32 = LIB Release - LIB wolfSSL|Win32 + LIB Release - LIB wolfSSL|x64 = LIB Release - LIB wolfSSL|x64 + LIB Release|Win32 = LIB Release|Win32 + LIB Release|x64 = LIB Release|x64 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32.ActiveCfg = DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32.Build.0 = DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL OpenSSL - DLL LibSSH2|x64.ActiveCfg = DLL Debug - DLL OpenSSL - DLL LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL OpenSSL - DLL LibSSH2|x64.Build.0 = DLL Debug - DLL OpenSSL - DLL LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL OpenSSL|Win32.ActiveCfg = DLL Debug - DLL OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL OpenSSL|Win32.Build.0 = DLL Debug - DLL OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL OpenSSL|x64.ActiveCfg = DLL Debug - DLL OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL OpenSSL|x64.Build.0 = DLL Debug - DLL OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32.ActiveCfg = DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32.Build.0 = DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL Windows SSPI - DLL WinIDN|x64.ActiveCfg = DLL Debug - DLL Windows SSPI - DLL WinIDN|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL Windows SSPI - DLL WinIDN|x64.Build.0 = DLL Debug - DLL Windows SSPI - DLL WinIDN|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL Windows SSPI|Win32.ActiveCfg = DLL Debug - DLL Windows SSPI|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL Windows SSPI|Win32.Build.0 = DLL Debug - DLL Windows SSPI|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL Windows SSPI|x64.ActiveCfg = DLL Debug - DLL Windows SSPI|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL Windows SSPI|x64.Build.0 = DLL Debug - DLL Windows SSPI|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL wolfSSL|Win32.ActiveCfg = DLL Debug - DLL wolfSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL wolfSSL|Win32.Build.0 = DLL Debug - DLL wolfSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL wolfSSL|x64.ActiveCfg = DLL Debug - DLL wolfSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug - DLL wolfSSL|x64.Build.0 = DLL Debug - DLL wolfSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL OpenSSL - DLL LibSSH2|Win32.ActiveCfg = DLL Release - DLL OpenSSL - DLL LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL OpenSSL - DLL LibSSH2|Win32.Build.0 = DLL Release - DLL OpenSSL - DLL LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL OpenSSL - DLL LibSSH2|x64.ActiveCfg = DLL Release - DLL OpenSSL - DLL LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL OpenSSL - DLL LibSSH2|x64.Build.0 = DLL Release - DLL OpenSSL - DLL LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL OpenSSL|Win32.ActiveCfg = DLL Release - DLL OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL OpenSSL|Win32.Build.0 = DLL Release - DLL OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL OpenSSL|x64.ActiveCfg = DLL Release - DLL OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL OpenSSL|x64.Build.0 = DLL Release - DLL OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL Windows SSPI - DLL WinIDN|Win32.ActiveCfg = DLL Release - DLL Windows SSPI - DLL WinIDN|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL Windows SSPI - DLL WinIDN|Win32.Build.0 = DLL Release - DLL Windows SSPI - DLL WinIDN|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL Windows SSPI - DLL WinIDN|x64.ActiveCfg = DLL Release - DLL Windows SSPI - DLL WinIDN|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL Windows SSPI - DLL WinIDN|x64.Build.0 = DLL Release - DLL Windows SSPI - DLL WinIDN|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL Windows SSPI|Win32.ActiveCfg = DLL Release - DLL Windows SSPI|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL Windows SSPI|Win32.Build.0 = DLL Release - DLL Windows SSPI|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL Windows SSPI|x64.ActiveCfg = DLL Release - DLL Windows SSPI|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL Windows SSPI|x64.Build.0 = DLL Release - DLL Windows SSPI|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL wolfSSL|Win32.ActiveCfg = DLL Release - DLL wolfSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL wolfSSL|Win32.Build.0 = DLL Release - DLL wolfSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL wolfSSL|x64.ActiveCfg = DLL Release - DLL wolfSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release - DLL wolfSSL|x64.Build.0 = DLL Release - DLL wolfSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release|Win32.Build.0 = DLL Release|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release|x64.ActiveCfg = DLL Release|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.DLL Release|x64.Build.0 = DLL Release|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32.ActiveCfg = LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32.Build.0 = LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL OpenSSL - DLL LibSSH2|x64.ActiveCfg = LIB Debug - DLL OpenSSL - DLL LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL OpenSSL - DLL LibSSH2|x64.Build.0 = LIB Debug - DLL OpenSSL - DLL LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL OpenSSL|Win32.ActiveCfg = LIB Debug - DLL OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL OpenSSL|Win32.Build.0 = LIB Debug - DLL OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL OpenSSL|x64.ActiveCfg = LIB Debug - DLL OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL OpenSSL|x64.Build.0 = LIB Debug - DLL OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32.ActiveCfg = LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32.Build.0 = LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL Windows SSPI - DLL WinIDN|x64.ActiveCfg = LIB Debug - DLL Windows SSPI - DLL WinIDN|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL Windows SSPI - DLL WinIDN|x64.Build.0 = LIB Debug - DLL Windows SSPI - DLL WinIDN|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL Windows SSPI|Win32.ActiveCfg = LIB Debug - DLL Windows SSPI|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL Windows SSPI|Win32.Build.0 = LIB Debug - DLL Windows SSPI|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL Windows SSPI|x64.ActiveCfg = LIB Debug - DLL Windows SSPI|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - DLL Windows SSPI|x64.Build.0 = LIB Debug - DLL Windows SSPI|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32.ActiveCfg = LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32.Build.0 = LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB OpenSSL - LIB LibSSH2|x64.ActiveCfg = LIB Debug - LIB OpenSSL - LIB LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB OpenSSL - LIB LibSSH2|x64.Build.0 = LIB Debug - LIB OpenSSL - LIB LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB OpenSSL|Win32.ActiveCfg = LIB Debug - LIB OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB OpenSSL|Win32.Build.0 = LIB Debug - LIB OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB OpenSSL|x64.ActiveCfg = LIB Debug - LIB OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB OpenSSL|x64.Build.0 = LIB Debug - LIB OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB wolfSSL|Win32.ActiveCfg = LIB Debug - LIB wolfSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB wolfSSL|Win32.Build.0 = LIB Debug - LIB wolfSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB wolfSSL|x64.ActiveCfg = LIB Debug - LIB wolfSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug - LIB wolfSSL|x64.Build.0 = LIB Debug - LIB wolfSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug|Win32.ActiveCfg = LIB Debug|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug|Win32.Build.0 = LIB Debug|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug|x64.ActiveCfg = LIB Debug|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Debug|x64.Build.0 = LIB Debug|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL OpenSSL - DLL LibSSH2|Win32.ActiveCfg = LIB Release - DLL OpenSSL - DLL LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL OpenSSL - DLL LibSSH2|Win32.Build.0 = LIB Release - DLL OpenSSL - DLL LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL OpenSSL - DLL LibSSH2|x64.ActiveCfg = LIB Release - DLL OpenSSL - DLL LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL OpenSSL - DLL LibSSH2|x64.Build.0 = LIB Release - DLL OpenSSL - DLL LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL OpenSSL|Win32.ActiveCfg = LIB Release - DLL OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL OpenSSL|Win32.Build.0 = LIB Release - DLL OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL OpenSSL|x64.ActiveCfg = LIB Release - DLL OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL OpenSSL|x64.Build.0 = LIB Release - DLL OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL Windows SSPI - DLL WinIDN|Win32.ActiveCfg = LIB Release - DLL Windows SSPI - DLL WinIDN|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL Windows SSPI - DLL WinIDN|Win32.Build.0 = LIB Release - DLL Windows SSPI - DLL WinIDN|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL Windows SSPI - DLL WinIDN|x64.ActiveCfg = LIB Release - DLL Windows SSPI - DLL WinIDN|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL Windows SSPI - DLL WinIDN|x64.Build.0 = LIB Release - DLL Windows SSPI - DLL WinIDN|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL Windows SSPI|Win32.ActiveCfg = LIB Release - DLL Windows SSPI|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL Windows SSPI|Win32.Build.0 = LIB Release - DLL Windows SSPI|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL Windows SSPI|x64.ActiveCfg = LIB Release - DLL Windows SSPI|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - DLL Windows SSPI|x64.Build.0 = LIB Release - DLL Windows SSPI|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB OpenSSL - LIB LibSSH2|Win32.ActiveCfg = LIB Release - LIB OpenSSL - LIB LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB OpenSSL - LIB LibSSH2|Win32.Build.0 = LIB Release - LIB OpenSSL - LIB LibSSH2|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB OpenSSL - LIB LibSSH2|x64.ActiveCfg = LIB Release - LIB OpenSSL - LIB LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB OpenSSL - LIB LibSSH2|x64.Build.0 = LIB Release - LIB OpenSSL - LIB LibSSH2|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB OpenSSL|Win32.ActiveCfg = LIB Release - LIB OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB OpenSSL|Win32.Build.0 = LIB Release - LIB OpenSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB OpenSSL|x64.ActiveCfg = LIB Release - LIB OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB OpenSSL|x64.Build.0 = LIB Release - LIB OpenSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB wolfSSL|Win32.ActiveCfg = LIB Release - LIB wolfSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB wolfSSL|Win32.Build.0 = LIB Release - LIB wolfSSL|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB wolfSSL|x64.ActiveCfg = LIB Release - LIB wolfSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release - LIB wolfSSL|x64.Build.0 = LIB Release - LIB wolfSSL|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release|Win32.ActiveCfg = LIB Release|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release|Win32.Build.0 = LIB Release|Win32 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release|x64.ActiveCfg = LIB Release|x64 + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB}.LIB Release|x64.Build.0 = LIB Release|x64 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/projects/Windows/VC14.20/lib/libcurl.tmpl b/projects/Windows/VC14.20/lib/libcurl.tmpl new file mode 100644 index 000000000..ff88b4220 --- /dev/null +++ b/projects/Windows/VC14.20/lib/libcurl.tmpl @@ -0,0 +1,2381 @@ + + + + + DLL Debug - DLL wolfSSL + Win32 + + + DLL Debug - DLL wolfSSL + x64 + + + DLL Debug - DLL OpenSSL - DLL LibSSH2 + Win32 + + + DLL Debug - DLL OpenSSL - DLL LibSSH2 + x64 + + + DLL Debug - DLL OpenSSL + Win32 + + + DLL Debug - DLL OpenSSL + x64 + + + DLL Debug - DLL Windows SSPI - DLL WinIDN + Win32 + + + DLL Debug - DLL Windows SSPI - DLL WinIDN + x64 + + + DLL Debug - DLL Windows SSPI + Win32 + + + DLL Debug - DLL Windows SSPI + x64 + + + DLL Debug + Win32 + + + DLL Debug + x64 + + + DLL Release - DLL wolfSSL + Win32 + + + DLL Release - DLL wolfSSL + x64 + + + DLL Release - DLL OpenSSL - DLL LibSSH2 + Win32 + + + DLL Release - DLL OpenSSL - DLL LibSSH2 + x64 + + + DLL Release - DLL OpenSSL + Win32 + + + DLL Release - DLL OpenSSL + x64 + + + DLL Release - DLL Windows SSPI - DLL WinIDN + Win32 + + + DLL Release - DLL Windows SSPI - DLL WinIDN + x64 + + + DLL Release - DLL Windows SSPI + Win32 + + + DLL Release - DLL Windows SSPI + x64 + + + DLL Release + Win32 + + + DLL Release + x64 + + + LIB Debug - DLL OpenSSL - DLL LibSSH2 + Win32 + + + LIB Debug - DLL OpenSSL - DLL LibSSH2 + x64 + + + LIB Debug - DLL OpenSSL + Win32 + + + LIB Debug - DLL OpenSSL + x64 + + + LIB Debug - DLL Windows SSPI - DLL WinIDN + Win32 + + + LIB Debug - DLL Windows SSPI - DLL WinIDN + x64 + + + LIB Debug - DLL Windows SSPI + Win32 + + + LIB Debug - DLL Windows SSPI + x64 + + + LIB Debug - LIB wolfSSL + Win32 + + + LIB Debug - LIB wolfSSL + x64 + + + LIB Debug - LIB OpenSSL - LIB LibSSH2 + Win32 + + + LIB Debug - LIB OpenSSL - LIB LibSSH2 + x64 + + + LIB Debug - LIB OpenSSL + Win32 + + + LIB Debug - LIB OpenSSL + x64 + + + LIB Debug + Win32 + + + LIB Debug + x64 + + + LIB Release - DLL OpenSSL - DLL LibSSH2 + Win32 + + + LIB Release - DLL OpenSSL - DLL LibSSH2 + x64 + + + LIB Release - DLL OpenSSL + Win32 + + + LIB Release - DLL OpenSSL + x64 + + + LIB Release - DLL Windows SSPI - DLL WinIDN + Win32 + + + LIB Release - DLL Windows SSPI - DLL WinIDN + x64 + + + LIB Release - DLL Windows SSPI + Win32 + + + LIB Release - DLL Windows SSPI + x64 + + + LIB Release - LIB wolfSSL + Win32 + + + LIB Release - LIB wolfSSL + x64 + + + LIB Release - LIB OpenSSL - LIB LibSSH2 + Win32 + + + LIB Release - LIB OpenSSL - LIB LibSSH2 + x64 + + + LIB Release - LIB OpenSSL + Win32 + + + LIB Release - LIB OpenSSL + x64 + + + LIB Release + Win32 + + + LIB Release + x64 + + + + {DA6F56B4-06A4-441D-AD70-AC5A7D51FADB} + libcurl + + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + StaticLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + DynamicLibrary + false + Unicode + v142 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.30319.1 + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(OutDir)lib\ + false + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(OutDir)lib\ + false + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(OutDir)lib\ + false + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(OutDir)lib\ + false + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(OutDir)lib\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(OutDir)lib\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(OutDir)lib\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(OutDir)lib\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(OutDir)lib\ + false + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(OutDir)lib\ + false + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(OutDir)lib\ + false + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(OutDir)lib\ + false + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(OutDir)lib\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(OutDir)lib\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(OutDir)lib\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(OutDir)lib\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)lib\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)lib\ + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + + + + _DEBUG;%(PreprocessorDefinitions) + true + Win32 + $(OutDir)$(ProjectName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + ws2_32.lib;wldap32.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + %(AdditionalLibraryDirectories) + $(IntDir)$(TargetFileName).intermediate.manifest + true + $(TargetDir)$(TargetName).pdb + $(TargetDir)$(TargetName).lib + MachineX86 + + + + + _DEBUG;%(PreprocessorDefinitions) + true + Win32 + $(OutDir)$(ProjectName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\wolfssl;..\..\..\..\..\wolfssl\wolfssl;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;USE_WOLFSSL;USE_IPV6;WOLFSSL_DLL;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + 4214 + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + ws2_32.lib;wldap32.lib;wolfssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\..\wolfssl\build\Win32\VC14.20\DLL Debug;%(AdditionalLibraryDirectories) + $(IntDir)$(TargetFileName).intermediate.manifest + true + $(TargetDir)$(TargetName).pdb + $(TargetDir)$(TargetName).lib + MachineX86 + + + + + _DEBUG;%(PreprocessorDefinitions) + true + X64 + $(OutDir)$(ProjectName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + ws2_32.lib;wldap32.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + %(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + $(TargetDir)$(TargetName).lib + MachineX64 + + + + + _DEBUG;%(PreprocessorDefinitions) + true + X64 + $(OutDir)$(ProjectName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\wolfssl;..\..\..\..\..\wolfssl\wolfssl;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;USE_WOLFSSL;USE_IPV6;WOLFSSL_DLL;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + 4214 + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + ws2_32.lib;wldap32.lib;wolfssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\..\wolfssl\build\Win64\VC14.20\DLL Debug;%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + $(TargetDir)$(TargetName).lib + MachineX64 + + + + + NDEBUG;%(PreprocessorDefinitions) + true + Win32 + $(OutDir)$(ProjectName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + ws2_32.lib;wldap32.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + %(AdditionalLibraryDirectories) + $(IntDir)$(TargetFileName).intermediate.manifest + $(TargetDir)$(TargetName).lib + MachineX86 + + + + + NDEBUG;%(PreprocessorDefinitions) + true + Win32 + $(OutDir)$(ProjectName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\wolfssl;..\..\..\..\..\wolfssl\wolfssl;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;USE_WOLFSSL;USE_IPV6;WOLFSSL_DLL;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + 4214 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + ws2_32.lib;wldap32.lib;wolfssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\..\wolfssl\build\Win32\VC14.20\DLL Release;%(AdditionalLibraryDirectories) + $(IntDir)$(TargetFileName).intermediate.manifest + $(TargetDir)$(TargetName).lib + MachineX86 + true + $(TargetDir)$(TargetName).pdb + + + + + NDEBUG;%(PreprocessorDefinitions) + true + X64 + $(OutDir)$(ProjectName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + ws2_32.lib;wldap32.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + %(AdditionalLibraryDirectories) + $(TargetDir)$(TargetName).lib + MachineX64 + + + + + NDEBUG;%(PreprocessorDefinitions) + true + X64 + $(OutDir)$(ProjectName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\wolfssl;..\..\..\..\..\wolfssl\wolfssl;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;USE_WOLFSSL;USE_IPV6;WOLFSSL_DLL;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + 4214 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + ws2_32.lib;wldap32.lib;wolfssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\..\wolfssl\build\Win64\VC14.20\DLL Release;%(AdditionalLibraryDirectories) + $(TargetDir)$(TargetName).lib + MachineX64 + true + $(TargetDir)$(TargetName).pdb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;CURL_STATICLIB;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX86 + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\wolfssl;..\..\..\..\..\wolfssl\wolfssl;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;CURL_STATICLIB;USE_WOLFSSL;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + 4214 + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX86 + + + + + X64 + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;CURL_STATICLIB;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX64 + + + + + X64 + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\wolfssl;..\..\..\..\..\wolfssl\wolfssl;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;CURL_STATICLIB;USE_WOLFSSL;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + 4214 + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX64 + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;CURL_STATICLIB;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX86 + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\wolfssl;..\..\..\..\..\wolfssl\wolfssl;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;CURL_STATICLIB;USE_WOLFSSL;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + 4214 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX86 + + + + + X64 + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;CURL_STATICLIB;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX64 + + + + + X64 + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\wolfssl;..\..\..\..\..\wolfssl\wolfssl;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;CURL_STATICLIB;USE_WOLFSSL;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + 4214 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX64 + + + + + _DEBUG;%(PreprocessorDefinitions) + true + Win32 + $(OutDir)$(ProjectName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win32\VC14.20\DLL Debug\include;..\..\..\..\..\openssl\include;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;USE_OPENSSL;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcrypto.lib;libssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\..\openssl\build\Win32\VC14.20\DLL Debug;%(AdditionalLibraryDirectories) + $(IntDir)$(TargetFileName).intermediate.manifest + true + $(TargetDir)$(TargetName).pdb + $(TargetDir)$(TargetName).lib + MachineX86 + + + + + _DEBUG;%(PreprocessorDefinitions) + true + X64 + $(OutDir)$(ProjectName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win64\VC14.20\DLL Debug\include;..\..\..\..\..\openssl\include;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;USE_OPENSSL;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcrypto.lib;libssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\..\openssl\build\Win64\VC14.20\DLL Debug;%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + $(TargetDir)$(TargetName).lib + MachineX64 + + + + + NDEBUG;%(PreprocessorDefinitions) + true + Win32 + $(OutDir)$(ProjectName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win32\VC14.20\DLL Release\include;..\..\..\..\..\openssl\include;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;USE_OPENSSL;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcrypto.lib;libssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\..\openssl\build\Win32\VC14.20\DLL Release;%(AdditionalLibraryDirectories) + $(IntDir)$(TargetFileName).intermediate.manifest + $(TargetDir)$(TargetName).lib + MachineX86 + + + + + NDEBUG;%(PreprocessorDefinitions) + true + X64 + $(OutDir)$(ProjectName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win64\VC14.20\DLL Release\include;..\..\..\..\..\openssl\include;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;USE_OPENSSL;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcrypto.lib;libssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\..\openssl\build\Win64\VC14.20\DLL Release;%(AdditionalLibraryDirectories) + $(TargetDir)$(TargetName).lib + MachineX64 + + + + + _DEBUG;%(PreprocessorDefinitions) + true + Win32 + $(OutDir)$(ProjectName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;USE_WINDOWS_SSPI;USE_SCHANNEL;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + ws2_32.lib;wldap32.lib;crypt32.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + %(AdditionalLibraryDirectories) + $(IntDir)$(TargetFileName).intermediate.manifest + true + $(TargetDir)$(TargetName).pdb + $(TargetDir)$(TargetName).lib + MachineX86 + + + + + _DEBUG;%(PreprocessorDefinitions) + true + Win32 + $(OutDir)$(ProjectName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;USE_WINDOWS_SSPI;USE_SCHANNEL;USE_WIN32_IDN;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + ws2_32.lib;wldap32.lib;crypt32.lib;normaliz.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + %(AdditionalLibraryDirectories) + $(IntDir)$(TargetFileName).intermediate.manifest + true + $(TargetDir)$(TargetName).pdb + $(TargetDir)$(TargetName).lib + MachineX86 + + + + + _DEBUG;%(PreprocessorDefinitions) + true + X64 + $(OutDir)$(ProjectName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;USE_WINDOWS_SSPI;USE_SCHANNEL;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + ws2_32.lib;wldap32.lib;crypt32.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + %(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + $(TargetDir)$(TargetName).lib + MachineX64 + + + + + _DEBUG;%(PreprocessorDefinitions) + true + X64 + $(OutDir)$(ProjectName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;USE_WINDOWS_SSPI;USE_SCHANNEL;USE_WIN32_IDN;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + ws2_32.lib;wldap32.lib;crypt32.lib;normaliz.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + %(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + $(TargetDir)$(TargetName).lib + MachineX64 + + + + + NDEBUG;%(PreprocessorDefinitions) + true + Win32 + $(OutDir)$(ProjectName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;USE_WINDOWS_SSPI;USE_SCHANNEL;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + ws2_32.lib;wldap32.lib;crypt32.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + %(AdditionalLibraryDirectories) + $(IntDir)$(TargetFileName).intermediate.manifest + $(TargetDir)$(TargetName).lib + MachineX86 + + + + + NDEBUG;%(PreprocessorDefinitions) + true + Win32 + $(OutDir)$(ProjectName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;USE_WINDOWS_SSPI;USE_SCHANNEL;USE_WIN32_IDN;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + ws2_32.lib;wldap32.lib;crypt32.lib;normaliz.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + %(AdditionalLibraryDirectories) + $(IntDir)$(TargetFileName).intermediate.manifest + $(TargetDir)$(TargetName).lib + MachineX86 + + + + + NDEBUG;%(PreprocessorDefinitions) + true + X64 + $(OutDir)$(ProjectName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;USE_WINDOWS_SSPI;USE_SCHANNEL;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + ws2_32.lib;wldap32.lib;crypt32.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + %(AdditionalLibraryDirectories) + $(TargetDir)$(TargetName).lib + MachineX64 + + + + + NDEBUG;%(PreprocessorDefinitions) + true + X64 + $(OutDir)$(ProjectName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;USE_WINDOWS_SSPI;USE_SCHANNEL;USE_WIN32_IDN;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + ws2_32.lib;wldap32.lib;crypt32.lib;normaliz.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + %(AdditionalLibraryDirectories) + $(TargetDir)$(TargetName).lib + MachineX64 + + + + + _DEBUG;%(PreprocessorDefinitions) + true + Win32 + $(OutDir)$(ProjectName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win32\VC14.20\DLL Debug\include;..\..\..\..\..\openssl\include;..\..\..\..\..\libssh2\include;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;USE_OPENSSL;USE_LIBSSH2;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcrypto.lib;libssl.lib;libssh2d.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\..\openssl\build\Win32\VC14.20\DLL Debug;..\..\..\..\..\libssh2\build\Win32\VC14.20\DLL Debug;%(AdditionalLibraryDirectories) + $(IntDir)$(TargetFileName).intermediate.manifest + true + $(TargetDir)$(TargetName).pdb + $(TargetDir)$(TargetName).lib + MachineX86 + + + + + _DEBUG;%(PreprocessorDefinitions) + true + X64 + $(OutDir)$(ProjectName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win64\VC14.20\DLL Debug\include;..\..\..\..\..\openssl\include;..\..\..\..\..\libssh2\include;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;USE_OPENSSL;USE_LIBSSH2;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcrypto.lib;libssl.lib;libssh2d.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\..\openssl\build\Win64\VC14.20\DLL Debug;..\..\..\..\..\libssh2\build\Win64\VC14.20\DLL Debug;%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + $(TargetDir)$(TargetName).lib + MachineX64 + + + + + NDEBUG;%(PreprocessorDefinitions) + true + Win32 + $(OutDir)$(ProjectName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win32\VC14.20\DLL Release\include;..\..\..\..\..\openssl\include;..\..\..\..\..\libssh2\include;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;USE_OPENSSL;USE_LIBSSH2;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcrypto.lib;libssl.lib;libssh2.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\..\openssl\build\Win32\VC14.20\DLL Release;..\..\..\..\..\libssh2\build\Win32\VC14.20\DLL Release;%(AdditionalLibraryDirectories) + $(IntDir)$(TargetFileName).intermediate.manifest + $(TargetDir)$(TargetName).lib + MachineX86 + + + + + NDEBUG;%(PreprocessorDefinitions) + true + X64 + $(OutDir)$(ProjectName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win64\VC14.20\DLL Release\include;..\..\..\..\..\openssl\include;..\..\..\..\..\libssh2\include;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;USE_OPENSSL;USE_LIBSSH2;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcrypto.lib;libssl.lib;libssh2.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\..\openssl\build\Win64\VC14.20\DLL Release;..\..\..\..\..\libssh2\build\Win64\VC14.20\DLL Release;%(AdditionalLibraryDirectories) + $(TargetDir)$(TargetName).lib + MachineX64 + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win32\VC14.20\DLL Debug\include;..\..\..\..\..\openssl\include;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;CURL_STATICLIB;USE_OPENSSL;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX86 + + + + + X64 + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win64\VC14.20\DLL Debug\include;..\..\..\..\..\openssl\include;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;CURL_STATICLIB;USE_OPENSSL;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX64 + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win32\VC14.20\DLL Debug\include;..\..\..\..\..\openssl\include;..\..\..\..\..\libssh2\include;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;CURL_STATICLIB;USE_OPENSSL;USE_LIBSSH2;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX86 + + + + + X64 + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win64\VC14.20\DLL Debug\include;..\..\..\..\..\openssl\include;..\..\..\..\..\libssh2\include;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;CURL_STATICLIB;USE_OPENSSL;USE_LIBSSH2;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX64 + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;CURL_STATICLIB;USE_WINDOWS_SSPI;USE_SCHANNEL;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX86 + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;CURL_STATICLIB;USE_WINDOWS_SSPI;USE_SCHANNEL;USE_WIN32_IDN;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX86 + + + + + X64 + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;CURL_STATICLIB;USE_WINDOWS_SSPI;USE_SCHANNEL;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX64 + + + + + X64 + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;CURL_STATICLIB;USE_WINDOWS_SSPI;USE_SCHANNEL;USE_WIN32_IDN;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX64 + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win32\VC14.20\LIB Debug\include;..\..\..\..\..\openssl\include;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;CURL_STATICLIB;USE_OPENSSL;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX86 + + + + + X64 + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win64\VC14.20\LIB Debug\include;..\..\..\..\..\openssl\include;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;CURL_STATICLIB;USE_OPENSSL;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX64 + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win32\VC14.20\LIB Debug\include;..\..\..\..\..\openssl\include;..\..\..\..\..\libssh2\include;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;CURL_STATICLIB;USE_OPENSSL;USE_LIBSSH2;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX86 + + + + + X64 + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win64\VC14.20\LIB Debug\include;..\..\..\..\..\openssl\include;..\..\..\..\..\libssh2\include;%(AdditionalIncludeDirectories) + _DEBUG;BUILDING_LIBCURL;DEBUGBUILD;CURL_STATICLIB;USE_OPENSSL;USE_LIBSSH2;USE_IPV6;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX64 + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win32\VC14.20\DLL Release\include;..\..\..\..\..\openssl\include;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;CURL_STATICLIB;USE_OPENSSL;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX86 + + + + + X64 + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win64\VC14.20\DLL Release\include;..\..\..\..\..\openssl\include;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;CURL_STATICLIB;USE_OPENSSL;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX64 + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win32\VC14.20\DLL Release\include;..\..\..\..\..\openssl\include;..\..\..\..\..\libssh2\include;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;CURL_STATICLIB;USE_OPENSSL;USE_LIBSSH2;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX86 + + + + + X64 + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win64\VC14.20\DLL Release\include;..\..\..\..\..\openssl\include;..\..\..\..\..\libssh2\include;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;CURL_STATICLIB;USE_OPENSSL;USE_LIBSSH2;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX64 + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;CURL_STATICLIB;USE_WINDOWS_SSPI;USE_SCHANNEL;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX86 + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;CURL_STATICLIB;USE_WINDOWS_SSPI;USE_SCHANNEL;USE_WIN32_IDN;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX86 + + + + + X64 + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;CURL_STATICLIB;USE_WINDOWS_SSPI;USE_SCHANNEL;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX64 + + + + + X64 + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;CURL_STATICLIB;USE_WINDOWS_SSPI;USE_SCHANNEL;USE_WIN32_IDN;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX64 + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win32\VC14.20\LIB Release\include;..\..\..\..\..\openssl\include;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;CURL_STATICLIB;USE_OPENSSL;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX86 + + + + + X64 + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win64\VC14.20\LIB Release\include;..\..\..\..\..\openssl\include;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;CURL_STATICLIB;USE_OPENSSL;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX64 + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win32\VC14.20\LIB Release\include;..\..\..\..\..\openssl\include;..\..\..\..\..\libssh2\include;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;CURL_STATICLIB;USE_OPENSSL;USE_LIBSSH2;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX86 + + + + + X64 + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;..\..\..\..\..\openssl\include\..\build\Win64\VC14.20\LIB Release\include;..\..\..\..\..\openssl\include;..\..\..\..\..\libssh2\include;%(AdditionalIncludeDirectories) + NDEBUG;BUILDING_LIBCURL;CURL_STATICLIB;USE_OPENSSL;USE_LIBSSH2;USE_IPV6;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + + + $(OutDir)$(TargetName)$(TargetExt) + MachineX64 + + + +CURL_LIB_C_FILES +CURL_LIB_VAUTH_C_FILES +CURL_LIB_VQUIC_C_FILES +CURL_LIB_VSSH_C_FILES +CURL_LIB_VTLS_C_FILES + + +CURL_LIB_H_FILES +CURL_LIB_VAUTH_H_FILES +CURL_LIB_VQUIC_H_FILES +CURL_LIB_VSSH_H_FILES +CURL_LIB_VTLS_H_FILES + + +CURL_LIB_RC_FILES + + + + + \ No newline at end of file diff --git a/projects/Windows/VC14.20/lib/libcurl.vcxproj.filters b/projects/Windows/VC14.20/lib/libcurl.vcxproj.filters new file mode 100644 index 000000000..4d6341d74 --- /dev/null +++ b/projects/Windows/VC14.20/lib/libcurl.vcxproj.filters @@ -0,0 +1,17 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + \ No newline at end of file diff --git a/projects/Windows/VC14.20/src/.gitignore b/projects/Windows/VC14.20/src/.gitignore new file mode 100644 index 000000000..5baee8342 --- /dev/null +++ b/projects/Windows/VC14.20/src/.gitignore @@ -0,0 +1,10 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +/*.opensdf +/*.sdf +/*.user +/*.vc.db +/*.vcxproj +/.vs diff --git a/projects/Windows/VC14.20/src/curl.sln b/projects/Windows/VC14.20/src/curl.sln new file mode 100644 index 000000000..5cfa4ce24 --- /dev/null +++ b/projects/Windows/VC14.20/src/curl.sln @@ -0,0 +1,181 @@ +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 16 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "curl", "curl.vcxproj", "{5228E9CE-A216-422F-A5E6-58E95E2DD71D}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32 = DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32 + DLL Debug - DLL OpenSSL - DLL LibSSH2|x64 = DLL Debug - DLL OpenSSL - DLL LibSSH2|x64 + DLL Debug - DLL OpenSSL|Win32 = DLL Debug - DLL OpenSSL|Win32 + DLL Debug - DLL OpenSSL|x64 = DLL Debug - DLL OpenSSL|x64 + DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32 = DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32 + DLL Debug - DLL Windows SSPI - DLL WinIDN|x64 = DLL Debug - DLL Windows SSPI - DLL WinIDN|x64 + DLL Debug - DLL Windows SSPI|Win32 = DLL Debug - DLL Windows SSPI|Win32 + DLL Debug - DLL Windows SSPI|x64 = DLL Debug - DLL Windows SSPI|x64 + DLL Debug - DLL wolfSSL|Win32 = DLL Debug - DLL wolfSSL|Win32 + DLL Debug - DLL wolfSSL|x64 = DLL Debug - DLL wolfSSL|x64 + DLL Debug|Win32 = DLL Debug|Win32 + DLL Debug|x64 = DLL Debug|x64 + DLL Release - DLL OpenSSL - DLL LibSSH2|Win32 = DLL Release - DLL OpenSSL - DLL LibSSH2|Win32 + DLL Release - DLL OpenSSL - DLL LibSSH2|x64 = DLL Release - DLL OpenSSL - DLL LibSSH2|x64 + DLL Release - DLL OpenSSL|Win32 = DLL Release - DLL OpenSSL|Win32 + DLL Release - DLL OpenSSL|x64 = DLL Release - DLL OpenSSL|x64 + DLL Release - DLL Windows SSPI - DLL WinIDN|Win32 = DLL Release - DLL Windows SSPI - DLL WinIDN|Win32 + DLL Release - DLL Windows SSPI - DLL WinIDN|x64 = DLL Release - DLL Windows SSPI - DLL WinIDN|x64 + DLL Release - DLL Windows SSPI|Win32 = DLL Release - DLL Windows SSPI|Win32 + DLL Release - DLL Windows SSPI|x64 = DLL Release - DLL Windows SSPI|x64 + DLL Release - DLL wolfSSL|Win32 = DLL Release - DLL wolfSSL|Win32 + DLL Release - DLL wolfSSL|x64 = DLL Release - DLL wolfSSL|x64 + DLL Release|Win32 = DLL Release|Win32 + DLL Release|x64 = DLL Release|x64 + LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32 = LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32 + LIB Debug - DLL OpenSSL - DLL LibSSH2|x64 = LIB Debug - DLL OpenSSL - DLL LibSSH2|x64 + LIB Debug - DLL OpenSSL|Win32 = LIB Debug - DLL OpenSSL|Win32 + LIB Debug - DLL OpenSSL|x64 = LIB Debug - DLL OpenSSL|x64 + LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32 = LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32 + LIB Debug - DLL Windows SSPI - DLL WinIDN|x64 = LIB Debug - DLL Windows SSPI - DLL WinIDN|x64 + LIB Debug - DLL Windows SSPI|Win32 = LIB Debug - DLL Windows SSPI|Win32 + LIB Debug - DLL Windows SSPI|x64 = LIB Debug - DLL Windows SSPI|x64 + LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32 = LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32 + LIB Debug - LIB OpenSSL - LIB LibSSH2|x64 = LIB Debug - LIB OpenSSL - LIB LibSSH2|x64 + LIB Debug - LIB OpenSSL|Win32 = LIB Debug - LIB OpenSSL|Win32 + LIB Debug - LIB OpenSSL|x64 = LIB Debug - LIB OpenSSL|x64 + LIB Debug - LIB wolfSSL|Win32 = LIB Debug - LIB wolfSSL|Win32 + LIB Debug - LIB wolfSSL|x64 = LIB Debug - LIB wolfSSL|x64 + LIB Debug|Win32 = LIB Debug|Win32 + LIB Debug|x64 = LIB Debug|x64 + LIB Release - DLL OpenSSL - DLL LibSSH2|Win32 = LIB Release - DLL OpenSSL - DLL LibSSH2|Win32 + LIB Release - DLL OpenSSL - DLL LibSSH2|x64 = LIB Release - DLL OpenSSL - DLL LibSSH2|x64 + LIB Release - DLL OpenSSL|Win32 = LIB Release - DLL OpenSSL|Win32 + LIB Release - DLL OpenSSL|x64 = LIB Release - DLL OpenSSL|x64 + LIB Release - DLL Windows SSPI - DLL WinIDN|Win32 = LIB Release - DLL Windows SSPI - DLL WinIDN|Win32 + LIB Release - DLL Windows SSPI - DLL WinIDN|x64 = LIB Release - DLL Windows SSPI - DLL WinIDN|x64 + LIB Release - DLL Windows SSPI|Win32 = LIB Release - DLL Windows SSPI|Win32 + LIB Release - DLL Windows SSPI|x64 = LIB Release - DLL Windows SSPI|x64 + LIB Release - LIB OpenSSL - LIB LibSSH2|Win32 = LIB Release - LIB OpenSSL - LIB LibSSH2|Win32 + LIB Release - LIB OpenSSL - LIB LibSSH2|x64 = LIB Release - LIB OpenSSL - LIB LibSSH2|x64 + LIB Release - LIB OpenSSL|Win32 = LIB Release - LIB OpenSSL|Win32 + LIB Release - LIB OpenSSL|x64 = LIB Release - LIB OpenSSL|x64 + LIB Release - LIB wolfSSL|Win32 = LIB Release - LIB wolfSSL|Win32 + LIB Release - LIB wolfSSL|x64 = LIB Release - LIB wolfSSL|x64 + LIB Release|Win32 = LIB Release|Win32 + LIB Release|x64 = LIB Release|x64 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32.ActiveCfg = DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32.Build.0 = DLL Debug - DLL OpenSSL - DLL LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL OpenSSL - DLL LibSSH2|x64.ActiveCfg = DLL Debug - DLL OpenSSL - DLL LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL OpenSSL - DLL LibSSH2|x64.Build.0 = DLL Debug - DLL OpenSSL - DLL LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL OpenSSL|Win32.ActiveCfg = DLL Debug - DLL OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL OpenSSL|Win32.Build.0 = DLL Debug - DLL OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL OpenSSL|x64.ActiveCfg = DLL Debug - DLL OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL OpenSSL|x64.Build.0 = DLL Debug - DLL OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32.ActiveCfg = DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32.Build.0 = DLL Debug - DLL Windows SSPI - DLL WinIDN|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL Windows SSPI - DLL WinIDN|x64.ActiveCfg = DLL Debug - DLL Windows SSPI - DLL WinIDN|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL Windows SSPI - DLL WinIDN|x64.Build.0 = DLL Debug - DLL Windows SSPI - DLL WinIDN|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL Windows SSPI|Win32.ActiveCfg = DLL Debug - DLL Windows SSPI|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL Windows SSPI|Win32.Build.0 = DLL Debug - DLL Windows SSPI|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL Windows SSPI|x64.ActiveCfg = DLL Debug - DLL Windows SSPI|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL Windows SSPI|x64.Build.0 = DLL Debug - DLL Windows SSPI|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL wolfSSL|Win32.ActiveCfg = DLL Debug - DLL wolfSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL wolfSSL|Win32.Build.0 = DLL Debug - DLL wolfSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL wolfSSL|x64.ActiveCfg = DLL Debug - DLL wolfSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug - DLL wolfSSL|x64.Build.0 = DLL Debug - DLL wolfSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug|Win32.ActiveCfg = DLL Debug|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug|Win32.Build.0 = DLL Debug|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL OpenSSL - DLL LibSSH2|Win32.ActiveCfg = DLL Release - DLL OpenSSL - DLL LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL OpenSSL - DLL LibSSH2|Win32.Build.0 = DLL Release - DLL OpenSSL - DLL LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL OpenSSL - DLL LibSSH2|x64.ActiveCfg = DLL Release - DLL OpenSSL - DLL LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL OpenSSL - DLL LibSSH2|x64.Build.0 = DLL Release - DLL OpenSSL - DLL LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL OpenSSL|Win32.ActiveCfg = DLL Release - DLL OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL OpenSSL|Win32.Build.0 = DLL Release - DLL OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL OpenSSL|x64.ActiveCfg = DLL Release - DLL OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL OpenSSL|x64.Build.0 = DLL Release - DLL OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL Windows SSPI - DLL WinIDN|Win32.ActiveCfg = DLL Release - DLL Windows SSPI - DLL WinIDN|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL Windows SSPI - DLL WinIDN|Win32.Build.0 = DLL Release - DLL Windows SSPI - DLL WinIDN|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL Windows SSPI - DLL WinIDN|x64.ActiveCfg = DLL Release - DLL Windows SSPI - DLL WinIDN|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL Windows SSPI - DLL WinIDN|x64.Build.0 = DLL Release - DLL Windows SSPI - DLL WinIDN|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL Windows SSPI|Win32.ActiveCfg = DLL Release - DLL Windows SSPI|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL Windows SSPI|Win32.Build.0 = DLL Release - DLL Windows SSPI|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL Windows SSPI|x64.ActiveCfg = DLL Release - DLL Windows SSPI|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL Windows SSPI|x64.Build.0 = DLL Release - DLL Windows SSPI|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL wolfSSL|Win32.ActiveCfg = DLL Release - DLL wolfSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL wolfSSL|Win32.Build.0 = DLL Release - DLL wolfSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL wolfSSL|x64.ActiveCfg = DLL Release - DLL wolfSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release - DLL wolfSSL|x64.Build.0 = DLL Release - DLL wolfSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release|Win32.ActiveCfg = DLL Release|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release|Win32.Build.0 = DLL Release|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release|x64.ActiveCfg = DLL Release|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.DLL Release|x64.Build.0 = DLL Release|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32.ActiveCfg = LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32.Build.0 = LIB Debug - DLL OpenSSL - DLL LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL OpenSSL - DLL LibSSH2|x64.ActiveCfg = LIB Debug - DLL OpenSSL - DLL LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL OpenSSL - DLL LibSSH2|x64.Build.0 = LIB Debug - DLL OpenSSL - DLL LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL OpenSSL|Win32.ActiveCfg = LIB Debug - DLL OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL OpenSSL|Win32.Build.0 = LIB Debug - DLL OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL OpenSSL|x64.ActiveCfg = LIB Debug - DLL OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL OpenSSL|x64.Build.0 = LIB Debug - DLL OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32.ActiveCfg = LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32.Build.0 = LIB Debug - DLL Windows SSPI - DLL WinIDN|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL Windows SSPI - DLL WinIDN|x64.ActiveCfg = LIB Debug - DLL Windows SSPI - DLL WinIDN|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL Windows SSPI - DLL WinIDN|x64.Build.0 = LIB Debug - DLL Windows SSPI - DLL WinIDN|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL Windows SSPI|Win32.ActiveCfg = LIB Debug - DLL Windows SSPI|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL Windows SSPI|Win32.Build.0 = LIB Debug - DLL Windows SSPI|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL Windows SSPI|x64.ActiveCfg = LIB Debug - DLL Windows SSPI|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - DLL Windows SSPI|x64.Build.0 = LIB Debug - DLL Windows SSPI|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32.ActiveCfg = LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32.Build.0 = LIB Debug - LIB OpenSSL - LIB LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB OpenSSL - LIB LibSSH2|x64.ActiveCfg = LIB Debug - LIB OpenSSL - LIB LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB OpenSSL - LIB LibSSH2|x64.Build.0 = LIB Debug - LIB OpenSSL - LIB LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB OpenSSL|Win32.ActiveCfg = LIB Debug - LIB OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB OpenSSL|Win32.Build.0 = LIB Debug - LIB OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB OpenSSL|x64.ActiveCfg = LIB Debug - LIB OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB OpenSSL|x64.Build.0 = LIB Debug - LIB OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB wolfSSL|Win32.ActiveCfg = LIB Debug - LIB wolfSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB wolfSSL|Win32.Build.0 = LIB Debug - LIB wolfSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB wolfSSL|x64.ActiveCfg = LIB Debug - LIB wolfSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug - LIB wolfSSL|x64.Build.0 = LIB Debug - LIB wolfSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug|Win32.ActiveCfg = LIB Debug|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug|Win32.Build.0 = LIB Debug|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug|x64.ActiveCfg = LIB Debug|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Debug|x64.Build.0 = LIB Debug|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL OpenSSL - DLL LibSSH2|Win32.ActiveCfg = LIB Release - DLL OpenSSL - DLL LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL OpenSSL - DLL LibSSH2|Win32.Build.0 = LIB Release - DLL OpenSSL - DLL LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL OpenSSL - DLL LibSSH2|x64.ActiveCfg = LIB Release - DLL OpenSSL - DLL LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL OpenSSL - DLL LibSSH2|x64.Build.0 = LIB Release - DLL OpenSSL - DLL LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL OpenSSL|Win32.ActiveCfg = LIB Release - DLL OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL OpenSSL|Win32.Build.0 = LIB Release - DLL OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL OpenSSL|x64.ActiveCfg = LIB Release - DLL OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL OpenSSL|x64.Build.0 = LIB Release - DLL OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL Windows SSPI - DLL WinIDN|Win32.ActiveCfg = LIB Release - DLL Windows SSPI - DLL WinIDN|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL Windows SSPI - DLL WinIDN|Win32.Build.0 = LIB Release - DLL Windows SSPI - DLL WinIDN|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL Windows SSPI - DLL WinIDN|x64.ActiveCfg = LIB Release - DLL Windows SSPI - DLL WinIDN|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL Windows SSPI - DLL WinIDN|x64.Build.0 = LIB Release - DLL Windows SSPI - DLL WinIDN|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL Windows SSPI|Win32.ActiveCfg = LIB Release - DLL Windows SSPI|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL Windows SSPI|Win32.Build.0 = LIB Release - DLL Windows SSPI|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL Windows SSPI|x64.ActiveCfg = LIB Release - DLL Windows SSPI|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - DLL Windows SSPI|x64.Build.0 = LIB Release - DLL Windows SSPI|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB OpenSSL - LIB LibSSH2|Win32.ActiveCfg = LIB Release - LIB OpenSSL - LIB LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB OpenSSL - LIB LibSSH2|Win32.Build.0 = LIB Release - LIB OpenSSL - LIB LibSSH2|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB OpenSSL - LIB LibSSH2|x64.ActiveCfg = LIB Release - LIB OpenSSL - LIB LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB OpenSSL - LIB LibSSH2|x64.Build.0 = LIB Release - LIB OpenSSL - LIB LibSSH2|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB OpenSSL|Win32.ActiveCfg = LIB Release - LIB OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB OpenSSL|Win32.Build.0 = LIB Release - LIB OpenSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB OpenSSL|x64.ActiveCfg = LIB Release - LIB OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB OpenSSL|x64.Build.0 = LIB Release - LIB OpenSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB wolfSSL|Win32.ActiveCfg = LIB Release - LIB wolfSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB wolfSSL|Win32.Build.0 = LIB Release - LIB wolfSSL|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB wolfSSL|x64.ActiveCfg = LIB Release - LIB wolfSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release - LIB wolfSSL|x64.Build.0 = LIB Release - LIB wolfSSL|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release|Win32.ActiveCfg = LIB Release|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release|Win32.Build.0 = LIB Release|Win32 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release|x64.ActiveCfg = LIB Release|x64 + {5228E9CE-A216-422F-A5E6-58E95E2DD71D}.LIB Release|x64.Build.0 = LIB Release|x64 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/projects/Windows/VC14.20/src/curl.tmpl b/projects/Windows/VC14.20/src/curl.tmpl new file mode 100644 index 000000000..85c71768b --- /dev/null +++ b/projects/Windows/VC14.20/src/curl.tmpl @@ -0,0 +1,2671 @@ + + + + + DLL Debug - DLL wolfSSL + Win32 + + + DLL Debug - DLL wolfSSL + x64 + + + DLL Debug - DLL OpenSSL - DLL LibSSH2 + Win32 + + + DLL Debug - DLL OpenSSL - DLL LibSSH2 + x64 + + + DLL Debug - DLL OpenSSL + Win32 + + + DLL Debug - DLL OpenSSL + x64 + + + DLL Debug - DLL Windows SSPI - DLL WinIDN + Win32 + + + DLL Debug - DLL Windows SSPI - DLL WinIDN + x64 + + + DLL Debug - DLL Windows SSPI + Win32 + + + DLL Debug - DLL Windows SSPI + x64 + + + DLL Debug + Win32 + + + DLL Debug + x64 + + + DLL Release - DLL wolfSSL + Win32 + + + DLL Release - DLL wolfSSL + x64 + + + DLL Release - DLL OpenSSL - DLL LibSSH2 + Win32 + + + DLL Release - DLL OpenSSL - DLL LibSSH2 + x64 + + + DLL Release - DLL OpenSSL + Win32 + + + DLL Release - DLL OpenSSL + x64 + + + DLL Release - DLL Windows SSPI - DLL WinIDN + Win32 + + + DLL Release - DLL Windows SSPI - DLL WinIDN + x64 + + + DLL Release - DLL Windows SSPI + Win32 + + + DLL Release - DLL Windows SSPI + x64 + + + DLL Release + Win32 + + + DLL Release + x64 + + + LIB Debug - DLL OpenSSL - DLL LibSSH2 + Win32 + + + LIB Debug - DLL OpenSSL - DLL LibSSH2 + x64 + + + LIB Debug - DLL OpenSSL + Win32 + + + LIB Debug - DLL OpenSSL + x64 + + + LIB Debug - DLL Windows SSPI - DLL WinIDN + Win32 + + + LIB Debug - DLL Windows SSPI - DLL WinIDN + x64 + + + LIB Debug - DLL Windows SSPI + Win32 + + + LIB Debug - DLL Windows SSPI + x64 + + + LIB Debug - LIB wolfSSL + Win32 + + + LIB Debug - LIB wolfSSL + x64 + + + LIB Debug - LIB OpenSSL - LIB LibSSH2 + Win32 + + + LIB Debug - LIB OpenSSL - LIB LibSSH2 + x64 + + + LIB Debug - LIB OpenSSL + Win32 + + + LIB Debug - LIB OpenSSL + x64 + + + LIB Debug + Win32 + + + LIB Debug + x64 + + + LIB Release - DLL OpenSSL - DLL LibSSH2 + Win32 + + + LIB Release - DLL OpenSSL - DLL LibSSH2 + x64 + + + LIB Release - DLL OpenSSL + Win32 + + + LIB Release - DLL OpenSSL + x64 + + + LIB Release - DLL Windows SSPI - DLL WinIDN + Win32 + + + LIB Release - DLL Windows SSPI - DLL WinIDN + x64 + + + LIB Release - DLL Windows SSPI + Win32 + + + LIB Release - DLL Windows SSPI + x64 + + + LIB Release - LIB wolfSSL + Win32 + + + LIB Release - LIB wolfSSL + x64 + + + LIB Release - LIB OpenSSL - LIB LibSSH2 + Win32 + + + LIB Release - LIB OpenSSL - LIB LibSSH2 + x64 + + + LIB Release - LIB OpenSSL + Win32 + + + LIB Release - LIB OpenSSL + x64 + + + LIB Release + Win32 + + + LIB Release + x64 + + + + {5228E9CE-A216-422F-A5E6-58E95E2DD71D} + curl + + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + Application + false + Unicode + v142 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.30319.1 + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + $(OutDir)src\ + false + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + $(OutDir)src\ + false + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + $(OutDir)src\ + false + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + $(OutDir)src\ + false + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + $(OutDir)src\ + false + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + $(OutDir)src\ + false + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + $(OutDir)src\ + false + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + $(OutDir)src\ + false + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + $(OutDir)src\ + false + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + $(OutDir)src\ + false + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + $(OutDir)src\ + false + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + $(OutDir)src\ + false + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + $(OutDir)src\ + false + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + $(OutDir)src\ + false + false + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win32\VC14.20\$(Configuration)\ + $(OutDir)src\ + $(OutDir)src\ + false + false + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + ..\..\..\..\build\Win64\VC14.20\$(Configuration)\ + $(OutDir)src\ + $(OutDir)src\ + false + false + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName)d + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + $(ProjectName) + + + + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX86 + + + + + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX86 + true + $(TargetDir)$(TargetName).pdb + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX64 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX64 + true + $(TargetDir)$(TargetName).pdb + + + + + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;CURL_STATICLIB;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX86 + + + + + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;CURL_STATICLIB;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurl.lib;wolfssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);..\..\..\..\..\wolfssl\build\Win32\VC14.20\LIB Release;%(AdditionalLibraryDirectories) + Console + MachineX86 + true + $(TargetDir)$(TargetName).pdb + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;CURL_STATICLIB;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX64 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;CURL_STATICLIB;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurl.lib;wolfssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);..\..\..\..\..\wolfssl\build\Win64\VC14.20\LIB Release;%(AdditionalLibraryDirectories) + Console + MachineX64 + true + $(TargetDir)$(TargetName).pdb + + + + + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;CURL_STATICLIB;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX86 + + + + + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;CURL_STATICLIB;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurld.lib;wolfssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);..\..\..\..\..\wolfssl\build\Win32\VC14.20\LIB Debug;%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;CURL_STATICLIB;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX64 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;CURL_STATICLIB;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurld.lib;wolfssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);..\..\..\..\..\wolfssl\build\Win64\VC14.20\LIB Debug;%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX86 + + + + + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX64 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX86 + + + + + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX64 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX86 + + + + + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX64 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;CURL_STATICLIB;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcurld.lib;libcrypto.lib;libssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);..\..\..\..\..\openssl\build\Win32\VC14.20\LIB Debug;%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;CURL_STATICLIB;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcurld.lib;libcrypto.lib;libssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);..\..\..\..\..\openssl\build\Win64\VC14.20\LIB Debug;%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;CURL_STATICLIB;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcurl.lib;libcrypto.lib;libssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);..\..\..\..\..\openssl\build\Win32\VC14.20\LIB Release;%(AdditionalLibraryDirectories) + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;CURL_STATICLIB;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcurl.lib;libcrypto.lib;libssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);..\..\..\..\..\openssl\build\Win64\VC14.20\LIB Release;%(AdditionalLibraryDirectories) + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;CURL_STATICLIB;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcurld.lib;libcrypto.lib;libssl.lib;libssh2d.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);..\..\..\..\..\openssl\build\Win32\VC14.20\LIB Debug;..\..\..\..\..\libssh2\build\Win32\VC14.20\LIB Debug;%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;CURL_STATICLIB;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcurld.lib;libcrypto.lib;libssl.lib;libssh2d.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);..\..\..\..\..\openssl\build\Win64\VC14.20\LIB Debug;..\..\..\..\..\libssh2\build\Win64\VC14.20\LIB Debug;%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;CURL_STATICLIB;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcurl.lib;libcrypto.lib;libssl.lib;libssh2.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);..\..\..\..\..\openssl\build\Win32\VC14.20\LIB Release;..\..\..\..\..\libssh2\build\Win32\VC14.20\LIB Release;%(AdditionalLibraryDirectories) + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;CURL_STATICLIB;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcurl.lib;libcrypto.lib;libssl.lib;libssh2.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);..\..\..\..\..\openssl\build\Win64\VC14.20\LIB Release;..\..\..\..\..\libssh2\build\Win64\VC14.20\LIB Release;%(AdditionalLibraryDirectories) + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;CURL_STATICLIB;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcurld.lib;libcrypto.lib;libssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);..\..\..\..\..\openssl\build\Win32\VC14.20\DLL Debug;%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;CURL_STATICLIB;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcurld.lib;libcrypto.lib;libssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);..\..\..\..\..\openssl\build\Win64\VC14.20\DLL Debug;%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;CURL_STATICLIB;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcurl.lib;libcrypto.lib;libssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);..\..\..\..\..\openssl\build\Win32\VC14.20\DLL Release;%(AdditionalLibraryDirectories) + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;CURL_STATICLIB;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcurl.lib;libcrypto.lib;libssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);..\..\..\..\..\openssl\build\Win64\VC14.20\DLL Release;%(AdditionalLibraryDirectories) + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;CURL_STATICLIB;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcurld.lib;libcrypto.lib;libssl.lib;libssh2d.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);..\..\..\..\..\openssl\build\Win32\VC14.20\DLL Debug;..\..\..\..\..\libssh2\build\Win32\VC14.20\DLL Debug;%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;CURL_STATICLIB;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcurld.lib;libcrypto.lib;libssl.lib;libssh2d.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);..\..\..\..\..\openssl\build\Win64\VC14.20\DLL Debug;..\..\..\..\..\libssh2\build\Win64\VC14.20\DLL Debug;%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;CURL_STATICLIB;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcurl.lib;libcrypto.lib;libssl.lib;libssh2.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);..\..\..\..\..\openssl\build\Win32\VC14.20\DLL Release;..\..\..\..\..\libssh2\build\Win32\VC14.20\DLL Release;%(AdditionalLibraryDirectories) + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;CURL_STATICLIB;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + crypt32.lib;ws2_32.lib;wldap32.lib;libcurl.lib;libssh2.lib;libcrypto.lib;libssl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);..\..\..\..\..\openssl\build\Win64\VC14.20\DLL Release;..\..\..\..\..\libssh2\build\Win64\VC14.20\DLL Release;%(AdditionalLibraryDirectories) + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;CURL_STATICLIB;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;crypt32.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX86 + + + + + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;CURL_STATICLIB;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;crypt32.lib;normaliz.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;CURL_STATICLIB;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;crypt32.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX64 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + Disabled + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + _DEBUG;_CONSOLE;DEBUGBUILD;CURL_STATICLIB;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + Level4 + ProgramDatabase + + + _DEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;crypt32.lib;normaliz.lib;libcurld.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + true + $(TargetDir)$(TargetName).pdb + Console + MachineX64 + + + + + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;CURL_STATICLIB;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;crypt32.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX86 + + + + + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;CURL_STATICLIB;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;crypt32.lib;normaliz.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win32\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX86 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;CURL_STATICLIB;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;crypt32.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX64 + + + + + X64 + $(TargetDir)$(TargetName).tlb + + + + + MaxSpeed + OnlyExplicitInline + ..\..\..\..\include;..\..\..\..\lib;%(AdditionalIncludeDirectories) + NDEBUG;_CONSOLE;CURL_STATICLIB;%(PreprocessorDefinitions) + true + MultiThreadedDLL + true + Level4 + + + NDEBUG;%(PreprocessorDefinitions) + 0x0409 + ..\..\..\..\include;%(AdditionalIncludeDirectories) + + + ws2_32.lib;wldap32.lib;crypt32.lib;normaliz.lib;libcurl.lib;%(AdditionalDependencies) + $(OutDir)$(TargetName)$(TargetExt) + ..\..\..\..\build\Win64\VC14.20\$(Configuration);%(AdditionalLibraryDirectories) + Console + MachineX64 + + + +CURL_SRC_X_C_FILES +CURL_SRC_C_FILES + + +CURL_SRC_X_H_FILES +CURL_SRC_H_FILES + + +CURL_SRC_RC_FILES + + + + + \ No newline at end of file diff --git a/projects/Windows/VC14.20/src/curl.vcxproj.filters b/projects/Windows/VC14.20/src/curl.vcxproj.filters new file mode 100644 index 000000000..4d6341d74 --- /dev/null +++ b/projects/Windows/VC14.20/src/curl.vcxproj.filters @@ -0,0 +1,17 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + \ No newline at end of file diff --git a/projects/Windows/VC14.30/src/curl.sln b/projects/Windows/VC14.30/src/curl.sln index 16d22965f..ce5aa2c6f 100644 --- a/projects/Windows/VC14.30/src/curl.sln +++ b/projects/Windows/VC14.30/src/curl.sln @@ -1,5 +1,5 @@ Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio 15 +# Visual Studio 17 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "curl", "curl.vcxproj", "{5228E9CE-A216-422F-A5E6-58E95E2DD71D}" EndProject Global diff --git a/projects/generate.bat b/projects/generate.bat index d57d4ebb9..a110adffc 100644 --- a/projects/generate.bat +++ b/projects/generate.bat @@ -56,6 +56,8 @@ rem *************************************************************************** set VERSION=VC14 ) else if /i "%~1" == "vc14.10" ( set VERSION=VC14.10 + ) else if /i "%~1" == "vc14.20" ( + set VERSION=VC14.20 ) else if /i "%~1" == "vc14.30" ( set VERSION=VC14.30 ) else if /i "%~1" == "-clean" ( @@ -88,6 +90,7 @@ rem *************************************************************************** if "%VERSION%" == "VC12" goto vc12 if "%VERSION%" == "VC14" goto vc14 if "%VERSION%" == "VC14.10" goto vc14.10 + if "%VERSION%" == "VC14.20" goto vc14.20 if "%VERSION%" == "VC14.30" goto vc14.30 :vc10 @@ -165,6 +168,21 @@ rem *************************************************************************** if not "%VERSION%" == "ALL" goto success +:vc14.20 + echo. + + if "%MODE%" == "GENERATE" ( + echo Generating VC14.20 project files + call :generate vcxproj Windows\VC14.20\src\curl.tmpl Windows\VC14.20\src\curl.vcxproj + call :generate vcxproj Windows\VC14.20\lib\libcurl.tmpl Windows\VC14.20\lib\libcurl.vcxproj + ) else ( + echo Removing VC14.20 project files + call :clean Windows\VC14.20\src\curl.vcxproj + call :clean Windows\VC14.20\lib\libcurl.vcxproj + ) + + if not "%VERSION%" == "ALL" goto success + :vc14.30 echo. @@ -182,7 +200,7 @@ rem *************************************************************************** rem Main generate function. rem -rem %1 - Project Type (vcxproj for VC10, VC11, VC12, VC14, VC14.10 and VC14.30) +rem %1 - Project Type (vcxproj for VC10, VC11, VC12, VC14, VC14.10, VC14.20 and VC14.30) rem %2 - Input template file rem %3 - Output project file rem @@ -263,7 +281,7 @@ rem rem Generates a single file xml element. rem -rem %1 - Project Type (vcxproj for VC10, VC11, VC12, VC14, VC14.10 and VC14.30) +rem %1 - Project Type (vcxproj for VC10, VC11, VC12, VC14, VC14.10, VC14.20 and VC14.30) rem %2 - Directory (src, lib, lib\vauth, lib\vquic, lib\vssh, lib\vtls) rem %3 - Source filename rem %4 - Output project file @@ -359,6 +377,7 @@ rem echo vc12 - Use Visual Studio 2013 echo vc14 - Use Visual Studio 2015 echo vc14.10 - Use Visual Studio 2017 + echo vc14.20 - Use Visual Studio 2019 echo vc14.30 - Use Visual Studio 2022 echo. echo -clean - Removes the project files diff --git a/scripts/Makefile.am b/scripts/Makefile.am index fcb78eabf..ae95e85ac 100644 --- a/scripts/Makefile.am +++ b/scripts/Makefile.am @@ -22,8 +22,8 @@ # ########################################################################### -EXTRA_DIST = updatemanpages.pl coverage.sh completion.pl firefox-db2pem.sh \ - checksrc.pl mk-ca-bundle.pl +EXTRA_DIST = coverage.sh completion.pl firefox-db2pem.sh checksrc.pl \ + mk-ca-bundle.pl schemetable.c cd2nroff nroff2cd cdall cd2cd ZSH_FUNCTIONS_DIR = @ZSH_FUNCTIONS_DIR@ FISH_FUNCTIONS_DIR = @FISH_FUNCTIONS_DIR@ diff --git a/scripts/cd2cd b/scripts/cd2cd new file mode 100755 index 000000000..a4de2f875 --- /dev/null +++ b/scripts/cd2cd @@ -0,0 +1,226 @@ +#!/usr/bin/env perl +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +=begin comment + +This script updates a curldown file to current/better curldown. + +Example: cd2cd [--in-place] > + +--in-place: if used, it replaces the original file with the cleaned up + version. When this is used, cd2cd accepts multiple files to work + on and it ignores errors on single files. + +=end comment +=cut + +my $cd2cd = "0.1"; # to keep check +my $dir; +my $extension; +my $inplace = 0; + +while(1) { + if($ARGV[0] eq "--in-place") { + shift @ARGV; + $inplace = 1; + } + else { + last; + } +} + + +use POSIX qw(strftime); +my @ts; +if (defined($ENV{SOURCE_DATE_EPOCH})) { + @ts = localtime($ENV{SOURCE_DATE_EPOCH}); +} else { + @ts = localtime; +} +my $date = strftime "%B %d %Y", @ts; + +sub outseealso { + my (@sa) = @_; + my $comma = 0; + my @o; + push @o, ".SH SEE ALSO\n"; + for my $s (sort @sa) { + push @o, sprintf "%s.BR $s", $comma ? ",\n": ""; + $comma = 1; + } + push @o, "\n"; + return @o; +} + +sub single { + my @head; + my @seealso; + my ($f)=@_; + my $title; + my $section; + my $source; + my $start = 0; + my $d; + my $line = 0; + open(F, "<:crlf", "$f") || + return 1; + while() { + $line++; + $d = $_; + if(!$start) { + if(/^---/) { + # header starts here + $start = 1; + push @head, $d; + } + next; + } + if(/^Title: *(.*)/i) { + $title=$1; + } + elsif(/^Section: *(.*)/i) { + $section=$1; + } + elsif(/^Source: *(.*)/i) { + $source=$1; + } + elsif(/^See-also: +(.*)/i) { + $salist = 0; + push @seealso, $1; + } + elsif(/^See-also: */i) { + if($seealso[0]) { + print STDERR "$f:$line:1:ERROR: bad See-Also, needs list\n"; + return 2; + } + $salist = 1; + } + elsif(/^ +- (.*)/i) { + # the only list we support is the see-also + if($salist) { + push @seealso, $1; + } + } + # REUSE-IgnoreStart + elsif(/^C: (.*)/i) { + $copyright=$1; + } + elsif(/^SPDX-License-Identifier: (.*)/i) { + $spdx=$1; + } + # REUSE-IgnoreEnd + elsif(/^---/) { + # end of the header section + if(!$title) { + print STDERR "ERROR: no 'Title:' in $f\n"; + return 1; + } + if(!$section) { + print STDERR "ERROR: no 'Section:' in $f\n"; + return 2; + } + if(!$seealso[0]) { + print STDERR "$f:$line:1:ERROR: no 'See-also:' present\n"; + return 2; + } + if(!$copyright) { + print STDERR "$f:$line:1:ERROR: no 'C:' field present\n"; + return 2; + } + if(!$spdx) { + print STDERR "$f:$line:1:ERROR: no 'SPDX-License-Identifier:' field present\n"; + return 2; + } + last; + } + else { + chomp; + print STDERR "WARN: unrecognized line in $f, ignoring:\n:'$_';" + } + } + + if(!$start) { + print STDERR "$f:$line:1:ERROR: no header present\n"; + return 2; + } + + my @desc; + + push @desc, sprintf <, et al. +SPDX-License-Identifier: curl +Title: $title +Section: $section +Source: $source +HEAD + ; + push @desc, "See-also:\n"; + for my $s (sort @seealso) { + push @desc, " - $s\n" if($s); + } + push @desc, "---\n"; + + my $blankline = 0; + while() { + $d = $_; + $line++; + if($d =~ /^[ \t]*\n/) { + $blankline++; + } + else { + $blankline = 0; + } + # *italics* for curl symbol links get the asterisks removed + $d =~ s/\*((lib|)curl[^ ]*\(3\))\*/$1/gi; + + if(length($d) > 90) { + print STDERR "$f:$line:1:WARN: excessive line length\n"; + } + + push @desc, $d if($blankline < 2); + } + close(F); + + if($inplace) { + open(O, ">$f") || return 1; + print O @desc; + close(O); + } + else { + print @desc; + } + return 0; +} + +if($inplace) { + for my $a (@ARGV) { + # this ignores errors + single($a); + } +} +else { + exit single($ARGV[0]); +} diff --git a/scripts/cd2nroff b/scripts/cd2nroff new file mode 100755 index 000000000..17a83b49c --- /dev/null +++ b/scripts/cd2nroff @@ -0,0 +1,373 @@ +#!/usr/bin/env perl +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +=begin comment + +Converts a curldown file to nroff (man page). + +=end comment +=cut + +use strict; +use warnings; + +my $cd2nroff = "0.1"; # to keep check +my $dir; +my $extension; +my $keepfilename; + +while(@ARGV) { + if($ARGV[0] eq "-d") { + shift @ARGV; + $dir = shift @ARGV; + } + elsif($ARGV[0] eq "-e") { + shift @ARGV; + $extension = shift @ARGV; + } + elsif($ARGV[0] eq "-k") { + shift @ARGV; + $keepfilename = 1; + } + elsif($ARGV[0] eq "-h") { + print < Write the output to the file name from the meta-data in the + specified directory, instead of writing to stdout +-e If -d is used, this option can provide an added "extension", arbitrary + text really, to append to the file name. +-h This help text, +-v Show version then exit +HELP + ; + exit 0; + } + elsif($ARGV[0] eq "-v") { + print "cd2nroff version $cd2nroff\n"; + exit 0; + } + else { + last; + } +} + +use POSIX qw(strftime); +my @ts; +if (defined($ENV{SOURCE_DATE_EPOCH})) { + @ts = localtime($ENV{SOURCE_DATE_EPOCH}); +} else { + @ts = localtime; +} +my $date = strftime "%B %d %Y", @ts; + +sub outseealso { + my (@sa) = @_; + my $comma = 0; + my @o; + push @o, ".SH SEE ALSO\n"; + for my $s (sort @sa) { + push @o, sprintf "%s.BR $s", $comma ? ",\n": ""; + $comma = 1; + } + push @o, "\n"; + return @o; +} + +sub single { + my @seealso; + my $d; + my ($f)=@_; + my $copyright; + my $errors = 0; + my $fh; + my $line; + my $salist; + my $section; + my $source; + my $spdx; + my $start = 0; + my $title; + + if(defined($f)) { + if(!open($fh, "<:crlf", "$f")) { + print STDERR "Failed to open $f : $!\n"; + return 1; + } + } + else { + $f = "STDIN"; + $fh = \*STDIN; + binmode($fh, ":crlf"); + } + while(<$fh>) { + $line++; + if(!$start) { + if(/^---/) { + # header starts here + $start = 1; + } + next; + } + if(/^Title: *(.*)/i) { + $title=$1; + } + elsif(/^Section: *(.*)/i) { + $section=$1; + } + elsif(/^Source: *(.*)/i) { + $source=$1; + } + elsif(/^See-also: +(.*)/i) { + $salist = 0; + push @seealso, $1; + } + elsif(/^See-also: */i) { + if($seealso[0]) { + print STDERR "$f:$line:1:ERROR: bad See-Also, needs list\n"; + return 2; + } + $salist = 1; + } + elsif(/^ +- (.*)/i) { + # the only list we support is the see-also + if($salist) { + push @seealso, $1; + } + } + # REUSE-IgnoreStart + elsif(/^C: (.*)/i) { + $copyright=$1; + } + elsif(/^SPDX-License-Identifier: (.*)/i) { + $spdx=$1; + } + # REUSE-IgnoreEnd + elsif(/^---/) { + # end of the header section + if(!$title) { + print STDERR "ERROR: no 'Title:' in $f\n"; + return 1; + } + if(!$section) { + print STDERR "ERROR: no 'Section:' in $f\n"; + return 2; + } + if(!$seealso[0]) { + print STDERR "$f:$line:1:ERROR: no 'See-also:' present\n"; + return 2; + } + if(!$copyright) { + print STDERR "$f:$line:1:ERROR: no 'C:' field present\n"; + return 2; + } + if(!$spdx) { + print STDERR "$f:$line:1:ERROR: no 'SPDX-License-Identifier:' field present\n"; + return 2; + } + last; + } + else { + chomp; + print STDERR "WARN: unrecognized line in $f, ignoring:\n:'$_';" + } + } + + if(!$start) { + print STDERR "$f:$line:1:ERROR: no header present\n"; + return 2; + } + + my @desc; + my $quote = 0; + my $blankline = 0; + my $header = 0; + + # cut off the leading path from the file name, if any + $f =~ s/^(.*[\\\/])//; + + push @desc, ".\\\" generated by cd2nroff $cd2nroff from $f\n"; + push @desc, ".TH $title $section \"$date\" $source\n"; + while(<$fh>) { + $line++; + + $d = $_; + + if($quote) { + if($quote == 4) { + # remove the indentation + if($d =~ /^ (.*)/) { + push @desc, "$1\n"; + next; + } + else { + # end of quote + $quote = 0; + push @desc, ".fi\n"; + next; + } + } + if(/^~~~/) { + # end of quote + $quote = 0; + push @desc, ".fi\n"; + next; + } + # convert single backslahes to doubles + $d =~ s/\\/\\\\/g; + # lines starting with a period needs it escaped + $d =~ s/^\./\\&./; + push @desc, $d; + next; + } + + # **bold** + $d =~ s/\*\*(\S.*?)\*\*/\\fB$1\\fP/g; + # *italics* + $d =~ s/\*(\S.*?)\*/\\fI$1\\fP/g; + + # mentions of curl symbols with man pages use italics by default + $d =~ s/((lib|)curl([^ ]*\(3\)))/\\fI$1\\fP/gi; + + # backticked becomes italics + $d =~ s/\`(.*?)\`/\\fI$1\\fP/g; + + if(/^## (.*)/) { + my $word = $1; + # if there are enclosing quotes, remove them first + $word =~ s/[\"\'](.*)[\"\']\z/$1/; + + # enclose in double quotes if there is a space present + if($word =~ / /) { + push @desc, ".IP \"$word\"\n"; + } + else { + push @desc, ".IP $word\n"; + } + $header = 1; + } + elsif(/^# (.*)/) { + my $word = $1; + # if there are enclosing quotes, remove them first + $word =~ s/[\"\'](.*)[\"\']\z/$1/; + push @desc, ".SH $word\n"; + $header = 1; + } + elsif(/^~~~c/) { + # start of a code section, not indented + $quote = 1; + push @desc, "\n" if($blankline && !$header); + $header = 0; + push @desc, ".nf\n"; + } + elsif(/^~~~/) { + # start of a quote section; not code, not indented + $quote = 1; + push @desc, "\n" if($blankline && !$header); + $header = 0; + push @desc, ".nf\n"; + } + elsif(/^ (.*)/) { + # quoted, indented by 4 space + $quote = 4; + push @desc, "\n" if($blankline && !$header); + $header = 0; + push @desc, ".nf\n$1\n"; + } + elsif(/^[ \t]*\n/) { + # count and ignore blank lines + $blankline++; + } + else { + # don't output newlines if this is the first content after a + # header + push @desc, "\n" if($blankline && !$header); + $blankline = 0; + $header = 0; + + # remove single line HTML comments + $d =~ s///g; + + # quote minuses in the output + $d =~ s/([^\\])-/$1\\-/g; + # replace single quotes + $d =~ s/\'/\\(aq/g; + # handle double quotes first on the line + $d =~ s/^(\s*)\"/$1\\&\"/; + + # lines starting with a period needs it escaped + $d =~ s/^\./\\&./; + + if($d =~ /^(.*) /) { + printf STDERR "$f:$line:%d:ERROR: 2 spaces detected\n", + length($1); + $errors++; + } + if($d =~ /^[ \t]*\n/) { + # replaced away all contents + $blankline= 1; + } + else { + push @desc, $d; + } + } + } + if($fh != \*STDIN) { + close($fh); + } + push @desc, outseealso(@seealso); + if($dir) { + if($keepfilename) { + $title = $f; + $title =~ s/\.[^.]*$//; + } + my $outfile = "$dir/$title.$section"; + if(defined($extension)) { + $outfile .= $extension; + } + if(!open(O, ">", $outfile)) { + print STDERR "Failed to open $outfile : $!\n"; + return 1; + } + print O @desc; + close(O); + } + else { + print @desc; + } + return $errors; +} + +if(@ARGV) { + for my $f (@ARGV) { + my $r = single($f); + if($r) { + exit $r; + } + } +} +else { + exit single(); +} diff --git a/scripts/cdall b/scripts/cdall new file mode 100755 index 000000000..507ccc6be --- /dev/null +++ b/scripts/cdall @@ -0,0 +1,44 @@ +#!/usr/bin/env perl +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +# provide all dir names to scan on the cmdline + +sub convert { + my ($dir)=@_; + opendir(my $dh, $dir) || die "could not open $dir"; + my @cd = grep { /\.md\z/ && -f "$dir/$_" } readdir($dh); + closedir $dh; + + for my $cd (@cd) { + my $nroff = "$cd"; + $nroff =~ s/\.md\z/.3/; + print "$dir/$cd = $dir/$nroff\n"; + system("./scripts/cd2nroff -d $dir $dir/$cd"); + } +} + +for my $d (sort @ARGV) { + convert($d); +} diff --git a/scripts/checksrc.pl b/scripts/checksrc.pl index b85b56b43..76f466081 100644 --- a/scripts/checksrc.pl +++ b/scripts/checksrc.pl @@ -59,6 +59,7 @@ my %warnings = ( 'ASTERISKSPACE' => 'pointer declared with space after asterisk', 'BADCOMMAND' => 'bad !checksrc! instruction', 'BANNEDFUNC' => 'a banned function was used', + 'BANNEDPREPROC' => 'a banned symbol was used on a preprocessor line', 'BRACEELSE' => '} else on the same line', 'BRACEPOS' => 'wrong position for an open brace', 'BRACEWHILE' => 'A single space between open brace and while', @@ -402,6 +403,13 @@ sub scanfile { checksrc($cmd, $line, $file, $l) } + if($l =~ /^#line (\d+) \"([^\"]*)\"/) { + # a #line instruction + $file = $2; + $line = $1; + next; + } + # check for a copyright statement and save the years if($l =~ /\* +copyright .* (\d\d\d\d|)/i) { my $count = 0; @@ -892,6 +900,18 @@ sub scanfile { "multiple spaces"); } preproc: + if($prep) { + # scan for use of banned symbols on a preprocessor line + if($l =~ /^(^|.*\W) + (WIN32) + (\W|$) + /x) { + checkwarn("BANNEDPREPROC", + $line, length($1), $file, $ol, + "use of $2 is banned from preprocessor lines" . + (($2 eq "WIN32") ? ", use _WIN32 instead" : "")); + } + } $line++; $prevp = $prep; $prevl = $ol if(!$prep); diff --git a/scripts/nroff2cd b/scripts/nroff2cd new file mode 100755 index 000000000..500367f81 --- /dev/null +++ b/scripts/nroff2cd @@ -0,0 +1,193 @@ +#!/usr/bin/env perl +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +=begin comment + +This script converts an nroff file to curldown + +Example: cd2nroff [options] > + +Note: when converting .nf sections, this tool does not know if the +section is code or just regular quotes. It then assumes and uses ~~~c +for code. + +=end comment +=cut + +my $nroff2cd = "0.1"; # to keep check + +sub single { + my ($f)=@_; + open(F, "<:crlf", "$f") || + return 1; + my $line; + my $title; + my $section; + my $source; + my @seealso; + my @desc; + my $header; # non-zero when TH is passed + my $quote = 0; # quote state + while() { + $line++; + my $d = $_; + if($_ =~ /^.\\\"/) { + # a comment we can ignore + next; + } + if(!$header) { + if($d =~ /.so (.*)/) { + # this is basically an include, so do that + my $f = $1; + # remove leading directory + $f =~ s/(.*?\/)//; + close(F); + open(F, "<:crlf", "$f") || return 1; + } + if($d =~ /^\.TH ([^ ]*) (\d) \"(.*?)\" ([^ \n]*)/) { + # header, this needs to be the first thing after leading comments + $title = $1; + $section = $2; + # date is $3 + $source = $4; + # if there are enclosing quotes around source, remove them + $source =~ s/[\"\'](.*)[\"\']\z/$1/; + $header = 1; + + print <, et al. +SPDX-License-Identifier: curl +Title: $title +Section: $section +Source: $source +HEAD + ; + } + next; + } + + if($quote) { + if($d =~ /^\.SH/) { + #end of quote without an .fi + $quote = 0; + push @desc, "~~~\n"; + } + elsif($d =~ /^\.fi/) { + #end of quote + $quote = 0; + push @desc, "~~~\n"; + next; + } + else { + # double-backslashes converted to single ones + $d =~ s/\\\\/\\/g; + push @desc, $d; + next; + } + } + if($d =~ /^\.SH (.*)/) { + my $word = $1; + # if there are enclosing quotes, remove them first + $word =~ s/[\"\'](.*)[\"\']\z/$1/; + if($word eq "SEE ALSO") { + # we just slurp up this section + next; + } + push @desc, "\n# $word\n\n"; + } + elsif($d =~ /^\.(RS|RE)/) { + # ignore these + } + elsif($d =~ /^\.IP (.*)/) { + my $word = $1; + # if there are enclosing quotes, remove them first + $word =~ s/[\"\'](.*)[\"\']\z/$1/; + push @desc, "\n## $word\n\n"; + } + elsif($d =~ /^\.IP/) { + # .IP with no text we just skip + } + elsif($d =~ /^\.BR (.*)/) { + # only used for SEE ALSO + my $word = $1; + # remove trailing comma + $word =~ s/,\z//; + + for my $s (split(/,/, $word)) { + # remove all double quotes + $s =~ s/\"//g; + # tream leading whitespace + $s =~ s/^ +//g; + push @seealso, $s; + } + } + elsif($d =~ /^\.I (.*)/) { + push @desc, "*$1*\n"; + } + elsif($d =~ /^\.B (.*)/) { + push @desc, "**$1**\n"; + } + elsif($d =~ /^\.nf/) { + push @desc, "~~~c\n"; + $quote = 1; + } + else { + # embolden + $d =~ s/\\fB(.*?)\\fP/**$1**/g; + # links to "curl.*()" are left bare since cd2nroff handles them + # specially + $d =~ s/\\fI(curl.*?\(3\))\\fP/$1/ig; + # emphasize + $d =~ s/\\fI(.*?)\\fP/*$1*/g; + # emphasize on a split line + $d =~ s/\\fI/*/g; + # bold on a split line + $d =~ s/\\fB/**/g; + # remove backslash amp + $d =~ s/\\&//g; + # remove backslashes + $d =~ s/\\//g; + # fix single quotes + $d =~ s/\(aq/'/g; + # fix double quotes + $d =~ s/\(dq/\"/g; + push @desc, $d; + } + } + close(F); + + print "See-also:\n"; + for my $s (sort @seealso) { + print " - $s\n" if($s); + } + print "---\n"; + print @desc; + + return !$header; +} + +exit single($ARGV[0]); + diff --git a/scripts/schemetable.c b/scripts/schemetable.c new file mode 100644 index 000000000..ae79eaa09 --- /dev/null +++ b/scripts/schemetable.c @@ -0,0 +1,207 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ +#include +#include + +/* + * Use this tool to generate an updated table for the Curl_getn_scheme_handler + * function in url.c. + */ + +struct detail { + const char *n; + const char *ifdef; +}; + +static const struct detail scheme[] = { + {"dict", "#ifndef CURL_DISABLE_DICT" }, + {"file", "#ifndef CURL_DISABLE_FILE" }, + {"ftp", "#ifndef CURL_DISABLE_FTP" }, + {"ftps", "#if defined(USE_SSL) && !defined(CURL_DISABLE_FTP)" }, + {"gopher", "#ifndef CURL_DISABLE_GOPHER" }, + {"gophers", "#if defined(USE_SSL) && !defined(CURL_DISABLE_GOPHER)" }, + {"http", "#ifndef CURL_DISABLE_HTTP" }, + {"https", "#if defined(USE_SSL) && !defined(CURL_DISABLE_HTTP)" }, + {"imap", "#ifndef CURL_DISABLE_IMAP" }, + {"imaps", "#if defined(USE_SSL) && !defined(CURL_DISABLE_IMAP)" }, + {"ldap", "#ifndef CURL_DISABLE_LDAP" }, + {"ldaps", "#if !defined(CURL_DISABLE_LDAP) && \\\n" + " !defined(CURL_DISABLE_LDAPS) && \\\n" + " ((defined(USE_OPENLDAP) && defined(USE_SSL)) || \\\n" + " (!defined(USE_OPENLDAP) && defined(HAVE_LDAP_SSL)))" }, + {"mqtt", "#ifndef CURL_DISABLE_MQTT" }, + {"pop3", "#ifndef CURL_DISABLE_POP3" }, + {"pop3s", "#if defined(USE_SSL) && !defined(CURL_DISABLE_POP3)" }, + {"rtmp", "#ifdef USE_LIBRTMP" }, + {"rtmpt", "#ifdef USE_LIBRTMP" }, + {"rtmpe", "#ifdef USE_LIBRTMP" }, + {"rtmpte", "#ifdef USE_LIBRTMP" }, + {"rtmps", "#ifdef USE_LIBRTMP" }, + {"rtmpts", "#ifdef USE_LIBRTMP" }, + {"rtsp", "#ifndef CURL_DISABLE_RTSP" }, + {"scp", "#if defined(USE_SSH) && !defined(USE_WOLFSSH)" }, + {"sftp", "#if defined(USE_SSH)" }, + {"smb", "#if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE) && \\\n" + " (SIZEOF_CURL_OFF_T > 4)" }, + {"smbs", "#if defined(USE_SSL) && !defined(CURL_DISABLE_SMB) && \\\n" + " defined(USE_CURL_NTLM_CORE) && (SIZEOF_CURL_OFF_T > 4)" }, + {"smtp", "#ifndef CURL_DISABLE_SMTP" }, + {"smtps", "#if defined(USE_SSL) && !defined(CURL_DISABLE_SMTP)" }, + {"telnet", "#ifndef CURL_DISABLE_TELNET" }, + {"tftp", "#ifndef CURL_DISABLE_TFTP" }, + {"ws", "#if defined(USE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP)" }, + {"wss", "#if defined(USE_WEBSOCKETS) && \\\n" + " defined(USE_SSL) && !defined(CURL_DISABLE_HTTP)" }, + { NULL, NULL } +}; + +unsigned int calc(const char *s, int add, int shift) +{ + const char *so = s; + unsigned int c = add; + while(*s) { + c <<= shift; + c += *s; + s++; + } + return c; +} + +unsigned int num[100]; +unsigned int ix[100]; + +static void showtable(int try, int init, int shift) +{ + int nulls = 0; + int i; + for(i = 0; scheme[i].n; ++i) + num[i] = calc(scheme[i].n, init, shift); + for(i = 0; scheme[i].n; ++i) + ix[i] = num[i] % try; + printf("/*\n" + " unsigned int c = %d\n" + " while(l) {\n" + " c <<= %d;\n" + " c += Curl_raw_tolower(*s);\n" + " s++;\n" + " l--;\n" + " }\n" + "*/\n", init, shift); + + printf(" static const struct Curl_handler * const protocols[%d] = {", try); + + /* generate table */ + for(i=0; i < try; i++) { + int match = 0; + int j; + for(j=0; scheme[j].n; j++) { + if(ix[j] == i) { + printf("\n"); + printf("%s\n", scheme[j].ifdef); + printf(" &Curl_handler_%s,\n", scheme[j].n); + printf("#else\n NULL,\n"); + printf("#endif"); + match = 1; + nulls = 0; + break; + } + } + if(!match) { + if(!nulls || (nulls>10)) { + printf("\n "); + nulls = 0; + } + printf(" NULL,", nulls); + nulls++; + } + } + printf("\n };\n"); +} + +int main(void) +{ + int i; + int try; + int besttry = 9999; + int bestadd = 0; + int bestshift = 0; + int add; + int shift; + for(shift = 0; shift < 8; shift++) { + for(add = 0; add < 999; add++) { + for(i = 0; scheme[i].n; ++i) { + unsigned int v = calc(scheme[i].n, add, shift); + int j; + int badcombo = 0; + for(j=0; j < i; j++) { + + if(num[j] == v) { + /* + printf("NOPE: %u is a dupe (%s and %s)\n", + v, scheme[i], scheme[j]); + */ + badcombo = 1; + break; + } + } + if(badcombo) + break; + num[i] = v; + } +#if 0 + for(i = 0; scheme[i].n; ++i) { + printf("%u - %s\n", num[i], scheme[i].n); + } +#endif + /* try different remainders to find smallest possible table */ + for(try = 28; try < 199; try++) { + int good = 1; + for(i = 0; scheme[i].n; ++i) { + ix[i] = num[i] % try; + } + /* check for dupes */ + for(i = 0; scheme[i].n && good; ++i) { + int j; + for(j=0; j < i; j++) { + if(ix[j] == ix[i]) { + /* printf("NOPE, try %u causes dupes (%d and %d)\n", try, j, i); */ + good = 0; + break; + } + } + } + if(good) { + if(try < besttry) { + besttry = try; + bestadd = add; + bestshift = shift; + } + break; + } + } + } + } + + showtable(besttry, bestadd, bestshift); +} diff --git a/scripts/updatemanpages.pl b/scripts/updatemanpages.pl deleted file mode 100644 index 58a8755e8..000000000 --- a/scripts/updatemanpages.pl +++ /dev/null @@ -1,357 +0,0 @@ -#!/usr/bin/env perl -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -# SPDX-License-Identifier: curl -# -########################################################################### - -# Update man pages. - -use strict; -use warnings; -use Tie::File; - -# Data from the command line. - -my $curlver = $ARGV[0]; -my $curldate = $ARGV[1]; - -# Directories and extensions. - -my @dirlist = ("docs/", "docs/libcurl/", "docs/libcurl/opts/", "tests/"); -my @extlist = (".1", ".3"); -my @excludelist = ("mk-ca-bundle.1", "template.3"); - -# Subroutines - -sub printargs{ - # Print arguments and exit. - - print "usage: updatemanpages.pl \n"; - exit; -} - -sub getthline{ - # Process file looking for .TH section. - - my $filename = shift; - my $file_handle; - my $file_line; - - # Open the file. - - open($file_handle, $filename); - - # Look for the .TH section, process it into an array, - # modify it and write to file. - - tie(my @file_data, 'Tie::File', $filename); - foreach my $file_data_line(@file_data) { - if($file_data_line =~ /^.TH/) { - $file_line = $file_data_line; - last; - } - } - - # Close the file. - - close($file_handle); - return $file_line; -} - -sub extractth{ - # Extract .TH section as an array. - - my $input = shift; - - # Split the line into an array. - - my @tharray; - my $inputsize = length($input); - my $inputcurrent = ""; - my $quotemode = 0; - - for(my $inputseek = 0; $inputseek < $inputsize; $inputseek++) { - - if(substr($input, $inputseek, 1) eq " " && $quotemode eq 0) { - push(@tharray, $inputcurrent); - $inputcurrent = ""; - next; - } - - $inputcurrent = $inputcurrent . substr($input, $inputseek, 1); - - if(substr($input, $inputseek, 1) eq "\"") { - if($quotemode eq 0) { - $quotemode = 1; - } - else { - $quotemode = 0; - } - } - } - - if($inputcurrent ne "") { - push(@tharray, $inputcurrent); - } - - return @tharray; -} - -sub getdate{ - # Get the date from the .TH section. - - my $filename = shift; - my $thline; - my @tharray; - my $date = ""; - - $thline = getthline($filename); - - # Return nothing if there is no .TH section found. - - if(!$thline || $thline eq "") { - return ""; - } - - @tharray = extractth($thline); - - # Remove the quotes at the start and end. - - $date = substr($tharray[3], 1, -1); - return $date; -} - -sub processth{ - # Process .TH section. - - my $input = shift; - my $date = shift; - - # Split the line into an array. - - my @tharray = extractth($input); - - # Alter the date. - - my $itemdate = "\""; - $itemdate .= $date; - $itemdate .= "\""; - $tharray[3] = $itemdate; - - # Alter the item version. - - my $itemver = $tharray[4]; - my $itemname = ""; - - for(my $itemnameseek = 1; - $itemnameseek < length($itemver); - $itemnameseek++) { - if(substr($itemver, $itemnameseek, 1) eq " " || - substr($itemver, $itemnameseek, 1) eq "\"") { - last; - } - $itemname .= substr($itemver, $itemnameseek, 1); - } - - $itemver = "\""; - $itemver .= $itemname; - $itemver .= " "; - $itemver .= $curlver; - $itemver .= "\""; - - $tharray[4] = $itemver; - - my $thoutput = ""; - - foreach my $thvalue (@tharray) { - $thoutput .= $thvalue; - $thoutput .= " "; - } - $thoutput =~ s/\s+$//; - $thoutput .= "\n"; - - # Return updated string. - - return $thoutput; -} - -sub processfile{ - # Process file looking for .TH section. - - my $filename = shift; - my $date = shift; - my $file_handle; - my $file_dist_handle; - my $filename_dist; - - # Open a handle for the original file and a second file handle - # for the dist file. - - $filename_dist = $filename . ".dist"; - - open($file_handle, $filename); - open($file_dist_handle, ">" . $filename_dist); - - # Look for the .TH section, process it into an array, - # modify it and write to file. - - tie(my @file_data, 'Tie::File', $filename); - foreach my $file_data_line (@file_data) { - if($file_data_line =~ /^.TH/) { - my $file_dist_line = processth($file_data_line, $date); - print $file_dist_handle $file_dist_line . "\n"; - } - else { - print $file_dist_handle $file_data_line . "\n"; - } - } - - # Close the file. - - close($file_handle); - close($file_dist_handle); -} - -# Check that $curlver is set, otherwise print arguments and exit. - -if(!$curlver) { - printargs(); -} - -# check to see that the git command works, it requires git 2.6 something -my $gitcheck = `git log -1 --date="format:%B %d, %Y" $dirlist[0] 2>/dev/null`; -if(length($gitcheck) < 1) { - print "git version too old or $dirlist[0] is a bad argument\n"; - exit; -} - -# Look in each directory. - -my $dir_handle; - -foreach my $dirname (@dirlist) { - foreach my $extname (@extlist) { - # Go through the directory looking for files ending with - # the current extension. - - opendir($dir_handle, $dirname); - my @filelist = grep(/.$extname$/i, readdir($dir_handle)); - - foreach my $file (@filelist) { - # Skip if file is in exclude list. - - if(grep(/^$file$/, @excludelist)) { - next; - } - - # Load the file and get the date. - - my $filedate; - - # Check if dist version exists and load date from that - # file if it does. - - if(-e ($dirname . $file . ".dist")) { - $filedate = getdate(($dirname . $file . ".dist")); - } - else { - $filedate = getdate(($dirname . $file)); - } - - # Skip if value is empty. - - if(!$filedate || $filedate eq "") { - next; - } - - # Check the man page in the git repository. - - my $repodata = `LC_TIME=C git log -1 --date="format:%B %d, %Y" \\ - --since="$filedate" $dirname$file | grep ^Date:`; - - # If there is output then update the man page - # with the new date/version. - - # Process the file if there is output. - - if($repodata) { - my $thisdate; - if(!$curldate) { - if($repodata =~ /^Date: +(.*)/) { - $thisdate = $1; - } - else { - print STDERR "Warning: " . ($dirname . $file) . ": found no " . - "date\n"; - } - } - else { - $thisdate = $curldate; - } - processfile(($dirname . $file), $thisdate); - print $dirname . $file . " page updated to $thisdate\n"; - } - } - closedir($dir_handle); - } -} - -__END__ - -=pod - -=head1 updatemanpages.pl - -Updates the man pages with the version number and optional date. If the date -isn't provided, the last modified date from git is used. - -=head2 USAGE - -updatemanpages.pl version [date] - -=head3 version - -Specifies version (required) - -=head3 date - -Specifies date (optional) - -=head2 SETTINGS - -=head3 @dirlist - -Specifies the list of directories to look for files in. - -=head3 @extlist - -Specifies the list of files with extensions to process. - -=head3 @excludelist - -Specifies the list of files to not process. - -=head2 NOTES - -This script is used during maketgz. - -=cut diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index a3c4218ea..5695670f0 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -24,7 +24,8 @@ set(EXE_NAME curl) add_definitions(-DBUILDING_CURL) -if(USE_MANUAL) +if(ENABLE_CURL_MANUAL AND HAVE_MANUAL_TOOLS) + add_definitions("-DUSE_MANUAL") # Use the C locale to ensure that only ASCII characters appear in the # embedded text. NROFF and MANOPT are set in the parent CMakeLists.txt add_custom_command( diff --git a/src/Makefile.am b/src/Makefile.am index ddeb70073..7a99c2548 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -61,6 +61,8 @@ curl_SOURCES += $(CURL_RCFILES) $(CURL_RCFILES): tool_version.h endif +curl_LDFLAGS = $(AM_LDFLAGS) $(CURL_LDFLAGS_BIN) + # This might hold -Werror CFLAGS += @CURL_CFLAG_EXTRAS@ @@ -89,7 +91,7 @@ CLEANFILES = tool_hugehelp.c NROFF=env LC_ALL=C @NROFF@ @MANOPT@ 2>/dev/null # figured out by the configure script EXTRA_DIST = mkhelp.pl \ - Makefile.mk curl.rc Makefile.inc CMakeLists.txt + Makefile.mk curl.rc Makefile.inc CMakeLists.txt .checksrc # Use absolute directory to disable VPATH MANPAGE=$(abs_top_builddir)/docs/curl.1 @@ -155,7 +157,7 @@ tidy: $(TIDY) $(CURL_CFILES) $(TIDYFLAGS) -- $(curl_CPPFLAGS) $(CPPFLAGS) -DHAVE_CONFIG_H listhelp: - (cd $(top_srcdir)/docs/cmdline-opts && ./gen.pl listhelp *.d) > tool_listhelp.c + (cd $(top_srcdir)/docs/cmdline-opts && make listhelp) if HAVE_WINDRES .rc.o: diff --git a/src/Makefile.inc b/src/Makefile.inc index 253893536..c1d202a06 100644 --- a/src/Makefile.inc +++ b/src/Makefile.inc @@ -79,6 +79,7 @@ CURL_CFILES = \ tool_help.c \ tool_helpers.c \ tool_hugehelp.c \ + tool_ipfs.c \ tool_libinfo.c \ tool_listhelp.c \ tool_main.c \ @@ -122,6 +123,7 @@ CURL_HFILES = \ tool_help.h \ tool_helpers.h \ tool_hugehelp.h \ + tool_ipfs.h \ tool_libinfo.h \ tool_main.h \ tool_msgs.h \ diff --git a/src/Makefile.mk b/src/Makefile.mk index 66882b353..83dd65d16 100644 --- a/src/Makefile.mk +++ b/src/Makefile.mk @@ -32,31 +32,13 @@ include $(PROOT)/lib/Makefile.mk ### Local -RCFLAGS += -DCURL_EMBED_MANIFEST CPPFLAGS += -I$(PROOT)/lib LDFLAGS += -L$(PROOT)/lib LIBS := -lcurl $(LIBS) -ifdef WIN32 - ifneq ($(findstring -dyn,$(CFG)),) - DYN := 1 - endif -endif - -ifdef DYN - curl_DEPENDENCIES := $(PROOT)/lib/libcurl$(CURL_DLL_SUFFIX).dll - curl_DEPENDENCIES += $(PROOT)/lib/libcurl.dll.a -else - curl_DEPENDENCIES := $(PROOT)/lib/libcurl.a - ifdef WIN32 - CPPFLAGS += -DCURL_STATICLIB - LDFLAGS += -static - endif -endif - ### Sources and targets -# Provides CURL_CFILES, CURLX_CFILES, CURL_RCFILES +# Provides CURL_CFILES, CURLX_CFILES include Makefile.inc TARGETS := curl$(BIN_EXT) @@ -64,12 +46,9 @@ TARGETS := curl$(BIN_EXT) CURL_CFILES += $(notdir $(CURLX_CFILES)) curl_OBJECTS := $(patsubst %.c,$(OBJ_DIR)/%.o,$(strip $(CURL_CFILES))) -ifdef WIN32 -curl_OBJECTS += $(patsubst %.rc,$(OBJ_DIR)/%.res,$(strip $(CURL_RCFILES))) -endif ifdef MAP CURL_MAP := curl.map -CURL_LDFLAGS_BIN += -Wl,-Map,$(CURL_MAP) +LDFLAGS += -Wl,-Map,$(CURL_MAP) TOVCLEAN := $(CURL_MAP) endif vpath %.c $(PROOT)/lib @@ -105,7 +84,7 @@ tool_hugehelp.c: endif endif -$(TARGETS): $(curl_OBJECTS) $(curl_DEPENDENCIES) - $(CC) $(LDFLAGS) $(CURL_LDFLAGS_BIN) -o $@ $(curl_OBJECTS) $(LIBS) +$(TARGETS): $(curl_OBJECTS) $(PROOT)/lib/libcurl.a + $(CC) $(LDFLAGS) -o $@ $(curl_OBJECTS) $(LIBS) all: $(OBJ_DIR) $(TARGETS) diff --git a/src/curl.rc b/src/curl.rc index 11d528429..6fcaf353e 100644 --- a/src/curl.rc +++ b/src/curl.rc @@ -53,7 +53,7 @@ BEGIN VALUE "OriginalFilename", "curl.exe\0" VALUE "ProductName", "The curl executable\0" VALUE "ProductVersion", CURL_VERSION "\0" - VALUE "LegalCopyright", "\xa9 " CURL_COPYRIGHT "\0" /* a9: Copyright symbol */ + VALUE "LegalCopyright", "Copyright (C) " CURL_COPYRIGHT "\0" VALUE "License", "https://curl.se/docs/copyright.html\0" END END diff --git a/src/tool_cb_dbg.c b/src/tool_cb_dbg.c index ce5e25e92..cbf57f057 100644 --- a/src/tool_cb_dbg.c +++ b/src/tool_cb_dbg.c @@ -217,7 +217,7 @@ int tool_debug_cb(CURL *handle, curl_infotype type, switch(type) { case CURLINFO_TEXT: fprintf(output, "%s%s== Info: %.*s", timebuf, idsbuf, (int)size, data); - /* FALLTHROUGH */ + FALLTHROUGH(); default: /* in case a new one is introduced to shock us */ return 0; diff --git a/src/tool_cb_hdr.c b/src/tool_cb_hdr.c index df44f7aa7..30ee3b09c 100644 --- a/src/tool_cb_hdr.c +++ b/src/tool_cb_hdr.c @@ -41,9 +41,9 @@ static char *parse_filename(const char *ptr, size_t len); -#ifdef WIN32 -#define BOLD -#define BOLDOFF +#ifdef _WIN32 +#define BOLD "\x1b[1m" +#define BOLDOFF "\x1b[22m" #else #define BOLD "\x1b[1m" /* Switch off bold by setting "all attributes off" since the explicit @@ -87,7 +87,7 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata) } #endif -#ifdef WIN32 +#ifdef _WIN32 /* Discard incomplete UTF-8 sequence buffered from body */ if(outs->utf8seq[0]) memset(outs->utf8seq, 0, sizeof(outs->utf8seq)); @@ -150,16 +150,19 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata) char *filename; size_t len; - while(*p && (p < end) && !ISALPHA(*p)) + while((p < end) && *p && !ISALPHA(*p)) p++; if(p > end - 9) break; if(memcmp(p, "filename=", 9)) { /* no match, find next parameter */ - while((p < end) && (*p != ';')) + while((p < end) && *p && (*p != ';')) p++; - continue; + if((p < end) && *p) + continue; + else + break; } p += 9; @@ -175,10 +178,18 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata) return CURL_WRITEFUNC_ERROR; } + if(per->config->output_dir) { + outs->filename = aprintf("%s/%s", per->config->output_dir, filename); + free(filename); + if(!outs->filename) + return CURL_WRITEFUNC_ERROR; + } + else + outs->filename = filename; + outs->is_cd_filename = TRUE; outs->s_isreg = TRUE; outs->fopened = FALSE; - outs->filename = filename; outs->alloc_filename = TRUE; hdrcbdata->honor_cd_filename = FALSE; /* done now! */ if(!tool_create_output_file(outs, per->config)) @@ -209,7 +220,11 @@ size_t tool_header_cb(char *ptr, size_t size, size_t nmemb, void *userdata) if(!outs->stream && !tool_create_output_file(outs, per->config)) return CURL_WRITEFUNC_ERROR; - if(hdrcbdata->global->isatty && hdrcbdata->global->styled_output) + if(hdrcbdata->global->isatty && +#ifdef _WIN32 + tool_term_has_bold && +#endif + hdrcbdata->global->styled_output) value = memchr(ptr, ':', cb); if(value) { size_t namelen = value - ptr; @@ -297,7 +312,7 @@ static char *parse_filename(const char *ptr, size_t len) if(copy != p) memmove(copy, p, strlen(p) + 1); -#if defined(MSDOS) || defined(WIN32) +#if defined(_WIN32) || defined(MSDOS) { char *sanitized; SANITIZEcode sc = sanitize_file_name(&sanitized, copy, 0); @@ -306,7 +321,7 @@ static char *parse_filename(const char *ptr, size_t len) return NULL; copy = sanitized; } -#endif /* MSDOS || WIN32 */ +#endif /* _WIN32 || MSDOS */ /* in case we built debug enabled, we allow an environment variable * named CURL_TESTDIR to prefix the given file name to put it into a diff --git a/src/tool_cb_prg.c b/src/tool_cb_prg.c index 47ec3ef39..86b6fa605 100644 --- a/src/tool_cb_prg.c +++ b/src/tool_cb_prg.c @@ -38,6 +38,8 @@ #include "memdebug.h" /* keep this as LAST include */ +#define MAX_BARLENGTH 256 + #ifdef HAVE_TERMIOS_H # include #elif defined(HAVE_TERMIO_H) @@ -78,11 +80,16 @@ static const unsigned int sinus[] = { static void fly(struct ProgressData *bar, bool moved) { - char buf[256]; + char buf[MAX_BARLENGTH + 2]; int pos; int check = bar->width - 2; - msnprintf(buf, sizeof(buf), "%*s\r", bar->width-1, " "); + /* bar->width is range checked when assigned */ + DEBUGASSERT(bar->width <= MAX_BARLENGTH); + memset(buf, ' ', bar->width); + buf[bar->width] = '\r'; + buf[bar->width + 1] = '\0'; + memcpy(&buf[bar->bar], "-=O=-", 5); pos = sinus[bar->tick%200] / (1000000 / check); @@ -114,8 +121,6 @@ static void fly(struct ProgressData *bar, bool moved) ** callback for CURLOPT_XFERINFOFUNCTION */ -#define MAX_BARLENGTH 256 - #if (SIZEOF_CURL_OFF_T < 8) #error "too small curl_off_t" #else @@ -203,7 +208,14 @@ int tool_progress_cb(void *clientp, memset(line, '#', num); line[num] = '\0'; msnprintf(format, sizeof(format), "\r%%-%ds %%5.1f%%%%", barwidth); +#ifdef __clang__ +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wformat-nonliteral" +#endif fprintf(bar->out, format, line, percent); +#ifdef __clang__ +#pragma clang diagnostic pop +#endif } fflush(bar->out); bar->prev = point; @@ -249,7 +261,7 @@ void progressbarinit(struct ProgressData *bar, struct winsize ts; if(!ioctl(STDIN_FILENO, TIOCGWINSZ, &ts)) cols = ts.ws_col; -#elif defined(WIN32) +#elif defined(_WIN32) { HANDLE stderr_hnd = GetStdHandle(STD_ERROR_HANDLE); CONSOLE_SCREEN_BUFFER_INFO console_info; diff --git a/src/tool_cb_rea.c b/src/tool_cb_rea.c index d70a9b909..8cb5bbe8a 100644 --- a/src/tool_cb_rea.c +++ b/src/tool_cb_rea.c @@ -62,7 +62,7 @@ size_t tool_read_cb(char *buffer, size_t sz, size_t nmemb, void *userdata) if(msdelta > config->timeout_ms) /* timeout */ return 0; -#ifndef WIN32 +#ifndef _WIN32 /* this logic waits on read activity on a file descriptor that is not a socket which makes it not work with select() on Windows */ else { diff --git a/src/tool_cb_see.c b/src/tool_cb_see.c index 8351473c8..bce57bb28 100644 --- a/src/tool_cb_see.c +++ b/src/tool_cb_see.c @@ -93,21 +93,6 @@ int tool_seek_cb(void *userdata, curl_off_t offset, int whence) #ifdef USE_TOOL_FTRUNCATE -#ifdef __BORLANDC__ -/* 64-bit lseek-like function unavailable */ -# define _lseeki64(hnd,ofs,whence) lseek(hnd,ofs,whence) -#endif - -#ifdef __POCC__ -# if(__POCC__ < 450) -/* 64-bit lseek-like function unavailable */ -# define _lseeki64(hnd,ofs,whence) _lseek(hnd,ofs,whence) -# else -# undef _lseeki64 -# define _lseeki64(hnd,ofs,whence) _lseek64(hnd,ofs,whence) -# endif -#endif - #ifdef _WIN32_WCE /* 64-bit lseek-like function unavailable */ # undef _lseeki64 diff --git a/src/tool_cb_see.h b/src/tool_cb_see.h index 14bbc4264..b5d7bf985 100644 --- a/src/tool_cb_see.h +++ b/src/tool_cb_see.h @@ -25,7 +25,7 @@ ***************************************************************************/ #include "tool_setup.h" -#if defined(WIN32) && !defined(HAVE_FTRUNCATE) +#if defined(_WIN32) && !defined(HAVE_FTRUNCATE) int tool_ftruncate64(int fd, curl_off_t where); @@ -35,7 +35,7 @@ int tool_ftruncate64(int fd, curl_off_t where); #define HAVE_FTRUNCATE 1 #define USE_TOOL_FTRUNCATE 1 -#endif /* WIN32 && ! HAVE_FTRUNCATE */ +#endif /* _WIN32 && ! HAVE_FTRUNCATE */ /* ** callback for CURLOPT_SEEKFUNCTION diff --git a/src/tool_cb_wrt.c b/src/tool_cb_wrt.c index b7838664e..143cba255 100644 --- a/src/tool_cb_wrt.c +++ b/src/tool_cb_wrt.c @@ -44,7 +44,7 @@ #ifndef O_BINARY #define O_BINARY 0 #endif -#ifdef WIN32 +#ifdef _WIN32 #define OPENMODE S_IREAD | S_IWRITE #else #define OPENMODE S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH @@ -57,7 +57,6 @@ bool tool_create_output_file(struct OutStruct *outs, struct GlobalConfig *global; FILE *file = NULL; char *fname = outs->filename; - char *aname = NULL; DEBUGASSERT(outs); DEBUGASSERT(config); global = config->global; @@ -66,15 +65,6 @@ bool tool_create_output_file(struct OutStruct *outs, return FALSE; } - if(config->output_dir && outs->is_cd_filename) { - aname = aprintf("%s/%s", config->output_dir, fname); - if(!aname) { - errorf(global, "out of memory"); - return FALSE; - } - fname = aname; - } - if(config->file_clobber_mode == CLOBBER_ALWAYS || (config->file_clobber_mode == CLOBBER_DEFAULT && !outs->is_cd_filename)) { @@ -94,14 +84,12 @@ bool tool_create_output_file(struct OutStruct *outs, char *newname; /* Guard against wraparound in new filename */ if(newlen < len) { - free(aname); errorf(global, "overflow in filename generation"); return FALSE; } newname = malloc(newlen); if(!newname) { errorf(global, "out of memory"); - free(aname); return FALSE; } memcpy(newname, fname, len); @@ -135,10 +123,8 @@ bool tool_create_output_file(struct OutStruct *outs, if(!file) { warnf(global, "Failed to open the file %s: %s", fname, strerror(errno)); - free(aname); return FALSE; } - free(aname); outs->s_isreg = TRUE; outs->fopened = TRUE; outs->stream = file; @@ -159,7 +145,7 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata) struct OperationConfig *config = per->config; size_t bytes = sz * nmemb; bool is_tty = config->global->isatty; -#ifdef WIN32 +#ifdef _WIN32 CONSOLE_SCREEN_BUFFER_INFO console_info; intptr_t fhnd; #endif @@ -231,13 +217,13 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata) } } -#ifdef WIN32 +#ifdef _WIN32 fhnd = _get_osfhandle(fileno(outs->stream)); /* if windows console then UTF-8 must be converted to UTF-16 */ if(isatty(fileno(outs->stream)) && GetConsoleScreenBufferInfo((HANDLE)fhnd, &console_info)) { wchar_t *wc_buf; - DWORD wc_len; + DWORD wc_len, chars_written; unsigned char *rbuf = (unsigned char *)buffer; DWORD rlen = (DWORD)bytes; @@ -292,7 +278,7 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata) (HANDLE) fhnd, prefix, prefix[1] ? 2 : 1, - NULL, + &chars_written, NULL)) { return CURL_WRITEFUNC_ERROR; } @@ -351,7 +337,7 @@ size_t tool_write_cb(char *buffer, size_t sz, size_t nmemb, void *userdata) (HANDLE) fhnd, wc_buf, wc_len, - NULL, + &chars_written, NULL)) { free(wc_buf); return CURL_WRITEFUNC_ERROR; diff --git a/src/tool_cfgable.c b/src/tool_cfgable.c index 906e23e14..3259bc7a5 100644 --- a/src/tool_cfgable.c +++ b/src/tool_cfgable.c @@ -25,6 +25,7 @@ #include "tool_cfgable.h" #include "tool_formparse.h" +#include "tool_paramhlp.h" #include "tool_main.h" #include "memdebug.h" /* keep this as LAST include */ @@ -33,7 +34,6 @@ void config_init(struct OperationConfig *config) { memset(config, 0, sizeof(struct OperationConfig)); - config->postfieldsize = -1; config->use_httpget = FALSE; config->create_dirs = FALSE; config->maxredirs = DEFAULT_MAXREDIRS; @@ -45,6 +45,7 @@ void config_init(struct OperationConfig *config) config->http09_allowed = FALSE; config->ftp_skip_ip = TRUE; config->file_clobber_mode = CLOBBER_DEFAULT; + curlx_dyn_init(&config->postdata, MAX_FILE2MEMORY); } static void free_config_fields(struct OperationConfig *config) @@ -59,7 +60,7 @@ static void free_config_fields(struct OperationConfig *config) Curl_safefree(config->cookiejar); curl_slist_free_all(config->cookiefiles); - Curl_safefree(config->postfields); + Curl_dyn_free(&config->postdata); Curl_safefree(config->query); Curl_safefree(config->referer); diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h index 57e8fce52..dfa74d81f 100644 --- a/src/tool_cfgable.h +++ b/src/tool_cfgable.h @@ -68,7 +68,7 @@ struct OperationConfig { char *proto_default; curl_off_t resume_from; char *postfields; - curl_off_t postfieldsize; + struct curlx_dynbuf postdata; char *referer; char *query; long timeout_ms; diff --git a/src/tool_dirhie.c b/src/tool_dirhie.c index 16765c3a5..1cadbd0be 100644 --- a/src/tool_dirhie.c +++ b/src/tool_dirhie.c @@ -25,7 +25,7 @@ #include -#ifdef WIN32 +#ifdef _WIN32 # include #endif @@ -38,7 +38,7 @@ #include "memdebug.h" /* keep this as LAST include */ -#if defined(WIN32) || (defined(MSDOS) && !defined(__DJGPP__)) +#if defined(_WIN32) || (defined(MSDOS) && !defined(__DJGPP__)) # define mkdir(x,y) (mkdir)((x)) # ifndef F_OK # define F_OK 0 @@ -88,7 +88,7 @@ static void show_dir_errno(struct GlobalConfig *global, const char *name) * should create all the dir* automagically */ -#if defined(WIN32) || defined(__DJGPP__) +#if defined(_WIN32) || defined(__DJGPP__) /* systems that may use either or when specifying a path */ #define PATH_DELIMITERS "\\/" #else @@ -132,7 +132,7 @@ CURLcode create_dir_hierarchy(const char *outfile, struct GlobalConfig *global) msnprintf(&dirbuildup[dlen], outlen - dlen, "%s%s", DIR_CHAR, tempdir); else { if(outdup == tempdir) { -#if defined(MSDOS) || defined(WIN32) +#if defined(_WIN32) || defined(MSDOS) /* Skip creating a drive's current directory. It may seem as though that would harmlessly fail but it could be a corner case if X: did not exist, since we would be creating it diff --git a/src/tool_doswin.c b/src/tool_doswin.c index faa5755e6..db2b8b78a 100644 --- a/src/tool_doswin.c +++ b/src/tool_doswin.c @@ -23,13 +23,13 @@ ***************************************************************************/ #include "tool_setup.h" -#if defined(MSDOS) || defined(WIN32) +#if defined(_WIN32) || defined(MSDOS) #if defined(HAVE_LIBGEN_H) && defined(HAVE_BASENAME) # include #endif -#ifdef WIN32 +#ifdef _WIN32 # include # include # include "tool_cfgable.h" @@ -42,7 +42,7 @@ #include "curlx.h" #include "memdebug.h" /* keep this as LAST include */ -#ifdef WIN32 +#ifdef _WIN32 # undef PATH_MAX # define PATH_MAX MAX_PATH #endif @@ -55,7 +55,7 @@ # endif #endif -#ifdef WIN32 +#ifdef _WIN32 # define _use_lfn(f) (1) /* long file names always available */ #elif !defined(__DJGPP__) || (__DJGPP__ < 2) /* DJGPP 2.0 has _use_lfn() */ # define _use_lfn(f) (0) /* long file names never available */ @@ -597,7 +597,7 @@ char **__crt0_glob_function(char *arg) #endif /* MSDOS && (__DJGPP__ || __GO32__) */ -#ifdef WIN32 +#ifdef _WIN32 /* * Function to find CACert bundle on a Win32 platform using SearchPath. @@ -714,6 +714,8 @@ static struct TerminalSettings { #define ENABLE_VIRTUAL_TERMINAL_PROCESSING 0x0004 #endif +bool tool_term_has_bold; + static void restore_terminal(void) { if(InterlockedExchange(&TerminalSettings.valid, (LONG)FALSE)) @@ -733,16 +735,23 @@ static BOOL WINAPI signal_handler(DWORD type) static void init_terminal(void) { TerminalSettings.hStdOut = GetStdHandle(STD_OUTPUT_HANDLE); + /* * Enable VT (Virtual Terminal) output. * Note: VT mode flag can be set on any version of Windows, but VT - * processing only performed on Win10 >= Creators Update) + * processing only performed on Win10 >= version 1709 (OS build 16299) + * Creator's Update. Also, ANSI bold on/off supported since then. */ - if((TerminalSettings.hStdOut != INVALID_HANDLE_VALUE) && - GetConsoleMode(TerminalSettings.hStdOut, - &TerminalSettings.dwOutputMode) && - !(TerminalSettings.dwOutputMode & - ENABLE_VIRTUAL_TERMINAL_PROCESSING)) { + if(TerminalSettings.hStdOut == INVALID_HANDLE_VALUE || + !GetConsoleMode(TerminalSettings.hStdOut, + &TerminalSettings.dwOutputMode) || + !curlx_verify_windows_version(10, 0, 16299, PLATFORM_WINNT, + VERSION_GREATER_THAN_EQUAL)) + return; + + if((TerminalSettings.dwOutputMode & ENABLE_VIRTUAL_TERMINAL_PROCESSING)) + tool_term_has_bold = true; + else { /* The signal handler is set before attempting to change the console mode because otherwise a signal would not be caught after the change but before the handler was installed. */ @@ -751,6 +760,7 @@ static void init_terminal(void) if(SetConsoleMode(TerminalSettings.hStdOut, (TerminalSettings.dwOutputMode | ENABLE_VIRTUAL_TERMINAL_PROCESSING))) { + tool_term_has_bold = true; atexit(restore_terminal); } else { @@ -781,6 +791,6 @@ CURLcode win32_init(void) return CURLE_OK; } -#endif /* WIN32 */ +#endif /* _WIN32 */ -#endif /* MSDOS || WIN32 */ +#endif /* _WIN32 || MSDOS */ diff --git a/src/tool_doswin.h b/src/tool_doswin.h index 669fdb6ed..e07d89d95 100644 --- a/src/tool_doswin.h +++ b/src/tool_doswin.h @@ -25,7 +25,7 @@ ***************************************************************************/ #include "tool_setup.h" -#if defined(MSDOS) || defined(WIN32) +#if defined(_WIN32) || defined(MSDOS) #define SANITIZE_ALLOW_COLONS (1<<0) /* Allow colons */ #define SANITIZE_ALLOW_PATH (1<<1) /* Allow path separators and colons */ @@ -57,7 +57,7 @@ char **__crt0_glob_function(char *arg); #endif /* MSDOS && (__DJGPP__ || __GO32__) */ -#ifdef WIN32 +#ifdef _WIN32 CURLcode FindWin32CACert(struct OperationConfig *config, curl_sslbackend backend, @@ -65,8 +65,8 @@ CURLcode FindWin32CACert(struct OperationConfig *config, struct curl_slist *GetLoadedModulePaths(void); CURLcode win32_init(void); -#endif /* WIN32 */ +#endif /* _WIN32 */ -#endif /* MSDOS || WIN32 */ +#endif /* _WIN32 || MSDOS */ #endif /* HEADER_CURL_TOOL_DOSWIN_H */ diff --git a/src/tool_easysrc.h b/src/tool_easysrc.h index 8c8d13150..f698c8f5c 100644 --- a/src/tool_easysrc.h +++ b/src/tool_easysrc.h @@ -40,7 +40,7 @@ extern int easysrc_slist_count; /* Number of curl_slist variables */ extern CURLcode easysrc_init(void); extern CURLcode easysrc_add(struct slist_wc **plist, const char *bupf); extern CURLcode easysrc_addf(struct slist_wc **plist, - const char *fmt, ...); + const char *fmt, ...) CURL_PRINTF(2, 3); extern CURLcode easysrc_perform(void); extern CURLcode easysrc_cleanup(void); diff --git a/src/tool_filetime.c b/src/tool_filetime.c index 9c2e80429..13113886e 100644 --- a/src/tool_filetime.c +++ b/src/tool_filetime.c @@ -41,7 +41,7 @@ int getfiletime(const char *filename, struct GlobalConfig *global, /* Windows stat() may attempt to adjust the unix GMT file time by a daylight saving time offset and since it's GMT that is bad behavior. When we have access to a 64-bit type we can bypass stat and get the times directly. */ -#if defined(WIN32) +#if defined(_WIN32) HANDLE hfile; TCHAR *tchar_filename = curlx_convert_UTF8_to_tchar((char *)filename); @@ -87,7 +87,7 @@ int getfiletime(const char *filename, struct GlobalConfig *global, return rc; } -#if defined(HAVE_UTIME) || defined(HAVE_UTIMES) || defined(WIN32) +#if defined(HAVE_UTIME) || defined(HAVE_UTIMES) || defined(_WIN32) void setfiletime(curl_off_t filetime, const char *filename, struct GlobalConfig *global) { @@ -95,7 +95,7 @@ void setfiletime(curl_off_t filetime, const char *filename, /* Windows utime() may attempt to adjust the unix GMT file time by a daylight saving time offset and since it's GMT that is bad behavior. When we have access to a 64-bit type we can bypass utime and set the times directly. */ -#if defined(WIN32) +#if defined(_WIN32) HANDLE hfile; TCHAR *tchar_filename = curlx_convert_UTF8_to_tchar((char *)filename); @@ -153,4 +153,4 @@ void setfiletime(curl_off_t filetime, const char *filename, } } #endif /* defined(HAVE_UTIME) || defined(HAVE_UTIMES) || \ - defined(WIN32) */ + defined(_WIN32) */ diff --git a/src/tool_filetime.h b/src/tool_filetime.h index 908b2d72b..205e5cee2 100644 --- a/src/tool_filetime.h +++ b/src/tool_filetime.h @@ -31,12 +31,12 @@ int getfiletime(const char *filename, struct GlobalConfig *global, curl_off_t *stamp); #if defined(HAVE_UTIME) || defined(HAVE_UTIMES) || \ - (defined(WIN32) && (SIZEOF_CURL_OFF_T >= 8)) + (defined(_WIN32) && (SIZEOF_CURL_OFF_T >= 8)) void setfiletime(curl_off_t filetime, const char *filename, struct GlobalConfig *global); #else #define setfiletime(a,b,c) Curl_nop_stmt #endif /* defined(HAVE_UTIME) || defined(HAVE_UTIMES) || \ - (defined(WIN32) && (SIZEOF_CURL_OFF_T >= 8)) */ + (defined(_WIN32) && (SIZEOF_CURL_OFF_T >= 8)) */ #endif /* HEADER_CURL_TOOL_FILETIME_H */ diff --git a/src/tool_findfile.c b/src/tool_findfile.c index 201d8f0a8..a1544a563 100644 --- a/src/tool_findfile.c +++ b/src/tool_findfile.c @@ -53,7 +53,7 @@ static const struct finder conf_list[] = { { "CURL_HOME", NULL, FALSE }, { "XDG_CONFIG_HOME", NULL, FALSE }, /* index == 1, used in the code */ { "HOME", NULL, FALSE }, -#ifdef WIN32 +#ifdef _WIN32 { "USERPROFILE", NULL, FALSE }, { "APPDATA", NULL, FALSE }, { "USERPROFILE", "\\Application Data", FALSE}, diff --git a/src/tool_findfile.h b/src/tool_findfile.h index faafd71cb..63d25195f 100644 --- a/src/tool_findfile.h +++ b/src/tool_findfile.h @@ -25,7 +25,7 @@ ***************************************************************************/ #include "tool_setup.h" -#ifdef WIN32 +#ifdef _WIN32 #define CURLRC_DOTSCORE 2 /* look for underscore-prefixed name too */ #else #define CURLRC_DOTSCORE 1 /* regular .curlrc check */ diff --git a/src/tool_formparse.c b/src/tool_formparse.c index fa38698d5..875ce78d6 100644 --- a/src/tool_formparse.c +++ b/src/tool_formparse.c @@ -278,7 +278,7 @@ static CURLcode tool2curlparts(CURL *curl, struct tool_mime *m, case TOOLMIME_STDIN: if(!filename) filename = "-"; - /* FALLTHROUGH */ + FALLTHROUGH(); case TOOLMIME_STDINDATA: ret = curl_mime_data_cb(part, m->size, (curl_read_callback) tool_mime_stdin_read, diff --git a/src/tool_getparam.c b/src/tool_getparam.c index d9772a309..4c910fd73 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -51,315 +51,578 @@ # define USE_WATT32 #endif -#define GetStr(str,val) do { \ - if(*(str)) { \ - free(*(str)); \ - *(str) = NULL; \ - } \ - if((val)) { \ - *(str) = strdup((val)); \ - if(!(*(str))) { \ - err = PARAM_NO_MEM; \ - goto error; \ - } \ - } \ - } while(0) +#define ALLOW_BLANK TRUE +#define DENY_BLANK FALSE + +static ParameterError getstr(char **str, const char *val, bool allowblank) +{ + if(*str) { + free(*str); + *str = NULL; + } + if(val) { + if(!allowblank && !val[0]) + return PARAM_BLANK_STRING; + + *str = strdup(val); + if(!*str) + return PARAM_NO_MEM; + } + return PARAM_OK; +} + +/* one enum for every command line option. The name is the verbatim long + option name, but in uppercase with periods and minuses replaced with + underscores using a "C_" prefix. */ +typedef enum { + C_ABSTRACT_UNIX_SOCKET, + C_ALPN, + C_ALT_SVC, + C_ANYAUTH, + C_APPEND, + C_AWS_SIGV4, + C_BASIC, + C_BUFFER, + C_CA_NATIVE, + C_CACERT, + C_CAPATH, + C_CERT, + C_CERT_STATUS, + C_CERT_TYPE, + C_CIPHERS, + C_CLOBBER, + C_COMPRESSED, + C_COMPRESSED_SSH, + C_CONFIG, + C_CONNECT_TIMEOUT, + C_CONNECT_TO, + C_CONTINUE_AT, + C_COOKIE, + C_COOKIE_JAR, + C_CREATE_DIRS, + C_CREATE_FILE_MODE, + C_CRLF, + C_CRLFILE, + C_CURVES, + C_DATA, + C_DATA_ASCII, + C_DATA_BINARY, + C_DATA_RAW, + C_DATA_URLENCODE, + C_DELEGATION, + C_DIGEST, + C_DISABLE, + C_DISABLE_EPRT, + C_DISABLE_EPSV, + C_DISALLOW_USERNAME_IN_URL, + C_DNS_INTERFACE, + C_DNS_IPV4_ADDR, + C_DNS_IPV6_ADDR, + C_DNS_SERVERS, + C_DOH_CERT_STATUS, + C_DOH_INSECURE, + C_DOH_URL, + C_DUMP_HEADER, + C_EGD_FILE, + C_ENGINE, + C_EPRT, + C_EPSV, + C_ETAG_COMPARE, + C_ETAG_SAVE, + C_EXPECT100_TIMEOUT, + C_FAIL, + C_FAIL_EARLY, + C_FAIL_WITH_BODY, + C_FALSE_START, + C_FORM, + C_FORM_ESCAPE, + C_FORM_STRING, + C_FTP_ACCOUNT, + C_FTP_ALTERNATIVE_TO_USER, + C_FTP_CREATE_DIRS, + C_FTP_METHOD, + C_FTP_PASV, + C_FTP_PORT, + C_FTP_PRET, + C_FTP_SKIP_PASV_IP, + C_FTP_SSL, + C_FTP_SSL_CCC, + C_FTP_SSL_CCC_MODE, + C_FTP_SSL_CONTROL, + C_FTP_SSL_REQD, + C_GET, + C_GLOBOFF, + C_HAPPY_EYEBALLS_TIMEOUT_MS, + C_HAPROXY_CLIENTIP, + C_HAPROXY_PROTOCOL, + C_HEAD, + C_HEADER, + C_HELP, + C_HOSTPUBMD5, + C_HOSTPUBSHA256, + C_HSTS, + C_HTTP0_9, + C_HTTP1_0, + C_HTTP1_1, + C_HTTP2, + C_HTTP2_PRIOR_KNOWLEDGE, + C_HTTP3, + C_HTTP3_ONLY, + C_IGNORE_CONTENT_LENGTH, + C_INCLUDE, + C_INSECURE, + C_INTERFACE, + C_IPFS_GATEWAY, + C_IPV4, + C_IPV6, + C_JSON, + C_JUNK_SESSION_COOKIES, + C_KEEPALIVE, + C_KEEPALIVE_TIME, + C_KEY, + C_KEY_TYPE, + C_KRB, + C_KRB4, + C_LIBCURL, + C_LIMIT_RATE, + C_LIST_ONLY, + C_LOCAL_PORT, + C_LOCATION, + C_LOCATION_TRUSTED, + C_LOGIN_OPTIONS, + C_MAIL_AUTH, + C_MAIL_FROM, + C_MAIL_RCPT, + C_MAIL_RCPT_ALLOWFAILS, + C_MANUAL, + C_MAX_FILESIZE, + C_MAX_REDIRS, + C_MAX_TIME, + C_METALINK, + C_NEGOTIATE, + C_NETRC, + C_NETRC_FILE, + C_NETRC_OPTIONAL, + C_NEXT, + C_NOPROXY, + C_NPN, + C_NTLM, + C_NTLM_WB, + C_OAUTH2_BEARER, + C_OUTPUT, + C_OUTPUT_DIR, + C_PARALLEL, + C_PARALLEL_IMMEDIATE, + C_PARALLEL_MAX, + C_PASS, + C_PATH_AS_IS, + C_PINNEDPUBKEY, + C_POST301, + C_POST302, + C_POST303, + C_PREPROXY, + C_PROGRESS_BAR, + C_PROGRESS_METER, + C_PROTO, + C_PROTO_DEFAULT, + C_PROTO_REDIR, + C_PROXY, + C_PROXY_ANYAUTH, + C_PROXY_BASIC, + C_PROXY_CA_NATIVE, + C_PROXY_CACERT, + C_PROXY_CAPATH, + C_PROXY_CERT, + C_PROXY_CERT_TYPE, + C_PROXY_CIPHERS, + C_PROXY_CRLFILE, + C_PROXY_DIGEST, + C_PROXY_HEADER, + C_PROXY_HTTP2, + C_PROXY_INSECURE, + C_PROXY_KEY, + C_PROXY_KEY_TYPE, + C_PROXY_NEGOTIATE, + C_PROXY_NTLM, + C_PROXY_PASS, + C_PROXY_PINNEDPUBKEY, + C_PROXY_SERVICE_NAME, + C_PROXY_SSL_ALLOW_BEAST, + C_PROXY_SSL_AUTO_CLIENT_CERT, + C_PROXY_TLS13_CIPHERS, + C_PROXY_TLSAUTHTYPE, + C_PROXY_TLSPASSWORD, + C_PROXY_TLSUSER, + C_PROXY_TLSV1, + C_PROXY_USER, + C_PROXY1_0, + C_PROXYTUNNEL, + C_PUBKEY, + C_QUOTE, + C_RANDOM_FILE, + C_RANGE, + C_RATE, + C_RAW, + C_REFERER, + C_REMOTE_HEADER_NAME, + C_REMOTE_NAME, + C_REMOTE_NAME_ALL, + C_REMOTE_TIME, + C_REMOVE_ON_ERROR, + C_REQUEST, + C_REQUEST_TARGET, + C_RESOLVE, + C_RETRY, + C_RETRY_ALL_ERRORS, + C_RETRY_CONNREFUSED, + C_RETRY_DELAY, + C_RETRY_MAX_TIME, + C_SASL_AUTHZID, + C_SASL_IR, + C_SERVICE_NAME, + C_SESSIONID, + C_SHOW_ERROR, + C_SILENT, + C_SOCKS4, + C_SOCKS4A, + C_SOCKS5, + C_SOCKS5_BASIC, + C_SOCKS5_GSSAPI, + C_SOCKS5_GSSAPI_NEC, + C_SOCKS5_GSSAPI_SERVICE, + C_SOCKS5_HOSTNAME, + C_SPEED_LIMIT, + C_SPEED_TIME, + C_SSL, + C_SSL_ALLOW_BEAST, + C_SSL_AUTO_CLIENT_CERT, + C_SSL_NO_REVOKE, + C_SSL_REQD, + C_SSL_REVOKE_BEST_EFFORT, + C_SSLV2, + C_SSLV3, + C_STDERR, + C_STYLED_OUTPUT, + C_SUPPRESS_CONNECT_HEADERS, + C_TCP_FASTOPEN, + C_TCP_NODELAY, + C_TELNET_OPTION, + C_TEST_EVENT, + C_TFTP_BLKSIZE, + C_TFTP_NO_OPTIONS, + C_TIME_COND, + C_TLS_MAX, + C_TLS13_CIPHERS, + C_TLSAUTHTYPE, + C_TLSPASSWORD, + C_TLSUSER, + C_TLSV1, + C_TLSV1_0, + C_TLSV1_1, + C_TLSV1_2, + C_TLSV1_3, + C_TR_ENCODING, + C_TRACE, + C_TRACE_ASCII, + C_TRACE_CONFIG, + C_TRACE_IDS, + C_TRACE_TIME, + C_UNIX_SOCKET, + C_UPLOAD_FILE, + C_URL, + C_URL_QUERY, + C_USE_ASCII, + C_USER, + C_USER_AGENT, + C_VARIABLE, + C_VERBOSE, + C_VERSION, + C_WDEBUG, + C_WRITE_OUT, + C_XATTR +} cmdline_t; struct LongShort { - const char *letter; /* short name option */ const char *lname; /* long name option */ enum { - ARG_NONE, /* stand-alone but not a boolean */ - ARG_BOOL, /* accepts a --no-[name] prefix */ - ARG_STRING, /* requires an argument */ - ARG_FILENAME /* requires an argument, usually a file name */ + ARG_NONE, /* stand-alone but not a boolean */ + ARG_BOOL, /* accepts a --no-[name] prefix */ + ARG_STRG, /* requires an argument */ + ARG_FILE /* requires an argument, usually a file name */ } desc; + char letter; /* short name option or ' ' */ + cmdline_t cmd; }; +/* this array MUST be alphasorted based on the 'lname' */ static const struct LongShort aliases[]= { - /* 'letter' strings with more than one character have *no* short option to - mention. */ - {"*@", "url", ARG_STRING}, - {"*4", "dns-ipv4-addr", ARG_STRING}, - {"*6", "dns-ipv6-addr", ARG_STRING}, - {"*a", "random-file", ARG_FILENAME}, - {"*b", "egd-file", ARG_STRING}, - {"*B", "oauth2-bearer", ARG_STRING}, - {"*c", "connect-timeout", ARG_STRING}, - {"*C", "doh-url" , ARG_STRING}, - {"*d", "ciphers", ARG_STRING}, - {"*D", "dns-interface", ARG_STRING}, - {"*e", "disable-epsv", ARG_BOOL}, - {"*f", "disallow-username-in-url", ARG_BOOL}, - {"*E", "epsv", ARG_BOOL}, - /* 'epsv' made like this to make --no-epsv and --epsv to work - although --disable-epsv is the documented option */ - {"*F", "dns-servers", ARG_STRING}, - {"*g", "trace", ARG_FILENAME}, - {"*G", "npn", ARG_BOOL}, - {"*h", "trace-ascii", ARG_FILENAME}, - {"*H", "alpn", ARG_BOOL}, - {"*i", "limit-rate", ARG_STRING}, - {"*I", "rate", ARG_STRING}, - {"*j", "compressed", ARG_BOOL}, - {"*J", "tr-encoding", ARG_BOOL}, - {"*k", "digest", ARG_BOOL}, - {"*l", "negotiate", ARG_BOOL}, - {"*m", "ntlm", ARG_BOOL}, - {"*M", "ntlm-wb", ARG_BOOL}, - {"*n", "basic", ARG_BOOL}, - {"*o", "anyauth", ARG_BOOL}, + {"abstract-unix-socket", ARG_FILE, ' ', C_ABSTRACT_UNIX_SOCKET}, + {"alpn", ARG_BOOL, ' ', C_ALPN}, + {"alt-svc", ARG_STRG, ' ', C_ALT_SVC}, + {"anyauth", ARG_BOOL, ' ', C_ANYAUTH}, + {"append", ARG_BOOL, 'a', C_APPEND}, + {"aws-sigv4", ARG_STRG, ' ', C_AWS_SIGV4}, + {"basic", ARG_BOOL, ' ', C_BASIC}, + {"buffer", ARG_BOOL, 'N', C_BUFFER}, + {"ca-native", ARG_BOOL, ' ', C_CA_NATIVE}, + {"cacert", ARG_FILE, ' ', C_CACERT}, + {"capath", ARG_FILE, ' ', C_CAPATH}, + {"cert", ARG_FILE, 'E', C_CERT}, + {"cert-status", ARG_BOOL, ' ', C_CERT_STATUS}, + {"cert-type", ARG_STRG, ' ', C_CERT_TYPE}, + {"ciphers", ARG_STRG, ' ', C_CIPHERS}, + {"clobber", ARG_BOOL, ' ', C_CLOBBER}, + {"compressed", ARG_BOOL, ' ', C_COMPRESSED}, + {"compressed-ssh", ARG_BOOL, ' ', C_COMPRESSED_SSH}, + {"config", ARG_FILE, 'K', C_CONFIG}, + {"connect-timeout", ARG_STRG, ' ', C_CONNECT_TIMEOUT}, + {"connect-to", ARG_STRG, ' ', C_CONNECT_TO}, + {"continue-at", ARG_STRG, 'C', C_CONTINUE_AT}, + {"cookie", ARG_STRG, 'b', C_COOKIE}, + {"cookie-jar", ARG_STRG, 'c', C_COOKIE_JAR}, + {"create-dirs", ARG_BOOL, ' ', C_CREATE_DIRS}, + {"create-file-mode", ARG_STRG, ' ', C_CREATE_FILE_MODE}, + {"crlf", ARG_BOOL, ' ', C_CRLF}, + {"crlfile", ARG_FILE, ' ', C_CRLFILE}, + {"curves", ARG_STRG, ' ', C_CURVES}, + {"data", ARG_STRG, 'd', C_DATA}, + {"data-ascii", ARG_STRG, ' ', C_DATA_ASCII}, + {"data-binary", ARG_STRG, ' ', C_DATA_BINARY}, + {"data-raw", ARG_STRG, ' ', C_DATA_RAW}, + {"data-urlencode", ARG_STRG, ' ', C_DATA_URLENCODE}, + {"delegation", ARG_STRG, ' ', C_DELEGATION}, + {"digest", ARG_BOOL, ' ', C_DIGEST}, + {"disable", ARG_BOOL, 'q', C_DISABLE}, + {"disable-eprt", ARG_BOOL, ' ', C_DISABLE_EPRT}, + {"disable-epsv", ARG_BOOL, ' ', C_DISABLE_EPSV}, + {"disallow-username-in-url", ARG_BOOL, ' ', C_DISALLOW_USERNAME_IN_URL}, + {"dns-interface", ARG_STRG, ' ', C_DNS_INTERFACE}, + {"dns-ipv4-addr", ARG_STRG, ' ', C_DNS_IPV4_ADDR}, + {"dns-ipv6-addr", ARG_STRG, ' ', C_DNS_IPV6_ADDR}, + {"dns-servers", ARG_STRG, ' ', C_DNS_SERVERS}, + {"doh-cert-status", ARG_BOOL, ' ', C_DOH_CERT_STATUS}, + {"doh-insecure", ARG_BOOL, ' ', C_DOH_INSECURE}, + {"doh-url" , ARG_STRG, ' ', C_DOH_URL}, + {"dump-header", ARG_FILE, 'D', C_DUMP_HEADER}, + {"egd-file", ARG_STRG, ' ', C_EGD_FILE}, + {"engine", ARG_STRG, ' ', C_ENGINE}, + {"eprt", ARG_BOOL, ' ', C_EPRT}, + {"epsv", ARG_BOOL, ' ', C_EPSV}, + {"etag-compare", ARG_FILE, ' ', C_ETAG_COMPARE}, + {"etag-save", ARG_FILE, ' ', C_ETAG_SAVE}, + {"expect100-timeout", ARG_STRG, ' ', C_EXPECT100_TIMEOUT}, + {"fail", ARG_BOOL, 'f', C_FAIL}, + {"fail-early", ARG_BOOL, ' ', C_FAIL_EARLY}, + {"fail-with-body", ARG_BOOL, ' ', C_FAIL_WITH_BODY}, + {"false-start", ARG_BOOL, ' ', C_FALSE_START}, + {"form", ARG_STRG, 'F', C_FORM}, + {"form-escape", ARG_BOOL, ' ', C_FORM_ESCAPE}, + {"form-string", ARG_STRG, ' ', C_FORM_STRING}, + {"ftp-account", ARG_STRG, ' ', C_FTP_ACCOUNT}, + {"ftp-alternative-to-user", ARG_STRG, ' ', C_FTP_ALTERNATIVE_TO_USER}, + {"ftp-create-dirs", ARG_BOOL, ' ', C_FTP_CREATE_DIRS}, + {"ftp-method", ARG_STRG, ' ', C_FTP_METHOD}, + {"ftp-pasv", ARG_BOOL, ' ', C_FTP_PASV}, + {"ftp-port", ARG_STRG, 'P', C_FTP_PORT}, + {"ftp-pret", ARG_BOOL, ' ', C_FTP_PRET}, + {"ftp-skip-pasv-ip", ARG_BOOL, ' ', C_FTP_SKIP_PASV_IP}, + {"ftp-ssl", ARG_BOOL, ' ', C_FTP_SSL}, + {"ftp-ssl-ccc", ARG_BOOL, ' ', C_FTP_SSL_CCC}, + {"ftp-ssl-ccc-mode", ARG_STRG, ' ', C_FTP_SSL_CCC_MODE}, + {"ftp-ssl-control", ARG_BOOL, ' ', C_FTP_SSL_CONTROL}, + {"ftp-ssl-reqd", ARG_BOOL, ' ', C_FTP_SSL_REQD}, + {"get", ARG_BOOL, 'G', C_GET}, + {"globoff", ARG_BOOL, 'g', C_GLOBOFF}, + {"happy-eyeballs-timeout-ms", ARG_STRG, ' ', C_HAPPY_EYEBALLS_TIMEOUT_MS}, + {"haproxy-clientip", ARG_STRG, ' ', C_HAPROXY_CLIENTIP}, + {"haproxy-protocol", ARG_BOOL, ' ', C_HAPROXY_PROTOCOL}, + {"head", ARG_BOOL, 'I', C_HEAD}, + {"header", ARG_STRG, 'H', C_HEADER}, + {"help", ARG_BOOL, 'h', C_HELP}, + {"hostpubmd5", ARG_STRG, ' ', C_HOSTPUBMD5}, + {"hostpubsha256", ARG_STRG, ' ', C_HOSTPUBSHA256}, + {"hsts", ARG_STRG, ' ', C_HSTS}, + {"http0.9", ARG_BOOL, ' ', C_HTTP0_9}, + {"http1.0", ARG_NONE, '0', C_HTTP1_0}, + {"http1.1", ARG_NONE, ' ', C_HTTP1_1}, + {"http2", ARG_NONE, ' ', C_HTTP2}, + {"http2-prior-knowledge", ARG_NONE, ' ', C_HTTP2_PRIOR_KNOWLEDGE}, + {"http3", ARG_NONE, ' ', C_HTTP3}, + {"http3-only", ARG_NONE, ' ', C_HTTP3_ONLY}, + {"ignore-content-length", ARG_BOOL, ' ', C_IGNORE_CONTENT_LENGTH}, + {"include", ARG_BOOL, 'i', C_INCLUDE}, + {"insecure", ARG_BOOL, 'k', C_INSECURE}, + {"interface", ARG_STRG, ' ', C_INTERFACE}, + {"ipfs-gateway", ARG_STRG, ' ', C_IPFS_GATEWAY}, + {"ipv4", ARG_NONE, '4', C_IPV4}, + {"ipv6", ARG_NONE, '6', C_IPV6}, + {"json", ARG_STRG, ' ', C_JSON}, + {"junk-session-cookies", ARG_BOOL, 'j', C_JUNK_SESSION_COOKIES}, + {"keepalive", ARG_BOOL, ' ', C_KEEPALIVE}, + {"keepalive-time", ARG_STRG, ' ', C_KEEPALIVE_TIME}, + {"key", ARG_FILE, ' ', C_KEY}, + {"key-type", ARG_STRG, ' ', C_KEY_TYPE}, + {"krb", ARG_STRG, ' ', C_KRB}, + {"krb4", ARG_STRG, ' ', C_KRB4}, + {"libcurl", ARG_STRG, ' ', C_LIBCURL}, + {"limit-rate", ARG_STRG, ' ', C_LIMIT_RATE}, + {"list-only", ARG_BOOL, 'l', C_LIST_ONLY}, + {"local-port", ARG_STRG, ' ', C_LOCAL_PORT}, + {"location", ARG_BOOL, 'L', C_LOCATION}, + {"location-trusted", ARG_BOOL, ' ', C_LOCATION_TRUSTED}, + {"login-options", ARG_STRG, ' ', C_LOGIN_OPTIONS}, + {"mail-auth", ARG_STRG, ' ', C_MAIL_AUTH}, + {"mail-from", ARG_STRG, ' ', C_MAIL_FROM}, + {"mail-rcpt", ARG_STRG, ' ', C_MAIL_RCPT}, + {"mail-rcpt-allowfails", ARG_BOOL, ' ', C_MAIL_RCPT_ALLOWFAILS}, + {"manual", ARG_BOOL, 'M', C_MANUAL}, + {"max-filesize", ARG_STRG, ' ', C_MAX_FILESIZE}, + {"max-redirs", ARG_STRG, ' ', C_MAX_REDIRS}, + {"max-time", ARG_STRG, 'm', C_MAX_TIME}, + {"metalink", ARG_BOOL, ' ', C_METALINK}, + {"negotiate", ARG_BOOL, ' ', C_NEGOTIATE}, + {"netrc", ARG_BOOL, 'n', C_NETRC}, + {"netrc-file", ARG_FILE, ' ', C_NETRC_FILE}, + {"netrc-optional", ARG_BOOL, ' ', C_NETRC_OPTIONAL}, + {"next", ARG_NONE, ':', C_NEXT}, + {"noproxy", ARG_STRG, ' ', C_NOPROXY}, + {"npn", ARG_BOOL, ' ', C_NPN}, + {"ntlm", ARG_BOOL, ' ', C_NTLM}, + {"ntlm-wb", ARG_BOOL, ' ', C_NTLM_WB}, + {"oauth2-bearer", ARG_STRG, ' ', C_OAUTH2_BEARER}, + {"output", ARG_FILE, 'o', C_OUTPUT}, + {"output-dir", ARG_STRG, ' ', C_OUTPUT_DIR}, + {"parallel", ARG_BOOL, 'Z', C_PARALLEL}, + {"parallel-immediate", ARG_BOOL, ' ', C_PARALLEL_IMMEDIATE}, + {"parallel-max", ARG_STRG, ' ', C_PARALLEL_MAX}, + {"pass", ARG_STRG, ' ', C_PASS}, + {"path-as-is", ARG_BOOL, ' ', C_PATH_AS_IS}, + {"pinnedpubkey", ARG_STRG, ' ', C_PINNEDPUBKEY}, + {"post301", ARG_BOOL, ' ', C_POST301}, + {"post302", ARG_BOOL, ' ', C_POST302}, + {"post303", ARG_BOOL, ' ', C_POST303}, + {"preproxy", ARG_STRG, ' ', C_PREPROXY}, + {"progress-bar", ARG_BOOL, '#', C_PROGRESS_BAR}, + {"progress-meter", ARG_BOOL, ' ', C_PROGRESS_METER}, + {"proto", ARG_STRG, ' ', C_PROTO}, + {"proto-default", ARG_STRG, ' ', C_PROTO_DEFAULT}, + {"proto-redir", ARG_STRG, ' ', C_PROTO_REDIR}, + {"proxy", ARG_STRG, 'x', C_PROXY}, + {"proxy-anyauth", ARG_BOOL, ' ', C_PROXY_ANYAUTH}, + {"proxy-basic", ARG_BOOL, ' ', C_PROXY_BASIC}, + {"proxy-ca-native", ARG_BOOL, ' ', C_PROXY_CA_NATIVE}, + {"proxy-cacert", ARG_FILE, ' ', C_PROXY_CACERT}, + {"proxy-capath", ARG_FILE, ' ', C_PROXY_CAPATH}, + {"proxy-cert", ARG_FILE, ' ', C_PROXY_CERT}, + {"proxy-cert-type", ARG_STRG, ' ', C_PROXY_CERT_TYPE}, + {"proxy-ciphers", ARG_STRG, ' ', C_PROXY_CIPHERS}, + {"proxy-crlfile", ARG_FILE, ' ', C_PROXY_CRLFILE}, + {"proxy-digest", ARG_BOOL, ' ', C_PROXY_DIGEST}, + {"proxy-header", ARG_STRG, ' ', C_PROXY_HEADER}, + {"proxy-http2", ARG_BOOL, ' ', C_PROXY_HTTP2}, + {"proxy-insecure", ARG_BOOL, ' ', C_PROXY_INSECURE}, + {"proxy-key", ARG_FILE, ' ', C_PROXY_KEY}, + {"proxy-key-type", ARG_STRG, ' ', C_PROXY_KEY_TYPE}, + {"proxy-negotiate", ARG_BOOL, ' ', C_PROXY_NEGOTIATE}, + {"proxy-ntlm", ARG_BOOL, ' ', C_PROXY_NTLM}, + {"proxy-pass", ARG_STRG, ' ', C_PROXY_PASS}, + {"proxy-pinnedpubkey", ARG_STRG, ' ', C_PROXY_PINNEDPUBKEY}, + {"proxy-service-name", ARG_STRG, ' ', C_PROXY_SERVICE_NAME}, + {"proxy-ssl-allow-beast", ARG_BOOL, ' ', C_PROXY_SSL_ALLOW_BEAST}, + {"proxy-ssl-auto-client-cert", ARG_BOOL, ' ', C_PROXY_SSL_AUTO_CLIENT_CERT}, + {"proxy-tls13-ciphers", ARG_STRG, ' ', C_PROXY_TLS13_CIPHERS}, + {"proxy-tlsauthtype", ARG_STRG, ' ', C_PROXY_TLSAUTHTYPE}, + {"proxy-tlspassword", ARG_STRG, ' ', C_PROXY_TLSPASSWORD}, + {"proxy-tlsuser", ARG_STRG, ' ', C_PROXY_TLSUSER}, + {"proxy-tlsv1", ARG_NONE, ' ', C_PROXY_TLSV1}, + {"proxy-user", ARG_STRG, 'U', C_PROXY_USER}, + {"proxy1.0", ARG_STRG, ' ', C_PROXY1_0}, + {"proxytunnel", ARG_BOOL, 'p', C_PROXYTUNNEL}, + {"pubkey", ARG_STRG, ' ', C_PUBKEY}, + {"quote", ARG_STRG, 'Q', C_QUOTE}, + {"random-file", ARG_FILE, ' ', C_RANDOM_FILE}, + {"range", ARG_STRG, 'r', C_RANGE}, + {"rate", ARG_STRG, ' ', C_RATE}, + {"raw", ARG_BOOL, ' ', C_RAW}, + {"referer", ARG_STRG, 'e', C_REFERER}, + {"remote-header-name", ARG_BOOL, 'J', C_REMOTE_HEADER_NAME}, + {"remote-name", ARG_BOOL, 'O', C_REMOTE_NAME}, + {"remote-name-all", ARG_BOOL, ' ', C_REMOTE_NAME_ALL}, + {"remote-time", ARG_BOOL, 'R', C_REMOTE_TIME}, + {"remove-on-error", ARG_BOOL, ' ', C_REMOVE_ON_ERROR}, + {"request", ARG_STRG, 'X', C_REQUEST}, + {"request-target", ARG_STRG, ' ', C_REQUEST_TARGET}, + {"resolve", ARG_STRG, ' ', C_RESOLVE}, + {"retry", ARG_STRG, ' ', C_RETRY}, + {"retry-all-errors", ARG_BOOL, ' ', C_RETRY_ALL_ERRORS}, + {"retry-connrefused", ARG_BOOL, ' ', C_RETRY_CONNREFUSED}, + {"retry-delay", ARG_STRG, ' ', C_RETRY_DELAY}, + {"retry-max-time", ARG_STRG, ' ', C_RETRY_MAX_TIME}, + {"sasl-authzid", ARG_STRG, ' ', C_SASL_AUTHZID}, + {"sasl-ir", ARG_BOOL, ' ', C_SASL_IR}, + {"service-name", ARG_STRG, ' ', C_SERVICE_NAME}, + {"sessionid", ARG_BOOL, ' ', C_SESSIONID}, + {"show-error", ARG_BOOL, 'S', C_SHOW_ERROR}, + {"silent", ARG_BOOL, 's', C_SILENT}, + {"socks4", ARG_STRG, ' ', C_SOCKS4}, + {"socks4a", ARG_STRG, ' ', C_SOCKS4A}, + {"socks5", ARG_STRG, ' ', C_SOCKS5}, + {"socks5-basic", ARG_BOOL, ' ', C_SOCKS5_BASIC}, + {"socks5-gssapi", ARG_BOOL, ' ', C_SOCKS5_GSSAPI}, + {"socks5-gssapi-nec", ARG_BOOL, ' ', C_SOCKS5_GSSAPI_NEC}, + {"socks5-gssapi-service", ARG_STRG, ' ', C_SOCKS5_GSSAPI_SERVICE}, + {"socks5-hostname", ARG_STRG, ' ', C_SOCKS5_HOSTNAME}, + {"speed-limit", ARG_STRG, 'Y', C_SPEED_LIMIT}, + {"speed-time", ARG_STRG, 'y', C_SPEED_TIME}, + {"ssl", ARG_BOOL, ' ', C_SSL}, + {"ssl-allow-beast", ARG_BOOL, ' ', C_SSL_ALLOW_BEAST}, + {"ssl-auto-client-cert", ARG_BOOL, ' ', C_SSL_AUTO_CLIENT_CERT}, + {"ssl-no-revoke", ARG_BOOL, ' ', C_SSL_NO_REVOKE}, + {"ssl-reqd", ARG_BOOL, ' ', C_SSL_REQD}, + {"ssl-revoke-best-effort", ARG_BOOL, ' ', C_SSL_REVOKE_BEST_EFFORT}, + {"sslv2", ARG_NONE, '2', C_SSLV2}, + {"sslv3", ARG_NONE, '3', C_SSLV3}, + {"stderr", ARG_FILE, ' ', C_STDERR}, + {"styled-output", ARG_BOOL, ' ', C_STYLED_OUTPUT}, + {"suppress-connect-headers", ARG_BOOL, ' ', C_SUPPRESS_CONNECT_HEADERS}, + {"tcp-fastopen", ARG_BOOL, ' ', C_TCP_FASTOPEN}, + {"tcp-nodelay", ARG_BOOL, ' ', C_TCP_NODELAY}, + {"telnet-option", ARG_STRG, 't', C_TELNET_OPTION}, + {"test-event", ARG_BOOL, ' ', C_TEST_EVENT}, + {"tftp-blksize", ARG_STRG, ' ', C_TFTP_BLKSIZE}, + {"tftp-no-options", ARG_BOOL, ' ', C_TFTP_NO_OPTIONS}, + {"time-cond", ARG_STRG, 'z', C_TIME_COND}, + {"tls-max", ARG_STRG, ' ', C_TLS_MAX}, + {"tls13-ciphers", ARG_STRG, ' ', C_TLS13_CIPHERS}, + {"tlsauthtype", ARG_STRG, ' ', C_TLSAUTHTYPE}, + {"tlspassword", ARG_STRG, ' ', C_TLSPASSWORD}, + {"tlsuser", ARG_STRG, ' ', C_TLSUSER}, + {"tlsv1", ARG_NONE, '1', C_TLSV1}, + {"tlsv1.0", ARG_NONE, ' ', C_TLSV1_0}, + {"tlsv1.1", ARG_NONE, ' ', C_TLSV1_1}, + {"tlsv1.2", ARG_NONE, ' ', C_TLSV1_2}, + {"tlsv1.3", ARG_NONE, ' ', C_TLSV1_3}, + {"tr-encoding", ARG_BOOL, ' ', C_TR_ENCODING}, + {"trace", ARG_FILE, ' ', C_TRACE}, + {"trace-ascii", ARG_FILE, ' ', C_TRACE_ASCII}, + {"trace-config", ARG_STRG, ' ', C_TRACE_CONFIG}, + {"trace-ids", ARG_BOOL, ' ', C_TRACE_IDS}, + {"trace-time", ARG_BOOL, ' ', C_TRACE_TIME}, + {"unix-socket", ARG_FILE, ' ', C_UNIX_SOCKET}, + {"upload-file", ARG_FILE, 'T', C_UPLOAD_FILE}, + {"url", ARG_STRG, ' ', C_URL}, + {"url-query", ARG_STRG, ' ', C_URL_QUERY}, + {"use-ascii", ARG_BOOL, 'B', C_USE_ASCII}, + {"user", ARG_STRG, 'u', C_USER}, + {"user-agent", ARG_STRG, 'A', C_USER_AGENT}, + {"variable", ARG_STRG, ' ', C_VARIABLE}, + {"verbose", ARG_BOOL, 'v', C_VERBOSE}, + {"version", ARG_BOOL, 'V', C_VERSION}, #ifdef USE_WATT32 - {"*p", "wdebug", ARG_BOOL}, + {"wdebug", ARG_BOOL, ' ', C_WDEBUG}, #endif - {"*q", "ftp-create-dirs", ARG_BOOL}, - {"*r", "create-dirs", ARG_BOOL}, - {"*R", "create-file-mode", ARG_STRING}, - {"*s", "max-redirs", ARG_STRING}, - {"*S", "ipfs-gateway", ARG_STRING}, - {"*t", "proxy-ntlm", ARG_BOOL}, - {"*u", "crlf", ARG_BOOL}, - {"*v", "stderr", ARG_FILENAME}, - {"*V", "aws-sigv4", ARG_STRING}, - {"*w", "interface", ARG_STRING}, - {"*x", "krb", ARG_STRING}, - {"*x", "krb4", ARG_STRING}, - /* 'krb4' is the previous name */ - {"*X", "haproxy-protocol", ARG_BOOL}, - {"*P", "haproxy-clientip", ARG_STRING}, - {"*y", "max-filesize", ARG_STRING}, - {"*z", "disable-eprt", ARG_BOOL}, - {"*Z", "eprt", ARG_BOOL}, - /* 'eprt' made like this to make --no-eprt and --eprt to work - although --disable-eprt is the documented option */ - {"*~", "xattr", ARG_BOOL}, - {"$a", "ftp-ssl", ARG_BOOL}, - /* 'ftp-ssl' deprecated name since 7.20.0 */ - {"$a", "ssl", ARG_BOOL}, - /* 'ssl' new option name in 7.20.0, previously this was ftp-ssl */ - {"$b", "ftp-pasv", ARG_BOOL}, - {"$c", "socks5", ARG_STRING}, - {"$d", "tcp-nodelay", ARG_BOOL}, - {"$e", "proxy-digest", ARG_BOOL}, - {"$f", "proxy-basic", ARG_BOOL}, - {"$g", "retry", ARG_STRING}, - {"$V", "retry-connrefused", ARG_BOOL}, - {"$h", "retry-delay", ARG_STRING}, - {"$i", "retry-max-time", ARG_STRING}, - {"$k", "proxy-negotiate", ARG_BOOL}, - {"$l", "form-escape", ARG_BOOL}, - {"$m", "ftp-account", ARG_STRING}, - {"$n", "proxy-anyauth", ARG_BOOL}, - {"$o", "trace-time", ARG_BOOL}, - {"$p", "ignore-content-length", ARG_BOOL}, - {"$q", "ftp-skip-pasv-ip", ARG_BOOL}, - {"$r", "ftp-method", ARG_STRING}, - {"$s", "local-port", ARG_STRING}, - {"$t", "socks4", ARG_STRING}, - {"$T", "socks4a", ARG_STRING}, - {"$u", "ftp-alternative-to-user", ARG_STRING}, - {"$v", "ftp-ssl-reqd", ARG_BOOL}, - /* 'ftp-ssl-reqd' deprecated name since 7.20.0 */ - {"$v", "ssl-reqd", ARG_BOOL}, - /* 'ssl-reqd' new in 7.20.0, previously this was ftp-ssl-reqd */ - {"$w", "sessionid", ARG_BOOL}, - /* 'sessionid' listed as --no-sessionid in the help */ - {"$x", "ftp-ssl-control", ARG_BOOL}, - {"$y", "ftp-ssl-ccc", ARG_BOOL}, - {"$j", "ftp-ssl-ccc-mode", ARG_STRING}, - {"$z", "libcurl", ARG_STRING}, - {"$#", "raw", ARG_BOOL}, - {"$0", "post301", ARG_BOOL}, - {"$1", "keepalive", ARG_BOOL}, - /* 'keepalive' listed as --no-keepalive in the help */ - {"$2", "socks5-hostname", ARG_STRING}, - {"$3", "keepalive-time", ARG_STRING}, - {"$4", "post302", ARG_BOOL}, - {"$5", "noproxy", ARG_STRING}, - {"$7", "socks5-gssapi-nec", ARG_BOOL}, - {"$8", "proxy1.0", ARG_STRING}, - {"$9", "tftp-blksize", ARG_STRING}, - {"$A", "mail-from", ARG_STRING}, - {"$B", "mail-rcpt", ARG_STRING}, - {"$C", "ftp-pret", ARG_BOOL}, - {"$D", "proto", ARG_STRING}, - {"$E", "proto-redir", ARG_STRING}, - {"$F", "resolve", ARG_STRING}, - {"$G", "delegation", ARG_STRING}, - {"$H", "mail-auth", ARG_STRING}, - {"$I", "post303", ARG_BOOL}, - {"$J", "metalink", ARG_BOOL}, - {"$6", "sasl-authzid", ARG_STRING}, - {"$K", "sasl-ir", ARG_BOOL }, - {"$L", "test-event", ARG_BOOL}, - {"$M", "unix-socket", ARG_FILENAME}, - {"$N", "path-as-is", ARG_BOOL}, - {"$O", "socks5-gssapi-service", ARG_STRING}, - /* 'socks5-gssapi-service' merged with'proxy-service-name' and - deprecated since 7.49.0 */ - {"$O", "proxy-service-name", ARG_STRING}, - {"$P", "service-name", ARG_STRING}, - {"$Q", "proto-default", ARG_STRING}, - {"$R", "expect100-timeout", ARG_STRING}, - {"$S", "tftp-no-options", ARG_BOOL}, - {"$U", "connect-to", ARG_STRING}, - {"$W", "abstract-unix-socket", ARG_FILENAME}, - {"$X", "tls-max", ARG_STRING}, - {"$Y", "suppress-connect-headers", ARG_BOOL}, - {"$Z", "compressed-ssh", ARG_BOOL}, - {"$~", "happy-eyeballs-timeout-ms", ARG_STRING}, - {"$!", "retry-all-errors", ARG_BOOL}, - {"$%", "trace-ids", ARG_BOOL}, - {"$&", "trace-config", ARG_STRING}, - {"0", "http1.0", ARG_NONE}, - {"01", "http1.1", ARG_NONE}, - {"02", "http2", ARG_NONE}, - {"03", "http2-prior-knowledge", ARG_NONE}, - {"04", "http3", ARG_NONE}, - {"05", "http3-only", ARG_NONE}, - {"09", "http0.9", ARG_BOOL}, - {"0a", "proxy-http2", ARG_BOOL}, - {"1", "tlsv1", ARG_NONE}, - {"10", "tlsv1.0", ARG_NONE}, - {"11", "tlsv1.1", ARG_NONE}, - {"12", "tlsv1.2", ARG_NONE}, - {"13", "tlsv1.3", ARG_NONE}, - {"1A", "tls13-ciphers", ARG_STRING}, - {"1B", "proxy-tls13-ciphers", ARG_STRING}, - {"2", "sslv2", ARG_NONE}, - {"3", "sslv3", ARG_NONE}, - {"4", "ipv4", ARG_NONE}, - {"6", "ipv6", ARG_NONE}, - {"a", "append", ARG_BOOL}, - {"A", "user-agent", ARG_STRING}, - {"b", "cookie", ARG_STRING}, - {"ba", "alt-svc", ARG_STRING}, - {"bb", "hsts", ARG_STRING}, - {"B", "use-ascii", ARG_BOOL}, - {"c", "cookie-jar", ARG_STRING}, - {"C", "continue-at", ARG_STRING}, - {"d", "data", ARG_STRING}, - {"dr", "data-raw", ARG_STRING}, - {"da", "data-ascii", ARG_STRING}, - {"db", "data-binary", ARG_STRING}, - {"de", "data-urlencode", ARG_STRING}, - {"df", "json", ARG_STRING}, - {"dg", "url-query", ARG_STRING}, - {"D", "dump-header", ARG_FILENAME}, - {"e", "referer", ARG_STRING}, - {"E", "cert", ARG_FILENAME}, - {"Ea", "cacert", ARG_FILENAME}, - {"Eb", "cert-type", ARG_STRING}, - {"Ec", "key", ARG_FILENAME}, - {"Ed", "key-type", ARG_STRING}, - {"Ee", "pass", ARG_STRING}, - {"Ef", "engine", ARG_STRING}, - {"EG", "ca-native", ARG_BOOL}, - {"EH", "proxy-ca-native", ARG_BOOL}, - {"Eg", "capath", ARG_FILENAME}, - {"Eh", "pubkey", ARG_STRING}, - {"Ei", "hostpubmd5", ARG_STRING}, - {"EF", "hostpubsha256", ARG_STRING}, - {"Ej", "crlfile", ARG_FILENAME}, - {"Ek", "tlsuser", ARG_STRING}, - {"El", "tlspassword", ARG_STRING}, - {"Em", "tlsauthtype", ARG_STRING}, - {"En", "ssl-allow-beast", ARG_BOOL}, - {"Eo", "ssl-auto-client-cert", ARG_BOOL}, - {"EO", "proxy-ssl-auto-client-cert", ARG_BOOL}, - {"Ep", "pinnedpubkey", ARG_STRING}, - {"EP", "proxy-pinnedpubkey", ARG_STRING}, - {"Eq", "cert-status", ARG_BOOL}, - {"EQ", "doh-cert-status", ARG_BOOL}, - {"Er", "false-start", ARG_BOOL}, - {"Es", "ssl-no-revoke", ARG_BOOL}, - {"ES", "ssl-revoke-best-effort", ARG_BOOL}, - {"Et", "tcp-fastopen", ARG_BOOL}, - {"Eu", "proxy-tlsuser", ARG_STRING}, - {"Ev", "proxy-tlspassword", ARG_STRING}, - {"Ew", "proxy-tlsauthtype", ARG_STRING}, - {"Ex", "proxy-cert", ARG_FILENAME}, - {"Ey", "proxy-cert-type", ARG_STRING}, - {"Ez", "proxy-key", ARG_FILENAME}, - {"E0", "proxy-key-type", ARG_STRING}, - {"E1", "proxy-pass", ARG_STRING}, - {"E2", "proxy-ciphers", ARG_STRING}, - {"E3", "proxy-crlfile", ARG_FILENAME}, - {"E4", "proxy-ssl-allow-beast", ARG_BOOL}, - {"E5", "login-options", ARG_STRING}, - {"E6", "proxy-cacert", ARG_FILENAME}, - {"E7", "proxy-capath", ARG_FILENAME}, - {"E8", "proxy-insecure", ARG_BOOL}, - {"E9", "proxy-tlsv1", ARG_NONE}, - {"EA", "socks5-basic", ARG_BOOL}, - {"EB", "socks5-gssapi", ARG_BOOL}, - {"EC", "etag-save", ARG_FILENAME}, - {"ED", "etag-compare", ARG_FILENAME}, - {"EE", "curves", ARG_STRING}, - {"f", "fail", ARG_BOOL}, - {"fa", "fail-early", ARG_BOOL}, - {"fb", "styled-output", ARG_BOOL}, - {"fc", "mail-rcpt-allowfails", ARG_BOOL}, - {"fd", "fail-with-body", ARG_BOOL}, - {"fe", "remove-on-error", ARG_BOOL}, - {"F", "form", ARG_STRING}, - {"Fs", "form-string", ARG_STRING}, - {"g", "globoff", ARG_BOOL}, - {"G", "get", ARG_BOOL}, - {"Ga", "request-target", ARG_STRING}, - {"h", "help", ARG_BOOL}, - {"H", "header", ARG_STRING}, - {"Hp", "proxy-header", ARG_STRING}, - {"i", "include", ARG_BOOL}, - {"I", "head", ARG_BOOL}, - {"j", "junk-session-cookies", ARG_BOOL}, - {"J", "remote-header-name", ARG_BOOL}, - {"k", "insecure", ARG_BOOL}, - {"kd", "doh-insecure", ARG_BOOL}, - {"K", "config", ARG_FILENAME}, - {"l", "list-only", ARG_BOOL}, - {"L", "location", ARG_BOOL}, - {"Lt", "location-trusted", ARG_BOOL}, - {"m", "max-time", ARG_STRING}, - {"M", "manual", ARG_BOOL}, - {"n", "netrc", ARG_BOOL}, - {"no", "netrc-optional", ARG_BOOL}, - {"ne", "netrc-file", ARG_FILENAME}, - {"N", "buffer", ARG_BOOL}, - /* 'buffer' listed as --no-buffer in the help */ - {"o", "output", ARG_FILENAME}, - {"O", "remote-name", ARG_BOOL}, - {"Oa", "remote-name-all", ARG_BOOL}, - {"Ob", "output-dir", ARG_STRING}, - {"Oc", "clobber", ARG_BOOL}, - {"p", "proxytunnel", ARG_BOOL}, - {"P", "ftp-port", ARG_STRING}, - {"q", "disable", ARG_BOOL}, - {"Q", "quote", ARG_STRING}, - {"r", "range", ARG_STRING}, - {"R", "remote-time", ARG_BOOL}, - {"s", "silent", ARG_BOOL}, - {"S", "show-error", ARG_BOOL}, - {"t", "telnet-option", ARG_STRING}, - {"T", "upload-file", ARG_FILENAME}, - {"u", "user", ARG_STRING}, - {"U", "proxy-user", ARG_STRING}, - {"v", "verbose", ARG_BOOL}, - {"V", "version", ARG_BOOL}, - {"w", "write-out", ARG_STRING}, - {"x", "proxy", ARG_STRING}, - {"xa", "preproxy", ARG_STRING}, - {"X", "request", ARG_STRING}, - {"Y", "speed-limit", ARG_STRING}, - {"y", "speed-time", ARG_STRING}, - {"z", "time-cond", ARG_STRING}, - {"Z", "parallel", ARG_BOOL}, - {"Zb", "parallel-max", ARG_STRING}, - {"Zc", "parallel-immediate", ARG_BOOL}, - {"#", "progress-bar", ARG_BOOL}, - {"#m", "progress-meter", ARG_BOOL}, - {":", "next", ARG_NONE}, - {":a", "variable", ARG_STRING}, + {"write-out", ARG_STRG, 'w', C_WRITE_OUT}, + {"xattr", ARG_BOOL, ' ', C_XATTR}, }; /* Split the argument of -E to 'certname' and 'passphrase' separated by colon. @@ -437,7 +700,7 @@ void parse_cert_parameter(const char *cert_parameter, needs to work. In order not to break compatibility, we still use : as separator, but we try to detect when it is used for a file name! On windows. */ -#ifdef WIN32 +#ifdef _WIN32 if((param_place == &cert_parameter[1]) && (cert_parameter[2] == '\\' || cert_parameter[2] == '/') && (ISALPHA(cert_parameter[0])) ) { @@ -495,12 +758,14 @@ static void GetFileAndPassword(char *nextarg, char **file, char **password) { char *certname, *passphrase; - parse_cert_parameter(nextarg, &certname, &passphrase); - Curl_safefree(*file); - *file = certname; - if(passphrase) { - Curl_safefree(*password); - *password = passphrase; + if(nextarg) { + parse_cert_parameter(nextarg, &certname, &passphrase); + Curl_safefree(*file); + *file = certname; + if(passphrase) { + Curl_safefree(*password); + *password = passphrase; + } } } @@ -559,7 +824,7 @@ static ParameterError GetSizeParameter(struct GlobalConfig *global, #ifdef HAVE_WRITABLE_ARGV static void cleanarg(argv_item_t str) { - /* now that GetStr has copied the contents of nextarg, wipe the next + /* now that getstr has copied the contents of nextarg, wipe the next * argument out so that the username:password isn't displayed in the * system process list */ if(str) { @@ -624,7 +889,9 @@ static ParameterError data_urlencode(struct GlobalConfig *global, return err; } else { - GetStr(&postdata, p); + err = getstr(&postdata, p, ALLOW_BLANK); + if(err) + goto error; if(postdata) size = strlen(postdata); } @@ -641,25 +908,18 @@ static ParameterError data_urlencode(struct GlobalConfig *global, char *enc = curl_easy_escape(NULL, postdata, (int)size); Curl_safefree(postdata); /* no matter if it worked or not */ if(enc) { - /* replace (in-place) '%20' by '+' according to RFC1866 */ - size_t enclen = replace_url_encoded_space_by_plus(enc); - /* now make a string with the name from above and append the - encoded string */ - size_t outlen = nlen + enclen + 2; - char *n = malloc(outlen); - if(!n) { - curl_free(enc); - return PARAM_NO_MEM; - } + char *n; + replace_url_encoded_space_by_plus(enc); if(nlen > 0) { /* only append '=' if we have a name */ - msnprintf(n, outlen, "%.*s=%s", (int)nlen, nextarg, enc); - size = outlen-1; - } - else { - strcpy(n, enc); - size = outlen-2; /* since no '=' was inserted */ + n = aprintf("%.*s=%s", (int)nlen, nextarg, enc); + curl_free(enc); + if(!n) + return PARAM_NO_MEM; } - curl_free(enc); + else + n = enc; + + size = strlen(n); postdata = n; } else @@ -738,6 +998,212 @@ out: return result; } +static int findarg(const void *a, const void *b) +{ + const struct LongShort *aa = a; + const struct LongShort *bb = b; + return strcmp(aa->lname, bb->lname); +} + +static const struct LongShort *single(char letter) +{ + static const struct LongShort *singles[128 - ' ']; /* ASCII => pointer */ + static bool singles_done = FALSE; + DEBUGASSERT((letter < 127) && (letter > ' ')); + + if(!singles_done) { + unsigned int j; + for(j = 0; j < sizeof(aliases)/sizeof(aliases[0]); j++) { + if(aliases[j].letter != ' ') { + unsigned char l = aliases[j].letter; + singles[l - ' '] = &aliases[j]; + } + } + singles_done = TRUE; + } + return singles[letter - ' ']; +} + +#define MAX_QUERY_LEN 100000 /* larger is not likely to ever work */ +static ParameterError url_query(char *nextarg, + struct GlobalConfig *global, + struct OperationConfig *config) +{ + size_t size = 0; + ParameterError err = PARAM_OK; + char *query; + struct curlx_dynbuf dyn; + curlx_dyn_init(&dyn, MAX_QUERY_LEN); + + if(*nextarg == '+') { + /* use without encoding */ + query = strdup(&nextarg[1]); + if(!query) + err = PARAM_NO_MEM; + } + else + err = data_urlencode(global, nextarg, &query, &size); + + if(!err) { + if(config->query) { + CURLcode result = curlx_dyn_addf(&dyn, "%s&%s", config->query, query); + free(query); + if(result) + err = PARAM_NO_MEM; + else { + free(config->query); + config->query = curlx_dyn_ptr(&dyn); + } + } + else + config->query = query; + } + return err; +} + +static ParameterError set_data(cmdline_t cmd, + char *nextarg, + struct GlobalConfig *global, + struct OperationConfig *config) +{ + char *postdata = NULL; + FILE *file; + size_t size = 0; + ParameterError err = PARAM_OK; + + if(cmd == C_DATA_URLENCODE) { /* --data-urlencode */ + err = data_urlencode(global, nextarg, &postdata, &size); + if(err) + return err; + } + else if('@' == *nextarg && (cmd != C_DATA_RAW)) { + /* the data begins with a '@' letter, it means that a file name + or - (stdin) follows */ + nextarg++; /* pass the @ */ + + if(!strcmp("-", nextarg)) { + file = stdin; + if(cmd == C_DATA_BINARY) /* forced data-binary */ + set_binmode(stdin); + } + else { + file = fopen(nextarg, "rb"); + if(!file) { + errorf(global, "Failed to open %s", nextarg); + return PARAM_READ_ERROR; + } + } + + if((cmd == C_DATA_BINARY) || /* --data-binary */ + (cmd == C_JSON) /* --json */) + /* forced binary */ + err = file2memory(&postdata, &size, file); + else { + err = file2string(&postdata, file); + if(postdata) + size = strlen(postdata); + } + + if(file && (file != stdin)) + fclose(file); + if(err) + return err; + + if(!postdata) { + /* no data from the file, point to a zero byte string to make this + get sent as a POST anyway */ + postdata = strdup(""); + if(!postdata) + return PARAM_NO_MEM; + } + } + else { + err = getstr(&postdata, nextarg, ALLOW_BLANK); + if(err) + return err; + if(postdata) + size = strlen(postdata); + } + if(cmd == C_JSON) + config->jsoned = TRUE; + + if(curlx_dyn_len(&config->postdata)) { + /* skip separator append for --json */ + if(!err && (cmd != C_JSON) && + curlx_dyn_addn(&config->postdata, "&", 1)) + err = PARAM_NO_MEM; + } + + if(!err && curlx_dyn_addn(&config->postdata, postdata, size)) + err = PARAM_NO_MEM; + + Curl_safefree(postdata); + + config->postfields = curlx_dyn_ptr(&config->postdata); + return err; +} + +static ParameterError set_rate(struct GlobalConfig *global, + char *nextarg) +{ + /* --rate */ + /* support a few different suffixes, extract the suffix first, then + get the number and convert to per hour. + /s == per second + /m == per minute + /h == per hour (default) + /d == per day (24 hours) + */ + ParameterError err = PARAM_OK; + char *div = strchr(nextarg, '/'); + char number[26]; + long denominator; + long numerator = 60*60*1000; /* default per hour */ + size_t numlen = div ? (size_t)(div - nextarg) : strlen(nextarg); + if(numlen > sizeof(number) -1) + return PARAM_NUMBER_TOO_LARGE; + + strncpy(number, nextarg, numlen); + number[numlen] = 0; + err = str2unum(&denominator, number); + if(err) + return err; + + if(denominator < 1) + return PARAM_BAD_USE; + + if(div) { + char unit = div[1]; + switch(unit) { + case 's': /* per second */ + numerator = 1000; + break; + case 'm': /* per minute */ + numerator = 60*1000; + break; + case 'h': /* per hour */ + break; + case 'd': /* per day */ + numerator = 24*60*60*1000; + break; + default: + errorf(global, "unsupported --rate unit"); + err = PARAM_BAD_USE; + break; + } + } + + if(err) + ; + else if(denominator > numerator) + err = PARAM_NUMBER_TOO_LARGE; + else + global->ms_per_transfer = numerator/denominator; + + return err; +} + + ParameterError getparameter(const char *flag, /* f or -long-flag */ char *nextarg, /* NULL if unset */ argv_item_t cleararg, @@ -746,19 +1212,16 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ struct GlobalConfig *global, struct OperationConfig *config) { - char letter; - char subletter = '\0'; /* subletters can only occur on long options */ int rc; const char *parse = NULL; - unsigned int j; time_t now; - int hit = -1; bool longopt = FALSE; bool singleopt = FALSE; /* when true means '-o foo' used '-ofoo' */ ParameterError err = PARAM_OK; bool toggle = TRUE; /* how to switch boolean options, on or off. Controlled by using --OPTION or --no-OPTION */ bool nextalloc = FALSE; /* if nextarg is allocated */ + struct getout *url; static const char *redir_protos[] = { "http", "https", @@ -766,6 +1229,8 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ "ftps", NULL }; + const struct LongShort *a = NULL; + curl_off_t value; #ifdef HAVE_WRITABLE_ARGV argv_item_t clearthis = NULL; #else @@ -777,10 +1242,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ if(('-' != flag[0]) || ('-' == flag[1])) { /* this should be a long name */ const char *word = ('-' == flag[0]) ? flag + 2 : flag; - size_t fnam = strlen(word); - int numhits = 0; bool noflagged = FALSE; bool expand = FALSE; + struct LongShort key; if(!strncmp(word, "no-", 3)) { /* disable this option but ignore the "no-" part when looking for it */ @@ -793,41 +1257,28 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ word += 7; expand = TRUE; } + key.lname = word; - for(j = 0; j < sizeof(aliases)/sizeof(aliases[0]); j++) { - if(curl_strnequal(aliases[j].lname, word, fnam)) { - longopt = TRUE; - numhits++; - if(curl_strequal(aliases[j].lname, word)) { - parse = aliases[j].letter; - hit = j; - numhits = 1; /* a single unique hit */ - break; - } - parse = aliases[j].letter; - hit = j; - } - } - if(numhits > 1) { - /* this is at least the second match! */ - err = PARAM_OPTION_AMBIGUOUS; - goto error; + a = bsearch(&key, aliases, sizeof(aliases)/sizeof(aliases[0]), + sizeof(aliases[0]), findarg); + if(a) { + longopt = TRUE; } - else if(hit < 0) { + else { err = PARAM_OPTION_UNKNOWN; goto error; } - else if(noflagged && (aliases[hit].desc != ARG_BOOL)) { + if(noflagged && (a->desc != ARG_BOOL)) { /* --no- prefixed an option that isn't boolean! */ err = PARAM_NO_NOT_BOOLEAN; goto error; } - else if(expand) { + else if(expand && nextarg) { struct curlx_dynbuf nbuf; bool replaced; - if((aliases[hit].desc != ARG_STRING) && - (aliases[hit].desc != ARG_FILENAME)) { + if((a->desc != ARG_STRG) && + (a->desc != ARG_FILE)) { /* --expand on an option that isn't a string or a filename */ err = PARAM_EXPAND_ERROR; goto error; @@ -845,36 +1296,24 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ } else { flag++; /* prefixed with one dash, pass it */ - hit = -1; parse = flag; } do { /* we can loop here if we have multiple single-letters */ + char letter; + cmdline_t cmd; - if(!longopt) { - letter = (char)*parse; - subletter = '\0'; - } - else { - letter = parse[0]; - subletter = parse[1]; - } - - if(hit < 0) { - for(j = 0; j < sizeof(aliases)/sizeof(aliases[0]); j++) { - if(letter == aliases[j].letter[0]) { - hit = j; - break; - } - } - if(hit < 0) { + if(!longopt && !a) { + a = single(*parse); + if(!a) { err = PARAM_OPTION_UNKNOWN; break; } } - - if(aliases[hit].desc >= ARG_STRING) { + letter = a->letter; + cmd = a->cmd; + if(a->desc >= ARG_STRG) { /* this option requires an extra parameter */ if(!longopt && parse[1]) { nextarg = (char *)&parse[1]; /* this is the actual extra parameter */ @@ -891,813 +1330,684 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ *usedarg = TRUE; /* mark it as used */ } - if((aliases[hit].desc == ARG_FILENAME) && + if((a->desc == ARG_FILE) && (nextarg[0] == '-') && nextarg[1]) { /* if the file name looks like a command line option */ warnf(global, "The file name argument '%s' looks like a flag.", nextarg); } } - else if((aliases[hit].desc == ARG_NONE) && !toggle) { + else if((a->desc == ARG_NONE) && !toggle) { err = PARAM_NO_PREFIX; break; } - switch(letter) { - case '*': /* options without a short option */ - switch(subletter) { - case '4': /* --dns-ipv4-addr */ - if(!curlinfo->ares_num) { /* c-ares is needed for this */ - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } + if(!nextarg) + /* this is a precaution mostly to please scan-build, as all arguments + that use nextarg should be marked as such and they will check that + nextarg is set before continuing, but code analyzers are not always + that aware of that state */ + nextarg = (char *)""; + + switch(cmd) { + case C_DNS_IPV4_ADDR: /* --dns-ipv4-addr */ + if(!curlinfo->ares_num) /* c-ares is needed for this */ + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else /* addr in dot notation */ - GetStr(&config->dns_ipv4_addr, nextarg); - break; - case '6': /* --dns-ipv6-addr */ - if(!curlinfo->ares_num) { /* c-ares is needed for this */ - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } + err = getstr(&config->dns_ipv4_addr, nextarg, DENY_BLANK); + break; + case C_DNS_IPV6_ADDR: /* --dns-ipv6-addr */ + if(!curlinfo->ares_num) /* c-ares is needed for this */ + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else /* addr in dot notation */ - GetStr(&config->dns_ipv6_addr, nextarg); - break; - case 'a': /* random-file */ - break; - case 'b': /* egd-file */ - break; - case 'B': /* OAuth 2.0 bearer token */ - GetStr(&config->oauth_bearer, nextarg); + err = getstr(&config->dns_ipv6_addr, nextarg, DENY_BLANK); + break; + case C_RANDOM_FILE: /* --random-file */ + break; + case C_EGD_FILE: /* --egd-file */ + break; + case C_OAUTH2_BEARER: /* --oauth2-bearer */ + err = getstr(&config->oauth_bearer, nextarg, DENY_BLANK); + if(!err) { cleanarg(clearthis); config->authtype |= CURLAUTH_BEARER; - break; - case 'c': /* connect-timeout */ - err = secs2ms(&config->connecttimeout_ms, nextarg); - break; - case 'C': /* doh-url */ - GetStr(&config->doh_url, nextarg); - if(config->doh_url && !config->doh_url[0]) - /* if given a blank string, we make it NULL again */ - Curl_safefree(config->doh_url); - break; - case 'd': /* ciphers */ - GetStr(&config->cipher_list, nextarg); - break; - case 'D': /* --dns-interface */ - if(!curlinfo->ares_num) /* c-ares is needed for this */ - err = PARAM_LIBCURL_DOESNT_SUPPORT; - else - /* interface name */ - GetStr(&config->dns_interface, nextarg); - break; - case 'e': /* --disable-epsv */ - config->disable_epsv = toggle; - break; - case 'f': /* --disallow-username-in-url */ - config->disallow_username_in_url = toggle; - break; - case 'E': /* --epsv */ - config->disable_epsv = (!toggle)?TRUE:FALSE; - break; - case 'F': /* --dns-servers */ - if(!curlinfo->ares_num) /* c-ares is needed for this */ - err = PARAM_LIBCURL_DOESNT_SUPPORT; - else - /* IP addrs of DNS servers */ - GetStr(&config->dns_servers, nextarg); - break; - case 'g': /* --trace */ - GetStr(&global->trace_dump, nextarg); + } + break; + case C_CONNECT_TIMEOUT: /* --connect-timeout */ + err = secs2ms(&config->connecttimeout_ms, nextarg); + break; + case C_DOH_URL: /* --doh-url */ + err = getstr(&config->doh_url, nextarg, ALLOW_BLANK); + if(!err && config->doh_url && !config->doh_url[0]) + /* if given a blank string, make it NULL again */ + Curl_safefree(config->doh_url); + break; + case C_CIPHERS: /* -- ciphers */ + err = getstr(&config->cipher_list, nextarg, DENY_BLANK); + break; + case C_DNS_INTERFACE: /* --dns-interface */ + if(!curlinfo->ares_num) /* c-ares is needed for this */ + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else + /* interface name */ + err = getstr(&config->dns_interface, nextarg, DENY_BLANK); + break; + case C_DISABLE_EPSV: /* --disable-epsv */ + config->disable_epsv = toggle; + break; + case C_DISALLOW_USERNAME_IN_URL: /* --disallow-username-in-url */ + config->disallow_username_in_url = toggle; + break; + case C_EPSV: /* --epsv */ + config->disable_epsv = (!toggle)?TRUE:FALSE; + break; + case C_DNS_SERVERS: /* --dns-servers */ + if(!curlinfo->ares_num) /* c-ares is needed for this */ + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else + /* IP addrs of DNS servers */ + err = getstr(&config->dns_servers, nextarg, DENY_BLANK); + break; + case C_TRACE: /* --trace */ + err = getstr(&global->trace_dump, nextarg, DENY_BLANK); + if(!err) { if(global->tracetype && (global->tracetype != TRACE_BIN)) warnf(global, "--trace overrides an earlier trace/verbose option"); global->tracetype = TRACE_BIN; - break; - case 'G': /* --npn */ - warnf(global, "--npn is no longer supported"); - break; - case 'h': /* --trace-ascii */ - GetStr(&global->trace_dump, nextarg); + } + break; + case C_NPN: /* --npn */ + warnf(global, "--npn is no longer supported"); + break; + case C_TRACE_ASCII: /* --trace-ascii */ + err = getstr(&global->trace_dump, nextarg, DENY_BLANK); + if(!err) { if(global->tracetype && (global->tracetype != TRACE_ASCII)) warnf(global, "--trace-ascii overrides an earlier trace/verbose option"); global->tracetype = TRACE_ASCII; - break; - case 'H': /* --alpn */ - config->noalpn = (!toggle)?TRUE:FALSE; - break; - case 'i': /* --limit-rate */ - { - curl_off_t value; - err = GetSizeParameter(global, nextarg, "rate", &value); - if(err) - break; + } + break; + case C_ALPN: /* --alpn */ + config->noalpn = (!toggle)?TRUE:FALSE; + break; + case C_LIMIT_RATE: /* --limit-rate */ + err = GetSizeParameter(global, nextarg, "rate", &value); + if(!err) { config->recvpersecond = value; config->sendpersecond = value; } break; - case 'I': /* --rate (request rate) */ - { - /* support a few different suffixes, extract the suffix first, then - get the number and convert to per hour. - /s == per second - /m == per minute - /h == per hour (default) - /d == per day (24 hours) - */ - char *div = strchr(nextarg, '/'); - char number[26]; - long denominator; - long numerator = 60*60*1000; /* default per hour */ - size_t numlen = div ? (size_t)(div - nextarg) : strlen(nextarg); - if(numlen > sizeof(number)-1) { - err = PARAM_NUMBER_TOO_LARGE; - break; - } - strncpy(number, nextarg, numlen); - number[numlen] = 0; - err = str2unum(&denominator, number); - if(err) - break; - - if(denominator < 1) { - err = PARAM_BAD_USE; - break; - } - if(div) { - char unit = div[1]; - switch(unit) { - case 's': /* per second */ - numerator = 1000; - break; - case 'm': /* per minute */ - numerator = 60*1000; - break; - case 'h': /* per hour */ - break; - case 'd': /* per day */ - numerator = 24*60*60*1000; - break; - default: - errorf(global, "unsupported --rate unit"); - err = PARAM_BAD_USE; - break; - } - } - global->ms_per_transfer = numerator/denominator; - } + case C_RATE: + err = set_rate(global, nextarg); break; - - case 'j': /* --compressed */ - if(toggle && !(feature_libz || feature_brotli || feature_zstd)) { - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } + case C_COMPRESSED: /* --compressed */ + if(toggle && !(feature_libz || feature_brotli || feature_zstd)) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else config->encoding = toggle; - break; - - case 'J': /* --tr-encoding */ - config->tr_encoding = toggle; - break; - - case 'k': /* --digest */ - if(toggle) - config->authtype |= CURLAUTH_DIGEST; - else - config->authtype &= ~CURLAUTH_DIGEST; - break; + break; + case C_TR_ENCODING: /* --tr-encoding */ + config->tr_encoding = toggle; + break; + case C_DIGEST: /* --digest */ + if(toggle) + config->authtype |= CURLAUTH_DIGEST; + else + config->authtype &= ~CURLAUTH_DIGEST; + break; + case C_NEGOTIATE: /* --negotiate */ + if(!toggle) + config->authtype &= ~CURLAUTH_NEGOTIATE; + else if(feature_spnego) + config->authtype |= CURLAUTH_NEGOTIATE; + else + err = PARAM_LIBCURL_DOESNT_SUPPORT; + break; + case C_NTLM: /* --ntlm */ + if(!toggle) + config->authtype &= ~CURLAUTH_NTLM; + else if(feature_ntlm) + config->authtype |= CURLAUTH_NTLM; + else + err = PARAM_LIBCURL_DOESNT_SUPPORT; + break; + case C_NTLM_WB: /* --ntlm-wb */ + if(!toggle) + config->authtype &= ~CURLAUTH_NTLM_WB; + else if(feature_ntlm_wb) + config->authtype |= CURLAUTH_NTLM_WB; + else + err = PARAM_LIBCURL_DOESNT_SUPPORT; + break; + case C_BASIC: /* --basic */ + if(toggle) + config->authtype |= CURLAUTH_BASIC; + else + config->authtype &= ~CURLAUTH_BASIC; + break; + case C_ANYAUTH: /* --anyauth */ + if(toggle) + config->authtype = CURLAUTH_ANY; + /* --no-anyauth simply doesn't touch it */ + break; +#ifdef USE_WATT32 + case C_WDEBUG: /* --wdebug */ + dbug_init(); + break; +#endif + case C_FTP_CREATE_DIRS: /* --ftp-create-dirs */ + config->ftp_create_dirs = toggle; + break; + case C_CREATE_DIRS: /* --create-dirs */ + config->create_dirs = toggle; + break; + case C_CREATE_FILE_MODE: /* --create-file-mode */ + err = oct2nummax(&config->create_file_mode, nextarg, 0777); + break; + case C_MAX_REDIRS: /* --max-redirs */ + /* specified max no of redirects (http(s)), this accepts -1 as a + special condition */ + err = str2num(&config->maxredirs, nextarg); + if(!err && (config->maxredirs < -1)) + err = PARAM_BAD_NUMERIC; + break; + case C_IPFS_GATEWAY: /* --ipfs-gateway */ + err = getstr(&config->ipfs_gateway, nextarg, DENY_BLANK); + break; + case C_PROXY_NTLM: /* --proxy-ntlm */ + if(!feature_ntlm) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else + config->proxyntlm = toggle; + break; + case C_CRLF: /* --crlf */ + /* LF -> CRLF conversion? */ + config->crlf = toggle; + break; + case C_AWS_SIGV4: /* --aws-sigv4 */ + config->authtype |= CURLAUTH_AWS_SIGV4; + err = getstr(&config->aws_sigv4, nextarg, DENY_BLANK); + break; + case C_STDERR: /* --stderr */ + tool_set_stderr_file(global, nextarg); + break; + case C_INTERFACE: /* --interface */ + /* interface */ + err = getstr(&config->iface, nextarg, DENY_BLANK); + break; + case C_KRB: /* --krb */ + /* kerberos level string */ + if(!feature_spnego) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else + err = getstr(&config->krblevel, nextarg, DENY_BLANK); + break; + case C_HAPROXY_PROTOCOL: /* --haproxy-protocol */ + config->haproxy_protocol = toggle; + break; + case C_HAPROXY_CLIENTIP: /* --haproxy-clientip */ + err = getstr(&config->haproxy_clientip, nextarg, DENY_BLANK); + break; + case C_MAX_FILESIZE: /* --max-filesize */ + err = GetSizeParameter(global, nextarg, "max-filesize", &value); + if(!err) + config->max_filesize = value; + break; + case C_DISABLE_EPRT: /* --disable-eprt */ + config->disable_eprt = toggle; + break; + case C_EPRT: /* --eprt */ + config->disable_eprt = (!toggle)?TRUE:FALSE; + break; + case C_XATTR: /* --xattr */ + config->xattr = toggle; + break; + case C_URL: /* --url */ + if(!config->url_get) + config->url_get = config->url_list; - case 'l': /* --negotiate */ - if(!toggle) - config->authtype &= ~CURLAUTH_NEGOTIATE; - else if(feature_spnego) - config->authtype |= CURLAUTH_NEGOTIATE; - else { - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } - break; + if(config->url_get) { + /* there's a node here, if it already is filled-in continue to find + an "empty" node */ + while(config->url_get && (config->url_get->flags & GETOUT_URL)) + config->url_get = config->url_get->next; + } - case 'm': /* --ntlm */ - if(!toggle) - config->authtype &= ~CURLAUTH_NTLM; - else if(feature_ntlm) - config->authtype |= CURLAUTH_NTLM; - else { - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } - break; + /* now there might or might not be an available node to fill in! */ - case 'M': /* --ntlm-wb */ - if(!toggle) - config->authtype &= ~CURLAUTH_NTLM_WB; - else if(feature_ntlm_wb) - config->authtype |= CURLAUTH_NTLM_WB; - else { - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } - break; - - case 'n': /* --basic for completeness */ - if(toggle) - config->authtype |= CURLAUTH_BASIC; - else - config->authtype &= ~CURLAUTH_BASIC; - break; - - case 'o': /* --anyauth, let libcurl pick it */ - if(toggle) - config->authtype = CURLAUTH_ANY; - /* --no-anyauth simply doesn't touch it */ - break; - -#ifdef USE_WATT32 - case 'p': /* --wdebug */ - dbug_init(); - break; -#endif - case 'q': /* --ftp-create-dirs */ - config->ftp_create_dirs = toggle; - break; - - case 'r': /* --create-dirs */ - config->create_dirs = toggle; - break; - - case 'R': /* --create-file-mode */ - err = oct2nummax(&config->create_file_mode, nextarg, 0777); - break; - - case 's': /* --max-redirs */ - /* specified max no of redirects (http(s)), this accepts -1 as a - special condition */ - err = str2num(&config->maxredirs, nextarg); - if(err) - break; - if(config->maxredirs < -1) - err = PARAM_BAD_NUMERIC; - break; - - case 'S': /* ipfs gateway url */ - GetStr(&config->ipfs_gateway, nextarg); - break; - - case 't': /* --proxy-ntlm */ - if(!feature_ntlm) { - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } - config->proxyntlm = toggle; - break; - - case 'u': /* --crlf */ - /* LF -> CRLF conversion? */ - config->crlf = toggle; - break; - - case 'V': /* --aws-sigv4 */ - config->authtype |= CURLAUTH_AWS_SIGV4; - GetStr(&config->aws_sigv4, nextarg); - break; - - case 'v': /* --stderr */ - tool_set_stderr_file(global, nextarg); - break; - case 'w': /* --interface */ - /* interface */ - GetStr(&config->iface, nextarg); - break; - case 'x': /* --krb */ - /* kerberos level string */ - if(!feature_spnego) { - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } - GetStr(&config->krblevel, nextarg); - break; - case 'X': /* --haproxy-protocol */ - config->haproxy_protocol = toggle; - break; - case 'P': /* --haproxy-clientip */ - GetStr(&config->haproxy_clientip, nextarg); - break; - case 'y': /* --max-filesize */ - { - curl_off_t value; - err = - GetSizeParameter(global, nextarg, "max-filesize", &value); - if(err) - break; - config->max_filesize = value; - } - break; - case 'z': /* --disable-eprt */ - config->disable_eprt = toggle; - break; - case 'Z': /* --eprt */ - config->disable_eprt = (!toggle)?TRUE:FALSE; - break; - case '~': /* --xattr */ - config->xattr = toggle; - break; - case '@': /* the URL! */ - { - struct getout *url; - - if(!config->url_get) - config->url_get = config->url_list; - - if(config->url_get) { - /* there's a node here, if it already is filled-in continue to find - an "empty" node */ - while(config->url_get && (config->url_get->flags & GETOUT_URL)) - config->url_get = config->url_get->next; - } - - /* now there might or might not be an available node to fill in! */ - - if(config->url_get) - /* existing node */ - url = config->url_get; - else - /* there was no free node, create one! */ - config->url_get = url = new_getout(config); - - if(!url) { - err = PARAM_NO_MEM; - break; - } + if(config->url_get) + /* existing node */ + url = config->url_get; + else + /* there was no free node, create one! */ + config->url_get = url = new_getout(config); + if(!url) + err = PARAM_NO_MEM; + else { /* fill in the URL */ - GetStr(&url->url, nextarg); + err = getstr(&url->url, nextarg, DENY_BLANK); url->flags |= GETOUT_URL; } - } break; - case '$': /* more options without a short option */ - switch(subletter) { - case 'a': /* --ssl */ - if(toggle && !feature_ssl) { - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } + case C_SSL: /* --ssl */ + if(toggle && !feature_ssl) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else { config->ftp_ssl = toggle; if(config->ftp_ssl) warnf(global, "--ssl is an insecure option, consider --ssl-reqd instead"); - break; - case 'b': /* --ftp-pasv */ - Curl_safefree(config->ftpport); - break; - case 'c': /* --socks5 specifies a socks5 proxy to use, and resolves - the name locally and passes on the resolved address */ - GetStr(&config->proxy, nextarg); - config->proxyver = CURLPROXY_SOCKS5; - break; - case 't': /* --socks4 specifies a socks4 proxy to use */ - GetStr(&config->proxy, nextarg); - config->proxyver = CURLPROXY_SOCKS4; - break; - case 'T': /* --socks4a specifies a socks4a proxy to use */ - GetStr(&config->proxy, nextarg); - config->proxyver = CURLPROXY_SOCKS4A; - break; - case '2': /* --socks5-hostname specifies a socks5 proxy and enables name - resolving with the proxy */ - GetStr(&config->proxy, nextarg); - config->proxyver = CURLPROXY_SOCKS5_HOSTNAME; - break; - case 'd': /* --tcp-nodelay option */ - config->tcp_nodelay = toggle; - break; - case 'e': /* --proxy-digest */ - config->proxydigest = toggle; - break; - case 'f': /* --proxy-basic */ - config->proxybasic = toggle; - break; - case 'g': /* --retry */ - err = str2unum(&config->req_retry, nextarg); - break; - case 'V': /* --retry-connrefused */ - config->retry_connrefused = toggle; - break; - case 'h': /* --retry-delay */ - err = str2unummax(&config->retry_delay, nextarg, LONG_MAX/1000); - break; - case 'i': /* --retry-max-time */ - err = str2unummax(&config->retry_maxtime, nextarg, LONG_MAX/1000); - break; - case '!': /* --retry-all-errors */ - config->retry_all_errors = toggle; - break; - - case 'k': /* --proxy-negotiate */ - if(!feature_spnego) { - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } + } + break; + case C_FTP_PASV: /* --ftp-pasv */ + Curl_safefree(config->ftpport); + break; + case C_SOCKS5: /* --socks5 */ + /* socks5 proxy to use, and resolves the name locally and passes on the + resolved address */ + err = getstr(&config->proxy, nextarg, DENY_BLANK); + config->proxyver = CURLPROXY_SOCKS5; + break; + case C_SOCKS4: /* --socks4 */ + err = getstr(&config->proxy, nextarg, DENY_BLANK); + config->proxyver = CURLPROXY_SOCKS4; + break; + case C_SOCKS4A: /* --socks4a */ + err = getstr(&config->proxy, nextarg, DENY_BLANK); + config->proxyver = CURLPROXY_SOCKS4A; + break; + case C_SOCKS5_HOSTNAME: /* --socks5-hostname */ + err = getstr(&config->proxy, nextarg, DENY_BLANK); + config->proxyver = CURLPROXY_SOCKS5_HOSTNAME; + break; + case C_TCP_NODELAY: /* --tcp-nodelay */ + config->tcp_nodelay = toggle; + break; + case C_PROXY_DIGEST: /* --proxy-digest */ + config->proxydigest = toggle; + break; + case C_PROXY_BASIC: /* --proxy-basic */ + config->proxybasic = toggle; + break; + case C_RETRY: /* --retry */ + err = str2unum(&config->req_retry, nextarg); + break; + case C_RETRY_CONNREFUSED: /* --retry-connrefused */ + config->retry_connrefused = toggle; + break; + case C_RETRY_DELAY: /* --retry-delay */ + err = str2unummax(&config->retry_delay, nextarg, LONG_MAX/1000); + break; + case C_RETRY_MAX_TIME: /* --retry-max-time */ + err = str2unummax(&config->retry_maxtime, nextarg, LONG_MAX/1000); + break; + case C_RETRY_ALL_ERRORS: /* --retry-all-errors */ + config->retry_all_errors = toggle; + break; + case C_PROXY_NEGOTIATE: /* --proxy-negotiate */ + if(!feature_spnego) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else config->proxynegotiate = toggle; - break; - - case 'l': /* --form-escape */ - config->mime_options &= ~CURLMIMEOPT_FORMESCAPE; - if(toggle) - config->mime_options |= CURLMIMEOPT_FORMESCAPE; - break; + break; + case C_FORM_ESCAPE: /* --form-escape */ + config->mime_options &= ~CURLMIMEOPT_FORMESCAPE; + if(toggle) + config->mime_options |= CURLMIMEOPT_FORMESCAPE; + break; + case C_FTP_ACCOUNT: /* --ftp-account */ + err = getstr(&config->ftp_account, nextarg, DENY_BLANK); + break; + case C_PROXY_ANYAUTH: /* --proxy-anyauth */ + config->proxyanyauth = toggle; + break; + case C_TRACE_TIME: /* --trace-time */ + global->tracetime = toggle; + break; + case C_IGNORE_CONTENT_LENGTH: /* --ignore-content-length */ + config->ignorecl = toggle; + break; + case C_FTP_SKIP_PASV_IP: /* --ftp-skip-pasv-ip */ + config->ftp_skip_ip = toggle; + break; + case C_FTP_METHOD: /* --ftp-method */ + config->ftp_filemethod = ftpfilemethod(config, nextarg); + break; + case C_LOCAL_PORT: { /* --local-port */ + /* 16bit base 10 is 5 digits, but we allow 6 so that this catches + overflows, not just truncates */ + char lrange[7]=""; + char *p = nextarg; + while(ISDIGIT(*p)) + p++; + if(*p) { + /* if there's anything more than a plain decimal number */ + rc = sscanf(p, " - %6s", lrange); + *p = 0; /* null-terminate to make str2unum() work below */ + } + else + rc = 0; - case 'm': /* --ftp-account */ - GetStr(&config->ftp_account, nextarg); - break; - case 'n': /* --proxy-anyauth */ - config->proxyanyauth = toggle; - break; - case 'o': /* --trace-time */ - global->tracetime = toggle; - break; - case 'p': /* --ignore-content-length */ - config->ignorecl = toggle; - break; - case 'q': /* --ftp-skip-pasv-ip */ - config->ftp_skip_ip = toggle; - break; - case 'r': /* --ftp-method (undocumented at this point) */ - config->ftp_filemethod = ftpfilemethod(config, nextarg); + err = str2unum(&config->localport, nextarg); + if(err || (config->localport > 65535)) { + err = PARAM_BAD_USE; break; - case 's': { /* --local-port */ - /* 16bit base 10 is 5 digits, but we allow 6 so that this catches - overflows, not just truncates */ - char lrange[7]=""; - char *p = nextarg; - while(ISDIGIT(*p)) - p++; - if(*p) { - /* if there's anything more than a plain decimal number */ - rc = sscanf(p, " - %6s", lrange); - *p = 0; /* null-terminate to make str2unum() work below */ - } - else - rc = 0; - - err = str2unum(&config->localport, nextarg); - if(err || (config->localport > 65535)) { + } + if(!rc) + config->localportrange = 1; /* default number of ports to try */ + else { + err = str2unum(&config->localportrange, lrange); + if(err || (config->localportrange > 65535)) err = PARAM_BAD_USE; - break; - } - if(!rc) - config->localportrange = 1; /* default number of ports to try */ else { - err = str2unum(&config->localportrange, lrange); - if(err || (config->localportrange > 65535)) + config->localportrange -= (config->localport-1); + if(config->localportrange < 1) err = PARAM_BAD_USE; - else { - config->localportrange -= (config->localport-1); - if(config->localportrange < 1) - err = PARAM_BAD_USE; - } } - break; } - case 'u': /* --ftp-alternative-to-user */ - GetStr(&config->ftp_alternative_to_user, nextarg); - break; - case 'v': /* --ssl-reqd */ - if(toggle && !feature_ssl) { - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } - config->ftp_ssl_reqd = toggle; - break; - case 'w': /* --no-sessionid */ - config->disable_sessionid = (!toggle)?TRUE:FALSE; + break; + } + case C_FTP_ALTERNATIVE_TO_USER: /* --ftp-alternative-to-user */ + err = getstr(&config->ftp_alternative_to_user, nextarg, DENY_BLANK); + break; + case C_FTP_SSL_REQD: /* --ftp-ssl-reqd */ + case C_SSL_REQD: /* --ssl-reqd */ + if(toggle && !feature_ssl) { + err = PARAM_LIBCURL_DOESNT_SUPPORT; break; - case 'x': /* --ftp-ssl-control */ - if(toggle && !feature_ssl) { - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } + } + config->ftp_ssl_reqd = toggle; + break; + case C_SESSIONID: /* --sessionid */ + config->disable_sessionid = (!toggle)?TRUE:FALSE; + break; + case C_FTP_SSL_CONTROL: /* --ftp-ssl-control */ + if(toggle && !feature_ssl) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else config->ftp_ssl_control = toggle; - break; - case 'y': /* --ftp-ssl-ccc */ - config->ftp_ssl_ccc = toggle; - if(!config->ftp_ssl_ccc_mode) - config->ftp_ssl_ccc_mode = CURLFTPSSL_CCC_PASSIVE; - break; - case 'j': /* --ftp-ssl-ccc-mode */ - config->ftp_ssl_ccc = TRUE; - config->ftp_ssl_ccc_mode = ftpcccmethod(config, nextarg); - break; - case 'z': /* --libcurl */ + break; + case C_FTP_SSL_CCC: /* --ftp-ssl-ccc */ + config->ftp_ssl_ccc = toggle; + if(!config->ftp_ssl_ccc_mode) + config->ftp_ssl_ccc_mode = CURLFTPSSL_CCC_PASSIVE; + break; + case C_FTP_SSL_CCC_MODE: /* --ftp-ssl-ccc-mode */ + config->ftp_ssl_ccc = TRUE; + config->ftp_ssl_ccc_mode = ftpcccmethod(config, nextarg); + break; + case C_LIBCURL: /* --libcurl */ #ifdef CURL_DISABLE_LIBCURL_OPTION - warnf(global, - "--libcurl option was disabled at build-time"); - err = PARAM_OPTION_UNKNOWN; - break; + warnf(global, + "--libcurl option was disabled at build-time"); + err = PARAM_OPTION_UNKNOWN; #else - GetStr(&global->libcurl, nextarg); - break; + err = getstr(&global->libcurl, nextarg, DENY_BLANK); #endif - case '#': /* --raw */ - config->raw = toggle; - break; - case '0': /* --post301 */ - config->post301 = toggle; - break; - case '1': /* --no-keepalive */ - config->nokeepalive = (!toggle)?TRUE:FALSE; - break; - case '3': /* --keepalive-time */ - err = str2unum(&config->alivetime, nextarg); - break; - case '4': /* --post302 */ - config->post302 = toggle; - break; - case 'I': /* --post303 */ - config->post303 = toggle; - break; - case '5': /* --noproxy */ - /* This specifies the noproxy list */ - GetStr(&config->noproxy, nextarg); - break; - case '7': /* --socks5-gssapi-nec */ - config->socks5_gssapi_nec = toggle; - break; - case '8': /* --proxy1.0 */ - /* http 1.0 proxy */ - GetStr(&config->proxy, nextarg); - config->proxyver = CURLPROXY_HTTP_1_0; - break; - case '9': /* --tftp-blksize */ - err = str2unum(&config->tftp_blksize, nextarg); - break; - case 'A': /* --mail-from */ - GetStr(&config->mail_from, nextarg); - break; - case 'B': /* --mail-rcpt */ - /* append receiver to a list */ - err = add2list(&config->mail_rcpt, nextarg); - break; - case 'C': /* --ftp-pret */ - config->ftp_pret = toggle; - break; - case 'D': /* --proto */ - config->proto_present = TRUE; - err = proto2num(config, built_in_protos, &config->proto_str, nextarg); - break; - case 'E': /* --proto-redir */ - config->proto_redir_present = TRUE; - if(proto2num(config, redir_protos, &config->proto_redir_str, - nextarg)) { - err = PARAM_BAD_USE; - break; - } - break; - case 'F': /* --resolve */ - err = add2list(&config->resolve, nextarg); - break; - case 'G': /* --delegation LEVEL */ - config->gssapi_delegation = delegation(config, nextarg); - break; - case 'H': /* --mail-auth */ - GetStr(&config->mail_auth, nextarg); - break; - case 'J': /* --metalink */ - errorf(global, "--metalink is disabled"); + break; + case C_RAW: /* --raw */ + config->raw = toggle; + break; + case C_KEEPALIVE: /* --keepalive */ + config->nokeepalive = (!toggle)?TRUE:FALSE; + break; + case C_KEEPALIVE_TIME: /* --keepalive-time */ + err = str2unum(&config->alivetime, nextarg); + break; + case C_POST301: /* --post301 */ + config->post301 = toggle; + break; + case C_POST302: /* --post302 */ + config->post302 = toggle; + break; + case C_POST303: /* --post303 */ + config->post303 = toggle; + break; + case C_NOPROXY: /* --noproxy */ + /* This specifies the noproxy list */ + err = getstr(&config->noproxy, nextarg, ALLOW_BLANK); + break; + case C_SOCKS5_GSSAPI_NEC: /* --socks5-gssapi-nec */ + config->socks5_gssapi_nec = toggle; + break; + case C_PROXY1_0: /* --proxy1.0 */ + /* http 1.0 proxy */ + err = getstr(&config->proxy, nextarg, DENY_BLANK); + config->proxyver = CURLPROXY_HTTP_1_0; + break; + case C_TFTP_BLKSIZE: /* --tftp-blksize */ + err = str2unum(&config->tftp_blksize, nextarg); + break; + case C_MAIL_FROM: /* --mail-from */ + err = getstr(&config->mail_from, nextarg, DENY_BLANK); + break; + case C_MAIL_RCPT: /* --mail-rcpt */ + /* append receiver to a list */ + err = add2list(&config->mail_rcpt, nextarg); + break; + case C_FTP_PRET: /* --ftp-pret */ + config->ftp_pret = toggle; + break; + case C_PROTO: /* --proto */ + config->proto_present = TRUE; + err = proto2num(config, built_in_protos, &config->proto_str, nextarg); + break; + case C_PROTO_REDIR: /* --proto-redir */ + config->proto_redir_present = TRUE; + if(proto2num(config, redir_protos, &config->proto_redir_str, + nextarg)) err = PARAM_BAD_USE; - break; - case '6': /* --sasl-authzid */ - GetStr(&config->sasl_authzid, nextarg); - break; - case 'K': /* --sasl-ir */ - config->sasl_ir = toggle; - break; - case 'L': /* --test-event */ + break; + case C_RESOLVE: /* --resolve */ + err = add2list(&config->resolve, nextarg); + break; + case C_DELEGATION: /* --delegation */ + config->gssapi_delegation = delegation(config, nextarg); + break; + case C_MAIL_AUTH: /* --mail-auth */ + err = getstr(&config->mail_auth, nextarg, DENY_BLANK); + break; + case C_METALINK: /* --metalink */ + errorf(global, "--metalink is disabled"); + err = PARAM_BAD_USE; + break; + case C_SASL_AUTHZID: /* --sasl-authzid */ + err = getstr(&config->sasl_authzid, nextarg, DENY_BLANK); + break; + case C_SASL_IR: /* --sasl-ir */ + config->sasl_ir = toggle; + break; + case C_TEST_EVENT: /* --test-event */ #ifdef CURLDEBUG - global->test_event_based = toggle; + global->test_event_based = toggle; #else - warnf(global, "--test-event is ignored unless a debug build"); + warnf(global, "--test-event is ignored unless a debug build"); #endif - break; - case 'M': /* --unix-socket */ - config->abstract_unix_socket = FALSE; - GetStr(&config->unix_socket_path, nextarg); - break; - case 'N': /* --path-as-is */ - config->path_as_is = toggle; - break; - case 'O': /* --proxy-service-name */ - GetStr(&config->proxy_service_name, nextarg); - break; - case 'P': /* --service-name */ - GetStr(&config->service_name, nextarg); - break; - case 'Q': /* --proto-default */ - GetStr(&config->proto_default, nextarg); + break; + case C_UNIX_SOCKET: /* --unix-socket */ + config->abstract_unix_socket = FALSE; + err = getstr(&config->unix_socket_path, nextarg, DENY_BLANK); + break; + case C_PATH_AS_IS: /* --path-as-is */ + config->path_as_is = toggle; + break; + case C_PROXY_SERVICE_NAME: /* --proxy-service-name */ + err = getstr(&config->proxy_service_name, nextarg, DENY_BLANK); + break; + case C_SERVICE_NAME: /* --service-name */ + err = getstr(&config->service_name, nextarg, DENY_BLANK); + break; + case C_PROTO_DEFAULT: /* --proto-default */ + err = getstr(&config->proto_default, nextarg, DENY_BLANK); + if(!err) err = check_protocol(config->proto_default); - break; - case 'R': /* --expect100-timeout */ - err = secs2ms(&config->expect100timeout_ms, nextarg); - break; - case 'S': /* --tftp-no-options */ - config->tftp_no_options = toggle; - break; - case 'U': /* --connect-to */ - err = add2list(&config->connect_to, nextarg); - break; - case 'W': /* --abstract-unix-socket */ - config->abstract_unix_socket = TRUE; - GetStr(&config->unix_socket_path, nextarg); - break; - case 'X': /* --tls-max */ - err = str2tls_max(&config->ssl_version_max, nextarg); - break; - case 'Y': /* --suppress-connect-headers */ - config->suppress_connect_headers = toggle; - break; - case 'Z': /* --compressed-ssh */ - config->ssh_compression = toggle; - break; - case '~': /* --happy-eyeballs-timeout-ms */ - err = str2unum(&config->happy_eyeballs_timeout_ms, nextarg); - /* 0 is a valid value for this timeout */ - break; - case '%': /* --trace-ids */ - global->traceids = toggle; - break; - case '&': /* --trace-config */ - if(set_trace_config(global, nextarg)) { - err = PARAM_NO_MEM; - } - break; - } break; - case '#': - switch(subletter) { - case 'm': /* --progress-meter */ - global->noprogress = !toggle; - break; - default: /* --progress-bar */ - global->progressmode = - toggle ? CURL_PROGRESS_BAR : CURL_PROGRESS_STATS; - break; - } + case C_EXPECT100_TIMEOUT: /* --expect100-timeout */ + err = secs2ms(&config->expect100timeout_ms, nextarg); break; - case ':': - switch(subletter) { - case 'a': /* --variable */ - err = setvariable(global, nextarg); - break; - default: /* --next */ - err = PARAM_NEXT_OPERATION; - break; - } + case C_TFTP_NO_OPTIONS: /* --tftp-no-options */ + config->tftp_no_options = toggle; break; - case '0': /* --http* options */ - switch(subletter) { - case '\0': - /* HTTP version 1.0 */ - sethttpver(global, config, CURL_HTTP_VERSION_1_0); - break; - case '1': - /* HTTP version 1.1 */ - sethttpver(global, config, CURL_HTTP_VERSION_1_1); - break; - case '2': - /* HTTP version 2.0 */ - if(!feature_http2) - return PARAM_LIBCURL_DOESNT_SUPPORT; - sethttpver(global, config, CURL_HTTP_VERSION_2_0); - break; - case '3': /* --http2-prior-knowledge */ - /* HTTP version 2.0 over clean TCP */ - if(!feature_http2) - return PARAM_LIBCURL_DOESNT_SUPPORT; - sethttpver(global, config, CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE); - break; - case '4': /* --http3 */ - /* Try HTTP/3, allow fallback */ - if(!feature_http3) { - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } + case C_CONNECT_TO: /* --connect-to */ + err = add2list(&config->connect_to, nextarg); + break; + case C_ABSTRACT_UNIX_SOCKET: /* --abstract-unix-socket */ + config->abstract_unix_socket = TRUE; + err = getstr(&config->unix_socket_path, nextarg, DENY_BLANK); + break; + case C_TLS_MAX: /* --tls-max */ + err = str2tls_max(&config->ssl_version_max, nextarg); + break; + case C_SUPPRESS_CONNECT_HEADERS: /* --suppress-connect-headers */ + config->suppress_connect_headers = toggle; + break; + case C_COMPRESSED_SSH: /* --compressed-ssh */ + config->ssh_compression = toggle; + break; + case C_HAPPY_EYEBALLS_TIMEOUT_MS: /* --happy-eyeballs-timeout-ms */ + err = str2unum(&config->happy_eyeballs_timeout_ms, nextarg); + /* 0 is a valid value for this timeout */ + break; + case C_TRACE_IDS: /* --trace-ids */ + global->traceids = toggle; + break; + case C_TRACE_CONFIG: /* --trace-config */ + if(set_trace_config(global, nextarg)) + err = PARAM_NO_MEM; + break; + case C_PROGRESS_METER: /* --progress-meter */ + global->noprogress = !toggle; + break; + case C_PROGRESS_BAR: /* --progress-bar */ + global->progressmode = toggle ? CURL_PROGRESS_BAR : CURL_PROGRESS_STATS; + break; + case C_VARIABLE: /* --Variable */ + err = setvariable(global, nextarg); + break; + case C_NEXT: /* --next */ + err = PARAM_NEXT_OPERATION; + break; + case C_HTTP1_0: /* --http1.0 */ + /* HTTP version 1.0 */ + sethttpver(global, config, CURL_HTTP_VERSION_1_0); + break; + case C_HTTP1_1: /* --http1.1 */ + /* HTTP version 1.1 */ + sethttpver(global, config, CURL_HTTP_VERSION_1_1); + break; + case C_HTTP2: /* --http2 */ + /* HTTP version 2.0 */ + if(!feature_http2) + return PARAM_LIBCURL_DOESNT_SUPPORT; + sethttpver(global, config, CURL_HTTP_VERSION_2_0); + break; + case C_HTTP2_PRIOR_KNOWLEDGE: /* --http2-prior-knowledge */ + /* HTTP version 2.0 over clean TCP */ + if(!feature_http2) + return PARAM_LIBCURL_DOESNT_SUPPORT; + sethttpver(global, config, CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE); + break; + case C_HTTP3: /* --http3: */ + /* Try HTTP/3, allow fallback */ + if(!feature_http3) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else sethttpver(global, config, CURL_HTTP_VERSION_3); - break; - case '5': /* --http3-only */ - /* Try HTTP/3 without fallback */ - if(!feature_http3) { - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } + break; + case C_HTTP3_ONLY: /* --http3-only */ + /* Try HTTP/3 without fallback */ + if(!feature_http3) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else sethttpver(global, config, CURL_HTTP_VERSION_3ONLY); - break; - case '9': - /* Allow HTTP/0.9 responses! */ - config->http09_allowed = toggle; - break; - case 'a': - /* --proxy-http2 */ - if(!feature_httpsproxy || !feature_http2) - return PARAM_LIBCURL_DOESNT_SUPPORT; + break; + case C_HTTP0_9: /* --http0.9 */ + /* Allow HTTP/0.9 responses! */ + config->http09_allowed = toggle; + break; + case C_PROXY_HTTP2: /* --proxy-http2 */ + if(!feature_httpsproxy || !feature_http2) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else config->proxyver = CURLPROXY_HTTPS2; - break; - } break; - case '1': /* --tlsv1* options */ - switch(subletter) { - case '\0': - /* TLS version 1.x */ - config->ssl_version = CURL_SSLVERSION_TLSv1; - break; - case '0': - /* TLS version 1.0 */ - config->ssl_version = CURL_SSLVERSION_TLSv1_0; - break; - case '1': - /* TLS version 1.1 */ - config->ssl_version = CURL_SSLVERSION_TLSv1_1; - break; - case '2': - /* TLS version 1.2 */ - config->ssl_version = CURL_SSLVERSION_TLSv1_2; - break; - case '3': - /* TLS version 1.3 */ - config->ssl_version = CURL_SSLVERSION_TLSv1_3; - break; - case 'A': /* --tls13-ciphers */ - GetStr(&config->cipher13_list, nextarg); - break; - case 'B': /* --proxy-tls13-ciphers */ - GetStr(&config->proxy_cipher13_list, nextarg); - break; - } + case C_TLSV1: /* --tlsv1 */ + config->ssl_version = CURL_SSLVERSION_TLSv1; + break; + case C_TLSV1_0: /* --tlsv1.0 */ + config->ssl_version = CURL_SSLVERSION_TLSv1_0; + break; + case C_TLSV1_1: /* --tlsv1.1 */ + config->ssl_version = CURL_SSLVERSION_TLSv1_1; + break; + case C_TLSV1_2: /* --tlsv1.2 */ + config->ssl_version = CURL_SSLVERSION_TLSv1_2; break; - case '2': - /* SSL version 2 */ + case C_TLSV1_3: /* --tlsv1.3 */ + config->ssl_version = CURL_SSLVERSION_TLSv1_3; + break; + case C_TLS13_CIPHERS: /* --tls13-ciphers */ + err = getstr(&config->cipher13_list, nextarg, DENY_BLANK); + break; + case C_PROXY_TLS13_CIPHERS: /* --proxy-tls13-ciphers */ + err = getstr(&config->proxy_cipher13_list, nextarg, DENY_BLANK); + break; + case C_SSLV2: /* --sslv2 */ warnf(global, "Ignores instruction to use SSLv2"); break; - case '3': - /* SSL version 3 */ + case C_SSLV3: /* --sslv3 */ warnf(global, "Ignores instruction to use SSLv3"); break; - case '4': - /* IPv4 */ + case C_IPV4: /* --ipv4 */ config->ip_version = CURL_IPRESOLVE_V4; break; - case '6': - /* IPv6 */ + case C_IPV6: /* --ipv6 */ config->ip_version = CURL_IPRESOLVE_V6; break; - case 'a': + case C_APPEND: /* --append */ /* This makes the FTP sessions use APPE instead of STOR */ config->ftp_append = toggle; break; - case 'A': - /* This specifies the User-Agent name */ - GetStr(&config->useragent, nextarg); + case C_USER_AGENT: /* --user-agent */ + err = getstr(&config->useragent, nextarg, ALLOW_BLANK); break; - case 'b': - switch(subletter) { - case 'a': /* --alt-svc */ - if(!feature_altsvc) - err = PARAM_LIBCURL_DOESNT_SUPPORT; - else - GetStr(&config->altsvc, nextarg); - break; - case 'b': /* --hsts */ - if(!feature_hsts) - err = PARAM_LIBCURL_DOESNT_SUPPORT; - else - GetStr(&config->hsts, nextarg); + case C_ALT_SVC: /* --alt-svc */ + if(!feature_altsvc) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else + err = getstr(&config->altsvc, nextarg, ALLOW_BLANK); + break; + case C_HSTS: /* --hsts */ + if(!feature_hsts) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else + err = getstr(&config->hsts, nextarg, ALLOW_BLANK); + break; + case C_COOKIE: /* --cookie */ + if(strchr(nextarg, '=')) { + /* A cookie string must have a =-letter */ + err = add2list(&config->cookies, nextarg); break; - default: /* --cookie string coming up: */ - if(nextarg[0] == '@') { - nextarg++; - } - else if(strchr(nextarg, '=')) { - /* A cookie string must have a =-letter */ - err = add2list(&config->cookies, nextarg); - break; - } + } + else { /* We have a cookie file to read from! */ err = add2list(&config->cookiefiles, nextarg); } break; - case 'B': - /* use ASCII/text when transferring */ + case C_USE_ASCII: /* --use-ascii */ config->use_ascii = toggle; break; - case 'c': - /* get the file name to dump all cookies in */ - GetStr(&config->cookiejar, nextarg); + case C_COOKIE_JAR: /* --cookie-jar */ + err = getstr(&config->cookiejar, nextarg, DENY_BLANK); break; - case 'C': + case C_CONTINUE_AT: /* --continue-at */ /* This makes us continue an ftp transfer at given position */ if(strcmp(nextarg, "-")) { err = str2offset(&config->resume_from, nextarg); - if(err) - break; config->resume_from_current = FALSE; } else { @@ -1706,158 +2016,21 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ } config->use_resume = TRUE; break; - case 'd': - /* postfield data */ - { - char *postdata = NULL; - FILE *file; - size_t size = 0; - bool raw_mode = (subletter == 'r'); - - if(subletter == 'g') { /* --url-query */ -#define MAX_QUERY_LEN 100000 /* larger is not likely to ever work */ - char *query; - struct curlx_dynbuf dyn; - curlx_dyn_init(&dyn, MAX_QUERY_LEN); - - if(*nextarg == '+') { - /* use without encoding */ - query = strdup(&nextarg[1]); - if(!query) { - err = PARAM_NO_MEM; - break; - } - } - else { - err = data_urlencode(global, nextarg, &query, &size); - if(err) - break; - } - - if(config->query) { - CURLcode result = - curlx_dyn_addf(&dyn, "%s&%s", config->query, query); - free(query); - if(result) { - err = PARAM_NO_MEM; - break; - } - free(config->query); - config->query = curlx_dyn_ptr(&dyn); - } - else - config->query = query; - - break; /* this is not a POST argument at all */ - } - else if(subletter == 'e') { /* --data-urlencode */ - err = data_urlencode(global, nextarg, &postdata, &size); - if(err) - break; - } - else if('@' == *nextarg && !raw_mode) { - /* the data begins with a '@' letter, it means that a file name - or - (stdin) follows */ - nextarg++; /* pass the @ */ - - if(!strcmp("-", nextarg)) { - file = stdin; - if(subletter == 'b') /* forced data-binary */ - set_binmode(stdin); - } - else { - file = fopen(nextarg, "rb"); - if(!file) { - errorf(global, "Failed to open %s", nextarg); - err = PARAM_READ_ERROR; - break; - } - } - - if((subletter == 'b') || /* --data-binary */ - (subletter == 'f') /* --json */) - /* forced binary */ - err = file2memory(&postdata, &size, file); - else { - err = file2string(&postdata, file); - if(postdata) - size = strlen(postdata); - } - - if(file && (file != stdin)) - fclose(file); - if(err) - break; - - if(!postdata) { - /* no data from the file, point to a zero byte string to make this - get sent as a POST anyway */ - postdata = strdup(""); - if(!postdata) { - err = PARAM_NO_MEM; - break; - } - } - } - else { - GetStr(&postdata, nextarg); - if(postdata) - size = strlen(postdata); - } - if(subletter == 'f') - config->jsoned = TRUE; - - if(config->postfields) { - /* we already have a string, we append this one with a separating - &-letter */ - char *oldpost = config->postfields; - curl_off_t oldlen = config->postfieldsize; - curl_off_t newlen = oldlen + curlx_uztoso(size) + 2; - config->postfields = malloc((size_t)newlen); - if(!config->postfields) { - Curl_safefree(oldpost); - Curl_safefree(postdata); - err = PARAM_NO_MEM; - break; - } - memcpy(config->postfields, oldpost, (size_t)oldlen); - if(subletter != 'f') { - /* skip this treatment for --json */ - /* use byte value 0x26 for '&' to accommodate non-ASCII platforms */ - config->postfields[oldlen] = '\x26'; - memcpy(&config->postfields[oldlen + 1], postdata, size); - config->postfields[oldlen + 1 + size] = '\0'; - config->postfieldsize += size + 1; - } - else { - memcpy(&config->postfields[oldlen], postdata, size); - config->postfields[oldlen + size] = '\0'; - config->postfieldsize += size; - } - Curl_safefree(oldpost); - Curl_safefree(postdata); - } - else { - config->postfields = postdata; - config->postfieldsize = curlx_uztoso(size); - } - } - /* - We can't set the request type here, as this data might be used in - a simple GET if -G is used. Already or soon. - - if(SetHTTPrequest(HTTPREQ_SIMPLEPOST, &config->httpreq)) { - Curl_safefree(postdata); - return PARAM_BAD_USE; - } - */ - break; - case 'D': - /* dump-header to given file name */ - GetStr(&config->headerfile, nextarg); + case C_DATA: /* --data */ + case C_DATA_ASCII: /* --data-ascii */ + case C_DATA_BINARY: /* --data-binary */ + case C_DATA_URLENCODE: /* --data-urlencode */ + case C_JSON: /* --json */ + case C_DATA_RAW: /* --data-raw */ + err = set_data(cmd, nextarg, global, config); break; - case 'e': - { + case C_URL_QUERY: /* --url-query */ + err = url_query(nextarg, global, config); + break; + case C_DUMP_HEADER: /* --dump-header */ + err = getstr(&config->headerfile, nextarg, DENY_BLANK); + break; + case C_REFERER: { /* --referer */ char *ptr = strstr(nextarg, ";auto"); if(ptr) { /* Automatic referer requested, this may be combined with a @@ -1868,322 +2041,263 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ else config->autoreferer = FALSE; ptr = *nextarg ? nextarg : NULL; - GetStr(&config->referer, ptr); + err = getstr(&config->referer, ptr, ALLOW_BLANK); } - break; - case 'E': - switch(subletter) { - case '\0': /* certificate file */ - cleanarg(clearthis); - GetFileAndPassword(nextarg, &config->cert, &config->key_passwd); - break; - case 'a': /* --cacert CA info PEM file */ - GetStr(&config->cacert, nextarg); - break; - case 'G': /* --ca-native */ - config->native_ca_store = toggle; - break; - case 'H': /* --proxy-ca-native */ - config->proxy_native_ca_store = toggle; - break; - case 'b': /* cert file type */ - GetStr(&config->cert_type, nextarg); - break; - case 'c': /* private key file */ - GetStr(&config->key, nextarg); - break; - case 'd': /* private key file type */ - GetStr(&config->key_type, nextarg); - break; - case 'e': /* private key passphrase */ - GetStr(&config->key_passwd, nextarg); - cleanarg(clearthis); - break; - case 'f': /* crypto engine */ - GetStr(&config->engine, nextarg); - if(config->engine && curl_strequal(config->engine, "list")) { - err = PARAM_ENGINES_REQUESTED; - break; - } - break; - case 'g': /* CA cert directory */ - GetStr(&config->capath, nextarg); - break; - case 'h': /* --pubkey public key file */ - GetStr(&config->pubkey, nextarg); - break; - case 'i': /* --hostpubmd5 md5 of the host public key */ - GetStr(&config->hostpubmd5, nextarg); - if(!config->hostpubmd5 || strlen(config->hostpubmd5) != 32) { + break; + case C_CERT: /* --cert */ + cleanarg(clearthis); + GetFileAndPassword(nextarg, &config->cert, &config->key_passwd); + break; + case C_CACERT: /* --cacert */ + err = getstr(&config->cacert, nextarg, DENY_BLANK); + break; + case C_CA_NATIVE: /* --ca-native */ + config->native_ca_store = toggle; + break; + case C_PROXY_CA_NATIVE: /* --proxy-ca-native */ + config->proxy_native_ca_store = toggle; + break; + case C_CERT_TYPE: /* --cert-type */ + err = getstr(&config->cert_type, nextarg, DENY_BLANK); + break; + case C_KEY: /* --key */ + err = getstr(&config->key, nextarg, DENY_BLANK); + break; + case C_KEY_TYPE: /* --key-type */ + err = getstr(&config->key_type, nextarg, DENY_BLANK); + break; + case C_PASS: /* --pass */ + err = getstr(&config->key_passwd, nextarg, DENY_BLANK); + cleanarg(clearthis); + break; + case C_ENGINE: /* --engine */ + err = getstr(&config->engine, nextarg, DENY_BLANK); + if(!err && + config->engine && !strcmp(config->engine, "list")) { + err = PARAM_ENGINES_REQUESTED; + } + break; + case C_CAPATH: /* --capath */ + err = getstr(&config->capath, nextarg, DENY_BLANK); + break; + case C_PUBKEY: /* --pubkey */ + err = getstr(&config->pubkey, nextarg, DENY_BLANK); + break; + case C_HOSTPUBMD5: /* --hostpubmd5 */ + err = getstr(&config->hostpubmd5, nextarg, DENY_BLANK); + if(!err) { + if(!config->hostpubmd5 || strlen(config->hostpubmd5) != 32) err = PARAM_BAD_USE; - break; - } - break; - case 'F': /* --hostpubsha256 sha256 of the host public key */ - GetStr(&config->hostpubsha256, nextarg); - break; - case 'j': /* CRL file */ - GetStr(&config->crlfile, nextarg); - break; - case 'k': /* TLS username */ - if(!feature_tls_srp) { - cleanarg(clearthis); - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } - GetStr(&config->tls_username, nextarg); - cleanarg(clearthis); - break; - case 'l': /* TLS password */ - if(!feature_tls_srp) { - cleanarg(clearthis); - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } - GetStr(&config->tls_password, nextarg); - cleanarg(clearthis); - break; - case 'm': /* TLS authentication type */ - if(!feature_tls_srp) { - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } - GetStr(&config->tls_authtype, nextarg); - if(!curl_strequal(config->tls_authtype, "SRP")) { + } + break; + case C_HOSTPUBSHA256: /* --hostpubsha256 */ + err = getstr(&config->hostpubsha256, nextarg, DENY_BLANK); + break; + case C_CRLFILE: /* --crlfile */ + err = getstr(&config->crlfile, nextarg, DENY_BLANK); + break; + case C_TLSUSER: /* --tlsuser */ + if(!feature_tls_srp) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else + err = getstr(&config->tls_username, nextarg, DENY_BLANK); + cleanarg(clearthis); + break; + case C_TLSPASSWORD: /* --tlspassword */ + if(!feature_tls_srp) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else + err = getstr(&config->tls_password, nextarg, ALLOW_BLANK); + cleanarg(clearthis); + break; + case C_TLSAUTHTYPE: /* --tlsauthtype */ + if(!feature_tls_srp) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else { + err = getstr(&config->tls_authtype, nextarg, DENY_BLANK); + if(!err && strcmp(config->tls_authtype, "SRP")) err = PARAM_LIBCURL_DOESNT_SUPPORT; /* only support TLS-SRP */ - break; - } - break; - case 'n': /* no empty SSL fragments, --ssl-allow-beast */ - if(feature_ssl) - config->ssl_allow_beast = toggle; - break; - - case 'o': /* --ssl-auto-client-cert */ - if(feature_ssl) - config->ssl_auto_client_cert = toggle; - break; - - case 'O': /* --proxy-ssl-auto-client-cert */ - if(feature_ssl) - config->proxy_ssl_auto_client_cert = toggle; - break; - - case 'p': /* Pinned public key DER file */ - GetStr(&config->pinnedpubkey, nextarg); - break; - - case 'P': /* proxy pinned public key */ - GetStr(&config->proxy_pinnedpubkey, nextarg); - break; - - case 'q': /* --cert-status */ - config->verifystatus = TRUE; - break; - - case 'Q': /* --doh-cert-status */ - config->doh_verifystatus = TRUE; - break; - - case 'r': /* --false-start */ - config->falsestart = TRUE; - break; - - case 's': /* --ssl-no-revoke */ - if(feature_ssl) - config->ssl_no_revoke = TRUE; - break; - - case 'S': /* --ssl-revoke-best-effort */ - if(feature_ssl) - config->ssl_revoke_best_effort = TRUE; - break; - - case 't': /* --tcp-fastopen */ - config->tcp_fastopen = TRUE; - break; - - case 'u': /* TLS username for proxy */ - cleanarg(clearthis); - if(!feature_tls_srp) { - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } - GetStr(&config->proxy_tls_username, nextarg); - break; - - case 'v': /* TLS password for proxy */ - cleanarg(clearthis); - if(!feature_tls_srp) { - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } - GetStr(&config->proxy_tls_password, nextarg); - break; - - case 'w': /* TLS authentication type for proxy */ - if(!feature_tls_srp) { - err = PARAM_LIBCURL_DOESNT_SUPPORT; - break; - } - GetStr(&config->proxy_tls_authtype, nextarg); - if(!curl_strequal(config->proxy_tls_authtype, "SRP")) { + } + break; + case C_SSL_ALLOW_BEAST: /* --ssl-allow-beast */ + if(feature_ssl) + config->ssl_allow_beast = toggle; + break; + case C_SSL_AUTO_CLIENT_CERT: /* --ssl-auto-client-cert */ + if(feature_ssl) + config->ssl_auto_client_cert = toggle; + break; + case C_PROXY_SSL_AUTO_CLIENT_CERT: /* --proxy-ssl-auto-client-cert */ + if(feature_ssl) + config->proxy_ssl_auto_client_cert = toggle; + break; + case C_PINNEDPUBKEY: /* --pinnedpubkey */ + err = getstr(&config->pinnedpubkey, nextarg, DENY_BLANK); + break; + case C_PROXY_PINNEDPUBKEY: /* --proxy-pinnedpubkey */ + err = getstr(&config->proxy_pinnedpubkey, nextarg, DENY_BLANK); + break; + case C_CERT_STATUS: /* --cert-status */ + config->verifystatus = TRUE; + break; + case C_DOH_CERT_STATUS: /* --doh-cert-status */ + config->doh_verifystatus = TRUE; + break; + case C_FALSE_START: /* --false-start */ + config->falsestart = TRUE; + break; + case C_SSL_NO_REVOKE: /* --ssl-no-revoke */ + if(feature_ssl) + config->ssl_no_revoke = TRUE; + break; + case C_SSL_REVOKE_BEST_EFFORT: /* --ssl-revoke-best-effort */ + if(feature_ssl) + config->ssl_revoke_best_effort = TRUE; + break; + case C_TCP_FASTOPEN: /* --tcp-fastopen */ + config->tcp_fastopen = TRUE; + break; + case C_PROXY_TLSUSER: /* --proxy-tlsuser */ + cleanarg(clearthis); + if(!feature_tls_srp) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else + err = getstr(&config->proxy_tls_username, nextarg, ALLOW_BLANK); + break; + case C_PROXY_TLSPASSWORD: /* --proxy-tlspassword */ + cleanarg(clearthis); + if(!feature_tls_srp) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else + err = getstr(&config->proxy_tls_password, nextarg, DENY_BLANK); + break; + case C_PROXY_TLSAUTHTYPE: /* --proxy-tlsauthtype */ + if(!feature_tls_srp) + err = PARAM_LIBCURL_DOESNT_SUPPORT; + else { + err = getstr(&config->proxy_tls_authtype, nextarg, DENY_BLANK); + if(!err && strcmp(config->proxy_tls_authtype, "SRP")) err = PARAM_LIBCURL_DOESNT_SUPPORT; /* only support TLS-SRP */ - break; - } - break; - - case 'x': /* certificate file for proxy */ - cleanarg(clearthis); - GetFileAndPassword(nextarg, &config->proxy_cert, - &config->proxy_key_passwd); - break; - - case 'y': /* cert file type for proxy */ - GetStr(&config->proxy_cert_type, nextarg); - break; - - case 'z': /* private key file for proxy */ - GetStr(&config->proxy_key, nextarg); - break; - - case '0': /* private key file type for proxy */ - GetStr(&config->proxy_key_type, nextarg); - break; - - case '1': /* private key passphrase for proxy */ - GetStr(&config->proxy_key_passwd, nextarg); - cleanarg(clearthis); - break; - - case '2': /* ciphers for proxy */ - GetStr(&config->proxy_cipher_list, nextarg); - break; - - case '3': /* CRL file for proxy */ - GetStr(&config->proxy_crlfile, nextarg); - break; - - case '4': /* no empty SSL fragments for proxy */ - if(feature_ssl) - config->proxy_ssl_allow_beast = toggle; - break; - - case '5': /* --login-options */ - GetStr(&config->login_options, nextarg); - break; - - case '6': /* CA info PEM file for proxy */ - GetStr(&config->proxy_cacert, nextarg); - break; - - case '7': /* CA cert directory for proxy */ - GetStr(&config->proxy_capath, nextarg); - break; - - case '8': /* allow insecure SSL connects for proxy */ - config->proxy_insecure_ok = toggle; - break; - - case '9': /* --proxy-tlsv1 */ - /* TLS version 1 for proxy */ - config->proxy_ssl_version = CURL_SSLVERSION_TLSv1; - break; - - case 'A': - /* --socks5-basic */ - if(toggle) - config->socks5_auth |= CURLAUTH_BASIC; - else - config->socks5_auth &= ~CURLAUTH_BASIC; - break; - - case 'B': - /* --socks5-gssapi */ - if(toggle) - config->socks5_auth |= CURLAUTH_GSSAPI; - else - config->socks5_auth &= ~CURLAUTH_GSSAPI; - break; - - case 'C': - GetStr(&config->etag_save_file, nextarg); - break; - - case 'D': - GetStr(&config->etag_compare_file, nextarg); - break; - - case 'E': - GetStr(&config->ssl_ec_curves, nextarg); - break; - - default: /* unknown flag */ - err = PARAM_OPTION_UNKNOWN; - break; } break; - case 'f': - switch(subletter) { - case 'a': /* --fail-early */ - global->fail_early = toggle; - break; - case 'b': /* --styled-output */ - global->styled_output = toggle; - break; - case 'c': /* --mail-rcpt-allowfails */ - config->mail_rcpt_allowfails = toggle; - break; - case 'd': /* --fail-with-body */ - config->failwithbody = toggle; - break; - case 'e': /* --remove-on-error */ - config->rm_partial = toggle; - break; - default: /* --fail (hard on errors) */ - config->failonerror = toggle; - break; + case C_PROXY_CERT: /* --proxy-cert */ + cleanarg(clearthis); + GetFileAndPassword(nextarg, &config->proxy_cert, + &config->proxy_key_passwd); + break; + case C_PROXY_CERT_TYPE: /* --proxy-cert-type */ + err = getstr(&config->proxy_cert_type, nextarg, DENY_BLANK); + break; + case C_PROXY_KEY: /* --proxy-key */ + err = getstr(&config->proxy_key, nextarg, ALLOW_BLANK); + break; + case C_PROXY_KEY_TYPE: /* --proxy-key-type */ + err = getstr(&config->proxy_key_type, nextarg, DENY_BLANK); + break; + case C_PROXY_PASS: /* --proxy-pass */ + err = getstr(&config->proxy_key_passwd, nextarg, ALLOW_BLANK); + cleanarg(clearthis); + break; + case C_PROXY_CIPHERS: /* --proxy-ciphers */ + err = getstr(&config->proxy_cipher_list, nextarg, DENY_BLANK); + break; + case C_PROXY_CRLFILE: /* --proxy-crlfile */ + err = getstr(&config->proxy_crlfile, nextarg, DENY_BLANK); + break; + case C_PROXY_SSL_ALLOW_BEAST: /* --proxy-ssl-allow-beast */ + if(feature_ssl) + config->proxy_ssl_allow_beast = toggle; + break; + case C_LOGIN_OPTIONS: /* --login-options */ + err = getstr(&config->login_options, nextarg, ALLOW_BLANK); + break; + case C_PROXY_CACERT: /* --proxy-cacert */ + err = getstr(&config->proxy_cacert, nextarg, DENY_BLANK); + break; + case C_PROXY_CAPATH: /* --proxy-capath */ + err = getstr(&config->proxy_capath, nextarg, DENY_BLANK); + break; + case C_PROXY_INSECURE: /* --proxy-insecure */ + config->proxy_insecure_ok = toggle; + break; + case C_PROXY_TLSV1: /* --proxy-tlsv1 */ + /* TLS version 1 for proxy */ + config->proxy_ssl_version = CURL_SSLVERSION_TLSv1; + break; + case C_SOCKS5_BASIC: /* --socks5-basic */ + if(toggle) + config->socks5_auth |= CURLAUTH_BASIC; + else + config->socks5_auth &= ~CURLAUTH_BASIC; + break; + case C_SOCKS5_GSSAPI: /* --socks5-gssapi */ + if(toggle) + config->socks5_auth |= CURLAUTH_GSSAPI; + else + config->socks5_auth &= ~CURLAUTH_GSSAPI; + break; + case C_ETAG_SAVE: /* --etag-save */ + err = getstr(&config->etag_save_file, nextarg, DENY_BLANK); + break; + case C_ETAG_COMPARE: /* --etag-compare */ + err = getstr(&config->etag_compare_file, nextarg, DENY_BLANK); + break; + case C_CURVES: /* --curves */ + err = getstr(&config->ssl_ec_curves, nextarg, DENY_BLANK); + break; + case C_FAIL_EARLY: /* --fail-early */ + global->fail_early = toggle; + break; + case C_STYLED_OUTPUT: /* --styled-output */ + global->styled_output = toggle; + break; + case C_MAIL_RCPT_ALLOWFAILS: /* --mail-rcpt-allowfails */ + config->mail_rcpt_allowfails = toggle; + break; + case C_FAIL_WITH_BODY: /* --fail-with-body */ + config->failwithbody = toggle; + if(config->failonerror && config->failwithbody) { + errorf(config->global, "You must select either --fail or " + "--fail-with-body, not both."); + err = PARAM_BAD_USE; } + break; + case C_REMOVE_ON_ERROR: /* --remove-on-error */ + config->rm_partial = toggle; + break; + case C_FAIL: /* --fail */ + config->failonerror = toggle; if(config->failonerror && config->failwithbody) { errorf(config->global, "You must select either --fail or " "--fail-with-body, not both."); err = PARAM_BAD_USE; - break; } break; - case 'F': + case C_FORM: /* --form */ + case C_FORM_STRING: /* --form-string */ /* "form data" simulation, this is a little advanced so lets do our best to sort this out slowly and carefully */ if(formparse(config, nextarg, &config->mimeroot, &config->mimecurrent, - (subletter == 's')?TRUE:FALSE)) { /* 's' is literal - string */ + (cmd == C_FORM_STRING)?TRUE:FALSE)) /* literal string */ err = PARAM_BAD_USE; - break; - } - if(SetHTTPrequest(config, HTTPREQ_MIMEPOST, &config->httpreq)) { + else if(SetHTTPrequest(config, HTTPREQ_MIMEPOST, &config->httpreq)) err = PARAM_BAD_USE; - break; - } break; - - case 'g': /* g disables URLglobbing */ + case C_GLOBOFF: /* --globoff */ config->globoff = toggle; break; - - case 'G': /* HTTP GET */ - if(subletter == 'a') { /* --request-target */ - GetStr(&config->request_target, nextarg); - } - else - config->use_httpget = toggle; + case C_GET: /* --get */ + config->use_httpget = toggle; break; - - case 'h': /* h for help */ + case C_REQUEST_TARGET: /* --request-target */ + err = getstr(&config->request_target, nextarg, DENY_BLANK); + break; + case C_HELP: /* --help */ if(toggle) { - if(nextarg) { + if(*nextarg) { global->help_category = strdup(nextarg); if(!global->help_category) { err = PARAM_NO_MEM; @@ -2191,11 +2305,11 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ } } err = PARAM_HELP_REQUESTED; - break; } /* we now actually support --no-help too! */ break; - case 'H': + case C_HEADER: /* --header */ + case C_PROXY_HEADER: /* --proxy-header */ /* A custom header to append to a list */ if(nextarg[0] == '@') { /* read many headers from a file or stdin */ @@ -2206,7 +2320,6 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ if(!file) { errorf(global, "Failed to open %s", &nextarg[1]); err = PARAM_READ_ERROR; - break; } else { err = file2memory(&string, &len, file); @@ -2215,7 +2328,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ /* !checksrc! disable BANNEDFUNC 2 */ char *h = strtok(string, "\r\n"); while(h) { - if(subletter == 'p') /* --proxy-header */ + if(cmd == C_PROXY_HEADER) /* --proxy-header */ err = add2list(&config->proxyheaders, h); else err = add2list(&config->headers, h); @@ -2227,115 +2340,97 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ } if(!use_stdin) fclose(file); - if(err) - break; } } else { - if(subletter == 'p') /* --proxy-header */ + if(cmd == C_PROXY_HEADER) /* --proxy-header */ err = add2list(&config->proxyheaders, nextarg); else err = add2list(&config->headers, nextarg); } break; - case 'i': + case C_INCLUDE: /* --include */ config->show_headers = toggle; /* show the headers as well in the general output stream */ break; - case 'j': + case C_JUNK_SESSION_COOKIES: /* --junk-session-cookies */ config->cookiesession = toggle; break; - case 'I': /* --head */ + case C_HEAD: /* --head */ config->no_body = toggle; config->show_headers = toggle; if(SetHTTPrequest(config, (config->no_body)?HTTPREQ_HEAD:HTTPREQ_GET, - &config->httpreq)) { + &config->httpreq)) err = PARAM_BAD_USE; - break; - } break; - case 'J': /* --remote-header-name */ + case C_REMOTE_HEADER_NAME: /* --remote-header-name */ config->content_disposition = toggle; break; - case 'k': /* allow insecure SSL connects */ - if(subletter == 'd') /* --doh-insecure */ - config->doh_insecure_ok = toggle; - else - config->insecure_ok = toggle; + case C_INSECURE: /* --insecure */ + config->insecure_ok = toggle; break; - case 'K': /* parse config file */ + case C_DOH_INSECURE: /* --doh-insecure */ + config->doh_insecure_ok = toggle; + break; + case C_CONFIG: /* --config */ if(parseconfig(nextarg, global)) { errorf(global, "cannot read config from '%s'", nextarg); err = PARAM_READ_ERROR; - break; } break; - case 'l': + case C_LIST_ONLY: /* --list-only */ config->dirlistonly = toggle; /* only list the names of the FTP dir */ break; - case 'L': + case C_LOCATION_TRUSTED: /* --location-trusted */ + /* Continue to send authentication (user+password) when following + * locations, even when hostname changed */ + config->unrestricted_auth = toggle; + FALLTHROUGH(); + case C_LOCATION: /* --location */ config->followlocation = toggle; /* Follow Location: HTTP headers */ - switch(subletter) { - case 't': - /* Continue to send authentication (user+password) when following - * locations, even when hostname changed */ - config->unrestricted_auth = toggle; - break; - } break; - case 'm': + case C_MAX_TIME: /* --max-time */ /* specified max time */ err = secs2ms(&config->timeout_ms, nextarg); break; - case 'M': /* M for manual, huge help */ + case C_MANUAL: /* --manual */ if(toggle) { /* --no-manual shows no manual... */ #ifndef USE_MANUAL warnf(global, "built-in manual was disabled at build-time"); #endif err = PARAM_MANUAL_REQUESTED; - break; } break; - case 'n': - switch(subletter) { - case 'o': /* use .netrc or URL */ - config->netrc_opt = toggle; - break; - case 'e': /* netrc-file */ - GetStr(&config->netrc_file, nextarg); - break; - default: - /* pick info from .netrc, if this is used for http, curl will - automatically enforce user+password with the request */ - config->netrc = toggle; - break; - } + case C_NETRC_OPTIONAL: /* --netrc-optional */ + config->netrc_opt = toggle; + break; + case C_NETRC_FILE: /* --netrc-file */ + err = getstr(&config->netrc_file, nextarg, DENY_BLANK); + break; + case C_NETRC: /* --netrc */ + /* pick info from .netrc, if this is used for http, curl will + automatically enforce user+password with the request */ + config->netrc = toggle; break; - case 'N': + case C_BUFFER: /* --buffer */ /* disable the output I/O buffering. note that the option is called --buffer but is mostly used in the negative form: --no-buffer */ config->nobuffer = longopt ? !toggle : TRUE; break; - case 'O': /* --remote-name */ - if(subletter == 'a') { /* --remote-name-all */ - config->default_node_flags = toggle?GETOUT_USEREMOTE:0; - break; - } - else if(subletter == 'b') { /* --output-dir */ - GetStr(&config->output_dir, nextarg); - break; - } - else if(subletter == 'c') { /* --clobber / --no-clobber */ - config->file_clobber_mode = toggle ? CLOBBER_ALWAYS : CLOBBER_NEVER; - break; - } - /* FALLTHROUGH */ - case 'o': /* --output */ + case C_REMOTE_NAME_ALL: /* --remote-name-all */ + config->default_node_flags = toggle?GETOUT_USEREMOTE:0; + break; + case C_OUTPUT_DIR: /* --output-dir */ + err = getstr(&config->output_dir, nextarg, DENY_BLANK); + break; + case C_CLOBBER: /* --clobber */ + config->file_clobber_mode = toggle ? CLOBBER_ALWAYS : CLOBBER_NEVER; + break; + case C_OUTPUT: /* --output */ + case C_REMOTE_NAME: /* --remote-name */ /* output file */ - { - struct getout *url; if(!config->url_out) config->url_out = config->url_list; if(config->url_out) { @@ -2364,12 +2459,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ /* fill in the outfile */ if('o' == letter) { - if(!*nextarg) { - warnf(global, "output file name has no length"); - err = PARAM_BAD_USE; - break; - } - GetStr(&url->outfile, nextarg); + err = getstr(&url->outfile, nextarg, DENY_BLANK); url->flags &= ~GETOUT_USEREMOTE; /* switch off */ } else { @@ -2380,25 +2470,25 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ url->flags &= ~GETOUT_USEREMOTE; /* switch off */ } url->flags |= GETOUT_OUTFILE; - } - break; - case 'P': + break; + case C_FTP_PORT: /* --ftp-port */ /* This makes the FTP sessions use PORT instead of PASV */ /* use or <192.168.10.10> style addresses. Anything except this will make us try to get the "default" address. NOTE: this is a changed behavior since the released 4.1! */ - GetStr(&config->ftpport, nextarg); + err = getstr(&config->ftpport, nextarg, DENY_BLANK); break; - case 'p': + case C_PROXYTUNNEL: /* --proxytunnel */ /* proxy tunnel for non-http protocols */ config->proxytunnel = toggle; break; - case 'q': /* if used first, already taken care of, we do it like - this so we don't cause an error! */ + case C_DISABLE: /* --disable */ + /* if used first, already taken care of, we do it like this so we don't + cause an error! */ break; - case 'Q': + case C_QUOTE: /* --quote */ /* QUOTE command to send to FTP server */ switch(nextarg[0]) { case '-': @@ -2416,34 +2506,33 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ break; } break; - case 'r': + case C_RANGE: /* --range */ /* Specifying a range WITHOUT A DASH will create an illegal HTTP range (and won't actually be range by definition). The man page previously claimed that to be a good way, why this code is added to work-around it. */ if(ISDIGIT(*nextarg) && !strchr(nextarg, '-')) { char buffer[32]; - curl_off_t off; - if(curlx_strtoofft(nextarg, NULL, 10, &off)) { + if(curlx_strtoofft(nextarg, NULL, 10, &value)) { warnf(global, "unsupported range point"); err = PARAM_BAD_USE; - break; } - warnf(global, - "A specified range MUST include at least one dash (-). " - "Appending one for you"); - msnprintf(buffer, sizeof(buffer), "%" CURL_FORMAT_CURL_OFF_T "-", off); - Curl_safefree(config->range); - config->range = strdup(buffer); - if(!config->range) { - err = PARAM_NO_MEM; - break; + else { + warnf(global, + "A specified range MUST include at least one dash (-). " + "Appending one for you"); + msnprintf(buffer, sizeof(buffer), "%" CURL_FORMAT_CURL_OFF_T "-", + value); + Curl_safefree(config->range); + config->range = strdup(buffer); + if(!config->range) + err = PARAM_NO_MEM; } } else { /* byte range requested */ const char *tmp_range = nextarg; - while(*tmp_range != '\0') { + while(*tmp_range) { if(!ISDIGIT(*tmp_range) && *tmp_range != '-' && *tmp_range != ',') { warnf(global, "Invalid character is found in given range. " "A specified range MUST have only digits in " @@ -2453,27 +2542,25 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ } tmp_range++; } - GetStr(&config->range, nextarg); + err = getstr(&config->range, nextarg, DENY_BLANK); } break; - case 'R': + case C_REMOTE_TIME: /* --remote-time */ /* use remote file's time */ config->remote_time = toggle; break; - case 's': /* --silent */ + case C_SILENT: /* --silent */ global->silent = toggle; break; - case 'S': /* --show-error */ + case C_SHOW_ERROR: /* --show-error */ global->showerror = toggle; break; - case 't': + case C_TELNET_OPTION: /* --telnet-option */ /* Telnet options */ err = add2list(&config->telnet_options, nextarg); break; - case 'T': + case C_UPLOAD_FILE: /* --upload-file */ /* we are uploading */ - { - struct getout *url; if(!config->url_ul) config->url_ul = config->url_list; if(config->url_ul) { @@ -2502,46 +2589,42 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ url->flags |= GETOUT_NOUPLOAD; else { /* "-" equals stdin, but keep the string around for now */ - GetStr(&url->infile, nextarg); + err = getstr(&url->infile, nextarg, DENY_BLANK); } - } - break; - case 'u': + break; + case C_USER: /* --user */ /* user:password */ - GetStr(&config->userpwd, nextarg); + err = getstr(&config->userpwd, nextarg, ALLOW_BLANK); cleanarg(clearthis); break; - case 'U': + case C_PROXY_USER: /* --proxy-user */ /* Proxy user:password */ - GetStr(&config->proxyuserpwd, nextarg); + err = getstr(&config->proxyuserpwd, nextarg, ALLOW_BLANK); cleanarg(clearthis); break; - case 'v': + case C_VERBOSE: /* --verbose */ if(toggle) { /* the '%' thing here will cause the trace get sent to stderr */ Curl_safefree(global->trace_dump); global->trace_dump = strdup("%"); - if(!global->trace_dump) { + if(!global->trace_dump) err = PARAM_NO_MEM; - break; + else { + if(global->tracetype && (global->tracetype != TRACE_PLAIN)) + warnf(global, + "-v, --verbose overrides an earlier trace/verbose option"); + global->tracetype = TRACE_PLAIN; } - if(global->tracetype && (global->tracetype != TRACE_PLAIN)) - warnf(global, - "-v, --verbose overrides an earlier trace/verbose option"); - global->tracetype = TRACE_PLAIN; } else /* verbose is disabled here */ global->tracetype = TRACE_NONE; break; - case 'V': - if(toggle) { /* --no-version yields no output! */ + case C_VERSION: /* --version */ + if(toggle) /* --no-version yields no output! */ err = PARAM_VERSION_INFO_REQUESTED; - break; - } break; - - case 'w': + case C_WRITE_OUT: /* --write-out */ /* get the output string */ if('@' == *nextarg) { /* the data begins with a '@' letter, it means that a file name @@ -2572,69 +2655,57 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ warnf(global, "Failed to read %s", fname); } else - GetStr(&config->writeout, nextarg); + err = getstr(&config->writeout, nextarg, DENY_BLANK); break; - case 'x': - switch(subletter) { - case 'a': /* --preproxy */ - GetStr(&config->preproxy, nextarg); - break; - default: - /* --proxy */ - GetStr(&config->proxy, nextarg); - if(config->proxyver != CURLPROXY_HTTPS2) - config->proxyver = CURLPROXY_HTTP; - break; - } + case C_PREPROXY: /* --preproxy */ + err = getstr(&config->preproxy, nextarg, DENY_BLANK); + break; + case C_PROXY: /* --proxy */ + /* --proxy */ + err = getstr(&config->proxy, nextarg, ALLOW_BLANK); + if(config->proxyver != CURLPROXY_HTTPS2) + config->proxyver = CURLPROXY_HTTP; break; - case 'X': + case C_REQUEST: /* --request */ /* set custom request */ - GetStr(&config->customrequest, nextarg); + err = getstr(&config->customrequest, nextarg, DENY_BLANK); break; - case 'y': + case C_SPEED_TIME: /* --speed-time */ /* low speed time */ err = str2unum(&config->low_speed_time, nextarg); - if(err) - break; - if(!config->low_speed_limit) + if(!err && !config->low_speed_limit) config->low_speed_limit = 1; break; - case 'Y': + case C_SPEED_LIMIT: /* --speed-limit */ /* low speed limit */ err = str2unum(&config->low_speed_limit, nextarg); - if(err) - break; - if(!config->low_speed_time) + if(!err && !config->low_speed_time) config->low_speed_time = 30; break; - case 'Z': - switch(subletter) { - case '\0': /* --parallel */ - global->parallel = toggle; - break; - case 'b': { /* --parallel-max */ - long val; - err = str2unum(&val, nextarg); - if(err) - break; - if(val > MAX_PARALLEL) - global->parallel_max = MAX_PARALLEL; - else if(val < 1) - global->parallel_max = PARALLEL_DEFAULT; - else - global->parallel_max = (unsigned short)val; - break; - } - case 'c': /* --parallel-immediate */ - global->parallel_connect = toggle; + case C_PARALLEL: /* --parallel */ + global->parallel = toggle; + break; + case C_PARALLEL_MAX: { /* --parallel-max */ + long val; + err = str2unum(&val, nextarg); + if(err) break; - } + if(val > MAX_PARALLEL) + global->parallel_max = MAX_PARALLEL; + else if(val < 1) + global->parallel_max = PARALLEL_DEFAULT; + else + global->parallel_max = (unsigned short)val; + break; + } + case C_PARALLEL_IMMEDIATE: /* --parallel-immediate */ + global->parallel_connect = toggle; break; - case 'z': /* time condition coming up */ + case C_TIME_COND: /* --time-cond */ switch(*nextarg) { case '+': nextarg++; - /* FALLTHROUGH */ + FALLTHROUGH(); default: /* If-Modified-Since: (section 14.28 in RFC2068) */ config->timecond = CURL_TIMECOND_IFMODSINCE; @@ -2654,11 +2725,10 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ config->condtime = (curl_off_t)curl_getdate(nextarg, &now); if(-1 == config->condtime) { /* now let's see if it is a file name to get the time from instead! */ - curl_off_t filetime; - rc = getfiletime(nextarg, global, &filetime); + rc = getfiletime(nextarg, global, &value); if(!rc) /* pull the time out from the file */ - config->condtime = filetime; + config->condtime = value; else { /* failed, remove time condition */ config->timecond = CURL_TIMECOND_NONE; @@ -2673,7 +2743,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ err = PARAM_OPTION_UNKNOWN; break; } - hit = -1; + a = NULL; } while(!longopt && !singleopt && *++parse && !*usedarg && !err); diff --git a/src/tool_getparam.h b/src/tool_getparam.h index a8a9d4597..12a971d02 100644 --- a/src/tool_getparam.h +++ b/src/tool_getparam.h @@ -49,6 +49,7 @@ typedef enum { PARAM_CONTDISP_RESUME_FROM, /* --continue-at and --remote-header-name */ PARAM_READ_ERROR, PARAM_EXPAND_ERROR, /* --expand problem */ + PARAM_BLANK_STRING, PARAM_LAST } ParameterError; diff --git a/src/tool_getpass.c b/src/tool_getpass.c index f5aa98c6a..8ccccdfb8 100644 --- a/src/tool_getpass.c +++ b/src/tool_getpass.c @@ -46,7 +46,7 @@ # include iodef #endif -#ifdef WIN32 +#ifdef _WIN32 # include #endif @@ -94,7 +94,7 @@ char *getpass_r(const char *prompt, char *buffer, size_t buflen) #define DONE #endif /* __VMS */ -#if defined(WIN32) +#if defined(_WIN32) char *getpass_r(const char *prompt, char *buffer, size_t buflen) { @@ -122,7 +122,7 @@ char *getpass_r(const char *prompt, char *buffer, size_t buflen) return buffer; /* we always return success */ } #define DONE -#endif /* WIN32 */ +#endif /* _WIN32 */ #ifndef DONE /* not previously provided */ diff --git a/src/tool_help.c b/src/tool_help.c index 8983a4ca0..04ac24537 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -73,8 +73,6 @@ static const struct category_descriptors categories[] = { {NULL, NULL, CURLHELP_HIDDEN} }; -extern const struct helptxt helptext[]; - static void print_category(curlhelp_t category) { @@ -175,12 +173,30 @@ void tool_version_info(void) printf("Release-Date: %s\n", LIBCURL_TIMESTAMP); #endif if(built_in_protos[0]) { + const char *insert = NULL; + /* we have ipfs and ipns support if libcurl has http support */ + for(builtin = built_in_protos; *builtin; ++builtin) { + if(insert) { + /* update insertion so ipfs will be printed in alphabetical order */ + if(strcmp(*builtin, "ipfs") < 0) + insert = *builtin; + else + break; + } + else if(!strcmp(*builtin, "http")) { + insert = *builtin; + } + } printf("Protocols:"); for(builtin = built_in_protos; *builtin; ++builtin) { /* Special case: do not list rtmp?* protocols. They may only appear together with "rtmp" */ if(!curl_strnequal(*builtin, "rtmp", 4) || !builtin[0][4]) printf(" %s", *builtin); + if(insert && insert == *builtin) { + printf(" ipfs ipns"); + insert = NULL; + } } puts(""); /* newline */ } diff --git a/src/tool_helpers.c b/src/tool_helpers.c index 854bf777a..67924a26e 100644 --- a/src/tool_helpers.c +++ b/src/tool_helpers.c @@ -78,6 +78,8 @@ const char *param2text(int res) return "error encountered when reading a file"; case PARAM_EXPAND_ERROR: return "variable expansion failure"; + case PARAM_BLANK_STRING: + return "blank argument where content is expected"; default: return "unknown error"; } diff --git a/src/tool_ipfs.c b/src/tool_ipfs.c new file mode 100644 index 000000000..f3a20aa94 --- /dev/null +++ b/src/tool_ipfs.c @@ -0,0 +1,293 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ +#include "tool_setup.h" + +#define ENABLE_CURLX_PRINTF +/* use our own printf() functions */ +#include "curlx.h" +#include "dynbuf.h" + +#include "tool_cfgable.h" +#include "tool_msgs.h" +#include "tool_ipfs.h" + +#include "memdebug.h" /* keep this as LAST include */ + +/* ensure input ends in slash */ +static CURLcode ensure_trailing_slash(char **input) +{ + if(*input && **input) { + size_t len = strlen(*input); + if(((*input)[len - 1] != '/')) { + struct curlx_dynbuf dyn; + curlx_dyn_init(&dyn, len + 2); + + if(curlx_dyn_addn(&dyn, *input, len)) { + Curl_safefree(*input); + return CURLE_OUT_OF_MEMORY; + } + + Curl_safefree(*input); + + if(curlx_dyn_addn(&dyn, "/", 1)) + return CURLE_OUT_OF_MEMORY; + + *input = curlx_dyn_ptr(&dyn); + } + } + + return CURLE_OK; +} + +static char *ipfs_gateway(void) +{ + char *ipfs_path = NULL; + char *gateway_composed_file_path = NULL; + FILE *gateway_file = NULL; + char *gateway = curlx_getenv("IPFS_GATEWAY"); + + /* Gateway is found from environment variable. */ + if(gateway) { + if(ensure_trailing_slash(&gateway)) + goto fail; + return gateway; + } + + /* Try to find the gateway in the IPFS data folder. */ + ipfs_path = curlx_getenv("IPFS_PATH"); + + if(!ipfs_path) { + char *home = curlx_getenv("HOME"); + if(home && *home) + ipfs_path = aprintf("%s/.ipfs/", home); + /* fallback to "~/.ipfs", as that's the default location. */ + + Curl_safefree(home); + } + + if(!ipfs_path || ensure_trailing_slash(&ipfs_path)) + goto fail; + + gateway_composed_file_path = aprintf("%sgateway", ipfs_path); + + if(!gateway_composed_file_path) + goto fail; + + gateway_file = fopen(gateway_composed_file_path, FOPEN_READTEXT); + Curl_safefree(gateway_composed_file_path); + + if(gateway_file) { + int c; + struct curlx_dynbuf dyn; + curlx_dyn_init(&dyn, MAX_GATEWAY_URL_LEN); + + /* get the first line of the gateway file, ignore the rest */ + while((c = getc(gateway_file)) != EOF && c != '\n' && c != '\r') { + char c_char = (char)c; + if(curlx_dyn_addn(&dyn, &c_char, 1)) + goto fail; + } + + fclose(gateway_file); + gateway_file = NULL; + + if(curlx_dyn_len(&dyn)) + gateway = curlx_dyn_ptr(&dyn); + + if(gateway) + ensure_trailing_slash(&gateway); + + if(!gateway) + goto fail; + + Curl_safefree(ipfs_path); + + return gateway; + } +fail: + if(gateway_file) + fclose(gateway_file); + Curl_safefree(gateway); + Curl_safefree(ipfs_path); + return NULL; +} + +/* + * Rewrite ipfs:// and ipns:// to a HTTP(S) + * URL that can be handled by an IPFS gateway. + */ +CURLcode ipfs_url_rewrite(CURLU *uh, const char *protocol, char **url, + struct OperationConfig *config) +{ + CURLcode result = CURLE_URL_MALFORMAT; + CURLUcode getResult; + char *gateway = NULL; + char *gwhost = NULL; + char *gwpath = NULL; + char *gwquery = NULL; + char *gwscheme = NULL; + char *gwport = NULL; + char *inputpath = NULL; + char *cid = NULL; + char *pathbuffer = NULL; + char *cloneurl; + CURLU *gatewayurl = curl_url(); + + if(!gatewayurl) { + result = CURLE_FAILED_INIT; + goto clean; + } + + getResult = curl_url_get(uh, CURLUPART_HOST, &cid, CURLU_URLDECODE); + if(getResult || !cid) + goto clean; + + /* We might have a --ipfs-gateway argument. Check it first and use it. Error + * if we do have something but if it's an invalid url. + */ + if(config->ipfs_gateway) { + /* ensure the gateway ends in a trailing / */ + if(ensure_trailing_slash(&config->ipfs_gateway) != CURLE_OK) { + result = CURLE_OUT_OF_MEMORY; + goto clean; + } + + if(!curl_url_set(gatewayurl, CURLUPART_URL, config->ipfs_gateway, + CURLU_GUESS_SCHEME)) { + gateway = strdup(config->ipfs_gateway); + if(!gateway) { + result = CURLE_URL_MALFORMAT; + goto clean; + } + + } + else { + result = CURLE_BAD_FUNCTION_ARGUMENT; + goto clean; + } + } + else { + /* this is ensured to end in a trailing / within ipfs_gateway() */ + gateway = ipfs_gateway(); + if(!gateway) { + result = CURLE_FILE_COULDNT_READ_FILE; + goto clean; + } + + if(curl_url_set(gatewayurl, CURLUPART_URL, gateway, 0)) { + result = CURLE_URL_MALFORMAT; + goto clean; + } + } + + /* check for unsupported gateway parts */ + if(curl_url_get(gatewayurl, CURLUPART_QUERY, &gwquery, 0) + != CURLUE_NO_QUERY) { + result = CURLE_URL_MALFORMAT; + goto clean; + } + + /* get gateway parts */ + if(curl_url_get(gatewayurl, CURLUPART_HOST, + &gwhost, CURLU_URLDECODE)) { + goto clean; + } + + if(curl_url_get(gatewayurl, CURLUPART_SCHEME, + &gwscheme, CURLU_URLDECODE)) { + goto clean; + } + + curl_url_get(gatewayurl, CURLUPART_PORT, &gwport, CURLU_URLDECODE); + curl_url_get(gatewayurl, CURLUPART_PATH, &gwpath, CURLU_URLDECODE); + + /* get the path from user input */ + curl_url_get(uh, CURLUPART_PATH, &inputpath, CURLU_URLDECODE); + /* inputpath might be NULL or a valid pointer now */ + + /* set gateway parts in input url */ + if(curl_url_set(uh, CURLUPART_SCHEME, gwscheme, CURLU_URLENCODE) || + curl_url_set(uh, CURLUPART_HOST, gwhost, CURLU_URLENCODE) || + curl_url_set(uh, CURLUPART_PORT, gwport, CURLU_URLENCODE)) + goto clean; + + /* if the input path is just a slash, clear it */ + if(inputpath && (inputpath[0] == '/') && !inputpath[1]) + *inputpath = '\0'; + + /* ensure the gateway path ends with a trailing slash */ + ensure_trailing_slash(&gwpath); + + pathbuffer = aprintf("%s%s/%s%s", gwpath, protocol, cid, + inputpath ? inputpath : ""); + if(!pathbuffer) { + goto clean; + } + + if(curl_url_set(uh, CURLUPART_PATH, pathbuffer, CURLU_URLENCODE)) { + goto clean; + } + + /* Free whatever it has now, rewriting is next */ + Curl_safefree(*url); + + if(curl_url_get(uh, CURLUPART_URL, &cloneurl, CURLU_URLENCODE)) { + goto clean; + } + /* we need to strdup the URL so that we can call free() on it later */ + *url = strdup(cloneurl); + curl_free(cloneurl); + if(!*url) + goto clean; + + result = CURLE_OK; + +clean: + free(gateway); + curl_free(gwhost); + curl_free(gwpath); + curl_free(gwquery); + curl_free(inputpath); + curl_free(gwscheme); + curl_free(gwport); + curl_free(cid); + curl_free(pathbuffer); + curl_url_cleanup(gatewayurl); + { + switch(result) { + case CURLE_URL_MALFORMAT: + helpf(tool_stderr, "malformed target URL"); + break; + case CURLE_FILE_COULDNT_READ_FILE: + helpf(tool_stderr, "IPFS automatic gateway detection failed"); + break; + case CURLE_BAD_FUNCTION_ARGUMENT: + helpf(tool_stderr, "--ipfs-gateway was given a malformed URL"); + break; + default: + break; + } + } + return result; +} diff --git a/src/tool_ipfs.h b/src/tool_ipfs.h new file mode 100644 index 000000000..9c8a83e3b --- /dev/null +++ b/src/tool_ipfs.h @@ -0,0 +1,33 @@ +#ifndef HEADER_CURL_TOOL_IPFS_H +#define HEADER_CURL_TOOL_IPFS_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ +#include "tool_setup.h" + +#define MAX_GATEWAY_URL_LEN 10000 + +CURLcode ipfs_url_rewrite(CURLU *uh, const char *protocol, char **url, + struct OperationConfig *config); + +#endif /* HEADER_CURL_TOOL_IPFS_H */ diff --git a/src/tool_listhelp.c b/src/tool_listhelp.c index 4e7a6dd63..32ed2533e 100644 --- a/src/tool_listhelp.c +++ b/src/tool_listhelp.c @@ -26,10 +26,10 @@ /* * DO NOT edit tool_listhelp.c manually. - * This source file is generated with the following command: - - cd $srcroot/docs/cmdline-opts - ./gen.pl listhelp *.d > $srcroot/src/tool_listhelp.c + * This source file is generated with the following command in an autotools + * build: + * + * "make listhelp" */ const struct helptxt helptext[] = { @@ -143,7 +143,7 @@ const struct helptxt helptext[] = { CURLHELP_FTP}, {" --disallow-username-in-url", "Disallow username in URL", - CURLHELP_CURL | CURLHELP_HTTP}, + CURLHELP_CURL}, {" --dns-interface ", "Interface to use for DNS requests", CURLHELP_DNS}, @@ -246,7 +246,7 @@ const struct helptxt helptext[] = { {" --happy-eyeballs-timeout-ms ", "Time for IPv6 before trying IPv4", CURLHELP_CONNECTION}, - {" --haproxy-clientip", + {" --haproxy-clientip ", "Sets client IP in HAProxy PROXY protocol v1 header", CURLHELP_HTTP | CURLHELP_PROXY}, {" --haproxy-protocol", diff --git a/src/tool_main.c b/src/tool_main.c index 2f132e2d2..446806ecb 100644 --- a/src/tool_main.c +++ b/src/tool_main.c @@ -25,7 +25,7 @@ #include -#ifdef WIN32 +#ifdef _WIN32 #include #endif @@ -220,6 +220,7 @@ static void main_free(struct GlobalConfig *config) #ifdef _UNICODE #if defined(__GNUC__) /* GCC doesn't know about wmain() */ +#pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wmissing-prototypes" #pragma GCC diagnostic ignored "-Wmissing-declarations" #endif @@ -234,7 +235,7 @@ int main(int argc, char *argv[]) tool_init_stderr(); -#ifdef WIN32 +#ifdef _WIN32 /* Undocumented diagnostic option to list the full paths of all loaded modules. This is purposely pre-init. */ if(argc == 2 && !_tcscmp(argv[1], _T("--dump-module-paths"))) { @@ -275,7 +276,7 @@ int main(int argc, char *argv[]) main_free(&global); } -#ifdef WIN32 +#ifdef _WIN32 /* Flush buffers of all streams opened in write or update mode */ fflush(NULL); #endif @@ -287,4 +288,10 @@ int main(int argc, char *argv[]) #endif } +#ifdef _UNICODE +#ifdef __GNUC__ +#pragma GCC diagnostic pop +#endif +#endif + #endif /* ndef UNITTESTS */ diff --git a/src/tool_msgs.c b/src/tool_msgs.c index c914836db..09c9310a5 100644 --- a/src/tool_msgs.c +++ b/src/tool_msgs.c @@ -36,6 +36,11 @@ #define NOTE_PREFIX "Note: " #define ERROR_PREFIX "curl: " +static void voutf(struct GlobalConfig *config, + const char *prefix, + const char *fmt, + va_list ap) CURL_PRINTF(3, 0); + static void voutf(struct GlobalConfig *config, const char *prefix, const char *fmt, @@ -100,7 +105,6 @@ void notef(struct GlobalConfig *config, const char *fmt, ...) * Emit warning formatted message on configured 'errors' stream unless * mute (--silent) was selected. */ - void warnf(struct GlobalConfig *config, const char *fmt, ...) { va_list ap; @@ -108,6 +112,7 @@ void warnf(struct GlobalConfig *config, const char *fmt, ...) voutf(config, WARN_PREFIX, fmt, ap); va_end(ap); } + /* * Emit help formatted message on given stream. This is for errors with or * related to command line arguments. diff --git a/src/tool_msgs.h b/src/tool_msgs.h index 9458991c0..e963efaa0 100644 --- a/src/tool_msgs.h +++ b/src/tool_msgs.h @@ -26,9 +26,13 @@ #include "tool_setup.h" #include "tool_cfgable.h" -void warnf(struct GlobalConfig *config, const char *fmt, ...); -void notef(struct GlobalConfig *config, const char *fmt, ...); -void helpf(FILE *errors, const char *fmt, ...); -void errorf(struct GlobalConfig *config, const char *fmt, ...); +void warnf(struct GlobalConfig *config, const char *fmt, ...) + CURL_PRINTF(2, 3); +void notef(struct GlobalConfig *config, const char *fmt, ...) + CURL_PRINTF(2, 3); +void helpf(FILE *errors, const char *fmt, ...) + CURL_PRINTF(2, 3); +void errorf(struct GlobalConfig *config, const char *fmt, ...) + CURL_PRINTF(2, 3); #endif /* HEADER_CURL_TOOL_MSGS_H */ diff --git a/src/tool_operate.c b/src/tool_operate.c index 4991186eb..ba811d773 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -81,6 +81,7 @@ #include "tool_help.h" #include "tool_hugehelp.h" #include "tool_progress.h" +#include "tool_ipfs.h" #include "dynbuf.h" #include "memdebug.h" /* keep this as LAST include */ @@ -210,7 +211,7 @@ static curl_off_t all_pers; static CURLcode add_per_transfer(struct per_transfer **per) { struct per_transfer *p; - p = calloc(sizeof(struct per_transfer), 1); + p = calloc(1, sizeof(struct per_transfer)); if(!p) return CURLE_OUT_OF_MEMORY; if(!transfers) @@ -342,22 +343,6 @@ static CURLcode pre_transfer(struct GlobalConfig *global, return result; } -#ifdef __AMIGA__ -static void AmigaSetComment(struct per_transfer *per, - CURLcode result) -{ - struct OutStruct *outs = &per->outs; - if(!result && outs->s_isreg && outs->filename) { - /* Set the url (up to 80 chars) as comment for the file */ - if(strlen(per->this_url) > 78) - per->this_url[79] = '\0'; - SetComment(outs->filename, per->this_url); - } -} -#else -#define AmigaSetComment(x,y) Curl_nop_stmt -#endif - /* When doing serial transfers, we use a single fixed error area */ static char global_errorbuffer[CURL_ERROR_SIZE]; @@ -371,7 +356,6 @@ void single_transfer_cleanup(struct OperationConfig *config) state->urls = NULL; } Curl_safefree(state->outfiles); - Curl_safefree(state->httpgetfields); Curl_safefree(state->uploadfile); if(state->inglob) { /* Free list of globbed upload files */ @@ -462,7 +446,7 @@ static CURLcode post_per_transfer(struct GlobalConfig *global, } } -#ifdef WIN32 +#ifdef _WIN32 /* Discard incomplete UTF-8 sequence buffered from body */ if(outs->utf8seq[0]) memset(outs->utf8seq, 0, sizeof(outs->utf8seq)); @@ -653,13 +637,20 @@ noretry: errorf(config->global, "curl: (%d) Failed writing body", result); } if(result && config->rm_partial) { - notef(global, "Removing output file: %s", outs->filename); - unlink(outs->filename); + struct_stat st; + if(!stat(outs->filename, &st) && + S_ISREG(st.st_mode)) { + if(!unlink(outs->filename)) + notef(global, "Removed output file: %s", outs->filename); + else + warnf(global, "Failed removing: %s", outs->filename); + } + else + warnf(global, "Skipping removal; not a regular file: %s", + outs->filename); } } - AmigaSetComment(per, result); - /* File time can only be set _after_ the file has been closed */ if(!result && config->remote_time && outs->s_isreg && outs->filename) { /* Ask libcurl if we got a remote file time */ @@ -697,197 +688,6 @@ noretry: return result; } -static char *ipfs_gateway(void) -{ - char *gateway = NULL; - char *ipfs_path = NULL; - char *gateway_composed_file_path = NULL; - FILE *gateway_file = NULL; - - gateway = getenv("IPFS_GATEWAY"); - - /* Gateway is found from environment variable. */ - if(gateway && *gateway) { - char *composed_gateway = NULL; - bool add_slash = (gateway[strlen(gateway) - 1] != '/'); - composed_gateway = aprintf("%s%s", gateway, (add_slash) ? "/" : ""); - if(composed_gateway) { - gateway = aprintf("%s", composed_gateway); - Curl_safefree(composed_gateway); - } - return gateway; - } - else - /* a blank string does not count */ - gateway = NULL; - - /* Try to find the gateway in the IPFS data folder. */ - ipfs_path = getenv("IPFS_PATH"); - - if(!ipfs_path) { - char *home = getenv("HOME"); - if(home && *home) - ipfs_path = aprintf("%s/.ipfs/", home); - /* fallback to "~/.ipfs", as that's the default location. */ - } - - if(!ipfs_path) { - Curl_safefree(gateway); - Curl_safefree(ipfs_path); - return NULL; - } - - gateway_composed_file_path = aprintf("%sgateway", ipfs_path); - - if(!gateway_composed_file_path) { - Curl_safefree(gateway); - Curl_safefree(ipfs_path); - return NULL; - } - - gateway_file = fopen(gateway_composed_file_path, FOPEN_READTEXT); - Curl_safefree(gateway_composed_file_path); - - if(gateway_file) { - char *buf = NULL; - - if((PARAM_OK == file2string(&buf, gateway_file)) && buf && *buf) { - bool add_slash = (buf[strlen(buf) - 1] != '/'); - gateway = aprintf("%s%s", buf, (add_slash) ? "/" : ""); - } - Curl_safefree(buf); - - if(gateway_file) - fclose(gateway_file); - - if(!gateway) { - Curl_safefree(gateway); - Curl_safefree(ipfs_path); - return NULL; - } - - Curl_safefree(ipfs_path); - return gateway; - } - - Curl_safefree(gateway); - Curl_safefree(ipfs_path); - return NULL; -} - -/* - * Rewrite ipfs:// and ipns:// to a HTTP(S) - * URL that can be handled by an IPFS gateway. - */ -static CURLcode ipfs_url_rewrite(CURLU *uh, const char *protocol, char **url, - struct OperationConfig *config) -{ - CURLcode result = CURLE_URL_MALFORMAT; - CURLUcode urlGetResult; - char *gateway = NULL; - char *cid = NULL; - char *pathbuffer = NULL; - CURLU *ipfsurl = curl_url(); - - if(!ipfsurl) { - result = CURLE_FAILED_INIT; - goto clean; - } - - urlGetResult = curl_url_get(uh, CURLUPART_HOST, &cid, CURLU_URLDECODE); - - if(urlGetResult) { - goto clean; - } - - if(!cid) { - goto clean; - } - - /* We might have a --ipfs-gateway argument. Check it first and use it. Error - * if we do have something but if it's an invalid url. - */ - if(config->ipfs_gateway) { - if(curl_url_set(ipfsurl, CURLUPART_URL, config->ipfs_gateway, - CURLU_GUESS_SCHEME) - == CURLUE_OK) { - gateway = strdup(config->ipfs_gateway); - if(!gateway) { - result = CURLE_URL_MALFORMAT; - goto clean; - } - - } - else { - result = CURLE_BAD_FUNCTION_ARGUMENT; - goto clean; - } - } - else { - gateway = ipfs_gateway(); - if(!gateway) { - result = CURLE_FILE_COULDNT_READ_FILE; - goto clean; - } - - if(curl_url_set(ipfsurl, CURLUPART_URL, gateway, CURLU_GUESS_SCHEME - | CURLU_NON_SUPPORT_SCHEME) != CURLUE_OK) { - goto clean; - } - } - - pathbuffer = aprintf("%s/%s", protocol, cid); - if(!pathbuffer) { - goto clean; - } - - if(curl_url_set(ipfsurl, CURLUPART_PATH, pathbuffer, CURLU_URLENCODE) - != CURLUE_OK) { - goto clean; - } - - /* Free whatever it has now, rewriting is next */ - Curl_safefree(*url); - - if(curl_url_get(ipfsurl, CURLUPART_URL, url, CURLU_URLENCODE) - != CURLUE_OK) { - goto clean; - } - - result = CURLE_OK; - -clean: - free(gateway); - curl_free(cid); - curl_free(pathbuffer); - curl_url_cleanup(ipfsurl); - - switch(result) { - case CURLE_URL_MALFORMAT: - helpf(tool_stderr, "malformed URL. Visit https://curl.se/" - "docs/ipfs.html#Gateway-file-and-" - "environment-variable for more " - "information"); - break; - case CURLE_FILE_COULDNT_READ_FILE: - helpf(tool_stderr, "IPFS automatic gateway detection " - "failure. Visit https://curl.se/docs/" - "ipfs.html#Malformed-gateway-URL for " - "more information"); - break; - case CURLE_BAD_FUNCTION_ARGUMENT: - helpf(tool_stderr, "--ipfs-gateway argument results in " - "malformed URL. Visit https://curl.se/" - "docs/ipfs.html#Malformed-gateway-URL " - "for more information"); - break; - default: - break; - } - - return result; -} - /* * Return the protocol token for the scheme used in the given URL */ @@ -911,13 +711,13 @@ static CURLcode url_proto(char **url, if(curl_strequal(schemep, proto_ipfs) || curl_strequal(schemep, proto_ipns)) { result = ipfs_url_rewrite(uh, schemep, url, config); - /* short-circuit proto_token, we know it's ipfs or ipns */ if(curl_strequal(schemep, proto_ipfs)) proto = proto_ipfs; else if(curl_strequal(schemep, proto_ipns)) proto = proto_ipns; - + if(result) + config->synthetic_error = TRUE; } else proto = proto_token(schemep); @@ -952,15 +752,11 @@ static CURLcode single_transfer(struct GlobalConfig *global, if(config->use_httpget) { if(!httpgetfields) { /* Use the postfields data for an HTTP get */ - httpgetfields = state->httpgetfields = strdup(config->postfields); - Curl_safefree(config->postfields); - if(!httpgetfields) { - errorf(global, "out of memory"); - result = CURLE_OUT_OF_MEMORY; - } - else if(SetHTTPrequest(config, - (config->no_body?HTTPREQ_HEAD:HTTPREQ_GET), - &config->httpreq)) { + httpgetfields = state->httpgetfields = config->postfields; + config->postfields = NULL; + if(SetHTTPrequest(config, + (config->no_body?HTTPREQ_HEAD:HTTPREQ_GET), + &config->httpreq)) { result = CURLE_FAILED_INIT; } } @@ -1623,9 +1419,9 @@ static CURLcode single_transfer(struct GlobalConfig *global, } else { my_setopt_str(curl, CURLOPT_POSTFIELDS, - config->postfields); + curlx_dyn_ptr(&config->postdata)); my_setopt(curl, CURLOPT_POSTFIELDSIZE_LARGE, - config->postfieldsize); + (curl_off_t)curlx_dyn_len(&config->postdata)); } break; case HTTPREQ_MIMEPOST: @@ -1776,7 +1572,8 @@ static CURLcode single_transfer(struct GlobalConfig *global, (config->proxy_capath ? config->proxy_capath : config->capath)); - if(result == CURLE_NOT_BUILT_IN) { + if((result == CURLE_NOT_BUILT_IN) || + (result == CURLE_UNKNOWN_OPTION)) { if(config->proxy_capath) { warnf(global, "ignoring --proxy-capath, not supported by libcurl"); @@ -2825,7 +2622,7 @@ static CURLcode transfer_per_config(struct GlobalConfig *global, if(env) curl_free(env); -#ifdef WIN32 +#ifdef _WIN32 else { result = FindWin32CACert(config, tls_backend_info->backend, TEXT("curl-ca-bundle.crt")); diff --git a/src/tool_operate.h b/src/tool_operate.h index 21a7f929d..4993b1c96 100644 --- a/src/tool_operate.h +++ b/src/tool_operate.h @@ -74,7 +74,7 @@ struct per_transfer { /* NULL or malloced */ char *uploadfile; - char *errorbuffer; /* alloced and assigned while this is used for a + char *errorbuffer; /* allocated and assigned while this is used for a transfer */ }; diff --git a/src/tool_operhlp.c b/src/tool_operhlp.c index a964d796d..d1e8352d8 100644 --- a/src/tool_operhlp.c +++ b/src/tool_operhlp.c @@ -215,7 +215,7 @@ CURLcode get_url_file_name(char **filename, const char *url) if(!*filename) return CURLE_OUT_OF_MEMORY; -#if defined(MSDOS) || defined(WIN32) +#if defined(_WIN32) || defined(MSDOS) { char *sanitized; SANITIZEcode sc = sanitize_file_name(&sanitized, *filename, 0); @@ -227,7 +227,7 @@ CURLcode get_url_file_name(char **filename, const char *url) } *filename = sanitized; } -#endif /* MSDOS || WIN32 */ +#endif /* _WIN32 || MSDOS */ /* in case we built debug enabled, we allow an environment variable * named CURL_TESTDIR to prefix the given file name to put it into a diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c index d70e80db4..272581500 100644 --- a/src/tool_paramhlp.c +++ b/src/tool_paramhlp.c @@ -88,8 +88,6 @@ ParameterError file2string(char **bufp, FILE *file) return PARAM_OK; } -#define MAX_FILE2MEMORY (1024*1024*1024) /* big enough ? */ - ParameterError file2memory(char **bufp, size_t *size, FILE *file) { if(file) { @@ -134,6 +132,8 @@ static ParameterError getnum(long *val, const char *str, int base) if(str) { char *endptr = NULL; long num; + if(!str[0]) + return PARAM_BLANK_STRING; errno = 0; num = strtol(str, &endptr, base); if(errno == ERANGE) @@ -408,7 +408,7 @@ ParameterError proto2num(struct OperationConfig *config, break; case set: protoset[0] = NULL; - /* FALLTHROUGH */ + FALLTHROUGH(); case allow: protoset_set(protoset, p); break; diff --git a/src/tool_paramhlp.h b/src/tool_paramhlp.h index edb878195..96c49ac59 100644 --- a/src/tool_paramhlp.h +++ b/src/tool_paramhlp.h @@ -30,6 +30,8 @@ struct getout *new_getout(struct OperationConfig *config); ParameterError file2string(char **bufp, FILE *file); +#define MAX_FILE2MEMORY (1024*1024*1024) /* big enough ? */ + ParameterError file2memory(char **bufp, size_t *size, FILE *file); ParameterError str2num(long *val, const char *str); diff --git a/src/tool_parsecfg.c b/src/tool_parsecfg.c index c15f21043..da4870066 100644 --- a/src/tool_parsecfg.c +++ b/src/tool_parsecfg.c @@ -46,7 +46,7 @@ static const char *unslashquote(const char *line, char *param); #define MAX_CONFIG_LINE_LENGTH (10*1024*1024) static bool my_get_line(FILE *fp, struct curlx_dynbuf *, bool *error); -#ifdef WIN32 +#ifdef _WIN32 static FILE *execpath(const char *filename, char **pathp) { static char filebuffer[512]; @@ -98,7 +98,7 @@ int parseconfig(const char *filename, struct GlobalConfig *global) } filename = pathalloc = curlrc; } -#ifdef WIN32 /* Windows */ +#ifdef _WIN32 /* Windows */ else { char *fullp; /* check for .curlrc then _curlrc in the dir of the executable */ @@ -210,8 +210,9 @@ int parseconfig(const char *filename, struct GlobalConfig *global) break; default: warnf(operation->global, "%s:%d: warning: '%s' uses unquoted " - "whitespace in the line that may cause side-effects", - filename, lineno, option); + "whitespace", filename, lineno, option); + warnf(operation->global, "This may cause side-effects. " + "Consider using double quotes?"); } } if(!*param) diff --git a/src/tool_sdecls.h b/src/tool_sdecls.h index 7b2eb2338..b93c32462 100644 --- a/src/tool_sdecls.h +++ b/src/tool_sdecls.h @@ -71,7 +71,7 @@ struct OutStruct { FILE *stream; curl_off_t bytes; curl_off_t init; -#ifdef WIN32 +#ifdef _WIN32 unsigned char utf8seq[5]; #endif }; diff --git a/src/tool_setopt.c b/src/tool_setopt.c index de3b78fab..b41b6d1d2 100644 --- a/src/tool_setopt.c +++ b/src/tool_setopt.c @@ -240,14 +240,10 @@ static char *c_escape(const char *str, curl_off_t len) if(p && *p) result = curlx_dyn_addn(&escaped, to + 2 * (p - from), 2); else { - const char *format = "\\x%02x"; - - if(len > 1 && ISXDIGIT(s[1])) { - /* Octal escape to avoid >2 digit hex. */ - format = "\\%03o"; - } - - result = curlx_dyn_addf(&escaped, format, + result = curlx_dyn_addf(&escaped, + /* Octal escape to avoid >2 digit hex. */ + (len > 1 && ISXDIGIT(s[1])) ? + "\\%03o" : "\\x%02x", (unsigned int) *(unsigned char *) s); } } @@ -431,7 +427,7 @@ static CURLcode libcurl_generate_mime_part(CURL *curl, case TOOLMIME_STDIN: if(!filename) filename = "-"; - /* FALLTHROUGH */ + FALLTHROUGH(); case TOOLMIME_STDINDATA: /* Can only be reading stdin in the current context. */ CODE1("curl_mime_data_cb(part%d, -1, (curl_read_callback) fread, \\", @@ -653,7 +649,7 @@ CURLcode tool_setopt(CURL *curl, bool str, struct GlobalConfig *global, if(escape) { curl_off_t len = ZERO_TERMINATED; if(tag == CURLOPT_POSTFIELDS) - len = config->postfieldsize; + len = curlx_dyn_len(&config->postdata); escaped = c_escape(value, len); NULL_CHECK(escaped); CODE2("curl_easy_setopt(hnd, %s, \"%s\");", name, escaped); diff --git a/src/tool_setup.h b/src/tool_setup.h index 48b355640..c69859ea6 100644 --- a/src/tool_setup.h +++ b/src/tool_setup.h @@ -66,10 +66,12 @@ extern FILE *tool_stderr; # include "tool_strdup.h" #endif -#if defined(WIN32) && !defined(MSDOS) +#if defined(_WIN32) /* set in win32_init() */ extern LARGE_INTEGER tool_freq; extern bool tool_isVistaOrGreater; +/* set in init_terminal() */ +extern bool tool_term_has_bold; #endif #endif /* HEADER_CURL_TOOL_SETUP_H */ diff --git a/src/tool_sleep.c b/src/tool_sleep.c index 08d6f9028..c24f73729 100644 --- a/src/tool_sleep.c +++ b/src/tool_sleep.c @@ -47,7 +47,7 @@ void tool_go_sleep(long ms) { #if defined(MSDOS) delay(ms); -#elif defined(WIN32) +#elif defined(_WIN32) Sleep(ms); #elif defined(HAVE_POLL_FINE) (void)poll((void *)0, 0, (int)ms); diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c index 69016179d..8ae28a3a6 100644 --- a/src/tool_urlglob.c +++ b/src/tool_urlglob.c @@ -66,13 +66,23 @@ static CURLcode glob_fixed(struct URLGlob *glob, char *fixed, size_t len) */ static int multiply(curl_off_t *amount, curl_off_t with) { - curl_off_t sum = *amount * with; - if(!with) { - *amount = 0; - return 0; + curl_off_t sum; + DEBUGASSERT(*amount >= 0); + DEBUGASSERT(with >= 0); + if((with <= 0) || (*amount <= 0)) { + sum = 0; + } + else { +#if defined(__GNUC__) && \ + ((__GNUC__ > 5) || ((__GNUC__ == 5) && (__GNUC_MINOR__ >= 1))) + if(__builtin_mul_overflow(*amount, with, &sum)) + return 1; +#else + sum = *amount * with; + if(sum/with != *amount) + return 1; /* didn't fit, bail out */ +#endif } - if(sum/with != *amount) - return 1; /* didn't fit, bail out */ *amount = sum; return 0; } @@ -117,7 +127,7 @@ static CURLcode glob_set(struct URLGlob *glob, char **patternp, if(multiply(amount, pat->content.Set.size + 1)) return GLOBERROR("range overflow", 0, CURLE_URL_MALFORMAT); - /* FALLTHROUGH */ + FALLTHROUGH(); case ',': *buf = '\0'; @@ -161,7 +171,7 @@ static CURLcode glob_set(struct URLGlob *glob, char **patternp, ++pattern; ++(*posp); } - /* FALLTHROUGH */ + FALLTHROUGH(); default: *buf++ = *pattern++; /* copy character to set element */ ++(*posp); @@ -692,7 +702,7 @@ CURLcode glob_match_url(char **result, char *filename, struct URLGlob *glob) if(curlx_dyn_addn(&dyn, "", 0)) return CURLE_OUT_OF_MEMORY; -#if defined(MSDOS) || defined(WIN32) +#if defined(_WIN32) || defined(MSDOS) { char *sanitized; SANITIZEcode sc = sanitize_file_name(&sanitized, curlx_dyn_ptr(&dyn), @@ -707,5 +717,5 @@ CURLcode glob_match_url(char **result, char *filename, struct URLGlob *glob) #else *result = curlx_dyn_ptr(&dyn); return CURLE_OK; -#endif /* MSDOS || WIN32 */ +#endif /* _WIN32 || MSDOS */ } diff --git a/src/tool_util.c b/src/tool_util.c index 7a1c03b20..812a689d0 100644 --- a/src/tool_util.c +++ b/src/tool_util.c @@ -31,7 +31,7 @@ #include "memdebug.h" /* keep this as LAST include */ -#if defined(WIN32) && !defined(MSDOS) +#if defined(_WIN32) /* In case of bug fix this function has a counterpart in timeval.c */ struct timeval tvnow(void) diff --git a/src/tool_writeout_json.c b/src/tool_writeout_json.c index 7bc74a269..4ed6b93fb 100644 --- a/src/tool_writeout_json.c +++ b/src/tool_writeout_json.c @@ -41,8 +41,8 @@ int jsonquoted(const char *in, size_t len, struct curlx_dynbuf *out, bool lowercase) { - const char *i = in; - const char *in_end = &in[len]; + const unsigned char *i = (unsigned char *)in; + const unsigned char *in_end = &i[len]; CURLcode result = CURLE_OK; for(; (i < in_end) && !result; i++) { diff --git a/src/tool_xattr.c b/src/tool_xattr.c index 968cf2f72..9472194fa 100644 --- a/src/tool_xattr.c +++ b/src/tool_xattr.c @@ -87,11 +87,12 @@ static int xattr(int fd, int err = 0; if(value) { #ifdef DEBUGBUILD + (void)fd; if(getenv("CURL_FAKE_XATTR")) { printf("%s => %s\n", attr, value); } return 0; -#endif +#else #ifdef HAVE_FSETXATTR_6 err = fsetxattr(fd, attr, value, strlen(value), 0, 0); #elif defined(HAVE_FSETXATTR_5) @@ -104,6 +105,7 @@ static int xattr(int fd, attribute */ err = (rc < 0 ? -1 : 0); } +#endif #endif } return err; diff --git a/src/var.c b/src/var.c index f8f42f666..388d45592 100644 --- a/src/var.c +++ b/src/var.c @@ -358,7 +358,7 @@ static ParameterError addvariable(struct GlobalConfig *global, if(check) notef(global, "Overwriting variable '%s'", check->name); - p = calloc(sizeof(struct var), 1); + p = calloc(1, sizeof(struct var)); if(!p) return PARAM_NO_MEM; diff --git a/tests/FILEFORMAT.md b/tests/FILEFORMAT.md index 665d93eb8..5a8e78323 100644 --- a/tests/FILEFORMAT.md +++ b/tests/FILEFORMAT.md @@ -74,6 +74,17 @@ For example, to insert the word hello 100 times: %repeat[100 x hello]% +## Include file + +This instruction allows a test case to include another file. It is helpful to +remember that the ordinary variables are expanded before the include happens +so `%LOGDIR` and the others can be used in the include line. + +The file name cannot contain `%` as that letter is used to end the name for +the include instruction: + + %include filename% + ## Conditional lines Lines in the test file can be made to appear conditionally on a specific diff --git a/tests/Makefile.am b/tests/Makefile.am index 17e9ad049..a6d0708f7 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -22,19 +22,35 @@ # ########################################################################### -HTMLPAGES = testcurl.html runtests.html -PDFPAGES = testcurl.pdf runtests.pdf MANDISTPAGES = runtests.1.dist testcurl.1.dist -EXTRA_DIST = appveyor.pm azure.pm badsymbols.pl check-deprecated.pl CMakeLists.txt \ - devtest.pl dictserver.py directories.pm disable-scan.pl error-codes.pl extern-scan.pl FILEFORMAT.md \ - processhelp.pm ftpserver.pl getpart.pm globalconfig.pm http-server.pl http2-server.pl \ - http3-server.pl manpage-scan.pl manpage-syntax.pl markdown-uppercase.pl mem-include-scan.pl \ - memanalyze.pl negtelnetserver.py nroff-scan.pl option-check.pl options-scan.pl \ - pathhelp.pm README.md rtspserver.pl runner.pm runtests.1 runtests.pl secureserver.pl \ - serverhelp.pm servers.pm smbserver.py sshhelp.pm sshserver.pl stunnel.pem symbol-scan.pl \ - testcurl.1 testcurl.pl testutil.pm tftpserver.pl util.py valgrind.pm \ - valgrind.supp version-scan.pl check-translatable-options.pl +# scripts used in test cases +TESTSCRIPTS = \ + test1119.pl \ + test1132.pl \ + test1135.pl \ + test1139.pl \ + test1140.pl \ + test1165.pl \ + test1167.pl \ + test1173.pl \ + test1175.pl \ + test1177.pl \ + test1222.pl \ + test1275.pl \ + test1276.pl \ + test1477.pl \ + test1544.pl \ + test971.pl + +EXTRA_DIST = appveyor.pm azure.pm CMakeLists.txt devtest.pl \ + dictserver.py directories.pm FILEFORMAT.md processhelp.pm ftpserver.pl \ + getpart.pm globalconfig.pm http-server.pl http2-server.pl \ + http3-server.pl memanalyze.pl negtelnetserver.py pathhelp.pm README.md \ + rtspserver.pl runner.pm runtests.1 runtests.pl secureserver.pl \ + serverhelp.pm servers.pm smbserver.py sshhelp.pm sshserver.pl \ + stunnel.pem testcurl.1 testcurl.pl testutil.pm tftpserver.pl util.py \ + valgrind.pm valgrind.supp $(TESTSCRIPTS) DISTCLEANFILES = configurehelp.pm @@ -56,8 +72,6 @@ PERLFLAGS = -I$(srcdir) CLEANFILES = .http.pid .https.pid .ftp.pid .ftps.pid $(MANDISTPAGES) -MAN2HTML= roffit $< >$@ - curl: @cd $(top_builddir) && $(MAKE) @@ -107,16 +121,6 @@ torture-test: perlcheck all event-test: perlcheck all $(TEST) $(TEST_E) $(TFLAGS) -.1.html: - $(MAN2HTML) - -.1.pdf: - @(foo=`echo $@ | sed -e 's/\.[0-9]$$//g'`; \ - groff -Tps -man $< >$$foo.ps; \ - ps2pdf $$foo.ps $@; \ - rm $$foo.ps; \ - echo "converted $< to $@") - checksrc: (cd libtest && $(MAKE) checksrc) (cd unit && $(MAKE) checksrc) diff --git a/tests/README.md b/tests/README.md index 65af2a0bd..1464eacdc 100644 --- a/tests/README.md +++ b/tests/README.md @@ -8,6 +8,41 @@ SPDX-License-Identifier: curl # Running + See the "Requires to run" section for prerequisites. + + In the root of the curl repository: + + ./configure && make && make test + + To run a specific set of tests (e.g. 303 and 410): + + make test TFLAGS="303 410" + + To run the tests faster, pass the -j (parallelism) flag: + + make test TFLAGS="-j10" + + "make test" builds the test suite support code and invokes the 'runtests.pl' + perl script to run all the tests. The value of `TFLAGS` is passed + directly to 'runtests.pl'. + + When you run tests via make, the flags `-a` and `-s` are passed, meaning + to continue running tests even after one fails, and to emit short output. + + If you'd like to not use those flags, you can run 'runtests.pl' directly. + You must `chdir` into the tests directory, then you can run it like so: + + ./runtests.pl 303 410 + + You must have run `make test` at least once first to build the support code. + + To see what flags are available for runtests.pl, and what output it emits, run: + + man ./tests/runtests.1 + + After a test fails, examine the tests/log directory for stdout, stderr, and + output from the servers used in the test. + ## Requires to run - perl (and a unix-style shell) @@ -15,7 +50,7 @@ SPDX-License-Identifier: curl - python-impacket (for SMB tests) - diff (when a test fails, a diff is shown) - stunnel (for HTTPS and FTPS tests) - - OpenSSH or SunSSH (for SCP, SFTP and SOCKS4/5 tests) + - OpenSSH or SunSSH (for SCP and SFTP tests) - nghttpx (for HTTP/2 and HTTP/3 tests) - nroff (for --manual tests) - An available `en_US.UTF-8` locale @@ -59,9 +94,7 @@ SPDX-License-Identifier: curl The test suite runs stand-alone servers on random ports to which it makes requests. For SSL tests, it runs stunnel to handle encryption to the regular - servers. For SSH, it runs a standard OpenSSH server. For SOCKS4/5 tests SSH - is used to perform the SOCKS functionality and requires a SSH client and - server. + servers. For SSH, it runs a standard OpenSSH server. The listen port numbers for the test servers are picked randomly to allow users to run multiple test cases concurrently and to not collide with other @@ -75,47 +108,9 @@ SPDX-License-Identifier: curl used, set the environment variable `NGHTTPX`. The default can also be changed by specifying `--with-test-nghttpx=` as argument to `configure`. -### Run - - `./configure && make && make test`. This builds the test suite support code - and invokes the 'runtests.pl' perl script to run all the tests. Edit the top - variables of that script in case you have some specific needs, or run the - script manually (after the support code has been built). - - The script breaks on the first test that doesn't do OK. Use `-a` to prevent - the script from aborting on the first error. Run the script with `-v` for - more verbose output. Use `-d` to run the test servers with debug output - enabled as well. Specifying `-k` keeps all the log files generated by the - test intact. - - Use `-s` for shorter output, or pass test numbers to run specific tests only - (like `./runtests.pl 3 4` to test 3 and 4 only). It also supports test case - ranges with 'to', as in `./runtests.pl 3 to 9` which runs the seven tests - from 3 to 9. Any test numbers starting with ! are disabled, as are any test - numbers found in the files `data/DISABLED` or `data/DISABLED.local` (one per - line). The latter is meant for local temporary disables and will be ignored - by git. - - Test cases mentioned in `DISABLED` can still be run if `-f` is provided. - - When `-s` is not present, each successful test will display on one line the - test number and description and on the next line a set of flags, the test - result, current test sequence, total number of tests to be run and an - estimated amount of time to complete the test run. The flags consist of - these letters describing what is checked in this test: - - s stdout - d data - u upload - p protocol - o output - e exit code - m memory - v valgrind - ### Shell startup scripts - Tests which use the ssh test server, SCP/SFTP/SOCKS tests, might be badly + Tests which use the ssh test server, SCP/SFTP tests, might be badly influenced by the output of system wide or user specific shell startup scripts, .bashrc, .profile, /etc/csh.cshrc, .login, /etc/bashrc, etc. which output text messages or escape sequences on user login. When these shell diff --git a/tests/data/DISABLED b/tests/data/DISABLED index 308d27e5a..a98dc8566 100644 --- a/tests/data/DISABLED +++ b/tests/data/DISABLED @@ -70,9 +70,6 @@ 266 579 587 -722 -724 -727 # 1021 re-added here due to flakiness 1021 1117 @@ -84,6 +81,8 @@ 2301 2302 2305 +# response body seem not to be handled by hyper +2307 %endif 2043 # The CRL test (313) doesn't work with rustls because rustls doesn't support diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 1472b1954..c3d496f64 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -51,7 +51,7 @@ test226 test227 test228 test229 test230 test231 test232 test233 test234 \ test235 test236 test237 test238 test239 test240 test241 test242 test243 \ test244 test245 test246 test247 test248 test249 test250 test251 test252 \ test253 test254 test255 test256 test257 test258 test259 test260 test261 \ -test262 test263 test264 test265 test266 test267 test269 test270 \ +test262 test263 test264 test265 test266 test267 test268 test269 test270 \ test271 test272 test273 test274 test275 test276 test277 test278 test279 \ test280 test281 test282 test283 test284 test285 test286 test287 test288 \ test289 test290 test291 test292 test293 test294 test295 test296 test297 \ @@ -72,7 +72,7 @@ test417 test418 test419 test420 test421 test422 test423 test424 test425 \ test426 test427 test428 test429 test430 test431 test432 test433 test434 \ test435 test436 test437 test438 test439 test440 test441 test442 test443 \ test444 test445 test446 test447 test448 test449 test450 test451 test452 \ -test453 test454 test455 test456 test457 test458 \ +test453 test454 test455 test456 test457 test458 test459 test460 test461 \ \ test490 test491 test492 test493 test494 test495 test496 test497 test498 \ \ @@ -96,12 +96,13 @@ test644 test645 test646 test647 test648 test649 test650 test651 test652 \ test653 test654 test655 test656 test658 test659 test660 test661 test662 \ test663 test664 test665 test666 test667 test668 test669 test670 test671 \ test672 test673 test674 test675 test676 test677 test678 test679 test680 \ -test681 test682 test683 test684 test685 test686 test687 test688 \ +test681 test682 test683 test684 test685 test686 test687 test688 test689 \ \ test700 test701 test702 test703 test704 test705 test706 test707 test708 \ test709 test710 test711 test712 test713 test714 test715 test716 test717 \ test718 test719 test720 test721 test722 test723 test724 test725 test726 \ -test727 test728 \ +test727 test728 test729 test730 test731 test732 test733 test734 test735 \ +test736 test737 test738 test739 test740 test741 test742 \ \ test799 test800 test801 test802 test803 test804 test805 test806 test807 \ test808 test809 test810 test811 test812 test813 test814 test815 test816 \ @@ -124,7 +125,7 @@ test952 test953 test954 test955 test956 test957 test958 test959 test960 \ test961 test962 test963 test964 test965 test966 test967 test968 test969 \ test970 test971 test972 test973 test974 test975 test976 test977 test978 \ test979 test980 test981 test982 test983 test984 test985 test986 test987 \ -test988 test989 test990 test991 \ +test988 test989 test990 test991 test992 \ \ test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 \ test1008 test1009 test1010 test1011 test1012 test1013 test1014 test1015 \ @@ -185,14 +186,14 @@ test1439 test1440 test1441 test1442 test1443 test1444 test1445 test1446 \ test1447 test1448 test1449 test1450 test1451 test1452 test1453 test1454 \ test1455 test1456 test1457 test1458 test1459 test1460 test1461 test1462 \ test1463 test1464 test1465 test1466 test1467 test1468 test1469 test1470 \ -test1471 test1472 test1473 test1474 \ +test1471 test1472 test1473 test1475 test1476 test1477 test1478 \ \ test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \ test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \ test1516 test1517 test1518 test1519 test1520 test1521 test1522 test1523 \ test1524 test1525 test1526 test1527 test1528 test1529 test1530 test1531 \ test1532 test1533 test1534 test1535 test1536 test1537 test1538 test1539 \ -test1540 test1542 test1543 test1544 \ +test1540 test1542 test1543 test1544 test1545 \ \ test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 \ test1558 test1559 test1560 test1561 test1562 test1563 test1564 test1565 \ @@ -214,11 +215,11 @@ test1670 test1671 \ \ test1680 test1681 test1682 test1683 \ \ -test1700 test1701 test1702 test1703 \ +test1700 test1701 test1702 test1703 test1704 \ \ test1800 test1801 \ \ - test1903 test1904 test1905 test1906 test1907 \ +test1900 test1903 test1904 test1905 test1906 test1907 \ test1908 test1909 test1910 test1911 test1912 test1913 test1914 test1915 \ test1916 test1917 test1918 test1919 \ \ @@ -243,7 +244,7 @@ test2100 \ \ test2200 test2201 test2202 test2203 test2204 test2205 \ \ -test2300 test2301 test2302 test2303 test2304 test2305 test2306 \ +test2300 test2301 test2302 test2303 test2304 test2305 test2306 test2307 \ \ test2400 test2401 test2402 test2403 test2404 \ \ diff --git a/tests/data/test1026 b/tests/data/test1026 index d565f24d5..e310e6962 100644 --- a/tests/data/test1026 +++ b/tests/data/test1026 @@ -28,7 +28,7 @@ curl --manual # Search for these two sentinel lines in the manual output; if they are found, # then chances are good the entire manual is there. -perl -e 'open(IN,$ARGV[0]); my $lines=grep(/(curl\s*-\s*transfer\sa\s*URL)|(CONTRIBUTORS)/, ); exit ($lines != 2); # Let this file pass an XML syntax check: ' %LOGDIR/stdout%TESTNUMBER +perl -e 'open(IN,$ARGV[0]); my $lines=grep(/(curl\s*-\s*transfer\sa\s*URL)|(AUTHORS)/, ); exit ($lines != 2); # Let this file pass an XML syntax check: ' %LOGDIR/stdout%TESTNUMBER diff --git a/tests/data/test1119 b/tests/data/test1119 index 41f6dba2c..1a73439e6 100644 --- a/tests/data/test1119 +++ b/tests/data/test1119 @@ -18,7 +18,7 @@ Verify that symbols-in-versions and headers are in sync -%SRCDIR/symbol-scan.pl %SRCDIR/.. ../include/curl +%SRCDIR/test1119.pl %SRCDIR/.. ../include/curl diff --git a/tests/data/test1132 b/tests/data/test1132 index 613031bac..e7a802a71 100644 --- a/tests/data/test1132 +++ b/tests/data/test1132 @@ -18,7 +18,7 @@ Verify memory #include files in libcurl's C source files -%SRCDIR/mem-include-scan.pl %SRCDIR/../lib +%SRCDIR/test1132.pl %SRCDIR/../lib diff --git a/tests/data/test1135 b/tests/data/test1135 index d188989ed..de028a0c9 100644 --- a/tests/data/test1135 +++ b/tests/data/test1135 @@ -22,7 +22,7 @@ Verify CURL_EXTERN order -%SRCDIR/extern-scan.pl %SRCDIR/.. +%SRCDIR/test1135.pl %SRCDIR/.. diff --git a/tests/data/test1139 b/tests/data/test1139 index b5267b012..2704e0a21 100644 --- a/tests/data/test1139 +++ b/tests/data/test1139 @@ -20,7 +20,7 @@ Verify that all libcurl options have man pages -%SRCDIR/manpage-scan.pl %SRCDIR/.. %PWD/.. +%SRCDIR/test1139.pl %SRCDIR/.. %PWD/.. diff --git a/tests/data/test1140 b/tests/data/test1140 index 5aa997e78..5f26c73f4 100644 --- a/tests/data/test1140 +++ b/tests/data/test1140 @@ -19,7 +19,7 @@ Verify the nroff of man pages -%SRCDIR/nroff-scan.pl %SRCDIR/../docs/ %SRCDIR/../docs/libcurl/*.3 %SRCDIR/../docs/libcurl/opts/*.3 %SRCDIR/../docs/*.1 +%SRCDIR/test1140.pl %PWD/../docs/ %PWD/../docs/libcurl/*.3 %PWD/../docs/libcurl/opts/*.3 %PWD/../docs/*.1 diff --git a/tests/data/test1154 b/tests/data/test1154 index b7349e17d..bd08ce26c 100644 --- a/tests/data/test1154 +++ b/tests/data/test1154 @@ -47,9 +47,9 @@ User-Agent: curl/%VERSION Accept: */* -# 27 == CURLE_OUT_OF_MEMORY +# 100 == CURLE_TOO_LARGE -27 +100 diff --git a/tests/data/test1165 b/tests/data/test1165 index de4283af2..89f02d719 100644 --- a/tests/data/test1165 +++ b/tests/data/test1165 @@ -18,7 +18,7 @@ Verify configure.ac and source code CURL_DISABLE_-sync -%SRCDIR/disable-scan.pl %SRCDIR/.. +%SRCDIR/test1165.pl %SRCDIR/.. diff --git a/tests/data/test1167 b/tests/data/test1167 index 3c2fb1a5f..76777f81b 100644 --- a/tests/data/test1167 +++ b/tests/data/test1167 @@ -17,7 +17,7 @@ Verify curl prefix of public symbols in header files -%SRCDIR/badsymbols.pl %SRCDIR/.. +%SRCDIR/test1167.pl %SRCDIR/.. diff --git a/tests/data/test1173 b/tests/data/test1173 index b5dafbb3b..97d338df3 100644 --- a/tests/data/test1173 +++ b/tests/data/test1173 @@ -19,7 +19,7 @@ Man page syntax checks -%SRCDIR/manpage-syntax.pl %SRCDIR/../docs/libcurl/symbols-in-versions %SRCDIR/../docs/*.1 %SRCDIR/../docs/libcurl/*.3 %SRCDIR/../docs/libcurl/opts/*.3 +%SRCDIR/test1173.pl %SRCDIR/../docs/libcurl/symbols-in-versions %PWD/../docs/*.1 %PWD/../docs/libcurl/*.3 %PWD/../docs/libcurl/opts/*.3 diff --git a/tests/data/test1175 b/tests/data/test1175 index 5190dbe2a..6e99a616e 100644 --- a/tests/data/test1175 +++ b/tests/data/test1175 @@ -18,7 +18,7 @@ Verify that symbols-in-versions and libcurl-errors.3 are in sync -%SRCDIR/error-codes.pl %SRCDIR +%SRCDIR/test1175.pl %SRCDIR diff --git a/tests/data/test1177 b/tests/data/test1177 index 66fe49767..6cc94a5b1 100644 --- a/tests/data/test1177 +++ b/tests/data/test1177 @@ -18,7 +18,7 @@ Verify that feature names and CURL_VERSION_* in lib and docs are in sync -%SRCDIR/version-scan.pl %SRCDIR/../docs/libcurl/curl_version_info.3 %SRCDIR/../include/curl/curl.h %SRCDIR/../lib/version.c +%SRCDIR/test1177.pl %PWD/../docs/libcurl/curl_version_info.3 %SRCDIR/../include/curl/curl.h %SRCDIR/../lib/version.c diff --git a/tests/data/test1222 b/tests/data/test1222 index b56cf6879..b46fd1156 100644 --- a/tests/data/test1222 +++ b/tests/data/test1222 @@ -17,7 +17,7 @@ Verify deprecation statuses and versions -%SRCDIR/check-deprecated.pl %SRCDIR/.. +%SRCDIR/test1222.pl %SRCDIR/.. diff --git a/tests/data/test1254 b/tests/data/test1254 index a39cbd26e..07e77ed2a 100644 --- a/tests/data/test1254 +++ b/tests/data/test1254 @@ -27,7 +27,7 @@ foo http -Under condition using --proxy, override NO_PROXY by --nproxy and access target URL through proxy +override NO_PROXY by --noproxy and access target URL through proxy NO_PROXY=example.com diff --git a/tests/data/test1268 b/tests/data/test1268 index 806592fb8..05fe9d8e7 100644 --- a/tests/data/test1268 +++ b/tests/data/test1268 @@ -30,7 +30,7 @@ file name argument looks like a flag Warning: The file name argument '-k' looks like a flag. -curl: (1) Protocol "hej" not supported or disabled in libcurl +curl: (1) Protocol "hej" not supported # we expect an error since we provide a weird URL diff --git a/tests/data/test1275 b/tests/data/test1275 index d1cb223b8..31893f7ba 100644 --- a/tests/data/test1275 +++ b/tests/data/test1275 @@ -18,7 +18,7 @@ Verify capital letters after period in markdown files -%SRCDIR/markdown-uppercase.pl %SRCDIR/.. +%SRCDIR/test1275.pl %SRCDIR/.. diff --git a/tests/data/test1276 b/tests/data/test1276 index 3961bf4cb..b365f800a 100644 --- a/tests/data/test1276 +++ b/tests/data/test1276 @@ -18,7 +18,7 @@ Verify lib/optiontable.pl -%SRCDIR/option-check.pl %SRCDIR/.. +%SRCDIR/test1276.pl %SRCDIR/.. diff --git a/tests/data/test1279 b/tests/data/test1279 index fd3b34bd3..041f5449b 100644 --- a/tests/data/test1279 +++ b/tests/data/test1279 @@ -19,7 +19,7 @@ Verify libcurl.def against CURL_EXTERN declarations -%SRCDIR/extern-scan.pl --heading=EXPORTS --sort %SRCDIR/.. +%SRCDIR/test1135.pl --heading=EXPORTS --sort %SRCDIR/.. diff --git a/tests/data/test1474 b/tests/data/test1474 deleted file mode 100644 index a87044d1a..000000000 --- a/tests/data/test1474 +++ /dev/null @@ -1,121 +0,0 @@ - -# This test is quite timing dependent and tricky to set up. The time line of -# test operations looks like this: -# -# 1. curl sends a PUT request with Expect: 100-continue and waits only 1 msec -# for a 100 response. -# 2. The HTTP server accepts the connection but waits 500 msec before acting -# on the request. -# 3. curl doesn't receive the expected 100 response before its timeout expires, -# so it starts sending the body. It is throttled by a --limit-rate, so it -# sends the first 64 KiB then stops for 1000 msec due to this -# throttling. -# 4. The server sends its 417 response while curl is throttled. -# 5. curl responds to this 417 response by closing the connection (because it -# has a half-completed response outstanding) and starting a new one. This -# new request does not have an Expect: header so it is sent without delay. -# It's still throttled, however, so it takes about 16 seconds to finish -# sending. -# 6. The server receives the response and this time acks it with 200. -# -# Because of the timing sensitivity (scheduling delays of 500 msec can cause -# the test to fail), this test is marked flaky to avoid it being run in the CI -# builds which are often run on overloaded servers. -# Increasing the --limit-rate would decrease the test time, but at the cost of -# becoming even more sensitive to delays (going from 500 msec to 250 msec or -# less of accepted delay before failure). Adding a --speed-time would increase -# the 1 second delay between writes to longer, but it would also increase the -# total time needed by the test, which is already quite high. -# -# The assumption in step 3 is also broken on NetBSD 9.3, OpenBSD 7.3 and -# Solaris 10 as they only usually send about half the requested amount of data -# (see https://curl.se/mail/lib-2023-09/0021.html). - - -HTTP -HTTP PUT -Expect -flaky -timing-dependent - - -# Server-side - -# 417 means the server didn't like the Expect header - -HTTP/1.1 417 BAD swsbounce -Date: Tue, 09 Nov 2010 14:49:00 GMT -Server: test-server/fake -Content-Length: 0 - - - -HTTP/1.1 200 OK -Date: Tue, 09 Nov 2010 14:49:00 GMT -Server: test-server/fake -Content-Length: 10 - -blablabla - - -HTTP/1.1 417 BAD swsbounce -Date: Tue, 09 Nov 2010 14:49:00 GMT -Server: test-server/fake -Content-Length: 0 - -HTTP/1.1 200 OK -Date: Tue, 09 Nov 2010 14:49:00 GMT -Server: test-server/fake -Content-Length: 10 - -blablabla - - -no-expect -delay: 500 -connection-monitor - - - -# Client-side - - -http - - -HTTP PUT with Expect: 100-continue and 417 response during upload - - -http://%HOSTIP:%HTTPPORT/we/want/%TESTNUMBER -T %LOGDIR/test%TESTNUMBER.txt --limit-rate 64K --expect100-timeout 0.001 - - -perl -e "print 'Test does not work on this BSD system' if ( $^O eq 'netbsd' || $^O eq 'openbsd' || ($^O eq 'solaris' && qx/uname -r/ * 100 <= 510));" - -# Must be large enough to trigger curl's automatic 100-continue behaviour - -%repeat[132 x S]%%repeat[16462 x xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%0a]% - - - -# Verify data after the test has been "shot" - - -PUT /we/want/%TESTNUMBER HTTP/1.1 -Host: %HOSTIP:%HTTPPORT -User-Agent: curl/%VERSION -Accept: */* -Content-Length: 1053701 -Expect: 100-continue - -%repeat[132 x S]%%repeat[1021 x xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%0a]%%repeat[60 x x]%[DISCONNECT] -PUT /we/want/%TESTNUMBER HTTP/1.1 -Host: %HOSTIP:%HTTPPORT -User-Agent: curl/%VERSION -Accept: */* -Content-Length: 1053701 - -%repeat[132 x S]%%repeat[16462 x xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%0a]% -[DISCONNECT] - - - diff --git a/tests/data/test1475 b/tests/data/test1475 new file mode 100644 index 000000000..f88ef74ee --- /dev/null +++ b/tests/data/test1475 @@ -0,0 +1,83 @@ + +# also verified by 1156 in libcurl API terms + + + +HTTP +HTTP GET +Resume + + + +# Server-side + + +HTTP/1.1 416 Invalid range +Connection: close +Content-Length: 0 +Content-Range: */100 + + + +# The file data that exists at the start of the test must be included in +# the verification. + +012345678 +012345678 +012345678 +012345678 +012345678 +012345678 +012345678 +012345678 +012345678 +012345678 +HTTP/1.1 416 Invalid range +Connection: close +Content-Length: 0 +Content-Range: */100 + + + + + +# Client-side + + +http + + +http + + +-f and 416 with Content-Range: */size + + +http://%HOSTIP:%HTTPPORT/%TESTNUMBER -C - -f + + +012345678 +012345678 +012345678 +012345678 +012345678 +012345678 +012345678 +012345678 +012345678 +012345678 + + + +# Verify data after the test has been "shot" + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Range: bytes=100- +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/data/test1476 b/tests/data/test1476 new file mode 100644 index 000000000..101fa95b0 --- /dev/null +++ b/tests/data/test1476 @@ -0,0 +1,59 @@ + + + +HTTP +HTTP GET +cookies + + + +# Server-side + + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Content-Length: 0 +Set-Cookie: super=oops; domain=co.UK; path=/ +Set-Cookie: fine=yesyes; domain=CURL.CO.UK; path=/ + + + + +# Client-side + + +http + + +PSL violating cookie with mixed case domain and cookie domain property + + +-x http://%HOSTIP:%HTTPPORT/%TESTNUMBER http://curl.co.UK -c %LOGDIR/cookies%TESTNUMBER.txt + + +proxy +PSL +cookies + + + +# Verify data after the test has been "shot" + + +GET http://curl.co.UK/ HTTP/1.1 +Host: curl.co.UK +User-Agent: curl/%VERSION +Accept: */* +Proxy-Connection: Keep-Alive + + + +# Netscape HTTP Cookie File +# https://curl.se/docs/http-cookies.html +# This file was generated by libcurl! Edit at your own risk. + +.CURL.CO.UK TRUE / FALSE 0 fine yesyes + + + diff --git a/tests/data/test1477 b/tests/data/test1477 new file mode 100644 index 000000000..a8c4659e4 --- /dev/null +++ b/tests/data/test1477 @@ -0,0 +1,30 @@ + + + +documentation + + + +# +# Client-side + + +none + + + +Verify that error codes in headers and libcurl-errors.3 are in sync + + + +%SRCDIR/test1477.pl %SRCDIR/.. %PWD/.. + + + + + +Result + + + + diff --git a/tests/data/test1478 b/tests/data/test1478 new file mode 100644 index 000000000..b489ac038 --- /dev/null +++ b/tests/data/test1478 @@ -0,0 +1,32 @@ + + + +source analysis +documentation +--help + + + +# +# Client-side + + +none + + + +src/tool_listhelp.c is in sync with docs/cmdline-opts + + + +%SRCDIR/../docs/cmdline-opts/gen.pl listhelp %SRCDIR/../docs/cmdline-opts/*.md + + + + + +%include %SRCDIR/../src/tool_listhelp.c% + + + + diff --git a/tests/data/test1506 b/tests/data/test1506 index 9eb38cf6d..0a62c0c2a 100644 --- a/tests/data/test1506 +++ b/tests/data/test1506 @@ -86,7 +86,6 @@ Accept: */* * Connection #0 to host server1.example.com left intact * Connection #1 to host server2.example.com left intact * Connection #2 to host server3.example.com left intact -* Closing connection * Connection #3 to host server4.example.com left intact diff --git a/tests/data/test1538 b/tests/data/test1538 index 59cd1628e..c0f038be4 100644 --- a/tests/data/test1538 +++ b/tests/data/test1538 @@ -132,7 +132,8 @@ e96: QUIC connection error e97: proxy handshake error e98: SSL Client Certificate required e99: Unrecoverable error in select/poll -e100: Unknown error +e100: A value or data field grew larger than allowed +e101: Unknown error m-1: Please call curl_multi_perform() soon m0: No error m1: Invalid multi handle @@ -186,7 +187,8 @@ u27: Bad scheme u28: Unsupported number of slashes following scheme u29: Bad user u30: libcurl lacks IDN support -u31: CURLUcode unknown +u31: A value or data field is larger than allowed +u32: CURLUcode unknown diff --git a/tests/data/test1544 b/tests/data/test1544 index f658f5a74..037caa0ac 100644 --- a/tests/data/test1544 +++ b/tests/data/test1544 @@ -17,7 +17,7 @@ Verify all string options are translated by OS/400 wrapper -%SRCDIR/check-translatable-options.pl %SRCDIR/.. +%SRCDIR/test1544.pl %SRCDIR/.. diff --git a/tests/data/test1545 b/tests/data/test1545 new file mode 100644 index 000000000..477b5bf44 --- /dev/null +++ b/tests/data/test1545 @@ -0,0 +1,38 @@ + + + +HTTP +HTTP GET + + +# +# Server-side + + + +# Client-side + + +form-api + + +http + +# tool is what to use instead of 'curl' + +lib%TESTNUMBER + + + +use curl_formadd() data twice with unreadable file + + +http://%HOSTIP:%HTTPPORT/%TESTNUMBER + + + +# +# Verify data after the test has been "shot" + + + diff --git a/tests/data/test1683 b/tests/data/test1683 index 178b4054d..581470dfc 100644 --- a/tests/data/test1683 +++ b/tests/data/test1683 @@ -40,11 +40,9 @@ to stay the same perl -e 'for my $i ((1..100)) { my $filename = "%LOGDIR/exist%TESTNUMBER.$i"; open(FH, ">", $filename) or die $!; print FH "to stay the same" ; close(FH) }' -# python3 -c 'for i in range(1, 101): open("%LOGDIR/exist%TESTNUMBER.{}".format(i), mode="w").write("to stay the same")' perl -e 'for my $i ((1..100)) { my $filename = "%LOGDIR/exist%TESTNUMBER.$i"; open(FH, "<", $filename) or die $!; ( eq "to stay the same" and eq "") or die "incorrect $filename" ; close(FH) }' -# python3 -c 'for i in range(1, 101): assert open("%LOGDIR/exist%TESTNUMBER.{}".format(i), mode="r").read(17) == "to stay the same"' diff --git a/tests/data/test1704 b/tests/data/test1704 new file mode 100644 index 000000000..a8f285eea --- /dev/null +++ b/tests/data/test1704 @@ -0,0 +1,66 @@ + + + +HTTP +HTTP GET +HTTP/2 + + + +# +# Server-side + + +HTTP/2 101 OK + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Content-Length: 6 +Connection: close +Content-Type: text/html + +-maa- + + + +# +# Client-side + + +h2c + + +http + + +HTTP/1 doing HTTP/2 Upgrade: getting a HTTP/2 101 response + + +http://%HOSTIP:%HTTPPORT/%TESTNUMBER --http2 + + + +# +# Verify data after the test has been "shot" + + +^X-Forwarded-Proto:.* +^Via:.* + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Connection: Upgrade, HTTP2-Settings +Upgrade: h2c +HTTP2-Settings: AAMAAABkAAQAoAAAAAIAAAAA + + + +# CURLE_WEIRD_SERVER_REPLY (8) + +8 + + + diff --git a/tests/data/test19 b/tests/data/test19 index 265a74ad8..cf735a42f 100644 --- a/tests/data/test19 +++ b/tests/data/test19 @@ -24,7 +24,7 @@ http attempt connect to non-listening socket -%HOSTIP:%NOLISTENPORT +--trace-config all %HOSTIP:%NOLISTENPORT diff --git a/tests/data/test1900 b/tests/data/test1900 new file mode 100644 index 000000000..f04e7e2af --- /dev/null +++ b/tests/data/test1900 @@ -0,0 +1,38 @@ + + + +HTTP +HSTS + + + +# Server-side + + + +# Client-side + + +HSTS +http + + +none + + + +HSTS curl_easy_duphandle + + +lib%TESTNUMBER + + + +http://%HOSTIP:%NOLISTENPORT/not-there/%TESTNUMBER + + + +# Verify data after the test has been "shot" + + + diff --git a/tests/data/test194 b/tests/data/test194 index 4de767e3a..074348950 100644 --- a/tests/data/test194 +++ b/tests/data/test194 @@ -64,9 +64,8 @@ User-Agent: curl/%VERSION Accept: */* -# CURLE_HTTP_RETURNED_ERROR -22 +0 diff --git a/tests/data/test1940 b/tests/data/test1940 index 7f621b428..f4c6dd1a1 100644 --- a/tests/data/test1940 +++ b/tests/data/test1940 @@ -19,6 +19,8 @@ Content-Length: 0 Set-Cookie: onecookie=data; Set-Cookie: secondcookie=2data; Set-Cookie: cookie3=data3; +Blank: +Blank2: Location: /%TESTNUMBER0002 @@ -57,6 +59,8 @@ http://%HOSTIP:%HTTPPORT/%TESTNUMBER - Set-Cookie == secondcookie=2data; (1/3) - Set-Cookie == cookie3=data3; (2/3) Fold == is folding a line + Blank == + Blank2 == diff --git a/tests/data/test2307 b/tests/data/test2307 new file mode 100644 index 000000000..ce260ac1c --- /dev/null +++ b/tests/data/test2307 @@ -0,0 +1,71 @@ + + + +WebSockets + + + +# +# Sends a PING with overlong payload + + +HTTP/1.1 101 Switching to WebSockets +Server: test-server/fake +Upgrade: websocket +Connection: Upgrade +Something: else +Sec-WebSocket-Accept: HkPsVga7+8LuxM4RGQ5p9tZHeYs= + +%hex[%19%7f%ff%30%30%30%30%30%30%30%30%30%30%30%30]hex% + +# allow upgrade + +upgrade + + + +# +# Client-side + +# require debug for the forced CURL_ENTROPY + +debug +ws +!hyper + + +http + + +WebSockets, overlong PING payload + + +lib2302 + + +ws://%HOSTIP:%HTTPPORT/%TESTNUMBER + + + +# +# PONG with no data and the 32 bit mask +# + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: webbie-sox/3 +Accept: */* +Upgrade: websocket +Connection: Upgrade +Sec-WebSocket-Version: 13 +Sec-WebSocket-Key: NDMyMTUzMjE2MzIxNzMyMQ== + + + +# 56 == CURLE_RECV_ERROR + +56 + + + diff --git a/tests/data/test250 b/tests/data/test250 index 3c16fcd7b..455d9ea1a 100644 --- a/tests/data/test250 +++ b/tests/data/test250 @@ -38,7 +38,7 @@ ftp FTP dir list PASV with slow response - + ftp://%HOSTIP:%FTPPORT/ diff --git a/tests/data/test268 b/tests/data/test268 new file mode 100644 index 000000000..3a1ab6a9b --- /dev/null +++ b/tests/data/test268 @@ -0,0 +1,59 @@ + + + +HTTP +variables + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 6 +Connection: close +Content-Type: text/html +Funny-head: yesyes + +-foo- + + + +# +# Client-side + + +http + + +JSON encoding of unicode string + + +%hex[%e2%80%9c]hex% + + +http://%HOSTIP:%HTTPPORT/%TESTNUMBER --variable hello@%LOGDIR/junk --expand-data {{hello:json}} + + + +# +# Verify data after the test has been "shot" + + +POST /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Content-Length: 3 +Content-Type: application/x-www-form-urlencoded + +%hex[%e2%80%9c]hex% + + + diff --git a/tests/data/test285 b/tests/data/test285 index 7968e1a34..03dc96f6a 100644 --- a/tests/data/test285 +++ b/tests/data/test285 @@ -16,7 +16,7 @@ tftp TFTP send --T %LOGDIR/test%TESTNUMBER.txt tftp://%HOSTIP:%TFTPPORT// --connect-time 549 +-T %LOGDIR/test%TESTNUMBER.txt tftp://%HOSTIP:%TFTPPORT// --connect-timeout 549 a chunk of diff --git a/tests/data/test3012 b/tests/data/test3012 index 2bd329455..a9c950587 100644 --- a/tests/data/test3012 +++ b/tests/data/test3012 @@ -4,6 +4,7 @@ -O -J --output-dir +--remote-time # @@ -36,10 +37,10 @@ http http ---output-dir with -J +--output-dir with -J and -R -http://%HOSTIP:%HTTPPORT/this/is/the/%TESTNUMBER -OJ --output-dir %PWD/%LOGDIR +http://%HOSTIP:%HTTPPORT/this/is/the/%TESTNUMBER -OJR --output-dir %PWD/%LOGDIR diff --git a/tests/data/test3103 b/tests/data/test3103 index 23a0fea17..423c4adaa 100644 --- a/tests/data/test3103 +++ b/tests/data/test3103 @@ -48,7 +48,7 @@ http://%HOSTIP:%HTTPPORT/%TESTNUMBER # # Verify data after the test has been "shot" - + GET http://localhost/ HTTP/1.1 Host: localhost Accept: */* diff --git a/tests/data/test421 b/tests/data/test421 index 0e4130b06..2c79c1f8f 100644 --- a/tests/data/test421 +++ b/tests/data/test421 @@ -71,7 +71,7 @@ Accept: */* "access-control-allow-methods":["GET, POST, PUT, DELETE, OPTIONS"], "access-control-max-age":["1728000"], "access-control-allow-headers":["Authorization, Content-Type, AuthorizationOauth, X-EARLY-ACCESS"], -"access-control-expose-headers":["\r"], +"access-control-expose-headers":[""], "etag":["W/\"2678f9ab2ba550d164e7cc014aefd31e\""], "cache-control":["max-age=0, private, must-revalidate"], "x-request-id":["375b343b3d2ecf9b442c0daf00fc4a9a"], diff --git a/tests/data/test439 b/tests/data/test439 index da1261531..c997a397a 100644 --- a/tests/data/test439 +++ b/tests/data/test439 @@ -38,7 +38,7 @@ debug aws-sigv4 with query -"http://fake.fake.fake:8000/%TESTNUMBER/?name=me%&aim=b%aad&&&weirdo=*.//-" -u user:secret --aws-sigv4 "aws:amz:us-east-2:es" --connect-to fake.fake.fake:8000:%HOSTIP:%HTTPPORT +"http://fake.fake.fake:8000/%TESTNUMBER/?name=me%&noval&aim=b%aad&&&weirdo=*.//-" -u user:secret --aws-sigv4 "aws:amz:us-east-2:es" --connect-to fake.fake.fake:8000:%HOSTIP:%HTTPPORT @@ -46,9 +46,9 @@ aws-sigv4 with query # Verify data after the test has been "shot" -GET /%TESTNUMBER/?name=me%&aim=b%aad&&&weirdo=*.//- HTTP/1.1 +GET /439/?name=me%&noval&aim=b%aad&&&weirdo=*.//- HTTP/1.1 Host: fake.fake.fake:8000 -Authorization: AWS4-HMAC-SHA256 Credential=user/19700101/us-east-2/es/aws4_request, SignedHeaders=host;x-amz-date, Signature=88884e3b3142133685b2092d29d8b522b785b1a9ec9e4a90cbea83e882f8dcb6 +Authorization: AWS4-HMAC-SHA256 Credential=user/19700101/us-east-2/es/aws4_request, SignedHeaders=host;x-amz-date, Signature=cbbf4a72764e27e396730f5e56cea046d4ce862a2d91db4856fb086b92f49270 X-Amz-Date: 19700101T000000Z User-Agent: curl/%VERSION Accept: */* diff --git a/tests/data/test457 b/tests/data/test457 index 77eb9c855..aa391d7fd 100644 --- a/tests/data/test457 +++ b/tests/data/test457 @@ -20,7 +20,8 @@ aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 30 bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 21;heresatest=moooo -cccccccccccccccccccccccccccccccc +cccccccccccccccccccccccccccccc +c 0 @@ -31,7 +32,7 @@ Server: fakeit/0.9 fakeitbad/1.0 Transfer-Encoding: chunked Connection: mooo -aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbcccccccccccccccccccccccccccccccc +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbcccccccccccccccccccccccccccccc diff --git a/tests/data/test459 b/tests/data/test459 new file mode 100644 index 000000000..e46d02973 --- /dev/null +++ b/tests/data/test459 @@ -0,0 +1,63 @@ + + + +HTTP +--config + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 6 +Connection: close +Content-Type: text/html +Funny-head: yesyes + +-foo- + + + +# +# Client-side + + +http + + +config file with argument using whitespace missing quotes + + +data = arg with space + + +http://%HOSTIP:%HTTPPORT/%TESTNUMBER --config %LOGDIR/config --silent + + + +# +# Verify data after the test has been "shot" + + +POST /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Content-Length: 3 +Content-Type: application/x-www-form-urlencoded + +arg + + +Warning: %LOGDIR/config:1: warning: 'data' uses unquoted whitespace +Warning: This may cause side-effects. Consider using double quotes? + + + diff --git a/tests/data/test460 b/tests/data/test460 new file mode 100644 index 000000000..824166a81 --- /dev/null +++ b/tests/data/test460 @@ -0,0 +1,28 @@ + + + +variables +expand + + + +# Client-side + + +none + + +try --expand without an argument + + +--expand-url + + + +# + + +2 + + + diff --git a/tests/data/test461 b/tests/data/test461 new file mode 100644 index 000000000..03d7c7a22 --- /dev/null +++ b/tests/data/test461 @@ -0,0 +1,48 @@ + + + +HTTP +HTTP GET +--header + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Content-Length: 6 +Connection: close +Content-Type: text/html + +-foo- + + + +# +# Client-side + + +http + + +disable Host: when specified as lower case + + +http://%HOSTIP:%HTTPPORT/%TESTNUMBER -H host: + + + +# +# Verify data after the test has been "shot" + + +GET /%TESTNUMBER HTTP/1.1 +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/data/test498 b/tests/data/test498 index 457c28043..b1fc02380 100644 --- a/tests/data/test498 +++ b/tests/data/test498 @@ -35,7 +35,7 @@ http Reject too large HTTP response headers on endless redirects -http://%HOSTIP:%HTTPPORT/%TESTNUMBER --max-redir 400 --location +http://%HOSTIP:%HTTPPORT/%TESTNUMBER --max-redirs 400 --location diff --git a/tests/data/test689 b/tests/data/test689 new file mode 100644 index 000000000..821556dec --- /dev/null +++ b/tests/data/test689 @@ -0,0 +1,53 @@ + + +#Informational + + +RTSP +OPTIONS + + + +# Server-side + + +RTSP/7.1 786 + +RTSP/ + + + + + +# Client-Side + + +rtsp + + +lib567 + + + +fuzzing crash issue #12701 + + +rtsp://%HOSTIP:%RTSPPORT/%TESTNUMBER + + + + + +OPTIONS rtsp://%HOSTIP:%RTSPPORT/%TESTNUMBER RTSP/1.0 +CSeq: 1 +User-Agent: test567 +Test-Number: 567 + + +# 8 == CURLE_WEIRD_SERVER_REPLY + +8 + + + + diff --git a/tests/data/test722 b/tests/data/test722 index 674efd14a..c5b8d8610 100644 --- a/tests/data/test722 +++ b/tests/data/test722 @@ -8,7 +8,7 @@ IPFS # # Server-side - + HTTP/1.1 200 OK Date: Tue, 09 Nov 2010 14:49:00 GMT Server: test-server/fake @@ -34,7 +34,7 @@ http IPFS ---ipfs-gateway http://%HOSTIP:%HTTPPORT/%TESTNUMBER ipfs://QmV5JejrpgUxnkZeFZYMxVCqAbKy3KdPXWXyuEDiMNZwUx +--ipfs-gateway http://%HOSTIP:%HTTPPORT ipfs://bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u @@ -42,7 +42,7 @@ IPFS # Verify data after the test has been "shot" -GET /ipfs/QmV5JejrpgUxnkZeFZYMxVCqAbKy3KdPXWXyuEDiMNZwUx HTTP/1.1 +GET /ipfs/bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u HTTP/1.1 Host: %HOSTIP:%HTTPPORT User-Agent: curl/%VERSION Accept: */* diff --git a/tests/data/test723 b/tests/data/test723 index aaf4d27a3..dac78fc54 100644 --- a/tests/data/test723 +++ b/tests/data/test723 @@ -20,7 +20,7 @@ http IPFS with malformed gateway URL (bad function argument error) ---ipfs-gateway http://nonexisting,local:8080/%TESTNUMBER ipfs://QmV5JejrpgUxnkZeFZYMxVCqAbKy3KdPXWXyuEDiMNZwUx +--ipfs-gateway http://nonexisting,local:8080 ipfs://bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u diff --git a/tests/data/test724 b/tests/data/test724 index 692046b31..c97354b0d 100644 --- a/tests/data/test724 +++ b/tests/data/test724 @@ -8,7 +8,7 @@ IPFS # # Server-side - + HTTP/1.1 200 OK Date: Tue, 09 Nov 2010 14:49:00 GMT Server: test-server/fake @@ -37,10 +37,10 @@ HOME=%PWD/%LOGDIR IPFS with gateway URL from gateway file -ipfs://QmV5JejrpgUxnkZeFZYMxVCqAbKy3KdPXWXyuEDiMNZwUx +ipfs://bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u -http://%HOSTIP:%HTTPPORT/%TESTNUMBER +http://%HOSTIP:%HTTPPORT @@ -48,7 +48,7 @@ http://%HOSTIP:%HTTPPORT/%TESTNUMBER # Verify data after the test has been "shot" -GET /ipfs/QmV5JejrpgUxnkZeFZYMxVCqAbKy3KdPXWXyuEDiMNZwUx HTTP/1.1 +GET /ipfs/bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u HTTP/1.1 Host: %HOSTIP:%HTTPPORT User-Agent: curl/%VERSION Accept: */* diff --git a/tests/data/test725 b/tests/data/test725 index cf3c19664..de7c39493 100644 --- a/tests/data/test725 +++ b/tests/data/test725 @@ -23,10 +23,10 @@ HOME=%PWD/%LOGDIR IPFS with malformed gateway URL from gateway file -ipfs://QmV5JejrpgUxnkZeFZYMxVCqAbKy3KdPXWXyuEDiMNZwUx +ipfs://bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u -http://nonexisting,local:8080/%TESTNUMBER +http://nonexisting,local:8080 diff --git a/tests/data/test726 b/tests/data/test726 index c0abbf29c..f51adf594 100644 --- a/tests/data/test726 +++ b/tests/data/test726 @@ -26,7 +26,7 @@ HOME=%PWD IPFS with no gateway URL (no environment or home file either) -ipfs://QmV5JejrpgUxnkZeFZYMxVCqAbKy3KdPXWXyuEDiMNZwUx +ipfs://bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u diff --git a/tests/data/test727 b/tests/data/test727 index e71ef5f44..aa2c84fbc 100644 --- a/tests/data/test727 +++ b/tests/data/test727 @@ -8,7 +8,7 @@ IPNS # # Server-side - + HTTP/1.1 200 OK Date: Tue, 09 Nov 2010 14:49:00 GMT Server: test-server/fake @@ -34,7 +34,7 @@ http IPNS ---ipfs-gateway http://%HOSTIP:%HTTPPORT/%TESTNUMBER ipns://QmV5JejrpgUxnkZeFZYMxVCqAbKy3KdPXWXyuEDiMNZwUx +--ipfs-gateway http://%HOSTIP:%HTTPPORT ipns://bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u @@ -42,7 +42,7 @@ IPNS # Verify data after the test has been "shot" -GET /ipns/QmV5JejrpgUxnkZeFZYMxVCqAbKy3KdPXWXyuEDiMNZwUx HTTP/1.1 +GET /ipns/bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u HTTP/1.1 Host: %HOSTIP:%HTTPPORT User-Agent: curl/%VERSION Accept: */* diff --git a/tests/data/test729 b/tests/data/test729 new file mode 100644 index 000000000..805758921 --- /dev/null +++ b/tests/data/test729 @@ -0,0 +1,41 @@ + + + +HTTP +HTTP GET +SOCKS4 + + + +# +# Server-side + + + +# +# Client-side + + +proxy + + +http +socks4 + + +SOCKS4 with very long proxy user name + + +http://fake --limit-rate 1 -x socks4a://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@%HOSTIP:%SOCKSPORT + + + +# +# Verify data after the test has been "shot" + +# CURLE_PROXY + +97 + + + diff --git a/tests/data/test730 b/tests/data/test730 new file mode 100644 index 000000000..138f85086 --- /dev/null +++ b/tests/data/test730 @@ -0,0 +1,52 @@ + + + +IPFS + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 21 +Connection: close +Content-Type: text/plain +Funny-head: yesyes + +Hello curl from IPFS + + + +# +# Client-side + + +http + + +IPFS arg gateway with path + + +--ipfs-gateway http://%HOSTIP:%HTTPPORT/foo/bar ipfs://bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u + + + +# +# Verify data after the test has been "shot" + + +GET /foo/bar/ipfs/bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/data/test731 b/tests/data/test731 new file mode 100644 index 000000000..9e135dbec --- /dev/null +++ b/tests/data/test731 @@ -0,0 +1,58 @@ + + + +IPFS + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 21 +Connection: close +Content-Type: text/plain +Funny-head: yesyes + +Hello curl from IPFS + + + +# +# Client-side + + +http + + +HOME=%PWD/%LOGDIR + + +IPFS with gateway URL and path from gateway file + + +ipfs://bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u + + +http://%HOSTIP:%HTTPPORT/%TESTNUMBER + + + +# +# Verify data after the test has been "shot" + + +GET /%TESTNUMBER/ipfs/bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/data/test732 b/tests/data/test732 new file mode 100644 index 000000000..9adaedb93 --- /dev/null +++ b/tests/data/test732 @@ -0,0 +1,52 @@ + + + +IPFS + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 21 +Connection: close +Content-Type: text/plain +Funny-head: yesyes + +Hello curl from IPFS + + + +# +# Client-side + + +http + + +IPFS with path + + +--ipfs-gateway http://%HOSTIP:%HTTPPORT "ipfs://bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u/a/b" + + + +# +# Verify data after the test has been "shot" + + +GET /ipfs/bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u/a/b HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/data/test733 b/tests/data/test733 new file mode 100644 index 000000000..ad17cd4bf --- /dev/null +++ b/tests/data/test733 @@ -0,0 +1,52 @@ + + + +IPFS + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 21 +Connection: close +Content-Type: text/plain +Funny-head: yesyes + +Hello curl from IPFS + + + +# +# Client-side + + +http + + +IPFS with path and query args + + +--ipfs-gateway http://%HOSTIP:%HTTPPORT "ipfs://bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u/a/b?foo=bar&aaa=bbb" + + + +# +# Verify data after the test has been "shot" + + +GET /ipfs/bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u/a/b?foo=bar&aaa=bbb HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/data/test734 b/tests/data/test734 new file mode 100644 index 000000000..03f571cc6 --- /dev/null +++ b/tests/data/test734 @@ -0,0 +1,52 @@ + + + +IPFS + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 21 +Connection: close +Content-Type: text/plain +Funny-head: yesyes + +Hello curl from IPFS + + + +# +# Client-side + + +http + + +IPFS with path, query args and gateway with path + + +--ipfs-gateway http://%HOSTIP:%HTTPPORT/some/path "ipfs://bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u/a/b?foo=bar&aaa=bbb" + + + +# +# Verify data after the test has been "shot" + + +GET /some/path/ipfs/bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u/a/b?foo=bar&aaa=bbb HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/data/test735 b/tests/data/test735 new file mode 100644 index 000000000..da1aac4dd --- /dev/null +++ b/tests/data/test735 @@ -0,0 +1,52 @@ + + + +IPFS + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 21 +Connection: close +Content-Type: text/plain +Funny-head: yesyes + +Hello curl from IPFS + + + +# +# Client-side + + +http + + +IPNS with path, query args and gateway with path + + +--ipfs-gateway http://%HOSTIP:%HTTPPORT/some/path "ipns://fancy.tld/a/b?foo=bar&aaa=bbb" + + + +# +# Verify data after the test has been "shot" + + +GET /some/path/ipns/fancy.tld/a/b?foo=bar&aaa=bbb HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/data/test736 b/tests/data/test736 new file mode 100644 index 000000000..45d9a055a --- /dev/null +++ b/tests/data/test736 @@ -0,0 +1,58 @@ + + + +IPFS + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 21 +Connection: close +Content-Type: text/plain +Funny-head: yesyes + +Hello curl from IPFS + + + +# +# Client-side + + +http + + +IPFS_PATH=%LOGDIR/.ipfs + + +IPFS with IPFS_PATH set, no trailing slash + + +ipfs://bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u + + +http://%HOSTIP:%HTTPPORT + + + +# +# Verify data after the test has been "shot" + + +GET /ipfs/bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/data/test737 b/tests/data/test737 new file mode 100644 index 000000000..bc6e8576a --- /dev/null +++ b/tests/data/test737 @@ -0,0 +1,58 @@ + + + +IPFS + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 21 +Connection: close +Content-Type: text/plain +Funny-head: yesyes + +Hello curl from IPFS + + + +# +# Client-side + + +http + + +IPFS_PATH=%LOGDIR/.ipfs/ + + +IPFS with IPFS_PATH set, with trailing slash + + +ipfs://bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u + + +http://%HOSTIP:%HTTPPORT + + + +# +# Verify data after the test has been "shot" + + +GET /ipfs/bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/data/test738 b/tests/data/test738 new file mode 100644 index 000000000..5c05137dc --- /dev/null +++ b/tests/data/test738 @@ -0,0 +1,37 @@ + + + +IPFS + + + +# +# Server-side + + + +# +# Client-side + + +http + + +IPFS_PATH=%LOGDIR/.ipfs/ + + +IPFS with IPFS_PATH, no gateway file + + +ipfs://bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u + + + +# +# Verify error code with no gateway file (detection fails) + + +37 + + + diff --git a/tests/data/test739 b/tests/data/test739 new file mode 100644 index 000000000..fe78c41bb --- /dev/null +++ b/tests/data/test739 @@ -0,0 +1,34 @@ + + + +IPFS + + + +# +# Server-side + + + +# +# Client-side + + +http + + +IPNS path and query args for gateway and IPFS url (malformed gateway url) + + +--ipfs-gateway "http://%HOSTIP:%HTTPPORT/some/path?biz=baz" "ipns://fancy.tld/a/b?foo=bar&aaa=bbb" + + + +# +# Verify data after the test has been "shot" + + +3 + + + diff --git a/tests/data/test740 b/tests/data/test740 new file mode 100644 index 000000000..97258d384 --- /dev/null +++ b/tests/data/test740 @@ -0,0 +1,60 @@ + + + +IPFS + + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 21 +Connection: close +Content-Type: text/plain +Funny-head: yesyes + +Hello curl from IPFS + + + +# +# Client-side + + +http + + +HOME=%PWD/%LOGDIR + + +IPFS with gateway URL from multiline gateway file + + +ipfs://bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u + + +http://%HOSTIP:%HTTPPORT +foo +bar + + + +# +# Verify data after the test has been "shot" + + +GET /ipfs/bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/data/test741 b/tests/data/test741 new file mode 100644 index 000000000..e773cd08a --- /dev/null +++ b/tests/data/test741 @@ -0,0 +1,42 @@ + + + +IPFS + + + +# +# Server-side + + + +# +# Client-side + + +http + + +HOME=%PWD/%LOGDIR + + +IPFS with malformed gateway URL from multiline gateway file, first line no url + + +ipfs://bafybeidecnvkrygux6uoukouzps5ofkeevoqland7kopseiod6pzqvjg7u + + +foo +bar + + + +# +# Verify data after the test has been "shot" + +# malformed gateway URL, first line in file must be a gateway URL + +3 + + + diff --git a/tests/data/test742 b/tests/data/test742 new file mode 100644 index 000000000..34e284d18 --- /dev/null +++ b/tests/data/test742 @@ -0,0 +1,66 @@ + + + +HTTP +SOCKS5 +all_proxy + + +# +# Server-side + + +HTTP/1.1 200 OK +Date: Tue, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT +ETag: "21025-dc7-39462498" +Accept-Ranges: bytes +Content-Length: 6 +Connection: close +Content-Type: text/html +Funny-head: yesyes + +-foo- + +# method 2 is SOCKS5 asking for user+password + +method 2 +user aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +password bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb +backendport %HTTPPORT + + + +# +# Client-side + + +socks5 +http + + +SOCKS5-hostname with max length credentials and max host name length + + +# target a port that won't work without the SOCKS magic + +http://cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc:%HTTPPORT -x socks5h://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb@%HOSTIP:%SOCKSPORT + + +proxy + + + +# +# Verify data after the test has been "shot" + + +GET / HTTP/1.1 +Host: cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* + + + + diff --git a/tests/data/test80 b/tests/data/test80 index 21d9fd2ea..c6aa05b17 100644 --- a/tests/data/test80 +++ b/tests/data/test80 @@ -53,7 +53,7 @@ http-proxy HTTP 1.0 CONNECT with proxytunnel and proxy+host Basic authentication -http://test.%TESTNUMBER:%HTTPPORT/we/want/that/page/%TESTNUMBER -p --proxy1.0 %HOSTIP:%PROXYPORT --user iam:myself --proxy-user youare:yourself +http://test.%TESTNUMBER:%HTTPPORT/we/want/that/page/%TESTNUMBER -p --proxy1.0 %HOSTIP:%PROXYPORT --user iam:myself --proxy-user youare:yourself -A "" proxy @@ -67,7 +67,6 @@ proxy CONNECT test.%TESTNUMBER:%HTTPPORT HTTP/1.0 Host: test.%TESTNUMBER:%HTTPPORT Proxy-Authorization: Basic eW91YXJlOnlvdXJzZWxm -User-Agent: curl/%VERSION Proxy-Connection: Keep-Alive @@ -75,7 +74,6 @@ Proxy-Connection: Keep-Alive GET /we/want/that/page/%TESTNUMBER HTTP/1.1 Host: test.%TESTNUMBER:%HTTPPORT Authorization: Basic aWFtOm15c2VsZg== -User-Agent: curl/%VERSION Accept: */* diff --git a/tests/data/test971 b/tests/data/test971 index 19260dfdf..6c6b95058 100644 --- a/tests/data/test971 +++ b/tests/data/test971 @@ -18,7 +18,7 @@ Verify that options-in-versions and docs/cmdline-opts are in sync -%SRCDIR/options-scan.pl %SRCDIR/../docs/options-in-versions %SRCDIR/../docs/cmdline-opts +%SRCDIR/test971.pl %SRCDIR/../docs/options-in-versions %SRCDIR/../docs/cmdline-opts diff --git a/tests/data/test992 b/tests/data/test992 new file mode 100644 index 000000000..dad0aa51a --- /dev/null +++ b/tests/data/test992 @@ -0,0 +1,52 @@ + + + +SASL + + + +# +# Server-side + + +AUTH OAUTHBEARER XOAUTH2 +REPLY AUTH 334 XOAUTH2 supported +REPLY dXNlcj11c2VyAWF1dGg9QmVhcmVyIG1GXzkuQjVmLTQuMUpxTQEB 235 Authenticated + + + +# +# Client-side + + +smtp + + +SASL verify default mechanisms are reset by login options + + +mail body + + +smtp://%HOSTIP:%SMTPPORT/%TESTNUMBER --mail-rcpt recipient@example.com --mail-from sender@example.com -u user --oauth2-bearer mF_9.B5f-4.1JqM --login-options "AUTH=XOAUTH2" -T - + + + +# +# Verify data after the test has been "shot" + + +EHLO %TESTNUMBER +AUTH XOAUTH2 +dXNlcj11c2VyAWF1dGg9QmVhcmVyIG1GXzkuQjVmLTQuMUpxTQEB +MAIL FROM: +RCPT TO: +DATA +QUIT + + +mail body +. + + + diff --git a/tests/ftpserver.pl b/tests/ftpserver.pl index d0be36f15..e250aa1cb 100644 --- a/tests/ftpserver.pl +++ b/tests/ftpserver.pl @@ -412,7 +412,7 @@ sub sysread_or_die { sub startsf { my @mainsockfcmd = ("./server/sockfilt".exe_ext('SRV'), "--ipv$ipvnum", - "--port", $port, + "--port", $port, "--pidfile", $mainsockf_pidfile, "--portfile", $portfile, "--logfile", $mainsockf_logfile); @@ -2258,6 +2258,7 @@ sub SIZE_ftp { my $size = $data[0]; if($size) { + $size += 0; # make it a number if($size > -1) { sendcontrol "213 $size\r\n"; } diff --git a/tests/http/clients/h2-download.c b/tests/http/clients/h2-download.c index 24ccedbdd..e6f001c7c 100644 --- a/tests/http/clients/h2-download.c +++ b/tests/http/clients/h2-download.c @@ -56,10 +56,7 @@ int my_trace(CURL *handle, curl_infotype type, switch(type) { case CURLINFO_TEXT: fprintf(stderr, "== Info: %s", data); - /* FALLTHROUGH */ - default: /* in case a new one is introduced to shock us */ return 0; - case CURLINFO_HEADER_OUT: text = "=> Send header"; break; @@ -76,6 +73,8 @@ int my_trace(CURL *handle, curl_infotype type, return 0; text = "<= Recv data"; break; + default: /* in case a new one is introduced to shock us */ + return 0; } fprintf(stderr, "%s, %lu bytes (0x%lx)\n", @@ -113,11 +112,11 @@ static size_t my_write_cb(char *buf, size_t nitems, size_t buflen, void *userdata) { struct transfer *t = userdata; - ssize_t nwritten; + size_t nwritten; if(!t->resumed && t->recv_size < t->pause_at && - ((curl_off_t)(t->recv_size + (nitems * buflen)) >= t->pause_at)) { + ((t->recv_size + (curl_off_t)(nitems * buflen)) >= t->pause_at)) { fprintf(stderr, "[t-%d] PAUSE\n", t->idx); t->paused = 1; return CURL_WRITEFUNC_PAUSE; @@ -132,11 +131,11 @@ static size_t my_write_cb(char *buf, size_t nitems, size_t buflen, } nwritten = fwrite(buf, nitems, buflen, t->out); - if(nwritten < 0) { + if(nwritten < buflen) { fprintf(stderr, "[t-%d] write failure\n", t->idx); return 0; } - t->recv_size += nwritten; + t->recv_size += (curl_off_t)nwritten; return (size_t)nwritten; } @@ -172,7 +171,7 @@ static void usage(const char *msg) " download a url with following options:\n" " -m number max parallel downloads\n" " -n number total downloads\n" - " -p number pause transfer after `number` response bytes\n" + " -P number pause transfer after `number` response bytes\n" ); } @@ -186,7 +185,7 @@ int main(int argc, char *argv[]) const char *url; size_t i, n, max_parallel = 1; size_t active_transfers; - long pause_offset = 0; + size_t pause_offset = 0; int abort_paused = 0; struct transfer *t; int ch; @@ -196,7 +195,6 @@ int main(int argc, char *argv[]) case 'h': usage(NULL); return 2; - break; case 'a': abort_paused = 1; break; @@ -207,7 +205,7 @@ int main(int argc, char *argv[]) transfer_count = (size_t)strtol(optarg, NULL, 10); break; case 'P': - pause_offset = strtol(optarg, NULL, 10); + pause_offset = (size_t)strtol(optarg, NULL, 10); break; default: usage("invalid option"); @@ -236,7 +234,7 @@ int main(int argc, char *argv[]) for(i = 0; i < transfer_count; ++i) { t = &transfers[i]; t->idx = (int)i; - t->pause_at = (curl_off_t)pause_offset * i; + t->pause_at = (curl_off_t)(pause_offset * i); } n = (max_parallel < transfer_count)? max_parallel : transfer_count; diff --git a/tests/http/clients/h2-serverpush.c b/tests/http/clients/h2-serverpush.c index 742a67e59..13f804aa2 100644 --- a/tests/http/clients/h2-serverpush.c +++ b/tests/http/clients/h2-serverpush.c @@ -102,10 +102,7 @@ int my_trace(CURL *handle, curl_infotype type, switch(type) { case CURLINFO_TEXT: fprintf(stderr, "== Info: %s", data); - /* FALLTHROUGH */ - default: /* in case a new one is introduced to shock us */ return 0; - case CURLINFO_HEADER_OUT: text = "=> Send header"; break; @@ -124,6 +121,8 @@ int my_trace(CURL *handle, curl_infotype type, case CURLINFO_SSL_DATA_IN: text = "<= Recv SSL data"; break; + default: /* in case a new one is introduced to shock us */ + return 0; } dump(text, (unsigned char *)data, size, 1); diff --git a/tests/libtest/CMakeLists.txt b/tests/libtest/CMakeLists.txt index 98f5b9c67..b6450ff3a 100644 --- a/tests/libtest/CMakeLists.txt +++ b/tests/libtest/CMakeLists.txt @@ -67,7 +67,7 @@ endforeach() # Allows for hostname override to make tests machine independent. # TODO this cmake build assumes a shared build, detect static linking here! if(NOT WIN32) - add_library(hostname MODULE EXCLUDE_FROM_ALL sethostname.c sethostname.h) + add_library(hostname MODULE EXCLUDE_FROM_ALL sethostname.c) add_dependencies(testdeps hostname) # Output to .libs for compatibility with autotools, the test data expects a # library at (tests)/libtest/.libs/libhostname.so diff --git a/tests/libtest/Makefile.am b/tests/libtest/Makefile.am index 09a13914a..8ae972a24 100644 --- a/tests/libtest/Makefile.am +++ b/tests/libtest/Makefile.am @@ -103,7 +103,7 @@ libhostname_la_CPPFLAGS = $(AM_CPPFLAGS) $(libhostname_la_CPPFLAGS_EXTRA) libhostname_la_LDFLAGS = $(AM_LDFLAGS) $(libhostname_la_LDFLAGS_EXTRA) libhostname_la_CFLAGS = $(AM_CFLAGS) $(libhostname_la_CFLAGS_EXTRA) -libhostname_la_SOURCES = sethostname.c sethostname.h +libhostname_la_SOURCES = sethostname.c libhostname_la_LIBADD = libhostname_la_DEPENDENCIES = diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc index 85801e002..c4d36a26b 100644 --- a/tests/libtest/Makefile.inc +++ b/tests/libtest/Makefile.inc @@ -58,13 +58,14 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect libprereq \ lib1518 lib1520 lib1521 lib1522 lib1523 \ lib1525 lib1526 lib1527 lib1528 lib1529 lib1530 lib1531 lib1532 lib1533 \ lib1534 lib1535 lib1536 lib1537 lib1538 lib1539 \ - lib1540 lib1542 lib1543 \ + lib1540 lib1542 lib1543 lib1545 \ lib1550 lib1551 lib1552 lib1553 lib1554 lib1555 lib1556 lib1557 \ lib1558 lib1559 lib1560 lib1564 lib1565 lib1567 lib1568 lib1569 \ lib1591 lib1592 lib1593 lib1594 lib1596 lib1597 \ \ lib1662 \ \ + lib1900 \ lib1903 lib1905 lib1906 lib1907 lib1908 lib1910 lib1911 lib1912 lib1913 \ lib1915 lib1916 lib1917 lib1918 lib1919 \ lib1933 lib1934 lib1935 lib1936 lib1937 lib1938 lib1939 lib1940 \ @@ -466,6 +467,9 @@ lib1542_LDADD = $(TESTUTIL_LIBS) lib1543_SOURCES = lib1518.c $(SUPPORTFILES) lib1543_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1543 +lib1545_SOURCES = lib1545.c $(SUPPORTFILES) +lib1545_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_DISABLE_DEPRECATION + lib1550_SOURCES = lib1550.c $(SUPPORTFILES) lib1551_SOURCES = lib1551.c $(SUPPORTFILES) @@ -530,6 +534,8 @@ lib1597_LDADD = $(TESTUTIL_LIBS) lib1662_SOURCES = lib1662.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) lib1662_LDADD = $(TESTUTIL_LIBS) +lib1900_SOURCES = lib1900.c $(SUPPORTFILES) + lib1903_SOURCES = lib1903.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) lib1903_LDADD = $(TESTUTIL_LIBS) diff --git a/tests/libtest/first.c b/tests/libtest/first.c index 7bd129ab3..42c53c694 100644 --- a/tests/libtest/first.c +++ b/tests/libtest/first.c @@ -65,12 +65,16 @@ int select_wrapper(int nfds, fd_set *rd, fd_set *wr, fd_set *exc, void wait_ms(int ms) { + if(ms < 0) + return; #ifdef USE_WINSOCK - Sleep(ms); + Sleep((DWORD)ms); #else - struct timeval t; - curlx_mstotv(&t, ms); - select_wrapper(0, NULL, NULL, NULL, &t); + { + struct timeval t; + curlx_mstotv(&t, ms); + select_wrapper(0, NULL, NULL, NULL, &t); + } #endif } @@ -174,7 +178,7 @@ int main(int argc, char **argv) result = test(URL); fprintf(stderr, "Test ended with result %d\n", result); -#ifdef WIN32 +#ifdef _WIN32 /* flush buffers of all streams regardless of mode */ _flushall(); #endif diff --git a/tests/libtest/lib1156.c b/tests/libtest/lib1156.c index aae2893ef..b512ef67a 100644 --- a/tests/libtest/lib1156.c +++ b/tests/libtest/lib1156.c @@ -68,7 +68,7 @@ static const struct testparams params[] = { { F_RESUME | F_HTTP416 | F_CONTENTRANGE | F_IGNOREBODY, CURLE_OK }, { F_RESUME | F_HTTP416 | F_FAIL | F_IGNOREBODY, CURLE_OK }, { F_RESUME | F_HTTP416 | F_FAIL | F_CONTENTRANGE | F_IGNOREBODY, - CURLE_HTTP_RETURNED_ERROR } + CURLE_OK } }; static int hasbody; diff --git a/tests/libtest/lib1517.c b/tests/libtest/lib1517.c index 706b5567c..126792017 100644 --- a/tests/libtest/lib1517.c +++ b/tests/libtest/lib1517.c @@ -61,7 +61,7 @@ int test(char *URL) struct WriteThis pooh; if(!strcmp(URL, "check")) { -#if (defined(WIN32) || defined(__CYGWIN__)) +#if (defined(_WIN32) || defined(__CYGWIN__)) printf("Windows TCP does not deliver response data but reports " "CONNABORTED\n"); return 1; /* skip since test will fail on Windows without workaround */ diff --git a/tests/libtest/lib1531.c b/tests/libtest/lib1531.c index 703400178..b64e16603 100644 --- a/tests/libtest/lib1531.c +++ b/tests/libtest/lib1531.c @@ -110,7 +110,7 @@ int test(char *URL) curl_multi_fdset() doc. */ if(maxfd == -1) { -#if defined(WIN32) || defined(_WIN32) +#if defined(_WIN32) Sleep(100); rc = 0; #else diff --git a/tests/libtest/lib1545.c b/tests/libtest/lib1545.c new file mode 100644 index 000000000..f31baa0c4 --- /dev/null +++ b/tests/libtest/lib1545.c @@ -0,0 +1,56 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ +#ifndef CURL_DISABLE_DEPRECATION +#define CURL_DISABLE_DEPRECATION /* Using and testing the form api */ +#endif +#include "test.h" + +int test(char *URL) +{ + CURL *eh = NULL; + int res = 0; + struct curl_httppost *lastptr = NULL; + struct curl_httppost *m_formpost = NULL; + + global_init(CURL_GLOBAL_ALL); + + easy_init(eh); + + easy_setopt(eh, CURLOPT_URL, URL); + curl_formadd(&m_formpost, &lastptr, CURLFORM_COPYNAME, "file", + CURLFORM_FILE, "missing-file", CURLFORM_END); + curl_easy_setopt(eh, CURLOPT_HTTPPOST, m_formpost); + + (void)curl_easy_perform(eh); + (void)curl_easy_perform(eh); + +test_cleanup: + + curl_formfree(m_formpost); + + curl_easy_cleanup(eh); + curl_global_cleanup(); + + return res; +} diff --git a/tests/libtest/lib1560.c b/tests/libtest/lib1560.c index 765df0a27..1509c76a7 100644 --- a/tests/libtest/lib1560.c +++ b/tests/libtest/lib1560.c @@ -151,6 +151,9 @@ struct clearurlcase { }; static const struct testcase get_parts_list[] ={ + {"https://curl.se/# ", + "https | [11] | [12] | [13] | curl.se | [15] | / | [16] | %20%20", + CURLU_URLENCODE|CURLU_ALLOW_SPACE, 0, CURLUE_OK}, {"", "", 0, 0, CURLUE_MALFORMED_INPUT}, {" ", "", 0, 0, CURLUE_MALFORMED_INPUT}, {"1h://example.net", "", 0, 0, CURLUE_BAD_SCHEME}, @@ -316,7 +319,7 @@ static const struct testcase get_parts_list[] ={ "http | ftp.user | moo | [13] | example.com | [15] | /color/ | [16] | " "green?no-red", CURLU_GUESS_SCHEME, 0, CURLUE_OK }, -#ifdef WIN32 +#ifdef _WIN32 {"file:/C:\\programs\\foo", "file | [11] | [12] | [13] | [14] | [15] | C:\\programs\\foo | [16] | [17]", CURLU_DEFAULT_SCHEME, 0, CURLUE_OK}, @@ -785,6 +788,18 @@ static const struct setgetcase setget_parts_list[] = { /* !checksrc! disable SPACEBEFORECOMMA 1 */ static const struct setcase set_parts_list[] = { + {"https://example.com/?param=value", + "query=\"\",", + "https://example.com/", + 0, CURLU_APPENDQUERY | CURLU_URLENCODE, CURLUE_OK, CURLUE_OK}, + {"https://example.com/", + "host=\"\",", + "https://example.com/", + 0, CURLU_URLENCODE, CURLUE_OK, CURLUE_BAD_HOSTNAME}, + {"https://example.com/", + "host=\"\",", + "https://example.com/", + 0, 0, CURLUE_OK, CURLUE_BAD_HOSTNAME}, {"https://example.com", "path=get,", "https://example.com/get", @@ -1030,7 +1045,7 @@ static CURLUcode updateurl(CURLU *u, const char *cmd, unsigned int setflags) while(p) { char *e = strchr(p, ','); if(e) { - size_t n = e-p; + size_t n = (size_t)(e - p); char buf[80]; char part[80]; char value[80]; @@ -1624,7 +1639,6 @@ static char bigpart[120000]; */ static int huge(void) { - const char *url = "%s://%s:%s@%s/%s?%s#%s"; const char *smallpart = "c"; int i; CURLU *urlp = curl_url(); @@ -1648,7 +1662,7 @@ static int huge(void) for(i = 0; i < 7; i++) { char *partp; msnprintf(total, sizeof(total), - url, + "%s://%s:%s@%s/%s?%s#%s", (i == 0)? &bigpart[1] : smallpart, (i == 1)? &bigpart[1] : smallpart, (i == 2)? &bigpart[1] : smallpart, diff --git a/tests/libtest/lib1900.c b/tests/libtest/lib1900.c new file mode 100644 index 000000000..92f89c4c4 --- /dev/null +++ b/tests/libtest/lib1900.c @@ -0,0 +1,55 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ +#include "test.h" + +#include "testutil.h" +#include "warnless.h" +#include "memdebug.h" + +int test(char *URL) +{ + CURLcode res = CURLE_OK; + CURL *hnd = NULL; + CURL *second = NULL; + + global_init(CURL_GLOBAL_ALL); + + easy_init(hnd); + easy_setopt(hnd, CURLOPT_URL, URL); + easy_setopt(hnd, CURLOPT_HSTS, "first-hsts.txt"); + easy_setopt(hnd, CURLOPT_HSTS, "second-hsts.txt"); + + second = curl_easy_duphandle(hnd); + + curl_easy_cleanup(hnd); + curl_easy_cleanup(second); + curl_global_cleanup(); + return 0; + +test_cleanup: + curl_easy_cleanup(hnd); + curl_easy_cleanup(second); + curl_global_cleanup(); + return (int)res; +} diff --git a/tests/libtest/lib1940.c b/tests/libtest/lib1940.c index 8bc094362..05da9de30 100644 --- a/tests/libtest/lib1940.c +++ b/tests/libtest/lib1940.c @@ -35,6 +35,8 @@ static const char *show[]={ "set-cookie", "silly-thing", "fold", + "blank", + "Blank2", NULL }; diff --git a/tests/libtest/lib1947.c b/tests/libtest/lib1947.c index b7a013127..c81345f9d 100644 --- a/tests/libtest/lib1947.c +++ b/tests/libtest/lib1947.c @@ -39,7 +39,7 @@ int test(char *URL) CURLcode res = CURLE_OK; struct curl_header *h; int count = 0; - int origins; + unsigned int origins; global_init(CURL_GLOBAL_DEFAULT); diff --git a/tests/libtest/lib1960.c b/tests/libtest/lib1960.c index fc2f4b0af..9b82128e9 100644 --- a/tests/libtest/lib1960.c +++ b/tests/libtest/lib1960.c @@ -25,12 +25,6 @@ #ifdef HAVE_INET_PTON -#ifdef WIN32 -#include -#include -#include -#endif - #ifdef HAVE_NETINET_IN_H #include #endif diff --git a/tests/libtest/lib2305.c b/tests/libtest/lib2305.c index 0778e0b58..374423f0f 100644 --- a/tests/libtest/lib2305.c +++ b/tests/libtest/lib2305.c @@ -71,8 +71,6 @@ static void websocket(CURL *curl) websocket_close(curl); } -extern struct libtest_trace_cfg libtest_debug_config; - int test(char *URL) { CURL *curl; diff --git a/tests/libtest/lib3026.c b/tests/libtest/lib3026.c index 42b44c890..6f31dabde 100644 --- a/tests/libtest/lib3026.c +++ b/tests/libtest/lib3026.c @@ -28,7 +28,7 @@ #define NUM_THREADS 100 -#ifdef WIN32 +#ifdef _WIN32 #ifdef _WIN32_WCE static DWORD WINAPI run_thread(LPVOID ptr) #else @@ -84,7 +84,7 @@ int test(char *URL) th = _beginthreadex(NULL, 0, run_thread, &results[i], 0, NULL); #endif if(!th) { - fprintf(stderr, "%s:%d Couldn't create thread, errno %d\n", + fprintf(stderr, "%s:%d Couldn't create thread, errno %lu\n", __FILE__, __LINE__, GetLastError()); tid_count = i; test_failure = -1; diff --git a/tests/libtest/lib517.c b/tests/libtest/lib517.c index 7c65a659c..0d1ea2eb4 100644 --- a/tests/libtest/lib517.c +++ b/tests/libtest/lib517.c @@ -164,7 +164,7 @@ int test(char *URL) time_t out = curl_getdate(dates[i].input, NULL); if(out != dates[i].output) { printf("WRONGLY %s => %ld (instead of %ld)\n", - dates[i].input, out, dates[i].output); + dates[i].input, (long)out, (long)dates[i].output); error++; } } diff --git a/tests/libtest/lib518.c b/tests/libtest/lib518.c index 87b6f2d88..200041239 100644 --- a/tests/libtest/lib518.c +++ b/tests/libtest/lib518.c @@ -42,7 +42,7 @@ #define NUM_OPEN (FD_SETSIZE + 10) #define NUM_NEEDED (NUM_OPEN + SAFETY_MARGIN) -#if defined(WIN32) || defined(_WIN32) || defined(MSDOS) +#if defined(_WIN32) || defined(MSDOS) #define DEV_NULL "NUL" #else #define DEV_NULL "/dev/null" @@ -99,25 +99,35 @@ static int fopen_works(void) return ret; } +static void rlim2str(char *buf, size_t len, rlim_t val) +{ +#ifdef RLIM_INFINITY + if(val == RLIM_INFINITY) { + msnprintf(buf, len, "INFINITY"); + return; + } +#endif +#ifdef HAVE_LONGLONG + if(sizeof(rlim_t) > sizeof(long)) + msnprintf(buf, len, "%llu", (unsigned long long)val); + else +#endif + { + if(sizeof(rlim_t) < sizeof(long)) + msnprintf(buf, len, "%u", (unsigned int)val); + else + msnprintf(buf, len, "%lu", (unsigned long)val); + } +} + static int rlimit(int keep_open) { - int nitems, i; + rlim_t nitems, i; int *memchunk = NULL; - char *fmt; struct rlimit rl; char strbuff[256]; char strbuff1[81]; char strbuff2[81]; - char fmt_u[] = "%u"; - char fmt_lu[] = "%lu"; -#ifdef HAVE_LONGLONG - char fmt_llu[] = "%llu"; - - if(sizeof(rl.rlim_max) > sizeof(long)) - fmt = fmt_llu; - else -#endif - fmt = (sizeof(rl.rlim_max) < sizeof(long))?fmt_u:fmt_lu; /* get initial open file limits */ @@ -129,20 +139,10 @@ static int rlimit(int keep_open) /* show initial open file limits */ -#ifdef RLIM_INFINITY - if(rl.rlim_cur == RLIM_INFINITY) - strcpy(strbuff, "INFINITY"); - else -#endif - msnprintf(strbuff, sizeof(strbuff), fmt, rl.rlim_cur); + rlim2str(strbuff, sizeof(strbuff), rl.rlim_cur); fprintf(stderr, "initial soft limit: %s\n", strbuff); -#ifdef RLIM_INFINITY - if(rl.rlim_max == RLIM_INFINITY) - strcpy(strbuff, "INFINITY"); - else -#endif - msnprintf(strbuff, sizeof(strbuff), fmt, rl.rlim_max); + rlim2str(strbuff, sizeof(strbuff), rl.rlim_max); fprintf(stderr, "initial hard limit: %s\n", strbuff); /* show our constants */ @@ -195,20 +195,10 @@ static int rlimit(int keep_open) /* show current open file limits */ -#ifdef RLIM_INFINITY - if(rl.rlim_cur == RLIM_INFINITY) - strcpy(strbuff, "INFINITY"); - else -#endif - msnprintf(strbuff, sizeof(strbuff), fmt, rl.rlim_cur); + rlim2str(strbuff, sizeof(strbuff), rl.rlim_cur); fprintf(stderr, "current soft limit: %s\n", strbuff); -#ifdef RLIM_INFINITY - if(rl.rlim_max == RLIM_INFINITY) - strcpy(strbuff, "INFINITY"); - else -#endif - msnprintf(strbuff, sizeof(strbuff), fmt, rl.rlim_max); + rlim2str(strbuff, sizeof(strbuff), rl.rlim_max); fprintf(stderr, "current hard limit: %s\n", strbuff); } /* (rl.rlim_cur != rl.rlim_max) */ @@ -235,8 +225,8 @@ static int rlimit(int keep_open) (rl.rlim_cur != RLIM_INFINITY) && #endif (rl.rlim_cur <= num_open.rlim_cur)) { - msnprintf(strbuff2, sizeof(strbuff2), fmt, rl.rlim_cur); - msnprintf(strbuff1, sizeof(strbuff1), fmt, num_open.rlim_cur); + rlim2str(strbuff2, sizeof(strbuff2), rl.rlim_cur); + rlim2str(strbuff1, sizeof(strbuff1), num_open.rlim_cur); msnprintf(strbuff, sizeof(strbuff), "fds needed %s > system limit %s", strbuff1, strbuff2); store_errmsg(strbuff, 0); @@ -258,8 +248,8 @@ static int rlimit(int keep_open) if(nitems > 0x7fff) nitems = 0x40000; do { - num_open.rlim_max = sizeof(*memchunk) * (size_t)nitems; - msnprintf(strbuff, sizeof(strbuff), fmt, num_open.rlim_max); + num_open.rlim_max = sizeof(*memchunk) * nitems; + rlim2str(strbuff, sizeof(strbuff), num_open.rlim_max); fprintf(stderr, "allocating memchunk %s byte array\n", strbuff); memchunk = malloc(sizeof(*memchunk) * (size_t)nitems); if(!memchunk) { @@ -287,7 +277,7 @@ static int rlimit(int keep_open) /* verify that we won't overflow size_t in malloc() */ if((size_t)(num_open.rlim_max) > ((size_t)-1) / sizeof(*fd)) { - msnprintf(strbuff1, sizeof(strbuff1), fmt, num_open.rlim_max); + rlim2str(strbuff1, sizeof(strbuff1), num_open.rlim_max); msnprintf(strbuff, sizeof(strbuff), "unable to allocate an array for %s " "file descriptors, would overflow size_t", strbuff1); store_errmsg(strbuff, 0); @@ -298,7 +288,7 @@ static int rlimit(int keep_open) /* allocate array for file descriptors */ - msnprintf(strbuff, sizeof(strbuff), fmt, num_open.rlim_max); + rlim2str(strbuff, sizeof(strbuff), num_open.rlim_max); fprintf(stderr, "allocating array for %s file descriptors\n", strbuff); fd = malloc(sizeof(*fd) * (size_t)(num_open.rlim_max)); @@ -318,7 +308,7 @@ static int rlimit(int keep_open) num_open.rlim_cur++) fd[num_open.rlim_cur] = -1; - msnprintf(strbuff, sizeof(strbuff), fmt, num_open.rlim_max); + rlim2str(strbuff, sizeof(strbuff), num_open.rlim_max); fprintf(stderr, "trying to open %s file descriptors\n", strbuff); /* open a dummy descriptor */ @@ -346,21 +336,21 @@ static int rlimit(int keep_open) fd[num_open.rlim_cur] = -1; - msnprintf(strbuff1, sizeof(strbuff1), fmt, num_open.rlim_cur); + rlim2str(strbuff1, sizeof(strbuff1), num_open.rlim_cur); msnprintf(strbuff, sizeof(strbuff), "dup() attempt %s failed", strbuff1); fprintf(stderr, "%s\n", strbuff); - msnprintf(strbuff1, sizeof(strbuff), fmt, num_open.rlim_cur); + rlim2str(strbuff1, sizeof(strbuff1), num_open.rlim_cur); msnprintf(strbuff, sizeof(strbuff), "fds system limit seems close to %s", - strbuff1); + strbuff1); fprintf(stderr, "%s\n", strbuff); num_open.rlim_max = NUM_NEEDED; - msnprintf(strbuff2, sizeof(strbuff2), fmt, num_open.rlim_max); - msnprintf(strbuff1, sizeof(strbuff1), fmt, num_open.rlim_cur); + rlim2str(strbuff2, sizeof(strbuff2), num_open.rlim_max); + rlim2str(strbuff1, sizeof(strbuff1), num_open.rlim_cur); msnprintf(strbuff, sizeof(strbuff), "fds needed %s > system limit %s", - strbuff2, strbuff1); + strbuff2, strbuff1); store_errmsg(strbuff, 0); fprintf(stderr, "%s\n", msgbuff); @@ -372,12 +362,10 @@ static int rlimit(int keep_open) fd = NULL; free(memchunk); return -9; - } - } - msnprintf(strbuff, sizeof(strbuff), fmt, num_open.rlim_max); + rlim2str(strbuff, sizeof(strbuff), num_open.rlim_max); fprintf(stderr, "%s file descriptors open\n", strbuff); #if !defined(HAVE_POLL_FINE) && !defined(USE_WINSOCK) @@ -396,7 +384,7 @@ static int rlimit(int keep_open) num_open.rlim_cur = FD_SETSIZE - SAFETY_MARGIN; if(num_open.rlim_max > num_open.rlim_cur) { msnprintf(strbuff, sizeof(strbuff), "select limit is FD_SETSIZE %d", - FD_SETSIZE); + FD_SETSIZE); store_errmsg(strbuff, 0); fprintf(stderr, "%s\n", msgbuff); close_file_descriptors(); @@ -411,7 +399,7 @@ static int rlimit(int keep_open) if((fd[rl.rlim_cur] > 0) && ((unsigned int)fd[rl.rlim_cur] > num_open.rlim_cur)) { msnprintf(strbuff, sizeof(strbuff), "select limit is FD_SETSIZE %d", - FD_SETSIZE); + FD_SETSIZE); store_errmsg(strbuff, 0); fprintf(stderr, "%s\n", msgbuff); close_file_descriptors(); @@ -432,13 +420,11 @@ static int rlimit(int keep_open) */ if(!fopen_works()) { - msnprintf(strbuff1, sizeof(strbuff1), fmt, num_open.rlim_max); - msnprintf(strbuff, sizeof(strbuff), - "fopen fails with %s fds open()", - strbuff1); + rlim2str(strbuff1, sizeof(strbuff1), num_open.rlim_max); + msnprintf(strbuff, sizeof(strbuff), "fopen fails with %s fds open", + strbuff1); fprintf(stderr, "%s\n", msgbuff); - msnprintf(strbuff, sizeof(strbuff), - "fopen fails with lots of fds open()"); + msnprintf(strbuff, sizeof(strbuff), "fopen fails with lots of fds open"); store_errmsg(strbuff, 0); close_file_descriptors(); free(memchunk); diff --git a/tests/libtest/lib537.c b/tests/libtest/lib537.c index 3782282b8..b83e3ce31 100644 --- a/tests/libtest/lib537.c +++ b/tests/libtest/lib537.c @@ -42,7 +42,7 @@ #define SAFETY_MARGIN (11) -#if defined(WIN32) || defined(_WIN32) || defined(MSDOS) +#if defined(_WIN32) || defined(MSDOS) #define DEV_NULL "NUL" #else #define DEV_NULL "/dev/null" @@ -59,8 +59,8 @@ static void store_errmsg(const char *msg, int err) if(!err) msnprintf(msgbuff, sizeof(msgbuff), "%s", msg); else - msnprintf(msgbuff, sizeof(msgbuff), "%s, errno %d, %s", msg, err, - strerror(err)); + msnprintf(msgbuff, sizeof(msgbuff), "%s, errno %d, %s", msg, + err, strerror(err)); } static void close_file_descriptors(void) @@ -99,25 +99,35 @@ static int fopen_works(void) return ret; } +static void rlim2str(char *buf, size_t len, rlim_t val) +{ +#ifdef RLIM_INFINITY + if(val == RLIM_INFINITY) { + msnprintf(buf, len, "INFINITY"); + return; + } +#endif +#ifdef HAVE_LONGLONG + if(sizeof(rlim_t) > sizeof(long)) + msnprintf(buf, len, "%llu", (unsigned long long)val); + else +#endif + { + if(sizeof(rlim_t) < sizeof(long)) + msnprintf(buf, len, "%u", (unsigned int)val); + else + msnprintf(buf, len, "%lu", (unsigned long)val); + } +} + static int rlimit(int keep_open) { int *tmpfd; rlim_t nitems, i; int *memchunk = NULL; - char *fmt; struct rlimit rl; char strbuff[256]; char strbuff1[81]; - char fmt_u[] = "%u"; - char fmt_lu[] = "%lu"; -#ifdef HAVE_LONGLONG - char fmt_llu[] = "%llu"; - - if(sizeof(rl.rlim_max) > sizeof(long)) - fmt = fmt_llu; - else -#endif - fmt = (sizeof(rl.rlim_max) < sizeof(long))?fmt_u:fmt_lu; /* get initial open file limits */ @@ -129,20 +139,10 @@ static int rlimit(int keep_open) /* show initial open file limits */ -#ifdef RLIM_INFINITY - if(rl.rlim_cur == RLIM_INFINITY) - strcpy(strbuff, "INFINITY"); - else -#endif - msnprintf(strbuff, sizeof(strbuff), fmt, rl.rlim_cur); + rlim2str(strbuff, sizeof(strbuff), rl.rlim_cur); fprintf(stderr, "initial soft limit: %s\n", strbuff); -#ifdef RLIM_INFINITY - if(rl.rlim_max == RLIM_INFINITY) - strcpy(strbuff, "INFINITY"); - else -#endif - msnprintf(strbuff, sizeof(strbuff), fmt, rl.rlim_max); + rlim2str(strbuff, sizeof(strbuff), rl.rlim_max); fprintf(stderr, "initial hard limit: %s\n", strbuff); /* @@ -158,7 +158,7 @@ static int rlimit(int keep_open) #ifdef OPEN_MAX if((rl.rlim_cur > 0) && - (rl.rlim_cur < OPEN_MAX)) { + (rl.rlim_cur < OPEN_MAX)) { fprintf(stderr, "raising soft limit up to OPEN_MAX\n"); rl.rlim_cur = OPEN_MAX; if(setrlimit(RLIMIT_NOFILE, &rl) != 0) { @@ -189,20 +189,10 @@ static int rlimit(int keep_open) /* show current open file limits */ -#ifdef RLIM_INFINITY - if(rl.rlim_cur == RLIM_INFINITY) - strcpy(strbuff, "INFINITY"); - else -#endif - msnprintf(strbuff, sizeof(strbuff), fmt, rl.rlim_cur); + rlim2str(strbuff, sizeof(strbuff), rl.rlim_cur); fprintf(stderr, "current soft limit: %s\n", strbuff); -#ifdef RLIM_INFINITY - if(rl.rlim_max == RLIM_INFINITY) - strcpy(strbuff, "INFINITY"); - else -#endif - msnprintf(strbuff, sizeof(strbuff), fmt, rl.rlim_max); + rlim2str(strbuff, sizeof(strbuff), rl.rlim_max); fprintf(stderr, "current hard limit: %s\n", strbuff); } /* (rl.rlim_cur != rl.rlim_max) */ @@ -232,7 +222,7 @@ static int rlimit(int keep_open) nitems = 0x40000; do { num_open.rlim_max = sizeof(*memchunk) * nitems; - msnprintf(strbuff, sizeof(strbuff), fmt, num_open.rlim_max); + rlim2str(strbuff, sizeof(strbuff), num_open.rlim_max); fprintf(stderr, "allocating memchunk %s byte array\n", strbuff); memchunk = malloc(sizeof(*memchunk) * (size_t)nitems); if(!memchunk) { @@ -275,7 +265,7 @@ static int rlimit(int keep_open) /* verify that we won't overflow size_t in malloc() */ if((size_t)(num_open.rlim_max) > ((size_t)-1) / sizeof(*fd)) { - msnprintf(strbuff1, sizeof(strbuff1), fmt, num_open.rlim_max); + rlim2str(strbuff1, sizeof(strbuff1), num_open.rlim_max); msnprintf(strbuff, sizeof(strbuff), "unable to allocate an array for %s " "file descriptors, would overflow size_t", strbuff1); store_errmsg(strbuff, 0); @@ -287,8 +277,9 @@ static int rlimit(int keep_open) /* allocate array for file descriptors */ do { - msnprintf(strbuff, sizeof(strbuff), fmt, num_open.rlim_max); + rlim2str(strbuff, sizeof(strbuff), num_open.rlim_max); fprintf(stderr, "allocating array for %s file descriptors\n", strbuff); + fd = malloc(sizeof(*fd) * (size_t)(num_open.rlim_max)); if(!fd) { fprintf(stderr, "fd, malloc() failed\n"); @@ -311,7 +302,7 @@ static int rlimit(int keep_open) num_open.rlim_cur++) fd[num_open.rlim_cur] = -1; - msnprintf(strbuff, sizeof(strbuff), fmt, num_open.rlim_max); + rlim2str(strbuff, sizeof(strbuff), num_open.rlim_max); fprintf(stderr, "trying to open %s file descriptors\n", strbuff); /* open a dummy descriptor */ @@ -339,11 +330,11 @@ static int rlimit(int keep_open) fd[num_open.rlim_cur] = -1; - msnprintf(strbuff1, sizeof(strbuff1), fmt, num_open.rlim_cur); + rlim2str(strbuff1, sizeof(strbuff1), num_open.rlim_cur); msnprintf(strbuff, sizeof(strbuff), "dup() attempt %s failed", strbuff1); fprintf(stderr, "%s\n", strbuff); - msnprintf(strbuff1, sizeof(strbuff1), fmt, num_open.rlim_cur); + rlim2str(strbuff1, sizeof(strbuff1), num_open.rlim_cur); msnprintf(strbuff, sizeof(strbuff), "fds system limit seems close to %s", strbuff1); fprintf(stderr, "%s\n", strbuff); @@ -351,7 +342,7 @@ static int rlimit(int keep_open) num_open.rlim_max = num_open.rlim_cur - SAFETY_MARGIN; num_open.rlim_cur -= num_open.rlim_max; - msnprintf(strbuff1, sizeof(strbuff1), fmt, num_open.rlim_cur); + rlim2str(strbuff1, sizeof(strbuff1), num_open.rlim_cur); msnprintf(strbuff, sizeof(strbuff), "closing %s file descriptors", strbuff1); fprintf(stderr, "%s\n", strbuff); @@ -363,7 +354,7 @@ static int rlimit(int keep_open) fd[num_open.rlim_cur] = -1; } - msnprintf(strbuff, sizeof(strbuff), fmt, num_open.rlim_max); + rlim2str(strbuff, sizeof(strbuff), num_open.rlim_max); fprintf(stderr, "shrinking array for %s file descriptors\n", strbuff); /* we don't care if we can't shrink it */ @@ -375,12 +366,10 @@ static int rlimit(int keep_open) } break; - } - } - msnprintf(strbuff, sizeof(strbuff), fmt, num_open.rlim_max); + rlim2str(strbuff, sizeof(strbuff), num_open.rlim_max); fprintf(stderr, "%s file descriptors open\n", strbuff); #if !defined(HAVE_POLL_FINE) && !defined(USE_WINSOCK) @@ -435,7 +424,7 @@ static int rlimit(int keep_open) */ if(!fopen_works()) { - msnprintf(strbuff1, sizeof(strbuff1), fmt, num_open.rlim_max); + rlim2str(strbuff1, sizeof(strbuff1), num_open.rlim_max); msnprintf(strbuff, sizeof(strbuff), "fopen fails with %s fds open", strbuff1); fprintf(stderr, "%s\n", msgbuff); diff --git a/tests/libtest/lib544.c b/tests/libtest/lib544.c index 192bfb2e7..a58fa05e3 100644 --- a/tests/libtest/lib544.c +++ b/tests/libtest/lib544.c @@ -63,7 +63,6 @@ int test(char *URL) /* Update the original data to detect non-copy. */ strcpy(teststring, "FAIL"); -#ifdef LIB545 { CURL *handle2; handle2 = curl_easy_duphandle(curl); @@ -71,7 +70,6 @@ int test(char *URL) curl = handle2; } -#endif /* Now, this is a POST request with binary 0 embedded in POST data. */ res = curl_easy_perform(curl); diff --git a/tests/libtest/lib552.c b/tests/libtest/lib552.c index 13726c6b4..436b86ec0 100644 --- a/tests/libtest/lib552.c +++ b/tests/libtest/lib552.c @@ -96,10 +96,7 @@ int my_trace(CURL *handle, curl_infotype type, switch(type) { case CURLINFO_TEXT: fprintf(stderr, "== Info: %s", (char *)data); - /* FALLTHROUGH */ - default: /* in case a new one is introduced to shock us */ return 0; - case CURLINFO_HEADER_OUT: text = "=> Send header"; break; @@ -118,6 +115,8 @@ int my_trace(CURL *handle, curl_infotype type, case CURLINFO_SSL_DATA_IN: text = "<= Recv SSL data"; break; + default: /* in case a new one is introduced to shock us */ + return 0; } dump(text, stderr, (unsigned char *)data, size, config->trace_ascii); diff --git a/tests/libtest/lib557.c b/tests/libtest/lib557.c index 6f96668da..c15769474 100644 --- a/tests/libtest/lib557.c +++ b/tests/libtest/lib557.c @@ -1181,12 +1181,49 @@ static int test_string_formatting(void) return errors; } +static int test_pos_arguments(void) +{ + int errors = 0; + char buf[256]; + + curl_msnprintf(buf, sizeof(buf), "%3$d %2$d %1$d", 500, 501, 502); + errors += string_check(buf, "502 501 500"); + + curl_msnprintf(buf, sizeof(buf), "%3$d %1$d %2$d", 500, 501, 502); + errors += string_check(buf, "502 500 501"); + + /* this is in invalid sequence but the output does not match + what glibc does */ + curl_msnprintf(buf, sizeof(buf), "%3$d %d %2$d", 500, 501, 502); + errors += string_check(buf, ""); + + return errors; +} + static int test_weird_arguments(void) { int errors = 0; char buf[256]; int rc; + /* verify %% */ + rc = curl_msnprintf(buf, sizeof(buf), "%-20d%% right? %%", 500); + errors += string_check(buf, "500 % right? %"); + + /* 100 x % */ + rc = curl_msnprintf(buf, sizeof(buf), "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%" + "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%" + "%%%%%%%%%%%%%%%%%%%%%%"); + /* 50 x % */ + errors += string_check(buf, "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%" + "%%%%%%%%%%%%%%%"); + + rc = curl_msnprintf(buf, sizeof(buf), "%2 AA %d %K", 500, 501, 502); + errors += string_check(buf, "%2 AA 500 %K"); + + rc = curl_msnprintf(buf, sizeof(buf), "%2 %d %K", 500, 501, 502); + errors += string_check(buf, "%2 500 %K"); + /* MAX_PARAMETERS is 128, try exact 128! */ rc = curl_msnprintf(buf, sizeof(buf), "%d%d%d%d%d%d%d%d%d%d" /* 10 */ @@ -1276,18 +1313,6 @@ static int test_weird_arguments(void) errors += string_check(buf, ""); - /* Do not skip sanity checks with parameters! */ - buf[0] = 0; - rc = curl_msnprintf(buf, sizeof(buf), "%d, %.*1$d", 500, 1); - - if(rc != sizeof(buf) - 1) { - printf("curl_mprintf() returned %d and not %d!\n", rc, - sizeof(buf) - 1); - errors++; - } - - errors += strlen_check(buf, 255); - if(errors) printf("Some curl_mprintf() weird arguments tests failed!\n"); @@ -1374,9 +1399,10 @@ static int test_float_formatting(void) 123456789123456789123456789.2987654); errors += strlen_check(buf, 325); - /* check negative when used signed */ + /* check negative width argument when used signed, is treated as positive + and maxes out the internal float width == 325 */ curl_msnprintf(buf, sizeof(buf), "%*f", INT_MIN, 9.1); - errors += string_check(buf, "9.100000"); + errors += string_check(buf, "9.100000 "); /* curl_msnprintf() limits a single float output to 325 bytes maximum width */ @@ -1451,6 +1477,8 @@ int test(char *URL) setlocale(LC_NUMERIC, "C"); #endif + errors += test_pos_arguments(); + errors += test_weird_arguments(); errors += test_unsigned_short_formatting(); diff --git a/tests/libtest/lib567.c b/tests/libtest/lib567.c index 00937e71d..a912b1663 100644 --- a/tests/libtest/lib567.c +++ b/tests/libtest/lib567.c @@ -49,6 +49,7 @@ int test(char *URL) /* Dump data to stdout for protocol verification */ test_setopt(curl, CURLOPT_HEADERDATA, stdout); test_setopt(curl, CURLOPT_WRITEDATA, stdout); + test_setopt(curl, CURLOPT_VERBOSE, 1L); test_setopt(curl, CURLOPT_URL, URL); test_setopt(curl, CURLOPT_RTSP_STREAM_URI, URL); diff --git a/tests/libtest/lib568.c b/tests/libtest/lib568.c index 97304fa58..044527499 100644 --- a/tests/libtest/lib568.c +++ b/tests/libtest/lib568.c @@ -93,6 +93,7 @@ int test(char *URL) test_setopt(curl, CURLOPT_READDATA, sdpf); test_setopt(curl, CURLOPT_UPLOAD, 1L); test_setopt(curl, CURLOPT_INFILESIZE_LARGE, (curl_off_t) file_info.st_size); + test_setopt(curl, CURLOPT_VERBOSE, 1L); /* Do the ANNOUNCE */ res = curl_easy_perform(curl); diff --git a/tests/libtest/lib670.c b/tests/libtest/lib670.c index 700b908cf..b348343c2 100644 --- a/tests/libtest/lib670.c +++ b/tests/libtest/lib670.c @@ -215,7 +215,7 @@ int test(char *URL) mres = curl_multi_fdset(multi, &fdread, &fdwrite, &fdexcept, &maxfd); if(mres) break; -#if defined(WIN32) || defined(_WIN32) +#if defined(_WIN32) if(maxfd == -1) Sleep(100); else diff --git a/tests/libtest/sethostname.c b/tests/libtest/sethostname.c index 9dcad976c..1e07d26bc 100644 --- a/tests/libtest/sethostname.c +++ b/tests/libtest/sethostname.c @@ -23,8 +23,6 @@ ***************************************************************************/ #include "curl_setup.h" -#include "sethostname.h" - /* * we force our own host name, in order to make some tests machine independent */ diff --git a/tests/libtest/stub_gssapi.c b/tests/libtest/stub_gssapi.c index 634dddfd0..d581a91d5 100644 --- a/tests/libtest/stub_gssapi.c +++ b/tests/libtest/stub_gssapi.c @@ -91,8 +91,8 @@ OM_uint32 gss_init_sec_context(OM_uint32 *min, OM_uint32 *time_rec) { /* The token will be encoded in base64 */ - int length = APPROX_TOKEN_LEN * 3 / 4; - int used = 0; + size_t length = APPROX_TOKEN_LEN * 3 / 4; + size_t used = 0; char *token = NULL; const char *creds = NULL; gss_ctx_id_t ctx = NULL; @@ -183,7 +183,7 @@ OM_uint32 gss_init_sec_context(OM_uint32 *min, return GSS_S_FAILURE; } - ctx = (gss_ctx_id_t) calloc(sizeof(*ctx), 1); + ctx = (gss_ctx_id_t) calloc(1, sizeof(*ctx)); if(!ctx) { *min = GSS_NO_MEMORY; return GSS_S_FAILURE; @@ -219,8 +219,8 @@ OM_uint32 gss_init_sec_context(OM_uint32 *min, /* Token format: creds:target:type:padding */ /* Note: this is using the *real* snprintf() and not the curl provided one */ - used = snprintf(token, length, "%s:%s:%d:", creds, - (char *) target_name, ctx->sent); + used = (size_t) snprintf(token, length, "%s:%s:%d:", creds, + (char *) target_name, ctx->sent); if(used >= length) { free(token); diff --git a/tests/libtest/test.h b/tests/libtest/test.h index 7eb7fdaa2..7f29db117 100644 --- a/tests/libtest/test.h +++ b/tests/libtest/test.h @@ -42,7 +42,7 @@ #include "curl_printf.h" -#ifdef WIN32 +#ifdef _WIN32 #define sleep(sec) Sleep ((sec)*1000) #endif diff --git a/tests/libtest/test613.pl b/tests/libtest/test613.pl index 3ad7805af..dee3b1754 100644 --- a/tests/libtest/test613.pl +++ b/tests/libtest/test613.pl @@ -81,7 +81,7 @@ elsif ($ARGV[0] eq "postprocess") rmdir $dirname || die "$!"; - if ($logfile) { + if ($logfile && -s $logfile) { # Process the directory file to remove all information that # could be inconsistent from one test run to the next (e.g. # file date) or may be unsupported on some platforms (e.g. diff --git a/tests/libtest/testtrace.c b/tests/libtest/testtrace.c index f78a9b943..49ff8ae20 100644 --- a/tests/libtest/testtrace.c +++ b/tests/libtest/testtrace.c @@ -117,10 +117,7 @@ int libtest_debug_cb(CURL *handle, curl_infotype type, switch(type) { case CURLINFO_TEXT: fprintf(stderr, "%s== Info: %s", timestr, (char *)data); - /* FALLTHROUGH */ - default: /* in case a new one is introduced to shock us */ return 0; - case CURLINFO_HEADER_OUT: text = "=> Send header"; break; @@ -139,6 +136,8 @@ int libtest_debug_cb(CURL *handle, curl_infotype type, case CURLINFO_SSL_DATA_IN: text = "<= Recv SSL data"; break; + default: /* in case a new one is introduced to shock us */ + return 0; } libtest_debug_dump(timebuf, text, stderr, data, size, trace_cfg->nohex); diff --git a/tests/libtest/testutil.c b/tests/libtest/testutil.c index 1a1e689e7..efbbf9019 100644 --- a/tests/libtest/testutil.c +++ b/tests/libtest/testutil.c @@ -26,7 +26,7 @@ #include "testutil.h" #include "memdebug.h" -#if defined(WIN32) && !defined(MSDOS) +#if defined(_WIN32) struct timeval tutil_tvnow(void) { @@ -37,8 +37,8 @@ struct timeval tutil_tvnow(void) */ struct timeval now; DWORD milliseconds = GetTickCount(); - now.tv_sec = milliseconds / 1000; - now.tv_usec = (milliseconds % 1000) * 1000; + now.tv_sec = (long)(milliseconds / 1000); + now.tv_usec = (long)((milliseconds % 1000) * 1000); return now; } @@ -130,7 +130,7 @@ double tutil_tvdiff_secs(struct timeval newer, struct timeval older) return (double)(newer.tv_usec-older.tv_usec)/1000000.0; } -#ifdef WIN32 +#ifdef _WIN32 HMODULE win32_load_system_library(const TCHAR *filename) { size_t filenamelen = _tcslen(filename); diff --git a/tests/libtest/testutil.h b/tests/libtest/testutil.h index 36b944834..9f063795a 100644 --- a/tests/libtest/testutil.h +++ b/tests/libtest/testutil.h @@ -42,7 +42,7 @@ long tutil_tvdiff(struct timeval t1, struct timeval t2); */ double tutil_tvdiff_secs(struct timeval t1, struct timeval t2); -#ifdef WIN32 +#ifdef _WIN32 HMODULE win32_load_system_library(const TCHAR *filename); #endif diff --git a/tests/pathhelp.pm b/tests/pathhelp.pm index 7d924b862..3afc5dacb 100644 --- a/tests/pathhelp.pm +++ b/tests/pathhelp.pm @@ -789,6 +789,7 @@ sub exe_ext { $^O eq 'dos' || $^O eq 'os2') { return '.exe'; } + return ''; } 1; # End of module diff --git a/tests/runner.pm b/tests/runner.pm index 8b61eb4b3..c0fb40cb3 100644 --- a/tests/runner.pm +++ b/tests/runner.pm @@ -115,7 +115,7 @@ our $DBGCURL=$CURL; #"../src/.libs/curl"; # alternative for debugging our $valgrind_logfile="--log-file"; # the option name for valgrind >=3 our $valgrind_tool="--tool=memcheck"; our $gdb = checktestcmd("gdb"); -our $gdbthis; # run test case with gdb debugger +our $gdbthis = 0; # run test case with debugger (gdb or lldb) our $gdbxwin; # use windowed gdb when using gdb # torture test variables @@ -945,9 +945,16 @@ sub singletest_run { if($gdbthis) { my $gdbinit = "$TESTDIR/gdbinit$testnum"; open(my $gdbcmd, ">", "$LOGDIR/gdbcmd") || die "Failure writing gdb file"; - print $gdbcmd "set args $cmdargs\n"; - print $gdbcmd "show args\n"; - print $gdbcmd "source $gdbinit\n" if -e $gdbinit; + if($gdbthis == 1) { + # gdb mode + print $gdbcmd "set args $cmdargs\n"; + print $gdbcmd "show args\n"; + print $gdbcmd "source $gdbinit\n" if -e $gdbinit; + } + else { + # lldb mode + print $gdbcmd "set args $cmdargs\n"; + } close($gdbcmd) || die "Failure writing gdb file"; } @@ -963,11 +970,18 @@ sub singletest_run { $testnum, "$gdb --directory $LIBDIR " . shell_quote($DBGCURL) . " -x $LOGDIR/gdbcmd"); } - elsif($gdbthis) { + elsif($gdbthis == 1) { + # gdb my $GDBW = ($gdbxwin) ? "-w" : ""; runclient("$gdb --directory $LIBDIR " . shell_quote($DBGCURL) . " $GDBW -x $LOGDIR/gdbcmd"); $cmdres=0; # makes it always continue after a debugged run } + elsif($gdbthis == 2) { + # $gdb is "lldb" + print "runs lldb -- $CURL $cmdargs\n"; + runclient("lldb -- $CURL $cmdargs"); + $cmdres=0; # makes it always continue after a debugged run + } else { # Convert the raw result code into a more useful one ($cmdres, $dumped_core) = normalize_cmdres(runclient("$CMDLINE")); diff --git a/tests/runtests.1 b/tests/runtests.1 index 46d3ec2ec..02988e8b4 100644 --- a/tests/runtests.1 +++ b/tests/runtests.1 @@ -54,6 +54,35 @@ this keyword. Remember that the exclamation marks and spaces will need to be quoted somehow when entered at many command shells. Prefix a keyword with a tilde (~) to still run it, but ignore the results. + +.SH "OUTPUT" + +When running without -s (short output), for instance when running runtests.pl +directly rather than via make, each test will emits a pair of lines like this: + +Test 0045...[simple HTTP Location: without protocol in initial URL] +--pd---e-v- OK (45 out of 1427, remaining: 16:08, took 6.188s, duration: 00:31) + +the first line contains the test number and a description. On the second line, +the characters at the beginning are flags indicating which aspects of curl's +behavior were checked by the test: + + s stdout + r stderr + p protocol + d data + u upload + P proxy + o output + e exit code + m memory + v valgrind + E the test was run event-based + +The remainder of the second line contains the test result, current test sequence, +total number of tests to be run and an estimated amount of time to complete the +test run. + .SH OPTIONS .IP "-a" Continue running the rest of the test cases even if one test fails. By @@ -88,13 +117,15 @@ Run the given test(s) with gdb. This is best used on a single test case and curl built --disable-shared. This then fires up gdb with command line set to run the specified test case. Simply (set a break-point and) type 'run' to start. +.IP "-gl" +Run the given test(s) with lldb. This is best used on a single test case and +curl built --disable-shared. This then fires up lldb with command line set to +run the specified test case. Simply (set a break-point and) type 'run' to +start. .IP "-gw" Run the given test(s) with gdb as a windowed application. .IP "-h, --help" Displays a help text about this program's command line options. -.IP "-k" -Keep output and log files in log/ after a test run, even if no error was -detected. Useful for debugging. .IP "-j[num]" Spawn num processes to run tests. This defaults to 0 to run tests serially within a single process. Using a number greater than one allows multiple tests @@ -102,6 +133,9 @@ to run in parallel, speeding up a test run. The optimum number is dependent on the system and set of tests to run, but 7*number of CPU cores is a good figure to start with, or 1.3*number of CPU cores if Valgrind is in use. Enabling parallel tests is not recommended in conjunction with the \-g option. +.IP "-k" +Keep output and log files in log/ after a test run, even if no error was +detected. Useful for debugging. .IP "-L " Load and execute the specified file which should contain perl code. This option allows one to change \fIruntests.pl\fP behaviour by overwriting diff --git a/tests/runtests.pl b/tests/runtests.pl index 32e068037..17b0d3986 100644 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -23,6 +23,8 @@ # ########################################################################### +# For documentation, run `man ./runtests.1` and see README.md. + # Experimental hooks are available to run tests remotely on machines that # are able to run curl but are unable to run the test harness. # The following sections need to be modified: @@ -1233,6 +1235,8 @@ sub singletest_check { # text mode when running on windows: fix line endings s/\r\n/\n/g for @validstdout; s/\n/\r\n/g for @validstdout; + s/\r\n/\n/g for @actual; + s/\n/\r\n/g for @actual; } if($hash{'nonewline'}) { @@ -1503,7 +1507,7 @@ sub singletest_check { } else { - $ok .= "-"; # protocol not checked + $ok .= "-"; # proxy not checked } my $outputok; @@ -2213,6 +2217,10 @@ while(@ARGV) { # run this test with gdb $gdbthis=1; } + elsif ($ARGV[0] eq "-gl") { + # run this test with lldb + $gdbthis=2; + } elsif ($ARGV[0] eq "-gw") { # run this test with windowed gdb $gdbthis=1; diff --git a/tests/server/getpart.c b/tests/server/getpart.c index 7d3bff75a..9ab9e88d5 100644 --- a/tests/server/getpart.c +++ b/tests/server/getpart.c @@ -60,7 +60,7 @@ curl_free_callback Curl_cfree = (curl_free_callback)free; curl_realloc_callback Curl_crealloc = (curl_realloc_callback)realloc; curl_strdup_callback Curl_cstrdup = (curl_strdup_callback)strdup; curl_calloc_callback Curl_ccalloc = (curl_calloc_callback)calloc; -#if defined(WIN32) && defined(UNICODE) +#if defined(_WIN32) && defined(UNICODE) curl_wcsdup_callback Curl_cwcsdup = (curl_wcsdup_callback)_wcsdup; #endif @@ -149,7 +149,7 @@ static int readline(char **buffer, size_t *bufsize, size_t *length, char *newptr; if(!*buffer) { - *buffer = calloc(128, 1); + *buffer = calloc(1, 128); if(!*buffer) return GPE_OUT_OF_MEMORY; *bufsize = 128; diff --git a/tests/server/mqttd.c b/tests/server/mqttd.c index 55ef02cdb..38918a065 100644 --- a/tests/server/mqttd.c +++ b/tests/server/mqttd.c @@ -98,7 +98,6 @@ #define MQTT_CONNACK_LEN 4 #define MQTT_SUBACK_LEN 5 #define MQTT_CLIENTID_LEN 12 /* "curl0123abcd" */ -#define MQTT_HEADER_LEN 5 /* max 5 bytes */ struct configurable { unsigned char version; /* initial version byte in the request must match @@ -247,7 +246,7 @@ static int connack(FILE *dump, curl_socket_t fd) rc = swrite(fd, (char *)packet, sizeof(packet)); if(rc > 0) { - logmsg("WROTE %d bytes [CONNACK]", rc); + logmsg("WROTE %zd bytes [CONNACK]", rc); loghex(packet, rc); logprotocol(FROM_SERVER, "CONNACK", 2, dump, packet, sizeof(packet)); } @@ -271,7 +270,7 @@ static int suback(FILE *dump, curl_socket_t fd, unsigned short packetid) rc = swrite(fd, (char *)packet, sizeof(packet)); if(rc == sizeof(packet)) { - logmsg("WROTE %d bytes [SUBACK]", rc); + logmsg("WROTE %zd bytes [SUBACK]", rc); loghex(packet, rc); logprotocol(FROM_SERVER, "SUBACK", 3, dump, packet, rc); return 0; @@ -293,7 +292,7 @@ static int puback(FILE *dump, curl_socket_t fd, unsigned short packetid) rc = swrite(fd, (char *)packet, sizeof(packet)); if(rc == sizeof(packet)) { - logmsg("WROTE %d bytes [PUBACK]", rc); + logmsg("WROTE %zd bytes [PUBACK]", rc); loghex(packet, rc); logprotocol(FROM_SERVER, dump, packet, rc); return 0; @@ -311,7 +310,7 @@ static int disconnect(FILE *dump, curl_socket_t fd) }; ssize_t rc = swrite(fd, (char *)packet, sizeof(packet)); if(rc == sizeof(packet)) { - logmsg("WROTE %d bytes [DISCONNECT]", rc); + logmsg("WROTE %zd bytes [DISCONNECT]", rc); loghex(packet, rc); logprotocol(FROM_SERVER, "DISCONNECT", 0, dump, packet, rc); return 0; @@ -440,7 +439,7 @@ static int publish(FILE *dump, rc = swrite(fd, (char *)packet, sendamount); if(rc > 0) { - logmsg("WROTE %d bytes [PUBLISH]", rc); + logmsg("WROTE %zd bytes [PUBLISH]", rc); loghex(packet, rc); logprotocol(FROM_SERVER, "PUBLISH", remaininglength, dump, packet, rc); } @@ -466,10 +465,10 @@ static int fixedheader(curl_socket_t fd, ssize_t rc = sread(fd, (char *)buffer, 2); int i; if(rc < 2) { - logmsg("READ %d bytes [SHORT!]", rc); + logmsg("READ %zd bytes [SHORT!]", rc); return 1; /* fail */ } - logmsg("READ %d bytes", rc); + logmsg("READ %zd bytes", rc); loghex(buffer, rc); *bytep = buffer[0]; @@ -484,7 +483,7 @@ static int fixedheader(curl_socket_t fd, } } *remaining_lengthp = decode_length(&buffer[1], i, remaining_length_bytesp); - logmsg("Remaining Length: %ld [%d bytes]", (long) *remaining_lengthp, + logmsg("Remaining Length: %zu [%zu bytes]", *remaining_lengthp, *remaining_length_bytesp); return 0; } @@ -498,7 +497,7 @@ static curl_socket_t mqttit(curl_socket_t fd) unsigned short packet_id; size_t payload_len; size_t client_id_length; - unsigned int topic_len; + size_t topic_len; size_t remaining_length = 0; size_t bytes = 0; /* remaining length field size in bytes */ char client_id[MAX_CLIENT_ID_LENGTH]; @@ -547,7 +546,7 @@ static curl_socket_t mqttit(curl_socket_t fd) buff_size = remaining_length; buffer = realloc(buffer, buff_size); if(!buffer) { - logmsg("Failed realloc of size %lu", buff_size); + logmsg("Failed realloc of size %zu", buff_size); goto end; } } @@ -556,7 +555,7 @@ static curl_socket_t mqttit(curl_socket_t fd) /* reading variable header and payload into buffer */ rc = sread(fd, (char *)buffer, remaining_length); if(rc > 0) { - logmsg("READ %d bytes", rc); + logmsg("READ %zd bytes", rc); loghex(buffer, rc); } } @@ -570,7 +569,7 @@ static curl_socket_t mqttit(curl_socket_t fd) goto end; } /* ignore the connect flag byte and two keepalive bytes */ - payload_len = (buffer[10] << 8) | buffer[11]; + payload_len = (size_t)(buffer[10] << 8) | buffer[11]; /* first part of the payload is the client ID */ client_id_length = payload_len; @@ -580,20 +579,22 @@ static curl_socket_t mqttit(curl_socket_t fd) start_usr = client_id_offset + payload_len; if(usr_flag == (unsigned char)(conn_flags & usr_flag)) { logmsg("User flag is present in CONN flag"); - payload_len += (buffer[start_usr] << 8) | buffer[start_usr + 1]; + payload_len += (size_t)(buffer[start_usr] << 8) | + buffer[start_usr + 1]; payload_len += 2; /* MSB and LSB for user length */ } start_passwd = client_id_offset + payload_len; if(passwd_flag == (char)(conn_flags & passwd_flag)) { logmsg("Password flag is present in CONN flags"); - payload_len += (buffer[start_passwd] << 8) | buffer[start_passwd + 1]; + payload_len += (size_t)(buffer[start_passwd] << 8) | + buffer[start_passwd + 1]; payload_len += 2; /* MSB and LSB for password length */ } /* check the length of the payload */ if((ssize_t)payload_len != (rc - 12)) { - logmsg("Payload length mismatch, expected %x got %x", + logmsg("Payload length mismatch, expected %zx got %zx", rc - 12, payload_len); goto end; } @@ -632,9 +633,9 @@ static curl_socket_t mqttit(curl_socket_t fd) packet_id = (unsigned short)((buffer[0] << 8) | buffer[1]); /* two bytes topic length */ - topic_len = (buffer[2] << 8) | buffer[3]; + topic_len = (size_t)(buffer[2] << 8) | buffer[3]; if(topic_len != (remaining_length - 5)) { - logmsg("Wrong topic length, got %d expected %d", + logmsg("Wrong topic length, got %zu expected %zu", topic_len, remaining_length - 5); goto end; } @@ -677,8 +678,8 @@ static curl_socket_t mqttit(curl_socket_t fd) logprotocol(FROM_CLIENT, "PUBLISH", remaining_length, dump, buffer, rc); - topiclen = (buffer[1 + bytes] << 8) | buffer[2 + bytes]; - logmsg("Got %d bytes topic", topiclen); + topiclen = (size_t)(buffer[1 + bytes] << 8) | buffer[2 + bytes]; + logmsg("Got %zu bytes topic", topiclen); /* TODO: verify topiclen */ #ifdef QOS @@ -689,7 +690,7 @@ static curl_socket_t mqttit(curl_socket_t fd) /* get the request */ rc = sread(fd, (char *)&buffer[0], 2); - logmsg("READ %d bytes [DISCONNECT]", rc); + logmsg("READ %zd bytes [DISCONNECT]", rc); loghex(buffer, rc); logprotocol(FROM_CLIENT, "DISCONNECT", 0, dump, buffer, rc); goto end; @@ -768,12 +769,12 @@ static bool incoming(curl_socket_t listenfd) curl_socket_t newfd = accept(sockfd, NULL, NULL); if(CURL_SOCKET_BAD == newfd) { error = SOCKERRNO; - logmsg("accept(%d, NULL, NULL) failed with error: (%d) %s", - sockfd, error, sstrerror(error)); + logmsg("accept(%" CURL_FORMAT_SOCKET_T ", NULL, NULL) " + "failed with error: (%d) %s", sockfd, error, sstrerror(error)); } else { - logmsg("====> Client connect, fd %d. Read config from %s", - newfd, configfile); + logmsg("====> Client connect, fd %" CURL_FORMAT_SOCKET_T ". " + "Read config from %s", newfd, configfile); set_advisor_read_lock(loglockfile); (void)mqttit(newfd); /* until done */ clear_advisor_read_lock(loglockfile); @@ -911,7 +912,7 @@ static curl_socket_t sockdaemon(curl_socket_t sock, rc = listen(sock, 5); if(0 != rc) { error = SOCKERRNO; - logmsg("listen(%d, 5) failed with error: (%d) %s", + logmsg("listen(%" CURL_FORMAT_SOCKET_T ", 5) failed with error: (%d) %s", sock, error, sstrerror(error)); sclose(sock); return CURL_SOCKET_BAD; @@ -1017,7 +1018,7 @@ int main(int argc, char *argv[]) msnprintf(loglockfile, sizeof(loglockfile), "%s/%s/mqtt-%s.lock", logdir, SERVERLOGS_LOCKDIR, ipv_inuse); -#ifdef WIN32 +#ifdef _WIN32 win32_init(); atexit(win32_cleanup); diff --git a/tests/server/resolve.c b/tests/server/resolve.c index 221df64b0..8ae31bc59 100644 --- a/tests/server/resolve.c +++ b/tests/server/resolve.c @@ -102,7 +102,7 @@ int main(int argc, char *argv[]) return 1; } -#ifdef WIN32 +#ifdef _WIN32 win32_init(); atexit(win32_cleanup); #endif diff --git a/tests/server/rtspd.c b/tests/server/rtspd.c index dbe8a48b0..9c01ce871 100644 --- a/tests/server/rtspd.c +++ b/tests/server/rtspd.c @@ -1150,7 +1150,7 @@ int main(int argc, char *argv[]) msnprintf(loglockfile, sizeof(loglockfile), "%s/%s/rtsp-%s.lock", logdir, SERVERLOGS_LOCKDIR, ipv_inuse); -#ifdef WIN32 +#ifdef _WIN32 win32_init(); atexit(win32_cleanup); #endif diff --git a/tests/server/sockfilt.c b/tests/server/sockfilt.c index 7e342e330..0900f6564 100644 --- a/tests/server/sockfilt.c +++ b/tests/server/sockfilt.c @@ -152,7 +152,7 @@ enum sockmode { ACTIVE_DISCONNECT /* as a client, disconnected from server */ }; -#ifdef WIN32 +#ifdef _WIN32 /* * read-wrapper to support reading from stdin on Windows. */ @@ -551,14 +551,14 @@ static unsigned int WINAPI select_ws_wait_thread(void *lpParameter) continue; } else { - logmsg("[select_ws_wait_thread] PeekNamedPipe len: %d", length); + logmsg("[select_ws_wait_thread] PeekNamedPipe len: %lu", length); } } else { /* if the pipe has NOT been closed, sleep and continue waiting */ ret = GetLastError(); if(ret != ERROR_BROKEN_PIPE) { - logmsg("[select_ws_wait_thread] PeekNamedPipe error: %d", ret); + logmsg("[select_ws_wait_thread] PeekNamedPipe error: %lu", ret); SleepEx(0, FALSE); continue; } @@ -1159,8 +1159,8 @@ static bool juggle(curl_socket_t *sockfdp, curl_socket_t newfd = accept(sockfd, NULL, NULL); if(CURL_SOCKET_BAD == newfd) { error = SOCKERRNO; - logmsg("accept(%d, NULL, NULL) failed with error: (%d) %s", - sockfd, error, sstrerror(error)); + logmsg("accept(%" CURL_FORMAT_SOCKET_T ", NULL, NULL) " + "failed with error: (%d) %s", sockfd, error, sstrerror(error)); } else { logmsg("====> Client connect"); @@ -1335,7 +1335,7 @@ static curl_socket_t sockdaemon(curl_socket_t sock, rc = listen(sock, 5); if(0 != rc) { error = SOCKERRNO; - logmsg("listen(%d, 5) failed with error: (%d) %s", + logmsg("listen(%" CURL_FORMAT_SOCKET_T ", 5) failed with error: (%d) %s", sock, error, sstrerror(error)); sclose(sock); return CURL_SOCKET_BAD; @@ -1461,7 +1461,7 @@ int main(int argc, char *argv[]) } } -#ifdef WIN32 +#ifdef _WIN32 win32_init(); atexit(win32_cleanup); diff --git a/tests/server/socksd.c b/tests/server/socksd.c index cf9a14fd8..b1d8220a3 100644 --- a/tests/server/socksd.c +++ b/tests/server/socksd.c @@ -193,8 +193,8 @@ static void getconfig(void) logmsg("parse config file"); while(fgets(buffer, sizeof(buffer), fp)) { char key[32]; - char value[32]; - if(2 == sscanf(buffer, "%31s %31s", key, value)) { + char value[260]; + if(2 == sscanf(buffer, "%31s %259s", key, value)) { if(!strcmp(key, "version")) { config.version = byteval(value); logmsg("version [%d] set", config.version); @@ -323,7 +323,7 @@ static curl_socket_t socks4(curl_socket_t fd, return CURL_SOCKET_BAD; } if(rc < 9) { - logmsg("SOCKS4 connect message too short: %d", rc); + logmsg("SOCKS4 connect message too short: %zd", rc); return CURL_SOCKET_BAD; } if(!config.port) @@ -350,7 +350,7 @@ static curl_socket_t socks4(curl_socket_t fd, logmsg("Sending SOCKS4 response failed!"); return CURL_SOCKET_BAD; } - logmsg("Sent %d bytes", rc); + logmsg("Sent %zd bytes", rc); loghex(response, rc); if(cd == 90) @@ -365,8 +365,8 @@ static curl_socket_t socks4(curl_socket_t fd, static curl_socket_t sockit(curl_socket_t fd) { - unsigned char buffer[256 + 16]; - unsigned char response[256 + 16]; + unsigned char buffer[2*256 + 16]; + unsigned char response[2*256 + 16]; ssize_t rc; unsigned char len; unsigned char type; @@ -379,13 +379,22 @@ static curl_socket_t sockit(curl_socket_t fd) getconfig(); rc = recv(fd, (char *)buffer, sizeof(buffer), 0); + if(rc <= 0) { + logmsg("SOCKS identifier message missing, recv returned %zd", rc); + return CURL_SOCKET_BAD; + } - logmsg("READ %d bytes", rc); + logmsg("READ %zd bytes", rc); loghex(buffer, rc); if(buffer[SOCKS5_VERSION] == 4) return socks4(fd, buffer, rc); + if(rc < 3) { + logmsg("SOCKS5 identifier message too short: %zd", rc); + return CURL_SOCKET_BAD; + } + if(buffer[SOCKS5_VERSION] != config.version) { logmsg("VERSION byte not %d", config.version); return CURL_SOCKET_BAD; @@ -399,7 +408,7 @@ static curl_socket_t sockit(curl_socket_t fd) /* after NMETHODS follows that many bytes listing the methods the client says it supports */ if(rc != (buffer[SOCKS5_NMETHODS] + 2)) { - logmsg("Expected %d bytes, got %d", buffer[SOCKS5_NMETHODS] + 2, rc); + logmsg("Expected %d bytes, got %zd", buffer[SOCKS5_NMETHODS] + 2, rc); return CURL_SOCKET_BAD; } logmsg("Incoming request deemed fine!"); @@ -412,13 +421,17 @@ static curl_socket_t sockit(curl_socket_t fd) logmsg("Sending response failed!"); return CURL_SOCKET_BAD; } - logmsg("Sent %d bytes", rc); + logmsg("Sent %zd bytes", rc); loghex(response, rc); /* expect the request or auth */ rc = recv(fd, (char *)buffer, sizeof(buffer), 0); + if(rc <= 0) { + logmsg("SOCKS5 request or auth message missing, recv returned %zd", rc); + return CURL_SOCKET_BAD; + } - logmsg("READ %d bytes", rc); + logmsg("READ %zd bytes", rc); loghex(buffer, rc); if(config.responsemethod == 2) { @@ -433,7 +446,7 @@ static curl_socket_t sockit(curl_socket_t fd) unsigned char plen; bool login = TRUE; if(rc < 5) { - logmsg("Too short auth input: %d", rc); + logmsg("Too short auth input: %zd", rc); return CURL_SOCKET_BAD; } if(buffer[SOCKS5_VERSION] != 1) { @@ -442,12 +455,12 @@ static curl_socket_t sockit(curl_socket_t fd) } ulen = buffer[SOCKS5_ULEN]; if(rc < 4 + ulen) { - logmsg("Too short packet for username: %d", rc); + logmsg("Too short packet for username: %zd", rc); return CURL_SOCKET_BAD; } plen = buffer[SOCKS5_ULEN + ulen + 1]; if(rc < 3 + ulen + plen) { - logmsg("Too short packet for ulen %d plen %d: %d", ulen, plen, rc); + logmsg("Too short packet for ulen %d plen %d: %zd", ulen, plen, rc); return CURL_SOCKET_BAD; } if((ulen != strlen(config.user)) || @@ -465,19 +478,23 @@ static curl_socket_t sockit(curl_socket_t fd) logmsg("Sending auth response failed!"); return CURL_SOCKET_BAD; } - logmsg("Sent %d bytes", rc); + logmsg("Sent %zd bytes", rc); loghex(response, rc); if(!login) return CURL_SOCKET_BAD; /* expect the request */ rc = recv(fd, (char *)buffer, sizeof(buffer), 0); + if(rc <= 0) { + logmsg("SOCKS5 request message missing, recv returned %zd", rc); + return CURL_SOCKET_BAD; + } - logmsg("READ %d bytes", rc); + logmsg("READ %zd bytes", rc); loghex(buffer, rc); } if(rc < 6) { - logmsg("Too short for request: %d", rc); + logmsg("Too short for request: %zd", rc); return CURL_SOCKET_BAD; } @@ -522,7 +539,7 @@ static curl_socket_t sockit(curl_socket_t fd) return CURL_SOCKET_BAD; } if(rc < (4 + len + 2)) { - logmsg("Request too short: %d, expected %d", rc, 4 + len + 2); + logmsg("Request too short: %zd, expected %d", rc, 4 + len + 2); return CURL_SOCKET_BAD; } logmsg("Received ATYP %d", type); @@ -603,12 +620,12 @@ static curl_socket_t sockit(curl_socket_t fd) memcpy(&response[SOCKS5_BNDADDR + len], &buffer[SOCKS5_DSTADDR + len], sizeof(socksport)); - rc = (send)(fd, (char *)response, len + 6, 0); + rc = (send)(fd, (char *)response, (size_t)(len + 6), 0); if(rc != (len + 6)) { logmsg("Sending connect response failed!"); return CURL_SOCKET_BAD; } - logmsg("Sent %d bytes", rc); + logmsg("Sent %zd bytes", rc); loghex(response, rc); if(!rep) @@ -737,13 +754,14 @@ static bool incoming(curl_socket_t listenfd) curl_socket_t newfd = accept(sockfd, NULL, NULL); if(CURL_SOCKET_BAD == newfd) { error = SOCKERRNO; - logmsg("accept(%d, NULL, NULL) failed with error: (%d) %s", + logmsg("accept(%" CURL_FORMAT_SOCKET_T ", NULL, NULL) " + "failed with error: (%d) %s", sockfd, error, sstrerror(error)); } else { curl_socket_t remotefd; - logmsg("====> Client connect, fd %d. Read config from %s", - newfd, configfile); + logmsg("====> Client connect, fd %" CURL_FORMAT_SOCKET_T ". " + "Read config from %s", newfd, configfile); remotefd = sockit(newfd); /* SOCKS until done */ if(remotefd == CURL_SOCKET_BAD) { logmsg("====> Client disconnect"); @@ -926,7 +944,7 @@ static curl_socket_t sockdaemon(curl_socket_t sock, rc = listen(sock, 5); if(0 != rc) { error = SOCKERRNO; - logmsg("listen(%d, 5) failed with error: (%d) %s", + logmsg("listen(%" CURL_FORMAT_SOCKET_T ", 5) failed with error: (%d) %s", sock, error, sstrerror(error)); sclose(sock); return CURL_SOCKET_BAD; @@ -1059,7 +1077,7 @@ int main(int argc, char *argv[]) } } -#ifdef WIN32 +#ifdef _WIN32 win32_init(); atexit(win32_cleanup); diff --git a/tests/server/sws.c b/tests/server/sws.c index bea3191a2..d91258597 100644 --- a/tests/server/sws.c +++ b/tests/server/sws.c @@ -374,7 +374,7 @@ static int ProcessRequest(struct httprequest *req) req->callcount++; - logmsg("Process %d bytes request%s", req->offset, + logmsg("Process %zu bytes request%s", req->offset, req->callcount > 1?" [CONTINUED]":""); /* try to figure out the request characteristics as soon as possible, but @@ -557,14 +557,14 @@ static int ProcessRequest(struct httprequest *req) logmsg("request not complete yet"); return 0; /* not complete yet */ } - logmsg("- request found to be complete (%d)", req->testno); + logmsg("- request found to be complete (%ld)", req->testno); if(req->testno == DOCNUMBER_NOTHING) { /* check for a Testno: header with the test case number */ char *testno = strstr(line, "\nTestno: "); if(testno) { req->testno = strtol(&testno[9], NULL, 10); - logmsg("Found test number %d in Testno: header!", req->testno); + logmsg("Found test number %ld in Testno: header!", req->testno); } else { logmsg("No Testno: header"); @@ -702,8 +702,8 @@ static int ProcessRequest(struct httprequest *req) /* Negotiate iterations */ static long prev_testno = -1; static long prev_partno = -1; - logmsg("Negotiate: prev_testno: %d, prev_partno: %d", - prev_testno, prev_partno); + logmsg("Negotiate: prev_testno: %ld, prev_partno: %ld", + prev_testno, prev_partno); if(req->testno != prev_testno) { prev_testno = req->testno; prev_partno = req->partno; @@ -1198,8 +1198,8 @@ retry: int intervals = msecs_left / MAX_SLEEP_TIME_MS; if(msecs_left%MAX_SLEEP_TIME_MS) intervals++; - logmsg("Pausing %d milliseconds after writing %d bytes", - msecs_left, written); + logmsg("Pausing %d milliseconds after writing %zd bytes", + msecs_left, written); while((intervals > 0) && !got_exit_signal) { int sleep_time = msecs_left > MAX_SLEEP_TIME_MS ? MAX_SLEEP_TIME_MS : msecs_left; @@ -2119,7 +2119,7 @@ int main(int argc, char *argv[]) logdir, SERVERLOGS_LOCKDIR, protocol_type, is_proxy ? "-proxy" : "", socket_type); -#ifdef WIN32 +#ifdef _WIN32 win32_init(); atexit(win32_cleanup); #endif @@ -2334,7 +2334,8 @@ int main(int argc, char *argv[]) curl_socket_t msgsock; do { msgsock = accept_connection(sock); - logmsg("accept_connection %d returned %d", sock, msgsock); + logmsg("accept_connection %" CURL_FORMAT_SOCKET_T + " returned %" CURL_FORMAT_SOCKET_T, sock, msgsock); if(CURL_SOCKET_BAD == msgsock) goto sws_cleanup; if(req->delay) diff --git a/tests/server/tftpd.c b/tests/server/tftpd.c index 670897c0d..9e839eafc 100644 --- a/tests/server/tftpd.c +++ b/tests/server/tftpd.c @@ -453,7 +453,7 @@ static ssize_t write_behind(struct testcase *test, int convert) if(!test->ofile) { char outfile[256]; msnprintf(outfile, sizeof(outfile), "%s/upload.%ld", logdir, test->testno); -#ifdef WIN32 +#ifdef _WIN32 test->ofile = open(outfile, O_CREAT|O_RDWR|O_BINARY, 0777); #else test->ofile = open(outfile, O_CREAT|O_RDWR, 0777); @@ -642,7 +642,7 @@ int main(int argc, char **argv) msnprintf(loglockfile, sizeof(loglockfile), "%s/%s/tftp-%s.lock", logdir, SERVERLOGS_LOCKDIR, ipv_inuse); -#ifdef WIN32 +#ifdef _WIN32 win32_init(); atexit(win32_cleanup); #endif @@ -1129,7 +1129,7 @@ static int validate_access(struct testcase *test, if(!stream) { int error = errno; logmsg("fopen() failed with error: %d %s", error, strerror(error)); - logmsg("Couldn't open test file for test : %d", testno); + logmsg("Couldn't open test file for test: %ld", testno); return EACCESS; } else { diff --git a/tests/server/util.c b/tests/server/util.c index 19faa2615..74d6d0807 100644 --- a/tests/server/util.c +++ b/tests/server/util.c @@ -39,9 +39,6 @@ #elif defined(HAVE_SYS_POLL_H) #include #endif -#ifdef __MINGW32__ -#include -#endif #define ENABLE_CURLX_PRINTF /* make the curlx header define all printf() functions to use the curlx_* @@ -58,15 +55,6 @@ #define EINVAL 22 /* errno.h value */ #endif -/* MinGW with w32api version < 3.6 declared in6addr_any as extern, - but lacked the definition */ -#if defined(ENABLE_IPV6) && defined(__MINGW32__) -#if (__W32API_MAJOR_VERSION < 3) || \ - ((__W32API_MAJOR_VERSION == 3) && (__W32API_MINOR_VERSION < 6)) -const struct in6_addr in6addr_any = {{ IN6ADDR_ANY_INIT }}; -#endif /* w32api < 3.6 */ -#endif /* ENABLE_IPV6 && __MINGW32__ */ - static struct timeval tvnow(void); /* This function returns a pointer to STATIC memory. It converts the given @@ -144,14 +132,14 @@ void logmsg(const char *msg, ...) } } -#ifdef WIN32 +#ifdef _WIN32 /* use instead of strerror() on generic Windows */ static const char *win32_strerror(int err, char *buf, size_t buflen) { if(!FormatMessageA((FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS), NULL, err, + FORMAT_MESSAGE_IGNORE_INSERTS), NULL, (DWORD)err, LANG_NEUTRAL, buf, (DWORD)buflen, NULL)) - msnprintf(buf, buflen, "Unknown error %lu (%#lx)", err, err); + msnprintf(buf, buflen, "Unknown error %d (%#x)", err, err); return buf; } @@ -208,7 +196,7 @@ const char *sstrerror(int err) static char buf[512]; return win32_strerror(err, buf, sizeof(buf)); } -#endif /* WIN32 */ +#endif /* _WIN32 */ /* set by the main code to point to where the test dir is */ const char *path = "."; @@ -259,7 +247,7 @@ int wait_ms(int timeout_ms) #if defined(MSDOS) delay(timeout_ms); #elif defined(USE_WINSOCK) - Sleep(timeout_ms); + Sleep((DWORD)timeout_ms); #else pending_ms = timeout_ms; initial_tv = tvnow(); @@ -292,7 +280,7 @@ curl_off_t our_getpid(void) curl_off_t pid; pid = (curl_off_t)getpid(); -#if defined(WIN32) || defined(_WIN32) +#if defined(_WIN32) || defined(_WIN32) /* store pid + 65536 to avoid conflict with Cygwin/msys PIDs, see also: * - https://cygwin.com/git/?p=newlib-cygwin.git;a=commit; ↵ * h=b5e1003722cb14235c4f166be72c09acdffc62ea @@ -378,7 +366,7 @@ void clear_advisor_read_lock(const char *filename) } -#if defined(WIN32) && !defined(MSDOS) +#if defined(_WIN32) && !defined(MSDOS) static struct timeval tvnow(void) { @@ -501,11 +489,11 @@ static SIGHANDLER_T old_sigint_handler = SIG_ERR; static SIGHANDLER_T old_sigterm_handler = SIG_ERR; #endif -#if defined(SIGBREAK) && defined(WIN32) +#if defined(SIGBREAK) && defined(_WIN32) static SIGHANDLER_T old_sigbreak_handler = SIG_ERR; #endif -#ifdef WIN32 +#ifdef _WIN32 #ifdef _WIN32_WCE static DWORD thread_main_id = 0; #else @@ -521,7 +509,7 @@ volatile int got_exit_signal = 0; /* if next is set indicates the first signal handled in exit_signal_handler */ volatile int exit_signal = 0; -#ifdef WIN32 +#ifdef _WIN32 /* event which if set indicates that the program should finish */ HANDLE exit_event = NULL; #endif @@ -538,7 +526,7 @@ static void exit_signal_handler(int signum) if(got_exit_signal == 0) { got_exit_signal = 1; exit_signal = signum; -#ifdef WIN32 +#ifdef _WIN32 if(exit_event) (void)SetEvent(exit_event); #endif @@ -547,7 +535,7 @@ static void exit_signal_handler(int signum) errno = old_errno; } -#ifdef WIN32 +#ifdef _WIN32 /* CTRL event handler for Windows Console applications to simulate * SIGINT, SIGTERM and SIGBREAK on CTRL events and trigger signal handler. * @@ -567,7 +555,7 @@ static void exit_signal_handler(int signum) static BOOL WINAPI ctrl_event_handler(DWORD dwCtrlType) { int signum = 0; - logmsg("ctrl_event_handler: %d", dwCtrlType); + logmsg("ctrl_event_handler: %lu", dwCtrlType); switch(dwCtrlType) { #ifdef SIGINT case CTRL_C_EVENT: signum = SIGINT; break; @@ -581,7 +569,7 @@ static BOOL WINAPI ctrl_event_handler(DWORD dwCtrlType) default: return FALSE; } if(signum) { - logmsg("ctrl_event_handler: %d -> %d", dwCtrlType, signum); + logmsg("ctrl_event_handler: %lu -> %d", dwCtrlType, signum); raise(signum); } return TRUE; @@ -698,7 +686,7 @@ static SIGHANDLER_T set_signal(int signum, SIGHANDLER_T handler, void install_signal_handlers(bool keep_sigalrm) { -#ifdef WIN32 +#ifdef _WIN32 #ifdef _WIN32_WCE typedef HANDLE curl_win_thread_handle_t; #else @@ -744,13 +732,13 @@ void install_signal_handlers(bool keep_sigalrm) if(old_sigterm_handler == SIG_ERR) logmsg("cannot install SIGTERM handler: %s", strerror(errno)); #endif -#if defined(SIGBREAK) && defined(WIN32) +#if defined(SIGBREAK) && defined(_WIN32) /* handle SIGBREAK signal with our exit_signal_handler */ old_sigbreak_handler = set_signal(SIGBREAK, exit_signal_handler, TRUE); if(old_sigbreak_handler == SIG_ERR) logmsg("cannot install SIGBREAK handler: %s", strerror(errno)); #endif -#ifdef WIN32 +#ifdef _WIN32 if(!SetConsoleCtrlHandler(ctrl_event_handler, TRUE)) logmsg("cannot install CTRL event handler"); #ifdef _WIN32_WCE @@ -792,11 +780,11 @@ void restore_signal_handlers(bool keep_sigalrm) if(SIG_ERR != old_sigterm_handler) (void) set_signal(SIGTERM, old_sigterm_handler, FALSE); #endif -#if defined(SIGBREAK) && defined(WIN32) +#if defined(SIGBREAK) && defined(_WIN32) if(SIG_ERR != old_sigbreak_handler) (void) set_signal(SIGBREAK, old_sigbreak_handler, FALSE); #endif -#ifdef WIN32 +#ifdef _WIN32 (void)SetConsoleCtrlHandler(ctrl_event_handler, FALSE); if(thread_main_window && thread_main_id) { if(PostThreadMessage(thread_main_id, WM_APP, 0, 0)) { @@ -846,7 +834,7 @@ int bind_unix_socket(curl_socket_t sock, const char *unix_socket, return rc; } /* socket server is not alive, now check if it was actually a socket. */ -#ifdef WIN32 +#ifdef _WIN32 /* Windows does not have lstat function. */ rc = curlx_win32_stat(unix_socket, &statbuf); #else diff --git a/tests/server/util.h b/tests/server/util.h index a12f4dbf0..a91ecf477 100644 --- a/tests/server/util.h +++ b/tests/server/util.h @@ -26,7 +26,7 @@ #include "server_setup.h" char *data_to_hex(char *data, size_t len); -void logmsg(const char *msg, ...); +void logmsg(const char *msg, ...) CURL_PRINTF(1, 2); long timediff(struct timeval newer, struct timeval older); #define TEST_DATA_PATH "%s/data/test%ld" @@ -41,7 +41,7 @@ extern const char *serverlogfile; extern const char *cmdfile; -#ifdef WIN32 +#ifdef _WIN32 #include #include @@ -54,10 +54,10 @@ void win32_perror(const char *msg); void win32_init(void); void win32_cleanup(void); const char *sstrerror(int err); -#else /* WIN32 */ +#else /* _WIN32 */ #define sstrerror(e) strerror(e) -#endif /* WIN32 */ +#endif /* _WIN32 */ /* fopens the test case file */ FILE *test2fopen(long testno, const char *logdir); @@ -68,7 +68,6 @@ int write_pidfile(const char *filename); int write_portfile(const char *filename, int port); void set_advisor_read_lock(const char *filename); void clear_advisor_read_lock(const char *filename); -int strncasecompare(const char *first, const char *second, size_t max); /* global variable which if set indicates that the program should finish */ extern volatile int got_exit_signal; @@ -76,7 +75,7 @@ extern volatile int got_exit_signal; /* global variable which if set indicates the first signal handled */ extern volatile int exit_signal; -#ifdef WIN32 +#ifdef _WIN32 /* global event which if set indicates that the program should finish */ extern HANDLE exit_event; #endif diff --git a/tests/servers.pm b/tests/servers.pm index 4f67432c6..d4472d509 100644 --- a/tests/servers.pm +++ b/tests/servers.pm @@ -153,10 +153,15 @@ our $stunnel; # path to stunnel command # sub checkcmd { my ($cmd, @extrapaths)=@_; - my @paths=(split(m/[:]/, $ENV{'PATH'}), "/usr/sbin", "/usr/local/sbin", + my $sep = '[:]'; + if ($^O eq 'MSWin32' || $^O eq 'dos' || $^O eq 'os2') { + # PATH separator is different + $sep = '[;]'; + } + my @paths=(split(m/$sep/, $ENV{'PATH'}), "/usr/sbin", "/usr/local/sbin", "/sbin", "/usr/bin", "/usr/local/bin", @extrapaths); for(@paths) { - if( -x "$_/$cmd" && ! -d "$_/$cmd") { + if( -x "$_/$cmd" . exe_ext('SYS') && ! -d "$_/$cmd" . exe_ext('SYS')) { # executable bit but not a directory! return "$_/$cmd"; } @@ -185,10 +190,10 @@ use File::Temp qw/ tempfile/; ####################################################################### # Initialize configuration variables sub initserverconfig { - my ($fh, $socks) = tempfile("/tmp/curl-socksd-XXXXXXXX"); + my ($fh, $socks) = tempfile("curl-socksd-XXXXXXXX", TMPDIR => 1); close($fh); unlink($socks); - my ($f2, $http) = tempfile("/tmp/curl-http-XXXXXXXX"); + my ($f2, $http) = tempfile("curl-http-XXXXXXXX", TMPDIR => 1); close($f2); unlink($http); $SOCKSUNIXPATH = $socks; # SOCKS Unix domain socket @@ -264,19 +269,22 @@ sub clearlocks { if(os_is_win()) { $dir = sys_native_abs_path($dir); $dir =~ s/\//\\\\/g; - my $handle = "handle.exe"; + my $handle = "handle"; if($ENV{"PROCESSOR_ARCHITECTURE"} =~ /64$/) { - $handle = "handle64.exe"; + $handle = "handle64"; } - my @handles = `$handle $dir -accepteula -nobanner`; - for my $tryhandle (@handles) { - if($tryhandle =~ /^(\S+)\s+pid:\s+(\d+)\s+type:\s+(\w+)\s+([0-9A-F]+):\s+(.+)\r\r/) { - logmsg "Found $3 lock of '$5' ($4) by $1 ($2)\n"; - # Ignore stunnel since we cannot do anything about its locks - if("$3" eq "File" && "$1" ne "tstunnel.exe") { - logmsg "Killing IMAGENAME eq $1 and PID eq $2\n"; - system("taskkill.exe -f -fi \"IMAGENAME eq $1\" -fi \"PID eq $2\" >nul 2>&1"); - $done = 1; + if(checkcmd($handle)) { + my @handles = `$handle $dir -accepteula -nobanner`; + for my $tryhandle (@handles) { + # Skip the "No matching handles found." warning when returned + if($tryhandle =~ /^(\S+)\s+pid:\s+(\d+)\s+type:\s+(\w+)\s+([0-9A-F]+):\s+(.+)\r\r/) { + logmsg "Found $3 lock of '$5' ($4) by $1 ($2)\n"; + # Ignore stunnel since we cannot do anything about its locks + if("$3" eq "File" && "$1" ne "tstunnel.exe") { + logmsg "Killing IMAGENAME eq $1 and PID eq $2\n"; + system("taskkill.exe -f -fi \"IMAGENAME eq $1\" -fi \"PID eq $2\" >nul 2>&1"); + $done = 1; + } } } } diff --git a/tests/symbol-scan.pl b/tests/test1119.pl similarity index 100% rename from tests/symbol-scan.pl rename to tests/test1119.pl diff --git a/tests/mem-include-scan.pl b/tests/test1132.pl similarity index 100% rename from tests/mem-include-scan.pl rename to tests/test1132.pl diff --git a/tests/extern-scan.pl b/tests/test1135.pl similarity index 100% rename from tests/extern-scan.pl rename to tests/test1135.pl diff --git a/tests/manpage-scan.pl b/tests/test1139.pl similarity index 91% rename from tests/manpage-scan.pl rename to tests/test1139.pl index c09e979d0..c86081431 100644 --- a/tests/manpage-scan.pl +++ b/tests/test1139.pl @@ -67,7 +67,8 @@ my %alias = ( sub scanmanpage { my ($file, @words) = @_; - open(my $mh, "<", "$file"); + open(my $mh, "<", "$file") || + die "could not open $file"; my @m; while(<$mh>) { if($_ =~ /^\.IP (.*)/) { @@ -128,7 +129,7 @@ while(<$r>) { elsif($type eq "MOPT") { push @curlmopt, $opt, } - if(! -f "$root/docs/libcurl/opts/$opt.3") { + if(! -f "$buildroot/docs/libcurl/opts/$opt.3") { print STDERR "Missing $opt.3\n"; $errors++; } @@ -137,9 +138,9 @@ while(<$r>) { } close($r); -scanmanpage("$root/docs/libcurl/curl_easy_setopt.3", @curlopt); -scanmanpage("$root/docs/libcurl/curl_easy_getinfo.3", @curlinfo); -scanmanpage("$root/docs/libcurl/curl_multi_setopt.3", @curlmopt); +scanmanpage("$buildroot/docs/libcurl/curl_easy_setopt.3", @curlopt); +scanmanpage("$buildroot/docs/libcurl/curl_easy_getinfo.3", @curlinfo); +scanmanpage("$buildroot/docs/libcurl/curl_multi_setopt.3", @curlmopt); # using this hash array, we can skip specific options my %opts = ( @@ -181,30 +182,36 @@ open($r, "<", "$root/src/tool_getparam.c") || my $list; my @getparam; # store all parsed parameters +my $prevlong = ""; +my $no = 0; while(<$r>) { + $no++; chomp; - my $l= $_; if(/struct LongShort aliases/) { $list=1; } elsif($list) { - if( /^ \{([^,]*), *([^ ]*)/) { - my ($s, $l)=($1, $2); + if( /^ \{(\"[^,]*\").*\'(.)\', (.*)\}/) { + my ($l, $s, $rd)=($1, $2, $3); my $sh; my $lo; my $title; + if(($l cmp $prevlong) < 0) { + print STDERR "tool_getparam.c:$no: '$l' is NOT placed in alpha-order\n"; + } if($l =~ /\"(.*)\"/) { # long option $lo = $1; $title="--$lo"; } - if($s =~ /\"(.)\"/) { + if($s ne " ") { # a short option - $sh = $1; + $sh = $s; $title="-$sh, $title"; } push @getparam, $title; $opts{$title} |= 1; + $prevlong = $l; } } } diff --git a/tests/nroff-scan.pl b/tests/test1140.pl similarity index 96% rename from tests/nroff-scan.pl rename to tests/test1140.pl index 4dddf7cf1..b9438dec0 100644 --- a/tests/nroff-scan.pl +++ b/tests/test1140.pl @@ -74,6 +74,7 @@ sub file { } if($str =~ /((libcurl|curl)([^ ]*))\(3\)/i) { my $man = "$1.3"; + $man =~ s/\\//g; # cut off backslashes if(!manpresent($man)) { print "error: $f:$line: referring to non-existing man page $man\n"; $errors++; @@ -92,6 +93,7 @@ sub file { my $i= $1; while($i =~ s/((lib|)curl([^ ]*)) *\"\(3\)(,|) *\" *//i ) { my $man = "$1.3"; + $man =~ s/\\//g; # cut off backslashes if(!manpresent($man)) { print "error: $f:$line: referring to non-existing man page $man\n"; $errors++; diff --git a/tests/disable-scan.pl b/tests/test1165.pl similarity index 77% rename from tests/disable-scan.pl rename to tests/test1165.pl index 99f5436af..b6f3179cf 100644 --- a/tests/disable-scan.pl +++ b/tests/test1165.pl @@ -29,6 +29,8 @@ use warnings; # the DISABLE options that can be set by configure my %disable; +# the DISABLE options that can be set by CMakeLists.txt +my %disable_cmake; # the DISABLE options that are used in C files my %file; # the DISABLE options that are documented @@ -61,6 +63,24 @@ sub scan_configure { } } +sub scanconf_cmake { + my ($f)=@_; + open S, "<$f"; + while() { + if(/(CURL_DISABLE_[A-Z_]+)/g) { + my ($sym)=($1); + if(not $sym =~ /(CURL_DISABLE_INSTALL|CURL_DISABLE_TESTS|CURL_DISABLE_SRP)/) { + $disable_cmake{$sym} = 1; + } + } + } + close S; +} + +sub scan_cmake { + scanconf_cmake("$root/CMakeLists.txt"); +} + sub scan_file { my ($source)=@_; open F, "<$source"; @@ -104,6 +124,7 @@ sub scan_docs { } scan_configure(); +scan_cmake(); scan_sources(); scan_docs(); @@ -121,12 +142,28 @@ for my $s (sort keys %disable) { } } +# Check the CMakeLists.txt symbols for use in code +for my $s (sort keys %disable_cmake) { + if(!$file{$s}) { + printf "Present in CMakeLists.txt, not used by code: %s\n", $s; + $error++; + } + if(!$docs{$s}) { + printf "Present in CMakeLists.txt, not documented in $DOCS: %s\n", $s; + $error++; + } +} + # Check the code symbols for use in configure for my $s (sort keys %file) { if(!$disable{$s}) { printf "Not set by configure: %s (%s)\n", $s, $file{$s}; $error++; } + if(!$disable_cmake{$s}) { + printf "Not set by CMakeLists.txt: %s (%s)\n", $s, $file{$s}; + $error++; + } if(!$docs{$s}) { printf "Used in code, not documented in $DOCS: %s\n", $s; $error++; @@ -139,6 +176,10 @@ for my $s (sort keys %docs) { printf "Documented but not in configure: %s\n", $s; $error++; } + if(!$disable_cmake{$s}) { + printf "Documented but not in CMakeLists.txt: %s\n", $s; + $error++; + } if(!$file{$s}) { printf "Documented, but not used by code: %s\n", $s; $error++; diff --git a/tests/badsymbols.pl b/tests/test1167.pl similarity index 100% rename from tests/badsymbols.pl rename to tests/test1167.pl diff --git a/tests/manpage-syntax.pl b/tests/test1173.pl similarity index 100% rename from tests/manpage-syntax.pl rename to tests/test1173.pl diff --git a/tests/error-codes.pl b/tests/test1175.pl similarity index 100% rename from tests/error-codes.pl rename to tests/test1175.pl diff --git a/tests/version-scan.pl b/tests/test1177.pl similarity index 96% rename from tests/version-scan.pl rename to tests/test1177.pl index 3c055d9b3..e989e3a89 100644 --- a/tests/version-scan.pl +++ b/tests/test1177.pl @@ -44,7 +44,7 @@ while(<$m>) { if($_ =~ / mask bit: (CURL_VERSION_[A-Z0-9_]+)/i) { $manversion{$1}++; } - if($_ =~ /^\.ip """([^"]+)"""/i) { + if($_ =~ /^\.ip (.*)/i) { $manname{$1}++; } } @@ -85,7 +85,7 @@ for my $n (keys %sourcename) { } } for my $n (keys %manname) { - if(!$sourcename{$n}) { + if(!$sourcename{$n} && ($n ne "\"no name\"")) { print STDERR "$manpage: $n is not in the source!\n"; $error++; } diff --git a/tests/check-deprecated.pl b/tests/test1222.pl similarity index 100% rename from tests/check-deprecated.pl rename to tests/test1222.pl diff --git a/tests/markdown-uppercase.pl b/tests/test1275.pl similarity index 78% rename from tests/markdown-uppercase.pl rename to tests/test1275.pl index 707f286cc..082946a22 100644 --- a/tests/markdown-uppercase.pl +++ b/tests/test1275.pl @@ -30,7 +30,8 @@ my @m = `git ls-files -- $root`; my $errors; my %accepted=('curl' => 1, - 'libcurl' => 1); + 'libcurl' => 1, + 'c-ares' => 1); sub checkfile { my ($f) = @_; @@ -39,20 +40,35 @@ sub checkfile { return; } open(my $fh, "<", "$f"); - my $l = 1; + my $l; my $prevl; my $ignore = 0; + my $metadata = 0; while(<$fh>) { my $line = $_; chomp $line; + $l++; + if(($l == 1) && ($line =~ /^---/)) { + # first line is a meta-data divider, skip to the next one + $metadata = 1; + print STDERR "skip meta-data in $f\n"; + next; + } + elsif($metadata) { + if($line !~ /^---/) { + next; + } + $metadata = 0; + next; + } if($line =~ /^(\`\`\`|\~\~\~)/) { # start or stop ignore-mode $ignore ^= 1; } if(!$ignore) { - if(($prevl =~ /\.\z/) && ($line =~ /^( *)([a-z]+)/)) { + if(($prevl =~ /\.\z/) && ($line =~ /^( *)([a-z-]+)/)) { my ($prefix, $word) = ($1, $2); - if(!$accepted{$word}) { + if($word =~ /^[a-z]/ && !$accepted{$word}) { my $c = length($prefix); print STDERR "$f:$l:$c:error: lowercase $word after period\n"; @@ -62,14 +78,16 @@ sub checkfile { $errors++; } } - elsif($line =~ /^(.*)\. +([a-z]+)/) { + elsif($line =~ /^(.*)\. +([a-z-]+)/) { my ($prefix, $word) = ($1, $2); if(($prefix =~ /\.\.\z/) || ($prefix =~ /[0-9]\z/) || ($prefix =~ /e.g\z/) || ($prefix =~ /i.e\z/) || + ($prefix =~ /E.g\z/) || ($prefix =~ /etc\z/) || + ($word !~ /^[a-z]/) || $accepted{$word}) { } else { @@ -84,7 +102,6 @@ sub checkfile { } } $prevl = $line; - $l++; } close($fh); } diff --git a/tests/option-check.pl b/tests/test1276.pl similarity index 100% rename from tests/option-check.pl rename to tests/test1276.pl diff --git a/tests/test1477.pl b/tests/test1477.pl new file mode 100755 index 000000000..ad564b26d --- /dev/null +++ b/tests/test1477.pl @@ -0,0 +1,100 @@ +#!/usr/bin/env perl +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +# Check that libcurl-errors.3 and the public header files have the same set of +# error codes. + +use strict; +use warnings; + +# we may get the dir roots pointed out +my $root=$ARGV[0] || "."; +my $buildroot=$ARGV[1] || "."; +my $manpge = "$buildroot/docs/libcurl/libcurl-errors.3"; +my $curlh = "$root/include/curl"; +my $errors=0; + +my @hnames; +my %wherefrom; +my @mnames; +my %manfrom; + +sub scanheader { + my ($file)=@_; + open H, "<$file"; + my $line = 0; + while() { + $line++; + if($_ =~ /^ (CURL(E|UE|SHE|HE|M)_[A-Z0-9_]*)/) { + my ($name)=($1); + if(($name !~ /OBSOLETE/) && ($name !~ /_LAST\z/)) { + push @hnames, $name; + if($wherefrom{$name}) { + print STDERR "double: $name\n"; + } + $wherefrom{$name}="$file:$line"; + } + } + } + close(H); +} + +sub scanmanpage { + my ($file)=@_; + open H, "<$file"; + my $line = 0; + while() { + $line++; + if($_ =~ /^\.IP \"(CURL(E|UE|SHE|HE|M)_[A-Z0-9_]*)/) { + my ($name)=($1); + push @mnames, $name; + $manfrom{$name}="$file:$line"; + } + } + close(H); +} + + +opendir(my $dh, $curlh) || die "Can't opendir $curlh: $!"; +my @hfiles = grep { /\.h$/ } readdir($dh); +closedir $dh; + +for(sort @hfiles) { + scanheader("$curlh/$_"); +} +scanmanpage($manpge); + +print "Result\n"; +for my $h (sort @hnames) { + if(!$manfrom{$h}) { + printf "$h from %s, not in man page\n", $wherefrom{$h}; + } +} + +for my $m (sort @mnames) { + if(!$wherefrom{$m}) { + printf "$m from %s, not in any header\n", $manfrom{$m}; + } +} diff --git a/tests/check-translatable-options.pl b/tests/test1544.pl similarity index 100% rename from tests/check-translatable-options.pl rename to tests/test1544.pl diff --git a/tests/options-scan.pl b/tests/test971.pl similarity index 95% rename from tests/options-scan.pl rename to tests/test971.pl index 2014dc4f6..1aeed9d48 100644 --- a/tests/options-scan.pl +++ b/tests/test971.pl @@ -37,11 +37,11 @@ sub cmdfiles { my ($dir)=@_; opendir(my $dh, $dir) || die "Can't opendir $dir: $!"; - my @opts = grep { /\.d$/ && -f "$dir/$_" } readdir($dh); + my @opts = grep { /[a-z0-9].*\.md$/ && -f "$dir/$_" } readdir($dh); closedir $dh; for(@opts) { - $_ =~ s/\.d$//; + $_ =~ s/\.md$//; $file{$_}=1; } return @opts; @@ -77,7 +77,7 @@ sub mentions { sub versioncheck { my ($f, $v)=@_; - open(my $fh, "<", "$cmddir/$f.d"); + open(my $fh, "<", "$cmddir/$f.md"); while(<$fh>) { chomp; if(/^Added: ([0-9.]+)/) { diff --git a/tests/testutil.pm b/tests/testutil.pm index ece0b6e05..1a44083e1 100644 --- a/tests/testutil.pm +++ b/tests/testutil.pm @@ -94,6 +94,15 @@ sub clearlogs { ####################################################################### + +sub includefile { + my ($f) = @_; + open(F, "<$f"); + my @a = ; + close(F); + return join("", @a); +} + sub subbase64 { my ($thing) = @_; @@ -113,6 +122,7 @@ sub subbase64 { $d =~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg; $$thing =~ s/%%HEX%%/$d/; } + # repeat while($$thing =~ s/%repeat\[(\d+) x (.*?)\]%/%%REPEAT%%/i) { # decode %NN characters my ($d, $n) = ($2, $1); @@ -120,6 +130,9 @@ sub subbase64 { my $all = $d x $n; $$thing =~ s/%%REPEAT%%/$all/; } + + # include a file + $$thing =~ s/%include ([^%]*)%[\n\r]+/includefile($1)/ge; } my $prevupdate; # module scope so it remembers the last value diff --git a/tests/unit/curlcheck.h b/tests/unit/curlcheck.h index 756f76e36..928964422 100644 --- a/tests/unit/curlcheck.h +++ b/tests/unit/curlcheck.h @@ -93,8 +93,6 @@ } while(0) -extern int unitfail; - #define UNITTEST_START \ int test(char *arg) \ { \ diff --git a/tests/unit/unit1394.c b/tests/unit/unit1394.c index e4e998184..ef398ab22 100644 --- a/tests/unit/unit1394.c +++ b/tests/unit/unit1394.c @@ -61,7 +61,7 @@ UNITTEST_START "pkcs11:foobar", "pkcs11:foobar", NULL, "PKCS11:foobar", "PKCS11:foobar", NULL, "PkCs11:foobar", "PkCs11:foobar", NULL, -#ifdef WIN32 +#ifdef _WIN32 "c:\\foo:bar:baz", "c:\\foo", "bar:baz", "c:\\foo\\:bar:baz", "c:\\foo:bar", "baz", "c:\\foo\\\\:bar:baz", "c:\\foo\\", "bar:baz", diff --git a/tests/unit/unit1395.c b/tests/unit/unit1395.c index d01403f33..017b45a0e 100644 --- a/tests/unit/unit1395.c +++ b/tests/unit/unit1395.c @@ -83,15 +83,17 @@ UNITTEST_START abort_unless(err == 0, "returned error"); abort_if(err && out, "returned error with output"); - if(out && strcmp(out, pairs[i].output)) { + if(out && pairs[i].output && strcmp(out, pairs[i].output)) { fprintf(stderr, "Test %u: '%s' gave '%s' instead of '%s'\n", i, pairs[i].input, out, pairs[i].output); fail("Test case output mismatched"); fails++; } - else if(!out && pairs[i].output) { - fprintf(stderr, "Test %u: '%s' gave '%s' instead of NULL\n", - i, pairs[i].input, out); + else if((!out && pairs[i].output) || + (out && !pairs[i].output)) { + fprintf(stderr, "Test %u: '%s' gave '%s' instead of '%s'\n", + i, pairs[i].input, out ? out : "(null)", + pairs[i].output ? pairs[i].output : "(null)"); fail("Test case output mismatched"); fails++; } diff --git a/tests/unit/unit1398.c b/tests/unit/unit1398.c index bf8af12d3..4283a8d1b 100644 --- a/tests/unit/unit1398.c +++ b/tests/unit/unit1398.c @@ -92,7 +92,7 @@ fail_unless(rc == 15, "return code should be 15"); fail_unless(!strcmp(output, " 1234 567"), "wrong output"); /* double precision */ -rc = curl_msnprintf(output, 24, "%.*1$.99d", 3, 5678); +rc = curl_msnprintf(output, 24, "%2$.*1$.99d", 3, 5678); fail_unless(rc == 0, "return code should be 0"); UNITTEST_STOP diff --git a/tests/unit/unit1604.c b/tests/unit/unit1604.c index 411b94a02..cba3dfcf6 100644 --- a/tests/unit/unit1604.c +++ b/tests/unit/unit1604.c @@ -42,7 +42,7 @@ static void unit_stop(void) } -#if defined(MSDOS) || defined(WIN32) +#if defined(_WIN32) || defined(MSDOS) static char *getflagstr(int flags) { @@ -353,6 +353,6 @@ UNITTEST_START { fprintf(stderr, "Skipped test not for this platform\n"); } -#endif /* MSDOS || WIN32 */ +#endif /* _WIN32 || MSDOS */ UNITTEST_STOP diff --git a/tests/unit/unit1651.c b/tests/unit/unit1651.c index 58d2f1076..63f339394 100644 --- a/tests/unit/unit1651.c +++ b/tests/unit/unit1651.c @@ -368,7 +368,7 @@ UNITTEST_START happens */ for(byte = 1 ; byte < 255; byte += 17) { for(i = 0; i < 45; i++) { - char backup = cert[i]; + unsigned char backup = cert[i]; cert[i] = (unsigned char) (byte & 0xff); (void) Curl_extract_certinfo(data, 0, beg, end); cert[i] = backup; diff --git a/tests/unit/unit1652.c b/tests/unit/unit1652.c index ef2726216..68ddec3ea 100644 --- a/tests/unit/unit1652.c +++ b/tests/unit/unit1652.c @@ -21,6 +21,8 @@ * SPDX-License-Identifier: curl * ***************************************************************************/ +#define CURL_NO_FMT_CHECKS + #include "curlcheck.h" #include "urldata.h" @@ -105,7 +107,7 @@ fail_unless(verify(result, "Simple Test 42 testing 43\n") == 0, /* Variations of empty strings */ Curl_infof(data, ""); fail_unless(strlen(result) == 1, "Empty string"); -Curl_infof(data, "%s", NULL); +Curl_infof(data, "%s", (char *)NULL); fail_unless(verify(result, "(nil)") == 0, "Passing NULL as string"); /* A string just long enough to not be truncated */ diff --git a/tests/unit/unit2600.c b/tests/unit/unit2600.c index d7b1efdd7..a2089b275 100644 --- a/tests/unit/unit2600.c +++ b/tests/unit/unit2600.c @@ -124,7 +124,7 @@ static void cf_test_destroy(struct Curl_cfilter *cf, struct Curl_easy *data) struct cf_test_ctx *ctx = cf->ctx; #ifndef CURL_DISABLE_VERBOSE_STRINGS infof(data, "%04dms: cf[%s] destroyed", - (int)Curl_timediff(Curl_now(), current_tr->started), ctx->id); + (int)Curl_timediff(Curl_now(), current_tr->started), ctx->id); #else (void)data; #endif @@ -145,7 +145,7 @@ static CURLcode cf_test_connect(struct Curl_cfilter *cf, duration_ms = Curl_timediff(Curl_now(), ctx->started); if(duration_ms >= ctx->fail_delay_ms) { infof(data, "%04dms: cf[%s] fail delay reached", - (int)duration_ms, ctx->id); + (int)duration_ms, ctx->id); return CURLE_COULDNT_CONNECT; } if(duration_ms) @@ -162,7 +162,7 @@ static struct Curl_cftype cft_test = { cf_test_connect, Curl_cf_def_close, Curl_cf_def_get_host, - Curl_cf_def_get_select_socks, + Curl_cf_def_adjust_pollset, Curl_cf_def_data_pending, Curl_cf_def_send, Curl_cf_def_recv, @@ -185,7 +185,7 @@ static CURLcode cf_test_create(struct Curl_cfilter **pcf, (void)data; (void)conn; - ctx = calloc(sizeof(*ctx), 1); + ctx = calloc(1, sizeof(*ctx)); if(!ctx) { result = CURLE_OUT_OF_MEMORY; goto out; diff --git a/tests/unit/unit3200.c b/tests/unit/unit3200.c index eff566772..0544bcc93 100644 --- a/tests/unit/unit3200.c +++ b/tests/unit/unit3200.c @@ -47,6 +47,7 @@ static CURLcode unit_stop(void) } #ifdef __GNUC__ +#pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Woverlength-strings" #endif @@ -161,6 +162,10 @@ UNITTEST_START } UNITTEST_STOP +#ifdef __GNUC__ +#pragma GCC diagnostic pop +#endif + #else static CURLcode unit_setup(void) { -- Gitee From babf3ef6111234c928bea7a22b365f17024d5e81 Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Tue, 19 Mar 2024 16:44:36 +0800 Subject: [PATCH 2/4] 8.6.0 Signed-off-by: liuxiyao223 --- lib/curl_ntlm_wb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/curl_ntlm_wb.c b/lib/curl_ntlm_wb.c index 0c7892ab7..acb009395 100644 --- a/lib/curl_ntlm_wb.c +++ b/lib/curl_ntlm_wb.c @@ -266,7 +266,7 @@ static CURLcode ntlm_wb_response(struct Curl_easy *data, struct ntlmdata *ntlm, size_t len_in = strlen(input), len_out = 0; struct dynbuf b; char *ptr = NULL; - usigned char buf[1024] + unsigned char buf[1024]; Curl_dyn_init(&b, MAX_NTLM_WB_RESPONSE); while(len_in > 0) { -- Gitee From 479110d8be53aada7f5a61ee3030e67822338719 Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Sat, 23 Mar 2024 17:19:19 +0800 Subject: [PATCH 3/4] Add and modify 8. 6. 0 Signed-off-by: liuxiyao223 --- CHANGES | 13019 +++++++++++++------------ Makefile | 21 - Makefile.in | 154 +- configure | 2167 +++-- docs/Makefile.in | 59 +- docs/cmdline-opts/Makefile.in | 552 +- docs/examples/Makefile.in | 225 +- docs/libcurl/Makefile.in | 450 +- docs/libcurl/opts/Makefile.in | 54 +- include/Makefile.in | 5 + include/curl/Makefile.in | 5 + include/curl/curlver.h | 6 +- lib/Makefile.in | 134 +- lib/curl_config.h.in | 46 +- lib/libcurl.plist | 6 +- packages/Makefile.in | 5 + packages/vms/Makefile.in | 5 + scripts/Makefile.in | 9 +- src/Makefile.in | 129 +- src/tool_hugehelp.c | 15511 +++++++++++++++--------------- src/tool_version.h | 2 +- tests/Makefile.in | 56 +- tests/certs/Makefile.in | 5 + tests/certs/scripts/Makefile.in | 5 + tests/data/Makefile.in | 26 +- tests/http/Makefile.in | 5 + tests/http/clients/Makefile.in | 5 + tests/libtest/Makefile.in | 779 +- tests/runtests.1 | 3 +- tests/server/Makefile.in | 5 + tests/testcurl.1 | 3 +- tests/unit/Makefile.in | 5 + 32 files changed, 17439 insertions(+), 16022 deletions(-) diff --git a/CHANGES b/CHANGES index 0a20ceace..7c89263dd 100644 --- a/CHANGES +++ b/CHANGES @@ -6,9540 +6,10691 @@ Changelog -Version 8.4.0 (11 Oct 2023) +Version 8.6.0 (31 Jan 2024) -Daniel Stenberg (11 Oct 2023) +Daniel Stenberg (31 Jan 2024) - RELEASE-NOTES: synced -- THANKS: add contributors from 8.4.0 + curl 8.6.0 -Jay Satiro (11 Oct 2023) +- THANKS: new contributors from 8.5.0 -- socks: return error if hostname too long for remote resolve +Jay Satiro (31 Jan 2024) - Prior to this change the state machine attempted to change the remote - resolve to a local resolve if the hostname was longer than 255 - characters. Unfortunately that did not work as intended and caused a - security issue. +- cd2nroff: use perl 'strict' and 'warnings' - Bug: https://curl.se/docs/CVE-2023-38545.html + - Use strict and warnings pragmas. -Stefan Eissing (10 Oct 2023) + - If open() fails then show the reason. -- CI: remove slowed-network tests + - Set STDIN io layer :crlf so that input is properly read on Windows. - - remove these tests as they are currently not reliable in our CI - setups. + - When STDIN is used as input, the filename $f is now set to "STDIN". - curl handles the test cases, but CI sometimes fails on these due to - additional conditions. Rather than mix them in, an additional CI job - will be added in the future that is specific to them. + Various error messages in single() use $f for the filename and this way + it is not undefined when STDIN. - Closes https://github.com/curl/curl/pull/12075 + Closes https://github.com/curl/curl/pull/12819 -Jay Satiro (10 Oct 2023) +Daniel Stenberg (30 Jan 2024) -- libcurl-env-dbg.3: move debug variables from libcurl-env.3 +- cd2nroff: fix duplicate output issue - - Move documentation of libcurl environment variables used only in debug - builds from libcurl-env into a separate document libcurl-env-dbg. + Assisted-by: Jay Satiro + Fixes https://github.com/curl/curl-www/issues/321 + Closes #12818 - - Document more debug environment variables. +- lib: error out on multissl + http3 - Previously undocumented or missing a description: + Since the QUIC/h3 code has no knowledge or handling of multissl it might + bring unintended consequences if we allow it. - CURL_ALTSVC_HTTP, CURL_DBG_SOCK_WBLOCK, CURL_DBG_SOCK_WPARTIAL, - CURL_DBG_QUIC_WBLOCK, CURL_DEBUG, CURL_DEBUG_SIZE, CURL_GETHOSTNAME, - CURL_HSTS_HTTP, CURL_FORCETIME, CURL_SMALLREQSEND, CURL_SMALLSENDS, - CURL_TIME. + configure, cmake and curl_setup.h all now reject this combination. - Closes https://github.com/curl/curl/pull/11811 + Assisted-by: Viktor Szakats + Assisted-by: Gisle Vanem + Ref: #12806 + Closes #12807 -Dan Fandrich (9 Oct 2023) +Patrick Monnerat (29 Jan 2024) -- test670: increase the test timeout +- OS400: sync ILE/RPG binding - This should make it more immune to loaded servers. + Also do not force git CRLF line endings on *.cmd files for OS400. - Ref: #11328 + Closes #12815 -Stefan Eissing (9 Oct 2023) +Viktor Szakats (28 Jan 2024) -- MQTT: improve receive of ACKs +- build: delete/replace 3 more clang warning pragmas - - add `mq->recvbuf` to provide buffering of incomplete - ACK responses - - continue ACK reading until sufficient bytes available - - fixes test failures on low network receives + - tool_msgs: delete redundant `-Wformat-nonliteral` suppression pragma. - Closes #12071 + - whitespace formatting in `mprintf.h`, lib518, lib537. -Viktor Szakats (9 Oct 2023) + - lib518: fix wrong variable in `sizeof()`. -- quic: fix BoringSSL build + - lib518: bump variables to `rlim_t`. + Follow-up to e2b394106d543c4615a60795b7fdce04bd4e5090 #1469 - Add guard around `SSL_CTX_set_ciphersuites()` use. + - lib518: sync error message with lib537 + Follow-up to 365322b8bcf9efb6a361473d227b70f2032212ce - Bug: https://github.com/curl/curl/pull/12065#issuecomment-1752171885 + - lib518, lib537: replace `-Wformat-nonliteral` suppression pragmas + by reworking test code. - Follow-up to aa9a6a177017e4b74d33cdf85a3594900f4a7f81 + Follow-up to 5b286c250829e06a135a6ba998e80beb7f43a734 #12812 + Follow-up to aee4ebe59161d0a5281743f96e7738ad97fe1cd4 #12803 + Follow-up to 09230127589eccc7e01c1a7217787ef8e64f3328 #12540 + Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489 - Co-authored-by: Jay Satiro Reviewed-by: Daniel Stenberg - Closes #12067 + Closes #12814 -Stefan Eissing (9 Oct 2023) +Richard Levitte (27 Jan 2024) -- test1540: improve reliability +- cmake: freshen up docs/INSTALL.cmake - - print that bytes have been received on pausing, but not how many + - Turn docs/INSTALL.cmake into a proper markdown file, + docs/INSTALL-CMAKE.md + - Move things around to divide the description into configuration, + building and installing sections + - Mention the more modern cmake options to configure, build and install, + but also retain the older variants as fallbacks - Closes #12069 + Closes #12772 -- test2302: improve reliability +Viktor Szakats (27 Jan 2024) - - make result print collected write data, unless - change in meta flags is detected - - will show same result even when data arrives via - several writecb invocations +- build: delete/replace clang warning pragmas - Closes #12068 + - delete redundant warning suppressions for `-Wformat-nonliteral`. + This now relies on `CURL_PRINTF()` and it's theoratically possible + that this macro isn't active but the warning is. We're ignoring this + as a corner-case here. -Daniel Stenberg (9 Oct 2023) + - replace two pragmas with code changes to avoid the warnings. -- curl_easy_pause: set "in callback" true on exit if true + Follow-up to aee4ebe59161d0a5281743f96e7738ad97fe1cd4 #12803 + Follow-up to 09230127589eccc7e01c1a7217787ef8e64f3328 #12540 + Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489 - Because it might have called another callback in the mean time that then - set the bit FALSE on exit. + Reviewed-by: Daniel Stenberg + Closes #12812 - Reported-by: Jay Satiro - Fixes #12059 - Closes #12061 +Daniel Stenberg (27 Jan 2024) -Viktor Szakats (8 Oct 2023) +- RELEASE-NOTES: synced -- h3: add support for ngtcp2 with AWS-LC builds +- http: only act on 101 responses when they are HTTP/1.1 - ``` - curl 8.4.0-DEV (x86_64-apple-darwin) libcurl/8.4.0-DEV (SecureTransport) AWS- - LC/1.15.0 nghttp2/1.56.0 ngtcp2/0.19.1 nghttp3/0.15.0 - Release-Date: [unreleased] - Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps - mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss - Features: alt-svc AsynchDNS HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefile Multi - SSL NTLM SSL threadsafe UnixSockets - ``` + For 101 responses claiming to be any other protocol, bail out. This + would previously trigger an assert. - Also delete an obsolete GnuTLS TODO and update the header comment in - `FindNGTCP2.cmake`. + Add test 1704 to verify. - Reviewed-by: Daniel Stenberg - Closes #12066 + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66184 + Closes #12811 -- build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros +Scarlett McAllister (27 Jan 2024) - Syncing this up with CMake. +- _VARIABLES.md: add missing 'be' into the sentence - Source code uses the built-in `OPENSSL_IS_AWSLC` and - `OPENSSL_IS_BORINSSL` macros to detect BoringSSL and AWS-LC. No help is - necessary from the build tools. + Closes #12809 - The one use of `HAVE_BORINGSSL` in the source turned out to be no longer - necessary for warning-free BoringSSL + Schannel builds. Ref: #1610 #2634 +Stefan Eissing (27 Jan 2024) - autotools detects this anyway for display purposes. - CMake detects this to decide whether to use the BoringSSL-specific - crypto lib with ngtcp2. It detects AWS-LC, but doesn't use the detection - result just yet (planned in #12066). +- mqtt, remove remaining use of data->state.buffer - Ref: #11964 + Closes #12799 - Reviewed-by: Daniel Stenberg - Reviewed-by: Jay Satiro - Closes #12065 +Daniel Stenberg (27 Jan 2024) -Marc Hoersken (8 Oct 2023) +- x509asn1: switch from malloc to dynbuf -- CI: move distcheck job from Azure Pipelines to GitHub Actions + Closes #12808 - This will allow for more trigger excludes within Azure Pipelines. +- x509asn1: make utf8asn1str() use dynbuf instead of malloc + memcpy - Also fixes seemingly broken check with scripts/installcheck.sh. - Ref: 190374c74ec4e5247d9066544c86e8d095e1d7b5 + Closes #12808 - Assisted-by: Philip Heiduck - Closes #9532 +- x509asn1: reduce malloc in Curl_extract_certinfo -Daniel Stenberg (8 Oct 2023) + Using dynbuf -- url: fall back to http/https proxy env-variable if ws/wss not set + Closes #12808 - Reported-by: Craig Andrews - Fixes #12031 - Closes #12058 +Jay Satiro (27 Jan 2024) -Stefan Eissing (8 Oct 2023) +- THANKS: add Alexander Bartel and Brennan Kinney -- cf-socket: simulate slow/blocked receives in debug + They reported and investigated #10259 which was fixed by 7b2d98df. - add 2 env variables for non-UDP sockets: - 1. CURL_DBG_SOCK_RBLOCK: percentage of receive calls that randomly - should return EAGAIN - 2. CURL_DBG_SOCK_RMAX: max amount of bytes read from socket + Ref: https://github.com/curl/curl/issues/10259 - Closes #12035 +Daniel Stenberg (26 Jan 2024) -- http2: refused stream handling for retry +- krb5: add prototype to silence clang warnings on mvsnprintf() - - answer HTTP/2 streams refused via a GOAWAY from the server to - respond with CURLE_RECV_ERROR in order to trigger a retry - on another connection + "error: format string is not a string literal" - Reported-by: black-desk on github - Ref #11859 - Closes #12054 + Follow-up to 09230127589eccc7 which made the warning appear -Jay Satiro (8 Oct 2023) + Assisted-by: Viktor Szakats + Closes #12803 -- CURLOPT_DEBUGFUNCTION.3: warn about internal handles +- x509asn1: remove code for WANT_VERIFYHOST - - Warn that the user's debug callback may be called with the handle - parameter set to an internal handle. + No code ever sets this anymore since we dropped gskit - Without this warning the user may assume that the only handles their - debug callback receives are the easy handles on which they set - CURLOPT_DEBUGFUNCTION. + Follow-up to 78d6232f1f326b9ab4d - This is a follow-up to f8cee8cc which changed DoH handles to inherit - the debug callback function set in the user's easy handle. As a result - those handles are now passed to the user's debug callback function. + Closes #12804 - Closes https://github.com/curl/curl/pull/12034 +- socks: reduce the buffer size to 600 (from 8K) -- url: fix typo + This is malloc'ed memory and it does not more. Test 742 helps us verify + this. -Daniel Stenberg (8 Oct 2023) + Closes #12789 -- test458: verify --expand-output, expanding a file name accepting option +Stefan Eissing (26 Jan 2024) - Verifies the fix in #12055 (commit f2c8086ff15e6e995e1) +- file+ftp: use stack buffers instead of data->state.buffer -- tool_getparam: accept variable expansion on file names too + Closes #12789 - Reported-by: PBudmark on github - Fixes #12048 - Closes #12055 +- vtls: receive max buffer -- RELEASE-NOTES: synced + - do not only receive one TLS record, but try to fill + the passed buffer + - consider <4K remaning space is "filled". -- multi: do CURLM_CALL_MULTI_PERFORM at two more places + Closes #12801 - ... when it does a state transition but there is no particular socket or - timer activity. This was made apparent when commit b5bb84c removed a - superfluous timer expiry. +Daniel Stenberg (26 Jan 2024) - Reported-by: Dan Fandrich. - Fixes #12033 - Closes #12056 +- docs: do not start lines/sentences with So, But nor And -Viktor Szakats (7 Oct 2023) + Closes #12802 -- GHA/linux: mbedtls 3.5.0 + minor dep bumps +- docs: remove spurious ampersands from markdown - Closes #12057 + They were leftovers from the nroff conversion. -Dan Fandrich (7 Oct 2023) + Follow-up to eefcc1bda4bccd800f5a5 -- CI: bump OpenLDAP package version on FreeBSD + Closes #12800 - The old one is no longer available. +Patrick Monnerat (26 Jan 2024) -Marc Hoersken (7 Oct 2023) +- sasl: make login option string override http auth -- docs/libcurl/opts/Makefile.inc: add missing manpage files + - Use http authentication mechanisms as a default, not a preset. - Detected with #9532 + Consider http authentication options which are mapped to SASL options as + a default (overriding the hardcoded default mask for the protocol) that + is ignored if a login option string is given. -Dan Fandrich (7 Oct 2023) + Prior to this change, if some HTTP auth options were given, sasl mapped + http authentication options to sasl ones but merged them with the login + options. -- tests: fix a race condition in ftp server disconnect + That caused problems with the cli tool that sets the http login option + CURLAUTH_BEARER as a side-effect of --oauth2-bearer, because this flag + maps to more than one sasl mechanisms and the latter cannot be cleared + individually by the login options string. - If a client disconnected and reconnected quickly, before the ftp server - had a chance to respond, the protocol message/ack (ping/pong) sequence - got out of sync, causing messages sent to the old client to be delivered - to the new. A disconnect must now be acknowledged and intermediate - requests thrown out until it is, which ensures that such synchronization - problems can't occur. This problem could affect ftp, pop3, imap and smtp - tests. + New test 992 checks this. - Fixes #12002 - Closes #12049 + Fixes https://github.com/curl/curl/issues/10259 + Closes https://github.com/curl/curl/pull/12790 -Viktor Szakats (7 Oct 2023) +Stefan Eissing (26 Jan 2024) -- appveyor: bump mingw-w64 job to gcc 13 (was: 8) +- socks: use own buffer instead of data->state.buffer - This sets gcc 6, 7, 9, 13 in our test mix (was: 6, 7, 8, 9). - Adding a modern gcc version to the tests. + Closes #12788 - (The gcc 8 job used to take around 50 minutes. The new image with gcc 13 - finished in 32, 35, 34 minutes in the 3 test runs so far.) +Daniel Stenberg (26 Jan 2024) - It also adds a modern CMake version and OS env to our mingw-w64 builds. +- socks: fix generic output string to say SOCKS instead of SOCKS4 - Closes #12051 + ... since it was also logged for SOCKS5. -David Benjamin (6 Oct 2023) + Closes #12797 -- openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR +- test742: test SOCKS5 with max length user, password and hostname - While the struct is still public in OpenSSL, there is a (somewhat - inconvenient) accessor. Use it to remain compatible if it becomes opaque - in the future. + Adjusted the socksd server accordingly to allow for configuring that + long user name and password. - Closes #12038 + Closes #12797 -Daniel Stenberg (6 Oct 2023) +Stefan Eissing (25 Jan 2024) -- curl_easy_pause.3: mention it works within callbacks +- ssh: use stack scratch buffer for seeks - Reported-by: Maxim Dzhura - Bug: https://curl.se/mail/lib-2023-10/0010.html - Closes #12046 + - instead of data->state.buffer -- curl_easy_pause.3: mention h2/h3 buffering + Closes #12794 - Asked-by: Maxim Dzhura - Ref: https://curl.se/mail/lib-2023-10/0011.html +Daniel Stenberg (25 Jan 2024) - Closes #12045 +- krb5: access the response buffer correctly -Viktor Szakats (6 Oct 2023) + As the pingpong code no longer uses the download buffer. -- cmake: re-add missed C89 headers for specific detections + Folllow-up to c2d973627bab12ab + Pointed-out-by: Stefan Eissing + Closes #12796 - We removed C89 `setjmp.h` and `signal.h` detections and excluded them - from the global header list we use when detecting functions [1]. Then - missed to re-add these headers to the specific functions which need - them to be detected [2]. Fix this omission in this patch. +Stefan Eissing (25 Jan 2024) - [1] Follow-up to 3795fcde995d96db641ddbcc8a04f9f0f03bef9f #11951 - [2] Follow-up to 96c29900bcec32dd6bc8e9857c8871ff4b8b8ed9 #11940 +- mqtt: use stack scratch buffer for recv+publish - Closes #12043 + - instead of data->state.buffer -Daniel Stenberg (6 Oct 2023) + Closes #12792 -- multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE +- telnet, use stack scratch buffer for do - Since there is nothing to wait for there. Avoids the test 1233 hang - reported in #12033. + - instead of data->state.buffer - Reported-by: Dan Fandrich - Closes #12042 + Closes #12793 -Dan Fandrich (5 Oct 2023) +- http, use stack scratch buffer -- test1903: actually verify the cookies after the test + - instead of data->state.buffer - The test otherwise could do just about anything (except leak memory in - debug mode) and its bad behaviour wouldn't be detected. Now, check the - resulting cookie file to ensure the cookies are still there. + Closes #12791 - Closes #12041 +- ntlm_wb: do not use data->state.buf any longer -- test: add missing s + Closes #12787 - The tests will otherwise fail if curl has them disabled. +- gitignore: the generated `libcurl-symbols.md` -- test1906: set a lower timeout since it's hit on Windows + Closes #12795 - msys2 builds actually hit the connect timeout in normal operation, so - lower the timeout from 5 minutes to 5 seconds to reduce test time. +Daniel Stenberg (25 Jan 2024) - Ref: #11328 - Closes #12036 +- tool: fix the listhelp generation command -Daniel Stenberg (5 Oct 2023) + The previous command line to generate the tool_listhelp.c source file + broke with 2494b8dd5175cee7. -- RELEASE-NOTES: synced + Make 'make listhelp' invoked in src/ generate it. Also update the + comment in the file to mention the right procedure. -Jay Satiro (5 Oct 2023) + Closes #12786 -- idn: fix WinIDN null ptr deref on bad host +- http: check for "Host:" case insensitively - - Return CURLE_URL_MALFORMAT if IDN hostname cannot be converted from - UTF-8 to UTF-16. + When checking if the user wants to replace the header, the check should + be case insensitive. - Prior to this change a failed conversion erroneously returned CURLE_OK - which meant 'decoded' pointer (what would normally point to the - punycode) would not be written to, remain NULL and be dereferenced - causing an access violation. + Adding test 461 to verify - Closes https://github.com/curl/curl/pull/11983 + Found-by: Dan Fandrich + Ref: #12782 + Closes #12784 -Dan Fandrich (4 Oct 2023) +Tatsuhiro Tsujikawa (25 Jan 2024) -- tests: close the shell used to start sshd +- configure: add libngtcp2_crypto_boringssl detection - This shell isn't needed once sshd starts, so use "exec" so it doesn't - stick around. + If OpenSSL is found to be BoringSSL or AWS-LC, and ngtcp2 is requested, + try to detect libngtcp2_crypto_boringssl. - Closes #12032 + Reported-by: ウã•ã‚“ + Fixes #12724 + Closes #12769 -Daniel Stenberg (4 Oct 2023) +Daniel Stenberg (25 Jan 2024) -- base64: also build for curl +- http: remove comment reference to a removed solution - Since the tool itself now uses the base64 code using the curlx way, it - needs to build also when the tool needs it. Starting now, the tool build - defines BULDING_CURL to allow lib-side code to use it. + Follow-up to 58974d25d - Follow-up to 2e160c9c6525 + Closes #12785 - Closes #12010 +Stefan Eissing (25 Jan 2024) -Eduard Strehlau (4 Oct 2023) +- pytest: Scorecard tracking CPU and RSS -- tests: Fix zombie processes left behind by FTP tests. + Closes #12765 - ftpserver.pl correctly cleans up spawned server processes, - but forgets to wait for the shell used to spawn them. - This is barely noticeable during a normal testrun, - but causes process exhaustion and test failure - during a complete torture run of the FTP tests. +Graham Campbell (25 Jan 2024) - Fixes #12018 - Closes #12020 +- GHA: bump ngtcp2, gnutls, mod_h2, quiche -Dan Fandrich (4 Oct 2023) + - ngtcp2 to v1.2.0 + - gnutls to 3.8.3 + - mod_h2 to 2.0.26 + - quiche to 0.20.0 -- github/labeler: improve labeler matches + Closes #12778 + Closes #12779 + Closes #12780 + Closes #12781 -- test574: add a timeout to the test +Daniel Stenberg (25 Jan 2024) - This one hangs occasionally, so this will speed up a test run and allow - logs to be seen when it does. +- ftpserver.pl: send 213 SIZE response without spurious newline - Closes #12025 +- pingpong: stop using the download buffer -- tests: propagate errors in libtests + The pingpong logic now uses its own dynbuf for receiving command + response data. - Use the test macros to automatically propagate some errors, and check - and log others while running the tests. This can help in debugging - exactly why a test has failed. + When the "final" response header for a commanad has been received, that + final line is left first in the recvbuf for the protocols to parse at + will. If there is additional data behind the final response line, the + 'overflow' counter is indicate how many bytes. -- tests: set --expect100-timeout to improve test reliability + Closes #12757 - On an overloaded server, the default 1 second timeout can go by without - the test server having a chance to respond with the expected headers, - causing tests to fail. Increase the 1 second timeout to 99 seconds so - this failure mode is no longer a problem on test 1129. Some other tests - already set a high value, but make them consistently 99 seconds so if - something goes wrong the test is stalled for less time. +- gen.pl: remove bold from .IP used for ## - Ref: #11328 + Reported-by: Viktor Szakats + Fixes #12776 + Closes #12777 -- CI: ignore the "flaky" and "timing-dependent" test results in CMake +Viktor Szakats (24 Jan 2024) - This was already done for automake builds but CMake builds were missed. - Test 1086 actually causes the test harness to crash with: +- cmake: rework options to enable curl and libcurl docs - Warning: unable to close filehandle DWRITE properly: Broken pipe at C:/projec - ts/curl/tests/ftpserver.pl line 527 + Rework CMake options for building/using curl tool and libcurl manuals. - Rather than fix it now, this change leaves test 1086 entirely skipped on - those builds that show this problem. + - rename `ENABLE_MANUAL` to `ENABLE_CURL_MANUAL`, meaning: + to build man page and built-in manual for curl tool. - Follow-up to 589dca761 + - rename `BUILD_DOCS` to `BUILD_LIBCURL_DOCS`, meaning: + to build man pages for libcurl. - Ref: #11865 + - `BUILD_LIBCURL_DOCS` now works without having to enable + `ENABLE_CURL_MANUAL` too. -Viktor Szakats (4 Oct 2023) + - drop support for existing CMake-level `USE_MANUAL` option to avoid + confusion. (It used to work with the effect of current + `ENABLE_CURL_MANUAL`, but only by accident.) -- cmake: improve OpenLDAP builds + Assisted-by: Richard Levitte + Ref: #12771 + Closes #12773 - - cmake: detect OpenLDAP based on function `ldap_init_fd`. - autotools does this. autotools also publishes this detection result - in `HAVE_LDAP_INIT_FD`. We don't mimic that with CMake as the source - doesn't use this value. (it might need to be remove-listed in - `scripts/cmp-config.pl` for future OpenLDAP test builds.) - This also deletes existing self-declaration method via the - CMake-specific `CURL_USE_OPENLDAP` configuration. +Daniel Stenberg (24 Jan 2024) - - cmake: define `LDAP_DEPRECATED=1` for OpenLDAP. - Like autotools does. This fixes a long list of these warnings: - ``` - /usr/local/opt/openldap/include/ldap.h:1049:5: warning: 'LDAP_DEPRECATED' i - s not defined, evaluates to 0 [-Wundef] - ``` +- urlapi: remove assert - - cmake: delete LDAP TODO comment no longer relevant. + This assert triggers wrongly when CURLU_GUESS_SCHEME and + CURLU_NO_AUTHORITY are both set and the URL is a single path. - Also: + I think this assert has played out its role. It was introduced in a + rather big refactor. - - autotools: replace domain name `dummy` with `0.0.0.0` in LDAP feature - detection functions. + Follow-up to 4cfa5bcc9a - Ref: #11964 (effort to sync cmake detections with autotools) + Reported-by: promptfuzz_ on hackerone + Closes #12775 - Closes #12024 +Patrick Monnerat (24 Jan 2024) -- cmake: fix unity builds for more build combinations +- tests: avoid int/size_t conversion size/sign warnings - By using unique static function/variable names in source files - implementing these interfaces. + Closes #12768 - - OpenLDAP combined with any SSH backend. +Daniel Stenberg (24 Jan 2024) - - MultiSSL with mbedTLS, OpenSSL, wolfSSL, SecureTransport. +- GHA: add a job scanning for "bad words" in markdown - Closes #12027 + This means words, phrases or things we have decided not to use - words that + are spelled right according to the dictionary but we want to avoid. In the + name of consistency and better documentation. -Daniel Stenberg (4 Oct 2023) + Closes #12764 -- tests: remove leading spaces from some tags +Viktor Szakats (23 Jan 2024) - The threee tags ``, `` and `` were frequently used - with a leading space that this removes. The reason this habbit is so - widespread in testcases is probably that they have been copy and pasted. +- cmake: speed up curldown processing, enable by default - Hence, fixing them all now might curb this practice from now on. + - cmake: enable `BUILD_DOCS` by default (this controls converting and + installing `.3` files from `.md` sources) - Closes #12028 + - cmake: speed up generating `.3` files by using a single command per + directory, instead of a single command per file. This reduces external + commands by about a thousand. (There remains some CMake logic kicking + in resulting in 500 -one per file- external `-E touch_nocreate` calls.) -Viktor Szakats (4 Oct 2023) + - cd2nroff: add ability to process multiple input files. -- GHA: bump actions/checkout + - cd2nroff: add `-k` option to use the source filename to form the + output filename. (instead of the default in-file `Title:` line.) - Follow-up to 2e0fa50fc16b9339f51e0a7bfff0352829323acb #11964 - Follow-up to c39585d9b7ef3cbfc1380812dec60e7b275b6af3 #12000 + Follow-up to 3f08d80b2244524646ce86915c585509ac54fb4c + Follow-up to ea0b575dab86a3c44dd1d547dc500276266aa382 #12753 + Follow-up to eefcc1bda4bccd800f5a56a0fe17a2f44a96e88b #12730 - Closes #12023 + Closes #12762 -- spelling: fix codespell 2.2.6 typos +Richard Levitte (23 Jan 2024) - Closes #12019 +- docs: install curl.1 with cmake as well -Daniel Stenberg (3 Oct 2023) + Closes #12759 -- GHA: add workflow to compare configure vs cmake outputs +Daniel Stenberg (23 Jan 2024) - Uses scripts/cmp-config.pl two compare two curl_config.h files, - presumbly generated with configure and cmake. It displays the - differences and filters out a lot of known lines we ignore. +- osslq: remove the TLS library from the version output - The script also shows the matches that were *not* used. Possibly - subjects for removal. + Since we only support using a single TLS library at any one time, we + know that the TLS library for QUIC is the same that is also shown for + regular TLS. - Closes #11964 + Fixes #12763 + Reported-by: Viktor Szakats + Closes #12767 -- appveyor: enable test 571 +Stefan Eissing (23 Jan 2024) - Follow-up from 8a940fd55c175f7 / #12013 +- CI: remove unnecessary OpenSSL 3 option `enable-tls1_3` - Closes #12017 + .. and switch OpenSSL 3 libdir from lib64 to lib for consistency. -Viktor Szakats (3 Oct 2023) + Closes https://github.com/curl/curl/pull/12758 -- build: alpha-sort source files for lib and src +- GHA: bump nghttp2 version to v1.59.0 - Closes #12014 + - Switch to v1.59.0 for GHA CI jobs that use a specific nghttp2-version. -- cmake: delete old `HAVE_LDAP_URL_PARSE` logic + Closes https://github.com/curl/curl/pull/12766 - Left there by accident after adding proper detection for this. +Daniel Stenberg (23 Jan 2024) - Follow-up to 772f0d8edf1c3c2745543f42388ccec5a16ee2c0 #12006 +- RELEASE-NOTES: synced - Ref: #11964 (effort to sync cmake detections with autotools) +- docs/cmdline: change to .md for cmdline docs - Closes #12015 + - switch all invidual files documenting command line options into .md, + as the documentation is now markdown-looking. -Stefan Eissing (3 Oct 2023) + - made the parser treat 4-space indents as quotes -- tests: increase lib571 timeout from 3s to 30s + - switch to building the curl.1 manpage using the "mainpage.idx" file, + which lists the files to include to generate it, instead of using the + previous page-footer/headers. Also, those files are now also .md + ones, using the same format. I gave them underscore prefixes to make + them sort separately: + _NAME.md, _SYNOPSIS.md, _DESCRIPTION.md, _URL.md, _GLOBBING.md, + _VARIABLES.md, _OUTPUT.md, _PROTOCOLS.md, _PROGRESS.md, _VERSION.md, + _OPTIONS.md, _FILES.md, _ENVIRONMENT.md, _PROXYPREFIX.md, + _EXITCODES.md, _BUGS.md, _AUTHORS.md, _WWW.md, _SEEALSO.md - - 3s is too short for our CI, making this test fail occasionally - - test usually experiences no delay run locally, so 30s wont hurt + - updated test cases accordingly - Closes #12013 + Closes #12751 -Viktor Szakats (3 Oct 2023) +dependabot[bot] (23 Jan 2024) -- cmake: fix unity with Windows Unicode + TrackMemory +- CI: bump actions/cache from 3 to 4 - Found the root cause of the startup crash in unity builds with Unicode - and TrackMemory enabled at the same time. + Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4. + - [Release notes](https://github.com/actions/cache/releases) + - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) + - [Commits](https://github.com/actions/cache/compare/v3...v4) - We must make sure that the `memdebug.h` header doesn't apply to - `lib/curl_multibyte.c` (as even noted in a comment there.) In unity - builds all headers apply to all sources, including `curl_multibyte.c`. - This probably resulted in an infinite loop on startup. + --- + updated-dependencies: + - dependency-name: actions/cache + dependency-type: direct:production + update-type: version-update:semver-major + ... - Exclude this source from unity compilation with TrackMemory enabled, - in both libcurl and curl tool. Enable unity mode for a debug Unicode - CI job to keep it tested. Also delete the earlier workaround that - fully disabled unity for affected builds. + Signed-off-by: dependabot[bot] + Closes #12756 - Follow-up to d82b080f6374433ce7c98241329189ad2d3976f8 #12005 - Follow-up to 3f8fc25720900b14b7432f4bd93407ca15311719 #11095 +Daniel Stenberg (23 Jan 2024) - Closes #11928 +- openssl: when verifystatus fails, remove session id from cache -- cmake: disable unity mode with Windows Unicode + TrackMemory + To prevent that it gets used in a subsequent transfer that skips the + verifystatus check since that check can't be done when the session id is + reused. - "TrackMemory" is `ENABLE_DEBUG=ON` (aka `ENABLE_CURLDEBUG=ON`, - aka `-DCURLDEBUG`). + Reported-by: Hiroki Kurosawa + Closes #12760 - There is an issue with memory tracking and Unicode when built in "unity" - mode, which results in the curl tool crashing right on startup, even - without any command-line option. Interestingly this doesn't happen under - WINE (at least on the system I tested this on), but consistenly happens - on real Windows machines. Crash is 0xC0000374 heap corruption. Both - shared and static curl executables are affected. +Viktor Szakats (23 Jan 2024) - This limitation probably won't hit too many people, but it remains - a TODO to find and fix the root cause and drop this workaround. +- cmake: add option to disable building docs - Example builds and runs: - https://ci.appveyor.com/project/curlorg/curl/builds/48169111/job/17cptxhtpubd - 7iwj#L313 (static) - https://ci.appveyor.com/project/curlorg/curl/builds/48169111/job/76e1ge758tby - qu9c#L317 (shared) +Richard Levitte (23 Jan 2024) - Follow-up to 3f8fc25720900b14b7432f4bd93407ca15311719 #11095 +- cmake: use curldown to build man pages - Ref: #11928 - Closes #12005 + This throws away the previous HTML and PDF producers, to mimic what + Makefile.am does as faithfully as possible. -- cmake: tidy-up `NOT_NEED_LBER_H` detection + Closes #12753 - Follow-up to 772f0d8edf1c3c2745543f42388ccec5a16ee2c0 #12006 +Daniel Stenberg (23 Jan 2024) -- appveyor: rewrite batch in PowerShell + CI improvements +- mksymbolsmanpage.pl: provide references to where the symbol is used - 1. Rewrite in PowerShell: +- docs: introduce "curldown" for libcurl man page format - - rewrite MS-DOS batch build script in PowerShell. - - move some bash operations into native PowerShell. - - fixups for PowerShell insisting on failure when a command outputs - something to stderr. - - fix to actually run `curl -V` after every build. - (and exclude ARM64 builds.) - - also say why we skipped `curl -V` if we had to skip. - - fix CMake warnings about unused configuration variables, by adapting - these dynamically for build cases. - - dedupe OpenSSL path into a variable. - - disable `test1451` failing with a warning anyway due to missing python - impacket. (after trying and failing to install impacket) - PowerShell promotes these warnings to errors by PowerShell. We can also - suppress they wholesale if they start causing issues in the future, - like we already to with `autoreconf` and `./configure`. + curldown is this new file format for libcurl man pages. It is markdown + inspired with differences: - PowerShell is better than MS-DOS batches, so the hope is this makes it - easier to extend and maintain the AppVeyor build logic. POSIX/bash isn't - supported inline by AppVeyor on Windows build machines, but we are okay - to keep it in an external script, so it's also an option. + - Each file has a set of leading headers with meta-data + - Supports a small subset of markdown + - Uses .md file extensions for editors/IDE/GitHub to treat them nicely + - Generates man pages very similar to the previous ones + - Generates man pages that still convert nicely to HTML on the website + - Detects and highlights mentions of curl symbols automatically (when + their man page section is specified) - 2. CI improvements: + tools: - - enable tests for a "unity" build job. - - speed-up CI initialization by using shallow clones of the curl repo. - - speed-up CMake MSVC jobs with `TrackFileAccess=false`. - - enable parallelism in `VisualStudioSolution` builds. - - display CMake version before builds. - - always show the CPU in job names. - - tell which jobs are build-only in job names. - - move `TESTING:` value next to `DISABLED_TESTS:` in two jobs. - - add `config.log` (autotools) to dumped logs (need to enable manually). + - cd2nroff: converts from curldown to nroff man page + - nroff2cd: convert an (old) nroff man page to curldown + - cdall: convert many nroff pages to curldown versions + - cd2cd: verifies and updates a curldown to latest curldown - 3. Style: + This setup generates .3 versions of all the curldown versions at build time. - - use single-quotes in YAML like we do in other CI YAML files. - It also allows to drop quoting characters and lighter to write/read. - (keep double quotes for PowerShell strings needing expansion.) + CI: - Closes #11999 + Since the documentation is now technically markdown in the eyes of many + things, the CI runs many more tests and checks on this documentation, + including proselint, link checkers and tests that make sure we capitalize the + first letter after a period... -- cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows + Closes #12730 - - set `HAVE_LDAP_URL_PARSE` if `ldap_url_parse` function exists. - Before this patch we set it based it on the presence of `stricmp`, - which correctly enabled it on e.g. Windows, but was inaccurate for - other platforms. +Viktor Szakats (22 Jan 2024) - - always set `HAVE_LDAP_SSL` if an LDAP backend is detected and - LDAPS is not explicitly disabled. This mimics autotools behaviour. - Previously we set it only for Windows LDAP. After this fix, LDAPS is - correctly enabled in default macOS builds. +- libssh2: use `libssh2_session_callback_set2()` with v1.11.1 - - enable LDAP[S] for a CMake macOS CI job. Target OS X 10.9 (Mavericks) - to avoid deprecation warnings for LDAP API. + To avoid a local hack to pass function pointers and to avoid + deprecation warnings when building with libssh2 v1.11.1 or newer: + ``` + lib/vssh/libssh2.c:3324:5: warning: 'libssh2_session_callback_set' is depreca + ted: since libssh2 1.11.1. Use libssh2_session_callback_set2() [-Wdeprecated- + declarations] + lib/vssh/libssh2.c:3326:5: warning: 'libssh2_session_callback_set' is depreca + ted: since libssh2 1.11.1. Use libssh2_session_callback_set2() [-Wdeprecated- + declarations] + ``` + Ref: https://github.com/curl/curl-for-win/actions/runs/7609484879/job/2072082 + 1100#step:3:4982 - - always detect `HAVE_LDAP_SSL_H`, even with LDAPS explicitly disabled. - This doesn't make much sense, but let's do it to sync behaviour with - autotools. + Ref: https://github.com/libssh2/libssh2/pull/1285 + Ref: https://github.com/libssh2/libssh2/commit/c0f69548be902147ce014ffa40b8db + 3cf1d4b0b4 + Reviewed-by: Daniel Stenberg + Closes #12754 - - fix benign typo in variable name. +Daniel Stenberg (22 Jan 2024) - Ref: #11964 (effort to sync cmake detections with autotools) +- transfer: make the select_bits_paused condition check both directions - Closes #12006 + If there is activity in a direction that is not paused, return false. -- autotools: restore `HAVE_IOCTL_*` detections + Reported-by: Sergey Bronnikov + Bug: https://curl.se/mail/lib-2024-01/0049.html + Closes #12740 - This restores `CURL_CHECK_FUNC_IOCTL` detection. I deleted it in - 4d73854462f30948acab12984b611e9e33ee41e6 and - c3456652a0c72d1845d08df9769667db7e159949 (2022-08), because the - `HAVE_IOCTL` result it generated was unused in the source. But, - I did miss the fact that this had two dependent checks: - `CURL_CHECK_FUNC_IOCTL_FIONBIO`, - `CURL_CHECK_FUNC_IOCTL_SIOCGIFADDR` that we do actually need: - `HAVE_IOCTL_FIONBIO`, `HAVE_IOCTL_SIOCGIFADDR`. +Stefan Eissing (22 Jan 2024) - Regression from 4d73854462f30948acab12984b611e9e33ee41e6 +- http3: initial support for OpenSSL 3.2 QUIC stack - Ref: #11964 (effort to sync cmake detections with autotools) + - HTTP/3 for curl using OpenSSL's own QUIC stack together + with nghttp3 + - configure with `--with-openssl-quic` to enable curl to + build this. This requires the nghttp3 library + - implementation with the following restrictions: + * macOS has to use an unconnected UDP socket due to an + issue in OpenSSL's datagram implementation + See https://github.com/openssl/openssl/issues/23251 + This makes connections to non-reponsive servers hang. + * GET requests will send the indicator that they have + no body in a separate QUIC packet. This may result + in processing delays or Transfer-Encodings on proxied + requests + * uploads that encounter blocks will use 100% cpu as + detection of these flow control issue is not working + (we have not figured out to pry that from OpenSSL). - Closes #12008 + Closes #12734 -Daniel Stenberg (2 Oct 2023) +Viktor Szakats (22 Jan 2024) -- RELEASE-PROCEDURE.md: updated coming release dates +- cmake: fix `ENABLE_MANUAL` option -- RELEASE-NOTES: synced + Fix the `ENABLE_MANUAL` option. Set it to default to `OFF`. -Viktor Szakats (1 Oct 2023) + Before this patch `ENABLE_MANUAL=ON` was a no-op, even though it was the + option designed to enable building and using the built-in curl manual. + (`USE_MANUAL=ON` option worked for this instead, by accident). -- cmake: pre-cache `HAVE_POLL_FINE` on Windows + Ref: https://github.com/curl/curl/pull/12730#issuecomment-1902572409 + Closes #12749 - Windows doesn't support `poll()`, so we can safely skip checking for - fine poll. +Mohammadreza Hendiani (19 Jan 2024) - Closes #12003 +- TODO: update broken link to ratelimit-headers draft -- gha: bump actions to latest versions + Closes #12741 - - actions@checkout@v4 (from v3 and v2) +Daniel Stenberg (19 Jan 2024) - - fsfe/reuse-action@v2 (from v1) +- cmake: when USE_MANUAL=YES, build the curl.1 man page - Closes #12000 + Fixes KNOWN_BUG 15.4 -Stefan Eissing (30 Sep 2023) + Closes #12742 -- h2: testcase and fix for pausing h2 streams +- cmdline-opts/write-out.d: remove spurious double quotes - - refs #11982 where it was noted that paused transfers may - close successfully without delivering the complete data - - made sample poc into tests/http/client/h2-pausing.c and - added test_02_27 to reproduce +Stefan Eissing (19 Jan 2024) - Closes #11989 - Fixes #11982 - Reported-by: Harry Sintonen +- rtsp: Convert assertion into debug log -Viktor Szakats (30 Sep 2023) + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65934 -- cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value + - write excess bytes to the client where the standard excess bytes + checks will report any wrongness and fail the transfer - Before this patch CMake builds accepted any value and it was used at - runtime as-is. This patch make sure that the selected default backend - is also enabled in the build. It also enforces a full lowercase value. + Fixes #12738 + Closes #12739 - This improves reproducibility and brings CMake in sync with autotools - which already worked like described above. +Daniel Stenberg (19 Jan 2024) - Follow-up to 26c7feb8b9d51a57fab3325571b4bbfa03b11af0 #11774 +- headers: remove assert from Curl_headers_push - Closes #11998 + The fuzzer managed to reach the function without a terminating CR or LF + so let's handle it normally. While there, remove the goto. -- autotools: adjust `CURL_CA_PATH` value to CMake + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65839 - autotools was using the same value as CMake, but with an ending - slash. Delete the ending slash to match configurations. + Closes #12721 - Ref: #11964 (effort to sync cmake detections with autotools) +- curl_easy_getinfo.3: remove the wrong time value count - Closes #11997 + It said "six" time values but they are eight by now. Remove the mention + of the amount. -- cmake: detect `sys/wait.h` and `netinet/udp.h` + Closes #12727 - Ref: #11964 (effort to sync cmake detections with autotools) +Viktor Szakats (18 Jan 2024) - Closes #11996 +- mbedtls: fix `-Wnull-dereference` and `-Wredundant-decls` -Daniel Stenberg (30 Sep 2023) + - Silence warning in mbedTLS v3.5.1 public headers: + ``` + ./mbedtls/_x64-linux-musl/usr/include/psa/crypto_extra.h:489:14: warning: r + edundant redeclaration of 'psa_set_key_domain_parameters' [-Wredundant-decls] + ./mbedtls/_x64-linux-musl/usr/include/psa/crypto_struct.h:354:14: note: pre + vious declaration of 'psa_set_key_domain_parameters' was here + ``` + Ref: https://github.com/libssh2/libssh2/commit/ecec68a2c13a9c63fe8c2dc457ae + 785a513e157c + Ref: https://github.com/libssh2/libssh2/pull/1226 -- lib: provide and use Curl_hexencode + - Fix compiler warnings seen with gcc 9.2.0 + cmake unity: + ``` + ./curl/lib/vtls/mbedtls.c: In function 'mbedtls_bio_cf_read': + ./curl/lib/vtls/mbedtls.c:189:11: warning: null pointer dereference [-Wnull + -dereference] + 189 | nread = Curl_conn_cf_recv(cf->next, data, (char *)buf, blen, &res + ult); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ~~~~ + ./curl/lib/vtls/mbedtls.c: In function 'mbedtls_bio_cf_write': + ./curl/lib/vtls/mbedtls.c:168:14: warning: null pointer dereference [-Wnull + -dereference] + 168 | nwritten = Curl_conn_cf_send(cf->next, data, (char *)buf, blen, & + result); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ~~~~~~~ + ``` - Generates a lower case ASCII hex output from a binary input. + - delete stray `#else`. - Closes #11990 + Closes #12720 -- configure: check for the capath by default +Daniel Stenberg (17 Jan 2024) - ... if the chosen TLS backend supports it: OpenSSL, GnuTLS, mbedTLS or wolfSS - L +- docs: cleanup nroff format use - cmake: synced + - remove use of .BI for code snippet + - stop using .br, just do a blank line + - remove use of .PP + - remove use for .sp + - remove backslash in .IP + - use .IP instead of .TP - Assisted-by: Viktor Szakats - Closes #11987 + Closes #12731 -- wolfssl: ignore errors in CA path +Stefan Eissing (17 Jan 2024) - The default wolfSSL_CTX_load_verify_locations() function is quite picky - with the certificates it loads and will for example return error if just - one of the certs has expired. +- test2307: fix expected failure code after ws refactoring - With the *_ex() function and its WOLFSSL_LOAD_FLAG_IGNORE_ERR flag, it - behaves more similar to what OpenSSL does by default. + Fixes #12722 + Closes #12728 - Even the set of default certs on my Debian unstable has several expired - ones. +Jay Satiro (17 Jan 2024) - Assisted-by: Juliusz Sosinowicz - Assisted-by: Michael Osipov +- cf-socket: show errno in tcpkeepalive error messages - Closes #11987 + - If the socket keepalive options (TCP_KEEPIDLE, etc) cannot be set + then show the errno in the verbose error messages. -- create-dirs.d: clarify it also uses --output-dirs + Ref: https://github.com/curl/curl/discussions/12715#discussioncomment-8151652 - Reported-by: Robert Simpson - Fixes #11991 - Closes #11995 + Closes https://github.com/curl/curl/pull/12726 -Viktor Szakats (30 Sep 2023) +- tool_getparam: stop supporting `@filename` style for --cookie -- appveyor: fix yamlint issues, indent + The `@filename` style was never documented for --cookie + but prior to this change curl would accept it anyway and always treat a + @ prefixed string as a filename. - Also: - - use double quotes in all batch if statements. + That's a problem if the string also contains a = sign because then it is + documented to be interpreted as a cookie string and not a filename. - Closes #11994 + Example: -- cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW` + `--cookie @foo=bar` - Based on existing autotools logic. + Before: Interpreted as load cookies from filename foo=bar. - Ref: #11964 (effort to sync cmake detections with autotools) + After: Interpreted as cookie `@foo=bar` (name `@foo` and value `bar`). - Closes #11981 + Other curl options with a data/filename option-value use the `@filename` + to distinguish filenames which is probably how this happened. The + --cookie option has never been documented that way. -- cmake: detect `HAVE_GETADDRINFO_THREADSAFE` + Ref: https://curl.se/docs/manpage.html#-b - Based on existing autotools logic. + Closes https://github.com/curl/curl/pull/12645 - autotools checks for old versions of the allowlisted target OSes and - disables this feature when seeing them. In CMake we assume we're running - on newer systems and enable regardless of OS version. +Stefan Eissing (16 Jan 2024) - autotools always runs all 3 probes for non-fast-tracked systems and - enables this feature if any one of them was successful. To save - configuration time, CMake stops at the first successful check. +- websockets: refactor decode chain - OpenBSD is not fast-tracked and then gets blocklisted as a generic BSD - system. I haven't double-checked if this is correct, but looks odd. + - use client writer stack for decoding frames + - move websocket protocol handler to ws.c - Ref: #11964 (effort to sync cmake detections with autotools) + Closes #12713 - Closes #11979 +- websockets: check for negative payload lengths -- cmake: fix `HAVE_WRITABLE_ARGV` detection + - in en- and decoding, check the websocket frame payload lengths for + negative values (from curl_off_t) and error the operation in that case + - add test 2307 to verify - Move detection before the creation of detection results in - `curl_config.h`. + Closes #12707 - Ref: #11964 (effort to sync cmake detections with autotools) +Daniel Stenberg (16 Jan 2024) - Closes #11978 +- docs: mention env vars not used by schannel -- appveyor: minor improvements + Ref: #12704 - - run `curl -V` after builds to see if they run and with what features. - Except for one job where a CRT DLL is missing. And ARM64 which should - fail, but is silently not launched instead. + Co-authored-by: Jay Satiro - - copy libcurl DLL next to curl tool and tests binaries in shared mode. - This makes it possible to run the tests. (We don't run tests after - these builds yet.) + Closes #12711 - - list the DLLs and EXEs present after the builds. +- tool_operate: make --remove-on-error only remove "real" files - - add `DEBUG` variable for CMake builds to allow disabling it, for - testing non-debug builds. (currently enabled for all) + Reported-by: Harry Sintonen + Assisted-by: Dan Fandrich - - add commented lines that dump CMake configuration logs for debugging - build/auto-detection issues. + Closes #12710 - - add gcc version to jobs where missing. +Jay Wu (16 Jan 2024) - - switch a job to the native MSYS2 mingw-w64 toolchain. This adds gcc 9 - to the build mix. +- url: don't set default CA paths for Secure Transport backend - - make `SHARED=OFF` and `OPENSSL=OFF` defaults global. + As the default for this backend is the native CA store. - - delete a duplicate backslash. + Closes #12704 - Closes #11976 +Lin Sun (16 Jan 2024) -- configure: replace adhoc domain with `localhost` in tests +- asyn-ares: with modern c-ares, use its default timeout - Reviewed-by: Daniel Stenberg - Closes #11988 + Closes #12703 -- tidy-up: use more example domains +Daniel Stenberg (15 Jan 2024) - Also make use of the example TLD: - https://en.wikipedia.org/wiki/.example +- tool_operate: stop setting the file comment on Amiga - Reviewed-by: Daniel Stenberg - Closes #11992 + - the URL is capped at 80 cols, which ruins it if longer + - it does not strip off URL credentials + - it is done unconditonally, not on --xattr + - we don't have Amiga in the CI which makes fixing it blindly fragile -Dan Fandrich (29 Sep 2023) + Someone who builds and tests on Amiga can add it back correctly in a + future if there is a desire. -- runtests: display the test status if tests appear hung + Reported-by: Harry Sintonen + Closes #12709 - It sometimes happens that a test hangs during a test run and never - returns. The test harness will wait indefinitely for the results and on - CI servers the CI job will eventually be killed after an hour or two. - At the end of a test run, if results haven't come in within a couple of - minutes, display the status of all test runners and what tests they're - running to help in debugging the problem. +Stefan Eissing (15 Jan 2024) - This feature is really only kick in with parallel testing enabled, which - is fine because without parallel testing it's usually easy to tell what - test has hung. +- rtsp: deal with borked server responses - Closes #11980 + - enforce a response body length of 0, if the + response has no Content-lenght. This is according + to the RTSP spec. + - excess bytes in a response body are forwarded to + the client writers which will report and fail the + transfer -- github/labeler: remove workaround for labeler + Follow-up to d7b6ce6 + Fixes #12701 + Closes #12706 - This was added due to what seemed to be a bug regarding the sync-labels: - config option, but it looks like it wasn't necessary. +Daniel Stenberg (14 Jan 2024) - Follow-up to b2b0534e7 +- version: show only the libpsl version, not its dependencies -Viktor Szakats (29 Sep 2023) + The libpsl version output otherwise also includes version number for its + dependencies, like IDN lib, but since libcurl does not use libpsl's IDN + functionality those components are not important. -- docs: upgrade an URL to HTTPS in `BINDINGS.md` [ci skip] + Ref: https://github.com/curl/curl-for-win/issues/63 + Closes #12700 -Daniel Stenberg (29 Sep 2023) +Brad Harder (14 Jan 2024) -- docs: replace made up domains with example.com +- curl.h: CURLOPT_DNS_SERVERS is only available with c-ares - in FAQ and MANUAL.md + Closes #12695 - - example.com was made for this purpose. +Daniel Stenberg (14 Jan 2024) - - reduces the risk that one of those domains suddenly start hosting - something nasty and we provide links to them +- cmdline-opts/gen.pl: error on initital blank line - Closes #11986 + After the "---" separator, there should be no blank line and this script + now errors out if one is detected. -Michael Osipov (29 Sep 2023) + Ref: #12696 + Closes #12698 -- acinclude.m4: Document proper system truststore on FreeBSD +- cf-h1-proxy: no CURLOPT_USERAGENT in CONNECT with hyper - The default system truststore on FreeBSD has been /etc/ssl/certs for many - years now. It is managed canonically through certctl(8) and contains hashed - symlinks for OpenSSL and other TLS providers. - The previous ones require security/ca_root_nss which might not be installed o - r - will not contain any custom CA certificates. + Follow-up to 693cd1679361828a which was incomplete - Closes #11985 + Ref #12680 + Closes #12697 -Daniel Stenberg (29 Sep 2023) +- curl_multi_fdset.3: remove mention of null pointer support -- FAQ: How do I upgrade curl.exe in Windows? + ... since this funtion has not supported null pointer fd_set arguments since + at least 2006. (That's when I stopped my git blame journey) - This is a growing question, better answer it here to get somewhere to - point users to. + Fixes #12691 + Reported-by: sfan5 on github + Closes #12692 - Closes #11984 +Mark Huang (14 Jan 2024) -Viktor Szakats (28 Sep 2023) +- docs/cmdline: remove unnecessary line breaks -- cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC + Closes #12696 - `basename` is present in mingw-w64, missing from MSVC. Pre-cache - accordingly to make configure faster. +Daniel Stenberg (14 Jan 2024) - Notice that `basename` has a bug so we later disable it even with - mingw-w64: - https://github.com/curl/curl/blob/781242ffa44a9f9b95b6da5ac5a1bf6372ec6257/li - b/curl_setup.h#L820-L825 +- transfer: remove warning: Value stored to 'blen' is never read - Closes #11974 + Detected by scan-build -Daniel Stenberg (28 Sep 2023) + Follow-up from 1cd2f0072f -- cmake: add missing checks + Closes #12693 - - check for arc4random. To make rand.c use it accordingly. - - check for fcntl - - fix fseek detection - - add SIZEOF_CURL_SOCKET_T - - fix USE_UNIX_SOCKETS - - define HAVE_SNPRINTF to 1 - - check for fnmatch - - check for sched_yield - - remove HAVE_GETPPID duplicate from curl_config.h - - add HAVE_SENDMSG +Stefan Eissing (13 Jan 2024) - Ref: #11964 +- lib: replace readwrite with write_resp - Co-authored-by: Viktor Szakats - Closes #11973 + This clarifies the handling of server responses by folding the code for + the complicated protocols into their protocol handlers. This concerns + mainly HTTP and its bastard sibling RTSP. -- configure: remove unused checks + The terms "read" and "write" are often used without clear context if + they refer to the connect or the client/application side of a + transfer. This PR uses "read/write" for operations on the client side + and "send/receive" for the connection, e.g. server side. If this is + considered useful, we can revisit renaming of further methods in another + PR. - - for sys/uio.h - - for fork - - for connect + Curl's protocol handler `readwrite()` method been changed: - Ref: #11964 + ```diff + - CURLcode (*readwrite)(struct Curl_easy *data, struct connectdata *conn, + - const char *buf, size_t blen, + - size_t *pconsumed, bool *readmore); + + CURLcode (*write_resp)(struct Curl_easy *data, const char *buf, size_t ble + n, + + bool is_eos, bool *done); + ``` - Closes #11973 + The name was changed to clarify that this writes reponse data to the + client side. The parameter changes are: + + * `conn` removed as it always operates on `data->conn` + * `pconsumed` removed as the method needs to handle all data on success + * `readmore` removed as no longer necessary + * `is_eos` as indicator that this is the last call for the transfer + response (end-of-stream). + * `done` TRUE on return iff the transfer response is to be treated as + finished + + This change affects many files only because of updated comments in + handlers that provide no implementation. The real change is that the + HTTP protocol handlers now provide an implementation. + + The HTTP protocol handlers `write_resp()` implementation will get passed + **all** raw data of a server response for the transfer. The HTTP/1.x + formatted status and headers, as well as the undecoded response + body. `Curl_http_write_resp_hds()` is used internally to parse the + response headers and pass them on. This method is public as the RTSP + protocol handler also uses it. + + HTTP/1.1 "chunked" transport encoding is now part of the general + *content encoding* writer stack, just like other encodings. A new flag + `CLIENTWRITE_EOS` was added for the last client write. This allows + writers to verify that they are in a valid end state. The chunked + decoder will check if it indeed has seen the last chunk. + + The general response handling in `transfer.c:466` happens in function + `readwrite_data()`. This mainly operates now like: -- lib: remove TIME_WITH_SYS_TIME + ``` + static CURLcode readwrite_data(data, ...) + { + do { + Curl_xfer_recv_resp(data, buf) + ... + Curl_xfer_write_resp(data, buf) + ... + } while(interested); + ... + } + ``` - It is not used in any code anywhere. + All the response data handling is implemented in + `Curl_xfer_write_resp()`. It calls the protocol handler's `write_resp()` + implementation if available, or does the default behaviour. - Ref: #11964 - Closes #11975 + All raw response data needs to pass through this function. Which also + means that anyone in possession of such data may call + `Curl_xfer_write_resp()`. -- docs: update curl man page references + Closes #12480 - Detected by the manpage-syntax update +Daniel Stenberg (13 Jan 2024) - Closes #11963 +- RELEASE-NOTES: synced -- manpage-syntax: verify curl man page references +- TODO: TFTP doesn't convert LF to CRLF for mode=netascii - 1. References to curl symbols are now checked that they indeed exist as - man pages. This for \f references as well as the names referenced in the - SEE ALSO section. + Closes #12655 + Closes #12690 - Allowlist curl.1 since it is not always built in builds +- gen: do italics/bold for a range of letters, not just single word - 2. References to curl symbols that lack section now causes warning, since tha - t - will prevent them from getting linked properly + Previously it would match only on a sequence of non-space, which made it + miss to highlight for example "public suffix list". - 3. Check for "bare" references to curl functions and warn, they should be - references + Updated the recent cookie.d edit from 5da57193b732 to use bold instead + of italics. - Closes #11963 + Closes #12689 -- cmake: add check for suseconds_t +- docs: describe and highlight super cookies - And fix the HAVE_LONGLONG define + Reported-by: Yadhu Krishna M - Ref: #11964 - Closes #11977 + Closes #12687 -Viktor Szakats (28 Sep 2023) +- configure: when enabling QUIC, check that TLS supports QUIC -- tidy-up: whitespace fixes + Most importantly perhaps is when using OpenSSL that the used + build/flavor has the QUIC API: the vanilla OpenSSL does not, only + BoringSSL, libressl, AWS-LC and quictls do. - Closes #11972 + Ref: https://github.com/curl/curl/commit/5d044ad9480a9f556f4b6a252d7533b1ba7f + e57e#r136780413 -- cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS + Closes #12683 - With new option `CURL_DISABLE_SRP=ON` to force-disable it. - To match existing option and detection logic in autotools. +Stefan Eissing (11 Jan 2024) - Also: - - fix detecting GnuTLS. - We assume `nettle` as a GnuTLS dependency. - - add CMake GnuTLS CI job. - - bump AppVeyor CMake OpenSSL MSVC job to OpenSSL 1.1.1 (from 1.0.2) - TLS-SRP fails to detect with 1.0.2 due to an OpenSSL header bug. - - fix compiler warning when building with GnuTLS and disabled TLS-SRP. - - fix comment typos, whitespace. +- vquic: extract TLS setup into own source - Ref: #11964 + - separate ngtcp2 specific parts out + - provide callback during init to allow ngtcp2 to apply its defaults - Closes #11967 + Closes #12678 -- tool: use our own stderr variable +Sergey Markelov (11 Jan 2024) - Earlier this year we changed our own stderr variable to use the standard - name `stderr` (to avoid bugs where someone is using `stderr` instead of - the curl-tool specific variable). This solution needed to override the - standard `stderr` symbol via the preprocessor. This in turn didn't play - well with unity builds and caused curl tool to crash or stay silent due - to an uninitialized stderr. This was a hard to find issue, fixed by - manually breaking out one file from the unity sources. +- multi: remove total timer reset in file_do() while fetching file:// - To avoid two these two tricks, this patch implements a different - solution: Restore using our own local variable for our stderr output and - leave `stderr` as-is. To avoid using `stderr` by mistake, add a - `checksrc` rule (based on logic we already used in lib for `strerror`) - that detects any `stderr` use in `src` and points to using our own - variable instead: `tool_stderr`. + The total timer is properly reset in MSTATE_INIT. MSTATE_CONNECT starts + with resetting the timer that is a start point for further multi states. + If file://, MSTATE_DO calls file_do() that should not reset the total + timer. Otherwise, the total time is always less than the pre-transfer + and the start transfer times. - Follow-up to 06133d3e9b8aeb9e9ca0b3370c246bdfbfc8619e - Follow-up to 2f17a9b654121dd1ecf4fc043c6d08a9da3522db + Closes #12682 - Closes #11958 +Daniel Stenberg (11 Jan 2024) -Loïc Yhuel (28 Sep 2023) +- http_proxy: a blank CURLOPT_USERAGENT should not be used in CONNECT -- connect: only start the happy eyeballs timer when needed + Extended test 80 to verify this. - The timeout is only used when there is a second address family, for the - delayed eyeballer. + Reported-by: Stefan Eissing + Fixes #12680 + Closes #12681 - Closes #11939 +- sectransp: do verify_cert without memdup for blobs -Daniel Stenberg (28 Sep 2023) + Since the information is then already stored in memory, this can avoid + an extra set of malloc + free calls. -- tool_operate: free 'gateway' correctly + Closes #12679 - Pointed out by Coverity. The fix in 93885cf3a8d4e was incomplete. +- hsts: remove assert for zero length domain - Also removed repeated wording in IPFS related error messages. + A zero length domain can happen if the HSTS parser is given invalid + input data which is not unheard of and is done by the fuzzer. - Closes #11969 + Follow-up from cfe7902111ae547873 -Stefan Eissing (28 Sep 2023) + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65661 -- lib: move handling of `data->req.writer_stack` into Curl_client_write() + Closes #12676 - - move definitions from content_encoding.h to sendf.h - - move create/cleanup/add code into sendf.c - - installed content_encoding writers will always be called - on Curl_client_write(CLIENTWRITE_BODY) - - Curl_client_cleanup() frees writers and tempbuffers from - paused transfers, irregardless of protocol +- headers: make sure the trailing newline is not stored - Closes #11908 + extended test1940 to verify blank header fields too -Loïc Yhuel (28 Sep 2023) + Bug: https://curl.se/mail/lib-2024-01/0019.html + Reported-by: Dmitry Karpov + Closes #12675 -- multi: round the timeout up to prevent early wakeups +- curl_easy_header.3: tiny language fix - Curl_timediff rounds down to the millisecond, so curl_multi_perform can - be called too early, then we get a timeout of 0 and call it again. + Closes #12672 - The code already handled the case of timeouts which expired less than - 1ms in the future. By rounding up, we make sure we will never ask the - platform to wake up too early. +- examples/range.c: add - Closes #11938 + Closes #12671 -Daniel Stenberg (28 Sep 2023) +- examples/netrc.c: add -- RELEASE-NOTES: spell out that IPFS is via gateway + Closes #12671 -- RELEASE-NOTES: synced +- examples/ipv6.c: new example showing IPv6-only internet transfer -- tool_operate: avoid strlen() -1 on zero length content from file + Closes #12671 - Follow-up to 65b563a96a226649ba12cb1e +- examples/address-scope.c: renamed from ipv6.c - Closes #11959 + It shows address scope use really -- tool_operate: fix memory mixups + Closes #12671 - Switch to plain getenv() from curl_getenv() to avoid the allocation and - having to keep track of which free() or curl_free() that need to be - used. +Stefan Eissing (9 Jan 2024) - Coverity found issues and a memory leak. +- multi: pollset adjust, init with FIRSTSOCKET during connect - Follow-up to 65b563a96a226649ba12cb1e + - `conn->sockfd` is set by `Curl_setup_transfer()`, but that + is called *after* the connection has been established + - use `conn->sock[FIRSTSOCKET]` instead - Closes #11959 + Follow-up to a0f94800d507de + Closes #12664 -Viktor Szakats (27 Sep 2023) +Daniel Stenberg (9 Jan 2024) -- curl-functions.m4: fixup recent bad edits +- WEBSOCKET.md: remove dead link - Follow-up to 96c29900bcec32dd6bc8e9857c8871ff4b8b8ed9 #11940 +- CI: spellcheck/appveyor: invoke configure --without-libpsl - Closes #11966 + Follow-up to 2998874bb61ac6 -Daniel Stenberg (27 Sep 2023) +- cmdline/docs/*.d: switch to using ## instead of .IP -- curl-functions.m4: fix include line + To make the editing easier. To write and to read. - This made the getaddrinfo detection fail, but we did not spot it in the - CI because it graciously falled back to using legacy functions instead! + Closes #12667 - Follow-up to 96c29900bcec (#11940) +- gen.pl: support ## for doing .IP in table-like lists - Closes #11965 + Warn on use of .RS/.IP/.RE -- inet_ntop: add typecast to silence Coverity + Closes #12667 - CID 1024653: Integer handling issues (SIGN_EXTENSION) +Jay Satiro (9 Jan 2024) - Suspicious implicit sign extension: "src[i]" with type "unsigned char - const" (8 bits, unsigned) is promoted in "src[i] << (1 - i % 2 << 3)" to - type "int" (32 bits, signed), then sign-extended to type "unsigned long" - (64 bits, unsigned). If "src[i] << (1 - i % 2 << 3)" is greater than - 0x7FFFFFFF, the upper bits of the result will all be 1. +- cookie.d: Document use of empty string to enable cookie engine - 111 words[i/2] |= (src[i] << ((1 - (i % 2)) << 3)); + - Explain that --cookie "" can be used to enable the cookie engine + without reading any initial cookies. - The value will not be greater than 0x7FFFFFFF so this still cannot - happen. + As is documented in CURLOPT_COOKIEFILE. - Also, switch to ints here instead of longs. The values stored are 16 bit - so at least no need to use 64 bit variables. Also, longs are 32 bit on - some platforms so this logic still needs to work with 32 bits. + Ref: https://curl.se/libcurl/c/CURLOPT_COOKIEFILE.html - Closes #11960 + Bug: https://github.com/curl/curl/issues/12643#issuecomment-1879844420 + Reported-by: janko-js@users.noreply.github.com -- docs: adapt SEE ALSO sections to new requirements + Closes https://github.com/curl/curl/pull/12646 - To please manpage-syntax.pl used by test 1173 +Daniel Stenberg (9 Jan 2024) - Closes #11957 +- setopt: use memdup0 when cloning COPYPOSTFIELDS -- manpage-syntax.pl: verify SEE ALSO syntax + Closes #12651 - - Enforce a single reference per .BR line - - Skip the quotes around the section number for example (3) - - Insist on trailing commas on all lines except the last - - Error on comma on the last SEE ALSO entry +- telnet: use dynbuf instad of malloc for escape buffer - - List the entries alpha-sorted, not enforced just recommended + Previously, send_telnet_data() would malloc + free a buffer every time + for escaping IAC codes. Now, it reuses a dynbuf for this purpose. - Closes #11957 + Closes #12652 -- connect: expire the timeout when trying next +- CI: install libpsl or configure --without-libpsl in builds - ... so that it gets called again immediately and can continue trying - addresses to connect to. Otherwise it might unnecessarily wait for a - while there. + As a follow-up to the stricted libpsl check in configure - Fixes #11920 - Reported-by: Loïc Yhuel - Closes #11935 +- configure: make libpsl detection failure cause error -- http: remove wrong comment for http_should_fail + To force users to explictily disable it if they really don't want it + used and make it harder to accidentally miss it. - Reported-by: Christian Schmitz - Ref: #11936 - Closes #11941 + --without-libpsl is the option to use if PSL is not wanted. -Dan Fandrich (26 Sep 2023) + Closes #12661 -- tool_setopt: remove unused function tool_setopt_flags +- RELEASE-NOTES: synced - This function is identical to tool_setopt_bitmask except that it treats - the argument as unsigned. +- pop3: replace calloc + memcpy with memdup0 - Closes #11943 + ... and make sure to return error on out of memory. -Viktor Szakats (26 Sep 2023) + Closes #12650 -- cmake: add feature checks for `memrchr` and `getifaddrs` +- lib: add debug log outputs for CURLE_BAD_FUNCTION_ARGUMENT - - `HAVE_MEMRCHR` for `memrchr`. - - `HAVE_GETIFADDRS` for `getifaddrs`. - This was present in `lib/curl_config.h.cmake` but missed the detection - logic. + Closes #12658 - To match existing autotools feature checks. +- mime: use memdup0 instead of malloc + memcpy - Closes #11954 + Closes #12649 -- cmake: move global headers to specific checks +- tool_getparam: move the --rate logic into set_rate() - Before this patch we added standard headers unconditionally to the - global list of headers used for feature checks. This is unnecessary - and also doesn't help CMake 'Generate' performance. This patch moves - these headers to each feature check where they are actually needed. - Stop using `stddef.h`, as it seems unnecessary. +- tool_getparam: switch to an enum for every option - I've used autotools' `m4/curl-functions.m4` to figure out these - dependencies. + To make the big switch much easier to read/understand and to make it + easier to add new options. - Also delete checking for the C89 standard header `time.h`, that I - missed in the earlier commit. +- tool_getparam: build post data using dynbuf (more) - Ref: 96c29900bcec32dd6bc8e9857c8871ff4b8b8ed9 #11940 +- tool_getparam: replace malloc + copy by dynbuf for --data - Closes #11951 +- tool_getparam: make data_urlencode avoid direct malloc -- src/mkhelp: make generated code pass `checksrc` + use aprintf() instead - Closes #11955 +- tool_getparam: move the --url-query logic into url_query() -- tests: show which curl tool `runtests.pl` is using + This function is not doing post at all so it was always weirdly placed. - To help debugging when there is issue finding or running it. +- tool_getparam: move the --data logic into set_data() - Closes #11953 +- tool_getparam: unify the cmdline switch() into a single one -- CI/azure: make `MAKEFLAGS` global to parallelize all jobs + - easier to follow, easier to modify, easier to extend, possibly slightly + faster - https://dev.azure.com/daniel0244/curl/_build/results?buildId=17528 (before) - https://dev.azure.com/daniel0244/curl/_build/results?buildId=17545 (after, wi - th -j3) + - each case now has the long option as a comment - Closes #11952 +- tool_getparam: bsearch cmdline options -- CI/azure: migrate old mingw MSYS1 jobs to MSYS2 + - the option names are now alpha sorted and lookup is a lot faster - Also delete an accidental variable reference. + - use case sensitive matching. It was previously case insensitive, but that + was not documented nor tested. - Follow-up to 38029101e2d78ba125732b3bab6ec267b80a0e72 + - remove "partial match" feature. It was not documented, not tested and + was always fragile as existing use could break when we add a new + option - Closes #11945 + - lookup short options via a table -Daniel Stenberg (26 Sep 2023) + Closes #12631 -- docs: add see also curl_multi_get_handles to some man pages +Gabe (8 Jan 2024) - Assisted-by: Jay Satiro +- COPYING: update copyright year - Closes #11942 + Closes #12654 -Viktor Szakats (26 Sep 2023) +Stefan Eissing (8 Jan 2024) -- cmake: assume `_fseeki64` and no `fseeko` on Windows +- url: init conn->sockfd and writesockfd to CURL_SOCKET_BAD - `_fseeki64` is present in mingw-w64 1.0 (2011-09-26) headers, and - at least Watcom C 1.9 (2010) headers and MSVS 2008 [1]. + Also add more tracing to test 19 - `fseeko` is not present in any of these. + Follow-up to a0f9480 - (mingw-w64 1.0 also offers `fseeko64`.) + Fixes #12657 + Closes #12659 - [1] https://github.com/curl/curl/pull/11944#issuecomment-1734995004 +Daniel Stenberg (8 Jan 2024) - Follow-up to 9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93 #11918 +- connect: remove margin from eyeballer alloc - Closes #11950 + Presumably leftovers from debugging -- build: delete checks for C89 standard headers + Closes #12647 - Delete checks and guards for standard C89 headers and assume these are - available: `stdio.h`, `string.h`, `time.h`, `setjmp.h`, `stdlib.h`, - `stddef.h`, `signal.h`. +- ftp: only consider entry path if it has a length - Some of these we already used unconditionally, some others we only used - for feature checks. + Follow-up from 8edcfedc1a144f438bd1cdf814a0016cb - Follow-up to 9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93 #11918 (for `stdio.h` i - n CMake) + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65631 - Closes #11940 + Avoids a NULL pointer deref. -Stefan Eissing (26 Sep 2023) + Closes #12648 -- multiif.h: remove Curl_multi_dump declaration +Stefan Eissing (7 Jan 2024) - Follow-up to d850eea2 which removed the Curl_multi_dump definition. +- transfer: adjust_pollset improvements - Closes https://github.com/curl/curl/pull/11946 + - let `multi_getsock()` initialize the pollset in what the + transfer state requires in regards to SEND/RECV + - change connection filters `adjust_pollset()` implementation + to react on the presence of POLLIN/-OUT in the pollset and + no longer check CURL_WANT_SEND/CURL_WANT_RECV + - cf-socket will no longer add POLLIN on its own + - http2 and http/3 filters will only do adjustments if the + passed pollset wants to POLLIN/OUT for the transfer on + the socket. This is similar to the HTTP/2 proxy filter + and works in stacked filters. -Jay Satiro (26 Sep 2023) + Closes #12640 -- config-win32: define HAVE__FSEEKI64 +Daniel Stenberg (6 Jan 2024) - Follow-up to 9c7165e9 which added an fseeko wrapper to the lib that - calls _fseeki64 if it is available. +- ftp: use memdup0 to store the OS from a SYST 215 response - Closes https://github.com/curl/curl/pull/11944 + avoid malloc + direct buffer fiddle -- docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER + Closes #12639 - - Explain that peer verification via CURLOPT_PINNEDPUBLICKEY takes place - even if peer verification via CURLOPT_SSL_VERIFYPEER is turned off. +- ftp: use dynbuf to store entrypath - The behavior is verified by test2048. + avoid direct malloc - Bug: https://github.com/curl/curl/issues/2935#issuecomment-418371872 - Reported-by: claudiusaiz@users.noreply.github.com + Closes #12638 - Bug: https://github.com/curl/curl/discussions/11910 - Reported-by: Hakan Sunay Halil +Lealem Amedie (6 Jan 2024) - Closes https://github.com/curl/curl/pull/11930 +- wolfssl: load certificate *chain* for PEM client certs -Stefan Eissing (26 Sep 2023) + Closes #12634 -- openssl: improve ssl shutdown handling +Stefan Eissing (4 Jan 2024) - - If SSL shutdown is not finished then make an additional call to - SSL_read to gather additional tracing. +- http: adjust_pollset fix - - Fix http2 and h2-proxy filters to forward do_close() calls to the next - filter. + do not add a socket for POLLIN when the transfer does not want to send + (for example is paused). - For example h2 and SSL shutdown before and after this change: + Follow-up to 47f5b1a - Before: + Reported-by: bubbleguuum on github + Fixes #12632 + Closes #12633 - Curl_conn_close -> cf_hc_close -> Curl_conn_cf_discard_chain -> - ssl_cf_destroy +Daniel Stenberg (3 Jan 2024) - After: +- tool: make parser reject blank arguments if not supported - Curl_conn_close -> cf_hc_close -> cf_h2_close -> cf_setup_close -> - ssl_cf_close + Already in the getstr() function that clones the input argument. - Note that currently the tracing does not show output on the connection - closure handle. Refer to discussion in #11878. + Closes #12620 - Ref: https://github.com/curl/curl/discussions/11878 +dependabot[bot] (3 Jan 2024) - Closes https://github.com/curl/curl/pull/11858 +- build(deps): bump github/codeql-action from 2 to 3 -Loïc Yhuel (26 Sep 2023) + Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 + to 3. + - [Release notes](https://github.com/github/codeql-action/releases) + - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) + - [Commits](https://github.com/github/codeql-action/compare/v2...v3) -- multi: fix small timeouts + --- + updated-dependencies: + - dependency-name: github/codeql-action + dependency-type: direct:production + update-type: version-update:semver-major + ... - Since Curl_timediff rounds down to the millisecond, timeouts which - expire in less than 1ms are considered as outdated and removed from the - list. We can use Curl_timediff_us instead, big timeouts could saturate - but this is not an issue. + Signed-off-by: dependabot[bot] - Closes #11937 + Closes #12625 -Viktor Szakats (25 Sep 2023) +- build(deps): bump actions/checkout from 3 to 4 -- cmake: fix stderr initialization in unity builds + Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. + - [Release notes](https://github.com/actions/checkout/releases) + - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) + - [Commits](https://github.com/actions/checkout/compare/v3...v4) - Before this patch, in certain build configurations the curl tool may - not have displayed anything (debug, macOS), or crashed at startup - (debug, Windows). + --- + updated-dependencies: + - dependency-name: actions/checkout + dependency-type: direct:production + update-type: version-update:semver-major + ... - Follow-up to 3f8fc25720900b14b7432f4bd93407ca15311719 - Necessary after 2f17a9b654121dd1ecf4fc043c6d08a9da3522db + Signed-off-by: dependabot[bot] - Closes #11929 + Closes #12624 -- cmake: fix missing `zlib.h` when compiling `libcurltool` +- build(deps): bump actions/upload-artifact from 3 to 4 - Came up while testing debug/testing build for Windows. I'm not sure why - it didn't come up in earlier tests with similar config. - `tool_hugehelp.c` might indeed require `zlib.h` and without linking - `CURL_LIBS` to the `curltool` target, CMake doesn't seem to add detected - dependency headers to the compiler command. + Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) f + rom 3 to 4. + - [Release notes](https://github.com/actions/upload-artifact/releases) + - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) - ``` - [ 25%] Building C object src/CMakeFiles/curltool.dir/tool_hugehelp.c.obj - cd .../curl/bld-cmake-llvm-x64/src && /usr/local/opt/llvm/bin/clang - --target=x86_64-w64-mingw32 --sysroot=/usr/local/opt/mingw-w64/toolchain-x8 - 6_64 - -DCURLDEBUG -DCURL_STATICLIB -DHAVE_CONFIG_H -DUNICODE -DUNITTESTS -D_UNICO - DE - -I.../curl/include -I.../curl/lib -I.../curl/bld-cmake-llvm-x64/lib - -I.../curl/bld-cmake-llvm-x64/include -I.../curl/src -Wno-unused-command-li - ne-argument - -D_UCRT -DDEBUGBUILD -DHAS_ALPN -DUSE_MANUAL=1 -fuse-ld=lld -Wl,-s -static - -libgcc - -lucrt [...] -O3 -DNDEBUG -municode -MD - -MT src/CMakeFiles/curltool.dir/tool_hugehelp.c.obj - -MF CMakeFiles/curltool.dir/tool_hugehelp.c.obj.d - -o CMakeFiles/curltool.dir/tool_hugehelp.c.obj -c .../curl/bld-cmake-llvm-x - 64/src/tool_hugehelp.c - .../curl/bld-cmake-llvm-x64/src/tool_hugehelp.c:6:10: fatal error: 'zlib.h' f - ile not found - 6 | #include - | ^~~~~~~~ - ``` + --- + updated-dependencies: + - dependency-name: actions/upload-artifact + dependency-type: direct:production + update-type: version-update:semver-major + ... - Follow-up to 39e7c22bb459c2e818f079984989a26a09741860 + Signed-off-by: dependabot[bot] - Closes #11927 + Closes #12627 -- cmake: fix duplicate symbols when linking tests +- build(deps): bump actions/download-artifact from 3 to 4 - The linker resolves this automatically in non-unity builds. In unity - builds the linker cannot drop a single object with the duplicates, - resulting in these errors. The root issue is that we started including - certain objects both via both libcurlu and libcurltool libs. + Bumps [actions/download-artifact](https://github.com/actions/download-artifac + t) from 3 to 4. + - [Release notes](https://github.com/actions/download-artifact/releases) + - [Commits](https://github.com/actions/download-artifact/compare/v3...v4) - Regression from 39e7c22bb459c2e818f079984989a26a09741860 + --- + updated-dependencies: + - dependency-name: actions/download-artifact + dependency-type: direct:production + update-type: version-update:semver-major + ... - Windows errors: - ``` - [ 3%] Linking C executable unit1303.exe - [ 3%] Building C object tests/server/CMakeFiles/rtspd.dir/__/__/lib/curl_mul - tibyte.c.obj - ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_convert_UTF8_to_wch - ar': - C:/projects/curl/lib/curl_multibyte.c:44: multiple definition of `curlx_conve - rt_UTF8_to_wchar' - ../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte. - c:44: first defined here - ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_convert_wchar_to_UT - F8': - C:/projects/curl/lib/curl_multibyte.c:66: multiple definition of `curlx_conve - rt_wchar_to_UTF8' - ../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte. - c:66: first defined here - ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_win32_open': - C:/projects/curl/lib/curl_multibyte.c:92: multiple definition of `curlx_win32 - _open' - ../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte. - c:92: first defined here - ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_win32_fopen': - C:/projects/curl/lib/curl_multibyte.c:120: multiple definition of `curlx_win3 - 2_fopen' - ../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte. - c:120: first defined here - ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_win32_stat': - [...] - ``` - Ref: https://ci.appveyor.com/project/curlorg/curl/builds/48110107/job/nvlhpt9 - aa4ehny5q#L247 + Signed-off-by: dependabot[bot] - macOS errors: - ``` - [ 56%] Linking C executable unit1302 - duplicate symbol '_curlx_sotouz' in: - ../../lib/libcurlu.a(unity_0_c.c.o) - ../../src/libcurltool.a(unity_0_c.c.o) - duplicate symbol '_curlx_sitouz' in: - ../../lib/libcurlu.a(unity_0_c.c.o) - ../../src/libcurltool.a(unity_0_c.c.o) - duplicate symbol '_curlx_uztosz' in: - ../../lib/libcurlu.a(unity_0_c.c.o) - ../../src/libcurltool.a(unity_0_c.c.o) - [...] - ``` - with config: - ``` - -DCMAKE_UNITY_BUILD=ON \ - -DENABLE_DEBUG=ON -DBUILD_TESTING=ON -DCMAKE_C_FLAGS=-DDEBUGBUILD \ - -DBUILD_SHARED_LIBS=ON \ - -DBUILD_STATIC_LIBS=OFF - ``` + Closes #12626 - Closes #11926 +Stefan Eissing (3 Jan 2024) -- cmake: lib `CURL_STATICLIB` fixes (Windows) +- http3/quiche: fix result code on a stream reset - - always define `CURL_STATICLIB` when building libcurl for Windows. + - fixes pytest failures in test 07_22 + - aligns CURLcode values on stream reset with ngtcp2 - This disables `__declspec(dllexport)` for exported libcurl symbols. - In normal mode (hide symbols) these exported symbols are specified - via `libcurl.def`. When not hiding symbols, all symbols are exported - by default. + Closes #12629 - Regression from 1199308dbc902c52be67fc805c72dd2582520d30 +Daniel Stenberg (2 Jan 2024) - Fixes #11844 +- setopt: clear mimepost when formp is freed - - fix to omit `libcurl.def` when not hiding private symbols. + A precaution to avoid a possibly dangling pointer left behind. - Regression from 2ebc74c36a19a1700af394c16855ce144d9878e3 + Reported-by: Thomas Ferguson + Fixes #12608 + Closes #12621 - - fix `ENABLED_DEBUG=ON` + shared curl tool Windows builds by also - omitting `libcurl.def` in this case, and exporting all symbols - instead. This ensures that a shared curl tool can access all debug - functions which are not normally exported from libcurl DLL. +Andy Alt (2 Jan 2024) - - delete `INTERFACE_COMPILE_DEFINITIONS "CURL_STATICLIB"` for "objects" - target. +- CI: Add dependabot.yml - Follow-up to 2ebc74c36a19a1700af394c16855ce144d9878e3 + This will cause dependabot to open a PR when various actions are + updated, provided that the action maintainer has issued a release. - - delete duplicate `BUILDING_LIBCURL` definitions. + Closes #12623 - - fix `HIDES_CURL_PRIVATE_SYMBOLS` to not overwrite earlier build settings. +Gisle Vanem (2 Jan 2024) - Follow-up to 1199308dbc902c52be67fc805c72dd2582520d30 +- content_encoding: change return code to typedef'ed enum - Closes #11914 + ... to work around a clang ubsan warning. -Daniel Stenberg (25 Sep 2023) + Fixes #12618 + Closes #12622 -- RELEASE-NOTES: synced +Daniel Stenberg (2 Jan 2024) -Dan Fandrich (25 Sep 2023) +- tool: prepend output_dir in header callback -- tests: fix log directory path in IPFS tests + When Content-Disposition parsing is used and an output dir is prepended, + make sure to store that new file name correctly so that it can be used + for setting the file timestamp when --remote-time is used. - Hard-coding the log directory name fails with parallel tests. + Extended test 3012 to verify. - Follow-up to 65b563a96 + Co-Authored-by: Jay Satiro + Reported-by: hgdagon on github + Fixes #12614 + Closes #12617 - Ref: #8805 +- test1254: fix typo in name plus shorten it -Daniel Stenberg (25 Sep 2023) +- RELEASE-NOTES: synced -- curl_multi_get_handles: get easy handles from a multi handle +Viktor Szakats (2 Jan 2024) - Closes #11750 +- schannel: fix `-Warith-conversion` gcc 13 warning -Stefan Eissing (25 Sep 2023) + ``` + lib/vtls/schannel.c:1201:22: warning: conversion to 'unsigned int' from 'int' + may change the sign of the result [-Warith-conversion] + 1201 | *extension_len = *list_len + + | ^ + ``` -- http: h1/h2 proxy unification + Closes #12616 - - use shared code for setting up the CONNECT request - when tunneling, used in HTTP/1.x and HTTP/2 proxying - - eliminate use of Curl_buffer_send() and other manipulations - of `data->req` or `data->state.ulbuf` +- asyn-thread: silence `-Wcast-align` warning for Windows - Closes #11808 + Seen with llvm/clang 17: + ``` + lib/asyn-thread.c:310:5: warning: cast from 'PCHAR' (aka 'char *') to 'struct + thread_sync_data *' increases required alignment from 1 to 8 [-Wcast-align] + 310 | CONTAINING_RECORD(overlapped, struct thread_sync_data, w8.overlap + ped); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ~~~~ + .../llvm-mingw/aarch64-w64-mingw32/include/winnt.h:717:48: note: expanded fro + m macro 'CONTAINING_RECORD' + 717 | #define CONTAINING_RECORD(address,type,field) ((type *)((PCHAR)(addre + ss) - (ULONG_PTR)(&((type *)0)->field))) + | ^~~~~~~~~~~~~~~~~~~~~~ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ``` -Natanael Copa (25 Sep 2023) + Follow-up to a6bbc87f9e9ffb46a1801dfb983e7534825ed56b #12482 -- lib: use wrapper for curl_mime_data fseek callback + Ref: https://github.com/curl/curl/pull/12482#issuecomment-1873017261 + Closes #12615 - fseek uses long offset which does not match with curl_off_t. This leads - to undefined behavior when calling the callback and caused failure on - arm 32 bit. +Daniel Stenberg (2 Jan 2024) - Use a wrapper to solve this and use fseeko which uses off_t instead of - long. +- tool_listhelp: regenerate after recent .d updates - Thanks to the nice people at Libera IRC #musl for helping finding this - out. + Makes it survive test 1478 - Fixes #11882 - Fixes #11900 - Closes #11918 + Closes #12612 -- configure: sort AC_CHECK_FUNCS +- test1478: verify src/tool_listhelp.c - No functional changes. + Verify that the source file on disk is identical to the output of gen.pl + listhelp, as otherwise they are out of sync and need attention. -Daniel Stenberg (25 Sep 2023) + Closes #12612 -- warnless: remove unused functions +- testutil: make runtests support %include - Previously put there for use with the intel compiler + Using this instruction, a test case can include the contents of a file + into the test during the preprocessing. - Closes #11932 + Closes #12612 -- GHA/linux: run singleuse to detect single-use global functions +- runtests: for mode="text" on , fix newlines on both parts - Use --unit for configure --enable-debug builds + Closes #12612 - Closes #11932 +Jay Satiro (2 Jan 2024) -- singleuse: add scan for use in other source codes +- quiche: return CURLE_HTTP3 on send to invalid stream - This should reduce false-positive to almost zero. Checks for presence in - unit tests if --unit is specified, which is intended for debug builds - where unit testing is enabled. + Prior to this change if a send failed on a stream in an invalid state + (according to quiche) and not marked as closed (according to libcurl) + then the send function would return CURLE_SEND_ERROR. - Closes #11932 + We already have similar code for ngtcp2 to return CURLE_HTTP3 in this + case. -- multi: remove Curl_multi_dump + Caught by test test_07_upload.py: test_07_22_upload_parallel_fail. - A debug-only function that is basically never used. Removed to ease the - use of the singleuse script to detect non-static functions not used - outside the file where it is defined. + Fixes https://github.com/curl/curl/issues/12590 + Closes https://github.com/curl/curl/pull/12597 - Closes #11931 +Daniel Stenberg (1 Jan 2024) -Viktor Szakats (24 Sep 2023) +- cmdline-opts: update availability for the *-ca-native options -- tests: fix compiler warnings + Closes #12613 - Seen with llvm 17 on Windows x64. +Patrick Monnerat (31 Dec 2023) - ``` - .../curl/tests/server/rtspd.c:136:13: warning: no previous extern declaration - for non-static variable 'logdir' [-Wmissing-variable-declarations] - 136 | const char *logdir = "log"; - | ^ - .../curl/tests/server/rtspd.c:136:7: note: declare 'static' if the variable i - s not intended to be used outside of this translation unit - 136 | const char *logdir = "log"; - | ^ - .../curl/tests/server/rtspd.c:137:6: warning: no previous extern declaration - for non-static variable 'loglockfile' [-Wmissing-variable-declarations] - 137 | char loglockfile[256]; - | ^ - .../curl/tests/server/rtspd.c:137:1: note: declare 'static' if the variable i - s not intended to be used outside of this translation unit - 137 | char loglockfile[256]; - | ^ - .../curl/tests/server/fake_ntlm.c:43:13: warning: no previous extern declarat - ion for non-static variable 'logdir' [-Wmissing-variable-declarations] - 43 | const char *logdir = "log"; - | ^ - .../curl/tests/server/fake_ntlm.c:43:7: note: declare 'static' if the variabl - e is not intended to be used outside of this translation unit - 43 | const char *logdir = "log"; - | ^ - .../curl/src/tool_doswin.c:350:8: warning: possible misuse of comma operator - here [-Wcomma] - 350 | ++d, ++s; - | ^ - .../curl/src/tool_doswin.c:350:5: note: cast expression to void to silence wa - rning - 350 | ++d, ++s; - | ^~~ - | (void)( ) - ``` +- openldap: fix STARTTLS - ``` - .../curl/tests/libtest/lib540.c:146:27: warning: result of comparison 'long' - > 2147483647 is always false [-Wtautological-type-limit-compare] - 146 | int itimeout = (L > (long)INT_MAX) ? INT_MAX : (int)L; - | ~ ^ ~~~~~~~~~~~~~ - 1 warning generated. + It was not working anymore since introduction of connection filters. - .../curl/tests/libtest/libntlmconnect.c:195:31: warning: result of comparison - 'long' > 2147483647 is always false [-Wtautological-type-limit-compare] - 195 | int itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeo - ut; - | ~~~~~~~ ^ ~~~~~~~~~~~~~ - 1 warning generated. + Also do not attempt to recover from a failing TLS negotiation with + CURLUSESSL_TRY. - .../curl/tests/libtest/lib591.c:117:31: warning: result of comparison 'long' - > 2147483647 is always false [-Wtautological-type-limit-compare] - 117 | int itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeo - ut; - | ~~~~~~~ ^ ~~~~~~~~~~~~~ - 1 warning generated. - .../curl/tests/libtest/lib597.c:99:31: warning: result of comparison 'long' > - 2147483647 is always false [-Wtautological-type-limit-compare] - 99 | int itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeo - ut; - | ~~~~~~~ ^ ~~~~~~~~~~~~~ - 1 warning generated. - ``` + Closes #12610 - Seen on macOS Intel: - ``` - .../curl/tests/server/sws.c:440:64: warning: field precision should have type - 'int', but argument has type 'size_t' (aka 'unsigned long') [-Wformat] - msnprintf(logbuf, sizeof(logbuf), "Got request: %s %.*s HTTP/%d.%d" - , - ~~^~ - 1 warning generated. - ``` +Daniel Stenberg (31 Dec 2023) - Closes #11925 +- haproxy-clientip.d: document the arg -Jay Satiro (24 Sep 2023) + The arg keyword was missing and therefore not present in the man page. -- url: fix netrc info message + Closes #12611 - - Fix netrc info message to use the generic ".netrc" filename if the - user did not specify a netrc location. +annalee (29 Dec 2023) - - Update --netrc doc to add that recent versions of curl on Windows - prefer .netrc over _netrc. +- configure: fix no default int compile error in ipv6 detection - Before: - * Couldn't find host google.com in the (nil) file; using defaults + Closes #12607 - After: - * Couldn't find host google.com in the .netrc file; using defaults +Dan Fandrich (28 Dec 2023) - Closes https://github.com/curl/curl/pull/11904 +- CI: Fix use of any-glob-to-all-files in the labeler -Dan Fandrich (23 Sep 2023) + Despite its name, this atom acts like one-glob-to-all-files and a + different syntax with braces must be used to get + any-glob-to-all-files semantics. Unfortunately, this makes the file + completely unreadable. -- wolfssh: do cleanup in Curl_ssh_cleanup + Ref: https://github.com/actions/labeler/issues/731 - Closes: #11921 +Daniel Stenberg (29 Dec 2023) -Daniel Stenberg (24 Sep 2023) +- CURLOPT_AUTOREFERER.3: mention CURLINFO_REFERER -- tool_listhelp: regenerated +- CURLINFO_REFERER.3: clarify that it is the *request* header - Polished the --ipfs-gateway description + That libcurl itself sent in the most recent request - Fixed the --trace-config description + Closes #12605 - The script also fixed some other small mistakes +Jay Satiro (28 Dec 2023) - Closes #11923 +- system_win32: fix a function pointer assignment warning -Viktor Szakats (23 Sep 2023) + - Use CURLX_FUNCTION_CAST to suppress a function pointer assignment + warning. -- Makefile.mk: always set `CURL_STATICLIB` for lib (Windows) + a6bbc87f added lookups of some Windows API functions and then cast them + like `*(FARPROC*)&Curl_funcname = address`. Some versions of gcc warn + about that as breaking strict-aliasing rules so this PR changes those + assignments to use CURLX_FUNCTION_CAST. - Also fix to export all symbols in Windows debug builds, making - `-debug-dyn` builds work with `-DCURL_STATICLIB` set. + Bug: https://github.com/curl/curl/pull/12581#issuecomment-1869804317 + Reported-by: Marcel Raad - Ref: https://github.com/curl/curl/pull/11914 (same for CMake) + Closes https://github.com/curl/curl/pull/12602 - Closes #11924 +- verify-examples.pl: fail verification on unescaped backslash -Daniel Stenberg (23 Sep 2023) + - Check that all backslashes in EXAMPLE are properly escaped. -- quic: set ciphers/curves the same way regular TLS does + eg manpage must always use `\\n` never `\n`. - for OpenSSL/BoringSSL + This is because the manpage requires we always double blackslash to show + a single backslash. Prior to this change an erroneous single backslash + would pass through and compile even though it would not show correctly + in the manpage. - Fixes #11796 - Reported-by: Karthikdasari0423 on github - Assisted-by: Jay Satiro - Closes #11836 + Co-authored-by: Daniel Stenberg -- test457: verify --max-filesize with chunked encoding + Ref: https://github.com/curl/curl/pull/12588 -- lib: let the max filesize option stop too big transfers too + Closes https://github.com/curl/curl/pull/12589 - Previously it would only stop them from getting started if the size is - known to be too big then. +- vtls: fix missing multissl version info - Update the libcurl and curl docs accordingly. + - Fix erroneous buffer copy logic from ff74cef5. - Fixes #11810 - Reported-by: Elliot Killick - Assisted-by: Jay Satiro - Closes #11820 + Prior to this change the MultiSSL version info returned to the user + was empty. -Viktor Szakats (23 Sep 2023) + Closes https://github.com/curl/curl/pull/12599 -- mingw: delete support for legacy mingw.org toolchain +Daniel Stenberg (27 Dec 2023) - Drop support for "old" / "legacy" / "classic" / "v1" / "mingw32" MinGW: - https://en.wikipedia.org/wiki/MinGW, https://osdn.net/projects/mingw/ - Its homepage used to be http://mingw.org/ [no HTTPS], and broken now. - It supported the x86 CPU only and used a old Windows API header and - implib set, often causing issues. It also misses most modern Windows - features, offering old versions of both binutils and gcc (no llvm/clang - support). It was last updated 2 years ago. +- KNOWN_BUGS: [RTSP] Some methods do not support response bodies - curl now relies on toolchains based on the mingw-w64 project: - https://www.mingw-w64.org/ https://sourceforge.net/projects/mingw-w64/ - https://www.msys2.org/ https://github.com/msys2/msys2 - https://github.com/mstorsjo/llvm-mingw - (Also available via Linux and macOS package managers.) + Closes #12414 - Closes #11625 +Patrick Monnerat (27 Dec 2023) -Mark Gaiser (23 Sep 2023) +- openldap: fix an LDAP crash -- curl: add support for the IPFS protocols: + Reported-by: Ozan Cansel + Fixes #12593 + Closes #12600 - - ipfs:// - - ipns:// +Daniel Stenberg (27 Dec 2023) - This allows you tu use ipfs in curl like: - curl ipfs:// - and - curl ipns:// +- getinfo: CURLINFO_QUEUE_TIME_T - For more information consult the readme at: - https://curl.se/docs/ipfs.html + Returns the time, in microseconds, during which this transfer was held + in a waiting queue before it started "for real". A transfer might be put + in a queue if after getting started, it cannot create a new connection + etc due to set conditions and limits imposed by the application. - Closes #8805 + Ref: #12293 + Closes #12368 -Daniel Stenberg (23 Sep 2023) +- RELEASE-NOTES: synced -- bufq: remove Curl_bufq_skip_and_shift (unused) +Jay Satiro (26 Dec 2023) - Closes #11915 +- examples/sendrecv: fix comment line length -- scripts/singleuse.pl: add curl_global_trace + Caught by checksrc. -Viktor Szakats (22 Sep 2023) +Haydar Alaidrus (23 Dec 2023) -- cmake: fix unity symbol collisions in h2 builds +- CURLOPT_POSTFIELDS.3: fix incorrect C string escape in example - Regression from 331b89a319d0067fa1e6441719307cfef9c7960f + - Escape inner quotes with two backslashes. - Reviewed-by: Daniel Stenberg - Reviewed-by: Jay Satiro - Closes #11912 + Two backslashes escapes the backslash for the man page and will show as + a single backslash. -Daniel Stenberg (22 Sep 2023) + eg: "{\\"name\\": \\"daniel\\"}" shows as "{\"name\": \"daniel\"}". -- RELEASE-NOTES: synced + Closes https://github.com/curl/curl/pull/12588 -Dan Fandrich (21 Sep 2023) +Viktor Szakats (23 Dec 2023) -- github/labeler: improve the match patterns +- appveyor: tidy-ups - This includes new rules for setting the appleOS and logging labels and - matches on some example files. Also, enable dot mode for wildcard - matches in the .github directory. + - replace two remaining backslashes with forward slashes. + - tidy up the way we form and pass `TFLAGS`. -Daniel Stenberg (21 Sep 2023) + Follow-up to 2d4d0c1fd32f5cc3f946c407c8eccd5477b287df #12572 -- upload-file.d: describe the file name slash/backslash handling + Closes #12582 - Closes #11911 +Stefan Eissing (22 Dec 2023) -Jakub Jelen (21 Sep 2023) +- transfer: fix upload rate limiting, add test cases -- libssh: cap SFTP packet size sent + - add test cases for rate limiting uploads for all + http versions + - fix transfer loop handling of limits. Signal a re-receive + attempt only on exhausting maxloops without an EAGAIN + - fix `data->state.selectbits` forcing re-receive to also + set re-sending when transfer is doing this. - Due to libssh limitations + Reported-by: Karthikdasari0423 on github + Fixes #12559 + Closes #12586 - Signed-off-by: Jakub Jelen +Daniel Stenberg (22 Dec 2023) - Closes #11804 +- mbedtls: free the entropy when threaded -Daniel Stenberg (21 Sep 2023) + The entropy_free was never done for threaded builds, causing a small + (fixed) memory leak. -- curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0 + Reported-by: RevaliQaQ on github + Fixes #12584 + Closes #12585 - Closes #11905 +Stefan Eissing (22 Dec 2023) -- mailmap: unify Michael Osipov under a single email +- http2: improved on_stream_close/data_done handling -Ted Lyngmo (21 Sep 2023) + - there seems to be a code path that cleans up easy handles without + triggering DONE or DETACH events to the connection filters. This + would explain wh nghttp2 still holds stream user data + - add GOOD check to easy handle used in on_close_callback to + prevent crashes, ASSERTs in debug builds. + - NULL the stream user data early before submitting RST + - add checks in on_stream_close() to identify UNGOOD easy handles -- docs: use CURLSSLBACKEND_NONE + Reported-by: Hans-Christian Egtvedt + Fixes #10936 + Closes #12562 - [ssl] use CURLSSLBACKEND_NONE instead of (curl_sslbackend)-1 in - documentation and examples. +Daniel Stenberg (22 Dec 2023) - Signed-off-by: Ted Lyngmo +- mprintf: overhaul and bugfixes - Closes #11909 + In a test case using lots of snprintf() calls using many commonly used + %-codes per call, this version is around 30% faster than previous + version. -Dan Fandrich (21 Sep 2023) + It also fixes the #12561 bug which made it not behave correctly when + given unknown %-sequences. Fixing that flaw required a different take on + the problem, which resulted in the new two-arrays model. -- github/labeler: give the sync-labels config item a default value + lib557: extended - Verify the #12561 fix and test more printf features - This shouldn't be necessary and is likely a bug with this beta version - of the labeller. + unit1398: fix test: It used a $ only for one argument, which is not + supported. - Also, fix the negative matches for the documentation label. + Fixes #12561 + Closes #12563 - Follow-up to dd12b452a - Closes #11907 +Viktor Szakats (21 Dec 2023) -- github/labeler: fix up more the labeler config format +- appveyor: replace PowerShell with bash + parallel autotools - The new version didn't like the workaround we had for a bug in the - previous labeler version, and it should no longer be needed. + PowerShell works (after a steep development curve), but one property of + it stuck and kept causing unresolvable usability issues: With + `$ErrorActionPreference=Stop`, it does abort on failures, but shows only + the first line of the error message. In `Continue` mode, it shows the + full error message, but doesn't stop on all errors. Another issue is + PowerShell considering any stderr output as if the command failed (this + has been improved in 7.2 (2021-Nov), but fixed versions aren't running + in CI and will not be for a long time in all test images.) - Follow-up to dd12b452a - Closes #11906 + Thus, we're going with bash. -- github/labeler: fix indenting to try to appease labeller + Also: + - use `-j2` with autotools tests, making them finish 5-15 minutes per + job faster. + - omit `POSIX_PATH_PREFIX`. + - use `WINDIR`. + - prefer forward slashes. - Follow-up to dd12b452a + Follow-up to: 75078a415d9c769419aed4153d3d525a8eba95af #11999 + Ref: #12444 -Jay Satiro (21 Sep 2023) + Fixes #12560 + Closes #12572 -- libssh2: fix error message on failed pubkey-from-file +Pavel Pavlov (21 Dec 2023) - - If libssh2_userauth_publickey_fromfile_ex returns -1 then show error - message "SSH public key authentication failed: Reason unknown (-1)". +- asyn-thread: use GetAddrInfoExW on >= Windows 8 - When libssh2_userauth_publickey_fromfile_ex returns -1 it does so as a - generic error and therefore doesn't set an error message. AFAICT that is - not documented behavior. + For doing async DNS resolution instead of starting a thread for each + request. - Prior to this change libcurl retrieved the last set error message which - would be from a previous function failing. That resulted in misleading - auth failed error messages in verbose mode. + Fixes #12481 + Closes #12482 - Bug: https://github.com/curl/curl/issues/11837#issue-1891827355 - Reported-by: consulion@users.noreply.github.com +Daniel Stenberg (21 Dec 2023) - Closes https://github.com/curl/curl/pull/11881 +- strerror: repair get_winsock_error() -Stefan Eissing (21 Sep 2023) + It would try to read longer than the provided string and crash. -- pytest: exclude test_03_goaway in CI runs due to timing dependency + Follow-up to ff74cef5d4a0cf60106517a1c7384 + Reported-by: calvin2021y on github + Fixes #12578 + Closes #12579 - Closes #11860 +- CURLOPT_SSH_*_KEYFILE: clarify -- lib: disambiguate Curl_client_write flag semantics + Closes #12554 - - use CLIENTWRITE_BODY *only* when data is actually body data - - add CLIENTWRITE_INFO for meta data that is *not* a HEADER - - debug assertions that BODY/INFO/HEADER is not used mixed - - move `data->set.include_header` check into Curl_client_write - so protocol handlers no longer have to care - - add special in FTP for `data->set.include_header` for historic, - backward compatible reasons - - move unpausing of client writes from easy.c to sendf.c, so that - code is in one place and can forward flags correctly +ivanfywang (21 Dec 2023) - Closes #11885 +- ngtcp2: put h3 at the front of alpn -Patrick Monnerat (21 Sep 2023) + Closes #12576 -- tftpd: always use curl's own tftp.h +Daniel Stenberg (21 Dec 2023) - Using the system's provided arpa/tftp.h and optimizing, GCC 12 detects - and reports a stringop-overread warning: +- test460: verify a command line using --expand with no argument - tftpd.c: In function ‘write_behind.isra’: - tftpd.c:485:12: warning: ‘write’ reading between 1 and 2147483647 bytes f - rom a region of size 0 [-Wstringop-overread] - 485 | return write(test->ofile, writebuf, count); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - In file included from tftpd.c:71: - /usr/include/arpa/tftp.h:58:30: note: source object ‘tu_data’ of size 0 - 58 | char tu_data[0]; /* data or error stri - ng */ - | ^~~~~~~ + This verifies the fix for #12565 - This occurs because writebuf points to this field and the latter - cannot be considered as being of dynamic length because it is not - the last field in the structure. Thus it is bound to its declared - size. +- tool_getparam: do not try to expand without an argument - This commit always uses curl's own version of tftp.h where the - target field is last in its structure, effectively avoiding the - warning. + This would lead to a segfault. - As HAVE_ARPA_TFTP_H is not used anymore, cmake/configure checks for - arpa/tftp.h are removed. + Fixes #12565 + Reported-by: Geeknik Labs + Closes #12575 - Closes #11897 +- RELEASE-NOTES: synced -Dan Fandrich (20 Sep 2023) + Bumped version to 8.6.0 because of changes -- test1474: make precheck more robust on non-Solaris systems +- Makefile.am: fix the MSVC project generation - If uname -r returns something odd, perl could return an error code and - the test would be erroneously skipped. The qx// syntax avoid this. + It made the vcxproj files not get included in dist tarballs. - Followup to 08f9b2148 + Regression since 74423b5df4c8117891eb89 (8.5.0) -- github/labeler: switch to the 5 beta version + Reported-by: iAroc on github + Fixes #12564 + Closes #12567 - This version adds an important feature that will allow more PRs to be - labelled. Rather than being limited to labeling PRs with files that - match a single glob, it can now label them if multiple changed files - match any one of a number of globs. +zengwei2000 (21 Dec 2023) -Daniel Stenberg (20 Sep 2023) +- altsvc: free 'as' when returning error -- lib: enable hmac for digest as well + Closes #12570 - Previously a build that disabled NTLM and aws-sigv4 would fail to build - since the hmac was disabled, but it is also needed for digest auth. + Signed-off-by: zengwei - Follow-up to e92edfbef64448ef +Viktor Szakats (20 Dec 2023) - Fixes #11890 - Reported-by: Aleksander Mazur - Closes #11896 +- build: fix `-Wconversion`/`-Wsign-conversion` warnings -- idn: if idn2_check_version returns NULL, return error + Fix remaining warnings in examples and tests which are not suppressed + by the pragma in `lib/curl_setup.h`. - ... this avoids a NULL dereference for this unusual case. + Silence a toolchain issue causing warnings in `FD_SET()` calls with + older Cygwin/MSYS2 builds. Likely fixed on 2020-08-03 by: + https://cygwin.com/git/?p=newlib-cygwin.git;a=commitdiff;h=5717262b8ecfed0f7f + ab63e2c09c78991e36f9dd - Reported-by: s0urc3_ on hackerone - Closes #11898 + Follow-up to 2dbe75bd7f3c36837aa06fd87a442bdf3fb7faef #12492 -- http: fix CURL_DISABLE_BEARER_AUTH breakage + Closes #12557 - When bearer auth was disabled, the if/else logic got wrong and caused - problems. +- build: fix some `-Wsign-conversion`/`-Warith-conversion` warnings - Follow-up to e92edfbef64448ef461 - Fixes #11892 - Reported-by: Aleksander Mazur - Closes #11895 + - enable `-Wsign-conversion` warnings, but also setting them to not + raise errors. + - fix `-Warith-conversion` warnings seen in CI. + These are triggered by `-Wsign-converion` and causing errors unless + explicitly silenced. It makes more sense to fix them, there just a few + of them. + - fix some `-Wsign-conversion` warnings. + - hide `-Wsign-conversion` warnings with a `#pragma`. + - add macro `CURL_WARN_SIGN_CONVERSION` to unhide them on a per-build + basis. + - update a CI job to unhide them with the above macro: + https://github.com/curl/curl/actions/workflows/linux.yml -> OpenSSL -O3 -Michael Osipov (20 Sep 2023) + Closes #12492 -- wolfssl: allow capath with CURLOPT_CAINFO_BLOB +- cmake: tidy-up `OtherTests.cmake` - Remain consistent with OpenSSL. While CAfile is nulled as documented - with CURLOPT_CAINFO_BLOB, CApath remains intact. + - make more obvious which detection uses which prep steps. + - merge and streamline conditions. + - these should not alter detection results. - Closes #11886 + Also align log output messages from + `Macros.cmake` / `curl_internal_test` with rest of the build. -- wolfssl: use ssl_cafile/ssl_capath variables consistent with openssl.c + Closes #12551 - Closes #11886 +- appveyor: switch to out-of-tree builds -Dan Fandrich (19 Sep 2023) + With cmake and autotools. -- test1474: disable test on NetBSD, OpenBSD and Solaris 10 + Closes #12550 - These kernels only send a fraction of the requested amount of the first - large block, invalidating the assumptions of the test and causing it to - fail. +Daniel Stenberg (19 Dec 2023) - Assisted-by: Christian Weisgerber - Ref: https://curl.se/mail/lib-2023-09/0021.html - Closes #11888 +- DEPRECATE.md: mention that NTLM_WB no longer works -Ryan Schmidt (20 Sep 2023) + Ref: #12479 + Closes #12553 -- cmake, configure: also link with CoreServices +- CURLOPT_SERVER_RESPONSE_TIMEOUT_MS: add - When linking with CoreFoundation, also link with CoreServices which is - apparently required to avoid an NSInvalidArgumentException in software - linking with libcurl on macOS Sonoma 14 and later. + Proposed-by: Yifei Kong + Ref: https://curl.se/mail/lib-2023-11/0023.html + Closes #12369 - Fixes #11893 - Closes #11894 +Viktor Szakats (18 Dec 2023) -Marc Hoersken (19 Sep 2023) +- build: more `-Wformat` fixes -- CI/azure: remove pip, wheel, cryptography, pyopenssl and impacket + - memdebug: update to not trigger `-Wformat-nonliteral` warnings. + - imap: mark `imap_sendf()` with `CURL_PRINTF()`. + - tool_msgs: mark static function with `CURL_PRINTF()`. - These dependencies are now already included in the Docker image. + Follow-up to 3829759bd042c03225ae862062560f568ba1a231 #12489 - Ref: https://github.com/mback2k/curl-docker-winbuildenv/commit/2607a31bcab544 - b41d15606e97f38cf312c1ce56 + Closes #12540 - Closes #11889 +- windows: delete redundant headers -Daniel Stenberg (19 Sep 2023) + `winsock2.h` pulls in `windows.h`. `ws2tcpip.h` pulls in `winsock2.h`. + `winsock2.h` and `ws2tcpip.h` are also pulled by `curl/curl.h`. -- wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files + Keep only those headers that are not already included, or the code under + it uses something from that specific header. - Ref: #11883 - Reported-by: Michael Osipov - Closes #11884 + Closes #12539 -- RELEASE-NOTES: synced +- cmake: prefill/cache `HAVE_STRUCT_SOCKADDR_STORAGE` -- test3103: CURLOPT_COOKIELIST test + Also add missing include to `OtherTests.cmake`. It didn't cause an issue + because the parent already included this earlier by chance. -- cookie: set ->running in cookie_init even if data is NULL + Closes #12537 - This is a regression introduced in b1b326ec500 (shipped in curl 8.1.0) +Daniel Stenberg (18 Dec 2023) - Test 3103 verifies. +- runner.pm: fix perl warning when running tests - Fixes #11875 - Reported-by: wangp on github - Closes #11876 + Use of uninitialized value $runner::gdbthis in numeric eq (==) at runner. + pm -- test498: total header size for all redirects is larger than accepted + Follow-up from 3dcf301752a09d9 -- http: use per-request counter to check too large headers + Closes #12549 - Not the counter that accumulates all headers over all redirects. +- runtests: support -gl. Like -g but for lldb. - Follow-up to 3ee79c1674fd6 + Follow-up to 63b5748 - Do a second check for 20 times the limit for the accumulated size for - all headers. + Invokes the test case via lldb instead of gdb. Since using gdb is such a + pain on mac, using lldb is sometimes less quirky. - Fixes #11871 - Reported-by: Joshix-1 on github - Closes #11872 + Closes #12547 -Jay Satiro (18 Sep 2023) +- curl.h: add CURLE_TOO_LARGE -- THANKS: add Eric Murphy + A new error code to be used when an internal field grows too large, like + when a dynbuf reaches its maximum. Previously it would return + CURLE_OUT_OF_MEMORY for this, which is highly misleading. - He reported #11850 (quiche build error) but I forgot to add a - 'reported-by' entry in the fix 267e14f1. + Ref: #12268 + Closes #12269 -Daniel Stenberg (18 Sep 2023) +- CI/circleci: disable MQTT in the HTTP-only build -- h2-proxy: remove left-over mistake in drain_tunnel() + And remove the use of configure options that don't actually exist - Left-over from 331b89a319 + Closes #12546 - Reported-by: å—å®«é›ªçŠ +Yedaya Katsman (18 Dec 2023) - Closes https://github.com/curl/curl/pull/11877 +- tests: respect $TMPDIR when creating unix domain sockets -vvb2060 (18 Sep 2023) + When running on termux, where $TMPDIR isn't /tmp, running the tests + failed, since the server config tried creating sockets in /tmp, without + checking the temp dir config. Use the TMPDIR variable that makes it find + the correct directory everywhere [0] -- lib: failf/infof compiler warnings + [0] https://perldoc.perl.org/File::Temp#tempfile - Closes #11874 + Closes #12545 -Daniel Stenberg (17 Sep 2023) +Viktor Szakats (17 Dec 2023) -- rand: fix 'alnum': array is too small to include a terminating null character +- ssh: fix namespace of two local macros - It was that small on purpose, but this change now adds the null byte to - avoid the error. + Avoid using the libssh and libssh2 macro namespaces by prefixing + these local macro names with `CURL_`. - Follow-up to 3aa3cc9b052353b1 + Follow-up to 413a0fedd02c8c6df1d294534b8c6e306fcca7a2 #12346 - Reported-by: Dan Fandrich - Ref: #11838 - Closes #11870 + Reviewed-by: Daniel Stenberg + Closes #12544 -Mathias Fuchs (16 Sep 2023) +- cmake: whitespace tidy-up in `OtherTests.cmake` -- cmake: fix the help text to the static build option in CMakeLists.txt + Closes #12538 - Closes #11843 +Mark Sinkovics (16 Dec 2023) -John Haugabook (16 Sep 2023) +- cmake: fix generation for system name iOS -- MANUAL.md: change domain to example.com + This PR fixes a problem that happens during CMake configuration when + the `CMAKE_SYSTEM_NAME` set to `iOS` and not `Darwin`. This value is + available (as far as I remember) version 3.14. The final solution + (thanks to @vszakats) is to use `APPLE` which contains all the Apple + platforms https://cmake.org/cmake/help/latest/variable/APPLE.html. - Closes #11866 + This issue was found when during vcpkg installation. Running command + `vcpkg install curl:arm64-ios` and `vcpkg install curl:x64-ios` failed + with message: + ``` + CMake Error: try_run() invoked in cross-compiling mode, please set the follow + ing cache variables appropriately: + HAVE_H_ERRNO_ASSIGNABLE_EXITCODE (advanced) + ``` + After this fix, I was able to compile the compile the binary without + any issue. -Daniel Stenberg (16 Sep 2023) + In addition to that fix, this PR also contains an simplification to + check if the platform is not APPLE. -- doh: inherit DEBUGFUNCTION/DATA + Co-authored-by: Viktor Szakats + Closes #12515 - When creating new transfers for doing DoH, they now inherit the debug - settings from the initiating transfer, so that the application can - redirect and handle the verbose output correctly even for the DoH - transfers. +Daniel Stenberg (16 Dec 2023) - Reported-by: calvin2021y on github - Fixes #11864 - Closes #11869 +- RELEASE-NOTES: synced -Dan Fandrich (16 Sep 2023) +Baruch Siach (16 Dec 2023) -- http_aws_sigv4: fix sorting with empty parts +- gnutls: fix build with --disable-verbose - When comparing with an empty part, the non-empty one is always - considered greater-than. Previously, the two would be considered equal - which would randomly place empty parts amongst non-empty ones. This - showed as a test 439 failure on Solaris as it uses a different - implementation of qsort() that compares parts differently. + infof() parameters must be defined event with --disable-verbose since + commit dac293cfb702 ("lib: apache style infof and trace + macros/functions"). - Fixes #11855 - Closes #11868 + Move also 'ptr' definition under !CURL_DISABLE_VERBOSE_STRINGS. -- CI: ignore the "flaky" and "timing-dependent" test results + Fixes the following build failure: - CI builds will now run these tests, but will ignore the results if they - fail. The relevant tests are ones that are sensitive to timing or - have edge conditions that make them more likely to fail on CI servers, - which are often heavily overloaded and slow. + In file included from ../lib/sendf.h:29, + from vtls/gtls.c:44: + vtls/gtls.c: In function 'Curl_gtls_verifyserver': + vtls/gtls.c:841:34: error: 'version' undeclared (first use in this function); + did you mean 'session'? + 841 | gnutls_protocol_get_name(version), ptr); + | ^~~~~~~ - This change only adds two additional tests to be ignored, since the - others already had the flaky keyword. + Closes #12505 - Closes #11865 +Viktor Szakats (16 Dec 2023) -- runtests: eliminate a warning on old perl versions +- build: delete unused `HAVE_{GSSHEIMDAL,GSSMIT,HEIMDAL}` - The warning "Use of implicit split to @_ is deprecated" showed between - perl versions about 5.8 through 5.11. + Stop setting `HAVE_GSSHEIMDAL`, `HAVE_GSSMIT` and `HAVE_HEIMDAL`. + There was no place in the build system or source code that used them. -- tests: log the test result code after each libtest + Reviewed-by: Daniel Stenberg + Closes #12506 - This makes it easier to determine the test status. Also, capitalize - FAILURE and ABORT messages in log lines to make them easier to spot. +- build: remove redundant `CURL_PULL_*` settings -Harry Sintonen (16 Sep 2023) + These macros were not propagated to the source code from CMake. -- misc: better random strings + autotools set only one of them (`CURL_PULL_SYS_POLL_H`), initially to + address an AIX issue [1]. This later broke when introducing `system.h` + [2] without the logic it enabled. A subsequent fix [3] re-added the + logic, and also enabled it for AIX before its use, directly in + `system.h`. - Generate alphanumerical random strings. + [1] 2012-11-23: 665adcd4b7bcdb7deb638cdc499fbe71f8d777f2 + [2] 2017-03-29: 9506d01ee50d5908138ebad0fd9fbd39b66bd64d #1373 + [3] 2017-08-25: 8a84fcc4b59e8b78d2acc6febf44a43d6bc81b59 #1828 #1833 - Prior this change curl used to create random hex strings. This was - mostly okay, but having alphanumerical random strings is better: The - strings have more entropy in the same space. + Reviewed-by: Daniel Stenberg + Closes #12502 - The MIME multipart boundary used to be mere 64-bits of randomness due - to being 16 hex chars. With these changes the boundary is 22 - alphanumerical chars, or little over 130 bits of randomness. +- system.h: sync mingw `CURL_TYPEOF_CURL_SOCKLEN_T` with other compilers - Closes #11838 + Align mingw with the other Windows compilers and use the `int` type for + `CURL_TYPEOF_CURL_SOCKLEN_T` (and thus for `curl_socklent_t`). This + makes it unnecessary to make a mingw-specific trick and pull all Windows + headers early just for this type definition. This type is specific to + Windows, not to the compiler. mingw-w64's Windows header maps it to + `int` too. -Daniel Stenberg (15 Sep 2023) + With this we also delete all remaining uses of `CURL_PULL_WS2TCPIP_H`. -- cookie: reduce variable scope, add const + [ The official solution is to use `socklen_t` for all Windows compilers. + In this case we may want to update `curl/curl.h` to pull in Windows + headers before `system.h`. ] -- cookie: do not store the expire or max-age strings + Reviewed-by: Daniel Stenberg + Reviewed-by: Jay Satiro + Closes #12501 + +- windows: simplify detecting and using system headers + + - autotools, cmake: assume that if we detect Windows, `windows.h`, + `winsock2.h` and `ws2tcpip.h` do exist. + - lib: fix 3 outlier `#if` conditions to use `USE_WINSOCK` instead of + looking for `winsock2.h`. + - autotools: merge 3 Windows check methods into one. + - move Watt-32 and lwIP socket support to `setup-win32.h` from + `config-win32.h`. It opens up using these with all build tools. Also + merge logic with Windows Sockets. + - fix to assume Windows sockets with the mingw32ce toolchain. + Follow-up to: 2748c64d605b19fb419ae56810ad8da36487a2d4 + - cmake: delete unused variable `signature_call_conv` since + eb33ccd5332435fa50f1758e5debb869c6942b7f. + - autotools: simplify `CURL_CHECK_WIN32_LARGEFILE` detection. + - examples/externalsocket: fix header order. + - cmake/OtherTests.cmake: delete Windows-specific `_source_epilogue` + that wasn't used anymore. + - cmake/OtherTests.cmake: set `WIN32_LEAN_AND_MEAN` for test + `SIZEOF_STRUCT_SOCKADDR_STORAGE`. + + After this patch curl universally uses `_WIN32` to guard + Windows-specific logic. It guards Windows Sockets-specific logic with + `USE_WINSOCK` (this might need further work). - Convert it to an expire time at once and save memory. + Reviewed-by: Jay Satiro + Closes #12495 + +- build: enable missing OpenSSF-recommended warnings, with fixes + + https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening + -Guide-for-C-and-C++.html + as of 2023-11-29 [1]. + + Enable new recommended warnings (except `-Wsign-conversion`): + + - enable `-Wformat=2` for clang (in both cmake and autotools). + - add `CURL_PRINTF()` internal attribute and mark functions accepting + printf arguments with it. This is a copy of existing + `CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible + with redefinting the `printf` symbol: + https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94 + - fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for + mingw-w64 and enable it on this platform. + - enable `-Wimplicit-fallthrough`. + - enable `-Wtrampolines`. + - add `-Wsign-conversion` commented with a FIXME. + - cmake: enable `-pedantic-errors` the way we do it with autotools. + Follow-up to d5c0351055d5709da8f3e16c91348092fdb481aa #2747 + - lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format + checks. Previously it was always disabled due to the internal `printf` + macro. + + Fix them: + + - fix bug where an `set_ipv6_v6only()` call was missed in builds with + `--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`. + - add internal `FALLTHROUGH()` macro. + - replace obsolete fall-through comments with `FALLTHROUGH()`. + - fix fallthrough markups: Delete redundant ones (showing up as + warnings in most cases). Add missing ones. Fix indentation. + - silence `-Wformat-nonliteral` warnings with llvm/clang. + - fix one `-Wformat-nonliteral` warning. + - fix new `-Wformat` and `-Wformat-security` warnings. + - fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its + definition to `lib/curl_setup.h` allowing use in `tests/server`. + - lib: fix two wrongly passed string arguments in log outputs. + Co-authored-by: Jay Satiro + - fix new `-Wformat` warnings on mingw-w64. + + [1] https://github.com/ossf/wg-best-practices-os-developers/blob/56c0fde3895b + fc55c8a973ef49a2572c507b2ae1/docs/Compiler-Hardening-Guides/Compiler-Options- + Hardening-Guide-for-C-and-C%2B%2B.md + + Closes #12489 + +- Makefile.mk: drop Windows support + + And DLL-support with it. This leaves `Makefile.mk` for MS-DOS and Amiga. + + We recommend CMake instead. With unity mode it's much faster, and about + the same without. + + Ref: https://github.com/curl/curl/pull/12221#issuecomment-1783761806 + Reviewed-by: Daniel Stenberg + Closes #12224 - Closes #11862 +Daniel Stenberg (16 Dec 2023) -- cookie: remove unnecessary struct fields +- cmdline-docs: use .IP consistently - Plus: reduce the hash table size from 256 to 63. It seems unlikely to - make much of a speed difference for most use cases but saves 1.5KB of - data per instance. + Remove use of .TP and some .B. The idea is to reduce nroff syntax as + much as possible and to use it consistently. Ultimately, we should be + able to introduce our own easier-to-use-and-read syntax/formatting and + convert on generation time. - Closes #11862 + Closes #12535 -- RELEASE-NOTES: synced +Tatsuhiko Miyagawa (16 Dec 2023) - Bumped to 8.4.0, the next presumed version +- http: fix off-by-one error in request method length check -Dan Fandrich (14 Sep 2023) + It should allow one more byte. -- test2600: remove special case handling for USE_ALARM_TIMEOUT + Closes #12534 - This was originally added to handle platforms that supported only 1 - second granularity in connect timeouts, but after some recent changes - the test currently permafails on several Windows platforms. +Daniel Stenberg (15 Dec 2023) - The need for this special-case was removed in commit 8627416, which - increased the connect timeout in all cases to well above 1 second. +- curl: show ipfs and ipns as supported "protocols" - Fixes #11767 - Closes #11849 + They are accepted schemes in URLs passed to curl (the tool, not the + library). -Daniel Stenberg (14 Sep 2023) + Also makes curl-config show the same list. -- SECURITY-PROCESS.md. call it vulnerability disclosure policy + Co-Authored-by: Jay Satiro + Reported-by: Chara White + Bug: https://curl.se/mail/archive-2023-12/0026.html + Closes #12508 - SECURITY-PROCESS.md -> VULN-DISCLOSURE-POLICY.md +- Revert "urldata: move async resolver state from easy handle to connectdata" - This a name commonly used for a document like this. This name helps - users find it. + This reverts commit 56a4db2e4e2bcb9a0dcb75b83560a78ef231fcc8 (#12198) - Closes #11852 + We want the c-ares channel to be held in the easy handle, not per + connection - for performance. -Junho Choi (14 Sep 2023) + Closes #12524 -- quiche: fix build error with --with-ca-fallback +Viktor Szakats (15 Dec 2023) - - Fix build error when curl is built with --with-quiche - and --with-ca-fallback. +- openssl: re-match LibreSSL deinit with init - - Add --with-ca-fallback to the quiche CI job. + Earlier we switched to use modern initialization with LibreSSL v2.7.0 + and up, but did not touch deinitialization [1]. Fix it in this patch. - Fixes https://github.com/curl/curl/issues/11850 - Closes https://github.com/curl/curl/pull/11847 + Regression from bec0c5bbf34369920598678161d2df8bea0e243b #11611 -Jay Satiro (14 Sep 2023) + [1] https://github.com/curl/curl/pull/11611#issuecomment-1668654014 -- escape: replace Curl_isunreserved with ISUNRESERVED + Reported-by: Mike Hommey + Reviewed-by: Daniel Stenberg + Fixes #12525 + Closes #12526 - - Use the ALLCAPS version of the macro so that it is clear a macro is - being called that evaluates the variable multiple times. +Daniel Stenberg (14 Dec 2023) - - Also capitalize macro isurlpuntcs => ISURLPUNTCS since it evaluates - a variable multiple times. +- libssh: supress warnings without version check - This is a follow-up to 291d225a which changed Curl_isunreserved into an - alias macro for ISUNRESERVED. The problem is the former is not easily - identified as a macro by the caller, which could lead to a bug. + Define unconditionally. - For example, ISUNRESERVED(*foo++) is easily identifiable as wrong but - Curl_isunreserved(*foo++) is not even though they both are the same. + Follow-up from d21bd2190c46ad7fa - Closes https://github.com/curl/curl/pull/11846 + Closes #12523 -Dan Fandrich (13 Sep 2023) +- hostip: return error immediately when Curl_ip2addr() fails -- tests: increase the default server logs lock timeout + Closes #12522 - This timeout is used to wait for the server to finish writing its logs - before checking them against the expected values. An overloaded machine - could take more than the two seconds previously allocated, so increase - the timeout to 5 seconds. +Theo (14 Dec 2023) - Ref: #11328 - Closes #11834 +- libssh: improve the deprecation warning dismissal -- tests: increase TEST_HANG_TIMEOUT in two tests + Previous code was compiler dependant, and dismissed all deprecation warnings + indiscriminately. - These tests had a 5 second timeout compared to 60 seconds for all other - tests. Make these consistent with the others for more reliability on - heavily-loaded machines. + libssh provides a way to disable the deprecation warnings for libssh only, an + d + naturally this is the preferred way. - Ref: #11328 + This commit uses that, to prevent the erroneous hiding of potential, unrelate + d + deprecation warnings. -- test1056: disable on Windows + Fixes #12519 + Closes #12520 - This test relies on the IPv6 scope field being ignored when connecting to - ipv6-localhost (i.e. [::1%259999] is treated as [::1]). Maybe this is a bit - dodgy, but it works on all our test platforms except Windows. This - test was disabled manually on all Windows CI builds already, so instead - add an incompatible feature and precheck so it's skipped on Windows - everywhere automatically. +Daniel Stenberg (14 Dec 2023) -- test587: add a slight delay after test +- test1474: removed - This test is designed to connect to the server, then immediately send a - few bytes and disconnect. In some situations, such as on a loaded - server, this doesn't give the server enough time to write its lock file - before its existence is checked. The test harness then fails to find the - server's input log file (because it hasn't been written yet) and fails - the test. By adding a short delay after the test, the HTTP server has - enough time to write its lock file which gives itself more time to write - its remaining files. + The test was already somewhat flaky and disabled on several platforms, + and after 1da640abb688 even more unstable. - Ref: #11328 +- readwrite_data: loop less -- tests: stop overriding the lock timeout + This function is made to loop in order to drain incoming data + faster. Completely removing the loop has a measerably negative impact on + transfer speeds. - These tests reduce the server lock wait timeout which can increase - flakiness on loaded machines. Since this is merely an optimization, - eliminate them in favour of reliability. + Downsides with the looping include - Ref: #11328 + - it might call the progress callback much more seldom. Especially if + the write callback is slow. -- tests: add some --expect100-timeout to reduce timing dependencies + - rate limiting becomes less exact - These tests can fail when the test machine is so slow that the test HTTP - server didn't get a chance to complete before the client's one second - 100-continue timeout triggered. Increase that 1 second to 999 seconds so - this situation doesn't happen. + - a single transfer might "starve out" other parallel transfers - Ref: #11328 + - QUIC timers for other connections can't be maintained correctly -- test661: return from test early in case of curl error + The long term fix should be to remove the loop and optimize coming back + to avoid the transfer speed penalty. -- tests: add the timing-dependent keyword on several tests + This fix lower the max loop count to reduce the starvation problem, and + avoids the loop completely for when rate-limiting is in progress. - These are ones likely to fail on heavily-loaded machines that alter the - normal test timing. Most of these tests already had the flaky keyword - since this condition makes them more likely to fail on CI. + Ref: #12488 + Ref: https://curl.se/mail/lib-2023-12/0012.html + Closes #12504 -- test1592: greatly increase the maximum test timeout +Stefan Eissing (14 Dec 2023) - It was too short to be reliable on heavily loaded CI machines, and - as a fail-safe only, it didn't need to be short. +- lib: eliminate `conn->cselect_bits` - Ref: #11328 + - use `data->state.dselect_bits` everywhere instead + - remove `bool *comeback` parameter as non-zero + `data->state.dselect_bits` will indicate that IO is + incomplete. -- test: minor test cleanups + Closes #12512 - Remove an obsolete block of code in tests 2032 & 576. - Add a comment in test 1474. +- connect: refactor `Curl_timeleft()` -- tests: quadruple the %FTPTIME2 and %FTPTIME3 timeouts + - less local vars, "better" readability + - added documentation - This gives more of a margin for error when running on overloaded CI - servers. + Closes #12518 - Ref: #11328 +Dmitry Karpov (14 Dec 2023) -- tests: improve SLOWDOWN test reliability by reducing sent data +- cookie: avoid fopen with empty file name - These tests are run in SLOWDOWN mode which adds a 10 msec delay after - each character output, which means it takes at least 1.6 seconds (and - 320 kernel calls) just to get through the long welcome banner. On an - overloaded system, this can end up taking much more than 1.6 seconds, - and even more than the 7 or 16 second curl timeout that the tests rely - on, causing them to fail. Reducing the size of the welcome banner drops - the total number of characters sent before the transfer starts by more - than half, which reduces the opportunity for test-breaking slowdowns by - the same amount. + Closes #12514 - Ref: #11328 +Viktor Szakats (13 Dec 2023) -- test650: fix an end tag typo +- tests/server: delete workaround for old-mingw -Jay Satiro (13 Sep 2023) + mingw-w64 1.0 comes with w32api v3.12, thus doesn't need this. -- tool_cb_wrt: fix debug assertion + Follow-up to 38029101e2d78ba125732b3bab6ec267b80a0e72 #11625 - - Fix off-by-one out-of-bounds array index in Windows debug assertion. + Reviewed-by: Jay Satiro + Closes #12510 - Bug: https://github.com/curl/curl/commit/af3f4e41#r127212213 - Reported-by: Gisle Vanem +- cmake: delete obsolete TODOs more [ci skip] -Daniel Stenberg (13 Sep 2023) + - manual completed: 898b012a9bf388590c4be7f526815b5ab74feca1 #1288 + - soname completed: 5de6848f104d7cb0017080e31216265ac19d0dde #10023 + - bunch of others that are completed + - `NTLM_WB_ENABLED` is implemented in a basic form, and now also + scheduled for removal, so a TODO at this point isn't useful. -- ctype: add ISUNRESERVED() + And this 'to-check' item: - ... and make Curl_isunreserved() use that macro instead of providing a - separate funtion for the purpose. + Q: "The cmake build selected to run gcc with -fPIC on my box while the + plain configure script did not." - Closes #11840 + A: With CMake, since 2ebc74c36a19a1700af394c16855ce144d9878e3 #11546 + and fc9bfb14520712672b4784e8b48256fb29204011 #11627, we explicitly + enable PIC for libcurl shared lib. Or when building libcurl for + shared and static lib in a single pass. We do this by default for + Windows or when enabled by the user via `SHARE_LIB_OBJECT`. + Otherwise we don't touch this setting. Meaning the default set by + CMake (if any) or the toolchain is used. On Debian Bookworm, this + means that PIC is disabled for static libs by default. Some platforms + (like macOS), has PIC enabled by default. + autotools supports the double-pass mode only, and in that case + CMake seems to match PIC behaviour now (as tested on Linux with gcc.) -Version 8.3.0 (13 Sep 2023) + Follow-up to 5d5dfdbd1a6c40bd75e982b66f49e1fa3a7eeae7 #12500 -Daniel Stenberg (13 Sep 2023) + Reviewed-by: Jay Satiro + Closes #12509 -- RELEASE-NOTES: syn ced +Stefan Eissing (12 Dec 2023) - curl 8.3.0 release +- CLIENT-WRITERS: design and use documentation -- THANKS: contributors from 8.3.0 + Closes #12507 -Thorsten Klein (12 Sep 2023) +Viktor Szakats (12 Dec 2023) -- cmake: set SIZEOF_LONG_LONG in curl_config.h +- cmake: delete obsolete TODO items [ci skip] - in order to support 32bit builds regarding wolfssl CTC_SETTINGS + There is always room for improvement, but CMake is up to par now with + autotools, so there is no longer a good reason to keep around these + inline TODO items. - Closes #11839 + Answering one of questions: -Jay Satiro (12 Sep 2023) + Q: "The gcc command line use neither -g nor any -O options. As a + developer, I also treasure our configure scripts's --enable-debug + option that sets a long range of "picky" compiler options." -- curl_ngtcp2: fix error message + A: CMake offers the `CMAKE_BUILD_TYPE` variable to control debug info + and optimization level. E.g.: + - `Release` = `-O3` + no debug info + - `MinSizeRel` = `-Os` + no debug info + - `Debug` = `-O0` + debug info -- http_aws_sigv4: handle no-value user header entries + https://stackoverflow.com/questions/48754619/what-are-cmake-build-type-deb + ug-release-relwithdebinfo-and-minsizerel/59314670#59314670 + https://cmake.org/cmake/help/latest/manual/cmake-buildsystem.7.html#defaul + t-and-custom-configurations - - Handle user headers in format 'name:' and 'name;' with no value. + For picky warnings we have the `PICKY_COMPILER` options, enabled by + default. - The former is used when the user wants to remove an internal libcurl - header and the latter is used when the user actually wants to send a - no-value header in the format 'name:' (note the semi-colon is converted - by libcurl to a colon). + Closes #12500 - Prior to this change the AWS header import code did not special case - either of those and the generated AWS SignedHeaders would be incorrect. +Stefan Eissing (11 Dec 2023) - Reported-by: apparentorder@users.noreply.github.com +- CONNECTION-FILTERS: update documentation - Ref: https://curl.se/docs/manpage.html#-H + Closes #12497 - Fixes https://github.com/curl/curl/issues/11664 - Closes https://github.com/curl/curl/pull/11668 +Daniel Stenberg (11 Dec 2023) -Dan Fandrich (11 Sep 2023) +- lib: reduce use of strncpy -- CI: run pytest with the -v option + - bearssl: select cipher without buffer copies + - http_aws_sigv4: avoid strncpy, require exact timestamp length + - http_aws_sigv4: use memcpy isntead of strncpy + - openssl: avoid strncpy calls + - schannel: check for 1.3 algos without buffer copies + - strerror: avoid strncpy calls + - telnet: avoid strncpy, return error on too long inputs + - vtls: avoid strncpy in multissl_version() - This lists of the test cases being run so it can be tracked over time. + Closes #12499 - Closes #11824 +- CI/distcheck: run full tests -Daniel Stenberg (11 Sep 2023) + To be able to detect missing files better, this now runs the full CI + test suite. If done before, it would have detected #12462 before + release. -- HTTP3: the msquic backend is not functional + Closes #12503 - I ask that we do not submit bugs for this backend just yet as we know it - does not fully work. +- docs: clean up Protocols: for cmdline options - Closes #11831 - Closes #11819 + ... and some other minor polish. -- aws_sigv4: the query canon code miscounted URL encoded input + Closes #12496 - Added some extra ampersands to test 439 to verify "blank" query parts +- cmdline/gen: fix the sorting of the man page options - Follow-up to fc76a24c53b08cdf + They were previously sorted based on the file names, which use a .d + extension, making "data" get placed after "data-binary" etc. Making the + sort ignore the extention fixes the ordering. - Closes #11829 + Reported-by: Boris Verkhovskiy + Bug: https://curl.se/mail/archive-2023-12/0014.html + Closes #12494 -vvb2060 (11 Sep 2023) +Daniel Gustafsson (9 Dec 2023) -- quic: don't set SNI if hostname is an IP address +- doh: remove unused local variable - We already do this for TLS connections. + The nurl variable is no longer used during probing following + a refactoring, so remove. - RFC 6066 says: Literal IPv4 and IPv6 addresses are not permitted in - "HostName". + Closes #12491 - Ref: https://www.rfc-editor.org/rfc/rfc6066#section-3 +Jay Satiro (8 Dec 2023) - Fixes https://github.com/curl/curl/issues/11827 - Closes https://github.com/curl/curl/pull/11828 +- build: fix Windows ADDRESS_FAMILY detection -Daniel Stenberg (10 Sep 2023) + - Include winsock2.h for Windows ADDRESS_FAMILY detection. -- RELEASE-NOTES: synced + Prior to this change cmake detection didn't work because it included + ws2def.h by itself, which is missing needed types from winsock2.h. -Benoit Pierre (10 Sep 2023) + Prior to this change autotools detection didn't work because it did not + include any Windows header. -- configure: fix `HAVE_TIME_T_UNSIGNED` check + In both cases libcurl would fall back on unsigned short as the address + family type, which is the same as ADDRESS_FAMILY. - The syntax was incorrect (need a proper main body), and the test - condition was wrong (resulting in a signed `time_t` detected as - unsigned). + Co-authored-by: Viktor Szakats - Closes #11825 + Closes https://github.com/curl/curl/pull/12441 -Daniel Stenberg (9 Sep 2023) +Daniel Stenberg (8 Dec 2023) -- THANKS-filter: pszlazak on github +- lib: rename Curl_strndup to Curl_memdup0 to avoid misunderstanding -pszlazak (9 Sep 2023) + Since the copy does not stop at a null byte, let's not call it anything + that makes you think it works like the common strndup() function. -- include.d: explain headers not printed with --fail before 7.75.0 + Based on feedback from Jay Satiro, Stefan Eissing and Patrick Monnerat - Prior to 7.75.0 response headers were not printed if -f/--fail was used - and an error was reported by server. This was fixed in ab525c0 - (precedes 7.75.0). + Closes #12490 - Closes #11822 +- convsrctest.pl: removed: not used, not shipped in tarballs -Daniel Stenberg (8 Sep 2023) +- tests: rename tests scripts to the test number -- http_aws_sigv4: skip the op if the query pair is zero bytes + It is hard to name the scripts sensibly. Lots of them are similarly + named and the name did not tell which test that used them. - Follow-up to fc76a24c53b08cdf + The new approach is rather to name them based on the test number that + runs them. Also helps us see which scripts are for individual tests + rather than for general test infra. - Spotted by OSS-Fuzz + - badsymbols.pl -> test1167.pl + - check-deprecated.pl -> test1222.pl + - check-translatable-options.pl -> test1544.pl + - disable-scan.pl -> test1165.pl + - error-codes.pl -> test1175.pl + - errorcodes.pl -> test1477.pl + - extern-scan.pl -> test1135.pl + - manpage-scan.pl -> test1139.pl + - manpage-syntax.pl -> test1173.pl + - markdown-uppercase.pl -> test1275.pl + - mem-include-scan.pl -> test1132.pl + - nroff-scan.pl -> test1140.pl + - option-check.pl -> test1276.pl + - options-scan.pl -> test971.pl + - symbol-scan.pl -> test1119.pl + - version-scan.pl -> test1177.pl - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62175 - Closes #11823 + Closes #12487 -- cmdline-docs: use present tense, not future +MichaÅ‚ Antoniak (8 Dec 2023) - + some smaller cleanups +- sendf: fix compiler warning with CURL_DISABLE_HEADERS_API - Closes #11821 + fix MSVC warning C4189: 'htype': local variable is initialized but not + referenced - when CURL_DISABLE_HEADERS_API is defined. -- cmdline-docs: make sure to phrase it as "added in ...." + Closes #12485 - References to things that were added or changed in a specific version - should be specified as "(added in [version]) for two reasons: +Viktor Szakats (8 Dec 2023) - 1 - consistency +- tidy-up: whitespace - 2 - to allow gen.pl to strip them out if deemed referring to too old - versions + Closes #12484 - Closes #11821 +Stefan Eissing (7 Dec 2023) -Jay Satiro (8 Sep 2023) +- test_02_download: fix paramters to test_02_27 -- docs: mark --ssl-revoke-best-effort as Schannel specific + - it is a special client that only ever uses http/2 - Closes https://github.com/curl/curl/pull/11760 + Closes #12467 -Nathan Moinvaziri (8 Sep 2023) +MichaÅ‚ Antoniak (7 Dec 2023) -- schannel: fix ordering of cert chain info +- vtls: remove the Curl_cft_ssl_proxy object if CURL_DISABLE_PROXY - - Use CERT_CONTEXT's pbCertEncoded to determine chain order. + Closes #12459 - CERT_CONTEXT from SECPKG_ATTR_REMOTE_CERT_CONTEXT contains - end-entity/server certificate in pbCertEncoded. We can use this pointer - to determine the order of certificates when enumerating hCertStore using - CertEnumCertificatesInStore. +Daniel Stenberg (7 Dec 2023) - This change is to help ensure that the ordering of the certificate chain - requested by the user via CURLINFO_CERTINFO has the same ordering on all - versions of Windows. +- lib: strndup/memdup instead of malloc, memcpy and null-terminate - Prior to this change Schannel certificate order was reversed in 8986df80 - but that was later reverted in f540a39b when it was discovered that - Windows 11 22H2 does the reversal on its own. + - bufref: use strndup + - cookie: use strndup + - formdata: use strndup + - ftp: use strndup + - gtls: use aprintf instead of malloc + strcpy * 2 + - http: use strndup + - mbedtls: use strndup + - md4: use memdup + - ntlm: use memdup + - ntlm_sspi: use strndup + - pingpong: use memdup + - rtsp: use strndup instead of malloc, memcpy and null-terminate + - sectransp: use strndup + - socks_gssapi.c: use memdup + - vtls: use dynbuf instead of malloc, snprintf and memcpy + - vtls: use strdup instead of malloc + memcpy + - wolfssh: use strndup - Ref: https://github.com/curl/curl/issues/9706 + Closes #12453 - Closes https://github.com/curl/curl/pull/11632 +- strdup: remove the memchr check from Curl_strndup -Chris Talbot (8 Sep 2023) + It makes it possible to clone a binary chunk of data. -- digest: Use hostname to generate spn instead of realm + Closes #12453 - In https://www.rfc-editor.org/rfc/rfc2831#section-2.1.2 +- ftp: handle the PORT parsing without allocation - digest-uri-value should be serv-type "/" host , where host is: + Also reduces amount of *cpy() calls. - The DNS host name or IP address for the service requested. The - DNS host name must be the fully-qualified canonical name of the - host. The DNS host name is the preferred form; see notes on server - processing of the digest-uri. + Closes #12456 - Realm may not be the host, so we must specify the host explicitly. +- RELEASE-NOTES: synced - Note this change only affects the non-SSPI digest code. The digest code - used by SSPI builds already uses the hostname to generate the spn. + Bumped to 8.5.1 - Ref: https://github.com/curl/curl/issues/11369 +- url: for disabled protocols, mention if found in redirect - Closes https://github.com/curl/curl/pull/11395 + To help users better understand where the URL (and denied scheme) comes + from. Also removed "in libcurl" from the message, since the disabling + can be done by the application. -Daniel Stenberg (7 Sep 2023) + The error message now says "not supported" or "disabled" depending on + why it was denied: -- docs: remove use of the word 'very' + Protocol "hej" not supported + Protocol "http" disabled - It is mostly superfluous. proselint would complain. + And in redirects: - Closes #11818 + Protocol "hej" not supported (in redirect) + Protocol "http" disabled (in redirect) -- curl_multi_remove_handle.3: clarify what happens with connection + Reported-by: Mauricio Scheffer + Fixes #12465 + Closes #12469 - Closes #11817 +Stefan Eissing (6 Dec 2023) -- RELEASE-NOTES: synced +- sectransp_ make TLSCipherNameForNumber() available in non-verbose config -- test439: verify query canonization for aws-sigv4 + Reported-by: Cajus Pollmeier + Closes #12476 + Fixes #12474 -- tool_operate: make aws-sigv4 not require TLS to be used +YX Hao (6 Dec 2023) - Maybe not used too often, but we want it for testing and it should work. +- lib: fix variable undeclared error caused by `infof` changes -- http_aws_sigv4: canonicalize the query + `--disable-verbose` yields `CURL_DISABLE_VERBOSE_STRINGS` defined. + `infof` isn't `Curl_nop_stmt` anymore: dac293c. - Percent encoding needs to be done using uppercase, and most - non-alphanumerical must be percent-encoded. + Follow-up to dac293c - Fixes #11794 - Reported-by: John Walker - Closes #11806 + Closes #12470 -Wyatt O'Day (7 Sep 2023) +Viktor Szakats (6 Dec 2023) -- lib: add ability to disable auths individually +- tidy-up: fix yamllint whitespace issues in labeler.yml - Both with configure and cmake + Follow-up to bda212911457c6fadfbba50be61afc4ca513fa56 #12466 - Closes #11490 + Reviewed-by: Dan Fandrich + Closes #12475 -Stefan Eissing (7 Sep 2023) +- tidy-up: fix yamllint whitespace issues -- ngtcp2: fix handling of large requests + Closes #12466 - - requests >64K are send in parts to the filter - - fix parsing of the request to assemble it correctly - from several sends - - open a QUIC stream only when the complete request has - been collected +Chris Sauer (6 Dec 2023) - Closes #11815 +- cmake: fix typo -- openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before + Follow-up to aace27b + Closes #12464 - - we delay loading the x509 store to shorten the handshake time. - However an application callback installed via CURLOPT_SSL_CTX_FUNCTION - may need to have the store loaded and try to manipulate it. - - load the x509 store before invoking the app callback +Daniel Stenberg (6 Dec 2023) - Fixes #11800 - Reported-by: guoxinvmware on github - Cloes #11805 +- dist: add tests/errorcodes.pl to the tarball -Daniel Stenberg (7 Sep 2023) + Used by test 1477 -- krb5: fix "implicit conversion loses integer precision" warnings + Reported-by: Xi Ruoyao + Follow-up to 0ca3a4ec9a7 + Fixes #12462 + Closes #12463 - conversions to/from enum and unsigned chars +Dan Fandrich (6 Dec 2023) - Closes #11814 +- github/labeler: update a missed key in the v5 upgrade -Stefan Eissing (7 Sep 2023) + Follow-up to ce03fe3ba -- pytest: improvements +Version 8.5.0 (6 Dec 2023) - - set CURL_CI for pytest runs in CI environments - - exclude timing sensitive tests from CI runs - - for failed results, list only the log and stat of - the failed transfer +Daniel Stenberg (6 Dec 2023) - - fix type in http.c comment +- RELEASE-NOTES: synced - Closes #11812 + The curl 8.5.0 release. -- CI: move on to ngtcp2 v0.19.1 +Dan Fandrich (5 Dec 2023) - Closes #11809 +- github/labeler: switch from the beta to labeler v5 -Dan Fandrich (5 Sep 2023) + Some keys were renamed and the dot option was made default. -- CI: run Circle macOS builds on x86 for now + Closes #12458 - The ARM machines aren't ready for us and requesting them now causes - warnings e-mails to be sent to some PR pushers. +Daniel Stenberg (5 Dec 2023) - Ref: #11771 +- DEPRECATE: remove NTLM_WB in June 2024 -Viktor Szakats (5 Sep 2023) + Ref: https://curl.se/mail/lib-2023-12/0010.html -- http3: adjust cast for ngtcp2 v0.19.0 + Closes #12451 - ngtcp2 v0.19.0 made size of `ecn` member of `ngtcp2_pkt_info` - an `uint8_t` (was: `uint32_t`). Adjust our local cast accordingly. +Jacob Hoffman-Andrews (4 Dec 2023) - Fixes: - ``` - ./curl/lib/vquic/curl_ngtcp2.c:1912:12: warning: implicit conversion loses in - teger precision: 'uint32_t' (aka 'unsigned int') to 'uint8_t' (aka 'unsigned - char') [-Wimplicit-int-conversion] - pi.ecn = (uint32_t)ecn; - ~ ^~~~~~~~~~~~~ - ``` +- rustls: implement connect_blocking - Also bump ngtcp2, nghttp3 and nghttp2 to their latest versions in our - docs and CI. + Closes #11647 - Ref: https://github.com/ngtcp2/ngtcp2/commit/80447281bbc94af53f8aa7a4cfc19175 - 782894a3 - Ref: https://github.com/ngtcp2/ngtcp2/pull/877 - Closes #11798 +Daniel Stenberg (4 Dec 2023) -Stefan Eissing (5 Sep 2023) +- examples/rtsp-options.c: add -- http: fix sending of large requests + Just a bare bones RTSP example using CURLOPT_RTSP_SESSION_ID and + CURLOPT_RTSP_REQUEST set to CURL_RTSPREQ_OPTIONS. - - refs #11342 where errors with git https interactions - were observed - - problem was caused by 1st sends of size larger than 64KB - which resulted in later retries of 64KB only - - limit sending of 1st block to 64KB - - adjust h2/h3 filters to cope with parsing the HTTP/1.1 - formatted request in chunks + Closes #12452 - - introducing Curl_nwrite() as companion to Curl_write() - for the many cases where the sockindex is already known +Stefan Eissing (4 Dec 2023) - Fixes #11342 (again) - Closes #11803 +- ngtcp2: ignore errors on unknown streams -- pytest: fix check for slow_network skips to only apply when intended + - expecially in is_alive checks on connections, we might + see incoming packets on streams already forgotten and closed, + leading to errors reported by nghttp3. Ignore those. - Closes #11801 + Closes #12449 -Daniel Stenberg (5 Sep 2023) +Daniel Stenberg (4 Dec 2023) -- curl_url_get/set.3: add missing semicolon in SYNOPSIS +- docs: make all examples in all libcurl man pages compile -- CURLOPT_URL.3: explain curl_url_set() uses the same parser + Closes #12448 -- CURLOPT_URL.3: add two URL API calls in the see-also section +- checksrc.pl: support #line instructions -Dan Fandrich (4 Sep 2023) + makes it identify the correct source file and line -- CI: add a 32-bit i686 Linux build +- GHA/man-examples: verify libcurl man page examples - This is done by cross-compiling under regular x86_64 Linux. Since the - kernel offers backwards compatibility, the binaries can be tested as - normal. +- verify-examples.pl: verify that all man page examples compile clean - Closes #11799 +- RELEASE-NOTES: synced -- tests: fix a type warning on 32-bit x86 +Graham Campbell (2 Dec 2023) -Viktor Szakats (4 Sep 2023) +- http3: bump ngtcp2 and nghttp3 versions -- tests: delete stray `.orig` file + nghttp3 v1.1.0 + ngtcp2 v1.1.0 - Follow-up to 331b89a319d0067fa1e6441719307cfef9c7960f - Closes #11797 + In docs and CI -Daniel Stenberg (4 Sep 2023) + Closes #12446 -- RELEASE-NOTES: synced +- CI/quiche: use `3.1.4+quic` consistently in CI workflows -Viktor Szakats (4 Sep 2023) + Closes #12447 -- lib: silence compiler warning in inet_ntop6 +Viktor Szakats (2 Dec 2023) + +- test1545: disable deprecation warnings + + Fixes: + https://ci.appveyor.com/project/curlorg/curl/builds/48631551/job/bhx74e0i66yr + p6pk#L1205 + Same with details: + https://ci.appveyor.com/project/curlorg/curl/builds/48662893/job/ol8a78q9gmil + b6wt#L1263 ``` - ./curl/lib/inet_ntop.c:121:21: warning: possible misuse of comma operator her - e [-Wcomma] - cur.base = i, cur.len = 1; - ^ - ./curl/lib/inet_ntop.c:121:9: note: cast expression to void to silence warnin - g - cur.base = i, cur.len = 1; - ^~~~~~~~~~~~ - (void)( ) + tests/libtest/lib1545.c:38:3: error: 'curl_formadd' is deprecated: since 7.56 + .0. Use curl_mime_init() [-Werror=deprecated-declarations] + 38 | curl_formadd(&m_formpost, &lastptr, CURLFORM_COPYNAME, "file", + | ^~~~~~~~~~~~ + [...] ``` - Closes #11790 + Follow-up to 07a3cd83e0456ca17dfd8c3104af7cf45b7a1ff5 #12421 -Daniel Stenberg (4 Sep 2023) + Fixes #12445 + Closes #12444 -- transfer: also stop the sending on closed connection +Daniel Stenberg (2 Dec 2023) - Previously this cleared the receiving bit only but in some cases it is - also still sending (like a request-body) when disconnected and neither - direction can continue then. +- INSTALL: update list of ports and CPU archs - Fixes #11769 - Reported-by: Oleg Jukovec - Closes #11795 +- symbols-in-versions: the CLOSEPOLICY options are deprecated -John Bampton (4 Sep 2023) + The were used with the CURLOPT_CLOSEPOLICY option, which *never* worked. -- docs: change `sub-domain` to `subdomain` +z2_ (1 Dec 2023) - https://en.wikipedia.org/wiki/Subdomain +- build: fix builds that disable protocols but not digest auth - Closes #11793 + - Build base64 functions if digest auth is not disabled. -Stefan Eissing (4 Sep 2023) + Prior to this change if some protocols were disabled but not digest auth + then a build error would occur due to missing base64 functions. -- multi: more efficient pollfd count for poll + Fixes https://github.com/curl/curl/issues/12440 + Closes https://github.com/curl/curl/pull/12442 - - do not use separate pollfds for sockets that have POLLIN+POLLOUT +MichaÅ‚ Antoniak (1 Dec 2023) - Closes #11792 +- connect: reduce number of transportation providers -- http2: polish things around POST + Use only the ones necessary - the ones that are built-in. Saves a few + bytes in the resulting code. - - added test cases for various code paths - - fixed handling of blocked write when stream had - been closed inbetween attempts - - re-enabled DEBUGASSERT on send with smaller data size + Closes #12438 - - in debug builds, environment variables can be set to simulate a slow - network when sending data. cf-socket.c and vquic.c support - * CURL_DBG_SOCK_WBLOCK: percentage of send() calls that should be - answered with a EAGAIN. TCP/UNIX sockets. - This is chosen randomly. - * CURL_DBG_SOCK_WPARTIAL: percentage of data that shall be written - to the network. TCP/UNIX sockets. - Example: 80 means a send with 1000 bytes would only send 800 - This is applied to every send. - * CURL_DBG_QUIC_WBLOCK: percentage of send() calls that should be - answered with EAGAIN. QUIC only. - This is chosen randomly. +David Benjamin (1 Dec 2023) - Closes #11756 +- vtls: consistently use typedef names for OpenSSL structs -Daniel Stenberg (4 Sep 2023) + The foo_st names don't appear in OpenSSL public API documentation. The + FOO typedefs are more common. This header was already referencing + SSL_CTX via . There is a comment about avoiding + , but OpenSSL actually declares all the typedefs in + , which is already included by (and + every other OpenSSL header), so just use that. Though I've included it + just to be explicit. -- docs: add curl_global_trace to some SEE ALSO sections + (I'm also fairly sure including already triggers the + Schannel conflicts anyway. The comment was probably just out of date.) - Closes #11791 + Closes #12439 -- os400: fix checksrc nits +Lau (1 Dec 2023) - Closes #11789 +- libcurl-security.3: fix typo -Nicholas Nethercote (3 Sep 2023) + Fixed minimal typo. -- hyper: remove `hyptransfer->endtask` + Closes #12437 - `Curl_hyper_stream` needs to distinguish between two kinds of - `HYPER_TASK_EMPTY` tasks: (a) the `foreach` tasks it creates itself, and - (b) background tasks that hyper produces. It does this by recording the - address of any `foreach` task in `hyptransfer->endtask` before pushing - it into the executor, and then comparing that against the address of - tasks later polled out of the executor. +Stefan Eissing (1 Dec 2023) - This works right now, but there is no guarantee from hyper that the - addresses are stable. `hyper_executor_push` says "The executor takes - ownership of the task, which should not be accessed again unless - returned back to the user with `hyper_executor_poll`". That wording is a - bit ambiguous but with my Rust programmer's hat on I read it as meaning - the task returned with `hyper_executor_poll` may be conceptually the - same as a task that was pushed, but that there are no other guarantees - and comparing addresses is a bad idea. +- ngtcp2: fix races in stream handling - This commit instead uses `hyper_task_set_userdata` to mark the `foreach` - task with a `USERDATA_RESP_BODY` value which can then be checked for, - removing the need for `hyptransfer->endtask`. This makes the code look - more like that hyper C API examples, which use userdata for every task - and never look at task addresses. + - fix cases where ngtcp2 invokes callbacks on streams that + nghttp3 has already forgotten. Ignore the NGHTTP3_ERR_STREAM_NOT_FOUND + in these cases as it is normal behaviour. - Closes #11779 + Closes #12435 -Dave Cottlehuber (3 Sep 2023) +Emanuele Torre (1 Dec 2023) -- ws: fix spelling mistakes in examples and tests +- tool_writeout_json: fix JSON encoding of non-ascii bytes - Closes #11784 + char variables if unspecified can be either signed or unsigned depending + on the platform according to the C standard; in most platforms, they are + signed. -Daniel Stenberg (3 Sep 2023) + This meant that the *i<32 waas always true for bytes with the top bit + set. So they were always getting encoded as \uXXXX, and then since they + were also signed negative, they were getting extended with 1s causing + '\xe2' to be expanded to \uffffffe2, for example: -- tool_filetime: make -z work with file dates before 1970 + $ curl --variable 'v=“' --expand-write-out '{{v:json}}\n' file:///dev/nul + l + \uffffffe2\uffffff80\uffffff9c - Fixes #11785 - Reported-by: Harry Sintonen - Closes #11786 + I fixed this bug by making the code use explicitly unsigned char* + variables instead of char* variables. -Dan Fandrich (1 Sep 2023) + Test 268 verifies -- build: fix portability of mancheck and checksrc targets + Reported-by: iconoclasthero + Closes #12434 - At least FreeBSD preserves cwd across makefile lines, so rules - consisting of more than one "cd X; do_something" must be explicitly run - in a subshell to avoid this. This problem caused the Cirrus FreeBSD - build to fail when parallel make jobs were enabled. +Stefan Eissing (1 Dec 2023) -- CI: adjust labeler match patterns for new & obsolete files +- cf-socket: TCP trace output local address used in connect -- configure: trust pkg-config when it's used for zlib + Closes #12427 - The library flags retrieved from pkg-config were later thrown out and - harded-coded, which negates the whole reason to use pkg-config. - Also, previously, the assumption was made that --libs-only-l and - --libs-only-L are the full decomposition of --libs, which is untrue and - would not allow linking against a static zlib. The new approach is - better in that it uses --libs, although only if --libs-only-l returns - nothing. +Jay Satiro (1 Dec 2023) - Bug: https://curl.se/mail/lib-2023-08/0081.html - Reported-by: Randall - Closes #11778 +- CURLINFO_PRETRANSFER_TIME_T.3: fix time explanation -Stefan Eissing (1 Sep 2023) + - Change CURLINFO_PRETRANSFER_TIME_T explanation to say that it + includes protocol-specific instructions that trigger a transfer. -- CI/ngtcp2: clear wolfssl for when cache is ignored + Prior to this change it explicitly said that it did not include those + instructions in the time, but that is incorrect. - Closes #11783 + The change is a copy of the fixed explanation already in + CURLINFO_PRETRANSFER_TIME, fixed by ec8dcd7b. -Daniel Stenberg (1 Sep 2023) + Reported-by: eeverettrbx@users.noreply.github.com -- RELEASE-NOTES: synced + Fixes https://github.com/curl/curl/issues/12431 + Closes https://github.com/curl/curl/pull/12432 -Nicholas Nethercote (1 Sep 2023) +Daniel Stenberg (30 Nov 2023) -- hyper: fix a progress upload counter bug +- multi: during ratelimit multi_getsock should return no sockets - `Curl_pgrsSetUploadCounter` should be a passed a total count, not an - increment. + ... as there is nothing to wait for then, it just waits. Otherwise, this + causes much more CPU work and updates than necessary during ratelimit + periods. - This changes the failing diff for test 579 with hyper from this: - ``` - Progress callback called with UL 0 out of 0[LF] - -Progress callback called with UL 8 out of 0[LF] - -Progress callback called with UL 16 out of 0[LF] - -Progress callback called with UL 26 out of 0[LF] - -Progress callback called with UL 61 out of 0[LF] - -Progress callback called with UL 66 out of 0[LF] - +Progress callback called with UL 29 out of 0[LF] - ``` - to this: - ``` - Progress callback called with UL 0 out of 0[LF] - -Progress callback called with UL 8 out of 0[LF] - -Progress callback called with UL 16 out of 0[LF] - -Progress callback called with UL 26 out of 0[LF] - -Progress callback called with UL 61 out of 0[LF] - -Progress callback called with UL 66 out of 0[LF] - +Progress callback called with UL 40 out of 0[LF] - ``` - Presumably a step in the right direction. + Ref: https://curl.se/mail/lib-2023-11/0056.html + Closes #12430 - Closes #11780 +Dmitry Karpov (30 Nov 2023) -Daniel Stenberg (1 Sep 2023) +- transfer: abort pause send when connection is marked for closing -- awssiv4: avoid freeing the date pointer on error + This handles cases of some bi-directional "upgrade" scenarios + (i.e. WebSockets) where sending is paused until some "upgrade" handshake + is completed, but server rejects the handshake and closes the + connection. - Since it was not allocated, don't free it even if it was wrong syntax + Closes #12428 - Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61908 +Daniel Stenberg (28 Nov 2023) - Follow-up to b137634ba3adb +- RELEASE-NOTES: synced - Closes #11782 +- openssl: when a session-ID is reused, skip OCSP stapling -Stefan Eissing (1 Sep 2023) + Fixes #12399 + Reported-by: Alexey Larikov + Closes #12418 -- CI: ngtcp2-linux: use separate caches for tls libraries +- test1545: test doing curl_formadd twice with missing file - allow ever changing master for wolfssl + Reproduces #12410 + Verifies the fix + Closes #12421 - Closes #11766 +- Curl_http_body: cleanup properly when Curl_getformdata errors -- replace `master` as wolfssl-version with recent commit + Reported-by: yushicheng7788 on github + Based-on-work-by: yushicheng7788 on github + Fixes #12410 + Closes #12421 -- wolfssl, use master again in CI +- test1477: verify that libcurl-errors.3 and public headers are synced - - with the shared session update fix landed in master, it - is time to use that in our CI again + The script errorcodes.pl extracts all error codes from all headers and + checks that they are all documented, then checks that all documented + error codes are also specified in a header file. -Nicholas Nethercote (31 Aug 2023) + Closes #12424 -- tests: fix formatting errors in `FILEFORMAT.md`. +- libcurl-errors.3: sync with current public headers - Without the surrounding backticks, these tags get swallowed when the - markdown is rendered. + Closes #12424 - Closes #11777 +Stefan Eissing (28 Nov 2023) -Viktor Szakats (31 Aug 2023) +- test459: fix for parallel runs -- cmake: add support for `CURL_DEFAULT_SSL_BACKEND` + - change warniing message to work better with varying filename + length. + - adapt test output check to new formatting - Allow overriding the default TLS backend via a CMake setting. + Follow-up to 97ccc4479f77ba3191c6 + Closes #12423 - E.g.: - `cmake [...] -DCURL_DEFAULT_SSL_BACKEND=mbedtls` +Daniel Stenberg (27 Nov 2023) - Accepted values: bearssl, gnutls, mbedtls, openssl, rustls, - schannel, secure-transport, wolfssl +- tool_cb_prg: make the carriage return fit for wide progress bars - The passed string is baked into the curl/libcurl binaries. - The value is case-insensitive. + When the progress bar was made max width (256 columns), the fly() + function attempted to generate its output buffer too long so that the + trailing carriage return would not fit and then the output would show + wrongly. The fly function is called when the expected total transfer is + unknown, which could be one or more progress calls before the actual + progress meter get shown when the expected transfer size is provided. - We added a similar option to autotools in 2017 via - c7170e20d0a18ec8a514b4daa53bcdbb4dcb3a05. + This new take also replaces the msnprintf() call with a much simpler + memset() for speed. - TODO: Convert to lowercase to improve reproducibility. + Reported-by: Tim Hill + Fixes #12407 + Closes #12415 - Closes #11774 +- tool_parsecfg: make warning output propose double-quoting -- sectransp: fix compiler warnings + When the config file parser detects a word that *probably* should be + quoted, mention double-quotes as a possible remedy. - https://github.com/curl/curl-for-win/actions/runs/6037489221/job/16381860220# - step:3:11046 - ``` - /Users/runner/work/curl-for-win/curl-for-win/curl/lib/vtls/sectransp.c:2435:1 - 4: warning: unused variable 'success' [-Wunused-variable] - OSStatus success; - ^ - /Users/runner/work/curl-for-win/curl-for-win/curl/lib/vtls/sectransp.c:3300:4 - 4: warning: unused parameter 'sha256len' [-Wunused-parameter] - size_t sha256len) - ^ - ``` + Test 459 verifies. - Closes #11773 + Proposed-by: Jiehong on github + Fixes #12409 + Closes #12412 -- tidy-up: mostly whitespace nits +Jay Satiro (26 Nov 2023) - - delete completed TODO from `./CMakeLists.txt`. - - convert a C++ comment to C89 in `./CMake/CurlTests.c`. - - delete duplicate EOLs from EOF. - - add missing EOL at EOF. - - delete whitespace at EOL (except from expected test results). - - convert tabs to spaces. - - convert CRLF EOLs to LF in GHA yaml. - - text casing fixes in `./CMakeLists.txt`. - - fix a codespell typo in `packages/OS400/initscript.sh`. +- curl.rc: switch out the copyright symbol for plain ASCII - Closes #11772 + .. like we already do for libcurl.rc. -Dan Fandrich (31 Aug 2023) + libcurl.rc copyright symbol used to cause a "non-ascii 8-bit codepoint" + warning so it was switched to ascii. -- CI: remove Windows builds from Cirrus, without replacement + Ref: https://github.com/curl/curl/commit/1ca62bb5#commitcomment-133474972 - If we don't do this, all coverage on Cirrus will cease in a few days. By - removing the Windows builds, the FreeBSD one should still continue - as before. The Windows builds will need be moved to another service to - maintain test coverage. + Suggested-by: Robert Southee - Closes #11771 + Closes https://github.com/curl/curl/pull/12403 -- CI: switch macOS ARM build from Cirrus to Circle CI +Daniel Stenberg (26 Nov 2023) - Cirrus is drastically reducing their free tier on Sept. 1, so they will - no longer perform all these builds for us. All but one build has been - moved, with the LibreSSL one being dropped because of linking problems - on Circle. +- conncache: use the closure handle when disconnecting surplus connections - One important note about this change is that Circle CI is currently - directing all these builds to x86_64 hardware, despite them requesting - ARM. This is because ARM nodes are scheduled to be available on the - free tier only in December. This reduces our architectural diversity - until then but it should automatically come back once those machines are - enabled. + Use the closure handle for disconnecting connection cache entries so + that anything that happens during the disconnect is not stored and + associated with the 'data' handle which already just finished a transfer + and it is important that details from the unrelated disconnect does not + taint meta-data in the data handle. -- CI: use the right variable for BSD make + Like storing the response code. - BSD uses MAKEFLAGS instead of MAKE_FLAGS so it wasn't doing parallel - builds before. + This also adjust test 1506. Unfortunately it also removes a key part of + the test that verifies that a connection is closed since when this + output vanishes (because the closure handle is used), we don't know + exactly that the connection actually gets closed in this test... -- CI: drop the FreeBSD 12.X build + Reported-by: ohyeaah on github + Fixes #12367 + Closes #12405 - Cirrus' new free tier won't let us have many builds, so drop the - nonessential ones. The FreeBSD 13.X build will still give us the most - relevant FreeBSD coverage. +- RELEASE-NOTES: synced -- CI: move the Alpine build from Cirrus to GHA +Stefan Eissing (24 Nov 2023) - Cirrus is reducing their free tier to next to nothing, so we must move - builds elsewhere. +- quic: make eyeballers connect retries stop at weird replies -Stefan Eissing (30 Aug 2023) + - when a connect immediately goes into DRAINING state, do + not attempt retries in the QUIC connection filter. Instead, + return CURLE_WEIRD_SERVER_REPLY + - When eyeballing, interpret CURLE_WEIRD_SERVER_REPLY as an + inconclusive answer. When all addresses have been attempted, + rewind the address list once on an inconclusive answer. + - refs #11832 where connects were retried indefinitely until + the overall timeout fired -- test_07_upload.py: fix test_07_34 curl args + Closes #12400 - - Pass correct filename to --data-binary. +Daniel Stenberg (24 Nov 2023) - Prior to this change --data-binary was passed an incorrect filename due - to a missing separator in the arguments list. Since aacbeae7 curl will - error on incorrect filenames for POST. +- CI: verify libcurl function SYNPOSIS sections - Fixes https://github.com/curl/curl/issues/11761 - Closes https://github.com/curl/curl/pull/11763 + With the .github/scripits/verify-synopsis.pl script -Nicholas Nethercote (30 Aug 2023) + Closes #12402 -- tests: document which tests fail due to hyper's lack of trailer support. +- docs/libcurl: SYNSOPSIS cleanup - Closes #11762 + - use the correct include file + - make sure they are declared as in the header file + - fix minor nroff syntax mistakes (missing .fi) -- docs: removing "pausing transfers" from HYPER.md. + These are verified by verify-synopsis.pl, which extracts the SYNPOSIS + code and runs it through gcc. - It's a reference to #8600, which was fixed by #9070. + Closes #12402 - Closes #11764 +- sendf: fix comment typo -Patrick Monnerat (30 Aug 2023) +- fopen: allocate the dir after fopen -- os400: handle CURL_TEMP_PRINTF() while building bind source + Move the allocation of the directory name down to after the fopen() call + to allow that shortcut code path to avoid a superfluous malloc+free + cycle. - Closes #11547 + Follow-up to 73b65e94f35311 -- os400: build test servers + Closes #12398 - Also fix a non-compliant main prototype in disabled.c. +Stefan Eissing (24 Nov 2023) - Closes #11547 +- transfer: cleanup done+excess handling -- tests: fix compilation error for os400 + - add `SingleRequest->download_done` as indicator that + all download bytes have been received + - remove `stop_reading` bool from readwrite functions + - move excess body handling into client download writer - OS400 uses BSD 4.3 setsockopt() prototype by default: this does not - define parameter as const, resulting in an error if actual parameter is - const. Remove the const keyword from the actual parameter cast: this - works in all conditions, even if the formal parameter uses it. + Closes #12371 - Closes #11547 +Daniel Stenberg (23 Nov 2023) -- os400: make programs and command name configurable +- fopen: create new file using old file's mode - Closes #11547 + Because the function renames the temp file to the target name as a last + step, if the file was previously owned by a different user, not ORing + the old mode could otherwise end up creating a file that was no longer + readable by the original owner after save. -- os400: move build configuration parameters to a separate script + Reported-by: Loïc Yhuel + Fixes #12299 + Closes #12395 - They can then easily be overriden in a script named "config400.override" - that is not part of the distribution. +- test1476: require proxy - Closes #11547 + Follow-up from 323df4261c3542 -- os400: implement CLI tool + Closes #12394 - This is provided as a QADRT (ascii) program, a link to it in the IFS and - a minimal CL command. +- fopen: create short(er) temporary file name - Closes #11547 + Only using random letters in the name plus a ".tmp" extension. Not by + appending characters to the final file name. -Matthias Gatto (30 Aug 2023) + Reported-by: Maksymilian Arciemowicz -- lib: fix aws-sigv4 having date header twice in some cases + Closes #12388 - When the user was providing the header X-XXX-Date, the header was - re-added during signature computation, and we had it twice in the - request. +Stefan Eissing (23 Nov 2023) - Reported-by: apparentorder@users.noreply.github.com +- tests: git ignore generated second-hsts.txt file - Signed-off-by: Matthias Gatto + File is generated in test lib1900 - Fixes: https://github.com/curl/curl/issues/11738 - Closes: https://github.com/curl/curl/pull/11754 + Follow-up to 7cb03229d9e9c5 -Jay Satiro (30 Aug 2023) + Closes #12393 -- multi: remove 'processing: ' debug message +Viktor Szakats (23 Nov 2023) - - Remove debug message added by e024d566. +- openssl: enable `infof_certstack` for 1.1 and LibreSSL 3.6 - Closes https://github.com/curl/curl/pull/11759 + Lower the barrier to enable `infof_certstack()` from OpenSSL 3 to + OpenSSL 1.1.x, and LibreSSL 3.6 or upper. -- ftp: fix temp write of ipv6 address + With the caveat, that "group name" and "type name" are missing from + the log output with these TLS backends. - - During the check to differentiate between a port and IPv6 address - without brackets, write the binary IPv6 address to an in6_addr. + Follow-up to b6e6d4ff8f253c8b8055bab9d4d6a10f9be109f3 #12030 - Prior to this change the binary IPv6 address was erroneously written to - a sockaddr_in6 'sa6' when it should have been written to its in6_addr - member 'sin6_addr'. There's no fallout because no members of 'sa6' are - accessed before it is later overwritten. + Reviewed-by: Daniel Stenberg + Closes #12385 - Closes https://github.com/curl/curl/pull/11747 +Daniel Stenberg (23 Nov 2023) -- tool: change some fopen failures from warnings to errors +- urldata: fix typo in comment - - Error on missing input file for --data, --data-binary, - --data-urlencode, --header, --variable, --write-out. +- CI: codespell - Prior to this change if a user of the curl tool specified an input file - for one of the above options and that file could not be opened then it - would be treated as zero length data instead of an error. For example, a - POST using `--data @filenametypo` would cause a zero length POST which - is probably not what the user intended. + The list of words to ignore is in the file + .github/scripts/codespell-ignore.txt - Closes https://github.com/curl/curl/pull/11677 + Closes #12390 -- hostip: fix typo +- lib: fix comment typos -Davide Masserut (29 Aug 2023) + Five separate ones, found by codespell -- tool: avoid including leading spaces in the Location hyperlink + Closes #12390 - Co-authored-by: Dan Fandrich +- test1476: verify cookie PSL mixed case - Closes #11735 +- cookie: lowercase the domain names before PSL checks -Daniel Stenberg (29 Aug 2023) + Reported-by: Harry Sintonen -- SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline + Closes #12387 - Closes #11757 +Viktor Szakats (23 Nov 2023) -- connect: stop halving the remaining timeout when less than 600 ms left +- openssl: fix building with v3 `no-deprecated` + add CI test - When curl wants to connect to a host, it always has a TIMEOUT. The - maximum time it is allowed to spend until a connect is confirmed. + - build quictls with `no-deprecated` in CI to have test coverage for + this OpenSSL 3 configuration. - curl will try to connect to each of the IP adresses returned for the - host. Two loops, one for each IP family. + - don't call `OpenSSL_add_all_algorithms()`, `OpenSSL_add_all_digests()`. + The caller code is meant for OpenSSL 3, while these two functions were + only necessary before OpenSSL 1.1.0. They are missing from OpenSSL 3 + if built with option `no-deprecated`, causing build errors: + ``` + vtls/openssl.c:4097:3: error: call to undeclared function 'OpenSSL_add_all_ + algorithms'; ISO C99 and later do not support implicit function declaration + s [-Wimplicit-function-declaration] + vtls/openssl.c:4098:3: error: call to undeclared function 'OpenSSL_add_all_ + digests'; ISO C99 and later do not support implicit function declarations [ + -Wimplicit-function-declaration] + ``` + Ref: https://ci.appveyor.com/project/curlorg/curl-for-win/builds/48587418?f + ullLog=true#L7667 - During the connect loop, while curl has more than one IP address left to - try within a single address family, curl has traditionally allowed (time - left/2) for *this* connect attempt. This, to not get stuck on the - initial addresses in case the timeout but still allow later addresses to - get attempted. + Regression from b6e6d4ff8f253c8b8055bab9d4d6a10f9be109f3 #12030 + Bug: https://github.com/curl/curl/issues/12380#issuecomment-1822944669 + Reviewed-by: Alex Bozarth - This has the downside that when users set a very short timeout and the - host has a large number of IP addresses, the effective result might be - that every attempt gets a little too short time. + - vquic/curl_ngtcp2: fix using `SSL_get_peer_certificate` with + `no-deprecated` quictls 3 builds. + Do it by moving an existing solution for this from `vtls/openssl.c` + to `vtls/openssl.h` and adjusting caller code. + ``` + vquic/curl_ngtcp2.c:1950:19: error: implicit declaration of function 'SSL_g + et_peer_certificate'; did you mean 'SSL_get1_peer_certificate'? [-Wimplicit + -function-declaration] + ``` + Ref: https://github.com/curl/curl/actions/runs/6960723097/job/18940818625#s + tep:24:1178 - This change stop doing the divided-by-two if the total time left is - below a threshold. This threshold is 600 milliseconds. + - curl_ntlm_core: fix `-Wunused-parameter`, `-Wunused-variable` and + `-Wunused-function` when trying to build curl with NTLM enabled but + without the necessary TLS backend (with DES) support. - Closes #11693 + Closes #12384 -- asyn-ares: reduce timeout to 2000ms +- curl.h: delete Symbian OS references - When UDP packets get lost this makes for slightly faster retries. This - lower timeout is used by @c-ares itself by default starting next - release. + curl deprecated Symbian OS in 3d64031fa7a80ac4ae3fd09a5939196268b92f81 + via #5989. Delete references to it from public headers, because there + is no fresh release to use those headers with. - Closes #11753 + Reviewed-by: Dan Fandrich + Reviewed-by: Jay Satiro + Closes #12378 -John Bampton (29 Aug 2023) +- windows: use built-in `_WIN32` macro to detect Windows -- misc: remove duplicate words + Windows compilers define `_WIN32` automatically. Windows SDK headers + or build env defines `WIN32`, or we have to take care of it. The + agreement seems to be that `_WIN32` is the preferred practice here. + Make the source code rely on that to detect we're building for Windows. - Closes #11740 + Public `curl.h` was using `WIN32`, `__WIN32__` and `CURL_WIN32` for + Windows detection, next to the official `_WIN32`. After this patch it + only uses `_WIN32` for this. Also, make it stop defining `CURL_WIN32`. -Daniel Stenberg (29 Aug 2023) + There is a slight chance these break compatibility with Windows + compilers that fail to define `_WIN32`. I'm not aware of any obsolete + or modern compiler affected, but in case there is one, one possible + solution is to define this macro manually. -- RELEASE-NOTES: synced + grepping for `WIN32` remains useful to discover Windows-specific code. -- wolfSSL: avoid the OpenSSL compat API when not needed + Also: - ... and instead call wolfSSL functions directly. + - extend `checksrc` to ensure we're not using `WIN32` anymore. - Closes #11752 + - apply minor formatting here and there. -Viktor Szakats (28 Aug 2023) + - delete unnecessary checks for `!MSDOS` when `_WIN32` is present. -- lib: fix null ptr derefs and uninitialized vars (h2/h3) + Co-authored-by: Jay Satiro + Reviewed-by: Daniel Stenberg - Fixing compiler warnings with gcc 13.2.0 in unity builds. + Closes #12376 - Assisted-by: Jay Satiro - Assisted-by: Stefan Eissing - Closes #11739 +Stefan Eissing (22 Nov 2023) -Jay Satiro (28 Aug 2023) +- url: ConnectionExists revisited -- secureserver.pl: fix stunnel version parsing + - have common pattern of `if not match, continue` + - revert pages long if()s to return early + - move dead connection check to later since it may + be relatively expensive + - check multiuse also when NOT building with NGHTTP2 + - for MULTIUSE bundles, verify that the inspected + connection indeed supports multiplexing when in use + (bundles may contain a mix of connection, afaict) - - Allow the stunnel minor-version version part to be zero. + Closes #12373 - Prior to this change with the stunnel version scheme of . - if either part was 0 then version parsing would fail, causing - secureserver.pl to fail with error "No stunnel", causing tests that use - the SSL protocol to be skipped. As a practical matter this bug can only - be caused by a minor-version part of 0, since the major-version part is - always greater than 0. +Daniel Stenberg (22 Nov 2023) - Closes https://github.com/curl/curl/pull/11722 +- CURLMOPT_MAX_CONCURRENT_STREAMS: make sure the set value is within range -- secureserver.pl: fix stunnel path quoting + ... or use the default value. - - Store the stunnel path in the private variable $stunnel unquoted and - instead quote it in the command strings. + Also clarify the documentation language somewhat. - Prior to this change the quoted stunnel path was passed to perl's file - operators which cannot handle quoted paths. For example: + Closes #12382 - $stunnel = "\"/C/Program Files (x86)/stunnel/bin/tstunnel\""; - if(-x $stunnel or -x "$stunnel") - # false even if path exists and is executable +- urldata: make maxconnects a 32 bit value - Our other test scripts written in perl, unlike this one, use servers.pm - which has a global $stunnel variable with the path stored unquoted and - therefore those scripts don't have this problem. + "2^32 idle connections ought to be enough for anybody" - Closes https://github.com/curl/curl/pull/11721 + Closes #12375 -Daniel Stenberg (28 Aug 2023) +- FEATURES: update the URL phrasing -- altsvc: accept and parse IPv6 addresses in response headers + The URL is length limited since a while back so "no limit" simply is not + true anymore. Mention the URL RFC standard used instead. - Store numerical IPv6 addresses in the alt-svc file with the brackets - present. + Closes #12383 - Verify with test 437 and 438 +- wolfssh: remove redundant static prototypes - Fixes #11737 - Reported-by: oliverpool on github - Closes #11743 + vssh/wolfssh.c:346:18: error: redundant redeclaration of ‘wscp_recv’ [-We + rror=redundant-decls] -- libtest: use curl_free() to free libcurl allocated data + Closes #12381 - In several test programs. These mistakes are not detected or a problem - as long as memdebug.h is included, as that provides the debug wrappers - for all memory functions in the same style libcurl internals do it, - which makes curl_free and free effectively the same call. +- setopt: remove superfluous use of ternary expressions - Reported-by: Nicholas Nethercote - Closes #11746 + Closes #12374 -Jay Satiro (28 Aug 2023) +- mime: store "form escape" as a single bit -- disable.d: explain --disable not implemented prior to 7.50.0 + Closes #12374 - Option -q/--disable was added in 5.0 but only -q was actually - implemented. Later --disable was implemented in e200034 (precedes - 7.49.0), but incorrectly, and fixed in 6dbc23c (precedes 7.50.0). +- setopt: check CURLOPT_TFTP_BLKSIZE range on set - Reported-by: pszlazak@users.noreply.github.com + ... instead of later when the transfer is about to happen. - Fixes https://github.com/curl/curl/issues/11710 - Closes #11712 + Closes #12374 -Nicholas Nethercote (28 Aug 2023) +Viktor Szakats (21 Nov 2023) -- hyper: fix ownership problems +- build: add more picky warnings and fix them - Some of these changes come from comparing `Curl_http` and - `start_CONNECT`, which are similar, and adding things to them that are - present in one and missing in another. + Enable more picky compiler warnings. I've found these options in the + nghttp3 project when implementing the CMake quick picky warning + functionality for it [1]. - The most important changes: - - In `start_CONNECT`, add a missing `hyper_clientconn_free` call on the - happy path. - - In `start_CONNECT`, add a missing `hyper_request_free` on the error - path. - - In `bodysend`, add a missing `hyper_body_free` on an early-exit path. - - In `bodysend`, remove an unnecessary `hyper_body_free` on a different - error path that would cause a double-free. - https://docs.rs/hyper/latest/hyper/ffi/fn.hyper_request_set_body.html - says of `hyper_request_set_body`: "This takes ownership of the - hyper_body *, you must not use it or free it after setting it on the - request." This is true even if `hyper_request_set_body` returns an - error; I confirmed this by looking at the hyper source code. + `-Wunused-macros` was too noisy to keep around, but fixed a few issues + it revealed while testing. - Other changes are minor but make things slightly nicer. + - autotools: reflect the more precisely-versioned clang warnings. + Follow-up to 033f8e2a08eb1d3102f08c4d8c8e85470f8b460e #12324 + - autotools: sync between clang and gcc the way we set `no-multichar`. + - autotools: avoid setting `-Wstrict-aliasing=3` twice. + - autotools: disable `-Wmissing-noreturn` for MSYS gcc targets [2]. + It triggers in libtool-generated stub code. - Closes #11745 + - lib/timeval: delete a redundant `!MSDOS` guard from a `WIN32` branch. -Daniel Stenberg (28 Aug 2023) + - lib/curl_setup.h: delete duplicate declaration for `fileno`. + Added in initial commit ae1912cb0d494b48d514d937826c9fe83ec96c4d + (1999-12-29). This suggests this may not be needed anymore, but if + it does, we may restore this for those specific (non-Windows) systems. + - lib: delete unused macro `FTP_BUFFER_ALLOCSIZE` since + c1d6fe2aaa5a26e49a69a4f2495b3cc7a24d9394. + - lib: delete unused macro `isxdigit_ascii` since + f65f750742068f579f4ee6d8539ed9d5f0afcb85. + - lib/mqtt: delete unused macro `MQTT_HEADER_LEN`. + - lib/multi: delete unused macro `SH_READ`/`SH_WRITE`. + - lib/hostip: add `noreturn` function attribute via new `CURL_NORETURN` + macro. + - lib/mprintf: delete duplicate declaration for `Curl_dyn_vprintf`. + - lib/rand: fix `-Wunreachable-code` and related fallouts [3]. + - lib/setopt: fix `-Wunreachable-code-break`. + - lib/system_win32 and lib/timeval: fix double declarations for + `Curl_freq` and `Curl_isVistaOrGreater` in CMake UNITY mode [4]. + - lib/warnless: fix double declarations in CMake UNITY mode [5]. + This was due to force-disabling the header guard of `warnless.h` to + to reapply it to source code coming after `warnless.c` in UNITY + builds. This reapplied declarations too, causing the warnings. + Solved by adding a header guard for the lines that actually need + to be reapplied. + - lib/vauth/digest: fix `-Wunreachable-code-break` [6]. + - lib/vssh/libssh2: fix `-Wunreachable-code-break` and delete redundant + block. + - lib/vtls/sectransp: fix `-Wunreachable-code-break` [7]. + - lib/vtls/sectransp: suppress `-Wunreachable-code`. + Detected in `else` branches of dynamic feature checks, with results + known at compile-time, e.g. + ```c + if(SecCertificateCopySubjectSummary) /* -> true */ + ``` + Likely fixable as a separate micro-project, but given SecureTransport + is deprecated anyway, let's just silence these locally. + - src/tool_help: delete duplicate declaration for `helptext`. + - src/tool_xattr: fix `-Wunreachable-code`. + - tests: delete duplicate declaration for `unitfail` [8]. + - tests: delete duplicate declaration for `strncasecompare`. + - tests/libtest: delete duplicate declaration for `gethostname`. + Originally added in 687df5c8c39c370a59999b9afc0917d808d978b7 + (2010-08-02). + Got complicated later: c49e9683b85ba9d12cbb6eebc4ab2c8dba68fbdc + If there are still systems around with warnings, we may restore the + prototype, but limited for those systems. + - tests/lib2305: delete duplicate declaration for + `libtest_debug_config`. + - tests/h2-download: fix `-Wunreachable-code-break`. + + [1] https://github.com/ngtcp2/nghttp3/blob/a70edb08e954d690e8fb2c1df999b5a056 + f8bf9f/cmake/PickyWarningsC.cmake + [2] https://ci.appveyor.com/project/curlorg/curl/builds/48553586/job/3qkgjaui + qla5fj45?fullLog=true#L1675 + [3] https://github.com/curl/curl/actions/runs/6880886309/job/18716044703?pr=1 + 2331#step:7:72 + https://github.com/curl/curl/actions/runs/6883016087/job/18722707368?pr=1 + 2331#step:7:109 + [4] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrr + iklpf1ut#L204 + [5] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrr + iklpf1ut#L218 + [6] https://github.com/curl/curl/actions/runs/6880886309/job/18716042927?pr=1 + 2331#step:7:290 + [7] https://github.com/curl/curl/actions/runs/6891484996/job/18746659406?pr=1 + 2331#step:9:1193 + [8] https://github.com/curl/curl/actions/runs/6882803986/job/18722082562?pr=1 + 2331#step:33:1870 + + Closes #12331 + +Daniel Stenberg (21 Nov 2023) + +- transfer: avoid unreachable expression + + If curl_off_t and size_t have the same size (which is common on modern + 64 bit systems), a condition cannot occur which Coverity pointed + out. Avoid the warning by having the code conditionally only used if + curl_off_t actually is larger. + + Follow-up to 1cd2f0072fa482e25baa2 + + Closes #12370 + +Stefan Eissing (21 Nov 2023) + +- transfer: readwrite improvements + + - changed header/chunk/handler->readwrite prototypes to accept `buf`, + `blen` and a `pconsumed` pointer. They now get the buffer to work on + and report back how many bytes they consumed + - eliminated `k->str` in SingleRequest + - improved excess data handling to properly calculate with any body data + left in the headerb buffer + - eliminated `k->badheader` enum to only be a bool + + Closes #12283 + +Daniel Stenberg (21 Nov 2023) -- multi.h: the 'revents' field of curl_waitfd is supported +- RELEASE-NOTES: synced - Since 6d30f8ebed34e7276 +Jiří HruÅ¡ka (21 Nov 2023) - Reported-by: Nicolás Ojeda Bär - Ref: #11748 - Closes #11749 +- transfer: avoid calling the read callback again after EOF -Gerome Fournier (27 Aug 2023) + Regression since 7f43f3dc5994d01b12 (7.84.0) -- tool_paramhlp: improve str2num(): avoid unnecessary call to strlen() + Bug: https://curl.se/mail/lib-2023-11/0017.html - Closes #11742 + Closes #12363 -Daniel Stenberg (27 Aug 2023) +Daniel Stenberg (21 Nov 2023) -- docs: mention critical files in same directories as curl saves +- doh: provide better return code for responses w/o addresses - ... cannot be fully protected. Don't do it. + Previously it was wrongly returning CURLE_OUT_OF_MEMORY when the + response did not contain any addresses. Now it more accurately returns + CURLE_COULDNT_RESOLVE_HOST. - Co-authored-by: Jay Satiro - Reported-by: Harry Sintonen - Fixes #11530 - Closes #11701 + Reported-by: lRoccoon on github -John Hawthorn (26 Aug 2023) + Fixes #12365 + Closes #12366 -- OpenSSL: clear error queue after SSL_shutdown +Stefan Eissing (21 Nov 2023) - We've seen errors left in the OpenSSL error queue (specifically, - "shutdown while in init") by adding some logging it revealed that the - source was this file. +- HTTP/2, HTTP/3: handle detach of onoing transfers - Since we call SSL_read and SSL_shutdown here, but don't check the return - code for an error, we should clear the OpenSSL error queue in case one - was raised. + - refs #12356 where a UAF is reported when closing a connection + with a stream whose easy handle was cleaned up already + - handle DETACH events same as DONE events in h2/h3 filters - This didn't affect curl because we call ERR_clear_error before every - write operation (a0dd9df9ab35528eb9eb669e741a5df4b1fb833c), but when - libcurl is used in a process with other OpenSSL users, they may detect - an OpenSSL error pushed by libcurl's SSL_shutdown as if it was their - own. + Fixes #12356 + Reported-by: PaweÅ‚ Wegner + Closes #12364 - Co-authored-by: Satana de Sant'Ana +Viktor Szakats (20 Nov 2023) - Closes #11736 +- autotools: stop setting `-std=gnu89` with `--enable-warnings` -Alexander Kanavin (25 Aug 2023) + Do not alter the C standard when building with `--enable-warnings` when + building with gcc. -- tests: update cookie expiry dates to far in the future + On one hand this alters warning results compared to a default build. + On the other, it may produce different binaries, which is unexpected. - This allows testing Y2038 with system time set to after that, so that - actual Y2038 issues can be exposed, and not masked by expiry errors. + Also fix new warnings that appeared after removing `-std=gnu89`: - Fixes #11576 - Closes #11610 + - include: fix public curl headers to use the correct printf mask for + `CURL_FORMAT_CURL_OFF_T` and `CURL_FORMAT_CURL_OFF_TU` with mingw-w64 + and Visual Studio 2013 and newer. This fixes the printf mask warnings + in examples and tests. E.g. [1] -John Bampton (25 Aug 2023) + - conncache: fix printf format string [2]. -- misc: fix spelling + - http2: fix potential null pointer dereference [3]. + (seen on Slackware with gcc 11.) - Closes #11733 + - libssh: fix printf format string in SFTP code [4]. + Also make MSVC builds compatible with old CRT versions. -Daniel Stenberg (25 Aug 2023) + - libssh2: fix printf format string in SFTP code for MSVC. + Applying the same fix as for libssh above. -- cmdline-opts/page-header: clarify stronger that !opt == URL + - unit1395: fix `argument is null` and related issues [5]: + - stop calling `strcmp()` with NULL to avoid undefined behaviour. + - fix checking results if some of them were NULL. + - do not pass NULL to printf `%s`. - Everything provided on the command line that is not an option (or an - argument to an option) is treated as a URL. + - ci: keep a build job with `-std=gnu89` to continue testing for + C89-compliance. We can apply this to other gcc jobs as needed. + Ref: b23ce2cee7329bbf425f18b49973b7a5f23dfcb4 (2022-09-23) #9542 - Closes #11734 + [1] https://dev.azure.com/daniel0244/curl/_build/results?buildId=18581&view=l + ogs&jobId=ccf9cc6d-2ef1-5cf2-2c09-30f0c14f923b + [2] https://github.com/curl/curl/actions/runs/6896854263/job/18763831142?pr=1 + 2346#step:6:67 + [3] https://github.com/curl/curl/actions/runs/6896854253/job/18763839238?pr=1 + 2346#step:30:214 + [4] https://github.com/curl/curl/actions/runs/6896854253/job/18763838007?pr=1 + 2346#step:29:895 + [5] https://github.com/curl/curl/actions/runs/6896854253/job/18763836775?pr=1 + 2346#step:33:1689 -- tests/runner: fix %else handling + Closes #12346 - Getting the show state proper for %else and %endif did not properly work - in nested cases. +- autotools: fix/improve gcc and Apple clang version detection - Follow-up to 3d089c41ea9 + - Before this patch we expected `n.n` `-dumpversion` output, but Ubuntu + may return `n-win32` (also with `-dumpfullversion`). Causing these + errors and failing to enable picky warnings: + ``` + ../configure: line 23845: test: : integer expression expected + ``` + Ref: https://github.com/libssh2/libssh2/actions/runs/6263453828/job/1700789 + 3718#step:5:143 - Closes #11731 + Fix that by stripping any dash-suffix and handling a dotless (major-only) + version number by assuming `.0` in that case. -Nicholas Nethercote (25 Aug 2023) + `9.3-posix`, `9.3-win32`, `6`, `9.3.0`, `11`, `11.2`, `11.2.0` + Ref: https://github.com/mamedev/mame/pull/9767 -- docs: Remove mention of #10803 from `KNOWN_BUGS`. + - fix Apple clang version detection for releases between + 'Apple LLVM version 7.3.0' and 'Apple LLVM version 10.0.1' where the + version was under-detected as 3.7 llvm/clang equivalent. - Because the leaks have been fixed. + - fix Apple clang version detection for 'Apple clang version 11.0.0' + and newer where the Apple clang version was detected, instead of its + llvm/clang equivalent. -- c-hyper: fix another memory leak in `Curl_http`. + - display detected clang/gcc/icc compiler version. - There is a `hyper_clientconn_free` call on the happy path, but not one - on the error path. This commit adds one. + Via libssh2: + - https://github.com/libssh2/libssh2/commit/00a3b88c51cdb407fbbb347a2e38c5c7d + 89875ad + https://github.com/libssh2/libssh2/pull/1187 + - https://github.com/libssh2/libssh2/commit/89ccc83c7da73e7ca3a112e3500081319 + 42b592e + https://github.com/libssh2/libssh2/pull/1232 - Fixes the second memory leak reported by Valgrind in #10803. + Closes #12362 - Fixes #10803 - Closes #11729 +- autotools: delete LCC compiler support bits -- c-hyper: fix a memory leak in `Curl_http`. + Follow-up to fd7ef00f4305a2919e6950def1cf83d0110a4acd #12222 - A request created with `hyper_request_new` must be consumed by either - `hyper_clientconn_send` or `hyper_request_free`. + Closes #12357 - This is not terrifically clear from the hyper docs -- - `hyper_request_free` is documented only with "Free an HTTP request if - not going to send it on a client" -- but a perusal of the hyper code - confirms it. +- cmake: add test for `DISABLE` options, add `CURL_DISABLE_HEADERS_API` - This commit adds a `hyper_request_free` to the `error:` path in - `Curl_http` so that the request is consumed when an error occurs after - the request is created but before it is sent. + - tests: verify CMake `DISABLE` options. - Fixes the first memory leak reported by Valgrind in #10803. + Make an exception for 2 CMake-only ones, and one more that's + using a different naming scheme, also in autotools and source. - Closes #11729 + - cmake: add support for `CURL_DISABLE_HEADERS_API`. -Daniel Stenberg (25 Aug 2023) + Suggested-by: Daniel Stenberg + Ref: https://github.com/curl/curl/pull/12345#pullrequestreview-1736238641 -- RELEASE-NOTES: synced + Closes #12353 -John Bampton (25 Aug 2023) +Jacob Hoffman-Andrews (20 Nov 2023) -- misc: spellfixes +- hyper: temporarily remove HTTP/2 support - Closes #11730 + The current design of the Hyper integration requires rebuilding the + Hyper clientconn for each request. However, building the clientconn + requires resending the HTTP/2 connection preface, which is incorrect + from a protocol perspective. That in turn causes servers to send GOAWAY + frames, effectively degrading performance to "no connection reuse" in + the best case. It may also be triggering some bugs where requests get + dropped entirely and reconnects take too long. -Daniel Stenberg (25 Aug 2023) + This doesn't rule out HTTP/2 support with Hyper, but it may take a + redesign of the Hyper integration in order to make things work. -- tests: add support for nested %if conditions + Closes #12191 - Provides more flexiblity to test cases. +Jay Satiro (20 Nov 2023) - Also warn and bail out if there is an '%else' or %endif' without a - preceeding '%if'. +- schannel: fix unused variable warning - Ref: #11610 - Closes #11728 + Bug: https://github.com/curl/curl/pull/12349#issuecomment-1818000846 + Reported-by: Viktor Szakats -- time-cond.d: mention what happens on a missing file + Closes https://github.com/curl/curl/pull/12361 - Closes #11727 +Daniel Stenberg (19 Nov 2023) -Christian Hesse (24 Aug 2023) +- url: find scheme with a "perfect hash" -- docs/cmdline-opts: match the current output + Instead of a loop to scan over the potentially 30+ scheme names, this + uses a "perfect hash" table. This works fine because the set of schemes + is known and cannot change in a build. The hash algorithm and table size + is made to only make a single scheme index per table entry. - The release date has been added in output, reflect that in documentation. + The perfect hash is generated by a separate tool (scripts/schemetable.c) - Closes #11723 + Closes #12347 -Daniel Stenberg (24 Aug 2023) +- scripts: add schemetable.c -- lib: minor comment corrections + This tool generates a scheme-matching table. -- docs: rewrite to present tense + It iterates over a number of different initial and shift values in order + to find the hash algorithm that needs the smallest possible table. - ... instead of using future tense. + The generated hash function, table and table size then needs to be used + by the url.c:Curl_getn_scheme_handler() function. - + numerous cleanups and improvements - + stick to "reuse" not "re-use" - + fewer contractions +Stefan Eissing (19 Nov 2023) - Closes #11713 +- vtls/vquic, keep peer name information together -- urlapi: setting a blank URL ("") is not an ok URL + - add `struct ssl_peer` to keep hostname, dispname and sni + for a filter + - allocate `sni` for use in VTLS backend + - eliminate `Curl_ssl_snihost()` and its use of the download buffer + - use ssl_peer in SSL and QUIC filters - Test it in 1560 - Fixes #11714 - Reported-by: ad0p on github - Closes #11715 + Closes #12349 -- spelling: use 'reuse' not 're-use' in code and elsewhere +Viktor Szakats (18 Nov 2023) - Unify the spelling as both versions were previously used intermittently +- build: always revert `#pragma GCC diagnostic` after use - Closes #11717 + Before this patch some source files were overriding gcc warning options, + but without restoring them at the end of the file. In CMake UNITY builds + these options spilled over to the remainder of the source code, + effecitvely disabling them for a larger portion of the codebase than + intended. -Michael Osipov (23 Aug 2023) + `#pragma clang diagnostic` didn't have such issue in the codebase. -- system.h: add CURL_OFF_T definitions on HP-UX with HP aCC + Reviewed-by: Marcel Raad + Closes #12352 - HP-UX on IA64 provides two modes: 32 and 64 bit while 32 bit being the - default one. Use "long long" in 32 bit mode and just "long" in 64 bit - mode. +- tidy-up: casing typos, delete unused Windows version aliases - Closes #11718 + - cmake: fix casing of `UnixSockets` to match the rest of the codebase. -Dan Fandrich (22 Aug 2023) + - curl-compilers.m4: fix casing in a comment. -- tests: don't call HTTP errors OK in test cases + - setup-win32: delete unused Windows version constant aliases. - Some HTTP errors codes were accompanied by the text OK, which causes - some cognitive dissonance when reading them. + Reviewed-by: Marcel Raad + Closes #12351 -- http: close the connection after a late 417 is received +- keylog: disable if unused - In this situation, only part of the data has been sent before aborting - so the connection is no longer usable. + Fully disable keylog code if there is no TLS or QUIC subsystem using it. - Assisted-by: Jay Satiro - Fixes #11678 - Closes #11679 + Closes #12350 -- runtests: slightly increase the longest log file displayed +- cmake: add `CURL_DISABLE_BINDLOCAL` option - The new limit provides enough space for a 64 KiB data block to be logged - in a trace file, plus a few lines at the start and end for context. This - happens to be the amount of data sent at a time in a PUT request. + To match similar autotools option. -- tests: add delay command to the HTTP server + Default is `ON`. - This adds a delay after client connect. + Reviewed-by: Daniel Stenberg + Closes #12345 -Daniel Stenberg (22 Aug 2023) +- url: fix `-Wzero-length-array` with no protocols -- cirrus: install everthing with pkg, avoid pip + Fixes: + ``` + ./lib/url.c:178:56: warning: use of an empty initializer is a C2x extension [ + -Wc2x-extensions] + 178 | static const struct Curl_handler * const protocols[] = { + | ^ + ./lib/url.c:178:56: warning: zero size arrays are an extension [-Wzero-length + -array] + ``` - Assisted-by: Sevan Janiyan + Closes #12344 - Closes #11711 +- url: fix builds with `CURL_DISABLE_HTTP` -- curl_url*.3: update function descriptions + Fixes: + ``` + ./lib/url.c:456:35: error: no member named 'formp' in 'struct UrlState' + 456 | Curl_mime_cleanpart(data->state.formp); + | ~~~~~~~~~~~ ^ + ``` - - expand and clarify several descriptions - - avoid using future tense all over + Regression from 74b87a8af13a155c659227f5acfa78243a8b2aa6 #11682 - Closes #11708 + Closes #12343 -- RELEASE-NOTES: synced +- http: fix `-Wunused-parameter` with no auth and no proxy -Stefan Eissing (21 Aug 2023) + ``` + lib/http.c:734:26: warning: unused parameter 'proxy' [-Wunused-parameter] + bool proxy) + ^ + ``` -- CI/cirrus: disable python install on FreeBSD + Reviewed-by: Marcel Raad + Closes #12338 - - python cryptography package does not build build FreeBSD - - install just mentions "error" - - this gets the build and the main test suite going again +Daniel Stenberg (16 Nov 2023) - Closes #11705 +- TODO: Some TLS options are not offered for HTTPS proxies -- test2600: fix flakiness on low cpu + Closes #12286 + Closes #12342 - - refs #11355 where failures to to low cpu resources in CI - are reported - - vastly extend CURLOPT_CONNECTTIMEOUT_MS and max durations - to test cases - - trigger Curl_expire() in test filter to allow re-checks before - the usual 1second interval +- RELEASE-NOTES: synced - Closes #11690 +- duphandle: make dupset() not return with pointers to old alloced data -Maksim Sciepanienka (20 Aug 2023) + As the blob pointers are to be duplicated, the function must not return + mid-function with lingering pointers to the old handle's allocated data, + as that would lead to double-free in OOM situations. -- tool_urlglob: use the correct format specifier for curl_off_t in msnprintf + Make sure to clear all destination pointers first to avoid this risk. - Closes #11698 + Closes #12337 -Daniel Stenberg (20 Aug 2023) +Viktor Szakats (16 Nov 2023) -- test687/688: two more basic --xattr tests +- http: fix `-Wunused-variable` compiler warning - Closes #11697 + Fix compiler warnings in builds with disabled auths, NTLM and SPNEGO. -- cmdline-opts/docs: mentioned the negative option part + E.g. with `CURL_DISABLE_BASIC_AUTH` + `CURL_DISABLE_BEARER_AUTH` + + `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_NEGOTIATE_AUTH` + + `CURL_DISABLE_NTLM` on non-Windows. - ... for --no-alpn and --no-buffer in the same style done for other --no- - options: + ``` + ./curl/lib/http.c:737:12: warning: unused variable 'result' [-Wunused-variabl + e] + CURLcode result = CURLE_OK; + ^ + ./curl/lib/http.c:995:18: warning: variable 'availp' set but not used [-Wunus + ed-but-set-variable] + unsigned long *availp; + ^ + ./curl/lib/http.c:996:16: warning: variable 'authp' set but not used [-Wunuse + d-but-set-variable] + struct auth *authp; + ^ + ``` - "Note that this is the negated option name documented." + Regression from e92edfbef64448ef461117769881f3ed776dec4e #11490 - Closes #11695 + Fixes #12228 + Closes #12335 -Emanuele Torre (19 Aug 2023) +Jay Satiro (16 Nov 2023) -- tool/var: also error when expansion result starts with NUL +- tool: support bold headers in Windows - Expansions whose output starts with NUL were being expanded to the empty - string, and not being recognised as values that contain a NUL byte, and - should error. + - If virtual terminal processing is enabled in Windows then use ANSI + escape codes Esc[1m and Esc[22m to turn bold on and off. - Closes #11694 + Suggested-by: Gisle Vanem -Daniel Stenberg (19 Aug 2023) + Ref: https://github.com/curl/curl/discussions/11770 -- tests: add 'large-time' as a testable feature + Closes https://github.com/curl/curl/pull/12321 - This allows test cases to require this feature to run and to be used in - %if conditions. +Viktor Szakats (15 Nov 2023) - Large here means larger than 32 bits. Ie does not suffer from y2038. +- build: fix libssh2 + `CURL_DISABLE_DIGEST_AUTH` + `CURL_DISABLE_AWS` - Closes #11696 + Builds with libssh2 + `-DCURL_DISABLE_DIGEST_AUTH=ON` + + `-DCURL_DISABLE_AWS=ON` in combination with either Schannel on Windows, + or `-DCURL_DISABLE_NTLM=ON` on other operating systems failed while + compiling due to a missing HMAC declaration. -- tests/Makefile: add check-translatable-options.pl to tarball + The reason is that HMAC is required by `lib/sha256.c` which publishes + `Curl_sha256it()` which is required by `lib/vssh/libssh2.c` when + building for libssh2 v1.8.2 (2019-05-25) or older. - Used in test 1544 + Make sure to compile the HMAC bits for a successful build. - Follow-up to ae806395abc8c + Both HMAC and `Curl_sha256it()` rely on the same internals, so splitting + them into separate sources isn't practical. -- gen.pl: fix a long version generation mistake + Fixes: + ``` + [...] + In file included from ./curl/_x64-win-ucrt-cmake-llvm-bld/lib/CMakeFiles/libc + url_object.dir/Unity/unity_0_c.c:310: + ./curl/lib/sha256.c:527:42: error: array has incomplete element type 'const s + truct HMAC_params' + 527 | const struct HMAC_params Curl_HMAC_SHA256[] = { + | ^ + ./curl/lib/curl_sha256.h:34:21: note: forward declaration of 'struct HMAC_par + ams' + [...] + ``` - Too excessive escaping made the parsing not find the correct long names - later and instead add "wrong" links. + Regression from e92edfbef64448ef461117769881f3ed776dec4e #11490 - Follow-up to 439ff2052e219 + Fixes #12273 + Closes #12332 - Reported-by: Lukas Tribus - Fixes #11688 - Closes #11689 +Daniel Stenberg (15 Nov 2023) -- lib: move mimepost data from ->req.p.http to ->state +- duphandle: also free 'outcurl->cookies' in error path - When the legacy CURLOPT_HTTPPOST option is used, it gets converted into - the modem mimpost struct at first use. This data is (now) kept for the - entire transfer and not only per single HTTP request. This re-enables - rewind in the beginning of the second request instead of in end of the - first, as brought by 1b39731. + Fixes memory-leak when OOM mid-function - The request struct is per-request data only. + Use plain free instead of safefree, since the entire struct is + freed below. - Extend test 650 to verify. + Remove some free calls that is already freed in Curl_freeset() - Fixes #11680 - Reported-by: yushicheng7788 on github - Closes #11682 + Closes #12329 -Patrick Monnerat (17 Aug 2023) +Viktor Szakats (15 Nov 2023) -- os400: do not check translatable options at build time +- config-win32: set `HAVE_SNPRINTF` for mingw-w64 - Now that there is a test for this, the build time check is not needed - anymore. + It's available in all mingw-w64 releases. We already pre-fill this + detection in CMake. - Closes #11650 + Closes #12325 -- test1554: check translatable string options in OS400 wrapper +- sasl: fix `-Wunused-function` compiler warning - This test runs a perl script that checks all string options are properly - translated by the OS400 character code conversion wrapper. It also - verifies these options are listed in alphanumeric order in the wrapper - switch statement. + In builds with disabled auths. - Closes #11650 + ``` + lib/curl_sasl.c:266:17: warning: unused function 'get_server_message' [-Wunus + ed-function] + static CURLcode get_server_message(struct SASL *sasl, struct Curl_easy *data, + ^ + 1 warning generated. + ``` + Ref: https://github.com/curl/trurl/actions/runs/6871732122/job/18689066151#st + ep:3:3822 -Daniel Stenberg (17 Aug 2023) + Reviewed-by: Daniel Stenberg + Closes #12326 -- unit3200: skip testing if function is not present +- build: picky warning updates - Fake a successful run since we have no easy mechanism to skip this test - for this advanced condition. + - cmake: sync some picky gcc warnings with autotools. + - cmake, autotools: add `-Wold-style-definition` for clang too. + - cmake: more precise version info for old clang options. + - cmake: use `IN LISTS` syntax in `foreach()`. -- unit2600: fix build warning if built without verbose messages + Reviewed-by: Daniel Stenberg + Reviewed-by: Marcel Raad + Closes #12324 -- test1608: make it build and get skipped without shuffle DNS support +Daniel Stenberg (15 Nov 2023) -- lib: --disable-bindlocal builds curl without local binding support +- urldata: move cookielist from UserDefined to UrlState -- test1304: build and skip without netrc support + 1. Because the value is not strictly set with a setopt option. -- lib: build fixups when built with most things disabled + 2. Because otherwise when duping a handle when all the set.* fields are + first copied and an error happens (think out of memory mid-function), + the function would easily free the list *before* it was deep-copied, + which could lead to a double-free. - Closes #11687 + Closes #12323 -- workflows/macos.yml: disable zstd and alt-svc in the http-only build +Viktor Szakats (14 Nov 2023) - Closes #11683 +- autotools: avoid passing `LDFLAGS` twice to libcurl -Stefan Eissing (17 Aug 2023) + autotools passes `LDFLAGS` automatically linker commands. curl's + `lib/Makefile.am` customizes libcurl linker flags. In that + customization, it added `LDFLAGS` to the custom flags. This resulted in + passing `LDFLAGS` _twice_ to the `libtool` command. -- bearssl: handshake fix, provide proper get_select_socks() implementation + Most of the time this is benign, but some `LDFLAGS` options can break + the build when passed twice. One such example is passing `.o` files, + e.g. `crt*.o` files necessary when customizing the C runtime, e.g. for + MUSL builds. - - bring bearssl handshake times down from +200ms down to other TLS backends - - vtls: improve generic get_select_socks() implementation - - tests: provide Apache with a suitable ssl session cache + Passing them twice resulted in duplicate symbol errors: + ``` + libtool: link: clang-15 --target=aarch64-unknown-linux-musl [...] /usr/lib/a + arch64-linux-musl/crt1.o [...] /usr/lib/aarch64-linux-musl/crt1.o [...] + ld.lld-15: error: duplicate symbol: _start + >>> defined at crt1.c + >>> /usr/lib/aarch64-linux-musl/crt1.o:(.text+0x0) + >>> defined at crt1.c + >>> /usr/lib/aarch64-linux-musl/crt1.o:(.text+0x0) + [...] + clang: error: linker command failed with exit code 1 (use -v to see invocatio + n) + ``` - Closes #11675 + This behaviour came with commit 1a593191c2769a47b8c3e4d9715ec9f6dddf5e36 + (2013-07-23) as a fix for bug https://curl.haxx.se/bug/view.cgi?id=1217. + The patch was a works-for-me hack that ended up merged in curl: + https://sourceforge.net/p/curl/bugs/1217/#06ef + With the root cause remaining unclear. -- tests: TLS session sharing test + Perhaps the SUNPro 12 linker was sensitive to `-L` `-l` order, requiring + `-L` first? This would be unusual and suggests a bug in either the + linker or in `libtool`. - - test TLS session sharing with special test client - - expect failure with wolfSSL - - disable flaky wolfSSL test_02_07b + The curl build does pass the list of detected libs via its own + `LIBCURL_LIBS` variable, which ends up before `LDFLAGS` on the `libtool` + command line, but it's the job of `libtool` to ensure that even + a peculiar linker gets the options in the expected order. Also because + autotools passes `LDFLAGS` last, making it hardly possible to pass + anything after it. - Closes #11675 + Perhaps in the 10 years since this issue, this already got a fix + upstream. -Daniel Stenberg (17 Aug 2023) + This patch deletes `LDFLAGS` from our customized libcurl options, + leaving a single copy of them as passed by autotools automatically. -- CURLOPT_*TIMEOUT*: extend and clarify + Reverts 1a593191c2769a47b8c3e4d9715ec9f6dddf5e36 + Closes #12310 - Closes #11686 +- autotools: accept linker flags via `CURL_LDFLAGS_{LIB,BIN}` -- urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails + To allow passing `LDFLAGS` specific to libcurl (`CURL_LDFLAGS_LIB`) and + curl tool (`CURL_LDFLAGS_BIN`). - And document it. Only return out of memory when it actually is a memory - problem. + This makes it possible to build libcurl and curl with a single + invocation with lib- and tool-specific custom linker flags. - Pointed-out-by: Jacob Mealey - Closes #11674 + Such flag can be enabling `.map` files, a `.def` file for libcurl DLL, + controlling static/shared, incl. requesting a static curl tool (with + `-static-libtool-libs`) while building both shared and static libcurl. -Mathew Benson (17 Aug 2023) + curl-for-win uses the above and some more. -- cmake: add GnuTLS option + These options are already supported in `Makefile.mk`. CMake has built-in + variables for this. - - Option to use GNUTLS was missing. Hence was not able to use GNUTLS - with ngtcp2 for http3. + Closes #12312 - Closes #11685 +Jay Satiro (14 Nov 2023) -Daniel Stenberg (16 Aug 2023) +- tool_cb_hdr: add an additional parsing check -- RELEASE-NOTES: synced + - Don't dereference the past-the-end element when parsing the server's + Content-disposition header. -- http: remove the p_pragma struct field + As 'p' is advanced it can point to the past-the-end element and prior + to this change 'p' could be dereferenced in that case. - unused since 40e8b4e52 (2008) + Technically the past-the-end element is not out of bounds because dynbuf + (which manages the header line) automatically adds a null terminator to + every buffer and that is not included in the buffer length passed to + the header callback. - Closes #11681 + Closes https://github.com/curl/curl/pull/12320 -Jay Satiro (16 Aug 2023) +Philip Heiduck (14 Nov 2023) -- CURLINFO_CERTINFO.3: better explain curl_certinfo struct +- .cirrus.yml: freebsd 14 - Closes https://github.com/curl/curl/pull/11666 + ensure curl works on latest freebsd version -- CURLINFO_TLS_SSL_PTR.3: clarify a recommendation + Closes #12053 - - Remove the out-of-date SSL backend list supported by - CURLOPT_SSL_CTX_FUNCTION. +Daniel Stenberg (13 Nov 2023) - It makes more sense to just refer to that document instead of having - a separate list that has to be kept in sync. +- easy: in duphandle, init the cookies for the new handle - Closes https://github.com/curl/curl/pull/11665 + ... not the source handle. -- write-out.d: clarify %{time_starttransfer} + Closes #12318 - sync it up with CURLINFO_STARTTRANSFER_TIME_T +- duphandle: use strdup to clone *COPYPOSTFIELDS if size is not set -Daniel Stenberg (15 Aug 2023) + Previously it would unconditionally use the size, which is set to -1 + when strlen is requested. -- transfer: don't set TIMER_STARTTRANSFER on first send + Updated test 544 to verify. - The time stamp is for measuring the first *received* byte + Closes #12317 - Fixes #11669 - Reported-by: JazJas on github - Closes #11670 +- RELEASE-NOTES: synced -trrui-huawei (15 Aug 2023) +- curl_easy_duphandle.3: clarify how HSTS and alt-svc are duped -- quiche: enable quiche to handle timeout events + Closes #12315 - In parallel with ngtcp2, quiche also offers the `quiche_conn_on_timeout` - interface for the application to invoke upon timer - expiration. Therefore, invoking the `on_timeout` function of the - Connection is crucial to ensure seamless functionality of quiche with - timeout events. +- urldata: move hstslist from 'set' to 'state' - Closes #11654 + To make it work properly with curl_easy_duphandle(). This, because + duphandle duplicates the entire 'UserDefined' struct by plain copy while + 'hstslist' is a linked curl_list of file names. This would lead to a + double-free when the second of the two involved easy handles were + closed. -- quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s + Closes #12315 - Set the `QUIC_IDLE_TIMEOUT` parameter to match ngtcp2 for consistency. +- test1900: verify duphandle with HSTS using multiple files -Daniel Stenberg (15 Aug 2023) + Closes #12315 -- KNOWN_BUGS: LDAPS requests to ActiveDirectory server hang +Goro FUJI (13 Nov 2023) - Closes #9580 +- http: allow longer HTTP/2 request method names -- imap: add a check for failing strdup() + - Increase the maximum request method name length from 11 to 23. -- imap: remove the only sscanf() call in the IMAP code + For HTTP/1.1 and earlier there's not a specific limit in libcurl for + method length except that it is limited by the initial HTTP request + limit (DYN_HTTP_REQUEST). Prior to fc2f1e54 HTTP/2 was treated the same + and there was no specific limit. - Avoids the use of a stack buffer. + According to Internet Assigned Numbers Authority (IANA) the longest + registered method is UPDATEREDIRECTREF which is 17 characters. - Closes #11673 + Also there are unregistered methods used by some companies that are + longer than 11 characters. -- imap: use a dynbuf in imap_atom + The limit was originally added by 61f52a97 but not used until fc2f1e54. - Avoid a calculation + malloc. Build the output in a dynbuf. + Ref: https://www.iana.org/assignments/http-methods/http-methods.xhtml - Closes #11672 + Closes https://github.com/curl/curl/pull/12311 -Marin Hannache (14 Aug 2023) +Jay Satiro (12 Nov 2023) -- http: do not require a user name when using CURLAUTH_NEGOTIATE +- CURLOPT_CAINFO_BLOB.3: explain what CURL_BLOB_COPY does - In order to get Negotiate (SPNEGO) authentication to work in HTTP you - used to be required to provide a (fake) user name (this concerned both - curl and the lib) because the code wrongly only considered - authentication if there was a user name provided, as in: + - Add an explanation of the CURL_BLOB_COPY flag to CURLOPT_CAINFO_BLOB + and CURLOPT_PROXY_CAINFO_BLOB docs. - curl -u : --negotiate https://example.com/ + All the other _BLOB option docs already have the same explanation. - This commit leverages the `struct auth` want member to figure out if the - user enabled CURLAUTH_NEGOTIATE, effectively removing the requirement of - setting a user name both in curl and the lib. + Closes https://github.com/curl/curl/pull/12277 - Signed-off-by: Marin Hannache - Reported-by: Enrico Scholz - Fixes https://sourceforge.net/p/curl/bugs/440/ - Fixes #1161 - Closes #9047 +Viktor Szakats (11 Nov 2023) -Viktor Szakats (13 Aug 2023) +- tidy-up: dedupe Windows system libs in cmake -- build: streamline non-UWP wincrypt detections + Reviewed-by: Daniel Stenberg + Closes #12307 - - with CMake, use the variable `WINDOWS_STORE` to detect an UWP build - and disable our non-UWP-compatible use the Windows crypto API. This - allows to drop two dynamic feature checks. +Junho Choi (11 Nov 2023) - `WINDOWS_STORE` is true when invoking CMake with - `CMAKE_SYSTEM_NAME` == `WindowsStore`. Introduced in CMake v3.1. +- ci: test with latest quiche release (0.19.0) - Ref: https://cmake.org/cmake/help/latest/variable/WINDOWS_STORE.html + Closes #12180 - - with autotools, drop the separate feature check for `wincrypt.h`. On - one hand this header has been present for long (even Borland C 5.5 had - it from year 2000), on the other we used the check result solely to - enable another check for certain crypto functions. This fails anyway - with the header not present. We save one dynamic feature check at the - configure stage. +- quiche: use quiche_conn_peer_transport_params() - Reviewed-by: Marcel Raad - Closes #11657 + In recent quiche, transport parameter API is separated + with quiche_conn_peer_transport_params(). + (https://github.com/cloudflare/quiche/pull/1575) + It breaks with bulding with latest(post 0.18.0) quiche. -Nicholas Nethercote (13 Aug 2023) + Closes #12180 -- docs/HYPER.md: update hyper build instructions +Daniel Stenberg (11 Nov 2023) - Nightly Rust and `-Z unstable-options` are not needed. +- Makefile: generate the VC 14.20 project files at dist-time - The instructions here now match the hyper docs exactly: - https://github.com/hyperium/hyper/commit/bd7928f3dd6a8461f0f0fdf7ee0fd95c2f15 - 6f88 + Follow-up to 28287092cc5a6d6ef8 (#12282) - Closes #11662 + Closes #12290 -Daniel Stenberg (13 Aug 2023) +Sam James (11 Nov 2023) -- RELEASE-NOTES: synced +- misc: fix -Walloc-size warnings -- urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name + GCC 14 introduces a new -Walloc-size included in -Wextra which gives: - Asssisted-by: Jay Satiro - Closes #11655 + ``` + src/tool_operate.c: In function ‘add_per_transfer’: + src/tool_operate.c:213:5: warning: allocation of insufficient size ‘1’ fo + r type ‘struct per_transfer’ with size ‘480’ [-Walloc-size] + 213 | p = calloc(sizeof(struct per_transfer), 1); + | ^ + src/var.c: In function ‘addvariable’: + src/var.c:361:5: warning: allocation of insufficient size ‘1’ for type †+ ˜struct var’ with size ‘32’ [-Walloc-size] + 361 | p = calloc(sizeof(struct var), 1); + | ^ + ``` -- spellcheck: adapt to backslashed minuses + The calloc prototype is: + ``` + void *calloc(size_t nmemb, size_t size); + ``` - As the curl.1 has more backslashed minus, the cleanup sed lines xneed to - adapt. + So, just swap the number of members and size arguments to match the + prototype, as we're initialising 1 struct of size `sizeof(struct + ...)`. GCC then sees we're not doing anything wrong. - Adjusted some docs slighly. + Closes #12292 - Follow-up to 439ff2052e +Mark Gaiser (11 Nov 2023) - Closes #11663 +- IPFS: bugfixes -- gen: escape more minus + - Fixed endianness bug in gateway file parsing + - Use IPFS_PATH in tests where IPFS_DATA was used + - Fixed typos from traling -> trailing + - Fixed broken link in IPFS.md - Detected since it was still hard to search for option names using dashes - in the middle in the man page. + Follow-up to 859e88f6533f9e - Closes #11660 + Reported-by: Michael Kaufmann + Bug: https://github.com/curl/curl/pull/12152#issuecomment-1798214137 + Closes #12305 -- cookie-jar.d: enphasize that this option is ONLY writing cookies +Daniel Stenberg (11 Nov 2023) - Reported-by: Dan Jacobson - Tweaked-by: Jay Satiro - Ref: #11642 - Closes #11661 +- VULN-DISCLOSURE-POLIC: remove broken link to hackerone -Nicholas Nethercote (11 Aug 2023) + It should ideally soon not be done from hackerone anyway -- docs/HYPER.md: document a workaround for a link error + Closes #12308 - Closes #11653 +Andrew Kurushin (11 Nov 2023) -Jay Satiro (11 Aug 2023) +- schannel: add CA cache support for files and memory blobs -- schannel: verify hostname independent of verify cert + - Support CA bundle and blob caching. - Prior to this change when CURLOPT_SSL_VERIFYPEER (verifypeer) was off - and CURLOPT_SSL_VERIFYHOST (verifyhost) was on we did not verify the - hostname in schannel code. + Cache timeout is 24 hours or can be set via CURLOPT_CA_CACHE_TIMEOUT. - This fixes KNOWN_BUG 2.8 "Schannel disable CURLOPT_SSL_VERIFYPEER and - verify hostname". We discussed a fix several years ago in #3285 but it - went stale. + Closes https://github.com/curl/curl/pull/12261 - Assisted-by: Daniel Stenberg +Daniel Stenberg (10 Nov 2023) - Bug: https://curl.haxx.se/mail/lib-2018-10/0113.html - Reported-by: Martin Galvan +- RELEASE-NOTES: synced - Ref: https://github.com/curl/curl/pull/3285 +Charlie C (10 Nov 2023) - Fixes https://github.com/curl/curl/issues/3284 - Closes https://github.com/curl/curl/pull/10056 +- cmake: option to disable install & drop `curlu` target when unused -Daniel Stenberg (11 Aug 2023) + This patch makes the following changes: + - adds the option `CURL_DISABLE_INSTALL` - to disable 'install' targets. + - Removes the target `curlu` when the option `BUILD_TESTING` is set to + `OFF` - to prevent it from being loaded in Visual Studio. -- curl_quiche: remove superfluous NULL check + Closes #12287 - 'stream' is always non-NULL at this point +Kai Pastor (10 Nov 2023) - Pointed out by Coverity +- cmake: fix multiple include of CURL package - Closes #11656 + Fixes errors on second `find_package(CURL)`. This is a frequent case + with transitive dependencies: + ``` + CMake Error at ...: + add_library cannot create ALIAS target "CURL::libcurl" because another + target with the same name already exists. + ``` -- curl/urlapi.h: tiny typo + Test to reproduce: + ```cmake + cmake_minimum_required(VERSION 3.27) # must be 3.18 or higher -- github/labeler: make HYPER.md set Hyper and not TLS + project(curl) -- docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0 + set(CURL_DIR "example/lib/cmake/CURL/") + find_package(CURL CONFIG REQUIRED) + find_package(CURL CONFIG REQUIRED) # fails - 7.50.0 shipped on Jul 21 2016, over seven years ago. We no longer need - to specify version changes for earlier releases in the generated output. + add_executable(main main.c) + target_link_libraries(main CURL::libcurl) + ``` - This ups the limit from the previous 7.30.0 (Apr 12 2013) + Ref: https://cmake.org/cmake/help/latest/release/3.18.html#other-changes + Ref: https://cmake.org/cmake/help/v3.18/policy/CMP0107.html + Ref: #12300 + Assisted-by: Harry Mallon + Closes #11913 - This hides roughly 35 "added in" mentions. +Viktor Szakats (8 Nov 2023) - Closes #11651 +- tidy-up: use `OPENSSL_VERSION_NUMBER` -Jay Satiro (10 Aug 2023) + Uniformly use `OPENSSL_VERSION_NUMBER` to check for OpenSSL version. + Before this patch some places used `OPENSSL_VERSION_MAJOR`. -- bug_report: require reporters to specify curl and os versions + Also fix `lib/md4.c`, which included `opensslconf.h`, but that doesn't + define any version number in these implementations: BoringSSL, AWS-LC, + LibreSSL, wolfSSL. (Only in mainline OpenSSL/quictls). Switch that to + `opensslv.h`. This wasn't causing a deeper problem because the code is + looking for v3, which is only provided by OpenSSL/quictls as of now. - - Change curl version and os sections from single-line input to - multi-line textarea. + According to https://github.com/openssl/openssl/issues/17517, the macro + `OPENSSL_VERSION_NUMBER` is safe to use and not deprecated. - - Require curl version and os sections to be filled out before report - can be submitted. + Reviewed-by: Marcel Raad + Closes #12298 - Closes https://github.com/curl/curl/pull/11636 +Daniel Stenberg (8 Nov 2023) -Daniel Stenberg (9 Aug 2023) +- resolve.d: drop a multi use-sentence -- gen.pl: replace all single quotes with aq + Since the `multi:` keyword adds that message. - - this prevents man from using a unicode sequence for them - - which then allows search to work properly + Reported-by: ç©ä¸¹å°¼ Dan Jacobson + Fixes https://github.com/curl/curl/discussions/12294 + Closes #12295 - Closes #11645 +- content_encoding: make Curl_all_content_encodings allocless -Viktor Szakats (9 Aug 2023) + - Fixes a memory leak pointed out by Coverity + - Also found by OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail? + id=63947 + - Avoids unncessary allocations -- cmake: fix to use variable for the curl namespace + Follow-up ad051e1cbec68b2456a22661b - Replace (wrong) literal with a variable to specify the curl - namespace. + Closes #12289 - Follow-up to 1199308dbc902c52be67fc805c72dd2582520d30 #11505 +Michael Kaufmann (7 Nov 2023) - Reported-by: balikalina on Github - Fixes https://github.com/curl/curl/commit/1199308dbc902c52be67fc805c72dd25825 - 20d30#r123923098 - Closes #11629 +- vtls: use ALPN "http/1.1" for HTTP/1.x, including HTTP/1.0 -- cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms + Some servers don't support the ALPN protocol "http/1.0" (e.g. IIS 10), + avoid it and use "http/1.1" instead. - 2ebc74c36a19a1700af394c16855ce144d9878e3 #11546 introduced sharing - libcurl objects for shared and static targets. + This reverts commit df856cb5c9 (#10183). - The above automatically enabled for Windows builds, with an option to - disable with `SHARE_LIB_OBJECT=OFF`. + Fixes #12259 + Closes #12285 - This patch extend this feature to all platforms as a manual option. - You can enable it by setting `SHARE_LIB_OBJECT=ON`. Then shared objects - are built in PIC mode, meaning the static lib will also have PIC code. +Daniel Stenberg (7 Nov 2023) - [EXPERIMENTAL] +- Makefile.am: drop vc10, vc11 and vc12 projects from dist - Closes #11627 + They are end of life products. Support for generating them remain in the + repo for a while but this change drops them from distribution. -- cmake: assume `wldap32` availability on Windows + Closes #12288 - This system library first shipped with Windows ME, available as an extra - install for some older releases (according to [1]). The import library - was present already in old MinGW 3.4.2 (year 2007). +David Suter (7 Nov 2023) - Drop the feature check and its associated `HAVE_WLDAP32` variable. +- projects: add VC14.20 project files - To manually disable `wldap32`, you can use the `USE_WIN32_LDAP=OFF` - CMake option, like before. + Windows projects included VC14, VC14.10, VC14.30 but not VC14.20. + OpenSSL and Wolf SSL scripts mention VC14.20 so I don't see a reason why + this is missing. Updated the templates to produce a VC14.20 project. + Project opens in Visual Studio 2019 as expected. - [1]: https://dlcdn.apache.org/httpd/binaries/win32/LEGACY.html + Closes #12282 - Reviewed-by: Jay Satiro - Closes #11624 +Daniel Stenberg (7 Nov 2023) -Daniel Stenberg (9 Aug 2023) +- curl: move IPFS code into src/tool_ipfs.[ch] -- page-header: move up a URL paragraph from GLOBBING to URL + - convert ensure_trailing into ensure_trailing_slash + - strdup the URL string to own it proper + - use shorter variable names + - combine some expressions + - simplify error handling in ipfs_gateway() + - add MAX_GATEWAY_URL_LEN + proper bailout if maximum is reached + - ipfs-gateway.d polish and simplification + - shorten ipfs error message + make them "synthetic" -- variable.d: output the function names table style + Closes #12281 - Also correct the url function name in the header +Viktor Szakats (6 Nov 2023) - Closes #11641 +- build: delete support bits for obsolete Windows compilers -- haproxy-clientip.d: remove backticks + - Pelles C: Unclear status, failed to obtain a fresh copy a few months + ago. Possible website is HTTP-only. ~10 years ago I left this compiler + dealing with crashes and other issues with no response on the forum + for years. It has seen some activity in curl back in 2021. + - LCC: Last stable release in September 2002. + - Salford C: Misses winsock2 support, possibly abandoned? Last mentioned + in 2006. + - Borland C++: We dropped Borland C++ support in 2018. + - MS Visual C++ 6.0: Released in 1998. curl already requires VS 2010 + (or possibly 2008) as a minimum. - This is not markdown + Closes #12222 - Follow-up to 0a75964d0d94a4 +- build: delete `HAVE_STDINT_H` and `HAVE_INTTYPES_H` - Closes #11639 + We use `stdint.h` unconditionally in all places except one. These uses + are imposed by external dependencies / features. nghttp2, quic, wolfSSL + and `HAVE_MACH_ABSOLUTE_TIME` do require this C99 header. It means that + any of these features make curl require a C99 compiler. (In case of + MSVC, this means Visual Studio 2010 or newer.) -- RELEASE-NOTES: synced + This patch changes the single use of `stdint.h` guarded by + `HAVE_STDINT_H` to use `stdint.h` unconditionally. Also stop using + `inttypes.h` as an alternative there. `HAVE_INTTYPES_H` wasn't used + anywhere else, allowing to delete this feature check as well. -- gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens + Closes #12275 - Reported-by: FC Stegerman - Fixes #11635 - Closes #11637 +Daniel Stenberg (6 Nov 2023) -- cmdline-opts/page-header: reorder, clean up +- tool_operate: do not mix memory models - - removed some unnecessary blurb to focus - - moved up the more important URL details - - put "globbing" into its own subtitle and moved down a little - - mention the online man page in the version section + Make sure 'inputpath' only points to memory allocated by libcurl so that + curl_free works correctly. - Closes #11638 + Pointed out by Coverity -- c-hyper: adjust the hyper to curlcode conversion + Follow-up to 859e88f6533f9e1f890 - Closes #11621 + Closes #12280 -- test2306: make it use a persistent connection +Stefan Eissing (6 Nov 2023) - + enable verbose already from the start +- lib: client writer, part 2, accounting + logging - Closes #11621 + This PR has these changes: -eppesuig (8 Aug 2023) + Renaming of unencode_* to cwriter, e.g. client writers + - documentation of sendf.h functions + - move max decode stack checks back to content_encoding.c + - define writer phase which was used as order before + - introduce phases for monitoring inbetween decode phases + - offering default implementations for init/write/close -- list-only.d: mention SFTP as supported protocol + Add type paramter to client writer's do_write() + - always pass all writes through the writer stack + - writers who only care about BODY data will pass other writes unchanged - Closes #11628 + add RAW and PROTOCOL client writers + - RAW used for Curl_debug() logging of CURLINFO_DATA_IN + - PROTOCOL used for updates to data->req.bytecount, max_filesize checks and + Curl_pgrsSetDownloadCounter() + - remove all updates of data->req.bytecount and calls to + Curl_pgrsSetDownloadCounter() and Curl_debug() from other code + - adjust test457 expected output to no longer see the excess write -Daniel Stenberg (8 Aug 2023) + Closes #12184 -- request.d: use .TP for protocol "labels" +Daniel Stenberg (6 Nov 2023) - To render the section nicer in man page. +- VULN-DISCLOSURE-POLICY: escape sequences are not a security flaw - Closes #11630 + Closes #12278 -- cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP +Viktor Szakats (6 Nov 2023) - ... as documented. +- rand: fix build error with autotools + LibreSSL - Update test 3201 and 3202 accordingly. + autotools unexpectedly detects `arc4random` because it is also looking + into dependency libs. One dependency, LibreSSL, happens to publish an + `arc4random` function (via its shared lib before v3.7, also via static + lib as of v3.8.2). When trying to use this function in `lib/rand.c`, + its protoype is missing. To fix that, curl included a prototype, but + that used a C99 type without including `stdint.h`, causing: - Reported-by: Markus Sommer - Fixes #11619 - Closes #11626 + ``` + ../../lib/rand.c:37:1: error: unknown type name 'uint32_t' + 37 | uint32_t arc4random(void); + | ^ + 1 error generated. + ``` -- page-footer: QLOGDIR works with ngtcp2 and quiche + This patch improves this by dropping the local prototype and instead + limiting `arc4random` use for non-OpenSSL builds. OpenSSL builds provide + their own random source anyway. - It previously said "both" backends which is confusing as we currently - have three... + The better fix would be to teach autotools to not link dependency libs + while detecting `arc4random`. - Closes #11631 + LibreSSL publishing a non-namespaced `arc4random` tracked here: + https://github.com/libressl/portable/issues/928 -Stefan Eissing (8 Aug 2023) + Regression from 755ddbe901cd0c921fbc3ac5b3775c0dc683bc73 #10672 -- http3: quiche, handshake optimization, trace cleanup + Reviewed-by: Daniel Stenberg + Fixes #12257 + Closes #12274 - - load x509 store after clienthello - - cleanup of tracing +Daniel Stenberg (5 Nov 2023) - Closes #11618 +- RELEASE-NOTES: synced -Daniel Stenberg (8 Aug 2023) +- strdup: do Curl_strndup without strncpy -- ngtcp2: remove dead code + To avoid (false positive) gcc-13 compiler warnings. - 'result' is always zero (CURLE_OK) at this point + Follow-up to 4855debd8a2c1cb - Detected by Coverity + Assisted-by: Jay Satiro + Reported-by: Viktor Szakats + Fixes #12258 - Closes #11622 +Enno Boland (5 Nov 2023) -Viktor Szakats (8 Aug 2023) +- HTTP: fix empty-body warning -- openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED` + This change fixes a compiler warning with gcc-12.2.0 when + `-DCURL_DISABLE_BEARER_AUTH=ON` is used. - OpenSSL 1.1.1 defines this macro, but no ealier version, or any of the - popular forks (yet). Use the macro itself to detect its presence, - replacing the hard-wired fork-specific conditions. + /home/tox/src/curl/lib/http.c: In function 'Curl_http_input_auth': + /home/tox/src/curl/lib/http.c:1147:12: warning: suggest braces around emp + ty body in an 'else' statement [-Wempty-body] + 1147 | ; + | ^ - This way the feature will enable automatically when forks implement it, - while also shorter and possibly requiring less future maintenance. + Closes #12262 - Follow-up to 94241a9e78397a2aaf89a213e6ada61e7de7ee02 #6721 +Daniel Stenberg (5 Nov 2023) - Reviewed-by: Jay Satiro - Closes #11617 +- openssl: identify the "quictls" backend correctly -- openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1 + Since vanilla OpenSSL does not support the QUIC API I think it helps + users to identify the correct OpenSSL fork in version output. The best + (crude) way to do that right now seems to be to check if ngtcp2 support + is enabled. - LibreSSL 3.4.1 (2021-10-14) added support for - `SSL_CTX_set_ciphersuites`. + Closes #12270 - Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.1-relnotes.txt +Mark Gaiser (5 Nov 2023) - Reviewed-by: Jay Satiro - Closes #11616 +- curl: improved IPFS and IPNS URL support -- openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0 + Previously just ipfs:// and ipns:// was supported, which is + too strict for some usecases. - LibreSSL 3.5.0 (2022-02-24) added support for - `SSL_CTX_set_keylog_callback`. + This patch allows paths and query arguments to be used too. + Making this work according to normal http semantics: - Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0-relnotes.txt + ipfs:///foo/bar?key=val + ipns:///foo/bar?key=val - Reviewed-by: Jay Satiro - Closes #11615 + The gateway url support is changed. + It now only supports gateways in the form of: -- cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks + http:///foo/bar + http:// - - `HAVE_LIBWINMM` was detected but unused. The `winmm` system library is - also not used by curl, but it is by its optional dependency `librtmp`. - Change the logic to always add `winmm` when `USE_LIBRTMP` is set. This - library has been available since the early days of Windows. + Query arguments here are explicitly not allowed and trigger an intended + malformed url error. - - `HAVE_LIBWS2_32` detected `ws2_32` lib on Windows. This lib is present - since Windows 95 OSR2 (AFAIR). Winsock1 already wasn't supported and - other existing logic already assumed this lib being present, so delete - the check and replace the detection variable with `WIN32` and always - add `ws2_32` on Windows. + There also was a crash when IPFS_PATH was set with a non trailing + forward slash. This has been fixed. - Closes #11612 + Lastly, a load of test cases have been added to verify the above. -Daniel Gustafsson (8 Aug 2023) + Reported-by: Steven Allen + Fixes #12148 + Closes #12152 -- crypto: ensure crypto initialization works +Harry Mallon (5 Nov 2023) - Make sure that context initialization during hash setup works to avoid - going forward with the risk of a null pointer dereference. +- docs: KNOWN_BUGS cleanup - Reported-by: Philippe Antoine on HackerOne - Assisted-by: Jay Satiro - Assisted-by: Daniel Stenberg + * Remove other mention of hyper memory-leaks from `KNOWN_BUGS`. + Should have been removed in 629723ecf22a8eae78d64cceec2f3bdae703ec95 - Closes #11614 + * Remove mention of aws-sigv4 sort query string from `KNOWN_BUGS`. + Fixed in #11806 -Viktor Szakats (7 Aug 2023) + * Remove mention of aws-sigv4 query empty value problems -- openssl: switch to modern init for LibreSSL 2.7.0+ + * Remove mention of aws-sigv4 missing amz-content-sha256 + Fixed in #9995 - LibreSSL 2.7.0 (2018-03-21) introduced automatic initialization, - `OPENSSL_init_ssl()` function and deprecated the old, manual init - method, as seen in OpenSSL 1.1.0. Switch to the modern method when - available. +- http_aws_sigv4: canonicalise valueless query params - Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.0-relnotes.txt + Fixes #8107 + Closes #12244 + +Michael Kaufmann (4 Nov 2023) +- docs: preserve the modification date when copying the prebuilt man page + + The previously built man page "curl.1" must be copied with the original + modification date, otherwise the man page is never updated. + + This fixes a bug that has been introduced with commit 2568441cab. + + Reviewed-by: Dan Fandrich Reviewed-by: Daniel Stenberg - Closes #11611 -Daniel Stenberg (7 Aug 2023) + Closes #12199 -- gskit: remove +Daniel Stenberg (4 Nov 2023) - We remove support for building curl with gskit. +- docs: remove bold from some man page SYNOPSIS sections - - This is a niche TLS library, only running on some IBM systems - - no regular curl contributors use this backend - - no CI builds use or verify this backend - - gskit, or the curl adaption for it, lacks many modern TLS features - making it an inferior solution - - build breakages in this code take weeks or more to get detected - - fixing gskit code is mostly done "flying blind" + In the name of consistency - This removal has been advertized in DEPRECATED in Jan 2, 2023 and it has - been mentioned on the curl-library mailing list. + Closes #12267 - It could be brought back, this is not a ban. Given proper effort and - will, gskit support is welcome back into the curl TLS backend family. +- openssl: two multi pointer checks should probably rather be asserts - Closes #11460 + ... so add the asserts now and consider removing the dynamic checks in a + future. -- RELEASE-NOTES: synced + Ref: #12261 + Closes #12264 -Dan Fandrich (7 Aug 2023) +boilingoden (4 Nov 2023) -- THANKS-filter: add a name typo +- docs: add supported version for the json write-out -Stefan Eissing (7 Aug 2023) + xref: https://curl.se/changes.html#7_70_0 -- http3/ngtcp2: shorten handshake, trace cleanup + Closes #12266 - - shorten handshake timing by delayed x509 store load (OpenSSL) - as we do for HTTP/2 - - cleanup of trace output, align with HTTP/2 output +Viktor Szakats (3 Nov 2023) - Closes #11609 +- appveyor: make VS2008-built curl tool runnable -Daniel Stenberg (7 Aug 2023) + By linking the CRT statically. This avoids the error about missing + runtime DLL `MSVCR90.dll` when running the freshly built `curl.exe`. -- headers: accept leading whitespaces on first response header + Closes #12263 - This is a bad header fold but since the popular browsers accept this - violation, so does curl now. Unless built with hyper. +Stefan Eissing (3 Nov 2023) - Add test 1473 to verify and adjust test 2306. +- url: proxy ssl connection reuse fix - Reported-by: junsik on github - Fixes #11605 - Closes #11607 + - tunnel https proxy used for http: transfers does + no check if proxy-ssl configuration matches + - test cases added, test_10_12 fails on 8.4.0 -- include/curl/mprintf.h: add __attribute__ for the prototypes + Closes #12255 - - if gcc or clang is used - - if __STDC_VERSION__ >= 199901L, which means greater than C90 - - if not using mingw - - if CURL_NO_FMT_CHECKS is not defined +Jay Satiro (3 Nov 2023) - Closes #11589 +- curl_sspi: support more revocation error names in error messages -- tests: fix bad printf format flags in test code + - Add these revocation errors to sspi error list: + CRYPT_E_NO_REVOCATION_DLL, CRYPT_E_NO_REVOCATION_CHECK, + CRYPT_E_REVOCATION_OFFLINE and CRYPT_E_NOT_IN_REVOCATION_DATABASE. -- tests: fix header scan tools for attribute edits in mprintf.h + Prior to this change those error codes were not matched to their macro + name and instead shown as "unknown error". -- cf-socket: log successful interface bind + Before: - When the setsockopt SO_BINDTODEVICE operation succeeds, output that in - the verbose output. + schannel: next InitializeSecurityContext failed: + Unknown error (0x80092013) - The revocation function was + unable to check revocation because the revocation server was offline. - Ref: #11599 - Closes #11608 + After: -- CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled + schannel: next InitializeSecurityContext failed: + CRYPT_E_REVOCATION_OFFLINE (0x80092013) - The revocation function was + unable to check revocation because the revocation server was offline. - Ref: #11457 - Closes #11606 + Bug: https://github.com/curl/curl/issues/12239 + Reported-by: Niracler Li -- CURLOPT_SSL_VERIFYPEER.3: add two more see also options + Closes https://github.com/curl/curl/pull/12241 - CURLINFO_CAINFO and CURLINFO_CAPATH +- strdup: don't allow Curl_strndup to read past a null terminator - Closes #11603 + - Use malloc + strncpy instead of Curl_memdup to dupe the string before + null terminating it. -- KNOWN_BUGS: aws-sigv4 does not behave well with AWS VPC Lattice + Prior to this change if Curl_strndup was passed a length longer than + the allocated string then it could copy out of bounds. - Closes #11007 + This change is for posterity. Curl_strndup was added in the parent + commit and currently none of the calls to it pass a length that would + cause it to read past the allocated length of the input. -Graham Campbell (6 Aug 2023) + Follow-up to d3b3ba35. -- CI: use openssl 3.0.10+quic, nghttp3 0.14.0, ngtcp2 0.18.0 + Closes https://github.com/curl/curl/pull/12254 - Closes #11585 +Daniel Stenberg (2 Nov 2023) -Daniel Stenberg (6 Aug 2023) +- lib: add and use Curl_strndup() -- TODO: add *5* entries for aws-sigv4 + The Curl_strndup() function is similar to memdup(), but copies 'n' bytes + then adds a terminating null byte ('\0'). - Closes #7559 - Closes #8107 - Closes #8810 - Closes #9717 - Closes #10129 + Closes #12251 -- TODO: LDAP Certificate-Based Authentication +- CURPOST_POSTFIELDS.3: add CURLOPT_COPYPOSTFIELDS in SEE ALSO - Closes #9641 +Stefan Eissing (2 Nov 2023) -Stefan Eissing (6 Aug 2023) +- pytest: use lower count in repeat tests -- http2: cleanup trace messages + - lower large iteration counts in some tests somewhat for + the same coverage with less duration - - more compact format with bracketed stream id - - all frames traced in and out + Closes #12248 - Closes #11592 +Daniel Stenberg (2 Nov 2023) -Daniel Stenberg (6 Aug 2023) +- RELEASE-NOTES: synced -- tests/tftpd+mqttd: make variables static to silence picky warnings +- docs: clarify that curl passes on input unfiltered - Closes #11594 + ... for several options. -- docs/cmdline: remove repeated working for negotiate + ntlm + Reported-by: Ophir Lojkine - The extra wording is added automatically by the gen.pl tool + Closes #12249 - Closes #11597 +- urlapi: when URL encoding the fragment, pass in the right length -- docs/cmdline: add small "warning" to verbose options + A benign bug because it would only add an extra null terminator. - "Note that verbose output of curl activities and network traffic might - contain sensitive data, including user names, credentials or secret data - content. Be aware and be careful when sharing trace logs with others." + Made lib1560 get a test that runs this code. - Closes #11596 + Closes #12250 -- RELEASE-NOTES: synced +Stefan Eissing (2 Nov 2023) -- pingpong: don't use *bump_headersize +- vtls: late clone of connection ssl config - We use that for HTTP(S) only. + - perform connection cache matching against `data->set.ssl.primary` + and proxy counterpart + - fully clone connection ssl config only when connection is used - Follow-up to 3ee79c1674fd6 + Closes #12237 - Closes #11590 +- msh3: error when built with CURL_DISABLE_SOCKETPAIR set -- urldata: remove spurious parenthesis to unbreak no-proxy build + Reported-by: Gisle Vanem + Closes #12252 + Fixes #12213 - Follow-up to e12b39e13382 +Daniel Stenberg (2 Nov 2023) - Closes #11591 +- hsts: skip single-dot hostname -- easy: don't call Curl_trc_opt() in disabled-verbose builds + Reported-by: Maksymilian Arciemowicz - Follow-up to e12b39e133822c6a0 + Closes #12247 - Closes #11588 +- vtls: fix build without proxy -- http: use %u for printfing int + Follow-up to bf0e278a3c54bc7fee7360da17c - Follow-up to 3ee79c1674fd6f99e8efca5 + closes #12243 - Closes #11587 +- docs/example/keepalive.c: show TCP keep-alive options -Goro FUJI (3 Aug 2023) + Closes #12242 -- vquic: show stringified messages for errno +- lib1560: verify appending blank URL encoded query string - Closes #11584 +- urlapi: skip appending NULL pointer query -Stefan Eissing (3 Aug 2023) + Reported-by: kirbyn17 on hackerone -- trace: make tracing available in non-debug builds + Closes #12240 - Add --trace-config to curl +- lib1560: verify setting host to "" with and without URL encode - Add curl_global_trace() to libcurl +- urlapi: avoid null deref if setting blank host to url encode - Closes #11421 + Reported-by: kirbyn17 on hackerone -Daniel Stenberg (3 Aug 2023) + Closes #12240 -- TODO: remove "Support intermediate & root pinning for PINNEDPUBLICKEY" +- dynbuf: assert for NULL pointer inputs - See also https://github.com/curl/curl/pull/7507 + Help us catch more mistakes. -- TODO: add "WebSocket read callback" + Closes #12238 - remove "Upgrade to websockets" as we already have this +- HTTP3: ngtcp2 builds are no longer experimental - Closes #11402 + The other HTTP/3 backends are still experimental. -- test497: verify rejecting too large incoming headers + Closes #12235 -- http: return error when receiving too large header set +Stefan Eissing (31 Oct 2023) - To avoid abuse. The limit is set to 300 KB for the accumulated size of - all received HTTP headers for a single response. Incomplete research - suggests that Chrome uses a 256-300 KB limit, while Firefox allows up to - 1MB. +- vtls: cleanup SSL config management - Closes #11582 + - remove `Curl_ssl_get_config()`, no longer needed -Stefan Eissing (3 Aug 2023) + Closes #12204 -- http2: upgrade tests and add fix for non-existing stream +Daniel Stenberg (31 Oct 2023) - - check in h2 filter recv that stream actually exists - and return error if not - - add test for parallel, extreme h2 upgrades that fail if - connections get reused before fully switched - - add h2 upgrade upload test just for completeness +- libcurl-thread.3: simplify the TLS section - Closes #11563 + All TLS libraries curl can use are threadsafe since OpenSSL 1.1.x, August + 2016. -Viktor Szakats (3 Aug 2023) + Closes #12233 -- tests: ensure `libcurl.def` contains all exports +- configure: better --disable-http - Add `test1279` to verify that `libcurl.def` lists all exported API - functions found in libcurl headers. + - disable HTTPS-proxy as well, since it can't work without HTTP - Also: + - curl_setup: when HTTP is disabled, also disable all features that are + HTTP-only - - extend test suite XML `stdout` tag with the `loadfile` attribute. + - version: HTTPS-proxy only exists if HTTP support exists - - fix `tests/extern-scan.pl` and `test1135` to include websocket API. + Closes #12223 - - use all headers (sorted) in `test1135` instead of a manual list. +- http: consider resume with CURLOPT_FAILONERRROR and 416 to be fine - - add options `--sort`, `--heading=` to `tests/extern-scan.pl`. + Finding a 'Content-Range:' in the response changed the handling. - - add `libcurl.def` to the auto-labeler GHA task. + Add test case 1475 to verify -C - with 416 and Content-Range: header, + which is almost exactly like test 194 which instead uses a fixed -C + offset. Adjusted test 194 to also be considered fine. - Follow-up to 2ebc74c36a19a1700af394c16855ce144d9878e3 + Fixes #10521 + Reported-by: Smackd0wn + Fixes #12174 + Reported-by: Anubhav Rai + Closes #12176 - Closes #11570 +Stefan Eissing (30 Oct 2023) -Daniel Stenberg (2 Aug 2023) +- GHA: fix checkout of quictls repository to use correct branch name -- url: change default value for CURLOPT_MAXREDIRS to 30 + Follow-up to c868b0e30f10cd0ac7 - It was previously unlimited by default, but that's not a sensible - default. While changing this has a remote risk of breaking an existing - use case, I figure it is more likely to actually save users from loops. + Closes #12232 - Closes #11581 +Daniel Stenberg (30 Oct 2023) -- lib: fix a few *printf() flag mistakes +- docs/example/localport.c: show off CURLOPT_LOCALPORT - Reported-by: Gisle Vanem - Ref: #11574 - Closes #11579 + Closes #12230 -Samuel Chiang (2 Aug 2023) +- docs/examples/interface.c: show CURLOPT_INTERFACE use -- openssl: make aws-lc version support OCSP + Although super simple. - And bump version in CI + Closes #12229 - Closes #11568 +Viktor Szakats (30 Oct 2023) -Daniel Stenberg (2 Aug 2023) +- build: fix compiler warning with auths disabled -- tool: make the length argument an int for printf()-.* flags + ``` + ./curl/lib/http.c:979:12: warning: unused function 'is_valid_auth_separator' + [-Wunused-function] + static int is_valid_auth_separator(char ch) + ^ + 5 warnings generated. + ``` - Closes #11578 + Follow-up to e92edfbef64448ef461117769881f3ed776dec4e #11490 -- tool_operate: fix memory leak when SSL_CERT_DIR is used + Closes #12227 - Detected by Coverity +- build: require Windows XP or newer - Follow-up to 29bce9857a12b6cfa726a5 + After this patch we assume availability of `getaddrinfo` and + `freeaddrinfo`, first introduced in Windows XP. Meaning curl + now requires building for Windows XP as a minimum. - Closes #11577 + TODO: assume these also in autotools. -- tool/var: free memory on OOM + Ref: https://github.com/curl/curl/pull/12221#issuecomment-1783761806 + Closes #12225 - Coverity detected this memory leak in OOM situation +- appveyor: bump one job to OpenSSL 3.1 (was 1.1.1) - Follow-up to 2e160c9c652504e + Use 3.1 with the modern runner image. - Closes #11575 + We still use 1.1.1 in 8 jobs. -Viktor Szakats (2 Aug 2023) + 1.1.1 is EOL since 2023-09-11: + https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/ -- gha: bump libressl and mbedtls versions + Also: + - add missing SSL-backend to job descriptions. + - tidy up CPU in job descriptions. - Closes #11573 + Closes #12226 -Jay Satiro (2 Aug 2023) +Daniel Stenberg (30 Oct 2023) -- schannel: fix user-set legacy algorithms in Windows 10 & 11 +- RELEASE-NOTES: synced - - If the user set a legacy algorithm list (CURLOPT_SSL_CIPHER_LIST) then - use the SCHANNEL_CRED legacy structure to pass the list to Schannel. +- GHA: bump ngtcp2, nghttp3, nghttp2 and quictls versions - - If the user set both a legacy algorithm list and a TLS 1.3 cipher list - then abort. + ngtcp2 1.0.1 + nghttp3 1.0.0 + nghttp2 1.58.0 + quictls 3.1.4+quic - Although MS doesn't document it, Schannel will not negotiate TLS 1.3 - when SCHANNEL_CRED is used. That means setting a legacy algorithm list - limits the user to earlier versions of TLS. + also sync HTTP3.md with these changes - Prior to this change, since 8beff435 (precedes 7.85.0), libcurl would - ignore legacy algorithms in Windows 10 1809 and later. + Closes #12132 - Reported-by: zhihaoy@users.noreply.github.com +Kareem (29 Oct 2023) - Fixes https://github.com/curl/curl/pull/10741 - Closes https://github.com/curl/curl/pull/10746 +- wolfssl: add default case for wolfssl_connect_step1 switch -Daniel Stenberg (2 Aug 2023) + Closes #12218 -- variable.d: setting a variable again overwrites it +Jay Satiro (29 Oct 2023) - Reported-by: Niall McGee - Bug: https://twitter.com/niallmcgee/status/1686523075423322113 - Closes #11571 +- curl_setup: disallow Windows IPv6 builds missing getaddrinfo -Jay Satiro (2 Aug 2023) + - On Windows if IPv6 is enabled but getaddrinfo is missing then #error + the build. -- CURLOPT_PROXY_SSL_OPTIONS.3: sync formatting + curl can be built with IPv6 support (ENABLE_IPV6) but without the + ability to resolve hosts to IPv6 addresses (HAVE_GETADDRINFO). On + Windows this is highly unlikely and should be considered a bad build + configuration. - - Re-wrap CURLSSLOPT_ALLOW_BEAST description. + Such a bad configuration has already given us a bug that was hard to + diagnose. See #12134 and #12136 for discussion. -Daniel Stenberg (2 Aug 2023) + Ref: https://github.com/curl/curl/issues/12134 + Ref: https://github.com/curl/curl/pull/12136 -- RELEASE-NOTES: synced + Closes https://github.com/curl/curl/pull/12221 -- resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set +Nico Rieck (29 Oct 2023) - Previously it would always do PF_UNSPEC if CURL_IPRESOLVE_V4 is not - used, thus unnecessarily asking for addresses that will not be used. +- openssl: make CURLSSLOPT_NATIVE_CA import Windows intermediate CAs - Reported-by: Joseph Tharayil - Fixes #11564 - Closes #11565 + - If CURLSSLOPT_NATIVE_CA on Windows then import from intermediate CA + "CA" store after importing from root CA "ROOT" store. -- docs: link to the website versions instead of markdowns + This change allows curl to work in situations where a server does not + send all intermediate certs and they are present in the "CA" store (the + store with intermediate CAs). This is already allowed by the Schannel + backend. - ... to make the links work when the markdown is converted to webpages on - https://curl.se + Also this change makes partial chain verification possible for those + certs since we allow partial chain verification by default for OpenSSL + (unless CURLSSLOPT_NO_PARTIALCHAIN). This is not allowed by the Schannel + backend. - Reported-by: Maurício Meneghini Fauth - Fixes https://github.com/curl/curl-www/issues/272 - Closes #11569 + Prior to this change CURLSSLOPT_NATIVE_CA only imported "ROOT" certs. -Viktor Szakats (1 Aug 2023) + Fixes https://github.com/curl/curl/issues/12155 + Closes https://github.com/curl/curl/pull/12185 -- cmake: cache more config and delete unused ones +Viktor Szakats (28 Oct 2023) - - cache more Windows config results for faster initialization. +- Makefile.mk: fix `-rtmp` option for non-Windows [ci skip] - - delete unused config macros `HAVE_SYS_UTSNAME_H`, `HAVE_SSL_H`. +Daniel Stenberg (28 Oct 2023) - - delete dead references to `sys/utsname.h`. +- asyn-ares: handle no connection in the addrinfo callback - Closes #11551 + To avoid crashing. -- egd: delete feature detection and related source code + Follow-up from 56a4db2 + Closes #12219 - EGD is Entropy Gathering Daemon, a socket-based entropy source supported - by pre-OpenSSL v1.1 versions and now deprecated. curl also deprecated it - a while ago. +Jay Satiro (28 Oct 2023) - Its detection in CMake was broken all along because OpenSSL libs were - not linked at the point of feature check. +- hostip6: fix DEBUG_ADDRINFO builds - Delete detection from both cmake and autotools, along with the related - source snippet, and the `--with-egd-socket=` `./configure` option. + - Removed unused and incorrect parameter from dump_addrinfo(). - Closes #11556 + Bug: https://github.com/curl/curl/commit/56a4db2e#commitcomment-131050442 + Reported-by: Gisle Vanem -Stefan Eissing (1 Aug 2023) + Closes https://github.com/curl/curl/pull/12212 -- tests: fix h3 server check and parallel instances +Viktor Szakats (28 Oct 2023) - - fix check for availability of nghttpx server - - add `tcp` frontend config for same port as quic, as - without this, port 3000 is bound which clashes for parallel - testing +- Makefile.mk: restore `_mingw.h` for default `_WIN32_WINNT` - Closes #11553 + In 8.4.0 we deleted `_mingw.h` as part of purging old-mingw support. + Turns out `_mingw.h` had the side-effect of setting a default + `_WIN32_WINNT` value expected by `lib/config-win32.h` to enable + `getaddrinfo` support in `Makefile.mk` mingw-w64 builds. This caused + disabling support for this unless specifying the value manually. -Daniel Stenberg (1 Aug 2023) + Restore this header and update its comment to tell why we continue + to need it. -- docs/cmdline-opts: spellfixes, typos and polish + This triggered a regression in official Windows curl builds starting + with 8.4.0_1. Fixed in 8.4.0_6. (8.5.0 will be using CMake.) - To make them accepted by the spell checker + Regression from 38029101e2d78ba125732b3bab6ec267b80a0e72 #11625 - Closes #11562 + Reported-by: zhengqwe on github + Helped-by: Nico Rieck + Fixes #12134 + Fixes #12136 + Closes #12217 -- CI/spellcheck: build curl.1 and spellcheck it +- hostip: silence compiler warning `-Wparentheses-equality` - Added acceptable words + Seen with LLVM 17. - Closes #11562 + ``` + hostip.c:1336:22: warning: equality comparison with extraneous parentheses [- + Wparentheses-equality] + 1336 | (a->ai_family == PF_INET)) { + | ~~~~~~~~~~~~~^~~~~~~~~~ + hostip.c:1336:22: note: remove extraneous parentheses around the comparison t + o silence this warning + 1336 | (a->ai_family == PF_INET)) { + | ~ ^ ~ + hostip.c:1336:22: note: use '=' to turn this equality comparison into an assi + gnment + 1336 | (a->ai_family == PF_INET)) { + | ^~ + | = + 1 warning generated. + ``` -Alexander Jaeger (1 Aug 2023) + Follow-up to b651aba0962bb31353f55de4dc35f745952a1b10 #12145 -- misc: fix various typos + Reviewed-by: Daniel Stenberg + Closes #12215 - Closes #11561 +Stefan Eissing (27 Oct 2023) -Daniel Stenberg (1 Aug 2023) +- doh: use PIPEWAIT when HTTP/2 is attempted -- http2: avoid too early connection re-use/multiplexing + Closes #12214 - HTTP/1 connections that are upgraded to HTTP/2 should not be picked up - for reuse and multiplexing by other handles until the 101 switching - process is completed. +Daniel Stenberg (27 Oct 2023) - Lots-of-debgging-by: Stefan Eissing - Reported-by: Richard W.M. Jones - Bug: https://curl.se/mail/lib-2023-07/0045.html - Closes #11557 +- setopt: remove outdated cookie comment -- Revert "KNOWN_BUGS: build for iOS simulator on macOS 13.2 with Xcode 14" + Closes #12206 - This reverts commit 2e8a3d7cb73c85a9aa151e263315f8a496dbb9d4. +Stefan Eissing (27 Oct 2023) - It's a user error for supplying incomplete information to the build system. +- cfilter: provide call to tell connection to forget a socket - Reported-by: Ryan Schmidt - Ref: https://github.com/curl/curl/issues/11215#issuecomment-1658729367 + - fixed libssh.c workaround for a socket being closed by + the library + - eliminate the terrible hack in cf-socket.c to guess when + this happened and try not closing the socket again. + - fixes race in eyeballing when socket could have failed to + be closed for a discarded connect attempt -Viktor Szakats (1 Aug 2023) + Closes #12207 -- cmake: add support for single libcurl compilation pass +- url: protocol handler lookup tidy-up - Before this patch CMake builds used two separate compilation passes to - build the shared and static libcurl respectively. This patch allows to - reduce that to a single pass if the target platform and build settings - allow it. + - rename lookup to what it does + - use ARRAYSIZE instead of NULL check for end + - offer alternate lookup for 0-terminated strings - This reduces CMake build times when building both static and shared - libcurl at the same time, making these dual builds an almost zero-cost - option. + Closes #12216 - Enable this feature for Windows builds, where the difference between the - two passes was the use of `__declspec(dllexport)` attribute for exported - API functions for the shared builds. This patch replaces this method - with the use of `libcurl.def` at DLL link time. +Viktor Szakats (27 Oct 2023) - Also update `Makefile.mk` to use `libcurl.def` to export libcurl API - symbols on Windows. This simplifies (or fixes) this build method (e.g. - in curl-for-win, which generated a `libcurl.def` from `.h` files using - an elaborate set of transformations). +- build: variadic macro tidy-ups - `libcurl.def` has the maintenance cost of keeping the list of public - libcurl API symbols up-to-date. This list seldom changes, so the cost - is low. + - delete unused `HAVE_VARIADIC_MACROS_C99/GCC` feature checks. + (both autotools and CMake.) + - delete duplicate `NULL` check in `Curl_trc_cf_infof()`. + - fix compiler warning in `CURL_DISABLE_VERBOSE_STRINGS` builds. + ``` + ./lib/cf-socket.c:122:41: warning: unused parameter 'data' [-Wunused-parame + ter] + static void nosigpipe(struct Curl_easy *data, + ^ + ``` + - fix `#ifdef` comments in `lib/curl_trc.{c,h}`. + - fix indentation in some `infof()` calls. - Closes #11546 + Follow-up to dac293cfb7026b1ca4175d88b80f1432d3d3c684 #12167 -- cmake: detect `SSL_set0_wbio` in OpenSSL + Cherry-picked from #12105 + Closes #12210 - Present in OpenSSL 1.1.0 and BoringSSL. - Missing from LibreSSL 3.8.0. +- cmake: speed up threads setup for Windows - Follow-up to f39472ea9f4f4e12cfbc0500c4580a8d52ce4a59 + Win32 threads are always available. We enabled them unconditionally + (with `ENABLE_THREADED_RESOLVER`). CMake built-in thread detection + logic has this condition hard-coded for Windows as well (since at least + 2007). - While here, also fix `RAND_egd()` detection which was broken, likely all - along. This feature is probably broken with CMake builds and also - requires a sufficiently obsolete OpenSSL version, so this part of the - update was not tested. + Instead of doing all the work of detecting pthread combinations on + Windows, then discarding those results, skip these efforts and assume + built-in thread support when building for Windows. - Closes #11555 + This saves 1-3 slow CMake configuration steps. -- cmake: fixup H2 duplicate symbols for unity builds + Reviewed-by: Daniel Stenberg + Closes #12202 - Closes #11550 +- cmake: speed up zstd detection -Pablo Busse (1 Aug 2023) + Before this patch we detected the presence of a specific zstd API to + see if we can use the library. zstd published that API in its first + stable release: v1.0.0 (2016-08-31). -- openssl: Support async cert verify callback + Replace that method by detecting the zstd library version instead and + accepting if it's v1.0.0 or newer. Also display this detected version + and display a warning if the zstd found is unfit for curl. - - Update the OpenSSL connect state machine to handle - SSL_ERROR_WANT_RETRY_VERIFY. + We use the same version detection method as zstd itself, via its public + C header. - This allows libcurl users that are using custom certificate validation - to suspend processing while waiting for external I/O during certificate - validation. + This deviates from autotools which keeps using the slow method of + looking for the API by building a test program. The outcome is the same + as long as zstd keeps offering this API. - Closes https://github.com/curl/curl/pull/11499 + Ref: https://github.com/facebook/zstd/commit/5a0c8e24395079f8e8cdc90aa1659cd5 + ab1b7427 (2016-08-12, committed) + Ref: https://github.com/facebook/zstd/releases/tag/v0.8.1 (2016-08-18, first + released) + Ref: https://github.com/facebook/zstd/releases/tag/v1.0.0 -Jay Satiro (1 Aug 2023) + Reviewed-by: Daniel Stenberg + Closes #12200 -- tool_cb_wrt: fix invalid unicode for windows console +Daniel Stenberg (26 Oct 2023) - - Suppress an incomplete UTF-8 sequence at the end of the buffer. +- openssl: fix infof() to avoid compiler warning for %s with null - - Attempt to reconstruct incomplete UTF-8 sequence from prior call(s) - in current call. + vtls/openssl.c: In function ‘ossl_connect_step2’: + ../lib/curl_trc.h:120:10: error: ‘%s’ directive argument is null [-Werror + =format-overflow=] + 120 | Curl_infof(data, __VA_ARGS__); } while(0) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + vtls/openssl.c:4008:5: note: in expansion of macro ‘infof’ + 4008 | infof(data, "SSL connection using %s / %s / %s / %s", + | ^~~~~ + vtls/openssl.c:4008:49: note: format string is defined here + 4008 | infof(data, "SSL connection using %s / %s / %s / %s", + | ^~ - Prior to this change, in Windows console UTF-8 sequences split between - two or more calls to the write callback would cause invalid "replacement - characters" U+FFFD to be printed instead of the actual Unicode - character. This is because in Windows only UTF-16 encoded characters are - printed to the console, therefore we convert the UTF-8 contents to - UTF-16, which cannot be done with partial UTF-8 sequences. + Follow-up to b6e6d4ff8f253c8b8055bab + Closes #12196 - Reported-by: Maksim Arhipov +Stefan Eissing (26 Oct 2023) - Fixes https://github.com/curl/curl/issues/9841 - Closes https://github.com/curl/curl/pull/10890 +- lib: apache style infof and trace macros/functions -Daniel Stenberg (1 Aug 2023) + - test for a simplified C99 variadic check + - args to infof() in --disable-verbose are no longer disregarded but + must compile. -- sectransp: prevent CFRelease() of NULL + Closes #12167 + Fixes #12083 + Fixes #11880 + Fixes #11891 - When SecCertificateCopyCommonName() returns NULL, the common_name - pointer remains set to NULL which apparently when calling CFRelease() on - (sometimes?) crashes. +Daniel Stenberg (26 Oct 2023) - Reported-by: Guillaume Algis - Fixes #9194 - Closes #11554 +- RELEASE-NOTES: synced -Jay Satiro (1 Aug 2023) +Stefan Eissing (26 Oct 2023) -- vtls: clarify "ALPN: offers" message +- urldata: move async resolver state from easy handle to connectdata - Before: - * ALPN: offers h2,http/1.1 + - resolving is done for a connection, not for every transfer + - save create/dup/free of a cares channel for each transfer + - check values of setopt calls against a local channel if no + connection has been attached yet, when needed. - After: - * ALPN: curl offers h2,http/1.1 + Closes #12198 - Bug: https://curl.se/mail/lib-2023-07/0041.html - Reported-by: Richard W.M. Jones - Closes #11544 +Daniel Stenberg (26 Oct 2023) -Daniel Stenberg (1 Aug 2023) +- CURLOPT_WRITEFUNCTION.3: clarify what libcurl returns for CURL_WRITEFUNC_ERRO + R -- urlapi: make sure zoneid is also duplicated in curl_url_dup + It returns CURLE_WRITE_ERROR. It was not previously stated clearly. - Add several curl_url_dup() tests to the general lib1560 test. + Reported-by: enWILLYado on github + Fixes #12201 + Closes #12203 - Reported-by: Rutger Broekhoff - Bug: https://curl.se/mail/lib-2023-07/0047.html - Closes #11549 +Viktor Szakats (25 Oct 2023) -Sergey (1 Aug 2023) +- autotools: update references to deleted `crypt-auth` option -- urlapi: fix heap buffer overflow + Delete leftovers of the `crypt-auth` `./configure` option and + add the new ones that replaced them. - `u->path = Curl_memdup(path, pathlen + 1);` accesses bytes after the null-ter - minator. + Follow-up to e92edfbef64448ef461117769881f3ed776dec4e #11490 - ``` - ==2676==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x04d48c75 a - t pc 0x0112708a bp 0x006fb7e0 sp 0x006fb3c4 - READ of size 78 at 0x04d48c75 thread T0 - #0 0x1127089 in __asan_wrap_memcpy D:\a\_work\1\s\src\vctools\asan\llvm\c - ompiler-rt\lib\sanitizer_common\sanitizer_common_interceptors.inc:840 - #1 0x1891a0e in Curl_memdup C:\actions-runner\_work\client\client\third_p - arty\curl\lib\strdup.c:97 - #2 0x18db4b0 in parseurl C:\actions-runner\_work\client\client\third_part - y\curl\lib\urlapi.c:1297 - #3 0x18db819 in parseurl_and_replace C:\actions-runner\_work\client\clien - t\third_party\curl\lib\urlapi.c:1342 - #4 0x18d6e39 in curl_url_set C:\actions-runner\_work\client\client\third_ - party\curl\lib\urlapi.c:1790 - #5 0x1877d3e in parseurlandfillconn C:\actions-runner\_work\client\client - \third_party\curl\lib\url.c:1768 - #6 0x1871acf in create_conn C:\actions-runner\_work\client\client\third_p - arty\curl\lib\url.c:3403 - #7 0x186d8dc in Curl_connect C:\actions-runner\_work\client\client\third_ - party\curl\lib\url.c:3888 - #8 0x1856b78 in multi_runsingle C:\actions-runner\_work\client\client\thi - rd_party\curl\lib\multi.c:1982 - #9 0x18531e3 in curl_multi_perform C:\actions-runner\_work\client\client\ - third_party\curl\lib\multi.c:2756 - ``` + Reviewed-by: Daniel Stenberg + Closes #12194 - Closes #11560 +Stefan Eissing (25 Oct 2023) -Daniel Stenberg (31 Jul 2023) +- lib: introduce struct easy_poll_set for poll information -- curl: make %output{} in -w specify a file to write to + Connection filter had a `get_select_socks()` method, inspired by the + various `getsocks` functions involved during the lifetime of a + transfer. These, depending on transfer state (CONNECT/DO/DONE/ etc.), + return sockets to monitor and flag if this shall be done for POLLIN + and/or POLLOUT. - It can be used multiple times. Use %output{>>name} to append. + Due to this design, sockets and flags could only be added, not + removed. This led to problems in filters like HTTP/2 where flow control + prohibits the sending of data until the peer increases the flow + window. The general transfer loop wants to write, adds POLLOUT, the + socket is writeable but no data can be written. - Add docs. Test 990 and 991 verify. + This leads to cpu busy loops. To prevent that, HTTP/2 did set the + `SEND_HOLD` flag of such a blocked transfer, so the transfer loop cedes + further attempts. This works if only one such filter is involved. If a + HTTP/2 transfer goes through a HTTP/2 proxy, two filters are + setting/clearing this flag and may step on each other's toes. - Idea: #11400 - Suggested-by: ed0d2b2ce19451f2 - Closes #11416 + Connection filters `get_select_socks()` is replaced by + `adjust_pollset()`. They get passed a `struct easy_pollset` that keeps + up to `MAX_SOCKSPEREASYHANDLE` sockets and their `POLLIN|POLLOUT` + flags. This struct is initialized in `multi_getsock()` by calling the + various `getsocks()` implementations based on transfer state, as before. -- RELEASE-NOTES: synced + After protocol handlers/transfer loop have set the sockets and flags + they want, the `easy_pollset` is *always* passed to the filters. Filters + "higher" in the chain are called first, starting at the first + not-yet-connection one. Each filter may add sockets and/or change + flags. When all flags are removed, the socket itself is removed from the + pollset. -- tool: add "variable" support + Example: - Add support for command line variables. Set variables with --variable - name=content or --variable name@file (where "file" can be stdin if set - to a single dash (-)). + * transfer wants to send, adds POLLOUT + * http/2 filter has a flow control block, removes POLLOUT and adds + POLLIN (it is waiting on a WINDOW_UPDATE from the server) + * TLS filter is connected and changes nothing + * h2-proxy filter also has a flow control block on its tunnel stream, + removes POLLOUT and adds POLLIN also. + * socket filter is connected and changes nothing + * The resulting pollset is then mixed together with all other transfers + and their pollsets, just as before. - Variable content is expanded in option parameters using "{{name}}" - (without the quotes) if the option name is prefixed with - "--expand-". This gets the contents of the variable "name" inserted, or - a blank if the name does not exist as a variable. Insert "{{" verbatim - in the string by prefixing it with a backslash, like "\\{{". + Use of `SEND_HOLD` is no longer necessary in the filters. - Import an environment variable with --variable %name. It makes curl exit - with an error if the environment variable is not set. It can also rather - get a default value if the variable does not exist, using =content or - @file like shown above. + All filters are adapted for the changed method. The handling in + `multi.c` has been adjusted, but its state handling the the protocol + handlers' `getsocks` method are untouched. - Example: get the USER environment variable into the URL: + The most affected filters are http/2, ngtcp2, quiche and h2-proxy. TLS + filters needed to be adjusted for the connecting handshake read/write + handling. - --variable %USER - --expand-url = "https://example.com/api/{{USER}}/method" + No noticeable difference in performance was detected in local scorecard + runs. - When expanding variables, curl supports a set of functions that can make - the variable contents more convenient to use. It can trim leading and - trailing white space with "trim", output the contents as a JSON quoted - string with "json", URL encode it with "url" and base 64 encode it with - "b64". To apply functions to a variable expansion, add them colon - separated to the right side of the variable. They are then performed in - a left to right order. + Closes #11833 - Example: get the contents of a file called $HOME/.secret into a variable - called "fix". Make sure that the content is trimmed and percent-encoded - sent as POST data: +Daniel Stenberg (25 Oct 2023) - --variable %HOME=/home/default - --expand-variable fix@{{HOME}}/.secret - --expand-data "{{fix:trim:url}}" - https://example.com/ +- tests/README: SOCKS tests are not using OpenSSH, it has its own server - Documented. Many new test cases. + Follow-up to 04fd67555cc - Co-brainstormed-by: Emanuele Torre - Assisted-by: Jat Satiro - Closes #11346 + Closes #12195 -- KNOWN_BUGS: cygwin: make install installs curl-config.1 twice +Jacob Hoffman-Andrews (25 Oct 2023) - Closes #8839 +- tets: make test documentation more user-friendly -- KNOWN_BUGS: build for iOS simulator on macOS 13.2 with Xcode 14 + Put the instructions to run tests right at the top of tests/README.md. - Closes #11215 + Give instructions to read the runtests.1 man page for information + about flags. Delete redundant copy of the flags documentation in the + README. -- KNOWN_BUGS: cmake outputs: no version information available + Add a mention in README.md of the important parallelism flag, to make + test runs go much faster. - Closes #11158 + Move documentation of output line format into the runtests.1 man page, + and update it with missing flags. -- KNOWN_BUGS: APOP authentication fails on POP3 + Fix the order of two flags in the man page. - Closes #10073 + Closes #12193 -- KNOWN_BUGS: hyper is slow +Viktor Szakats (24 Oct 2023) - Closes #11203 +- cmake: pre-fill rest of detection values for Windows -Patrick Monnerat (31 Jul 2023) + The goal of this patch is to avoid unnecessary feature detection work + when doing Windows builds with CMake. Do this by pre-filling well-known + detection results for Windows and specifically for mingw-w64 and MSVC + compilers. Also limit feature checks to platforms where the results are + actually used. Drop a few redundant ones. And some tidying up. -- configure, cmake, lib: more form api deprecation + - pre-fill remaining detection values in Windows CMake builds. - Introduce a --enable-form-api configure option to control its inclusion - in builds. The condition name defined for it is CURL_DISABLE_FORM_API. + Based on actual detection results observed in CI runs, preceding + similar work over libssh2 and matching up values with + `lib/config-win32.h`. - Form api code is dependent of MIME: configure and CMake handle this - dependency automatically: CMake by making it a dependent option - explicitly, configure by inheriting the MIME value by default and - rejecting explicit incompatible values. + This brings down CMake configuration time from 58 to 14 seconds on the + same local machine. - "form-api" is now a new hidden test feature. + On AppVeyor CI this translates to: + - 128 seconds -> 50 seconds VS2022 MSVC with OpenSSL (per CMake job): + https://ci.appveyor.com/project/curlorg/curl/builds/48208419/job/4gw66ecr + jpy7necb#L296 + https://ci.appveyor.com/project/curlorg/curl/builds/48217440/job/8m4fwrr2 + fe249uo8#L186 + - 62 seconds -> 16 seconds VS2017 MINGW (per CMake job): + https://ci.appveyor.com/project/curlorg/curl/builds/48208419/job/s1y8q5iv + lcs7ub29?fullLog=true#L290 + https://ci.appveyor.com/project/curlorg/curl/builds/48217440/job/pchpxyjs + yc9kl13a?fullLog=true#L194 - Update libcurl modules to respect this option and adjust tests - accordingly. + The formula is about 1-3 seconds delay for each detection. Almost all + of these trigger a full compile-link cycle behind the scenes, slow + even today, both cross and native, mingw-w64 and apparently MSVC too. + Enabling .map files or other custom build features slows it down + further. (Similar is expected for autotools configure.) - Closes #9621 + - stop detecting `idn2.h` if idn2 was deselected. + autotools does this. -Daniel Stenberg (31 Jul 2023) + - stop detecting `idn2.h` if idn2 was not found. + This deviates from autotools. Source code requires both header and + lib, so this is still correct, but faster. -- mailmap: add Derzsi Dániel + - limit `ADDRESS_FAMILY` detection to Windows. -Derzsi Dániel (31 Jul 2023) + - normalize `HAVE_WIN32_WINNT` value to lowercase `0x0a12` format. -- wolfssl: support loading system CA certificates + - pre-fill `HAVE_WIN32_WINNT`-dependent detection results. + Saving 4 (slow) feature-detections in most builds: `getaddrinfo`, + `freeaddrinfo`, `inet_ntop`, `inet_pton` - Closes #11452 + - fix pre-filled `HAVE_SYS_TIME_H`, `HAVE_SYS_PARAM_H`, + `HAVE_GETTIMEOFDAY` for mingw-w64. + Luckily this do not change build results, as `WIN32` took + priority over `HAVE_GETTIMEOFDAY` with the current source + code. -Viktor Szakats (30 Jul 2023) + - limit `HAVE_CLOCK_GETTIME_MONOTONIC_RAW` and + `HAVE_CLOCK_GETTIME_MONOTONIC` detections to non-Windows. + We're not using these in the source code for Windows. -- nss: delete more NSS references + - reduce compiler warning noise in CMake internal logs: + - fix to include `winsock2.h` before `windows.h`. + Apply it to autotools test snippets too. + - delete previous `-D_WINSOCKAPI_=` hack that aimed to fix the above. + - cleanup `CMake/CurlTests.c` to emit less warnings. - Fix the distcheck CI failure and delete more NSS references. + - delete redundant `HAVE_MACRO_SIGSETJMP` feature check. + It was the same check as `HAVE_SIGSETJMP`. - Follow-up to 7c8bae0d9c9b2dfeeb008b9a316117d7b9675175 + - delete 'experimental' marking from `CURL_USE_OPENSSL`. - Reviewed-by: Marcel Raad - Reviewed-by: Daniel Stenberg - Closes #11548 + - show CMake version via `CMakeLists.txt`. + Credit to the `zlib-ng` project for the idea: + https://github.com/zlib-ng/zlib-ng/blob/61e181c8ae93dbf56040336179c9954078b + d1399/CMakeLists.txt#L7 -Daniel Stenberg (29 Jul 2023) + - make `CMake/CurlTests.c` pass `checksrc`. -- nss: remove support for this TLS library + - `CMake/WindowsCache.cmake` tidy-ups. - Closes #11459 + - replace `WIN32` guard with `_WIN32` in `CMake/CurlTests.c`. -Ryan Schmidt (29 Jul 2023) + Closes #12044 -- macOS: fix target detection more +Jay Satiro (24 Oct 2023) - Now SCDynamicStoreCopyProxies is called (and the required frameworks are - linked in) on all versions of macOS and only on macOS. Fixes crash due - to undefined symbol when built with the macOS 10.11 SDK or earlier. +- page-footer: clarify exit code 25 - CURL_OSX_CALL_COPYPROXIES is renamed to CURL_MACOS_CALL_COPYPROXIES and - is now only defined when SCDynamicStoreCopyProxies will actually be - called. Previously, it was defined when ENABLE_IPV6 was not defined but - SCDynamicStoreCopyProxies is not called in that case. + - Clarify that curl tool exit code 25 means an upload failed to start. - TARGET_OS_OSX is only defined in the macOS 10.12 SDK and later and only - when dynamic targets are enabled. TARGET_OS_MAC is always defined but - means any Mac OS or derivative including macOS, iOS, tvOS, and watchOS. - TARGET_OS_IPHONE means any Darwin OS other than macOS. + Exit code 25 is equivalent to CURLE_UPLOAD_FAILED (25). Prior to this + change the documentation only mentioned the case of FTP STOR failing. - Follow-up to c73b2f82 + Reported-by: Emanuele Torre - Fixes #11502 - Closes #11516 + Ref: https://github.com/curl/curl/blob/curl-8_4_0/docs/libcurl/libcurl-errors + .3#L113-L115 -Daniel Stenberg (29 Jul 2023) + Fixes https://github.com/curl/curl/issues/12189 + Closes https://github.com/curl/curl/pull/12190 -- tool_operate: allow SSL_CERT_FILE and SSL_CERT_DIR +Daniel Stenberg (24 Oct 2023) - ... used at once. +- scripts/cijobs.pl: adjust for appveyor - Reported-by: Gabriel Corona - Fixes #11325 - Closes #11531 + Follow-up to a1d73a6bb -Thomas M. DuBuisson (29 Jul 2023) +Alex Bozarth (24 Oct 2023) -- CI: remove Lift's configuration +- OpenSSL: Include SIG and KEM algorithms in verbose - The Lift tool is being retired. Their site reads: + Currently the verbose output does not include which algorithms are used + for the signature and key exchange when using OpenSSL. Including the + algorithms used will enable better debugging when working on using new + algorithm implementations. Know what algorithms are used has become more + important with the fast growing research into new quantum-safe + algorithms. - "Sonatype Lift will be retiring on Sep 12, 2023, with its analysis - stopping on Aug 12, 2023." + This implementation includes a build time check for the OpenSSL version + to use a new function that will be included in OpenSSL 3.2 that was + introduced in openssl/openssl@6866824 - Closes #11541 + Based-on-patch-by: Martin Schmatz + Closes #12030 -Nathan Moinvaziri (29 Jul 2023) +Daniel Stenberg (23 Oct 2023) -- Revert "schannel: reverse the order of certinfo insertions" +- http2: provide an error callback and failf the message - This reverts commit 8986df802db9b5338d9d50a54232ebae4dbcf6dd. + Getting nghttp2's error message helps users understand what's going + on. For example when the connection is brought down due a forbidden + header is used - as that header is then not displayed by curl itself. - Windows does not guarantee a particular certificate ordering, even - though TLS may have its own ordering/relationship guarantees. Recent - versions of Windows 11 reversed the ordering of ceritifcates returned by - CertEnumCertificatesInStore, therefore this commit no longer works as - initially intended. libcurl makes no guarantees about certificate - ordering if the operating system can't. + Example: - Ref: https://github.com/curl/curl/issues/9706 + curl: (92) Invalid HTTP header field was received: frame type: 1, + stream: 1, name: [upgrade], value: [h2,h2c] - Closes https://github.com/curl/curl/pull/11536 + Ref: #12172 + Closes #12179 -wangzhikun (29 Jul 2023) +Turiiya (23 Oct 2023) -- winbuild: improve check for static zlib +- BINDINGS: add V binding - - Check for zlib static library name zlibstatic.lib. + Closes #12182 - zlib's static library has a different name depending on how it was - built. zlibstatic.lib is output by cmake. zlibstat.lib is output by - their pre-generated Visual Studio project files (in the contrib - directory) and defines ZLIB_WINAPI (ie it's meant to use stdcall - instead of cdecl if you end up exporting the zlib functions). +Daniel Stenberg (22 Oct 2023) - Prior to this change the makefile only checked for the latter. +- configure: check for the fseeko declaration too - Closes https://github.com/curl/curl/pull/11521 + ... and make the code require both symbol and declaration. -Daniel Stenberg (29 Jul 2023) + This is because for Android, the symbol is always present in the lib at + build-time even when not actually available in run-time. -- configure: use the pkg-config --libs-only-l flag for libssh2 + Assisted-by: Viktor Szakats + Reported-by: 12932 on github + Fixes #12086 + Closes #12158 - ... instead of --libs, as that one also returns -L flags. +Viktor Szakats (22 Oct 2023) - Reported-by: Wilhelm von Thiele - Fixes #11538 - Closes #11539 +- cmake: fix OpenSSL quic detection in quiche builds -Viktor Szakats (29 Jul 2023) + An orphan call to `CheckQuicSupportInOpenSSL()` remained after a recent + update when checking QUIC for quiche. Move back QUIC detection to + a function and fixup callers to use that. Also make sure that quiche + gets QUIC from BoringSSL, because it doesn't support other forks at this + time. -- cmake: support building static and shared libcurl in one go + Regression from dee310d54261f9a8416e87d50bccfe2cbe404949 #11555 - This patch adds the ability to build a static and shared libcurl library - in a single build session. It also adds an option to select which one to - use when building the curl executable. + Reported-by: Casey Bodley + Fixes #12160 + Closes #12162 - New build options: - - `BUILD_STATIC_LIBS`. Default: `OFF`. - Enabled automatically if `BUILD_SHARED_LIBS` is `OFF`. - - `BUILD_STATIC_CURL`. Default: `OFF`. - Requires `BUILD_STATIC_LIBS` enabled. - Enabled automatically if building static libcurl only. - - `STATIC_LIB_SUFFIX`. Default: empty. - - `IMPORT_LIB_SUFFIX`. Default: `_imp` if implib filename would collide - with static lib name (typically with MSVC) in Windows builds. - Otherwise empty. +Daniel Stenberg (22 Oct 2023) - Also: +- RELEASE-NOTES: synced - - Stop setting the `CURL_STATICLIB` macro via `curl_config.h`, and pass - it directly to the compiler. This also allows to delete a condition - from `tests/server/CMakeLists.txt`. + bump to 8.5.0 for pending release - - Complete a TODO by following the logic used in autotools (also for - `LIBCURL_NO_SHARED`), and set `-DCURL_STATICLIB` in `Cflags:` of - `libcurl.pc` for _static-only_ curl builds. +Dan Fandrich (21 Oct 2023) - - Convert an existing CI test to build both shared and static libcurl. +- test3103: add missing quotes around a test tag attribute - Closes #11505 +Loïc Yhuel (21 Oct 2023) -Stefan Eissing (28 Jul 2023) +- tool: fix --capath when proxy support is disabled -- CI/awslc: add cache for build awslc library + After 95e8515ca0, --capath always sets CURLOPT_PROXY_CAPATH, which fails + with CURLE_UNKNOWN_OPTION when proxy support is disabled. - Closes #11535 + Closes #12089 -- GHA/linux.yml: add caching +Daniel Stenberg (21 Oct 2023) - Closes #11532 +- openldap: move the alloc of ldapconninfo to *connect() -Daniel Stenberg (27 Jul 2023) + Fixes a minor memory leak on LDAP connection reuse. -- RELEASE-NOTES: synced + Doing the allocation already in *setup_connection() is wrong since that + connect struct might get discarded early when an existing connection is + reused instead. - Bump working version to 8.3.0 + Closes #12166 -- url: remove infof() output for "still name resolving" +- openldap: set the callback argument in oldap_do - The message does not help and might get spewed a lot during times. + ... to make sure it has the current 'data' pointer and not a stale old + one. - Reported-by: yushicheng7788 on github - Fixes #11394 - Closes #11529 + Reported-by: Dan Fandrich + Closes #12166 -- KNOWN_BUGS: cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!" +- gnutls: support CURLSSLOPT_NATIVE_CA - Closes #11244 + Remove the CURL_CA_FALLBACK logic. That build option was added to allow + primarily OpenSSL to use the default paths for loading the CA certs. For + GnuTLS it was instead made to load the "system certs", which is + different and not desirable. -Stefan Eissing (27 Jul 2023) + The native CA store loading is now asked for with this option. -- CI: quiche updates + Follow-up to 7b55279d1d856 - - remove quiche from standard `linux` workflow - - add mod_h2 caching to quiche workflow - - rename quiche to quiche-linux - - move version definitions into env section + Co-authored-by: Jay Satiro - Closes #11528 + Closes #12137 -- http2: disable asssertion blocking OSSFuzz testing +Stefan Eissing (21 Oct 2023) - - not clear how this triggers and it blocks OSSFuzz testing other - things. Since we handle the case with an error return, disabling the - assertion for now seems the best way forward. +- RTSP: improved RTP parser - Fixes #11500 - Closes #11519 + - fix HTTP header parsing to report incomplete + lines it buffers as consumed! + - re-implement the RTP parser for interleave RTP + messages for robustness. It is now keeping its + state at the connection + - RTSP protocol handler "readwrite" implementation + now tracks if the response is before/in/after + header parsing or "in" a bod by calling + "Curl_http_readwrite_headers()" itself. This + allows it to know when non-RTP bytes are "junk" + or HEADER or BODY. + - tested with #12035 and various small receive + sizes where current master fails -- http2: fix in h2 proxy tunnel: progress in ingress on sending + Closes #12052 - - depending on what is tunneled, the proxy may never get invoked for - receiving data explicitly. Not progressing ingress may lead to stalls - due to missed WINDOW_UPDATEs. +- http2: header conversion tightening - CI: - - add a chache for building mod_h2 + - fold the code to convert dynhds to the nghttp2 structs + into a dynhds internal method + - saves code duplication + - pacifies compiler analyzers - Closes #11527 + Closes #12097 -- CI ngtcp2+quictls: use nghttpx cache as in quiche build +Daniel Stenberg (21 Oct 2023) -Jay Satiro (27 Jul 2023) +- curl_ntlm_wb: fix elif typo -- bearssl: don't load CA certs when peer verification is disabled + Reported-by: Manfred Schwarb + Follow-up to d4314cdf65ae + Bug: https://github.com/curl/curl/commit/d4314cdf65aee295db627016934bd9eb621a + b077#r130551295 - We already do this for other SSL backends. +Dan Fandrich (20 Oct 2023) - Bug: https://github.com/curl/curl/pull/11457#issuecomment-1644587473 - Reported-by: kyled-dell@users.noreply.github.com +- test1683: remove commented-out check alternatives - Closes https://github.com/curl/curl/pull/11497 + Python precheck/postcheck alternatives were included but commented out. + Since these are not used and perl is guaranteed to be available to run + the perl versions anyway, the Python ones are removed. -Daniel Stenberg (26 Jul 2023) +Daniel Stenberg (20 Oct 2023) -- easy: remove #ifdefs to make code easier on the eye +- hostip: show the list of IPs when resolving is done - Closes #11525 + Getting 'curl.se' today then gets this verbose output which might help + debugging connectivity related matters. -Stefan Eissing (26 Jul 2023) + * Host curl.se:80 was resolved. + * IPv6: 2a04:4e42::347, 2a04:4e42:200::347, 2a04:4e42:400::347, + 2a04:4e42:600::347, 2a04:4e42:800::347, 2a04:4e42:a00::347, + 2a04:4e42:c00::347, 2a04:4e42:e00::347 + * IPv4: 151.101.193.91, 151.101.1.91, 151.101.65.91, 151.101.129.91 -- GHA: adding quiche workflow + Co-authored-by: Jay Satiro + Closes #12145 - - adding separate quiche workflow to also build nghttpx server for testing +rilysh (20 Oct 2023) - Closes #11517 +- docs: fix function typo in curl_easy_option_next.3 -Version 8.2.1 (26 Jul 2023) + Closes #12170 -Daniel Stenberg (26 Jul 2023) +Daniel Stenberg (20 Oct 2023) -- RELEASE-NOTES: synced +- vssh: remove the #ifdef for Curl_ssh_init, use empty macro - curl 8.2.1 release + In the same style as other init calls -- THANKS: add contributors from 8.2.1 +- easy: remove duplicate wolfSSH init call -- docs: provide more see also for cipher options + It is already done in Curl_ssh_init() where it belongs. - More cross references. Hide nroff errors. + Closes #12168 - Closes #11513 +- socks: make SOCKS5 use the CURLOPT_IPRESOLVE choice -- docs: mark two TLS options for TLS, not SSL + Fixes #11949 + Reported-by: Ammar Faizi + Closes #12163 - Closes #11514 +- urldata: move the 'internal' boolean to the state struct -Brad Harder (25 Jul 2023) + ... where all the other state bits for the easy handles live. -- curl_multi_wait.3: fix arg quoting to doc macro .BR + Closes #12165 - Closes #11511 +- url: don't touch the multi handle when closing internal handles -Daniel Stenberg (24 Jul 2023) + Reported-by: Maksymilian Arciemowicz + Closes #12165 -- RELEASE-NOTES: synced +Faraz Fallahi (19 Oct 2023) -Viktor Szakats (24 Jul 2023) +- getenv: PlayStation doesn't have getenv() -- cmake: update ngtcp2 detection + Closes #12140 - Replace `OpenSSL` with `quictls` to follow the same change - in the v0.17.0 ngtcp2 release. +Daniel Stenberg (19 Oct 2023) - Follow-up to e0093b4b732f6495b0fb1cd6747cbfedcdcf63ed +- transfer: only reset the FTP wildcard engine in CLEAR state - Closes #11508 + To avoid the state machine to start over and redownload all the files + *again*. -Stefan Eissing (24 Jul 2023) + Reported-by: lkordos on github + Regression from 843b3baa3e3cb228 (shipped in 8.1.0) + Bisect-by: Dan Fandrich + Fixes #11775 + Closes #12156 -- http: VLH, very large header test and fixes +Stefan Eissing (19 Oct 2023) - - adding tests using very large passwords in auth - - fixes general http sending to treat h3 like h2, and - not like http1.1 - - eliminate H2_HEADER max definitions and use the commmon - DYN_HTTP_REQUEST everywhere, different limits do not help - - fix http2 handling of requests denied by nghttp2 on send - to immediately report the refused stream +- GHA: move mod_h2 version in CI to v2.0.25 - Closes #11509 + Closes #12157 -Andrei Rybak (23 Jul 2023) +Daniel Stenberg (19 Oct 2023) -- CONTRIBUTE: drop mention of copyright year ranges +- ntlm_wb: use pipe instead of socketpair when possible - Year ranges in copyrights were dropped in commits [1] and [2]. - Verification of year ranges in copyrights was dropped from script - 'scripts/copyright.pl' in commit [3]. However, the corresponding - passages in file 'docs/CONTRIBUTE.md' weren't updated. + Closes #12149 - Drop mentions of copyright year ranges from 'docs/CONTRIBUTE.md'. +- RELEASE-NOTES: synced - [1] 2bc1d775f (copyright: update all copyright lines and remove year - ranges, 2023-01-02) - [2] c46761bd8 (tests/http: remove year ranges from copyrights, - 2023-03-14) - [3] 0e293bacb (copyright.pl: cease doing year verifications, 2023-01-28) +- asyn-thread: use pipe instead of socketpair for IPC when available - Closes #11504 + If pipe() is present. Less overhead. -- CONTRIBUTE: fix syntax in commit message description + Helped-by: Viktor Szakats + Closes #12146 - File 'docs/CONTRIBUTE.md' includes a description of how one should write - commit messages in the curl project. Different possible parts of the - message are enclosed in square brackets. One exception is the section - describing how the curl project doesn't use "Signed-off-by" commit - trailers [1], which is enclosed in an opening curly brace paired with a - closing square bracket. +Dan Fandrich (17 Oct 2023) - Fix the enclosing square brackets in description of "Signed-off-by" - trailers in commit messages in file 'docs/CONTRIBUTE.md'. +- tests: Fix Windows test helper tool search & use it for handle64 - [1] See description of option '--signoff' in Git documentation: - https://git-scm.com/docs/git-commit + The checkcmd() and checktestcmd() functions would not have worked on + Windows due to hard-coding the UNIX PATH separator character and not + adding .exe file extension. This meant that tools like stunnel, valgrind + and nghttpx would not have been found and used on Windows, and + inspection of previous test runs show none of those being found in pure + Windows CI builds. - Closes #11504 + With this fixed, they can be used to detect the handle64.exe program + before attempting to use it. When handle64.exe was called + unconditionally without it existing, it caused perl to abort the test + run with the error -Daniel Stenberg (23 Jul 2023) + The running command stopped because the preference variable + "ErrorActionPreference" or common parameter is set to Stop: + sh: handle64.exe: command not found -- src/mkhelp: strip off escape sequences + Closes #12115 - At some point the nroff command stopped stripping off escape sequences, - so then this script needs to do the job instead. +Daniel Stenberg (17 Oct 2023) - Reported-by: VictorVG on github - Fixes #11501 - Closes #11503 +- multi: use pipe instead of socketpair to *wakeup() -- KNOWN_BUGS: building for old macOS fails with gcc + If pipe() is present. Less overhead. - Closes #11441 + Closes #12142 -Jacob Hoffman-Andrews (22 Jul 2023) +Jay Satiro (17 Oct 2023) -- rustls: update rustls-ffi 0.10.0 +- build: fix 'threadsafe' feature detection for older gcc - This brings in version 0.21.0 of the upstream rustls implementation, - which notable includes support for IP address certificates. + - Add 'threadsafe' to the feature list shown during build if POSIX + threads are being used. - Closes #10865 + This is a follow-up to 5adb6000 which added support for building a + thread-safe libcurl with older versions of gcc where atomic is not + available but pthread is. -Brad Harder (22 Jul 2023) + Reported-by: Dan Fandrich + Co-authored-by: Dan Fandrich -- websocket: rename arguments/variables to match docs + Fixes https://github.com/curl/curl/issues/12125 + Closes https://github.com/curl/curl/pull/12127 - Pedantry/semantic-alignment between functions, docs, comments with - respect to websocket protocol code; No functional change intended. +Daniel Stenberg (16 Oct 2023) - * "totalsize", "framesize" becomes "fragsize" (we deal in frame fragments). +- test729: verify socks4a with excessive proxy user name length - * "sendflags" becomes "flags" +- socks: better buffer size checks for socks4a user and hostname - * use canonical CURL *handle + Also limit the proxy user name to 255 bytes, which is the same limit as + in SOCKS5. - Closes #11493 + Reported-by: sd0 on hackerone + Closes #12139 -Jan Macku (21 Jul 2023) +- curl.h: on FreeBSD include sys/param.h instead of osreldate.h -- bug_report: use issue forms instead of markdown template + Should things build on Playstation as well - Issue forms allow you to define web-like input forms using YAML - syntax. It allows you to guide the reporter to get the required - information. + Fixes #12107 + Reported-by: Faraz Fallahi + Closes #12123 - Signed-off-by: Jan Macku - Closes #11474 +Marcin Rataj (16 Oct 2023) -Daniel Stenberg (21 Jul 2023) +- tool_operate: fix links in ipfs errors -- TODO: Obey Retry-After in redirects + URL fragment links generated from headers in + https://curl.se/docs/ipfs.html are lowercase. - (remove "Set custom client ip when using haproxy protocol" which was - shipped in 8.2.0) + Closes #12133 - Mentioned-by: Yair Lenga - Closes #11447 +Viktor Szakats (15 Oct 2023) -- RELEASE-NOTES: synced +- cmake: replace `check_library_exists_concat()` -Oliver Roberts (21 Jul 2023) + The idea of `check_library_exists_concat()` is that it detects an + optional component and adds it to the list of libs that we also use in + subsequent component checks. This caused problems when detecting + components with unnecessary dependencies that were not yet built. -- amissl: fix AmiSSL v5 detection + CMake offers the `CMAKE_REQUIRED_LIBRARIES` variable to set libs used + for component checks, which we already use in most cases. That left 4 + uses of `check_library_exists_concat()`. Only one of these actually + needed the 'concat' feature (ldap/lber). - Due to changes in the AmiSSL SDK, the detection needed adjusting. + Delete this function and replace it with standard + `check_library_exists()` and manual management of our `CURL_LIBS` + list we use when linking build targets. And special logic to handle the + ldap/lber case. - Closes #11477 + (We have a similar function for headers: `check_include_file_concat()`. + It works, but problematic for performance reasons and because it hides + the actual headers required in `check_symbol_exists()` calls.) -Alois Klink (21 Jul 2023) + Ref: #11537 #11558 + Fixes #11285 + Fixes #11648 + Closes #12070 -- unittest/makefile: remove unneeded unit1621_LDADD +LoRd_MuldeR (15 Oct 2023) - The `unit1621_LDADD` variable has the exact same value as the `LDADD` - flag in `Makefile.am`, except without `@LDFLAGS@ @LIBCURL_LIBS@`. +- tool_cb_wrt: fix write output for very old Windows versions - This was originally added by [98e6629][], but I can't see any reason - why it exists, so we should remove it to clean things up. + - Pass missing parameter for 'lpNumberOfCharsWritten' to WriteConsoleW() + function. - [98e6629]: https://github.com/curl/curl/commit/98e6629154044e4ab1ee7cff8351c7 - ebcb131e88 + Apparently this parameter was *not* optional on older Windows versions. - Closes #11494 + Issue observed on Windows XP SP2. Issue not observed on Windows 7 SP1. + So at some point between those two Microsoft changed the behavior. -- unittest/makefile: remove unneeded unit1394_LDADD + Prior to this change, on those versions if parameter is NULL then the + function call fails with error ERROR_INVALID_ACCESS. - These custom `unit1394_LDADD` and similar automake overrides are no - longer neded. They were originally added by added by [8dac7be][] for - metalink support, but are no longer after [265b14d][] removed metalink. + Regression since af3f4e41. - [8dac7be]: https://github.com/curl/curl/commit/8dac7be438512a8725d3c71e9139bd - fdcac1ed8c - [265b14d]: https://github.com/curl/curl/commit/265b14d6b37c4298bd5556fabcbc37 - d36f911693 + Ref: https://github.com/MicrosoftDocs/Console-Docs/issues/299 - Closes #11494 + Fixes https://github.com/curl/curl/issues/12131 + Closes https://github.com/curl/curl/pull/12130 -- cmake: add `libcurlu`/`libcurltool` for unit tests +Jay Satiro (15 Oct 2023) - Add a `libcurlu`/`libcurltool` static library that is compiled only for - unit tests. We use `EXCLUDE_FROM_ALL` to make sure that they're not - built by default, they're only built if unit tests are built. +- tool_urlglob: fix build for old gcc versions - These libraries allow us to compile every unit test with CMake. + - Don't use __builtin_mul_overflow for GCC 4 and earlier. - Closes #11446 + The function was added in GCC 5. -Daniel Stenberg (21 Jul 2023) + Ref: https://gcc.gnu.org/gcc-5/changes.html -- test979: test -u with redirect to (the same) absolute host + Reported-by: Dan Fandrich - Verifies #11492 + Fixes https://github.com/curl/curl/issues/12124 + Closes https://github.com/curl/curl/pull/12128 -- transfer: do not clear the credentials on redirect to absolute URL +Carlos Henrique Lima Melara (14 Oct 2023) - Makes test 979 work. Regression shipped in 8.2.0 from commit - dd4d1a26959f63a2c +- docs/libcurl: fix three minor man page format mistakes - Fixes #11486 - Reported-by: Cloudogu Siebels - Closes #11492 + Reported-by: Samuel Henrique -Jon Rumsey (20 Jul 2023) + Closes https://github.com/curl/curl/pull/12126 -- os400: correct EXPECTED_STRING_LASTZEROTERMINATED +Jay Satiro (14 Oct 2023) - Correct EXPECTED_STRING_LASTZEROTERMINATED to account for - CURLOPT_HAPROXY_CLIENT_IP which requires EBCDIC to ASCII conversion when - passed into curl_easy_setopt(). +- tests/server: add more SOCKS5 handshake error checking - Closes #11476 + - Add additional checking for missing and too-short SOCKS5 handshake + messages. -Oliver Roberts (20 Jul 2023) + Prior to this change the SOCKS5 test server did not check that all parts + of the handshake were received successfully. If those parts were missing + or too short then the server would access uninitialized memory. -- amissl: add missing signal.h include + This issue was discovered in CI job 'memory-sanitizer' test results. + Test 2055 was failing due to the SOCKS5 test server not running. It was + not running because either it crashed or memory sanitizer aborted it + during Test 728. Test 728 connects to the SOCKS5 test server on a + redirect but does not send any data on purpose. The test server was not + prepared for that. - In some environments, signal.h is already included, but not in others - which cause compilation to fail, so explictly include it. + Reported-by: Dan Fandrich - Closes #11478 + Fixes https://github.com/curl/curl/issues/12117 + Closes https://github.com/curl/curl/pull/12118 -- amigaos: fix sys/mbuf.h m_len macro clash +Daniel Stenberg (14 Oct 2023) - The updated Curl_http_req_make and Curl_http_req_make2 functions spawned - a parameter called m_len. The AmigaOS networking headers, derived from - NetBSD, contain "#define m_len m_hdr.mh_len" which clashes with - this. Since we do not actually use mbuf, force the include file to be - ignored, removing the clash. +- RELEASE-NOTES: synced - Closes #11479 +Sohom Datta (14 Oct 2023) -Daniel Stenberg (20 Jul 2023) +- tool_getparam: limit --rate to be smaller than number of ms -- socks: print ipv6 address within brackets + Currently, curl allows users to specify absurd request rates that might + be higher than the number of milliseconds in the unit (ex: curl --rate + 3600050/h http://localhost:8080 does not error out despite there being + only 3600000ms in a hour). - Fixes #11483 - Closes #11484 + This change adds a conditional check before the millisecond calculation + making sure that the number is not higher than the numerator (the unit) + If the number is higher, curl errors out with PARAM_NUMBER_TOO_LARGE -Christian Schmitz (20 Jul 2023) + Closes #12116 -- libcurl-errors.3: add CURLUE_OK +Daniel Stenberg (14 Oct 2023) - Closes #11488 +- opts: fix two minor man page format mistakes -Oliver Roberts (20 Jul 2023) +Jay Satiro (14 Oct 2023) -- cfilters: rename close/connect functions to avoid clashes +- curl_trc: remove a bad assertion - Rename `close` and `connect` in `struct Curl_cftype` for - consistency and to avoid clashes with macros of the same name - (the standard AmigaOS networking connect() function is implemented - via a macro). + - Remove DEBUGASSERT that an internal handle must not have user + private_data set before calling the user's debug callback. - Closes #11491 + This is a follow-up to 0dc40b2a. The user can distinguish their easy + handle from an internal easy handle by setting CURLOPT_PRIVATE on their + easy handle. I had wrongly assumed that meant the user couldn't then + set CURLOPT_PRIVATE on an internal handle as well. -Stefan Eissing (20 Jul 2023) + Bug: https://github.com/curl/curl/pull/12060#issuecomment-1754594697 + Reported-by: Daniel Stenberg -- http2: fix regression on upload EOF handling + Closes https://github.com/curl/curl/pull/12104 - - a regression introduced by c9ec85121110d7cbbbed2990024222c8f5b8afe5 - where optimization of small POST bodies leads to a new code path - for such uploads that did not trigger the "done sending" event - - add triggering this event for early "upload_done" situations +Dan Fandrich (13 Oct 2023) - Fixes #11485 - Closes #11487 - Reported-by: Aleksander Mazur +- test613: stop showing an error on missing output file -Daniel Stenberg (19 Jul 2023) + This test would show an error message if the output was missing during + the log post-processing step, but the message was not captured by the + test harness and wasn't useful since the normal golden log file + comparison would the problem more clearly. -- configure: check for nghttp2_session_get_stream_local_window_size +Stefan Eissing (13 Oct 2023) - The http2 code uses it now. Introduced in nghttp2 1.15.0 (Sep 2016) +- quic: manage connection idle timeouts - Fixes #11470 - Reported-by: Paul Howarth - Closes #11473 + - configure a 120s idle timeout on our side of the connection + - track the timestamp when actual socket IO happens + - check IO timestamp to our *and* the peer's idle timeouts + in "is this connection alive" checks -Stefan Eissing (19 Jul 2023) + Reported-by: calvin2021y on github + Fixes #12064 + Closes #12077 -- quiche: fix segfault and other things +Dan Fandrich (13 Oct 2023) - - refs #11449 where a segfault is reported when IP Eyeballing did - not immediately connect but made several attempts - - The transfer initiating the eyeballing was initialized too early, - leadding to references to the filter instance that was then - replaced in the subsequent eyeball attempts. That led to a use - after free in the buffer handling for the transfer - - transfers are initiated now more lazy (like in the ngtcp2 filter), - when the stream is actually opened - - suppress reporting on quiche event errors for "other" transfers - than the current one to not fail a transfer due to faults in - another one. - - revert recent return value handling for quiche_h3_recv_body() - to not indicate an error but an EAGAIN situation. We wish quiche - would document what functions return. +- CI: ignore test 286 on Appveyor gcc 9 build - Fixes #11449 - Closes #11469 - Reported-by: ウã•ã‚“ + This test fails sometimes with a super fast retry loop due to what may + just be a compiler bug. The test results are ignored on the one CI job + where it occurs because there seems to be nothing we can do to fix it. -Daniel Stenberg (19 Jul 2023) + Fixes #12040 + Closes #12106 -- hostip: return IPv6 first for localhost resolves +Viktor Szakats (13 Oct 2023) - Fixes #11465 - Reported-by: Chilledheart on github - Closes #11466 +- lib: fix gcc warning in printf call -Harry Sintonen (19 Jul 2023) + Do not pass NULL to printf %s. -- tool: fix tool_seek_cb build when SIZEOF_CURL_OFF_T > SIZEOF_OFF_T + Seen with gcc 13.2.0 on Debian: + ``` + .../curl/lib/connect.c:696:27: warning: '%s' directive argument is null [-Wfo + rmat-overflow=] + ``` + Ref: https://github.com/curl/curl-for-win/actions/runs/6476161689/job/1758442 + 6483#step:3:11104 - - a variable was renamed, and some use of it wasn't. this fixes the - build. + Ref: #10284 + Co-authored-by: Jay Satiro + Closes #12082 - Closes #11468 +Alex Klyubin (13 Oct 2023) -Stefan Eissing (19 Jul 2023) +- http2: safer invocation of populate_binsettings -- quiche: fix lookup of transfer at multi + populate_binsettings now returns a negative value on error, instead of a + huge positive value. Both places which call this function have been + updated to handle this change in its contract. - - refs #11449 where weirdness in quiche multi connection tranfers was - observed - - fixes lookup of transfer for a quiche event to take the connection - into account - - formerly, a transfer with the same stream_id, but on another connection - could be found + The way populate_binsettings had been used prior to this change the huge + positive values -- due to signed->unsigned conversion of the potentially + negative result of nghttp2_pack_settings_payload which returns negative + values on error -- are not possible. But only because http2.c currently + always provides a large enough output buffer and provides H2 SETTINGS + IVs which pass the verification logic inside nghttp2. If the + verification logic were to change or if http2.c started passing in more + IVs without increasing the output buffer size, the overflow could become + reachable, and libcurl/curl might start leaking memory contents to + servers/proxies... - Closes #11462 + Closes #12101 -Daniel Stenberg (19 Jul 2023) +Daniel Stenberg (13 Oct 2023) -- RELEASE-NOTES: synced +- openssl: avoid BN_num_bits() NULL pointer derefs - bump to 8.2.1 + Reported-by: icy17 on github + Fixes #12099 + Closes #12100 -John Haugabook (19 Jul 2023) +- wolfssl: require WOLFSSL_SYS_CA_CERTS for loading system CA -- ciphers.d: put URL in first column + This define is set in wolfssl's options.h file when this function and + feature is present. Handles both builds with the feature explicitly + disabled and wolfSSL versions before 5.5.2 - which introduced this API + call. - This makes the URL turn into a link properly when "webified". + Closes #12108 - Fixes https://github.com/curl/curl-www/issues/270 - Closes #11464 +- tool_urlglob: make multiply() bail out on negative values -Version 8.2.0 (19 Jul 2023) + - Does not work correctly with negative values + - use __builtin_mul_overflow() on gcc -Daniel Stenberg (19 Jul 2023) + Reported-by: Torben Dury + Closes #12102 -- RELEASE-NOTES: synced +Loïc Yhuel (13 Oct 2023) - 8.2.0 release +- cmake: fix CURL_DISABLE_GETOPTIONS -- THANKS-filter: strip out "GitHub" + - Add CURL_DISABLE_GETOPTIONS to curl_config.h.cmake. -- THANKS: add contributors from 8.2.0 + Prior to this change the option had no effect because it was missing + from that file. -- RELEASE-PROCEDURE.md: adjust the release dates + Closes https://github.com/curl/curl/pull/12091 -Stefan Eissing (17 Jul 2023) +- easy_lock: add a pthread_mutex_t fallback -- quiche: fix defects found in latest coverity report + This allows to keep the init threadsafe with gcc < 4.9.0 (no C11 + atomics). - Closes #11455 + Closes https://github.com/curl/curl/pull/12090 -Daniel Stenberg (17 Jul 2023) +Viktor Szakats (12 Oct 2023) -- quiche: avoid NULL deref in debug logging +- CI: add autotools, out-of-tree, debug build to distro check job - Coverity reported "Dereference after null check" + Add a job that builds curl from a generated source tarball sample, with + autotools, out-of-tree, in debug mode. - If stream is NULL and the function exits, the logging must not deref it. + Ref: #12085 + Closes #12088 - Closes #11454 +Daniel Stenberg (12 Oct 2023) -Stefan Eissing (17 Jul 2023) +- http: avoid Expect: 100-continue if Upgrade: is used -- http2: treat initial SETTINGS as a WINDOW_UPDATE + Reported-by: Daniel Jelinski + Fixes #12022 + Closes #12062 - - refs #11426 where spurious stalls on large POST requests - are reported - - the issue seems to involve the following - * first stream on connection adds up to 64KB of POST - data, which is the max default HTTP/2 stream window size - transfer is set to HOLD - * initial SETTINGS from server arrive, enlarging the stream - window. But no WINDOW_UPDATE is received. - * curl stalls - - the fix un-HOLDs a stream on receiving SETTINGS, not - relying on a WINDOW_UPDATE from lazy servers +Jan Alexander Steffens (heftig) (12 Oct 2023) - Closes #11450 +- docs: use SOURCE_DATE_EPOCH for generated manpages -Daniel Stenberg (17 Jul 2023) + This should make builds from Git reproducible. -- ngtcp2: assigning timeout, but value is overwritten before used + Closes #12092 - Reported by Coverity +Daniel Stenberg (12 Oct 2023) - Closes #11453 +- RELEASE-NOTES: synced -- krb5: add typecast to please Coverity + Bumped to 8.4.1 -Derzsi Dániel (16 Jul 2023) +Viktor Szakats (12 Oct 2023) -- wolfssl: support setting CA certificates as blob +- cmake: fix `HAVE_H_ERRNO_ASSIGNABLE` detection - Closes #11445 + Fix `HAVE_H_ERRNO_ASSIGNABLE` to not run, only compile its test snippet, + aligning this with autotools. This fixes an error when doing + cross-builds and also actually detects this feature. It affected systems + not allowlisted into this, e.g. SerenityOS. -- wolfssl: detect when TLS 1.2 support is not built into wolfssl + We used this detection result to enable `HAVE_GETADDRINFO_THREADSAFE`. - Closes #11444 + Follow-up to 04a3a377d83fd72c4cf7a96c9cb6d44785e33264 #11979 + Ref: #12095 (closed in favour of this patch) + Ref: #11964 (effort to sync cmake detections with autotools) -Graham Campbell (15 Jul 2023) + Reported-by: Kartatz on Github + Assisted-by: Kartatz on Github + Fixes #12093 + Closes #12094 -- CI: bump nghttp2 from 1.55.0 to 1.55.1 +- build: add `src/.checksrc` to source tarball - Closes #11442 + Regression from e5bb88b8f824ed87620bd923552534c83c2a516e #11958 -Daniel Stenberg (15 Jul 2023) + Bug: https://github.com/curl/curl/pull/11958#issuecomment-1757079071 + Reported-by: Romain Geissler + Fixes #12084 + Closes #12085 -- curl: return error when asked to use an unsupported HTTP version +Version 8.4.0 (11 Oct 2023) - When one of the following options are used but the libcurl in use does - not support it: +Daniel Stenberg (11 Oct 2023) - --http2 - --http2-prior-knowledge - --proxy-http2 +- RELEASE-NOTES: synced - Closes #11440 +- THANKS: add contributors from 8.4.0 -Chris Paulson-Ellis (14 Jul 2023) +Jay Satiro (11 Oct 2023) -- cf-socket: don't bypass fclosesocket callback if cancelled before connect +- socks: return error if hostname too long for remote resolve - After upgrading to 8.1.2 from 7.84.0, I found that sockets were being - closed without calling the fclosesocket callback if a request was - cancelled after the associated socket was created, but before the socket - was connected. This lead to an imbalance of fopensocket & fclosesocket - callbacks, causing problems with a custom event loop integration using - the multi-API. + Prior to this change the state machine attempted to change the remote + resolve to a local resolve if the hostname was longer than 255 + characters. Unfortunately that did not work as intended and caused a + security issue. - This was caused by cf_socket_close() calling sclose() directly instead - of calling socket_close() if the socket was not active. For regular TCP - client connections, the socket is activated by cf_socket_active(), which - is only called when the socket completes the connect. + Bug: https://curl.se/docs/CVE-2023-38545.html - As far as I can tell, this issue has existed since 7.88.0. That is, - since the code in question was introduced by: - commit 71b7e0161032927cdfb4e75ea40f65b8898b3956 - Author: Stefan Eissing - Date: Fri Dec 30 09:14:55 2022 +0100 +Stefan Eissing (10 Oct 2023) - lib: connect/h2/h3 refactor +- CI: remove slowed-network tests - Closes #11439 + - remove these tests as they are currently not reliable in our CI + setups. -Daniel Stenberg (13 Jul 2023) + curl handles the test cases, but CI sometimes fails on these due to + additional conditions. Rather than mix them in, an additional CI job + will be added in the future that is specific to them. -- tool_parsecfg: accept line lengths up to 10M + Closes https://github.com/curl/curl/pull/12075 - Bumped from 100K set in 47dd957daff9 +Jay Satiro (10 Oct 2023) - Reported-by: Antoine du Hamel - Fixes #11431 - Closes #11435 +- libcurl-env-dbg.3: move debug variables from libcurl-env.3 -Stefan Eissing (13 Jul 2023) + - Move documentation of libcurl environment variables used only in debug + builds from libcurl-env into a separate document libcurl-env-dbg. -- CI: brew fix for openssl in default path + - Document more debug environment variables. - If brew install/update links openssl into /usr/local, it will be found - before anything we add with `-isystem path` to CPP/LDLFAGS. Get rid of - that by unlinking the keg. + Previously undocumented or missing a description: - Fixes #11413 - Closes #11436 + CURL_ALTSVC_HTTP, CURL_DBG_SOCK_WBLOCK, CURL_DBG_SOCK_WPARTIAL, + CURL_DBG_QUIC_WBLOCK, CURL_DEBUG, CURL_DEBUG_SIZE, CURL_GETHOSTNAME, + CURL_HSTS_HTTP, CURL_FORCETIME, CURL_SMALLREQSEND, CURL_SMALLSENDS, + CURL_TIME. -Daniel Stenberg (13 Jul 2023) + Closes https://github.com/curl/curl/pull/11811 -- RELEASE-NOTES: synced +Dan Fandrich (9 Oct 2023) -OndÅ™ej KoláÄek (13 Jul 2023) +- test670: increase the test timeout -- sectransp: fix EOF handling + This should make it more immune to loaded servers. - Regression since the large refactor from 2022 + Ref: #11328 - Closes #11427 +Stefan Eissing (9 Oct 2023) -Daniel Stenberg (13 Jul 2023) +- MQTT: improve receive of ACKs -- checksrc: quote the file name to work with "funny" letters + - add `mq->recvbuf` to provide buffering of incomplete + ACK responses + - continue ACK reading until sufficient bytes available + - fixes test failures on low network receives - Closes #11437 + Closes #12071 -Karthikdasari0423 (13 Jul 2023) +Viktor Szakats (9 Oct 2023) -- HTTP3.md: ngtcp2 updated to v0.17.0 and nghttp3 to v0.13.0 +- quic: fix BoringSSL build - Follow-up to e0093b4b732f6 + Add guard around `SSL_CTX_set_ciphersuites()` use. - Closes #11433 + Bug: https://github.com/curl/curl/pull/12065#issuecomment-1752171885 -Daniel Stenberg (13 Jul 2023) + Follow-up to aa9a6a177017e4b74d33cdf85a3594900f4a7f81 -- CURLOPT_MIMEPOST.3: clarify what setting to NULL means + Co-authored-by: Jay Satiro + Reviewed-by: Daniel Stenberg + Closes #12067 - Follow-up to e08382a208d4e480 +Stefan Eissing (9 Oct 2023) - Closes #11430 +- test1540: improve reliability -Tatsuhiro Tsujikawa (12 Jul 2023) + - print that bytes have been received on pausing, but not how many -- ngtcp2: build with 0.17.0 and nghttp3 0.13.0 + Closes #12069 - - ngtcp2_crypto_openssl was renamed to ngtcp2_crypto_quictls. +- test2302: improve reliability - Closes #11428 + - make result print collected write data, unless + change in meta flags is detected + - will show same result even when data arrives via + several writecb invocations -- CI: Bump ngtcp2, nghttp3, and nghttp2 + Closes #12068 - Closes #11428 +Daniel Stenberg (9 Oct 2023) -James Fuller (11 Jul 2023) +- curl_easy_pause: set "in callback" true on exit if true -- example/maxconnects: set maxconnect example + Because it might have called another callback in the mean time that then + set the bit FALSE on exit. - Closes #11343 + Reported-by: Jay Satiro + Fixes #12059 + Closes #12061 -Pontakorn Prasertsuk (11 Jul 2023) +Viktor Szakats (8 Oct 2023) -- http2: send HEADER & DATA together if possible +- h3: add support for ngtcp2 with AWS-LC builds - Closes #11420 + ``` + curl 8.4.0-DEV (x86_64-apple-darwin) libcurl/8.4.0-DEV (SecureTransport) AWS- + LC/1.15.0 nghttp2/1.56.0 ngtcp2/0.19.1 nghttp3/0.15.0 + Release-Date: [unreleased] + Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps + mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss + Features: alt-svc AsynchDNS HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefile Multi + SSL NTLM SSL threadsafe UnixSockets + ``` -Daniel Stenberg (11 Jul 2023) + Also delete an obsolete GnuTLS TODO and update the header comment in + `FindNGTCP2.cmake`. -- CI: use wolfSSL 5.6.3 in builds + Reviewed-by: Daniel Stenberg + Closes #12066 - No using master anymore +- build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros - Closes #11424 + Syncing this up with CMake. -SaltyMilk (11 Jul 2023) + Source code uses the built-in `OPENSSL_IS_AWSLC` and + `OPENSSL_IS_BORINSSL` macros to detect BoringSSL and AWS-LC. No help is + necessary from the build tools. -- fopen: optimize + The one use of `HAVE_BORINGSSL` in the source turned out to be no longer + necessary for warning-free BoringSSL + Schannel builds. Ref: #1610 #2634 - Closes #11419 + autotools detects this anyway for display purposes. + CMake detects this to decide whether to use the BoringSSL-specific + crypto lib with ngtcp2. It detects AWS-LC, but doesn't use the detection + result just yet (planned in #12066). -Daniel Stenberg (11 Jul 2023) + Ref: #11964 -- cmake: make use of snprintf + Reviewed-by: Daniel Stenberg + Reviewed-by: Jay Satiro + Closes #12065 - Follow-up to 935b1bd4544a23a91d68 +Marc Hoersken (8 Oct 2023) - Closes #11423 +- CI: move distcheck job from Azure Pipelines to GitHub Actions -Stefan Eissing (11 Jul 2023) + This will allow for more trigger excludes within Azure Pipelines. -- macOS: fix taget detection + Also fixes seemingly broken check with scripts/installcheck.sh. + Ref: 190374c74ec4e5247d9066544c86e8d095e1d7b5 - - TARGET_OS_OSX is not always defined on macOS - - this leads to missing symbol Curl_macos_init() - - TargetConditionals.h seems to define these only when - dynamic targets are enabled (somewhere?) - - this PR fixes that on my macOS 13.4.1 - - I have no clue why CI builds worked without it + Assisted-by: Philip Heiduck + Closes #9532 - Follow-up to c7308592fb8ba213fc2c1 - Closes #11417 +Daniel Stenberg (8 Oct 2023) -Stan Hu (9 Jul 2023) +- url: fall back to http/https proxy env-variable if ws/wss not set -- hostip.c: Move macOS-specific calls into global init call + Reported-by: Craig Andrews + Fixes #12031 + Closes #12058 - https://github.com/curl/curl/pull/7121 introduced a macOS system call - to `SCDynamicStoreCopyProxies`, which is invoked every time an IP - address needs to be resolved. +Stefan Eissing (8 Oct 2023) - However, this system call is not thread-safe, and macOS will kill the - process if the system call is run first in a fork. To make it possible - for the parent process to call this once and prevent the crash, only - invoke this system call in the global initialization routine. +- cf-socket: simulate slow/blocked receives in debug - In addition, this change is beneficial because it: + add 2 env variables for non-UDP sockets: + 1. CURL_DBG_SOCK_RBLOCK: percentage of receive calls that randomly + should return EAGAIN + 2. CURL_DBG_SOCK_RMAX: max amount of bytes read from socket - 1. Avoids extra macOS system calls for every IP lookup. - 2. Consolidates macOS-specific initialization in a separate file. + Closes #12035 - Fixes #11252 - Closes #11254 +- http2: refused stream handling for retry -Daniel Stenberg (9 Jul 2023) + - answer HTTP/2 streams refused via a GOAWAY from the server to + respond with CURLE_RECV_ERROR in order to trigger a retry + on another connection -- docs: use a space after RFC when spelling out RFC numbers + Reported-by: black-desk on github + Ref #11859 + Closes #12054 - Closes #11382 +Jay Satiro (8 Oct 2023) -Margu (9 Jul 2023) +- CURLOPT_DEBUGFUNCTION.3: warn about internal handles -- imap-append.c: update to make it more likely to work + - Warn that the user's debug callback may be called with the handle + parameter set to an internal handle. - Fixes #10300 - Closes #11397 + Without this warning the user may assume that the only handles their + debug callback receives are the easy handles on which they set + CURLOPT_DEBUGFUNCTION. -Emanuele Torre (9 Jul 2023) + This is a follow-up to f8cee8cc which changed DoH handles to inherit + the debug callback function set in the user's easy handle. As a result + those handles are now passed to the user's debug callback function. -- tool_writeout_json: fix encoding of control characters + Closes https://github.com/curl/curl/pull/12034 - Control characters without a special escape sequence e.g. %00 or %06 - were being encoded as "u0006" instead of "\u0006". +- url: fix typo - Ref: https://github.com/curl/trurl/pull/214#discussion_r1257487858 - Closes #11414 +Daniel Stenberg (8 Oct 2023) -Stefan Eissing (9 Jul 2023) +- test458: verify --expand-output, expanding a file name accepting option -- http3/ngtcp2: upload EAGAIN handling + Verifies the fix in #12055 (commit f2c8086ff15e6e995e1) - - refs #11389 where IDLE timeouts on upload are reported - - reword ngtcp2 expiry handling to apply to both send+recv - calls into the filter - - EAGAIN uploads similar to the recent changes in HTTP/2, e.g. - report success only when send data was ACKed. - - HOLD sending of EAGAINed uploads to avoid cpu busy loops - - rename internal function for consistency with HTTP/2 - implementation +- tool_getparam: accept variable expansion on file names too - Fixes #11389 - Closes #11390 + Reported-by: PBudmark on github + Fixes #12048 + Closes #12055 -Brian Nixon (9 Jul 2023) +- RELEASE-NOTES: synced -- tool_easysrc.h: correct `easysrc_perform` for `CURL_DISABLE_LIBCURL_OPTION` +- multi: do CURLM_CALL_MULTI_PERFORM at two more places - Closes #11398 + ... when it does a state transition but there is no particular socket or + timer activity. This was made apparent when commit b5bb84c removed a + superfluous timer expiry. -Daniel Stenberg (9 Jul 2023) + Reported-by: Dan Fandrich. + Fixes #12033 + Closes #12056 -- RELEASE-NOTES: synced +Viktor Szakats (7 Oct 2023) -- transfer: clear credentials when redirecting to absolute URL +- GHA/linux: mbedtls 3.5.0 + minor dep bumps - Make sure the user and password for the second request is taken from the - redirected-to URL. + Closes #12057 - Add test case 899 to verify. +Dan Fandrich (7 Oct 2023) - Reported-by: James Lucas - Fixes #11410 - Closes #11412 +- CI: bump OpenLDAP package version on FreeBSD -Stefan Eissing (8 Jul 2023) + The old one is no longer available. -- hyper: fix EOF handling on input +Marc Hoersken (7 Oct 2023) - We ran out of disc space due to an infinite loop with debug logging +- docs/libcurl/opts/Makefile.inc: add missing manpage files - Fixes #11377 - Closes #11385 - Reported-by: Dan Fandrich + Detected with #9532 -- http2: raise header limitations above and beyond +Dan Fandrich (7 Oct 2023) - - not quite to infinity - - rewrote the implementation of our internal HTTP/1.x request - parsing to work with very large lines using dynbufs. - - new default limit is `DYN_HTTP_REQUEST`, aka 1MB, which - is also the limit of curl's general HTTP request processing. +- tests: fix a race condition in ftp server disconnect - Fixes #11405 - Closes #11407 + If a client disconnected and reconnected quickly, before the ftp server + had a chance to respond, the protocol message/ack (ping/pong) sequence + got out of sync, causing messages sent to the old client to be delivered + to the new. A disconnect must now be acknowledged and intermediate + requests thrown out until it is, which ensures that such synchronization + problems can't occur. This problem could affect ftp, pop3, imap and smtp + tests. -Juan Cruz Viotti (8 Jul 2023) + Fixes #12002 + Closes #12049 -- curl_easy_nextheader.3: add missing open parenthesis examples +Viktor Szakats (7 Oct 2023) - Closes #11409 - Signed-off-by: Juan Cruz Viotti +- appveyor: bump mingw-w64 job to gcc 13 (was: 8) -Dan Fandrich (7 Jul 2023) + This sets gcc 6, 7, 9, 13 in our test mix (was: 6, 7, 8, 9). + Adding a modern gcc version to the tests. -- CI: enable verbose test output on pytest + (The gcc 8 job used to take around 50 minutes. The new image with gcc 13 + finished in 32, 35, 34 minutes in the 3 test runs so far.) - This shows individual pass/fail status on tests and makes this output - consistent with other jobs' pytest invocations. + It also adds a modern CMake version and OS env to our mingw-w64 builds. -Stefan Eissing (28 Jun 2023) + Closes #12051 -- http2: fix crash in handling stream weights +David Benjamin (6 Oct 2023) - - Delay the priority handling until the stream has been opened. +- openssl: use X509_ALGOR_get0 instead of reaching into X509_ALGOR - - Add test2404 to reproduce and verify. + While the struct is still public in OpenSSL, there is a (somewhat + inconvenient) accessor. Use it to remain compatible if it becomes opaque + in the future. - Weights may change "on the run", which is why there are checks in - general egress handling. These must not trigger when the stream has not - been opened yet. + Closes #12038 - Reported-by: jbgoog@users.noreply.github.com +Daniel Stenberg (6 Oct 2023) - Fixes https://github.com/curl/curl/issues/11379 - Closes https://github.com/curl/curl/pull/11384 +- curl_easy_pause.3: mention it works within callbacks -- tests/http: Add mod_h2 directive `H2ProxyRequests` + Reported-by: Maxim Dzhura + Bug: https://curl.se/mail/lib-2023-10/0010.html + Closes #12046 - master of mod_h2 now requires H2ProxyRequests directives for forward - proxying with HTTP/2 to work. +- curl_easy_pause.3: mention h2/h3 buffering - Ref: https://github.com/icing/mod_h2/commit/3897a7086 + Asked-by: Maxim Dzhura + Ref: https://curl.se/mail/lib-2023-10/0011.html - Closes https://github.com/curl/curl/pull/11392 + Closes #12045 -Dan Fandrich (28 Jun 2023) +Viktor Szakats (6 Oct 2023) -- CI: make Appveyor job names unique - - Two otherwise identical mingw-w64 jobs now have their differing compiler - versions mentioned in their names. - -Sheshadri.V (25 Jun 2023) - -- curl.h: include for vxworks - - Closes #11356 - -Dan Fandrich (24 Jun 2023) +- cmake: re-add missed C89 headers for specific detections -- CI: enable parallel make in more builds + We removed C89 `setjmp.h` and `signal.h` detections and excluded them + from the global header list we use when detecting functions [1]. Then + missed to re-add these headers to the specific functions which need + them to be detected [2]. Fix this omission in this patch. - Most CI services provide at least two cores, so enable parallel make - jobs to take advantage of that for builds. Some dependencies aren't safe - to build in parallel so leave those as-is. Also, rename a few - workflows to eliminate duplicate names and provide a better idea what - they're about. + [1] Follow-up to 3795fcde995d96db641ddbcc8a04f9f0f03bef9f #11951 + [2] Follow-up to 96c29900bcec32dd6bc8e9857c8871ff4b8b8ed9 #11940 -- CI: don't install impacket if tests are not run + Closes #12043 - It just wastes time and bandwidth and isn't even used. +Daniel Stenberg (6 Oct 2023) -divinity76 (24 Jun 2023) +- multi: set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE -- configure: the --without forms of the options are also gone + Since there is nothing to wait for there. Avoids the test 1233 hang + reported in #12033. - --without-darwin-ssl and --without-metalink + Reported-by: Dan Fandrich + Closes #12042 - Closes #11378 +Dan Fandrich (5 Oct 2023) -Daniel Stenberg (23 Jun 2023) +- test1903: actually verify the cookies after the test -- configure: add check for ldap_init_fd + The test otherwise could do just about anything (except leak memory in + debug mode) and its bad behaviour wouldn't be detected. Now, check the + resulting cookie file to ensure the cookies are still there. - ... as otherwise the configure script will say it is OpenLDAP in the - summary, but not set the USE_OPENLDAP define, therefor not using the - intended OpenLDAP code paths. + Closes #12041 - Regression since 4d7385446 (7.85.0) - Fixes #11372 - Closes #11374 - Reported-by: vlkl-sap on github +- test: add missing s -MichaÅ‚ Petryka (23 Jun 2023) + The tests will otherwise fail if curl has them disabled. -- cmake: stop CMake from quietly ignoring missing Brotli +- test1906: set a lower timeout since it's hit on Windows - The CMake project was set to `QUIET` for Brotli instead of - `REQUIRED`. This makes builds unexpectedly ignore missing Brotli even - when `CURL_BROTLI` is enabled. + msys2 builds actually hit the connect timeout in normal operation, so + lower the timeout from 5 minutes to 5 seconds to reduce test time. - Closes #11376 + Ref: #11328 + Closes #12036 -Emanuele Torre (22 Jun 2023) +Daniel Stenberg (5 Oct 2023) -- docs: add more .IP after .RE to fix indentation of generate paragraphs +- RELEASE-NOTES: synced - follow-up from 099f41e097c030077b8ec078f2c2d4038d31353b +Jay Satiro (5 Oct 2023) - I just thought of checking all the other files with .RE, and I found 6 - other files that were missing .IP at the end. +- idn: fix WinIDN null ptr deref on bad host - Closes #11375 + - Return CURLE_URL_MALFORMAT if IDN hostname cannot be converted from + UTF-8 to UTF-16. -Stefan Eissing (22 Jun 2023) + Prior to this change a failed conversion erroneously returned CURLE_OK + which meant 'decoded' pointer (what would normally point to the + punycode) would not be written to, remain NULL and be dereferenced + causing an access violation. -- http2: h2 and h2-PROXY connection alive check fixes + Closes https://github.com/curl/curl/pull/11983 - - fix HTTP/2 check to not declare a connection dead when - the read attempt results in EAGAIN - - add H2-PROXY alive check as for HTTP/2 that was missing - and is needed - - add attach/detach around Curl_conn_is_alive() and remove - these in filter methods - - add checks for number of connections used in some test_10 - proxy tunneling tests +Dan Fandrich (4 Oct 2023) - Closes #11368 +- tests: close the shell used to start sshd -- http2: error stream resets with code CURLE_HTTP2_STREAM + This shell isn't needed once sshd starts, so use "exec" so it doesn't + stick around. - - refs #11357, where it was reported that HTTP/1.1 downgrades - no longer works - - fixed with suggested change - - added test_05_03 and a new handler in the curltest module - to reproduce that downgrades work + Closes #12032 - Fixes #11357 - Closes #11362 - Reported-by: Jay Satiro +Daniel Stenberg (4 Oct 2023) -Daniel Stenberg (22 Jun 2023) +- base64: also build for curl -- connect-timeout.d: mention that the DNS lookup is included + Since the tool itself now uses the base64 code using the curlx way, it + needs to build also when the tool needs it. Starting now, the tool build + defines BULDING_CURL to allow lib-side code to use it. - Closes #11370 + Follow-up to 2e160c9c6525 -Emanuele Torre (22 Jun 2023) + Closes #12010 -- quote.d: fix indentation of generated paragraphs +Eduard Strehlau (4 Oct 2023) - quote.d was missing a .IP at the end which caused the paragraphs - generated for See-also, Multi, and Example to not be indented correctly. +- tests: Fix zombie processes left behind by FTP tests. - I also remove a redundant "This option can be used multiple times.", and - replaced .IP "item" with .TP .B "item" to make more clear which lines - are part of the list of commands and which aren't. + ftpserver.pl correctly cleans up spawned server processes, + but forgets to wait for the shell used to spawn them. + This is barely noticeable during a normal testrun, + but causes process exhaustion and test failure + during a complete torture run of the FTP tests. - Closes #11371 + Fixes #12018 + Closes #12020 -Paul Wise (22 Jun 2023) +Dan Fandrich (4 Oct 2023) -- checksrc: modernise perl file open +- github/labeler: improve labeler matches - Use regular variables and separate file open modes from filenames. +- test574: add a timeout to the test - Suggested by perlcritic + This one hangs occasionally, so this will speed up a test run and allow + logs to be seen when it does. - Copied from https://github.com/curl/trurl/commit/f2784a9240f47ee28a845 + Closes #12025 - Closes #11358 +- tests: propagate errors in libtests -Dan Fandrich (21 Jun 2023) + Use the test macros to automatically propagate some errors, and check + and log others while running the tests. This can help in debugging + exactly why a test has failed. -- runtests: work around a perl without SIGUSR1 +- tests: set --expect100-timeout to improve test reliability - At least msys2 perl v5.32.1 doesn't seem to define this signal. Since - this signal is only used for debugging, just ignore if setting it fails. + On an overloaded server, the default 1 second timeout can go by without + the test server having a chance to respond with the expected headers, + causing tests to fail. Increase the 1 second timeout to 99 seconds so + this failure mode is no longer a problem on test 1129. Some other tests + already set a high value, but make them consistently 99 seconds so if + something goes wrong the test is stalled for less time. - Reported-by: Marcel Raad - Fixes #11350 - Closes #11366 + Ref: #11328 -- runtests: include missing valgrind package +- CI: ignore the "flaky" and "timing-dependent" test results in CMake - use valgrind was missing which caused torture tests with valgrind - enabled to fail. + This was already done for automake builds but CMake builds were missed. + Test 1086 actually causes the test harness to crash with: - Reported-by: Daniel Stenberg - Fixes #11364 - Closes #11365 + Warning: unable to close filehandle DWRITE properly: Broken pipe at C:/projec + ts/curl/tests/ftpserver.pl line 527 -- runtests: use more consistent failure lines + Rather than fix it now, this change leaves test 1086 entirely skipped on + those builds that show this problem. - After a test failure log a consistent log message to make it easier to - parse the log file. Also, log a consistent message with "ignored" for - failures that cause the test to be not considered at all. These should - perhaps be counted in the skipped category, but this commit does not - change that behaviour. + Follow-up to 589dca761 -- runtests: consistently write the test check summary block + Ref: #11865 - The memory check character was erroneously omitted if the memory - checking file was not available for some reason, making the block of - characters an inconsistent length. +Viktor Szakats (4 Oct 2023) -- test2600: fix the description +- cmake: improve OpenLDAP builds - It looks like it was cut-and-pasted. + - cmake: detect OpenLDAP based on function `ldap_init_fd`. + autotools does this. autotools also publishes this detection result + in `HAVE_LDAP_INIT_FD`. We don't mimic that with CMake as the source + doesn't use this value. (it might need to be remove-listed in + `scripts/cmp-config.pl` for future OpenLDAP test builds.) + This also deletes existing self-declaration method via the + CMake-specific `CURL_USE_OPENLDAP` configuration. - Closes #11354 + - cmake: define `LDAP_DEPRECATED=1` for OpenLDAP. + Like autotools does. This fixes a long list of these warnings: + ``` + /usr/local/opt/openldap/include/ldap.h:1049:5: warning: 'LDAP_DEPRECATED' i + s not defined, evaluates to 0 [-Wundef] + ``` -Daniel Stenberg (21 Jun 2023) + - cmake: delete LDAP TODO comment no longer relevant. -- TODO: "Support HTTP/2 for HTTP(S) proxies" *done* + Also: -humbleacolyte (21 Jun 2023) + - autotools: replace domain name `dummy` with `0.0.0.0` in LDAP feature + detection functions. -- cf-socket: move ctx declaration under HAVE_GETPEERNAME + Ref: #11964 (effort to sync cmake detections with autotools) - Closes #11352 + Closes #12024 -Daniel Stenberg (20 Jun 2023) +- cmake: fix unity builds for more build combinations -- RELEASE-NOTES: synced + By using unique static function/variable names in source files + implementing these interfaces. -- example/connect-to: show CURLOPT_CONNECT_TO + - OpenLDAP combined with any SSH backend. - Closes #11340 + - MultiSSL with mbedTLS, OpenSSL, wolfSSL, SecureTransport. -Stefan Eissing (20 Jun 2023) + Closes #12027 -- hyper: unslow +Daniel Stenberg (4 Oct 2023) - - refs #11203 where hyper was reported as being slow - - fixes hyper_executor_poll to loop until it is out of - tasks as advised by @seanmonstar in https://github.com/hyperium/hyper/issue - s/3237 - - added a fix in hyper io handling for detecting EAGAIN - - added some debug logs to see IO results - - pytest http/1.1 test cases pass - - pytest h2 test cases fail on connection reuse. HTTP/2 - connection reuse does not seem to work. Hyper submits - a request on a reused connection, curl's IO works and - thereafter hyper declares `Hyper: [1] operation was canceled: connection cl - osed` - on stderr without any error being logged before. +- tests: remove leading spaces from some tags - Fixes #11203 - Reported-by: Gisle Vanem - Advised-by: Sean McArthur - Closes #11344 + The threee tags ``, `` and `` were frequently used + with a leading space that this removes. The reason this habbit is so + widespread in testcases is probably that they have been copy and pasted. -- HTTP/2: upload handling fixes + Hence, fixing them all now might curb this practice from now on. - - fixes #11242 where 100% CPU on uploads was reported - - fixes possible stalls on last part of a request body when - that information could not be fully send on the connection - due to an EAGAIN - - applies the same EGAIN handling to HTTP/2 proxying + Closes #12028 - Reported-by: Sergey Alirzaev - Fixed #11242 - Closes #11342 +Viktor Szakats (4 Oct 2023) -Daniel Stenberg (20 Jun 2023) +- GHA: bump actions/checkout -- example/opensslthreadlock: remove + Follow-up to 2e0fa50fc16b9339f51e0a7bfff0352829323acb #11964 + Follow-up to c39585d9b7ef3cbfc1380812dec60e7b275b6af3 #12000 - This shows how to setup OpenSSL mutex callbacks, but this is not - necessary since OpenSSL 1.1.0 - meaning that no currently supported - OpenSSL version requires this anymore + Closes #12023 - Closes #11341 +- spelling: fix codespell 2.2.6 typos -Dan Fandrich (19 Jun 2023) + Closes #12019 -- libtest: display the times after a test timeout error +Daniel Stenberg (3 Oct 2023) - This is to help with test failure debugging. +- GHA: add workflow to compare configure vs cmake outputs - Ref: #11328 - Closes #11329 + Uses scripts/cmp-config.pl two compare two curl_config.h files, + presumbly generated with configure and cmake. It displays the + differences and filters out a lot of known lines we ignore. -- test2600: bump a test timeout + The script also shows the matches that were *not* used. Possibly + subjects for removal. - Case 1 failed at least once on GHA by going 30 msec too long. + Closes #11964 - Ref: #11328 +- appveyor: enable test 571 -- runtests: better detect and handle pipe errors in the controller + Follow-up from 8a940fd55c175f7 / #12013 - Errors reading and writing to the pipes are now better detected and - propagated up to the main test loop so it can be cleanly shut down. Such - errors are usually due to a runner dying so it doesn't make much sense - to try to continue the test run. + Closes #12017 -- runtests: cleanly abort the runner if the controller dies +Viktor Szakats (3 Oct 2023) - If the controller dies unexpectedly, have the runner stop its servers - and exit cleanly. Otherwise, the orphaned servers will stay running in - the background. +- build: alpha-sort source files for lib and src -- runtests: improve error logging + Closes #12014 - Give more information about test harness error conditions to help figure - out what might be wrong. Print some internal test state when SIGUSR1 is - sent to runtests.pl. +- cmake: delete old `HAVE_LDAP_URL_PARSE` logic - Ref: #11328 + Left there by accident after adding proper detection for this. -- runtests: better handle ^C during slow tests + Follow-up to 772f0d8edf1c3c2745543f42388ccec5a16ee2c0 #12006 - Since the SIGINT handler now just sets a flag that must be checked in the - main controller loop, make sure that runs periodically. Rather than - blocking on a response from a test runner near the end of the test run, - add a short timeout to allow it. + Ref: #11964 (effort to sync cmake detections with autotools) -- runtests: rename server command file + Closes #12015 - The name ftpserver.cmd was historical and has been used for more than - ftp for many years now. Rename it to plain server.cmd to reduce - confusion. +Stefan Eissing (3 Oct 2023) -- tests: improve reliability of TFTP tests +- tests: increase lib571 timeout from 3s to 30s - Stop checking the timeout used by the client under test (for most - tests). The timeout will change if the TFTP test server is slow (such as - happens on an overprovisioned CI server) because the client will retry - and reduce its timeout, and the actual value is not important for most - tests. + - 3s is too short for our CI, making this test fail occasionally + - test usually experiences no delay run locally, so 30s wont hurt - test285 is changed a different way, by increasing the connect timeout. - This improves test coverage by allowing the changed timeout value to be - checked, but improves reliability with a carefully-chosen timeout that - not only allows twice the time to respond as before, but also allows - several retries before the client will change its timeout value. + Closes #12013 - Ref: #11328 +Viktor Szakats (3 Oct 2023) -Daniel Stenberg (19 Jun 2023) +- cmake: fix unity with Windows Unicode + TrackMemory -- cf-socket: skip getpeername()/getsockname for TFTP + Found the root cause of the startup crash in unity builds with Unicode + and TrackMemory enabled at the same time. - Since the socket is not connected then the call fails. When the call - fails, failf() is called to write an error message that is then - surviving and is returned when the *real* error occurs later. The - earlier, incorrect, error therefore hides the actual error message. + We must make sure that the `memdebug.h` header doesn't apply to + `lib/curl_multibyte.c` (as even noted in a comment there.) In unity + builds all headers apply to all sources, including `curl_multibyte.c`. + This probably resulted in an infinite loop on startup. - This could be seen in stderr for test 1007 + Exclude this source from unity compilation with TrackMemory enabled, + in both libcurl and curl tool. Enable unity mode for a debug Unicode + CI job to keep it tested. Also delete the earlier workaround that + fully disabled unity for affected builds. - Test 1007 has now been extended to verify the stderr message. + Follow-up to d82b080f6374433ce7c98241329189ad2d3976f8 #12005 + Follow-up to 3f8fc25720900b14b7432f4bd93407ca15311719 #11095 - Closes #11332 + Closes #11928 -- example/crawler: make it use a few more options +- cmake: disable unity mode with Windows Unicode + TrackMemory - For show, but reasonable + "TrackMemory" is `ENABLE_DEBUG=ON` (aka `ENABLE_CURLDEBUG=ON`, + aka `-DCURLDEBUG`). -- libcurl-ws.3: mention raw mode + There is an issue with memory tracking and Unicode when built in "unity" + mode, which results in the curl tool crashing right on startup, even + without any command-line option. Interestingly this doesn't happen under + WINE (at least on the system I tested this on), but consistenly happens + on real Windows machines. Crash is 0xC0000374 heap corruption. Both + shared and static curl executables are affected. - Closes #11339 + This limitation probably won't hit too many people, but it remains + a TODO to find and fix the root cause and drop this workaround. -- example/default-scheme: set the default scheme for schemeless URLs + Example builds and runs: + https://ci.appveyor.com/project/curlorg/curl/builds/48169111/job/17cptxhtpubd + 7iwj#L313 (static) + https://ci.appveyor.com/project/curlorg/curl/builds/48169111/job/76e1ge758tby + qu9c#L317 (shared) - Closes #11338 + Follow-up to 3f8fc25720900b14b7432f4bd93407ca15311719 #11095 -- example/hsts-preload: show one way to HSTS preload + Ref: #11928 + Closes #12005 - Closes #11337 +- cmake: tidy-up `NOT_NEED_LBER_H` detection -- examples/http-options: show how to send "OPTIONS *" + Follow-up to 772f0d8edf1c3c2745543f42388ccec5a16ee2c0 #12006 - With CURLOPT_REQUEST_TARGET. +- appveyor: rewrite batch in PowerShell + CI improvements - Also add use of CURLOPT_QUICK_EXIT to show. + 1. Rewrite in PowerShell: - Closes #11333 + - rewrite MS-DOS batch build script in PowerShell. + - move some bash operations into native PowerShell. + - fixups for PowerShell insisting on failure when a command outputs + something to stderr. + - fix to actually run `curl -V` after every build. + (and exclude ARM64 builds.) + - also say why we skipped `curl -V` if we had to skip. + - fix CMake warnings about unused configuration variables, by adapting + these dynamically for build cases. + - dedupe OpenSSL path into a variable. + - disable `test1451` failing with a warning anyway due to missing python + impacket. (after trying and failing to install impacket) + PowerShell promotes these warnings to errors by PowerShell. We can also + suppress they wholesale if they start causing issues in the future, + like we already to with `autoreconf` and `./configure`. -- examples: make use of CURLOPT_(REDIR_|)PROTOCOLS_STR + PowerShell is better than MS-DOS batches, so the hope is this makes it + easier to extend and maintain the AppVeyor build logic. POSIX/bash isn't + supported inline by AppVeyor on Windows build machines, but we are okay + to keep it in an external script, so it's also an option. - To show how to use them + 2. CI improvements: - Closes #11334 + - enable tests for a "unity" build job. + - speed-up CI initialization by using shallow clones of the curl repo. + - speed-up CMake MSVC jobs with `TrackFileAccess=false`. + - enable parallelism in `VisualStudioSolution` builds. + - display CMake version before builds. + - always show the CPU in job names. + - tell which jobs are build-only in job names. + - move `TESTING:` value next to `DISABLED_TESTS:` in two jobs. + - add `config.log` (autotools) to dumped logs (need to enable manually). -- examples/smtp-mime: use CURLOPT_MAIL_RCPT_ALLOWFAILS + 3. Style: - For show + - use single-quotes in YAML like we do in other CI YAML files. + It also allows to drop quoting characters and lighter to write/read. + (keep double quotes for PowerShell strings needing expansion.) - Closes #11335 + Closes #11999 -- http: rectify the outgoing Cookie: header field size check +- cmake: fix `HAVE_LDAP_SSL`, `HAVE_LDAP_URL_PARSE` on non-Windows - Previously it would count the size of the entire outgoing request and - not just the size of only the Cookie: header field - which was the - intention. + - set `HAVE_LDAP_URL_PARSE` if `ldap_url_parse` function exists. + Before this patch we set it based it on the presence of `stricmp`, + which correctly enabled it on e.g. Windows, but was inaccurate for + other platforms. - This could make the check be off by several hundred bytes in some cases. + - always set `HAVE_LDAP_SSL` if an LDAP backend is detected and + LDAPS is not explicitly disabled. This mimics autotools behaviour. + Previously we set it only for Windows LDAP. After this fix, LDAPS is + correctly enabled in default macOS builds. - Closes #11331 + - enable LDAP[S] for a CMake macOS CI job. Target OS X 10.9 (Mavericks) + to avoid deprecation warnings for LDAP API. -Jay Satiro (17 Jun 2023) + - always detect `HAVE_LDAP_SSL_H`, even with LDAPS explicitly disabled. + This doesn't make much sense, but let's do it to sync behaviour with + autotools. -- lib: fix some format specifiers + - fix benign typo in variable name. - - Use CURL_FORMAT_CURL_OFF_T where %zd was erroneously used for some - curl_off_t variables. + Ref: #11964 (effort to sync cmake detections with autotools) - - Use %zu where %zd was erroneously used for some size_t variables. + Closes #12006 - Prior to this change some of the Windows CI tests were failing because - in Windows 32-bit targets have a 32-bit size_t and a 64-bit curl_off_t. - When %zd was used for some curl_off_t variables then only the lower - 32-bits was read and the upper 32-bits would be read for part or all of - the next specifier. +- autotools: restore `HAVE_IOCTL_*` detections - Fixes https://github.com/curl/curl/issues/11327 - Closes https://github.com/curl/curl/pull/11321 + This restores `CURL_CHECK_FUNC_IOCTL` detection. I deleted it in + 4d73854462f30948acab12984b611e9e33ee41e6 and + c3456652a0c72d1845d08df9769667db7e159949 (2022-08), because the + `HAVE_IOCTL` result it generated was unused in the source. But, + I did miss the fact that this had two dependent checks: + `CURL_CHECK_FUNC_IOCTL_FIONBIO`, + `CURL_CHECK_FUNC_IOCTL_SIOCGIFADDR` that we do actually need: + `HAVE_IOCTL_FIONBIO`, `HAVE_IOCTL_SIOCGIFADDR`. -Marcel Raad (16 Jun 2023) + Regression from 4d73854462f30948acab12984b611e9e33ee41e6 -- test427: add `cookies` feature and keyword + Ref: #11964 (effort to sync cmake detections with autotools) - This test doesn't work with `--disable-cookies`. + Closes #12008 - Closes https://github.com/curl/curl/pull/11320 +Daniel Stenberg (2 Oct 2023) -Chris Talbot (15 Jun 2023) +- RELEASE-PROCEDURE.md: updated coming release dates -- imap: Provide method to disable SASL if it is advertised +- RELEASE-NOTES: synced - - Implement AUTH=+LOGIN for CURLOPT_LOGIN_OPTIONS to prefer plaintext - LOGIN over SASL auth. +Viktor Szakats (1 Oct 2023) - Prior to this change there was no method to be able to fall back to - LOGIN if an IMAP server advertises SASL capabilities. However, this may - be desirable for e.g. a misconfigured server. +- cmake: pre-cache `HAVE_POLL_FINE` on Windows - Per: https://www.ietf.org/rfc/rfc5092.html#section-3.2 + Windows doesn't support `poll()`, so we can safely skip checking for + fine poll. - ";AUTH=" looks to be the correct way to specify what - authenication method to use, regardless of SASL or not. + Closes #12003 - Closes https://github.com/curl/curl/pull/10041 +- gha: bump actions to latest versions -Daniel Stenberg (15 Jun 2023) + - actions@checkout@v4 (from v3 and v2) -- RELEASE-NOTES: synced + - fsfe/reuse-action@v2 (from v1) -- examples/multi-debugcallback.c: avoid the bool typedef + Closes #12000 - Apparently this cannot be done in c23 +Stefan Eissing (30 Sep 2023) - Reported-by: Cristian Rodríguez - Fixes #11299 - Closes #11319 +- h2: testcase and fix for pausing h2 streams -- docs/libcurl/libcurl.3: cleanups and improvements + - refs #11982 where it was noted that paused transfers may + close successfully without delivering the complete data + - made sample poc into tests/http/client/h2-pausing.c and + added test_02_27 to reproduce - Closes #11317 + Closes #11989 + Fixes #11982 + Reported-by: Harry Sintonen -- libcurl-ws.3: fix typo +Viktor Szakats (30 Sep 2023) -- curl_ws_*.3: enhance +- cmake: validate `CURL_DEFAULT_SSL_BACKEND` config value - - all: SEE ALSO the libcurl-ws man page - - send: add example and return value information - - meta: mention that the returned data is read-only + Before this patch CMake builds accepted any value and it was used at + runtime as-is. This patch make sure that the selected default backend + is also enabled in the build. It also enforces a full lowercase value. - Closes #11318 + This improves reproducibility and brings CMake in sync with autotools + which already worked like described above. -- docs/libcurl/libcurl-ws.3: see also CURLOPT_WS_OPTIONS + Follow-up to 26c7feb8b9d51a57fab3325571b4bbfa03b11af0 #11774 -- docs/libcurl/libcurl-ws.3: minor polish + Closes #11998 -- libcurl-ws.3. WebSocket API overview +- autotools: adjust `CURL_CA_PATH` value to CMake - Closes #11314 + autotools was using the same value as CMake, but with an ending + slash. Delete the ending slash to match configurations. -- libcurl-url.3: also mention CURLUPART_ZONEID + Ref: #11964 (effort to sync cmake detections with autotools) - ... and sort the two part-using lists alphabetically + Closes #11997 -Marcel Raad (14 Jun 2023) +- cmake: detect `sys/wait.h` and `netinet/udp.h` -- fopen: fix conversion warning on 32-bit Android + Ref: #11964 (effort to sync cmake detections with autotools) - When building for 32-bit ARM or x86 Android, `st_mode` is defined as - `unsigned int` instead of `mode_t`, resulting in a - -Wimplicit-int-conversion clang warning because `mode_t` is - `unsigned short`. Add a cast to silence the warning. + Closes #11996 - Ref: https://android.googlesource.com/platform/bionic/+/refs/tags/ndk-r25c/li - bc/include/sys/stat.h#86 - Closes https://github.com/curl/curl/pull/11313 +Daniel Stenberg (30 Sep 2023) -- http2: fix variable type +- lib: provide and use Curl_hexencode - `max_recv_speed` is `curl_off_t`, so using `size_t` might result in - -Wconversion GCC warnings for 32-bit `size_t`. Visible in the NetBSD - ARM autobuilds. + Generates a lower case ASCII hex output from a binary input. - Closes https://github.com/curl/curl/pull/11312 + Closes #11990 -Daniel Stenberg (13 Jun 2023) +- configure: check for the capath by default -- vtls: fix potentially uninitialized local variable warnings + ... if the chosen TLS backend supports it: OpenSSL, GnuTLS, mbedTLS or wolfSS + L - Follow-up from a4a5e438ae533c + cmake: synced - Closes #11310 + Assisted-by: Viktor Szakats + Closes #11987 -- timeval: use CLOCK_MONOTONIC_RAW if available +- wolfssl: ignore errors in CA path - Reported-by: Harry Sintonen - Ref: #11288 - Closes #11291 + The default wolfSSL_CTX_load_verify_locations() function is quite picky + with the certificates it loads and will for example return error if just + one of the certs has expired. + + With the *_ex() function and its WOLFSSL_LOAD_FLAG_IGNORE_ERR flag, it + behaves more similar to what OpenSSL does by default. -Stefan Eissing (12 Jun 2023) + Even the set of default certs on my Debian unstable has several expired + ones. -- tool: add curl command line option `--trace-ids` + Assisted-by: Juliusz Sosinowicz + Assisted-by: Michael Osipov - - added and documented --trace-ids to prepend (after the timestamp) - the transfer and connection identifiers to each verbose log line - - format is [n-m] with `n` being the transfer id and `m` being the - connection id. In case there is not valid connection id, print 'x'. - - Log calls with a handle that has no transfer id yet, are written - without any ids. + Closes #11987 - Closes #11185 +- create-dirs.d: clarify it also uses --output-dirs -- lib: add CURLINFO_CONN_ID and CURLINFO_XFER_ID + Reported-by: Robert Simpson + Fixes #11991 + Closes #11995 - - add an `id` long to Curl_easy, -1 on init - - once added to a multi (or its own multi), it gets - a non-negative number assigned by the connection cache - - `id` is unique among all transfers using the same - cache until reaching LONG_MAX where it will wrap - around. So, not unique eternally. - - CURLINFO_CONN_ID returns the connection id attached to - data or, if none present, data->state.lastconnect_id - - variables and type declared in tool for write out +Viktor Szakats (30 Sep 2023) - Closes #11185 +- appveyor: fix yamlint issues, indent -Daniel Stenberg (12 Jun 2023) + Also: + - use double quotes in all batch if statements. -- CURLOPT_INFILESIZE.3: mention -1 triggers chunked + Closes #11994 - Ref: #11300 - Closes #11304 +- cmake: detect `HAVE_CLOCK_GETTIME_MONOTONIC_RAW` -Philip Heiduck (12 Jun 2023) + Based on existing autotools logic. -- CI: openssl-3.0.9+quic + Ref: #11964 (effort to sync cmake detections with autotools) - Closes #11296 + Closes #11981 -Karthikdasari0423 (12 Jun 2023) +- cmake: detect `HAVE_GETADDRINFO_THREADSAFE` -- HTTP3.md: update openssl version + Based on existing autotools logic. - Closes #11297 + autotools checks for old versions of the allowlisted target OSes and + disables this feature when seeing them. In CMake we assume we're running + on newer systems and enable regardless of OS version. -Daniel Stenberg (12 Jun 2023) + autotools always runs all 3 probes for non-fast-tracked systems and + enables this feature if any one of them was successful. To save + configuration time, CMake stops at the first successful check. -- vtls: avoid memory leak if sha256 call fails + OpenBSD is not fast-tracked and then gets blocklisted as a generic BSD + system. I haven't double-checked if this is correct, but looks odd. - ... in the pinned public key handling function. + Ref: #11964 (effort to sync cmake detections with autotools) - Reported-by: lizhuang0630 on github - Fixes #11306 - Closes #11307 + Closes #11979 -- examples/ipv6: disable on win32 +- cmake: fix `HAVE_WRITABLE_ARGV` detection - I can't make if_nametoindex() work there + Move detection before the creation of detection results in + `curl_config.h`. - Follow-up to c23dc42f3997acf23 + Ref: #11964 (effort to sync cmake detections with autotools) - Closes #11305 + Closes #11978 -- tool_operate: allow cookie lines up to 8200 bytes +- appveyor: minor improvements - Since this option might set multiple cookies in the same line, it does - not make total sense to cap this at 4096 bytes, which is the limit for a - single cookie name or value. + - run `curl -V` after builds to see if they run and with what features. + Except for one job where a CRT DLL is missing. And ARM64 which should + fail, but is silently not launched instead. - Closes #11303 + - copy libcurl DLL next to curl tool and tests binaries in shared mode. + This makes it possible to run the tests. (We don't run tests after + these builds yet.) -- test427: verify sending more cookies than fit in a 8190 bytes line + - list the DLLs and EXEs present after the builds. - curl will then only populate the header with cookies that fit, dropping - ones that otherwise would have been sent + - add `DEBUG` variable for CMake builds to allow disabling it, for + testing non-debug builds. (currently enabled for all) - Ref: https://curl.se/mail/lib-2023-06/0020.html + - add commented lines that dump CMake configuration logs for debugging + build/auto-detection issues. - Closes #11303 + - add gcc version to jobs where missing. -- testutil: allow multiple %-operators on the same line + - switch a job to the native MSYS2 mingw-w64 toolchain. This adds gcc 9 + to the build mix. - Closes #11303 + - make `SHARED=OFF` and `OPENSSL=OFF` defaults global. -Oleg Jukovec (12 Jun 2023) + - delete a duplicate backslash. -- docs: update CURLOPT_UPLOAD.3 + Closes #11976 - The behavior of CURLOPT_UPLOAD differs from what is described in the - documentation. The option automatically adds the 'Transfer-Encoding: - chunked' header if the upload size is unknown. +- configure: replace adhoc domain with `localhost` in tests - Closes #11300 + Reviewed-by: Daniel Stenberg + Closes #11988 -Daniel Stenberg (12 Jun 2023) +- tidy-up: use more example domains -- RELEASE-NOTES: synced + Also make use of the example TLD: + https://en.wikipedia.org/wiki/.example -- CURLOPT_AWS_SIGV4.3: remove unused variable from example + Reviewed-by: Daniel Stenberg + Closes #11992 + +Dan Fandrich (29 Sep 2023) + +- runtests: display the test status if tests appear hung + + It sometimes happens that a test hangs during a test run and never + returns. The test harness will wait indefinitely for the results and on + CI servers the CI job will eventually be killed after an hour or two. + At the end of a test run, if results haven't come in within a couple of + minutes, display the status of all test runners and what tests they're + running to help in debugging the problem. + + This feature is really only kick in with parallel testing enabled, which + is fine because without parallel testing it's usually easy to tell what + test has hung. + + Closes #11980 - Closes #11302 +- github/labeler: remove workaround for labeler -- examples/https.c: use CURLOPT_CA_CACHE_TIMEOUT + This was added due to what seemed to be a bug regarding the sync-labels: + config option, but it looks like it wasn't necessary. - for demonstration purposes + Follow-up to b2b0534e7 - Closes #11290 +Viktor Szakats (29 Sep 2023) -- example/ipv6: feature CURLOPT_ADDRESS_SCOPE in use +- docs: upgrade an URL to HTTPS in `BINDINGS.md` [ci skip] - Closes #11282 +Daniel Stenberg (29 Sep 2023) -Karthikdasari0423 (10 Jun 2023) +- docs: replace made up domains with example.com -- docs: Update HTTP3.md for newer ngtcp2 and nghttp3 + in FAQ and MANUAL.md - Follow-up to fb9b9b58 + - example.com was made for this purpose. - Ref: #11184 - Closes #11295 + - reduces the risk that one of those domains suddenly start hosting + something nasty and we provide links to them -Dan Fandrich (10 Jun 2023) + Closes #11986 -- docs: update the supported ngtcp2 and nghttp3 versions +Michael Osipov (29 Sep 2023) - Follow-up to cae9d10b +- acinclude.m4: Document proper system truststore on FreeBSD - Ref: #11184 - Closes #11294 + The default system truststore on FreeBSD has been /etc/ssl/certs for many + years now. It is managed canonically through certctl(8) and contains hashed + symlinks for OpenSSL and other TLS providers. + The previous ones require security/ca_root_nss which might not be installed o + r + will not contain any custom CA certificates. -- tests: fix error messages & handling around sockets + Closes #11985 - The wrong error code was checked on Windows on UNIX socket failures, - which could have caused all UNIX sockets to be reported as having - errored and the tests therefore skipped. Also, a useless error message - was displayed on socket errors in many test servers on Windows because - strerror() doesn't work on WinSock error codes; perror() is overridden - there to work on all errors and is used instead. +Daniel Stenberg (29 Sep 2023) - Ref #11258 - Closes #11265 +- FAQ: How do I upgrade curl.exe in Windows? -Daniel Stenberg (9 Jun 2023) + This is a growing question, better answer it here to get somewhere to + point users to. -- CURLOPT_SSH_PRIVATE_KEYFILE.3: expand on the file search + Closes #11984 - Reported-by: atjg on github - Ref: #11287 - Closes #11289 +Viktor Szakats (28 Sep 2023) -Stefan Eissing (9 Jun 2023) +- cmake: pre-cache `HAVE_BASENAME` for mingw-w64 and MSVC -- ngtcp2: use ever increasing timestamp in io + `basename` is present in mingw-w64, missing from MSVC. Pre-cache + accordingly to make configure faster. - - ngtcp2 v0.16.0 asserts that timestamps passed to its function - will only ever increase. - - Use a context shared between ingress/egress operations that - uses a shared timestamp, regularly updated during calls. + Notice that `basename` has a bug so we later disable it even with + mingw-w64: + https://github.com/curl/curl/blob/781242ffa44a9f9b95b6da5ac5a1bf6372ec6257/li + b/curl_setup.h#L820-L825 - Closes #11288 + Closes #11974 -Daniel Stenberg (9 Jun 2023) +Daniel Stenberg (28 Sep 2023) -- GHA: use nghttp2 1.54.0 for the ngtcp2 jobs +- cmake: add missing checks -Philip Heiduck (9 Jun 2023) + - check for arc4random. To make rand.c use it accordingly. + - check for fcntl + - fix fseek detection + - add SIZEOF_CURL_SOCKET_T + - fix USE_UNIX_SOCKETS + - define HAVE_SNPRINTF to 1 + - check for fnmatch + - check for sched_yield + - remove HAVE_GETPPID duplicate from curl_config.h + - add HAVE_SENDMSG -- GHA: ngtcp2: use 0.16.0 and nghttp3 0.12.0 + Ref: #11964 -Daniel Stenberg (9 Jun 2023) + Co-authored-by: Viktor Szakats + Closes #11973 -- ngtcp2: build with 0.16.0 and nghttp3 0.12.0 +- configure: remove unused checks - - moved to qlog_write - - crypto => encryption - - CRYPTO => ENCRYPTION - - removed "_is_" - - ngtcp2_conn_shutdown_stream_read and - ngtcp2_conn_shutdown_stream_write got flag arguments - - the nghttp3_callbacks struct got a recv_settings callback + - for sys/uio.h + - for fork + - for connect - Closes #11184 + Ref: #11964 -- example/http2-download: set CURLOPT_BUFFERSIZE + Closes #11973 - Primarily because no other example sets it, and remove the disabling of - the certificate check because we should not recommend that. +- lib: remove TIME_WITH_SYS_TIME - Closes #11284 + It is not used in any code anywhere. -- example/crawler: also set CURLOPT_AUTOREFERER + Ref: #11964 + Closes #11975 - Could make sense, and it was not used in any example before. +- docs: update curl man page references - Closes #11283 + Detected by the manpage-syntax update -Wyatt OʼDay (9 Jun 2023) + Closes #11963 -- tls13-ciphers.d: include Schannel +- manpage-syntax: verify curl man page references - Closes #11271 + 1. References to curl symbols are now checked that they indeed exist as + man pages. This for \f references as well as the names referenced in the + SEE ALSO section. -Daniel Stenberg (9 Jun 2023) + Allowlist curl.1 since it is not always built in builds -- curl_pushheader_byname/bynum.3: document in their own man pages + 2. References to curl symbols that lack section now causes warning, since tha + t + will prevent them from getting linked properly - These two functions were added in 7.44.0 when CURLMOPT_PUSHFUNCTION was - introduced but always lived a life in the shadows, embedded in the - CURLMOPT_PUSHFUNCTION man page. Until now. + 3. Check for "bare" references to curl functions and warn, they should be + references - It makes better sense and gives more visibility to document them in - their own stand-alone man pages. + Closes #11963 - Closes #11286 +- cmake: add check for suseconds_t -- curl_mprintf.3: minor fix of the example + And fix the HAVE_LONGLONG define -- curl_url_set: enforce the max string length check for all parts + Ref: #11964 + Closes #11977 - Update the docs and test 1559 accordingly +Viktor Szakats (28 Sep 2023) - Closes #11273 +- tidy-up: whitespace fixes -- examples/ftpuploadresume.c: add use of CURLOPT_ACCEPTTIMEOUT_MS + Closes #11972 - For show +- cmake: detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS - Closes #11277 + With new option `CURL_DISABLE_SRP=ON` to force-disable it. + To match existing option and detection logic in autotools. -- examples/unixsocket.c: example using CURLOPT_UNIX_SOCKET_PATH + Also: + - fix detecting GnuTLS. + We assume `nettle` as a GnuTLS dependency. + - add CMake GnuTLS CI job. + - bump AppVeyor CMake OpenSSL MSVC job to OpenSSL 1.1.1 (from 1.0.2) + TLS-SRP fails to detect with 1.0.2 due to an OpenSSL header bug. + - fix compiler warning when building with GnuTLS and disabled TLS-SRP. + - fix comment typos, whitespace. - and alternatively CURLOPT_ABSTRACT_UNIX_SOCKET + Ref: #11964 - Closes #11276 + Closes #11967 -Anssi Kolehmainen (8 Jun 2023) +- tool: use our own stderr variable -- docs: fix missing parameter names in examples + Earlier this year we changed our own stderr variable to use the standard + name `stderr` (to avoid bugs where someone is using `stderr` instead of + the curl-tool specific variable). This solution needed to override the + standard `stderr` symbol via the preprocessor. This in turn didn't play + well with unity builds and caused curl tool to crash or stay silent due + to an uninitialized stderr. This was a hard to find issue, fixed by + manually breaking out one file from the unity sources. - Closes #11278 + To avoid two these two tricks, this patch implements a different + solution: Restore using our own local variable for our stderr output and + leave `stderr` as-is. To avoid using `stderr` by mistake, add a + `checksrc` rule (based on logic we already used in lib for `strerror`) + that detects any `stderr` use in `src` and points to using our own + variable instead: `tool_stderr`. -Daniel Stenberg (8 Jun 2023) + Follow-up to 06133d3e9b8aeb9e9ca0b3370c246bdfbfc8619e + Follow-up to 2f17a9b654121dd1ecf4fc043c6d08a9da3522db + + Closes #11958 + +Loïc Yhuel (28 Sep 2023) + +- connect: only start the happy eyeballs timer when needed + + The timeout is only used when there is a second address family, for the + delayed eyeballer. + + Closes #11939 + +Daniel Stenberg (28 Sep 2023) + +- tool_operate: free 'gateway' correctly + + Pointed out by Coverity. The fix in 93885cf3a8d4e was incomplete. + + Also removed repeated wording in IPFS related error messages. + + Closes #11969 + +Stefan Eissing (28 Sep 2023) + +- lib: move handling of `data->req.writer_stack` into Curl_client_write() + + - move definitions from content_encoding.h to sendf.h + - move create/cleanup/add code into sendf.c + - installed content_encoding writers will always be called + on Curl_client_write(CLIENTWRITE_BODY) + - Curl_client_cleanup() frees writers and tempbuffers from + paused transfers, irregardless of protocol + + Closes #11908 + +Loïc Yhuel (28 Sep 2023) + +- multi: round the timeout up to prevent early wakeups + + Curl_timediff rounds down to the millisecond, so curl_multi_perform can + be called too early, then we get a timeout of 0 and call it again. + + The code already handled the case of timeouts which expired less than + 1ms in the future. By rounding up, we make sure we will never ask the + platform to wake up too early. + + Closes #11938 + +Daniel Stenberg (28 Sep 2023) + +- RELEASE-NOTES: spell out that IPFS is via gateway + +- RELEASE-NOTES: synced + +- tool_operate: avoid strlen() -1 on zero length content from file + + Follow-up to 65b563a96a226649ba12cb1e + + Closes #11959 + +- tool_operate: fix memory mixups + + Switch to plain getenv() from curl_getenv() to avoid the allocation and + having to keep track of which free() or curl_free() that need to be + used. + + Coverity found issues and a memory leak. + + Follow-up to 65b563a96a226649ba12cb1e + + Closes #11959 + +Viktor Szakats (27 Sep 2023) + +- curl-functions.m4: fixup recent bad edits + + Follow-up to 96c29900bcec32dd6bc8e9857c8871ff4b8b8ed9 #11940 + + Closes #11966 + +Daniel Stenberg (27 Sep 2023) + +- curl-functions.m4: fix include line + + This made the getaddrinfo detection fail, but we did not spot it in the + CI because it graciously falled back to using legacy functions instead! + + Follow-up to 96c29900bcec (#11940) + + Closes #11965 + +- inet_ntop: add typecast to silence Coverity + + CID 1024653: Integer handling issues (SIGN_EXTENSION) + + Suspicious implicit sign extension: "src[i]" with type "unsigned char + const" (8 bits, unsigned) is promoted in "src[i] << (1 - i % 2 << 3)" to + type "int" (32 bits, signed), then sign-extended to type "unsigned long" + (64 bits, unsigned). If "src[i] << (1 - i % 2 << 3)" is greater than + 0x7FFFFFFF, the upper bits of the result will all be 1. + + 111 words[i/2] |= (src[i] << ((1 - (i % 2)) << 3)); + + The value will not be greater than 0x7FFFFFFF so this still cannot + happen. + + Also, switch to ints here instead of longs. The values stored are 16 bit + so at least no need to use 64 bit variables. Also, longs are 32 bit on + some platforms so this logic still needs to work with 32 bits. + + Closes #11960 + +- docs: adapt SEE ALSO sections to new requirements + + To please manpage-syntax.pl used by test 1173 + + Closes #11957 + +- manpage-syntax.pl: verify SEE ALSO syntax + + - Enforce a single reference per .BR line + - Skip the quotes around the section number for example (3) + - Insist on trailing commas on all lines except the last + - Error on comma on the last SEE ALSO entry + + - List the entries alpha-sorted, not enforced just recommended + + Closes #11957 + +- connect: expire the timeout when trying next + + ... so that it gets called again immediately and can continue trying + addresses to connect to. Otherwise it might unnecessarily wait for a + while there. + + Fixes #11920 + Reported-by: Loïc Yhuel + Closes #11935 + +- http: remove wrong comment for http_should_fail + + Reported-by: Christian Schmitz + Ref: #11936 + Closes #11941 + +Dan Fandrich (26 Sep 2023) + +- tool_setopt: remove unused function tool_setopt_flags + + This function is identical to tool_setopt_bitmask except that it treats + the argument as unsigned. + + Closes #11943 + +Viktor Szakats (26 Sep 2023) + +- cmake: add feature checks for `memrchr` and `getifaddrs` + + - `HAVE_MEMRCHR` for `memrchr`. + - `HAVE_GETIFADDRS` for `getifaddrs`. + This was present in `lib/curl_config.h.cmake` but missed the detection + logic. + + To match existing autotools feature checks. + + Closes #11954 + +- cmake: move global headers to specific checks + + Before this patch we added standard headers unconditionally to the + global list of headers used for feature checks. This is unnecessary + and also doesn't help CMake 'Generate' performance. This patch moves + these headers to each feature check where they are actually needed. + Stop using `stddef.h`, as it seems unnecessary. + + I've used autotools' `m4/curl-functions.m4` to figure out these + dependencies. + + Also delete checking for the C89 standard header `time.h`, that I + missed in the earlier commit. + + Ref: 96c29900bcec32dd6bc8e9857c8871ff4b8b8ed9 #11940 + + Closes #11951 + +- src/mkhelp: make generated code pass `checksrc` + + Closes #11955 + +- tests: show which curl tool `runtests.pl` is using + + To help debugging when there is issue finding or running it. + + Closes #11953 + +- CI/azure: make `MAKEFLAGS` global to parallelize all jobs + + https://dev.azure.com/daniel0244/curl/_build/results?buildId=17528 (before) + https://dev.azure.com/daniel0244/curl/_build/results?buildId=17545 (after, wi + th -j3) + + Closes #11952 + +- CI/azure: migrate old mingw MSYS1 jobs to MSYS2 + + Also delete an accidental variable reference. + + Follow-up to 38029101e2d78ba125732b3bab6ec267b80a0e72 + + Closes #11945 + +Daniel Stenberg (26 Sep 2023) + +- docs: add see also curl_multi_get_handles to some man pages + + Assisted-by: Jay Satiro + + Closes #11942 + +Viktor Szakats (26 Sep 2023) + +- cmake: assume `_fseeki64` and no `fseeko` on Windows + + `_fseeki64` is present in mingw-w64 1.0 (2011-09-26) headers, and + at least Watcom C 1.9 (2010) headers and MSVS 2008 [1]. + + `fseeko` is not present in any of these. + + (mingw-w64 1.0 also offers `fseeko64`.) + + [1] https://github.com/curl/curl/pull/11944#issuecomment-1734995004 + + Follow-up to 9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93 #11918 + + Closes #11950 + +- build: delete checks for C89 standard headers + + Delete checks and guards for standard C89 headers and assume these are + available: `stdio.h`, `string.h`, `time.h`, `setjmp.h`, `stdlib.h`, + `stddef.h`, `signal.h`. + + Some of these we already used unconditionally, some others we only used + for feature checks. + + Follow-up to 9c7165e96a3a9a2d0b7059c87c699b5ca8cdae93 #11918 (for `stdio.h` i + n CMake) + + Closes #11940 + +Stefan Eissing (26 Sep 2023) + +- multiif.h: remove Curl_multi_dump declaration + + Follow-up to d850eea2 which removed the Curl_multi_dump definition. + + Closes https://github.com/curl/curl/pull/11946 + +Jay Satiro (26 Sep 2023) + +- config-win32: define HAVE__FSEEKI64 + + Follow-up to 9c7165e9 which added an fseeko wrapper to the lib that + calls _fseeki64 if it is available. + + Closes https://github.com/curl/curl/pull/11944 + +- docs: explain how PINNEDPUBLICKEY is independent of VERIFYPEER + + - Explain that peer verification via CURLOPT_PINNEDPUBLICKEY takes place + even if peer verification via CURLOPT_SSL_VERIFYPEER is turned off. + + The behavior is verified by test2048. + + Bug: https://github.com/curl/curl/issues/2935#issuecomment-418371872 + Reported-by: claudiusaiz@users.noreply.github.com + + Bug: https://github.com/curl/curl/discussions/11910 + Reported-by: Hakan Sunay Halil + + Closes https://github.com/curl/curl/pull/11930 + +Stefan Eissing (26 Sep 2023) + +- openssl: improve ssl shutdown handling + + - If SSL shutdown is not finished then make an additional call to + SSL_read to gather additional tracing. + + - Fix http2 and h2-proxy filters to forward do_close() calls to the next + filter. + + For example h2 and SSL shutdown before and after this change: + + Before: + + Curl_conn_close -> cf_hc_close -> Curl_conn_cf_discard_chain -> + ssl_cf_destroy + + After: + + Curl_conn_close -> cf_hc_close -> cf_h2_close -> cf_setup_close -> + ssl_cf_close + + Note that currently the tracing does not show output on the connection + closure handle. Refer to discussion in #11878. + + Ref: https://github.com/curl/curl/discussions/11878 + + Closes https://github.com/curl/curl/pull/11858 + +Loïc Yhuel (26 Sep 2023) + +- multi: fix small timeouts + + Since Curl_timediff rounds down to the millisecond, timeouts which + expire in less than 1ms are considered as outdated and removed from the + list. We can use Curl_timediff_us instead, big timeouts could saturate + but this is not an issue. + + Closes #11937 + +Viktor Szakats (25 Sep 2023) + +- cmake: fix stderr initialization in unity builds + + Before this patch, in certain build configurations the curl tool may + not have displayed anything (debug, macOS), or crashed at startup + (debug, Windows). + + Follow-up to 3f8fc25720900b14b7432f4bd93407ca15311719 + Necessary after 2f17a9b654121dd1ecf4fc043c6d08a9da3522db + + Closes #11929 + +- cmake: fix missing `zlib.h` when compiling `libcurltool` + + Came up while testing debug/testing build for Windows. I'm not sure why + it didn't come up in earlier tests with similar config. + `tool_hugehelp.c` might indeed require `zlib.h` and without linking + `CURL_LIBS` to the `curltool` target, CMake doesn't seem to add detected + dependency headers to the compiler command. + + ``` + [ 25%] Building C object src/CMakeFiles/curltool.dir/tool_hugehelp.c.obj + cd .../curl/bld-cmake-llvm-x64/src && /usr/local/opt/llvm/bin/clang + --target=x86_64-w64-mingw32 --sysroot=/usr/local/opt/mingw-w64/toolchain-x8 + 6_64 + -DCURLDEBUG -DCURL_STATICLIB -DHAVE_CONFIG_H -DUNICODE -DUNITTESTS -D_UNICO + DE + -I.../curl/include -I.../curl/lib -I.../curl/bld-cmake-llvm-x64/lib + -I.../curl/bld-cmake-llvm-x64/include -I.../curl/src -Wno-unused-command-li + ne-argument + -D_UCRT -DDEBUGBUILD -DHAS_ALPN -DUSE_MANUAL=1 -fuse-ld=lld -Wl,-s -static + -libgcc + -lucrt [...] -O3 -DNDEBUG -municode -MD + -MT src/CMakeFiles/curltool.dir/tool_hugehelp.c.obj + -MF CMakeFiles/curltool.dir/tool_hugehelp.c.obj.d + -o CMakeFiles/curltool.dir/tool_hugehelp.c.obj -c .../curl/bld-cmake-llvm-x + 64/src/tool_hugehelp.c + .../curl/bld-cmake-llvm-x64/src/tool_hugehelp.c:6:10: fatal error: 'zlib.h' f + ile not found + 6 | #include + | ^~~~~~~~ + ``` + + Follow-up to 39e7c22bb459c2e818f079984989a26a09741860 + + Closes #11927 + +- cmake: fix duplicate symbols when linking tests + + The linker resolves this automatically in non-unity builds. In unity + builds the linker cannot drop a single object with the duplicates, + resulting in these errors. The root issue is that we started including + certain objects both via both libcurlu and libcurltool libs. + + Regression from 39e7c22bb459c2e818f079984989a26a09741860 + + Windows errors: + ``` + [ 3%] Linking C executable unit1303.exe + [ 3%] Building C object tests/server/CMakeFiles/rtspd.dir/__/__/lib/curl_mul + tibyte.c.obj + ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_convert_UTF8_to_wch + ar': + C:/projects/curl/lib/curl_multibyte.c:44: multiple definition of `curlx_conve + rt_UTF8_to_wchar' + ../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte. + c:44: first defined here + ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_convert_wchar_to_UT + F8': + C:/projects/curl/lib/curl_multibyte.c:66: multiple definition of `curlx_conve + rt_wchar_to_UTF8' + ../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte. + c:66: first defined here + ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_win32_open': + C:/projects/curl/lib/curl_multibyte.c:92: multiple definition of `curlx_win32 + _open' + ../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte. + c:92: first defined here + ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_win32_fopen': + C:/projects/curl/lib/curl_multibyte.c:120: multiple definition of `curlx_win3 + 2_fopen' + ../../src/libcurltool-d.a(unity_0.c.obj):C:/projects/curl/lib/curl_multibyte. + c:120: first defined here + ../../lib/libcurlu-d.a(unity_0.c.obj): In function `curlx_win32_stat': + [...] + ``` + Ref: https://ci.appveyor.com/project/curlorg/curl/builds/48110107/job/nvlhpt9 + aa4ehny5q#L247 + + macOS errors: + ``` + [ 56%] Linking C executable unit1302 + duplicate symbol '_curlx_sotouz' in: + ../../lib/libcurlu.a(unity_0_c.c.o) + ../../src/libcurltool.a(unity_0_c.c.o) + duplicate symbol '_curlx_sitouz' in: + ../../lib/libcurlu.a(unity_0_c.c.o) + ../../src/libcurltool.a(unity_0_c.c.o) + duplicate symbol '_curlx_uztosz' in: + ../../lib/libcurlu.a(unity_0_c.c.o) + ../../src/libcurltool.a(unity_0_c.c.o) + [...] + ``` + with config: + ``` + -DCMAKE_UNITY_BUILD=ON \ + -DENABLE_DEBUG=ON -DBUILD_TESTING=ON -DCMAKE_C_FLAGS=-DDEBUGBUILD \ + -DBUILD_SHARED_LIBS=ON \ + -DBUILD_STATIC_LIBS=OFF + ``` + + Closes #11926 + +- cmake: lib `CURL_STATICLIB` fixes (Windows) + + - always define `CURL_STATICLIB` when building libcurl for Windows. + + This disables `__declspec(dllexport)` for exported libcurl symbols. + In normal mode (hide symbols) these exported symbols are specified + via `libcurl.def`. When not hiding symbols, all symbols are exported + by default. + + Regression from 1199308dbc902c52be67fc805c72dd2582520d30 + + Fixes #11844 + + - fix to omit `libcurl.def` when not hiding private symbols. + + Regression from 2ebc74c36a19a1700af394c16855ce144d9878e3 + + - fix `ENABLED_DEBUG=ON` + shared curl tool Windows builds by also + omitting `libcurl.def` in this case, and exporting all symbols + instead. This ensures that a shared curl tool can access all debug + functions which are not normally exported from libcurl DLL. + + - delete `INTERFACE_COMPILE_DEFINITIONS "CURL_STATICLIB"` for "objects" + target. + + Follow-up to 2ebc74c36a19a1700af394c16855ce144d9878e3 + + - delete duplicate `BUILDING_LIBCURL` definitions. + + - fix `HIDES_CURL_PRIVATE_SYMBOLS` to not overwrite earlier build settings. + + Follow-up to 1199308dbc902c52be67fc805c72dd2582520d30 + + Closes #11914 + +Daniel Stenberg (25 Sep 2023) + +- RELEASE-NOTES: synced + +Dan Fandrich (25 Sep 2023) + +- tests: fix log directory path in IPFS tests + + Hard-coding the log directory name fails with parallel tests. + + Follow-up to 65b563a96 + + Ref: #8805 + +Daniel Stenberg (25 Sep 2023) + +- curl_multi_get_handles: get easy handles from a multi handle + + Closes #11750 + +Stefan Eissing (25 Sep 2023) + +- http: h1/h2 proxy unification + + - use shared code for setting up the CONNECT request + when tunneling, used in HTTP/1.x and HTTP/2 proxying + - eliminate use of Curl_buffer_send() and other manipulations + of `data->req` or `data->state.ulbuf` + + Closes #11808 + +Natanael Copa (25 Sep 2023) + +- lib: use wrapper for curl_mime_data fseek callback + + fseek uses long offset which does not match with curl_off_t. This leads + to undefined behavior when calling the callback and caused failure on + arm 32 bit. + + Use a wrapper to solve this and use fseeko which uses off_t instead of + long. + + Thanks to the nice people at Libera IRC #musl for helping finding this + out. + + Fixes #11882 + Fixes #11900 + Closes #11918 + +- configure: sort AC_CHECK_FUNCS + + No functional changes. + +Daniel Stenberg (25 Sep 2023) + +- warnless: remove unused functions + + Previously put there for use with the intel compiler + + Closes #11932 + +- GHA/linux: run singleuse to detect single-use global functions + + Use --unit for configure --enable-debug builds + + Closes #11932 + +- singleuse: add scan for use in other source codes + + This should reduce false-positive to almost zero. Checks for presence in + unit tests if --unit is specified, which is intended for debug builds + where unit testing is enabled. + + Closes #11932 + +- multi: remove Curl_multi_dump + + A debug-only function that is basically never used. Removed to ease the + use of the singleuse script to detect non-static functions not used + outside the file where it is defined. + + Closes #11931 + +Viktor Szakats (24 Sep 2023) + +- tests: fix compiler warnings + + Seen with llvm 17 on Windows x64. + + ``` + .../curl/tests/server/rtspd.c:136:13: warning: no previous extern declaration + for non-static variable 'logdir' [-Wmissing-variable-declarations] + 136 | const char *logdir = "log"; + | ^ + .../curl/tests/server/rtspd.c:136:7: note: declare 'static' if the variable i + s not intended to be used outside of this translation unit + 136 | const char *logdir = "log"; + | ^ + .../curl/tests/server/rtspd.c:137:6: warning: no previous extern declaration + for non-static variable 'loglockfile' [-Wmissing-variable-declarations] + 137 | char loglockfile[256]; + | ^ + .../curl/tests/server/rtspd.c:137:1: note: declare 'static' if the variable i + s not intended to be used outside of this translation unit + 137 | char loglockfile[256]; + | ^ + .../curl/tests/server/fake_ntlm.c:43:13: warning: no previous extern declarat + ion for non-static variable 'logdir' [-Wmissing-variable-declarations] + 43 | const char *logdir = "log"; + | ^ + .../curl/tests/server/fake_ntlm.c:43:7: note: declare 'static' if the variabl + e is not intended to be used outside of this translation unit + 43 | const char *logdir = "log"; + | ^ + .../curl/src/tool_doswin.c:350:8: warning: possible misuse of comma operator + here [-Wcomma] + 350 | ++d, ++s; + | ^ + .../curl/src/tool_doswin.c:350:5: note: cast expression to void to silence wa + rning + 350 | ++d, ++s; + | ^~~ + | (void)( ) + ``` + + ``` + .../curl/tests/libtest/lib540.c:146:27: warning: result of comparison 'long' + > 2147483647 is always false [-Wtautological-type-limit-compare] + 146 | int itimeout = (L > (long)INT_MAX) ? INT_MAX : (int)L; + | ~ ^ ~~~~~~~~~~~~~ + 1 warning generated. + + .../curl/tests/libtest/libntlmconnect.c:195:31: warning: result of comparison + 'long' > 2147483647 is always false [-Wtautological-type-limit-compare] + 195 | int itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeo + ut; + | ~~~~~~~ ^ ~~~~~~~~~~~~~ + 1 warning generated. + + .../curl/tests/libtest/lib591.c:117:31: warning: result of comparison 'long' + > 2147483647 is always false [-Wtautological-type-limit-compare] + 117 | int itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeo + ut; + | ~~~~~~~ ^ ~~~~~~~~~~~~~ + 1 warning generated. + .../curl/tests/libtest/lib597.c:99:31: warning: result of comparison 'long' > + 2147483647 is always false [-Wtautological-type-limit-compare] + 99 | int itimeout = (timeout > (long)INT_MAX) ? INT_MAX : (int)timeo + ut; + | ~~~~~~~ ^ ~~~~~~~~~~~~~ + 1 warning generated. + ``` + + Seen on macOS Intel: + ``` + .../curl/tests/server/sws.c:440:64: warning: field precision should have type + 'int', but argument has type 'size_t' (aka 'unsigned long') [-Wformat] + msnprintf(logbuf, sizeof(logbuf), "Got request: %s %.*s HTTP/%d.%d" + , + ~~^~ + 1 warning generated. + ``` + + Closes #11925 + +Jay Satiro (24 Sep 2023) + +- url: fix netrc info message + + - Fix netrc info message to use the generic ".netrc" filename if the + user did not specify a netrc location. + + - Update --netrc doc to add that recent versions of curl on Windows + prefer .netrc over _netrc. + + Before: + * Couldn't find host google.com in the (nil) file; using defaults + + After: + * Couldn't find host google.com in the .netrc file; using defaults + + Closes https://github.com/curl/curl/pull/11904 + +Dan Fandrich (23 Sep 2023) + +- wolfssh: do cleanup in Curl_ssh_cleanup + + Closes: #11921 + +Daniel Stenberg (24 Sep 2023) + +- tool_listhelp: regenerated + + Polished the --ipfs-gateway description + + Fixed the --trace-config description + + The script also fixed some other small mistakes + + Closes #11923 + +Viktor Szakats (23 Sep 2023) + +- Makefile.mk: always set `CURL_STATICLIB` for lib (Windows) + + Also fix to export all symbols in Windows debug builds, making + `-debug-dyn` builds work with `-DCURL_STATICLIB` set. + + Ref: https://github.com/curl/curl/pull/11914 (same for CMake) + + Closes #11924 + +Daniel Stenberg (23 Sep 2023) + +- quic: set ciphers/curves the same way regular TLS does + + for OpenSSL/BoringSSL + + Fixes #11796 + Reported-by: Karthikdasari0423 on github + Assisted-by: Jay Satiro + Closes #11836 + +- test457: verify --max-filesize with chunked encoding + +- lib: let the max filesize option stop too big transfers too + + Previously it would only stop them from getting started if the size is + known to be too big then. + + Update the libcurl and curl docs accordingly. + + Fixes #11810 + Reported-by: Elliot Killick + Assisted-by: Jay Satiro + Closes #11820 + +Viktor Szakats (23 Sep 2023) + +- mingw: delete support for legacy mingw.org toolchain + + Drop support for "old" / "legacy" / "classic" / "v1" / "mingw32" MinGW: + https://en.wikipedia.org/wiki/MinGW, https://osdn.net/projects/mingw/ + Its homepage used to be http://mingw.org/ [no HTTPS], and broken now. + It supported the x86 CPU only and used a old Windows API header and + implib set, often causing issues. It also misses most modern Windows + features, offering old versions of both binutils and gcc (no llvm/clang + support). It was last updated 2 years ago. + + curl now relies on toolchains based on the mingw-w64 project: + https://www.mingw-w64.org/ https://sourceforge.net/projects/mingw-w64/ + https://www.msys2.org/ https://github.com/msys2/msys2 + https://github.com/mstorsjo/llvm-mingw + (Also available via Linux and macOS package managers.) + + Closes #11625 + +Mark Gaiser (23 Sep 2023) + +- curl: add support for the IPFS protocols: + + - ipfs:// + - ipns:// + + This allows you tu use ipfs in curl like: + curl ipfs:// + and + curl ipns:// + + For more information consult the readme at: + https://curl.se/docs/ipfs.html + + Closes #8805 + +Daniel Stenberg (23 Sep 2023) + +- bufq: remove Curl_bufq_skip_and_shift (unused) + + Closes #11915 + +- scripts/singleuse.pl: add curl_global_trace + +Viktor Szakats (22 Sep 2023) + +- cmake: fix unity symbol collisions in h2 builds + + Regression from 331b89a319d0067fa1e6441719307cfef9c7960f + + Reviewed-by: Daniel Stenberg + Reviewed-by: Jay Satiro + Closes #11912 + +Daniel Stenberg (22 Sep 2023) + +- RELEASE-NOTES: synced + +Dan Fandrich (21 Sep 2023) + +- github/labeler: improve the match patterns + + This includes new rules for setting the appleOS and logging labels and + matches on some example files. Also, enable dot mode for wildcard + matches in the .github directory. + +Daniel Stenberg (21 Sep 2023) + +- upload-file.d: describe the file name slash/backslash handling + + Closes #11911 + +Jakub Jelen (21 Sep 2023) + +- libssh: cap SFTP packet size sent + + Due to libssh limitations + + Signed-off-by: Jakub Jelen + + Closes #11804 + +Daniel Stenberg (21 Sep 2023) -- urlapi: have *set(PATH) prepend a slash if one is missing +- curl.h: mark CURLSSLBACKEND_NSS as deprecated since 8.3.0 - Previously the code would just do that for the path when extracting the - full URL, which made a subsequent curl_url_get() of the path to - (unexpectedly) still return it without the leading path. + Closes #11905 - Amend lib1560 to verify this. Clarify the curl_url_set() docs about it. +- mailmap: unify Michael Osipov under a single email - Bug: https://curl.se/mail/lib-2023-06/0015.html - Closes #11272 - Reported-by: Pedro Henrique +Ted Lyngmo (21 Sep 2023) -Dan Fandrich (7 Jun 2023) +- docs: use CURLSSLBACKEND_NONE -- runtests; give each server a unique log lock file + [ssl] use CURLSSLBACKEND_NONE instead of (curl_sslbackend)-1 in + documentation and examples. - Logs are written by several servers and all of them must be finished - writing before the test results can be determined. This means each - server must have its own lock file rather than sharing a single one, - which is how it was done up to now. Previously, the first server to - complete a test would clear the lock before the other server was done, - which caused flaky tests. + Signed-off-by: Ted Lyngmo - Lock files are now all found in their own directory, so counting locks - equals counting the files in that directory. The result is that the - proxy logs are now reliably written which actually changes the expected - output for two tests. + Closes #11909 - Fixes #11231 - Closes #11259 +Dan Fandrich (21 Sep 2023) -- runtests: make test file directories in log/N +- github/labeler: give the sync-labels config item a default value - Test files in subdirectories were not created after parallel test log - directories were moved down a level due to a now-bad comparison. + This shouldn't be necessary and is likely a bug with this beta version + of the labeller. - Follow-up to 92d7dd39 + Also, fix the negative matches for the documentation label. - Ref #11264 - Closes #11267 + Follow-up to dd12b452a + Closes #11907 -Daniel Stenberg (7 Jun 2023) +- github/labeler: fix up more the labeler config format -- ws: make the curl_ws_meta() return pointer a const + The new version didn't like the workaround we had for a bug in the + previous labeler version, and it should no longer be needed. - The returned info is read-only for the user. + Follow-up to dd12b452a + Closes #11906 - Closes #11261 +- github/labeler: fix indenting to try to appease labeller -- RELEASE-NOTES: synced + Follow-up to dd12b452a -- runtests: move parallel log dirs from logN to log/N +Jay Satiro (21 Sep 2023) - Having several hundreds of them in there gets annoying. +- libssh2: fix error message on failed pubkey-from-file - Closes #11264 + - If libssh2_userauth_publickey_fromfile_ex returns -1 then show error + message "SSH public key authentication failed: Reason unknown (-1)". -Dan Fandrich (7 Jun 2023) + When libssh2_userauth_publickey_fromfile_ex returns -1 it does so as a + generic error and therefore doesn't set an error message. AFAICT that is + not documented behavior. -- test447: move the test file into %LOGDIR + Prior to this change libcurl retrieved the last set error message which + would be from a previous function failing. That resulted in misleading + auth failed error messages in verbose mode. -Viktor Szakats (7 Jun 2023) + Bug: https://github.com/curl/curl/issues/11837#issue-1891827355 + Reported-by: consulion@users.noreply.github.com -- cmake: add support for "unity" builds + Closes https://github.com/curl/curl/pull/11881 - Aka "jumbo" or "amalgamation" builds. It means to compile all sources - per target as a single C source. This is experimental. +Stefan Eissing (21 Sep 2023) - You can enable it by passing `-DCMAKE_UNITY_BUILD=ON` to cmake. - It requires CMake 3.16 or newer. +- pytest: exclude test_03_goaway in CI runs due to timing dependency - It makes builds (much) faster, allows for better optimizations and tends - to promote less ambiguous code. + Closes #11860 - Also add a new AppVeyor CI job and convert an existing one to use - "unity" mode (one MSVC, one MinGW), and enable it for one macOS CI job. +- lib: disambiguate Curl_client_write flag semantics - Fix related issues: - - add missing include guard to `easy_lock.h`. - - rename static variables and functions (and a macro) with names reused - across sources, or shadowed by local variables. - - add an `#undef` after use. - - add a missing `#undef` before use. - - move internal definitions from `ftp.h` to `ftp.c`. - - `curl_memory.h` fixes to make it work when included repeatedly. - - stop building/linking curlx bits twice for a static-mode curl tool. - These caused doubly defined symbols in unity builds. - - silence missing extern declarations compiler warning for ` _CRT_glob`. - - fix extern declarations for `tool_freq` and `tool_isVistaOrGreater`. - - fix colliding static symbols in debug mode: `debugtime()` and - `statename`. - - rename `ssl_backend_data` structure to unique names for each - TLS-backend, along with the `ssl_connect_data` struct member - referencing them. This required adding casts for each access. - - add workaround for missing `[P]UNICODE_STRING` types in certain Windows - builds when compiling `lib/ldap.c`. To support "unity" builds, we had - to enable `SCHANNEL_USE_BLACKLISTS` for Schannel (a Windows - `schannel.h` option) _globally_. This caused an indirect inclusion of - Windows `schannel.h` from `ldap.c` via `winldap.h` to have it enabled - as well. This requires `[P]UNICODE_STRING` types, which is apperantly - not defined automatically (as seen with both MSVS and mingw-w64). - This patch includes `` to fix it. - Ref: https://github.com/curl/curl/runs/13987772013 - Ref: https://dev.azure.com/daniel0244/curl/_build/results?buildId=15827&vie - w=logs&jobId=2c9f582d-e278-56b6-4354-f38a4d851906&j=2c9f582d-e278-56b6-4354-f - 38a4d851906&t=90509b00-34fa-5a81-35d7-5ed9569d331c - - tweak unity builds to compile `lib/memdebug.c` separately in memory - trace builds to avoid PP confusion. - - force-disable unity for test programs. - - do not compile and link libcurl sources to libtests _twice_ when libcurl - is built in static mode. + - use CLIENTWRITE_BODY *only* when data is actually body data + - add CLIENTWRITE_INFO for meta data that is *not* a HEADER + - debug assertions that BODY/INFO/HEADER is not used mixed + - move `data->set.include_header` check into Curl_client_write + so protocol handlers no longer have to care + - add special in FTP for `data->set.include_header` for historic, + backward compatible reasons + - move unpausing of client writes from easy.c to sendf.c, so that + code is in one place and can forward flags correctly - KNOWN ISSUES: - - running tests with unity builds may fail in cases. - - some build configurations/env may not compile in unity mode. E.g.: - https://ci.appveyor.com/project/curlorg/curl/builds/47230972/job/51wfesgnfu - auwl8q#L250 + Closes #11885 - Ref: https://github.com/libssh2/libssh2/issues/1034 - Ref: https://cmake.org/cmake/help/latest/prop_tgt/UNITY_BUILD.html - Ref: https://en.wikipedia.org/wiki/Unity_build +Patrick Monnerat (21 Sep 2023) - Closes #11095 +- tftpd: always use curl's own tftp.h -Daniel Stenberg (7 Jun 2023) + Using the system's provided arpa/tftp.h and optimizing, GCC 12 detects + and reports a stringop-overread warning: -- examples/websocket.c: websocket example using CONNECT_ONLY + tftpd.c: In function ‘write_behind.isra’: + tftpd.c:485:12: warning: ‘write’ reading between 1 and 2147483647 bytes f + rom a region of size 0 [-Wstringop-overread] + 485 | return write(test->ofile, writebuf, count); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + In file included from tftpd.c:71: + /usr/include/arpa/tftp.h:58:30: note: source object ‘tu_data’ of size 0 + 58 | char tu_data[0]; /* data or error stri + ng */ + | ^~~~~~~ - Closes #11262 + This occurs because writebuf points to this field and the latter + cannot be considered as being of dynamic length because it is not + the last field in the structure. Thus it is bound to its declared + size. -- websocket-cb: example doing WebSocket download using callback + This commit always uses curl's own version of tftp.h where the + target field is last in its structure, effectively avoiding the + warning. - Very basic + As HAVE_ARPA_TFTP_H is not used anymore, cmake/configure checks for + arpa/tftp.h are removed. - Closes #11260 + Closes #11897 -- test/.gitignore: ignore log* +Dan Fandrich (20 Sep 2023) -Dan Fandrich (5 Jun 2023) +- test1474: make precheck more robust on non-Solaris systems -- runtests: document the -j parallel testing option + If uname -r returns something odd, perl could return an error code and + the test would be erroneously skipped. The qx// syntax avoid this. - Reported-by: Daniel Stenberg - Ref: #10818 - Closes #11255 + Followup to 08f9b2148 -- runtests: create multiple test runners when requested +- github/labeler: switch to the 5 beta version - Parallel testing is enabled by using a nonzero value for the -j option - to runtests.pl. Performant values seem to be about 7*num CPU cores, or - 1.3*num CPU cores if Valgrind is in use. + This version adds an important feature that will allow more PRs to be + labelled. Rather than being limited to labeling PRs with files that + match a single glob, it can now label them if multiple changed files + match any one of a number of globs. - Flaky tests due to improper log locking (bug #11231) are exacerbated - while parallel testing, so it is not enabled by default yet. +Daniel Stenberg (20 Sep 2023) - Fixes #10818 - Closes #11246 +- lib: enable hmac for digest as well -- runtests: handle repeating tests in multiprocess mode + Previously a build that disabled NTLM and aws-sigv4 would fail to build + since the hmac was disabled, but it is also needed for digest auth. - Such as what happens with the --repeat option. Some functions are - changed to pass the runner ID instead of relying on the non-unique test - number. + Follow-up to e92edfbef64448ef - Ref: #10818 + Fixes #11890 + Reported-by: Aleksander Mazur + Closes #11896 -- runtests: buffer logmsg while running singletest() +- idn: if idn2_check_version returns NULL, return error - This allows all messages relating to a single test case to be displayed - together at the end of the test. + ... this avoids a NULL dereference for this unusual case. - Ref: #10818 + Reported-by: s0urc3_ on hackerone + Closes #11898 -- runtests: call initserverconfig() in the runner +- http: fix CURL_DISABLE_BEARER_AUTH breakage - This must be done so variables pick up the runner's unique $LOGDIR. + When bearer auth was disabled, the if/else logic got wrong and caused + problems. - Ref: #10818 + Follow-up to e92edfbef64448ef461 + Fixes #11892 + Reported-by: Aleksander Mazur + Closes #11895 -- runtests: use a per-runner random seed +Michael Osipov (20 Sep 2023) - Each runner needs a unique random seed to reduce the chance of port - number collisions. The new scheme uses a consistent per-runner source of - randomness which results in deterministic behaviour, as it did before. +- wolfssl: allow capath with CURLOPT_CAINFO_BLOB - Ref: #10818 + Remain consistent with OpenSSL. While CAfile is nulled as documented + with CURLOPT_CAINFO_BLOB, CApath remains intact. -- runtests: complete main test loop refactor for multiple runners + Closes #11886 - The main test loop is now able to handle multiple runners, or no - additional runner processes at all. At most one process is still - created, however. +- wolfssl: use ssl_cafile/ssl_capath variables consistent with openssl.c - Ref: #10818 + Closes #11886 -- runtests: prepare main test loop for multiple runners +Dan Fandrich (19 Sep 2023) - Some variables are expanded to arrays and hashes so that multiple - runners can be used for running tests. +- test1474: disable test on NetBSD, OpenBSD and Solaris 10 - Ref: #10818 + These kernels only send a fraction of the requested amount of the first + large block, invalidating the assumptions of the test and causing it to + fail. -Stefan Eissing (5 Jun 2023) + Assisted-by: Christian Weisgerber + Ref: https://curl.se/mail/lib-2023-09/0021.html + Closes #11888 -- bufq: make write/pass methods more robust +Ryan Schmidt (20 Sep 2023) - - related to #11242 where curl enters busy loop when - sending http2 data to the server +- cmake, configure: also link with CoreServices - Closes #11247 + When linking with CoreFoundation, also link with CoreServices which is + apparently required to avoid an NSInvalidArgumentException in software + linking with libcurl on macOS Sonoma 14 and later. -Boris Verkhovskiy (5 Jun 2023) + Fixes #11893 + Closes #11894 -- tool_getparam: fix comment +Marc Hoersken (19 Sep 2023) - Closes #11253 +- CI/azure: remove pip, wheel, cryptography, pyopenssl and impacket -Raito Bezarius (5 Jun 2023) + These dependencies are now already included in the Docker image. -- haproxy: add --haproxy-clientip flag to spoof client IPs + Ref: https://github.com/mback2k/curl-docker-winbuildenv/commit/2607a31bcab544 + b41d15606e97f38cf312c1ce56 - CURLOPT_HAPROXY_CLIENT_IP in the library + Closes #11889 - Closes #10779 +Daniel Stenberg (19 Sep 2023) -Daniel Stenberg (5 Jun 2023) +- wolfssl: if CURLOPT_CAINFO_BLOB is set, ignore the CA files -- curl: add --ca-native and --proxy-ca-native + Ref: #11883 + Reported-by: Michael Osipov + Closes #11884 - These are two boolean options to ask curl to use the native OS's CA - store when verifying TLS servers. For peers and for proxies - respectively. +- RELEASE-NOTES: synced - They currently only have an effect for curl on Windows when built to use - OpenSSL for TLS. +- test3103: CURLOPT_COOKIELIST test - Closes #11049 +- cookie: set ->running in cookie_init even if data is NULL -Viktor Szakats (5 Jun 2023) + This is a regression introduced in b1b326ec500 (shipped in curl 8.1.0) -- build: drop unused/redundant `HAVE_WINLDAP_H` + Test 3103 verifies. - Sources did not use it. Autotools used it when checking for the - `winldap` library, which is redundant. + Fixes #11875 + Reported-by: wangp on github + Closes #11876 - With CMake, detection was broken: - ``` - Run Build Command(s):/usr/local/Cellar/cmake/3.26.3/bin/cmake -E env VERBOSE= - 1 /usr/bin/make -f Makefile cmTC_2d8fe/fast && /Library/Developer/CommandLine - Tools/usr/bin/make -f CMakeFiles/cmTC_2d8fe.dir/build.make CMakeFiles/cmTC_2 - d8fe.dir/build - Building C object CMakeFiles/cmTC_2d8fe.dir/HAVE_WINLDAP_H.c.obj - /usr/local/opt/llvm/bin/clang --target=x86_64-w64-mingw32 --sysroot=/usr/loca - l/opt/mingw-w64/toolchain-x86_64 -D_WINSOCKAPI_="" -I/my/quictls/x64-ucrt/usr - /include -I/my/zlib/x64-ucrt/usr/include -I/my/brotli/x64-ucrt/usr/include -W - no-unused-command-line-argument -D_UCRT -DCURL_HIDDEN_SYMBOLS -DHAVE_SSL_SE - T0_WBIO -DHAS_ALPN -DNGHTTP2_STATICLIB -DNGHTTP3_STATICLIB -DNGTCP2_STATICLIB - -DUSE_MANUAL=1 -fuse-ld=lld -Wl,-s -static-libgcc -lucrt -Wextra -Wall -p - edantic -Wbad-function-cast -Wconversion -Winline -Wmissing-declarations -Wmi - ssing-prototypes -Wnested-externs -Wno-long-long -Wno-multichar -Wpointer-ari - th -Wshadow -Wsign-compare -Wundef -Wunused -Wwrite-strings -Wcast-align -Wde - claration-after-statement -Wempty-body -Wendif-labels -Wfloat-equal -Wignored - -qualifiers -Wno-format-nonliteral -Wno-sign-conversion -Wno-system-headers - - Wstrict-prototypes -Wtype-limits -Wvla -Wshift-sign-overflow -Wshorten-64-to- - 32 -Wdouble-promotion -Wenum-conversion -Wunused-const-variable -Wcomma -Wmis - sing-variable-declarations -Wassign-enum -Wextra-semi-stmt -MD -MT CMakeFile - s/cmTC_2d8fe.dir/HAVE_WINLDAP_H.c.obj -MF CMakeFiles/cmTC_2d8fe.dir/HAVE_WINL - DAP_H.c.obj.d -o CMakeFiles/cmTC_2d8fe.dir/HAVE_WINLDAP_H.c.obj -c /my/curl/b - ld-cmake-llvm-x64-shared/CMakeFiles/CMakeScratch/TryCompile-3JP6dR/HAVE_WINLD - AP_H.c - In file included from /my/curl/bld-cmake-llvm-x64-shared/CMakeFiles/CMakeScra - tch/TryCompile-3JP6dR/HAVE_WINLDAP_H.c:2: - In file included from /usr/local/opt/mingw-w64/toolchain-x86_64/x86_64-w64-mi - ngw32/include/winldap.h:17: - In file included from /usr/local/opt/mingw-w64/toolchain-x86_64/x86_64-w64-mi - ngw32/include/schnlsp.h:9: - In file included from /usr/local/opt/mingw-w64/toolchain-x86_64/x86_64-w64-mi - ngw32/include/schannel.h:10: - /usr/local/opt/mingw-w64/toolchain-x86_64/x86_64-w64-mingw32/include/wincrypt - .h:5041:254: error: unknown type name 'PSYSTEMTIME' - WINIMPM PCCERT_CONTEXT WINAPI CertCreateSelfSignCertificate (HCRYPTPROV_OR_ - NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, PCERT_NAME_BLOB pSubjectIssuerBlob, - DWORD dwFlags, PCRYPT_KEY_PROV_INFO pKeyProvInfo, PCRYPT_ALGORITHM_IDENTIFIER - pSignatureAlgorithm, PSYSTEMTIME pStartTime, PSYSTEMTIME pEndTime, PCERT_EXT - ENSIONS pExtensions); - - - - ^ - /usr/local/opt/mingw-w64/toolchain-x86_64/x86_64-w64-mingw32/include/wincrypt - .h:5041:278: error: unknown type name 'PSYSTEMTIME' - WINIMPM PCCERT_CONTEXT WINAPI CertCreateSelfSignCertificate (HCRYPTPROV_OR_ - NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, PCERT_NAME_BLOB pSubjectIssuerBlob, - DWORD dwFlags, PCRYPT_KEY_PROV_INFO pKeyProvInfo, PCRYPT_ALGORITHM_IDENTIFIER - pSignatureAlgorithm, PSYSTEMTIME pStartTime, PSYSTEMTIME pEndTime, PCERT_EXT - ENSIONS pExtensions); - - - - ^ - 2 errors generated. - make[1]: *** [CMakeFiles/cmTC_2d8fe.dir/HAVE_WINLDAP_H.c.obj] Error 1 - make: *** [cmTC_2d8fe/fast] Error 2 - exitCode: 2 - ``` +- test498: total header size for all redirects is larger than accepted - Cherry-picked from #11095 88e4a21ff70ccef391cf99c8165281ff81374503 - Reviewed-by: Daniel Stenberg - Closes #11245 +- http: use per-request counter to check too large headers -Daniel Stenberg (5 Jun 2023) + Not the counter that accumulates all headers over all redirects. -- urlapi: scheme starts with alpha + Follow-up to 3ee79c1674fd6 - Add multiple tests to lib1560 to verify + Do a second check for 20 times the limit for the accumulated size for + all headers. - Fixes #11249 - Reported-by: ad0p on github - Closes #11250 + Fixes #11871 + Reported-by: Joshix-1 on github + Closes #11872 -- RELEASE-NOTES: synced +Jay Satiro (18 Sep 2023) -- CURLOPT_MAIL_RCPT_ALLOWFAILS: replace CURLOPT_MAIL_RCPT_ALLLOWFAILS +- THANKS: add Eric Murphy - Deprecate the name using three Ls and prefer the name with two. + He reported #11850 (quiche build error) but I forgot to add a + 'reported-by' entry in the fix 267e14f1. - Replaces #10047 - Closes #11218 +Daniel Stenberg (18 Sep 2023) -- tests/servers: generate temp names in /tmp for unix domain sockets +- h2-proxy: remove left-over mistake in drain_tunnel() - ... instead of putting them in the regular pid directories because - systems generally have strict length requirements for the path name to - be shorter than 107 bytes and we easily hit that boundary otherwise. + Left-over from 331b89a319 - The new concept generates two random names: one for the socks daemon and - one for http. + Reported-by: å—å®«é›ªçŠ - Reported-by: Andy Fiddaman - Fixes #11152 - Closes #11166 + Closes https://github.com/curl/curl/pull/11877 -Stefan Eissing (2 Jun 2023) +vvb2060 (18 Sep 2023) -- http2: better support for --limit-rate +- lib: failf/infof compiler warnings - - leave transfer loop when --limit-rate is in effect and has - been received - - adjust stream window size to --limit-rate plus some slack - to make the server observe the pacing we want - - add test case to confirm behaviour + Closes #11874 - Closes #11115 +Daniel Stenberg (17 Sep 2023) -- curl_log: evaluate log statement only when transfer is verbose +- rand: fix 'alnum': array is too small to include a terminating null character - Closes #11238 + It was that small on purpose, but this change now adds the null byte to + avoid the error. -Daniel Stenberg (2 Jun 2023) + Follow-up to 3aa3cc9b052353b1 -- libssh2: provide error message when setting host key type fails + Reported-by: Dan Fandrich + Ref: #11838 + Closes #11870 - Ref: https://curl.se/mail/archive-2023-06/0001.html +Mathias Fuchs (16 Sep 2023) - Closes #11240 +- cmake: fix the help text to the static build option in CMakeLists.txt -Igor Todorovski (2 Jun 2023) + Closes #11843 -- system.h: remove __IBMC__/__IBMCPP__ guards and apply to all z/OS compiles +John Haugabook (16 Sep 2023) - Closes #11241 +- MANUAL.md: change domain to example.com -Daniel Stenberg (2 Jun 2023) + Closes #11866 -- docs/SECURITY-PROCESS.md: link to example of previous critical flaw +Daniel Stenberg (16 Sep 2023) -Mark Seuffert (2 Jun 2023) +- doh: inherit DEBUGFUNCTION/DATA -- README.md: updated link to opencollective + When creating new transfers for doing DoH, they now inherit the debug + settings from the initiating transfer, so that the application can + redirect and handle the verbose output correctly even for the DoH + transfers. - Closes #11232 + Reported-by: calvin2021y on github + Fixes #11864 + Closes #11869 -Daniel Stenberg (1 Jun 2023) +Dan Fandrich (16 Sep 2023) -- libssh2: use custom memory functions +- http_aws_sigv4: fix sorting with empty parts - Because of how libssh2_userauth_keyboard_interactive_ex() works: the - libcurl callback allocates memory that is later free()d by libssh2, we - must set the custom memory functions. + When comparing with an empty part, the non-empty one is always + considered greater-than. Previously, the two would be considered equal + which would randomly place empty parts amongst non-empty ones. This + showed as a test 439 failure on Solaris as it uses a different + implementation of qsort() that compares parts differently. - Reverts 8b5f100db388ee60118c08aa28 + Fixes #11855 + Closes #11868 - Ref: https://github.com/libssh2/libssh2/issues/1078 - Closes #11235 +- CI: ignore the "flaky" and "timing-dependent" test results -- test447: test PUTting a file that grows + CI builds will now run these tests, but will ignore the results if they + fail. The relevant tests are ones that are sensitive to timing or + have edge conditions that make them more likely to fail on CI servers, + which are often heavily overloaded and slow. - ... and have curl trim the end when it reaches the expected total amount - of bytes instead of over-sending. + This change only adds two additional tests to be ignored, since the + others already had the flaky keyword. - Reported-by: JustAnotherArchivist on github - Closes #11223 + Closes #11865 -- curl: count uploaded data to stop at the originally given size +- runtests: eliminate a warning on old perl versions - Closes #11223 - Fixes #11222 - Reported-by: JustAnotherArchivist on github + The warning "Use of implicit split to @_ is deprecated" showed between + perl versions about 5.8 through 5.11. -- tool: remove exclamation marks from error/warning messages +- tests: log the test result code after each libtest -- tool: use errorf() for error output + This makes it easier to determine the test status. Also, capitalize + FAILURE and ABORT messages in log lines to make them easier to spot. - Convert a number of fprintf() calls. +Harry Sintonen (16 Sep 2023) -- tool: remove newlines from all helpf/notef/warnf/errorf calls +- misc: better random strings - Make voutf() always add one. + Generate alphanumerical random strings. - Closes #11226 + Prior this change curl used to create random hex strings. This was + mostly okay, but having alphanumerical random strings is better: The + strings have more entropy in the same space. -- tests/servers.pm: pick unused port number with a server socket + The MIME multipart boundary used to be mere 64-bits of randomness due + to being 16 hex chars. With these changes the boundary is 22 + alphanumerical chars, or little over 130 bits of randomness. - This change replaces the previous method of picking a port number at - random to try to start servers on, then retrying up to ten times with - new random numbers each time, with a function that creates a server - socket on port zero, thereby getting a suitable random port set by the - kernel. That server socket is then closed and that port number is used - to setup the actual test server on. + Closes #11838 - There is a risk that *another* server can be started on the machine in - the time gap, but the server verification feature will detect that. +Daniel Stenberg (15 Sep 2023) - Closes #11220 +- cookie: reduce variable scope, add const -- RELEASE-NOTES: synced +- cookie: do not store the expire or max-age strings - bump to 8.2.0 + Convert it to an expire time at once and save memory. -Alejandro R. Sedeño (31 May 2023) + Closes #11862 -- configure: fix run-compiler for old /bin/sh +- cookie: remove unnecessary struct fields - If you try to assign and export on the same line on some older /bin/sh - implementations, it complains: + Plus: reduce the hash table size from 256 to 63. It seems unlikely to + make much of a speed difference for most use cases but saves 1.5KB of + data per instance. - ``` - $ export "NAME=value" - NAME=value: is not an identifier - ``` + Closes #11862 - This commit rewrites run-compiler's assignments and exports to work with - old /bin/sh, splitting assignment and export into two separate - statements, and only quote the value. So now we have: +- RELEASE-NOTES: synced - ``` - NAME="value" - export NAME - ``` + Bumped to 8.4.0, the next presumed version - While we're here, make the same change to the two supporting - assign+export lines preceeding the script to be consistent with how - exports work throughout the rest of configure.ac. +Dan Fandrich (14 Sep 2023) - Closes #11228 +- test2600: remove special case handling for USE_ALARM_TIMEOUT -Philip Heiduck (31 May 2023) + This was originally added to handle platforms that supported only 1 + second granularity in connect timeouts, but after some recent changes + the test currently permafails on several Windows platforms. -- circleci: install impacket & wolfssl 5.6.0 + The need for this special-case was removed in commit 8627416, which + increased the connect timeout in all cases to well above 1 second. - Closes #11221 + Fixes #11767 + Closes #11849 -Daniel Stenberg (31 May 2023) +Daniel Stenberg (14 Sep 2023) -- tool_urlglob: use curl_off_t instead of longs +- SECURITY-PROCESS.md. call it vulnerability disclosure policy - To handle more globs better (especially on Windows) + SECURITY-PROCESS.md -> VULN-DISCLOSURE-POLICY.md - Closes #11224 + This a name commonly used for a document like this. This name helps + users find it. -Dan Fandrich (30 May 2023) + Closes #11852 -- scripts: Fix GHA matrix job detection in cijobs.pl +Junho Choi (14 Sep 2023) - The parsing is pretty brittle and it broke detecting some jobs at some - point. Also, detect if Windows is used in GHA. +- quiche: fix build error with --with-ca-fallback -- runtests: abort test run after failure without -a + - Fix build error when curl is built with --with-quiche + and --with-ca-fallback. - This was broken in a recent refactor and test runs would not stop. + - Add --with-ca-fallback to the quiche CI job. - Follow-up to d4a1b5b6 + Fixes https://github.com/curl/curl/issues/11850 + Closes https://github.com/curl/curl/pull/11847 - Reported-by: Daniel Stenberg - Fixes #11225 - Closes #11227 +Jay Satiro (14 Sep 2023) -Version 8.1.2 (30 May 2023) +- escape: replace Curl_isunreserved with ISUNRESERVED -Daniel Stenberg (30 May 2023) + - Use the ALLCAPS version of the macro so that it is clear a macro is + being called that evaluates the variable multiple times. -- RELEASE-NOTES: synced + - Also capitalize macro isurlpuntcs => ISURLPUNTCS since it evaluates + a variable multiple times. - 8.1.2 release + This is a follow-up to 291d225a which changed Curl_isunreserved into an + alias macro for ISUNRESERVED. The problem is the former is not easily + identified as a macro by the caller, which could lead to a bug. -- THANKS: contributors from 8.1.2 + For example, ISUNRESERVED(*foo++) is easily identifiable as wrong but + Curl_isunreserved(*foo++) is not even though they both are the same. -- lib1560: verify more scheme guessing + Closes https://github.com/curl/curl/pull/11846 - - on 2nd level domains - - on names without dots +Dan Fandrich (13 Sep 2023) - As mentioned in #11161, "imap.com" will be guessed IMAP +- tests: increase the default server logs lock timeout - Closes #11219 + This timeout is used to wait for the server to finish writing its logs + before checking them against the expected values. An overloaded machine + could take more than the two seconds previously allocated, so increase + the timeout to 5 seconds. -- page-header: minor wording polish in the URL segment + Ref: #11328 + Closes #11834 - Closes #11217 +- tests: increase TEST_HANG_TIMEOUT in two tests -- page-header: mention curl version and how to figure out current release + These tests had a 5 second timeout compared to 60 seconds for all other + tests. Make these consistent with the others for more reliability on + heavily-loaded machines. - Closes #11216 + Ref: #11328 -- RELEASE-NOTES: synced +- test1056: disable on Windows -- configure: without pkg-config and no custom path, use -lnghttp2 + This test relies on the IPv6 scope field being ignored when connecting to + ipv6-localhost (i.e. [::1%259999] is treated as [::1]). Maybe this is a bit + dodgy, but it works on all our test platforms except Windows. This + test was disabled manually on all Windows CI builds already, so instead + add an incompatible feature and precheck so it's skipped on Windows + everywhere automatically. - Reported-by: correctmost on github - Fixes #11186 - Closes #11210 +- test587: add a slight delay after test -Stefan Eissing (28 May 2023) + This test is designed to connect to the server, then immediately send a + few bytes and disconnect. In some situations, such as on a loaded + server, this doesn't give the server enough time to write its lock file + before its existence is checked. The test harness then fails to find the + server's input log file (because it hasn't been written yet) and fails + the test. By adding a short delay after the test, the HTTP server has + enough time to write its lock file which gives itself more time to write + its remaining files. -- curl: cache the --trace-time value for a second + Ref: #11328 - - caches HH:MM:SS computed and reuses it for logging during - the same second. - - common function for plain log line start formatting +- tests: stop overriding the lock timeout - Closes #11211 + These tests reduce the server lock wait timeout which can increase + flakiness on loaded machines. Since this is merely an optimization, + eliminate them in favour of reliability. -Kev Jackson (28 May 2023) + Ref: #11328 -- libcurl.m4: remove trailing 'dnl' that causes this to break autoconf +- tests: add some --expect100-timeout to reduce timing dependencies - Closes #11212 + These tests can fail when the test machine is so slow that the test HTTP + server didn't get a chance to complete before the client's one second + 100-continue timeout triggered. Increase that 1 second to 999 seconds so + this situation doesn't happen. -Stefan Eissing (26 May 2023) + Ref: #11328 -- http3: send EOF indicator early as possible +- test661: return from test early in case of curl error - - ngtcp2 and quiche implementations relied on the DONE_SEND event - to forward the EOF for uploads to the libraries. This often - result in a last 0 length EOF data. Tracking the amount of - data left to upload allows EOF indication earlier. - - refs #11205 where CloudFlare DoH servers did not like to - receive the initial upload DATA without EOF and returned - a 400 Bad Request +- tests: add the timing-dependent keyword on several tests - Reported-by: Sergey Fionov - Fixes #11205 - Closes #11207 + These are ones likely to fail on heavily-loaded machines that alter the + normal test timing. Most of these tests already had the flaky keyword + since this condition makes them more likely to fail on CI. -Daniel Stenberg (26 May 2023) +- test1592: greatly increase the maximum test timeout -- scripts/contri*sh: no longer grep -v ' ' + It was too short to be reliable on heavily loaded CI machines, and + as a fail-safe only, it didn't need to be short. - Originally these scripts filtered out names that have no space so that - they better avoid nick names not intended for credits. Such names are - not too commonly used, plus we now give credit even to those. + Ref: #11328 - Additionally: non-latin names, like Asian, don't have spaces at all so - they were also filtered out and had to be manually added which made it - an error-prone operation where Asian names eventually easily fell off by - mistake. +- test: minor test cleanups - Closes #11206 + Remove an obsolete block of code in tests 2032 & 576. + Add a comment in test 1474. -- cf-socket: restore Curl_sock_assign_addr() +- tests: quadruple the %FTPTIME2 and %FTPTIME3 timeouts - Regression since it was not private. Also used by msh3.c + This gives more of a margin for error when running on overloaded CI + servers. - Follow-up to 8e85764b7bd7f05f5 - Reported-by: Gisle Vanem - Fixes #11202 - Closes #11204 + Ref: #11328 -- RELEASE-NOTES: synced +- tests: improve SLOWDOWN test reliability by reducing sent data - Taken down to 8.1.2 now for pending patch release + These tests are run in SLOWDOWN mode which adds a 10 msec delay after + each character output, which means it takes at least 1.6 seconds (and + 320 kernel calls) just to get through the long welcome banner. On an + overloaded system, this can end up taking much more than 1.6 seconds, + and even more than the 7 or 16 second curl timeout that the tests rely + on, causing them to fail. Reducing the size of the welcome banner drops + the total number of characters sent before the transfer starts by more + than half, which reduces the opportunity for test-breaking slowdowns by + the same amount. -- libssh: when keyboard-interactive auth fails, try password + Ref: #11328 - The state machine had a mistake in that it would not carry on to that - next step. +- test650: fix an end tag typo - This also adds a verbose output what methods that are available from the - server and renames the macros that change to the next auth methods to - try. +Jay Satiro (13 Sep 2023) - Reported-by: 左潇峰 - Fixes #11196 - Closes #11197 +- tool_cb_wrt: fix debug assertion -Emanuele Torre (25 May 2023) + - Fix off-by-one out-of-bounds array index in Windows debug assertion. -- configure: fix build with arbitrary CC and LD_LIBRARY_PATH + Bug: https://github.com/curl/curl/commit/af3f4e41#r127212213 + Reported-by: Gisle Vanem - Since ./configure and processes that inherit its environment variables - are the only callers of the run-compiler script, we can just save the - current value of the LD_LIBRARY_PATH and CC variables to another pair of - environment variables, and make run-compiler a static script that - simply restores CC and LD_LIBRARY_PATH to the saved value, and before - running the compiler. +Daniel Stenberg (13 Sep 2023) - This avoids having to inject the values of the variables in the script, - possibly causing problems if they contains spaces, quotes, and other - special characters. +- ctype: add ISUNRESERVED() - Also add exports in the script just in case LD_LIBRARY_PATH and CC are - not already in the environment. + ... and make Curl_isunreserved() use that macro instead of providing a + separate funtion for the purpose. - follow-up from 471dab2 + Closes #11840 - Closes #11182 +Version 8.3.0 (13 Sep 2023) -Daniel Stenberg (25 May 2023) +Daniel Stenberg (13 Sep 2023) -- urlapi: remove superfluous host name check +- RELEASE-NOTES: syn ced - ... as it is checked later more proper. + curl 8.3.0 release - Closes #11195 +- THANKS: contributors from 8.3.0 -Stefan Eissing (25 May 2023) +Thorsten Klein (12 Sep 2023) -- http2: fix EOF handling on uploads with auth negotiation +- cmake: set SIZEOF_LONG_LONG in curl_config.h - - doing a POST with `--digest` does an override on the initial request - with `Content-Length: 0`, but the http2 filter was unaware of that - and expected the originally request body. It did therefore not - send a final DATA frame with EOF flag to the server. - - The fix overrides any initial notion of post size when the `done_send` - event is triggered by the transfer loop, leading to the EOF that - is necessary. - - refs #11194. The fault did not happen in testing, as Apache httpd - never tries to read the request body of the initial request, - sends the 401 reply and closes the stream. The server used in the - reported issue however tried to read the EOF and timed out on the - request. + in order to support 32bit builds regarding wolfssl CTC_SETTINGS - Reported-by: Aleksander Mazur - Fixes #11194 - Cloes #11200 + Closes #11839 -Daniel Stenberg (23 May 2023) +Jay Satiro (12 Sep 2023) -- RELEASE-NOTES: synced +- curl_ngtcp2: fix error message - bump to 8.2.0 +- http_aws_sigv4: handle no-value user header entries -- lib: remove unused functions, make single-use static + - Handle user headers in format 'name:' and 'name;' with no value. - Closes #11174 + The former is used when the user wants to remove an internal libcurl + header and the latter is used when the user actually wants to send a + no-value header in the format 'name:' (note the semi-colon is converted + by libcurl to a colon). -- scripts/singleuse.pl: add more API calls + Prior to this change the AWS header import code did not special case + either of those and the generated AWS SignedHeaders would be incorrect. -Christian Hesse (23 May 2023) + Reported-by: apparentorder@users.noreply.github.com -- configure: quote the assignments for run-compiler + Ref: https://curl.se/docs/manpage.html#-H - Building for multilib failed, as the compiler command contains an - extra argument. That needs quoting. + Fixes https://github.com/curl/curl/issues/11664 + Closes https://github.com/curl/curl/pull/11668 - Regression from b78ca50cb3dda361f9c1 +Dan Fandrich (11 Sep 2023) - Fixes #11179 - Closes #11180 +- CI: run pytest with the -v option -Daniel Stenberg (23 May 2023) + This lists of the test cases being run so it can be tracked over time. -- misc: fix spelling mistakes + Closes #11824 - Reported-by: musvaage on github - Fixes #11171 - Closes #11172 +Daniel Stenberg (11 Sep 2023) -Version 8.1.1 (23 May 2023) +- HTTP3: the msquic backend is not functional -Daniel Stenberg (23 May 2023) + I ask that we do not submit bugs for this backend just yet as we know it + does not fully work. -- RELEASE-NOTES: synced + Closes #11831 + Closes #11819 - curl 8.1.1 +- aws_sigv4: the query canon code miscounted URL encoded input -- THANKS: contributors from the 8.1.1 release + Added some extra ampersands to test 439 to verify "blank" query parts -Dan Fandrich (22 May 2023) + Follow-up to fc76a24c53b08cdf -- docs: fix fuzzing documentation link + Closes #11829 - Follow-up to 4c712a1b +vvb2060 (11 Sep 2023) -- CI: add an Alpine build with MUSL +- quic: don't set SNI if hostname is an IP address - MUSL is another libc implementation which has its own unique issues - worth testing. + We already do this for TLS connections. - Ref: #11140 - Closes #11178 + RFC 6066 says: Literal IPv4 and IPv6 addresses are not permitted in + "HostName". -- runtests: add a missing \n at the end of a log message + Ref: https://www.rfc-editor.org/rfc/rfc6066#section-3 -correctmost on github (22 May 2023) + Fixes https://github.com/curl/curl/issues/11827 + Closes https://github.com/curl/curl/pull/11828 -- SECURITY-PROCESS.md: link security advisory doc and fix typo +Daniel Stenberg (10 Sep 2023) - Closes #11177 +- RELEASE-NOTES: synced -Daniel Stenberg (22 May 2023) +Benoit Pierre (10 Sep 2023) -- TODO: build curl with Windows Unicode support +- configure: fix `HAVE_TIME_T_UNSIGNED` check - Closes #7229 + The syntax was incorrect (need a proper main body), and the test + condition was wrong (resulting in a signed `time_t` detected as + unsigned). -- KNOWN_BUGS: hyper memory-leaks + Closes #11825 - Closes #10803 +Daniel Stenberg (9 Sep 2023) -Stefan Eissing (22 May 2023) +- THANKS-filter: pszlazak on github -- http/2: unstick uploads +pszlazak (9 Sep 2023) - - refs #11157 and #11175 where uploads get stuck or lead to RST streams - - fixes our h2 send behaviour to continue sending in the nghttp2 session - as long as it wants to. This will empty our send buffer as long as - the remote stream/connection window allows. - - in case the window is exhausted, the data remaining in the send buffer - will wait for a WINDOW_UPDATE from the server. Which is a socket event - that engages our transfer loop again - - the problem in the issue was that we did not exhaust the window, but - left data in the sendbuffer and no further socket events did happen. - The server was just waiting for us to send more. - - relatedly, there was an issue fixed that closing a stream with KEEP_HOLD - set kept the transfer from shutting down - as it should have - leading - to a timeout. +- include.d: explain headers not printed with --fail before 7.75.0 - Closes #11176 + Prior to 7.75.0 response headers were not printed if -f/--fail was used + and an error was reported by server. This was fixed in ab525c0 + (precedes 7.75.0). -Daniel Stenberg (21 May 2023) + Closes #11822 -- workflows/macos: add a job using gcc + debug + secure transport +Daniel Stenberg (8 Sep 2023) -Jay Satiro (21 May 2023) +- http_aws_sigv4: skip the op if the query pair is zero bytes -- lib: fix conversion warnings with gcc on macOS + Follow-up to fc76a24c53b08cdf -Daniel Stenberg (21 May 2023) + Spotted by OSS-Fuzz -- sectransp.c: make the code c89 compatible + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62175 + Closes #11823 - Follow-up to dd2bb485521c2ec713001b3a +- cmdline-docs: use present tense, not future - Reported-by: FeignClaims on github - Fixes #11155 - Closes #11159 + + some smaller cleanups -Emanuele Torre (21 May 2023) + Closes #11821 -- Revert "urlapi: respect CURLU_ALLOW_SPACE and CURLU_NO_AUTHORITY for redirect - s" +- cmdline-docs: make sure to phrase it as "added in ...." - This reverts commit df6c2f7b544f1f35f2a3e0be11f345affeb6fe9c. - (It only keep the test case that checks redirection to an absolute URL - without hostname and CURLU_NO_AUTHORITY). + References to things that were added or changed in a specific version + should be specified as "(added in [version]) for two reasons: - I originally wanted to make CURLU_ALLOW_SPACE accept spaces in the - hostname only because I thought - curl_url_set(CURLUPART_URL, CURLU_ALLOW_SPACE) was already accepting - them, and they were only not being accepted in the hostname when - curl_url_set(CURLUPART_URL) was used for a redirection. + 1 - consistency - That is not actually the case, urlapi never accepted hostnames with - spaces, and a hostname with a space in it never makes sense. - I probably misread the output of my original test when I they were - normally accepted when using CURLU_ALLOW_SPACE, and not redirecting. + 2 - to allow gen.pl to strip them out if deemed referring to too old + versions - Some other URL parsers seems to allow space in the host part of the URL, - e.g. both python3's urllib.parse module, and Chromium's javascript URL - object allow spaces (chromium percent escapes the spaces with %20), - (they also both ignore TABs, and other whitespace characters), but those - URLs with spaces in the hostname are useless, neither python3's requests - module nor Chromium's window.location can actually use them. + Closes #11821 - There is no reason to add support for URLs with spaces in the host, - since it was not a inconsistency bug; let's revert that patch before it - makes it into release. Sorry about that. +Jay Satiro (8 Sep 2023) - I also reverted the extra check for CURLU_NO_AUTHORITY since that does - not seem to be necessary, CURLU_NO_AUTHORITY already worked for - redirects. +- docs: mark --ssl-revoke-best-effort as Schannel specific - Closes #11169 + Closes https://github.com/curl/curl/pull/11760 -Dan Fandrich (20 May 2023) +Nathan Moinvaziri (8 Sep 2023) -- runtests: use the correct fd after select +- schannel: fix ordering of cert chain info - The code was using the wrong fd when determining which runner was ready - with a response. + - Use CERT_CONTEXT's pbCertEncoded to determine chain order. - Ref: #10818 - Closes #11160 + CERT_CONTEXT from SECPKG_ATTR_REMOTE_CERT_CONTEXT contains + end-entity/server certificate in pbCertEncoded. We can use this pointer + to determine the order of certificates when enumerating hCertStore using + CertEnumCertificatesInStore. -- test425: fix the log directory for the upload + This change is to help ensure that the ordering of the certificate chain + requested by the user via CURLINFO_CERTINFO has the same ordering on all + versions of Windows. - This must be %LOGDIR to let it work with parallel tests. + Prior to this change Schannel certificate order was reversed in 8986df80 + but that was later reverted in f540a39b when it was discovered that + Windows 11 22H2 does the reversal on its own. - Ref: #10969 + Ref: https://github.com/curl/curl/issues/9706 -- runtests: handle interrupted reads from IPC pipes + Closes https://github.com/curl/curl/pull/11632 - These can be interrupted by signals, especially SIGINT to shut down, and - must be restarted so the IPC call arrives correctly. If the read just - returns an error instead, the IPC calling state will go out of sync and - a proper shutdown won't happen. +Chris Talbot (8 Sep 2023) - Ref: #10818 +- digest: Use hostname to generate spn instead of realm -Stefan Eissing (20 May 2023) + In https://www.rfc-editor.org/rfc/rfc2831#section-2.1.2 -- http2: upload improvements + digest-uri-value should be serv-type "/" host , where host is: - Make send buffer smaller to have progress and "upload done" reporting - closer to reality. Fix handling of send "drain" condition to no longer - trigger once the transfer loop reports it is done sending. Also do not - trigger the send "drain" on RST streams. + The DNS host name or IP address for the service requested. The + DNS host name must be the fully-qualified canonical name of the + host. The DNS host name is the preferred form; see notes on server + processing of the digest-uri. - Background: - - a upload stall was reported in #11157 that timed out - - test_07_33a reproduces a problem with such a stall if the - server 404s the request and RSTs the stream. - - test_07_33b verifies a successful PUT, using the parameters - from #11157 and checks success + Realm may not be the host, so we must specify the host explicitly. - Ref: #11157 - Closes #11165 + Note this change only affects the non-SSPI digest code. The digest code + used by SSPI builds already uses the hostname to generate the spn. -- http2: increase stream window size to 10 MB + Ref: https://github.com/curl/curl/issues/11369 - Reported-by: pandada8 on github + Closes https://github.com/curl/curl/pull/11395 - Fixes #11162 - Closes #11167 +Daniel Stenberg (7 Sep 2023) -Daniel Stenberg (20 May 2023) +- docs: remove use of the word 'very' -- lib: rename struct 'http_req' to 'httpreq' + It is mostly superfluous. proselint would complain. - Because FreeBSD 14 kidnapped the name. - Ref: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271526 + Closes #11818 - Fixes #11163 - Closes #11164 +- curl_multi_remove_handle.3: clarify what happens with connection -Viktor Szakats (20 May 2023) + Closes #11817 -- cmake: avoid `list(PREPEND)` for compatibility +- RELEASE-NOTES: synced - `list(PREPEND)` requires CMake v3.15, our minimum is v3.7. +- test439: verify query canonization for aws-sigv4 - Ref: https://cmake.org/cmake/help/latest/command/list.html#prepend +- tool_operate: make aws-sigv4 not require TLS to be used - Regression from 1e3319a167d2f32d295603167486e9e88af9bb4e + Maybe not used too often, but we want it for testing and it should work. - Reported-by: Keitagit-kun on Github - Fixes #11141 - Closes #11144 +- http_aws_sigv4: canonicalize the query -Daniel Stenberg (19 May 2023) + Percent encoding needs to be done using uppercase, and most + non-alphanumerical must be percent-encoded. -- RELEASE-NOTES: synced + Fixes #11794 + Reported-by: John Walker + Closes #11806 -Stefan Eissing (19 May 2023) +Wyatt O'Day (7 Sep 2023) -- ngtcp2: proper handling of uint64_t when adjusting send buffer +- lib: add ability to disable auths individually - Fixes #11149 - Closes #11153 + Both with configure and cmake -- ngtcp2: fix compiler warning about possible null-deref + Closes #11490 - - compiler analyzer did not include the call context for this - static function where the condition had already been checked. - - eleminating the problem by making stream a call parameter +Stefan Eissing (7 Sep 2023) - Fixes #11147 - Closes #11151 +- ngtcp2: fix handling of large requests -Emanuele Torre (19 May 2023) + - requests >64K are send in parts to the filter + - fix parsing of the request to assemble it correctly + from several sends + - open a QUIC stream only when the complete request has + been collected -- docs: document that curl_url_cleanup(NULL) is a safe no-op + Closes #11815 - This has always been the case, but it was not documented. +- openssl: when CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before - The paragraph was copied verbatim from curl_easy_cleanup.3 + - we delay loading the x509 store to shorten the handshake time. + However an application callback installed via CURLOPT_SSL_CTX_FUNCTION + may need to have the store loaded and try to manipulate it. + - load the x509 store before invoking the app callback - Closes #11150 + Fixes #11800 + Reported-by: guoxinvmware on github + Cloes #11805 -Antoine Pitrou (19 May 2023) +Daniel Stenberg (7 Sep 2023) -- select: avoid returning an error on EINTR from select() or poll() +- krb5: fix "implicit conversion loses integer precision" warnings - This was already done for the poll() and select() calls - made directly from Curl_poll(), but was missed in - Curl_wait_ms(), which is called when there are no fds - to wait on. + conversions to/from enum and unsigned chars - Fixes #11135 - Closes #11143 + Closes #11814 -Daniel Stenberg (19 May 2023) +Stefan Eissing (7 Sep 2023) -- vquic.c: make recvfrom_packets static, avoid compiler warning +- pytest: improvements - warning: no previous prototype for 'recvfrom_packets' + - set CURL_CI for pytest runs in CI environments + - exclude timing sensitive tests from CI runs + - for failed results, list only the log and stat of + the failed transfer - Reported-by: Keitagit-kun on github - Fixes #11146 - Closes #11148 + - fix type in http.c comment -- urlapi: allow numerical parts in the host name + Closes #11812 - It can only be an IPv4 address if all parts are all digits and no more than - four parts, otherwise it is a host name. Even slightly wrong IPv4 will now be - passed through as a host name. +- CI: move on to ngtcp2 v0.19.1 - Regression from 17a15d88467 shipped in 8.1.0 + Closes #11809 - Extended test 1560 accordingly. +Dan Fandrich (5 Sep 2023) - Reported-by: Pavel Kalyugin - Fixes #11129 - Closes #11131 +- CI: run Circle macOS builds on x86 for now -Emilio Cobos Ãlvarez (19 May 2023) + The ARM machines aren't ready for us and requesting them now causes + warnings e-mails to be sent to some PR pushers. -- http2: double http request parser max line length + Ref: #11771 - This works around #11138, by doubling the limit, and should be a - relatively safe fix. +Viktor Szakats (5 Sep 2023) - Ideally the buffer would grow as needed and there would be no need for a - limit? But that might be follow-up material. +- http3: adjust cast for ngtcp2 v0.19.0 - Fixes #11138 - Closes #11139 + ngtcp2 v0.19.0 made size of `ecn` member of `ngtcp2_pkt_info` + an `uint8_t` (was: `uint32_t`). Adjust our local cast accordingly. -Emanuele Torre (18 May 2023) + Fixes: + ``` + ./curl/lib/vquic/curl_ngtcp2.c:1912:12: warning: implicit conversion loses in + teger precision: 'uint32_t' (aka 'unsigned int') to 'uint8_t' (aka 'unsigned + char') [-Wimplicit-int-conversion] + pi.ecn = (uint32_t)ecn; + ~ ^~~~~~~~~~~~~ + ``` -- configure: fix --help alignment + Also bump ngtcp2, nghttp3 and nghttp2 to their latest versions in our + docs and CI. - AC_ARG_ENABLE seems to only trim off whitespace from the start and end - of its help-string argument, while prepending two spaces of indentation - to all lines. + Ref: https://github.com/ngtcp2/ngtcp2/commit/80447281bbc94af53f8aa7a4cfc19175 + 782894a3 + Ref: https://github.com/ngtcp2/ngtcp2/pull/877 + Closes #11798 - This means that the two spaces of indentation between the --enable-rtsp - and the --disable-rtsp line were not removed causing ./configure --help - to print: +Stefan Eissing (5 Sep 2023) - Optional Features: - [...] - --enable-rtsp Enable RTSP support - --disable-rtsp Disable RTSP support +- http: fix sending of large requests - I removed the indentation to fix the issue, now it prints: + - refs #11342 where errors with git https interactions + were observed + - problem was caused by 1st sends of size larger than 64KB + which resulted in later retries of 64KB only + - limit sending of 1st block to 64KB + - adjust h2/h3 filters to cope with parsing the HTTP/1.1 + formatted request in chunks - Optional Features: - [...] - --enable-rtsp Enable RTSP support - --disable-rtsp Disable RTSP support + - introducing Curl_nwrite() as companion to Curl_write() + for the many cases where the sockindex is already known - The --enable-hsts and --disable-hsts lines had the same problems, and - have been fixed too. + Fixes #11342 (again) + Closes #11803 - Closes #11142 +- pytest: fix check for slow_network skips to only apply when intended -Deal(一线çµ) (18 May 2023) + Closes #11801 -- cmake: repair cross compiling +Daniel Stenberg (5 Sep 2023) - It cannot *run* code for testing purposes when cross-compiling. +- curl_url_get/set.3: add missing semicolon in SYNOPSIS - Closes #11130 +- CURLOPT_URL.3: explain curl_url_set() uses the same parser -Daniel Stenberg (18 May 2023) +- CURLOPT_URL.3: add two URL API calls in the see-also section -- configure: generate a script to run the compiler +Dan Fandrich (4 Sep 2023) - in the CURL_RUN_IFELSE macro, with LD_LIBRARY_PATH set to the value of - the configure invoke, and not the value that might be used later, - intended for the execution of the output the compiler ouputs. +- CI: add a 32-bit i686 Linux build - For example when the compiler uses the same library (like libz) that - configure checks for. + This is done by cross-compiling under regular x86_64 Linux. Since the + kernel offers backwards compatibility, the binaries can be tested as + normal. - Reported-by: Jonas Bülow - Fixes #11114 - Closes #11120 + Closes #11799 -Stefan Eissing (18 May 2023) +- tests: fix a type warning on 32-bit x86 -- cf-socket: completely remove the disabled USE_RECV_BEFORE_SEND_WORKAROUND +Viktor Szakats (4 Sep 2023) - Closes #11118 +- tests: delete stray `.orig` file -Emanuele Torre (18 May 2023) + Follow-up to 331b89a319d0067fa1e6441719307cfef9c7960f + Closes #11797 -- urlapi: respect CURLU_ALLOW_SPACE and CURLU_NO_AUTHORITY for redirects +Daniel Stenberg (4 Sep 2023) - curl_url_set(uh, CURLUPART_URL, redirurl, flags) was not respecing - CURLU_ALLOW_SPACE and CURLU_NO_AUTHORITY in the host part of redirurl - when redirecting to an absolute URL. +- RELEASE-NOTES: synced - Closes #11136 +Viktor Szakats (4 Sep 2023) -Colin Cross (18 May 2023) +- lib: silence compiler warning in inet_ntop6 -- hostip: move easy_lock.h include above curl_memory.h + ``` + ./curl/lib/inet_ntop.c:121:21: warning: possible misuse of comma operator her + e [-Wcomma] + cur.base = i, cur.len = 1; + ^ + ./curl/lib/inet_ntop.c:121:9: note: cast expression to void to silence warnin + g + cur.base = i, cur.len = 1; + ^~~~~~~~~~~~ + (void)( ) + ``` - Similar to #9561, move easy_lock.h above curl_memory.h to fix building - against musl libc. + Closes #11790 - Closes #11140 +Daniel Stenberg (4 Sep 2023) -Hind Montassif (18 May 2023) +- transfer: also stop the sending on closed connection -- curl_easy_getinfo: clarify on return data types + Previously this cleared the receiving bit only but in some cases it is + also still sending (like a request-body) when disconnected and neither + direction can continue then. - Closes #11126 + Fixes #11769 + Reported-by: Oleg Jukovec + Closes #11795 -Emanuele Torre (18 May 2023) +John Bampton (4 Sep 2023) -- checksrc: disallow spaces before labels +- docs: change `sub-domain` to `subdomain` - Out of 415 labels throughout the code base, 86 of those labels were - not at the start of the line. Which means labels always at the start of - the line is the favoured style overall with 329 instances. + https://en.wikipedia.org/wiki/Subdomain - Out of the 86 labels not at the start of the line: - * 75 were indented with the same indentation level of the following line - * 8 were indented with exactly one space - * 2 were indented with one fewer indentation level then the following - line - * 1 was indented with the indentation level of the following line minus - three space (probably unintentional) + Closes #11793 - Co-Authored-By: Viktor Szakats +Stefan Eissing (4 Sep 2023) - Closes #11134 +- multi: more efficient pollfd count for poll -Daniel Stenberg (18 May 2023) + - do not use separate pollfds for sockets that have POLLIN+POLLOUT -- cookie: update the comment on cookie length and size limits + Closes #11792 - To refer to the proper cookie RFC and the upcoming RFC refresh. +- http2: polish things around POST - Closes #11127 + - added test cases for various code paths + - fixed handling of blocked write when stream had + been closed inbetween attempts + - re-enabled DEBUGASSERT on send with smaller data size -- url: provide better error message when URLs fail to parse + - in debug builds, environment variables can be set to simulate a slow + network when sending data. cf-socket.c and vquic.c support + * CURL_DBG_SOCK_WBLOCK: percentage of send() calls that should be + answered with a EAGAIN. TCP/UNIX sockets. + This is chosen randomly. + * CURL_DBG_SOCK_WPARTIAL: percentage of data that shall be written + to the network. TCP/UNIX sockets. + Example: 80 means a send with 1000 bytes would only send 800 + This is applied to every send. + * CURL_DBG_QUIC_WBLOCK: percentage of send() calls that should be + answered with EAGAIN. QUIC only. + This is chosen randomly. - By providing the URL API error message into the error message. + Closes #11756 - Ref: #11129 - Closes #11137 +Daniel Stenberg (4 Sep 2023) -- RELEASE-NOTES: synced +- docs: add curl_global_trace to some SEE ALSO sections - bumped to 8.1.1 + Closes #11791 -Jon Rumsey (18 May 2023) +- os400: fix checksrc nits -- os400: update chkstrings.c + Closes #11789 - Compensate changes for recent changes to urldata.h to reclassify - STRING_AWS_SIGV4. +Nicholas Nethercote (3 Sep 2023) - Fixes #11132 - Closes #11133 +- hyper: remove `hyptransfer->endtask` -Version 8.1.0 (17 May 2023) + `Curl_hyper_stream` needs to distinguish between two kinds of + `HYPER_TASK_EMPTY` tasks: (a) the `foreach` tasks it creates itself, and + (b) background tasks that hyper produces. It does this by recording the + address of any `foreach` task in `hyptransfer->endtask` before pushing + it into the executor, and then comparing that against the address of + tasks later polled out of the executor. -Daniel Stenberg (17 May 2023) + This works right now, but there is no guarantee from hyper that the + addresses are stable. `hyper_executor_push` says "The executor takes + ownership of the task, which should not be accessed again unless + returned back to the user with `hyper_executor_poll`". That wording is a + bit ambiguous but with my Rust programmer's hat on I read it as meaning + the task returned with `hyper_executor_poll` may be conceptually the + same as a task that was pushed, but that there are no other guarantees + and comparing addresses is a bad idea. -- RELEASE-NOTES: synced + This commit instead uses `hyper_task_set_userdata` to mark the `foreach` + task with a `USERDATA_RESP_BODY` value which can then be checked for, + removing the need for `hyptransfer->endtask`. This makes the code look + more like that hyper C API examples, which use userdata for every task + and never look at task addresses. -- THANKS: contributors from the 8.1.0 release + Closes #11779 -- hostip: include easy_lock.h before using GLOBAL_INIT_IS_THREADSAFE +Dave Cottlehuber (3 Sep 2023) - Since that header file is the only place that define can be defined. +- ws: fix spelling mistakes in examples and tests - Reported-by: Marc Deslauriers + Closes #11784 - Follow-up to 13718030ad4b3209 +Daniel Stenberg (3 Sep 2023) - Closes #11121 +- tool_filetime: make -z work with file dates before 1970 -Thomas Taylor (16 May 2023) + Fixes #11785 + Reported-by: Harry Sintonen + Closes #11786 -- aws-sigv4.d: fix region identifier in example +Dan Fandrich (1 Sep 2023) - Closes #11117 +- build: fix portability of mancheck and checksrc targets -Philip Heiduck (15 May 2023) + At least FreeBSD preserves cwd across makefile lines, so rules + consisting of more than one "cd X; do_something" must be explicitly run + in a subshell to avoid this. This problem caused the Cirrus FreeBSD + build to fail when parallel make jobs were enabled. -- mlc_config.json: remove this linkcheck CI job config file +- CI: adjust labeler match patterns for new & obsolete files - Closes #11113 +- configure: trust pkg-config when it's used for zlib -Daniel Silverstone (15 May 2023) + The library flags retrieved from pkg-config were later thrown out and + harded-coded, which negates the whole reason to use pkg-config. + Also, previously, the assumption was made that --libs-only-l and + --libs-only-L are the full decomposition of --libs, which is untrue and + would not allow linking against a static zlib. The new approach is + better in that it uses --libs, although only if --libs-only-l returns + nothing. -- ssh: Add support for libssh2 read timeout + Bug: https://curl.se/mail/lib-2023-08/0081.html + Reported-by: Randall + Closes #11778 - Hook the new (1.11.0 or newer) libssh2 support for setting a read timeout - into the SERVER_RESPONSE_TIMEOUT option. With this done, clients can use - the standard curl response timeout setting to also control the time that - libssh2 will wait for packets from a slow server. This is necessary to - enable use of very slow SFTP servers. +Stefan Eissing (1 Sep 2023) - Signed-off-by: Daniel Silverstone +- CI/ngtcp2: clear wolfssl for when cache is ignored - Closes #10965 + Closes #11783 -Osama Albahrani (14 May 2023) +Daniel Stenberg (1 Sep 2023) -- GIT-INFO: add --with-openssl +- RELEASE-NOTES: synced - Closes #11110 +Nicholas Nethercote (1 Sep 2023) -Daniel Stenberg (13 May 2023) +- hyper: fix a progress upload counter bug -- RELEASE-NOTES: synced + `Curl_pgrsSetUploadCounter` should be a passed a total count, not an + increment. -Marcel Raad (13 May 2023) + This changes the failing diff for test 579 with hyper from this: + ``` + Progress callback called with UL 0 out of 0[LF] + -Progress callback called with UL 8 out of 0[LF] + -Progress callback called with UL 16 out of 0[LF] + -Progress callback called with UL 26 out of 0[LF] + -Progress callback called with UL 61 out of 0[LF] + -Progress callback called with UL 66 out of 0[LF] + +Progress callback called with UL 29 out of 0[LF] + ``` + to this: + ``` + Progress callback called with UL 0 out of 0[LF] + -Progress callback called with UL 8 out of 0[LF] + -Progress callback called with UL 16 out of 0[LF] + -Progress callback called with UL 26 out of 0[LF] + -Progress callback called with UL 61 out of 0[LF] + -Progress callback called with UL 66 out of 0[LF] + +Progress callback called with UL 40 out of 0[LF] + ``` + Presumably a step in the right direction. -- md(4|5): don't use deprecated iOS functions + Closes #11780 - They are marked as deprecated in iOS 13.0, which might result in - warnings-as-errors. +Daniel Stenberg (1 Sep 2023) - Also, use `*_MIN_REQUIRED` instead of `*_MIN_ALLOWED`, which seems to - be what's currently used. +- awssiv4: avoid freeing the date pointer on error - Bug: https://github.com/curl/curl/issues/11098 - Closes https://github.com/curl/curl/pull/11102 + Since it was not allocated, don't free it even if it was wrong syntax -- md4: only build when used + Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61908 - Its only usage in curl_ntlm_core.c is guarded by `USE_CURL_NTLM_CORE`, - so let's use this here too. + Follow-up to b137634ba3adb - Ref: https://github.com/curl/curl/issues/11098 - Closes https://github.com/curl/curl/pull/11102 + Closes #11782 -Vítor Galvão (12 May 2023) +Stefan Eissing (1 Sep 2023) -- write-out.d: Use response_code in example +- CI: ngtcp2-linux: use separate caches for tls libraries - Closes #11107 + allow ever changing master for wolfssl -Shohei Maeda (12 May 2023) + Closes #11766 -- url: fix null dispname for --connect-to option +- replace `master` as wolfssl-version with recent commit - Closes #11106 +- wolfssl, use master again in CI -Daniel Stenberg (12 May 2023) + - with the shared session update fix landed in master, it + is time to use that in our CI again -- test2306: verify getting a second response with folded headers +Nicholas Nethercote (31 Aug 2023) - Reproduces the isue #11101 and verifies the fix. +- tests: fix formatting errors in `FILEFORMAT.md`. - Verifies a17b2a503f + Without the surrounding backticks, these tags get swallowed when the + markdown is rendered. -- headers: clear (possibly) lingering pointer in init + Closes #11777 - The "prevhead" pointer is used for the headers storage but was not - cleared correctly in init, which made it possible to act up when a - handle is reused. +Viktor Szakats (31 Aug 2023) - Reported-by: Steve Herrell - Fixes #11101 - Closes #11103 +- cmake: add support for `CURL_DEFAULT_SSL_BACKEND` -- RELEASE-NOTES: synced + Allow overriding the default TLS backend via a CMake setting. -- ngtcp2: use 0.15.0 + E.g.: + `cmake [...] -DCURL_DEFAULT_SSL_BACKEND=mbedtls` - - nghttp3 0.11.0 - - nghttp2 1.53.0 + Accepted values: bearssl, gnutls, mbedtls, openssl, rustls, + schannel, secure-transport, wolfssl - Adapt to new API calls + The passed string is baked into the curl/libcurl binaries. + The value is case-insensitive. - Closes #11031 + We added a similar option to autotools in 2017 via + c7170e20d0a18ec8a514b4daa53bcdbb4dcb3a05. -Jay Satiro (10 May 2023) + TODO: Convert to lowercase to improve reproducibility. -- openssl: fix indent + Closes #11774 -Daniel Stenberg (10 May 2023) +- sectransp: fix compiler warnings -- CURLOPT_DNS_CACHE_TIMEOUT.3: fix spelling + https://github.com/curl/curl-for-win/actions/runs/6037489221/job/16381860220# + step:3:11046 + ``` + /Users/runner/work/curl-for-win/curl-for-win/curl/lib/vtls/sectransp.c:2435:1 + 4: warning: unused variable 'success' [-Wunused-variable] + OSStatus success; + ^ + /Users/runner/work/curl-for-win/curl-for-win/curl/lib/vtls/sectransp.c:3300:4 + 4: warning: unused parameter 'sha256len' [-Wunused-parameter] + size_t sha256len) + ^ + ``` - Follow-up to 9ed7d56e044f5aa1b29 + Closes #11773 - Closes #11096 +- tidy-up: mostly whitespace nits -- hostip: use time_t for storing oldest DNS entry + - delete completed TODO from `./CMakeLists.txt`. + - convert a C++ comment to C89 in `./CMake/CurlTests.c`. + - delete duplicate EOLs from EOF. + - add missing EOL at EOF. + - delete whitespace at EOL (except from expected test results). + - convert tabs to spaces. + - convert CRLF EOLs to LF in GHA yaml. + - text casing fixes in `./CMakeLists.txt`. + - fix a codespell typo in `packages/OS400/initscript.sh`. - Theoretically, the oldest time could overflow an int. In practice that - won't happen, but let's do this to please analyzers. + Closes #11772 - Follow-up to 9ed7d56e044f5aa1b2928ccde6245d0 +Dan Fandrich (31 Aug 2023) - Pointed out by Coverity. - Closes #11094 +- CI: remove Windows builds from Cirrus, without replacement -- http: free the url before storing a new copy + If we don't do this, all coverage on Cirrus will cease in a few days. By + removing the Windows builds, the FreeBSD one should still continue + as before. The Windows builds will need be moved to another service to + maintain test coverage. - To avoid a memory-leak. + Closes #11771 - Reported-by: Hiroki Kurosawa +- CI: switch macOS ARM build from Cirrus to Circle CI - Closes #11093 + Cirrus is drastically reducing their free tier on Sept. 1, so they will + no longer perform all these builds for us. All but one build has been + moved, with the LibreSSL one being dropped because of linking problems + on Circle. -- compressed.d: clarify the words on "not notifying headers" + One important note about this change is that Circle CI is currently + directing all these builds to x86_64 hardware, despite them requesting + ARM. This is because ARM nodes are scheduled to be available on the + free tier only in December. This reduces our architectural diversity + until then but it should automatically come back once those machines are + enabled. - Reported-by: Dylan Anthony - Fixes #11091 - Closes #11092 +- CI: use the right variable for BSD make -- libssh2: free fingerprint better + BSD uses MAKEFLAGS instead of MAKE_FLAGS so it wasn't doing parallel + builds before. - Reported-by: Wei Chong Tan - Closes #11088 +- CI: drop the FreeBSD 12.X build -- CURLOPT_IPRESOLVE.3: clarify that this for host names, not IP addresses + Cirrus' new free tier won't let us have many builds, so drop the + nonessential ones. The FreeBSD 13.X build will still give us the most + relevant FreeBSD coverage. - Reported-by: Harry Sintonen - Closes #11087 +- CI: move the Alpine build from Cirrus to GHA -- hostip: enforce a maximum DNS cache size independent of timeout value + Cirrus is reducing their free tier to next to nothing, so we must move + builds elsewhere. - To reduce the damage an application can cause if using -1 or other - ridiculous timeout values and letting the cache live long times. +Stefan Eissing (30 Aug 2023) - The maximum number of entries in the DNS cache is now totally - arbitrarily and hard-coded set to 29999. +- test_07_upload.py: fix test_07_34 curl args - Closes #11084 + - Pass correct filename to --data-binary. -- hostip: store dns timeout as 'int' + Prior to this change --data-binary was passed an incorrect filename due + to a missing separator in the arguments list. Since aacbeae7 curl will + error on incorrect filenames for POST. - ... because it set and held as an 'int' elsewhere and can never be - larger. + Fixes https://github.com/curl/curl/issues/11761 + Closes https://github.com/curl/curl/pull/11763 -- RELEASE-NOTES: synced +Nicholas Nethercote (30 Aug 2023) -- tool_operate: refuse (--data or --form) and --continue-at combo +- tests: document which tests fail due to hyper's lack of trailer support. - libcurl assumes that a --continue-at resumption is done to continue an - upload using the read callback and neither --data nor --form use - that and thus won't do what the user wants. Whatever the user wants - with this strange combination. + Closes #11762 - Add test 426 to verify. +- docs: removing "pausing transfers" from HYPER.md. - Reported-by: Smackd0wn on github - Fixes #11081 - Closes #11083 + It's a reference to #8600, which was fixed by #9070. -- transfer: refuse POSTFIELDS + RESUME_FROM combo + Closes #11764 - The code assumes that such a resume is wanting to continue an upload - using the read callback, and since POSTFIELDS is done without callback - libcurl will just misbehave. +Patrick Monnerat (30 Aug 2023) - This combo will make the transfer fail with CURLE_BAD_FUNCTION_ARGUMENT - with an explanation in the error message. +- os400: handle CURL_TEMP_PRINTF() while building bind source - Reported-by: Smackd0wn on github - Fixes #11081 - Closes #11083 + Closes #11547 -- ipv4.d/ipv6.d: they are "mutex", not "boolean" +- os400: build test servers - ... which for example means they do not have --no-* versions. + Also fix a non-compliant main prototype in disabled.c. - Reported-by: Harry Sintonen - Fixes #11085 - Closes #11086 + Closes #11547 -- docs/SECURITY-ADVISORY.md: how to write a curl security advisory +- tests: fix compilation error for os400 - Closes #11080 + OS400 uses BSD 4.3 setsockopt() prototype by default: this does not + define parameter as const, resulting in an error if actual parameter is + const. Remove the const keyword from the actual parameter cast: this + works in all conditions, even if the formal parameter uses it. -nobedee on github (5 May 2023) + Closes #11547 -- MANUAL.md: add dict example for looking up a single definition +- os400: make programs and command name configurable - Closes #11077 + Closes #11547 -Dan Fandrich (5 May 2023) +- os400: move build configuration parameters to a separate script -- runtests: fix -c option when run with valgrind + They can then easily be overriden in a script named "config400.override" + that is not part of the distribution. - The curl binary argument wasn't being quoted properly. This seems to - have broken at some point after quoting was added in commit 606b29fe. + Closes #11547 - Reported-by: Daniel Stenberg - Ref: #11073 - Fixes #11074 - Closes #11076 +- os400: implement CLI tool -- runtests: support creating more than one runner process + This is provided as a QADRT (ascii) program, a link to it in the IFS and + a minimal CL command. - The controller currently only creates and uses one, but more are now - possible. + Closes #11547 - Ref: #10818 +Matthias Gatto (30 Aug 2023) -- runtests: spawn a new process for the test runner +- lib: fix aws-sigv4 having date header twice in some cases - When the -j option is given, a new process is spawned in which the test - programs are run and from which test servers are started. Only one - process can be started at once, but this is sufficient to test that the - infrastructure can isolate those functions in a new task. There should - be no visible difference between the two modes at the moment. + When the user was providing the header X-XXX-Date, the header was + re-added during signature computation, and we had it twice in the + request. - Ref: #10818 - Closes #11064 + Reported-by: apparentorder@users.noreply.github.com -- runtests: turn singletest() into a state machine + Signed-off-by: Matthias Gatto - This allows it to run in a non-blocking manner. + Fixes: https://github.com/curl/curl/issues/11738 + Closes: https://github.com/curl/curl/pull/11754 - Ref: #10818 +Jay Satiro (30 Aug 2023) -- runtests: change runner interface to be asynchronous +- multi: remove 'processing: ' debug message - Program arguments are marshalled and then written to the end of a pipe - which is later read from and the arguments unmarshalled before the - desired function is called normally. The function return values are - then marshalled and written into another pipe when is later read from - and unmarshalled before being returned to the caller. + - Remove debug message added by e024d566. - The implementation is currently blocking but can be made non-blocking - without any changes to the API. This allows calling multiple runners - without blocking in the future. + Closes https://github.com/curl/curl/pull/11759 - Ref: #10818 +- ftp: fix temp write of ipv6 address -- runtests: call citest_finishtest in singletest + - During the check to differentiate between a port and IPv6 address + without brackets, write the binary IPv6 address to an in6_addr. - This is where citest_starttest is called. + Prior to this change the binary IPv6 address was erroneously written to + a sockaddr_in6 'sa6' when it should have been written to its in6_addr + member 'sin6_addr'. There's no fallout because no members of 'sa6' are + accessed before it is later overwritten. - Ref: #10818 + Closes https://github.com/curl/curl/pull/11747 -- runtests: add a runner initialization function +- tool: change some fopen failures from warnings to errors - This sets up the runner environment to start running tests. + - Error on missing input file for --data, --data-binary, + --data-urlencode, --header, --variable, --write-out. - Ref: #10818 + Prior to this change if a user of the curl tool specified an input file + for one of the above options and that file could not be opened then it + would be treated as zero length data instead of an error. For example, a + POST using `--data @filenametypo` would cause a zero length POST which + is probably not what the user intended. -- runtests: remove directory from server filename variables + Closes https://github.com/curl/curl/pull/11677 - There will soon be multiple log directories so the paths will no longer - be static in runtests.pl. Also, get rid of $SERVER2IN which was not - used. +- hostip: fix typo - Ref: #10818 +Davide Masserut (29 Aug 2023) -- runtests: reduce package exports after refactoring +- tool: avoid including leading spaces in the Location hyperlink - Some recent refactoring made these export no longer necessary. Also, - stop displaying the Unix socket paths at startup since there will soon - be many of them and they're not that interesting. + Co-authored-by: Dan Fandrich - Ref: #10818 + Closes #11735 -- runtests: use a function to obtain $LOGDIR for a test +Daniel Stenberg (29 Aug 2023) - This will no longer be static soon. +- SECURITY-PROCESS.md: not a sec issue: Tricking user to run a cmdline - Ref: #10818 + Closes #11757 -Jay Satiro (5 May 2023) +- connect: stop halving the remaining timeout when less than 600 ms left -- tool_cb_hdr: Fix 'Location:' formatting for early VTE terminals + When curl wants to connect to a host, it always has a TIMEOUT. The + maximum time it is allowed to spend until a connect is confirmed. - - Disable hyperlink formatting for the 'Location:' header value in VTE - 0.48.1 and earlier, since it is buggy in some of those versions. + curl will try to connect to each of the IP adresses returned for the + host. Two loops, one for each IP family. - Prior to this change those terminals may show the location header value - as gibberish or show it twice. + During the connect loop, while curl has more than one IP address left to + try within a single address family, curl has traditionally allowed (time + left/2) for *this* connect attempt. This, to not get stuck on the + initial addresses in case the timeout but still allow later addresses to + get attempted. - Ref: https://gist.github.com/egmontkob/eb114294efbcd5adb1944c9f3cb5feda#backw - ard-compatibility + This has the downside that when users set a very short timeout and the + host has a large number of IP addresses, the effective result might be + that every attempt gets a little too short time. - Fixes https://github.com/curl/curl/issues/10428 - Closes https://github.com/curl/curl/pull/11071 + This change stop doing the divided-by-two if the total time left is + below a threshold. This threshold is 600 milliseconds. -François Michel (3 May 2023) + Closes #11693 -- quiche: disable pacing while pacing is not actually performed +- asyn-ares: reduce timeout to 2000ms - Closes #11068 + When UDP packets get lost this makes for slightly faster retries. This + lower timeout is used by @c-ares itself by default starting next + release. -Daniel Stenberg (2 May 2023) + Closes #11753 -- easy_cleanup: require a "good" handle to act +John Bampton (29 Aug 2023) - By insisting that the passed in handle is "good" (the magic number is - intact), this can limit the potential damage if a bad pointer is passed - in. Like when this function is called twice on the same handle pointer. +- misc: remove duplicate words - Ref: #10964 - Closes #11061 + Closes #11740 -Andreas Falkenhahn (1 May 2023) +Daniel Stenberg (29 Aug 2023) -- amiga: Fix CA certificate paths for AmiSSL and MorphOS +- RELEASE-NOTES: synced - AmiSSL stores certificates in `AmiSSL:Certs` and MorphOS stores them in - `MOSSYS:Data/SSL/curl-ca-bundle.crt`. +- wolfSSL: avoid the OpenSSL compat API when not needed - Closes https://github.com/curl/curl/pull/11059 + ... and instead call wolfSSL functions directly. -Daniel Stenberg (30 Apr 2023) + Closes #11752 -- http2: (void)-mark when we explicitly ignore the return code +Viktor Szakats (28 Aug 2023) - When h2_progress_egress() is called. Pointed out by Coverity. +- lib: fix null ptr derefs and uninitialized vars (h2/h3) - Closes #11057 + Fixing compiler warnings with gcc 13.2.0 in unity builds. -- checksrc: find bad indentation in conditions without open brace + Assisted-by: Jay Satiro + Assisted-by: Stefan Eissing + Closes #11739 - If the previous line starts with if/while/for AND ends with a closed - parenthesis and there's an equal number of open and closed parentheses - on that line, verify that this line is indented $indent more steps, if - not a cpp line. +Jay Satiro (28 Aug 2023) - Also adjust the fall-out from this fix. +- secureserver.pl: fix stunnel version parsing - Closes #11054 + - Allow the stunnel minor-version version part to be zero. -Diogo Teles Sant'Anna (28 Apr 2023) + Prior to this change with the stunnel version scheme of . + if either part was 0 then version parsing would fail, causing + secureserver.pl to fail with error "No stunnel", causing tests that use + the SSL protocol to be skipped. As a practical matter this bug can only + be caused by a minor-version part of 0, since the major-version part is + always greater than 0. -- CI: Set minimal permissions on workflow ngtcp2-quictls.yml + Closes https://github.com/curl/curl/pull/11722 - Signed-off-by: Diogo Teles Sant'Anna +- secureserver.pl: fix stunnel path quoting - Closes #11055 + - Store the stunnel path in the private variable $stunnel unquoted and + instead quote it in the command strings. -Dan Fandrich (28 Apr 2023) + Prior to this change the quoted stunnel path was passed to perl's file + operators which cannot handle quoted paths. For example: -- CI: use another glob syntax for matching files on Appveyor + $stunnel = "\"/C/Program Files (x86)/stunnel/bin/tstunnel\""; + if(-x $stunnel or -x "$stunnel") + # false even if path exists and is executable - The previous globbing syntax was not matching files recursively in - directories, so try appending a /* to more closely match the examples at - https://www.appveyor.com/docs/how-to/filtering-commits/ + Our other test scripts written in perl, unlike this one, use servers.pm + which has a global $stunnel variable with the path stored unquoted and + therefore those scripts don't have this problem. -Daniel Stenberg (28 Apr 2023) + Closes https://github.com/curl/curl/pull/11721 -- multi: add multi-ignore logic to multi_socket_action +Daniel Stenberg (28 Aug 2023) - The multi-ignore logic that was previously applied to - curl_multi_perform() (#10750) is here applied to the loop within - curl_multi_socket_action() to make it use the same optimization: most - handles have the same signal-ignore option state so this drastically - reduces the number of ignore/unignore calls per libcurl function invoke. +- altsvc: accept and parse IPv6 addresses in response headers - Follow-up to bc90308328afb8 + Store numerical IPv6 addresses in the alt-svc file with the brackets + present. - Closes #11045 + Verify with test 437 and 438 -Stefan Eissing (28 Apr 2023) + Fixes #11737 + Reported-by: oliverpool on github + Closes #11743 -- http2: do flow window accounting for cancelled streams +- libtest: use curl_free() to free libcurl allocated data - - nghttp2 does not free connection level window flow for - aborted streams - - when closing transfers, make sure that any buffered - response data is "given back" to the flow control window - - add tests test_02_22 and test_02_23 to reproduce + In several test programs. These mistakes are not detected or a problem + as long as memdebug.h is included, as that provides the debug wrappers + for all memory functions in the same style libcurl internals do it, + which makes curl_free and free effectively the same call. - Closes #11052 + Reported-by: Nicholas Nethercote + Closes #11746 -- pingpong: fix compiler warning "assigning an enum to unsigned char" +Jay Satiro (28 Aug 2023) - Closes #11050 +- disable.d: explain --disable not implemented prior to 7.50.0 -Daniel Stenberg (28 Apr 2023) + Option -q/--disable was added in 5.0 but only -q was actually + implemented. Later --disable was implemented in e200034 (precedes + 7.49.0), but incorrectly, and fixed in 6dbc23c (precedes 7.50.0). -- configure: fix detection of apxs (for httpd) + Reported-by: pszlazak@users.noreply.github.com - The condition check was turned the wrong way around! + Fixes https://github.com/curl/curl/issues/11710 + Closes #11712 - Closes #11051 +Nicholas Nethercote (28 Aug 2023) -Viktor Szakats (28 Apr 2023) +- hyper: fix ownership problems -- ci: `-Wno-vla` no longer necessary + Some of these changes come from comparing `Curl_http` and + `start_CONNECT`, which are similar, and adding things to them that are + present in one and missing in another. - We handle this issue in the source now. + The most important changes: + - In `start_CONNECT`, add a missing `hyper_clientconn_free` call on the + happy path. + - In `start_CONNECT`, add a missing `hyper_request_free` on the error + path. + - In `bodysend`, add a missing `hyper_body_free` on an early-exit path. + - In `bodysend`, remove an unnecessary `hyper_body_free` on a different + error path that would cause a double-free. + https://docs.rs/hyper/latest/hyper/ffi/fn.hyper_request_set_body.html + says of `hyper_request_set_body`: "This takes ownership of the + hyper_body *, you must not use it or free it after setting it on the + request." This is true even if `hyper_request_set_body` returns an + error; I confirmed this by looking at the hyper source code. - Follow-up to b725fe1944b45406676ea3aff333ae3085a848d9 + Other changes are minor but make things slightly nicer. - Reviewed-by: Marcel Raad - Reviewed-by: Daniel Stenberg - Closes #11048 + Closes #11745 -Marcel Raad (28 Apr 2023) +Daniel Stenberg (28 Aug 2023) -- tests/http: make curl_setup.h the first include +- multi.h: the 'revents' field of curl_waitfd is supported - This is required for the macros there to take effect for system - libraries. Specifically, including the system libraries first led to - warnings about `_FILE_OFFSET_BITS` being redefined in curl_config.h on - the Solaris autobuilds for ws-data.c and ws-pingpong.c. - Also make the curl includes come first for the other source files here - for consistency. + Since 6d30f8ebed34e7276 - Closes https://github.com/curl/curl/pull/11046 + Reported-by: Nicolás Ojeda Bär + Ref: #11748 + Closes #11749 -Emanuele Torre (27 Apr 2023) +Gerome Fournier (27 Aug 2023) -- checksrc: check for spaces before the colon of switch labels +- tool_paramhlp: improve str2num(): avoid unnecessary call to strlen() - Closes #11047 + Closes #11742 -Daniel Stenberg (27 Apr 2023) +Daniel Stenberg (27 Aug 2023) -- RELEASE-NOTES: synced +- docs: mention critical files in same directories as curl saves -- libssh: tell it to use SFTP non-blocking + ... cannot be fully protected. Don't do it. - Reported-by: Andreas Huebner - Fixes #11020 - Closes #11039 + Co-authored-by: Jay Satiro + Reported-by: Harry Sintonen + Fixes #11530 + Closes #11701 -Stefan Eissing (27 Apr 2023) +John Hawthorn (26 Aug 2023) -- http2: enlarge the connection window +- OpenSSL: clear error queue after SSL_shutdown - - fixes stalled connections + We've seen errors left in the OpenSSL error queue (specifically, + "shutdown while in init") by adding some logging it revealed that the + source was this file. - - Make the connection window large enough, so that there is - some room left should 99/100 streams be PAUSED by the application + Since we call SSL_read and SSL_shutdown here, but don't check the return + code for an error, we should clear the OpenSSL error queue in case one + was raised. - Reported-by: PaweÅ‚ Wegner - Fixes #10988 - Closes #11043 + This didn't affect curl because we call ERR_clear_error before every + write operation (a0dd9df9ab35528eb9eb669e741a5df4b1fb833c), but when + libcurl is used in a process with other OpenSSL users, they may detect + an OpenSSL error pushed by libcurl's SSL_shutdown as if it was their + own. -Daniel Stenberg (27 Apr 2023) + Co-authored-by: Satana de Sant'Ana -- checksrc: fix SPACEBEFOREPAREN for conditions starting with "*" + Closes #11736 - The open paren check wants to warn for spaces before open parenthesis - for if/while/for but also for any function call. In order to avoid - catching function pointer declarations, the logic allows a space if the - first character after the open parenthesis is an asterisk. +Alexander Kanavin (25 Aug 2023) - I also spotted what we did not include "switch" in the check but we should. +- tests: update cookie expiry dates to far in the future - This check is a little lame, but we reduce this problem by not allowing - that space for if/while/for/switch. + This allows testing Y2038 with system time set to after that, so that + actual Y2038 issues can be exposed, and not masked by expiry errors. - Reported-by: Emanuele Torre - Closes #11044 + Fixes #11576 + Closes #11610 -- docs: minor polish +John Bampton (25 Aug 2023) - - "an HTTP*" (not "a") - - remove a few contractions - - remove a spurious "a" - - reduce use of "I" in texts +- misc: fix spelling - Closes #11040 + Closes #11733 -- ws: fix CONT opcode check +Daniel Stenberg (25 Aug 2023) - Detected by Coverity. Follow-up to 930c00c259 +- cmdline-opts/page-header: clarify stronger that !opt == URL - Closes #11037 + Everything provided on the command line that is not an option (or an + argument to an option) is treated as a URL. -Dan Fandrich (27 Apr 2023) + Closes #11734 -- CI: switch the awslc builds to build out-of-tree +- tests/runner: fix %else handling - This is a common configuration that should be tested to avoid - regressions. The awsls cmake build was already out-of-tree so the - automake build now joins it. + Getting the show state proper for %else and %endif did not properly work + in nested cases. - Ref: #11006 + Follow-up to 3d089c41ea9 -- tests/http: fix out-of-tree builds + Closes #11731 - Add both lib/ directories (src & build) to the search path so - curl_setup.h and its dependencies can be found. +Nicholas Nethercote (25 Aug 2023) - Followup-to acd82c8b +- docs: Remove mention of #10803 from `KNOWN_BUGS`. - Ref: #11006 - Closes #11036 + Because the leaks have been fixed. -Daniel Stenberg (27 Apr 2023) +- c-hyper: fix another memory leak in `Curl_http`. -- urlapi: make internal function start with Curl_ + There is a `hyper_clientconn_free` call on the happy path, but not one + on the error path. This commit adds one. - Curl_url_set_authority() it is. + Fixes the second memory leak reported by Valgrind in #10803. - Follow-up to acd82c8bfd + Fixes #10803 + Closes #11729 - Closes #11035 +- c-hyper: fix a memory leak in `Curl_http`. -YX Hao (26 Apr 2023) + A request created with `hyper_request_new` must be consumed by either + `hyper_clientconn_send` or `hyper_request_free`. -- cf-socket: turn off IPV6_V6ONLY on Windows if it is supported + This is not terrifically clear from the hyper docs -- + `hyper_request_free` is documented only with "Free an HTTP request if + not going to send it on a client" -- but a perusal of the hyper code + confirms it. - IPV6_V6ONLY refs: - https://en.wikipedia.org/wiki/IPv6#IPv4-mapped_IPv6_addresses - https://github.com/golang/go/blob/master/src/net/ipsock_posix.go - https://en.wikipedia.org/wiki/Unix-like - https://learn.microsoft.com/en-us/windows/win32/winsock/ipproto-ipv6-socket-o - ptions + This commit adds a `hyper_request_free` to the `error:` path in + `Curl_http` so that the request is consumed when an error occurs after + the request is created but before it is sent. - default value refs: - https://datatracker.ietf.org/doc/html/rfc3493#section-5.3 - https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html#proc-sys-net - -ipv6-variables + Fixes the first memory leak reported by Valgrind in #10803. - Closes #10975 + Closes #11729 -Daniel Stenberg (26 Apr 2023) +Daniel Stenberg (25 Aug 2023) -- urldata: shrink *select_bits int => unsigned char +- RELEASE-NOTES: synced - - dselect_bits - - cselect_bits +John Bampton (25 Aug 2023) - ... are using less than 8 bits. Changed types and moved them towards - the end of the structs to fit better. +- misc: spellfixes - Closes #11025 + Closes #11730 -Stefan Eissing (26 Apr 2023) +Daniel Stenberg (25 Aug 2023) -- tests/http: more tests with specific clients +- tests: add support for nested %if conditions - - Makefile support for building test specific clients in tests/http/clients - - auto-make of clients when invoking pytest - - added test_09_02 for server PUSH_PROMISEs using clients/h2-serverpush - - added test_02_21 for lib based downloads and pausing/unpausing transfers + Provides more flexiblity to test cases. - curl url parser: - - added internal method `curl_url_set_authority()` for setting the - authority part of a url (used for PUSH_PROMISE) + Also warn and bail out if there is an '%else' or %endif' without a + preceeding '%if'. - http2: - - made logging of PUSH_PROMISE handling nicer + Ref: #11610 + Closes #11728 - Placing python test requirements in requirements.txt files - - separate files to base test suite and http tests since use - and module lists differ - - using the files in the gh workflows +- time-cond.d: mention what happens on a missing file - websocket test cases, fixes for we and bufq - - bufq: account for spare chunks in space calculation - - bufq: reset chunks that are skipped empty - - ws: correctly encode frames with 126 bytes payload - - ws: update frame meta information on first call of collect - callback that fills user buffer - - test client ws-data: some test/reporting improvements + Closes #11727 - Closes #11006 +Christian Hesse (24 Aug 2023) -Jay Satiro (26 Apr 2023) +- docs/cmdline-opts: match the current output -- libssh2: fix crash in keyboard callback + The release date has been added in output, reflect that in documentation. - - Always set the libssh2 'abstract' user-pointer to the libcurl easy - handle associated with the ssh session, so it is always passed to the - ssh keyboard callback. + Closes #11723 - Prior to this change and since 8b5f100 (precedes curl 8.0.0), if libcurl - was built without CURL_DEBUG then it could crash during the ssh auth - phase due to a null dereference in the ssh keyboard callback. +Daniel Stenberg (24 Aug 2023) - Reported-by: Andreas Falkenhahn +- lib: minor comment corrections - Fixes https://github.com/curl/curl/pull/11024 - Closes https://github.com/curl/curl/pull/11026 +- docs: rewrite to present tense -Daniel Stenberg (26 Apr 2023) + ... instead of using future tense. -- docs: clarify that more backends have HTTPS proxy support + + numerous cleanups and improvements + + stick to "reuse" not "re-use" + + fewer contractions - Closes #11033 + Closes #11713 -- KNOWN_BUGS: remove two not-bugs +- urlapi: setting a blank URL ("") is not an ok URL - - 11.7 signal-based resolver timeouts + Test it in 1560 + Fixes #11714 + Reported-by: ad0p on github + Closes #11715 - Not considered a bug anymore but just implementation details. People - should avoid using timeouts with the synchronous name resolver. +- spelling: use 'reuse' not 're-use' in code and elsewhere - - 11.16 libcurl uses renames instead of locking for atomic operations + Unify the spelling as both versions were previously used intermittently - Not a bug, just a description of how it works + Closes #11717 - Closes #11032 +Michael Osipov (23 Aug 2023) -Harry Sintonen (26 Apr 2023) +- system.h: add CURL_OFF_T definitions on HP-UX with HP aCC -- hostip: add locks around use of global buffer for alarm() + HP-UX on IA64 provides two modes: 32 and 64 bit while 32 bit being the + default one. Use "long long" in 32 bit mode and just "long" in 64 bit + mode. - When building with the sync name resolver and timeout ability we now - require thread-safety to be present to enable it. + Closes #11718 - Closes #11030 +Dan Fandrich (22 Aug 2023) -Daniel Stenberg (26 Apr 2023) +- tests: don't call HTTP errors OK in test cases -- curl_path: bring back support for SFTP path ending in /~ + Some HTTP errors codes were accompanied by the text OK, which causes + some cognitive dissonance when reading them. - libcurl used to do a directory listing for this case (even though the - documentation says a URL needs to end in a slash for this), but - 4e2b52b5f7a3 modified the behavior. +- http: close the connection after a late 417 is received - This change brings back a directory listing for SFTP paths that are - specified exactly as /~ in the URL. + In this situation, only part of the data has been sent before aborting + so the connection is no longer usable. - Reported-by: Pavel Mayorov - Fixes #11001 - Closes #11023 + Assisted-by: Jay Satiro + Fixes #11678 + Closes #11679 -Emanuele Torre (26 Apr 2023) +- runtests: slightly increase the longest log file displayed -- docs/libcurl/curl_*escape.3: rename "url" argument to "input"/"string" + The new limit provides enough space for a 64 KiB data block to be logged + in a trace file, plus a few lines at the start and end for context. This + happens to be the amount of data sent at a time in a PUT request. - Also reword the DESCRIPTION section to mention "input"/"string" argument - in bold. +- tests: add delay command to the HTTP server - Closes #11027 + This adds a delay after client connect. -- docs/libcurl: minor cleanups +Daniel Stenberg (22 Aug 2023) - I was reading curl_unescape(3) and I noticed that there was an extra - space after the open parenthesis in the SYNOPSIS; I removed the extra - space. +- cirrus: install everthing with pkg, avoid pip - I also ran a few grep -r commands to find and remove extra spaces - after '(' in other files, and to find and replace uses of `T*' instead - of `T *'. Some of the instances of `T*` where unnecessary casts that I - removed. + Assisted-by: Sevan Janiyan - I also fixed a comment that was misaligned in CURLMOPT_SOCKETFUNCTION.3. + Closes #11711 - And I fixed some formatting inconsistencies: in curl_unescape(3), all - function parameter were mentioned with bold text except length, that was - mentioned as 'length'; and, in curl_easy_unescape(3), all parameters - were mentioned in bold text except url that was italicised. Now they are - all mentioned in bold. - Documentation is not very consistent in how function parameter are - formatted: many pages italicise them, and others display them in bold - text; but I think it makes sense to at least be consistent with - formatting within the same page. +- curl_url*.3: update function descriptions - Closes #11027 + - expand and clarify several descriptions + - avoid using future tense all over -Daniel Stenberg (26 Apr 2023) + Closes #11708 -- man pages: simplify the .TH sections +- RELEASE-NOTES: synced - - remove the version numbers - - simplify the texts +Stefan Eissing (21 Aug 2023) - The date and version number will be put there for releases when maketgz - runs the updatemanpages.pl script. +- CI/cirrus: disable python install on FreeBSD - Closes #11029 + - python cryptography package does not build build FreeBSD + - install just mentions "error" + - this gets the build and the main test suite going again -- hostcheck: fix host name wildcard checking + Closes #11705 - The leftmost "label" of the host name can now only match against single - '*'. Like the browsers have worked for a long time. +- test2600: fix flakiness on low cpu - - extended unit test 1397 for this - - move some SOURCE variables from unit/Makefile.am to unit/Makefile.inc + - refs #11355 where failures to to low cpu resources in CI + are reported + - vastly extend CURLOPT_CONNECTTIMEOUT_MS and max durations + to test cases + - trigger Curl_expire() in test filter to allow re-checks before + the usual 1second interval - Reported-by: Hiroki Kurosawa - Closes #11018 + Closes #11690 -Dan Fandrich (25 Apr 2023) +Maksim Sciepanienka (20 Aug 2023) -- smbserver: remove temporary files before exit +- tool_urlglob: use the correct format specifier for curl_off_t in msnprintf - Each execution of test 1451 would leave a file in /tmp before. Since - Windows can't delete a file while it's open, all the temporary file - names are stored and deleted on exit. + Closes #11698 - Closes #10990 +Daniel Stenberg (20 Aug 2023) -Stefan Eissing (25 Apr 2023) +- test687/688: two more basic --xattr tests -- Websocket en-/decoding + Closes #11697 - - state is fully kept at connection, since curl_ws_send() and - curl_ws_rec() have lifetime beyond usual transfers - - no more limit on frame sizes +- cmdline-opts/docs: mentioned the negative option part - Reported-by: simplerobot on github - Fixes #10962 - Closes #10999 + ... for --no-alpn and --no-buffer in the same style done for other --no- + options: -Patrick Monnerat (25 Apr 2023) + "Note that this is the negated option name documented." -- urldata: copy CURLOPT_AWS_SIGV4 value on handle duplication + Closes #11695 - Prior to this change STRING_AWS_SIGV4 (CURLOPT_AWS_SIGV4) was wrongly - marked as binary data that could not be duplicated. +Emanuele Torre (19 Aug 2023) - Without this fix, this option's value is not copied upon calling - curl_easy_duphandle(). +- tool/var: also error when expansion result starts with NUL - Closes https://github.com/curl/curl/pull/11021 + Expansions whose output starts with NUL were being expanded to the empty + string, and not being recognised as values that contain a NUL byte, and + should error. -Stefan Eissing (25 Apr 2023) + Closes #11694 -- http3: expire unpaused transfers in all HTTP/3 backends +Daniel Stenberg (19 Aug 2023) - Closes #11005 +- tests: add 'large-time' as a testable feature -- http2: always EXPIRE_RUN_NOW unpaused http/2 transfers + This allows test cases to require this feature to run and to be used in + %if conditions. - - just increasing the http/2 flow window does not necessarily - make a server send new data. It may already have exhausted - the window before + Large here means larger than 32 bits. Ie does not suffer from y2038. - Closes #11005 + Closes #11696 -- http2: pass `stream` to http2_handle_stream_close to avoid NULL checks +- tests/Makefile: add check-translatable-options.pl to tarball - Closes #11005 + Used in test 1544 -- h2/h3: replace `state.drain` counter with `state.dselect_bits` + Follow-up to ae806395abc8c - - `drain` was used by http/2 and http/3 implementations to indicate - that the transfer requires send/recv independant from its socket - poll state. Intended as a counter, it was used as bool flag only. - - a similar mechanism exists on `connectdata->cselect_bits` where - specific protocols can indicate something similar, only for the - whole connection. - - `cselect_bits` are cleard in transfer.c on use and, importantly, - also set when the transfer loop expended its `maxloops` tries. - `drain` was not cleared by transfer and the http2/3 implementations - had to take care of that. - - `dselect_bits` is cleared *and* set by the transfer loop. http2/3 - does no longer clear it, only set when new events happen. +- gen.pl: fix a long version generation mistake - This change unifies the handling of socket poll overrides, extending - `cselect_bits` by a easy handle specific value and a common treatment in - transfers. + Too excessive escaping made the parsing not find the correct long names + later and instead add "wrong" links. - Closes #11005 + Follow-up to 439ff2052e219 -Daniel Stenberg (25 Apr 2023) + Reported-by: Lukas Tribus + Fixes #11688 + Closes #11689 -- socketpair: verify with a random value +- lib: move mimepost data from ->req.p.http to ->state - ... instead of using the curl time struct, since it would use a few - uninitialized bytes and the sanitizers would complain. This is a neater - approach I think. + When the legacy CURLOPT_HTTPPOST option is used, it gets converted into + the modem mimpost struct at first use. This data is (now) kept for the + entire transfer and not only per single HTTP request. This re-enables + rewind in the beginning of the second request instead of in end of the + first, as brought by 1b39731. - Reported-by: Boris Kuschel - Fixes #10993 - Closes #11015 + The request struct is per-request data only. -Stefan Eissing (25 Apr 2023) + Extend test 650 to verify. -- HTTP3: document the ngtcp2/nghttp3 versions to use for building curl + Fixes #11680 + Reported-by: yushicheng7788 on github + Closes #11682 - - refs #11011 to clarify this for people building curl themselves +Patrick Monnerat (17 Aug 2023) - Closes #11019 +- os400: do not check translatable options at build time -Daniel Stenberg (25 Apr 2023) + Now that there is a test for this, the build time check is not needed + anymore. -- lib: unify the upload/method handling + Closes #11650 - By making sure we set state.upload based on the set.method value and not - independently as set.upload, we reduce confusion and mixup risks, both - internally and externally. +- test1554: check translatable string options in OS400 wrapper - Closes #11017 + This test runs a perl script that checks all string options are properly + translated by the OS400 character code conversion wrapper. It also + verifies these options are listed in alphanumeric order in the wrapper + switch statement. -- RELEASE-NOTES: synced + Closes #11650 -Dan Fandrich (24 Apr 2023) +Daniel Stenberg (17 Aug 2023) -- CI: don't run CI jobs if only another CI was changed +- unit3200: skip testing if function is not present - A few paths were missed in the last commit, as well as a job added since - then. + Fake a successful run since we have no easy mechanism to skip this test + for this advanced condition. - Followup-to 395b9175 +- unit2600: fix build warning if built without verbose messages -- CI: adjust labeler match patterns +- test1608: make it build and get skipped without shuffle DNS support -- runtests: support buffering log messages in runner & servers +- lib: --disable-bindlocal builds curl without local binding support - Log messages generated with logmsg can now be buffered and returned from - the runner as a return value. This will be needed with parallel testing - to allow all messages for one test to be displayed together instead of - interspersed with messages of multiple tests. Buffering can be disabled - by setting a logging callback function with setlogfunc, which is - currently being done to preserve existing logging behaviour for now. +- test1304: build and skip without netrc support - Some additional output is generated in verbose and debugprotocol modes, - which don't always use logmsg. These modes also impact some servers - which generate extra messages. No attempt is made to buffer everything - if these modes are enabled. +- lib: build fixups when built with most things disabled - Ref: #10818 - Closes #11016 + Closes #11687 -- runtests: more consistently use logmsg in server control code +- workflows/macos.yml: disable zstd and alt-svc in the http-only build - Also, display an error when sshversioninfo returns one. + Closes #11683 - Ref: #10818 +Stefan Eissing (17 Aug 2023) -- runtests: create runner functions for clearlocks and stopservers +- bearssl: handshake fix, provide proper get_select_socks() implementation - runtests.pl now uses runner for all server actions beyond the initial - variable configuration. + - bring bearssl handshake times down from +200ms down to other TLS backends + - vtls: improve generic get_select_socks() implementation + - tests: provide Apache with a suitable ssl session cache - Ref: #10818 + Closes #11675 -- runtests: tightened servers package exports +- tests: TLS session sharing test - The defaults are intended for runtests.pl, whereas runner.pm needs to - explicitly specify them. + - test TLS session sharing with special test client + - expect failure with wolfSSL + - disable flaky wolfSSL test_02_07b -- runtests: display logs on server failure in singletest() + Closes #11675 - This is closer to the place where logs are displayed on test failure. - Also, only display these logs if -p is given, which is the same flag - that controls display of test failure logs. Some server log files - need to be deleted later so that they stay around long enough to be - displayed on failure. +Daniel Stenberg (17 Aug 2023) - Ref: #10818 +- CURLOPT_*TIMEOUT*: extend and clarify -- runtests: turn a print into a logmsg + Closes #11686 - Also enable another couple of useful messages in verbose mode. +- urlapi: return CURLUE_BAD_HOSTNAME if puny2idn encoding fails - Ref: #10818 + And document it. Only return out of memory when it actually is a memory + problem. -Daniel Stenberg (24 Apr 2023) + Pointed-out-by: Jacob Mealey + Closes #11674 -- http: store the password in the correct variable +Mathew Benson (17 Aug 2023) - Typo from fc2f1e547a4a, detected by Coverity (because there's dead code - due to this). +- cmake: add GnuTLS option - Closes #11002 + - Option to use GNUTLS was missing. Hence was not able to use GNUTLS + with ngtcp2 for http3. -Stefan Eissing (24 Apr 2023) + Closes #11685 -- HTTP3/quiche: terminate h1 response header when no body is sent +Daniel Stenberg (16 Aug 2023) - - fixes a failure in test2501 where a response without body was missing - the final empty line +- RELEASE-NOTES: synced - Closes #11003 +- http: remove the p_pragma struct field -Dan Fandrich (22 Apr 2023) + unused since 40e8b4e52 (2008) -- runtests: move showdiff into runtests.pl + Closes #11681 - It's not used anywhere else. +Jay Satiro (16 Aug 2023) -- devtest: add a new script for testing the test harness +- CURLINFO_CERTINFO.3: better explain curl_certinfo struct - This is currently useful for starting a test server on its own without - an associated test, which can be used for interactive curl testing or - for validating parts of the test harness itself. More commands can be - added to perform additional functions in the future. + Closes https://github.com/curl/curl/pull/11666 - Ref: #10818 - Closes #11008 +- CURLINFO_TLS_SSL_PTR.3: clarify a recommendation -- runtests: refactor the main test loop into two + - Remove the out-of-date SSL backend list supported by + CURLOPT_SSL_CTX_FUNCTION. - The test loop now has an initial loop that first runs through all - possible tests to build a set of those to attempt on this run based on - features and keywords and only then goes through that new list to run - them. This actually makes it three loops through all tests cases, as - there is an existing loop that gathers possible test numbers from the - test files on disk. + It makes more sense to just refer to that document instead of having + a separate list that has to be kept in sync. - This has two minor effects on the output: all the tests that will be - skipped are displayed at the start (instead of being interspersed with - other tests) and the -l option no longer shows a count of tests at the - end or a (misleading) statement that tests have run successfully. The - skipped tests are also omitted from the test results sent to AppVeyor - and Azure in CI builds. + Closes https://github.com/curl/curl/pull/11665 - Another effect is a reduction in the amount of work considered part of - the "Test definition reading and preparation time" reported with -r - making those figures slightly lower than before. +- write-out.d: clarify %{time_starttransfer} - Ref: #10818 + sync it up with CURLINFO_STARTTRANSFER_TIME_T -- runtests: track only the current test timings in runner.pm +Daniel Stenberg (15 Aug 2023) - This avoids passing these data through through global variables, which - soon won't be possible. +- transfer: don't set TIMER_STARTTRANSFER on first send - Ref: #10818 + The time stamp is for measuring the first *received* byte -- runtests: skip test preprocessing when doing -l + Fixes #11669 + Reported-by: JazJas on github + Closes #11670 - This speeds up the output tremendously by avoiding unnecessary work. +trrui-huawei (15 Aug 2023) -- runtests: simplify value returned regarding use of valgrind +- quiche: enable quiche to handle timeout events - As a side effect this will now also show in verbose mode that valgrind - is being skipped on tests that explicitly disable it, such as 600. + In parallel with ngtcp2, quiche also offers the `quiche_conn_on_timeout` + interface for the application to invoke upon timer + expiration. Therefore, invoking the `on_timeout` function of the + Connection is crucial to ensure seamless functionality of quiche with + timeout events. - Ref: #10818 + Closes #11654 -- runtests: fix quoting in Appveyor and Azure test integration +- quiche: adjust quiche `QUIC_IDLE_TIMEOUT` to 60s - Test 1442's name was not quoted correctly so wasn't registered in - Appveyor and it had the wrong name in Azure. The JSON string quotes were - also invalid, even though both servers happened to accept it regardless. + Set the `QUIC_IDLE_TIMEOUT` parameter to match ngtcp2 for consistency. - Closes #11010 +Daniel Stenberg (15 Aug 2023) -Daniel Stenberg (19 Apr 2023) +- KNOWN_BUGS: LDAPS requests to ActiveDirectory server hang -- RELEASE-NOTES: synced + Closes #9580 -Dan Fandrich (18 Apr 2023) +- imap: add a check for failing strdup() -- runtests: spread out the port numbers used by servers +- imap: remove the only sscanf() call in the IMAP code - The server ports are chosen randomly for each server, but the random - ranges chosen were inconsistently-sized and overlapping. Now, they are - spread out more so at least the first random port chosen for each server - is guaranteed to not also be chosen by another server. The starting port - numbers are also raised to put them in the Ephemeral Port range—not the - range defined by RFC 6335 but the one used by Linux, which starts lower - and gives us more room to work with. + Avoids the use of a stack buffer. - Reported-by: Daniel Stenberg + Closes #11673 -- runtests: fix problems on failure +- imap: use a dynbuf in imap_atom - The verify time must be set in this case, like all cases. An error - message needs to be displayed as well. + Avoid a calculation + malloc. Build the output in a dynbuf. -- runtests: fix perl warning when is wrong + Closes #11672 -- runtests: don't try to stop stunnel before trying again +Marin Hannache (14 Aug 2023) - Calling stopserver() before retrying stunnel due to an error would stop - the dependent server (such as HTTP) meaning stunnel would have nothing - to talk to when it came up. Don't try to force a stop when it didn't - actually start. Also, don't mark the server as bad for future use when - it starts up on a retry. +- http: do not require a user name when using CURLAUTH_NEGOTIATE - Reported-by: eaglegai at github - Tested-by: eaglegai at github - Fixes #10976 + In order to get Negotiate (SPNEGO) authentication to work in HTTP you + used to be required to provide a (fake) user name (this concerned both + curl and the lib) because the code wrongly only considered + authentication if there was a user name provided, as in: -- runtests: don't accidentally randomly choose the same port + curl -u : --negotiate https://example.com/ - If a server couldn't be started on a port, a new one is randomly chosen - and the server is tried again. Avoid accidentally using a - randomly-chosen 0 port offset by adding 1 to the random number. + This commit leverages the `struct auth` want member to figure out if the + user enabled CURLAUTH_NEGOTIATE, effectively removing the requirement of + setting a user name both in curl and the lib. - Found-by: Daniel Stenberg + Signed-off-by: Marin Hannache + Reported-by: Enrico Scholz + Fixes https://sourceforge.net/p/curl/bugs/440/ + Fixes #1161 + Closes #9047 -- runtests: don't attempt to use a port we know is in use +Viktor Szakats (13 Aug 2023) - This reduces the startup time when there is a known conflict on the - random port chosen for a server. This was already done for stunnel, but - now it's done for all servers. +- build: streamline non-UWP wincrypt detections -- http-server: fix server name in a log message + - with CMake, use the variable `WINDOWS_STORE` to detect an UWP build + and disable our non-UWP-compatible use the Windows crypto API. This + allows to drop two dynamic feature checks. - This changed when the file was renamed in commit cbf57176 + `WINDOWS_STORE` is true when invoking CMake with + `CMAKE_SYSTEM_NAME` == `WindowsStore`. Introduced in CMake v3.1. -- runtests: refactor into more packages + Ref: https://cmake.org/cmake/help/latest/variable/WINDOWS_STORE.html - testutil.pm now contains a few miscellaneous functions that are used in - several places but have no better place to live. subvariables moves to - servers.pm since most variables that it substitutes relate to servers, - so this is the most appropriate place. Rename a few functions for better - naming consistency. + - with autotools, drop the separate feature check for `wincrypt.h`. On + one hand this header has been present for long (even Borland C 5.5 had + it from year 2000), on the other we used the check result solely to + enable another check for certain crypto functions. This fails anyway + with the header not present. We save one dynamic feature check at the + configure stage. - Ref: #10818 - Closes #10995 + Reviewed-by: Marcel Raad + Closes #11657 -- runtests: call timestampskippedevents() in singletest +Nicholas Nethercote (13 Aug 2023) - ..rather than by the runner +- docs/HYPER.md: update hyper build instructions -- runtests: assume a newer Valgrind by default + Nightly Rust and `-Z unstable-options` are not needed. - The tests for an older Valgrind version should probably just be deleted, - given that they're testing for an 18-year-old version. + The instructions here now match the hyper docs exactly: + https://github.com/hyperium/hyper/commit/bd7928f3dd6a8461f0f0fdf7ee0fd95c2f15 + 6f88 -- runtests: refactor test runner code into runner.pm + Closes #11662 - This is code that is directly responsible for running a single test. - This will eventually run in a separate process as part of the parallel - testing project. +Daniel Stenberg (13 Aug 2023) - Ref: #10818 +- RELEASE-NOTES: synced -- runtests: skip unneeded work if test won't be running +- urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name - This speeds up tests by avoiding unnecessary processing. + Asssisted-by: Jay Satiro + Closes #11655 - Ref: #10818 +- spellcheck: adapt to backslashed minuses -- runtests: factor out singletest_postcheck + As the curl.1 has more backslashed minus, the cleanup sed lines xneed to + adapt. - This will eventually need to be part of the test runner. + Adjusted some docs slighly. - Ref: #10818 + Follow-up to 439ff2052e -- test303: kill server after test + Closes #11663 - Otherwise, an HTTP test closely following this one with a tight time - constraint (e.g. 672) could fail because the test server stays sitting - with the wait command for a while. +- gen: escape more minus -Patrick Monnerat (18 Apr 2023) + Detected since it was still hard to search for option names using dashes + in the middle in the man page. -- OS400: provide ILE/RPG usage examples + Closes #11660 - Closes https://github.com/curl/curl/pull/10994 +- cookie-jar.d: enphasize that this option is ONLY writing cookies -- OS400: improve vararg emulation + Reported-by: Dan Jacobson + Tweaked-by: Jay Satiro + Ref: #11642 + Closes #11661 - - Use V7R4 RPG procedure overloading to improve vararg emulation. +Nicholas Nethercote (11 Aug 2023) - From OS400 V7R4 and above, ILE/RPG implements a limited procedure - overloading feature that can be used to improve curl's typed - implementation of varargs procedures. This commit applies it to - curl_easy_setopt(), curl_multi_setopt(), curl_share_setopt() and - curl_easy_getinfo(). +- docs/HYPER.md: document a workaround for a link error - Closes https://github.com/curl/curl/pull/10994 + Closes #11653 -- OS400: fix and complete ILE/RPG binding +Jay Satiro (11 Aug 2023) - - Fix wrong definitions of CURL_ZERO_TERNINATED, curl_mime_data() and - curl_mime_data_ccsid(). +- schannel: verify hostname independent of verify cert - - Add recent definitions, in particular blob, header API and WebSockets - API. + Prior to this change when CURLOPT_SSL_VERIFYPEER (verifypeer) was off + and CURLOPT_SSL_VERIFYHOST (verifyhost) was on we did not verify the + hostname in schannel code. - - Support for CURLVERSION_ELEVENTH. + This fixes KNOWN_BUG 2.8 "Schannel disable CURLOPT_SSL_VERIFYPEER and + verify hostname". We discussed a fix several years ago in #3285 but it + went stale. - - New functions for EBCDIC support. + Assisted-by: Daniel Stenberg - Reflect these changes in README.OS400. + Bug: https://curl.haxx.se/mail/lib-2018-10/0113.html + Reported-by: Martin Galvan - Closes https://github.com/curl/curl/pull/10994 + Ref: https://github.com/curl/curl/pull/3285 -- OS400: implement EBCDIC support for recent features + Fixes https://github.com/curl/curl/issues/3284 + Closes https://github.com/curl/curl/pull/10056 - - Support CURLVERSION_ELEVENTH. +Daniel Stenberg (11 Aug 2023) - - New function curl_url_strerror_ccsid(). +- curl_quiche: remove superfluous NULL check - - curl_easy_setopt_ccsid() supports blobs and 3 recent string options. + 'stream' is always non-NULL at this point - - New function curl_easy_header_ccsid(). + Pointed out by Coverity - - New generic latin1<-->ccsid conversion functions curl_from_ccsid() and - curl_to_ccsid() for user convenience. + Closes #11656 - - README.OS400 updated accordingly. +- curl/urlapi.h: tiny typo - - Removed a leftover QsoSSL support identifier. +- github/labeler: make HYPER.md set Hyper and not TLS - Closes https://github.com/curl/curl/pull/10994 +- docs/cmdline-opts/gen.pl: hide "added in" before 7.50.0 -- OS400: rework build scripts + 7.50.0 shipped on Jul 21 2016, over seven years ago. We no longer need + to specify version changes for earlier releases in the generated output. - - Rename shell function "system" to "CLcommand" to avoid confusion with - built-in command. + This ups the limit from the previous 7.30.0 (Apr 12 2013) - - Reformat scripts. Fix some indentations. Avoid lines > 80 characters - where possible. + This hides roughly 35 "added in" mentions. - - Support ASCII runtime development files in a user-defined directory - path. + Closes #11651 - - FIX SONAME detection. +Jay Satiro (10 Aug 2023) - - Drop form API test program compilation (does not exist anymore). +- bug_report: require reporters to specify curl and os versions - Closes https://github.com/curl/curl/pull/10994 + - Change curl version and os sections from single-line input to + multi-line textarea. -Sevan Janiyan (18 Apr 2023) + - Require curl version and os sections to be filled out before report + can be submitted. -- tests/sshserver.pl: Define AddressFamily earlier + Closes https://github.com/curl/curl/pull/11636 - As the comment states "Address family must be specified before ListenAddress" - , otherwise the tests fail to run - `"failed starting SSH server" 52 times (582, 583, 600, 601, 602, 603, 604, 60 - 5, 606 and 43 more)` +Daniel Stenberg (9 Aug 2023) - Closes #10983 +- gen.pl: replace all single quotes with aq -Stefan Eissing (18 Apr 2023) + - this prevents man from using a unicode sequence for them + - which then allows search to work properly -- quiche: Enable IDLE egress handling + Closes #11645 - Follow-up to 544abeea which added the handling but wrongly left it - commented out. +Viktor Szakats (9 Aug 2023) - Closes https://github.com/curl/curl/pull/11000 +- cmake: fix to use variable for the curl namespace -Daniel Stenberg (18 Apr 2023) + Replace (wrong) literal with a variable to specify the curl + namespace. -- docs/examples/protofeats.c: Outputs all protocols and features + Follow-up to 1199308dbc902c52be67fc805c72dd2582520d30 #11505 - Showing off one way to get to char pointer arrays of info returned by - curl_version_info() + Reported-by: balikalina on Github + Fixes https://github.com/curl/curl/commit/1199308dbc902c52be67fc805c72dd25825 + 20d30#r123923098 + Closes #11629 - Closes #10991 +- cmake: allow `SHARE_LIB_OBJECT=ON` on all platforms -- tests/keywords.pl: remove + 2ebc74c36a19a1700af394c16855ce144d9878e3 #11546 introduced sharing + libcurl objects for shared and static targets. - This script does not work since the introduction of the test - preprocessing. If we need this functionality, it probably needs to be - moved into the runtests tool or similar. + The above automatically enabled for Windows builds, with an option to + disable with `SHARE_LIB_OBJECT=OFF`. - Reported-by: Dan Fandrich - Fixes #10895 - Closes #10987 + This patch extend this feature to all platforms as a manual option. + You can enable it by setting `SHARE_LIB_OBJECT=ON`. Then shared objects + are built in PIC mode, meaning the static lib will also have PIC code. -Stefan Eissing (17 Apr 2023) + [EXPERIMENTAL] -- http2: support HTTP/2 to forward proxies, non-tunneling + Closes #11627 - - with `--proxy-http2` allow h2 ALPN negotiation to - forward proxies - - applies to http: requests against a https: proxy only, - as https: requests will auto-tunnel - - adding a HTTP/1 request parser in http1.c - - removed h2h3.c - - using new request parser in nghttp2 and all h3 backends - - adding test 2603 for request parser - - adding h2 proxy test cases to test_10_* +- cmake: assume `wldap32` availability on Windows - scorecard.py: request scoring accidentally always run curl - with '-v'. Removed that, expect double numbers. + This system library first shipped with Windows ME, available as an extra + install for some older releases (according to [1]). The import library + was present already in old MinGW 3.4.2 (year 2007). - labeller: added http1.* and h2-proxy sources to detection + Drop the feature check and its associated `HAVE_WLDAP32` variable. - Closes #10967 + To manually disable `wldap32`, you can use the `USE_WIN32_LDAP=OFF` + CMake option, like before. -Daniel Stenberg (17 Apr 2023) + [1]: https://dlcdn.apache.org/httpd/binaries/win32/LEGACY.html -- curl_easy_unescape.3: rename the argument + Reviewed-by: Jay Satiro + Closes #11624 - and highlight it appropriately in the text. +Daniel Stenberg (9 Aug 2023) - Closes #10979 +- page-header: move up a URL paragraph from GLOBBING to URL -Viktor Szakats (17 Apr 2023) +- variable.d: output the function names table style -- autotools: sync up clang picky warnings with cmake + Also correct the url function name in the header - Bringing missing options over from CMake. + Closes #11641 - Move around existing `-Wno-pointer-bool-conversion` option to come - _after_ `-Wconversion`. +- haproxy-clientip.d: remove backticks - Reviewed-by: Marcel Raad - Closes #10974 + This is not markdown -Daniel Stenberg (17 Apr 2023) + Follow-up to 0a75964d0d94a4 -- tests/libtest/lib1900.c: remove + Closes #11639 - This file was left behind when the rest of the test was previously removed. +- RELEASE-NOTES: synced - Follow-up to e50a877df74f +- gen.pl: escape all dashes (ascii minus) to avoid unicode hyphens -- src/tool_operhlp.c: fix value stored to 'uerr' is never read + Reported-by: FC Stegerman + Fixes #11635 + Closes #11637 - Ref: https://github.com/curl/curl/pull/10974#issuecomment-1510461343 - Reported-by: Viktor Szakats - Closes #10982 +- cmdline-opts/page-header: reorder, clean up -Viktor Szakats (16 Apr 2023) + - removed some unnecessary blurb to focus + - moved up the more important URL details + - put "globbing" into its own subtitle and moved down a little + - mention the online man page in the version section -- cmake: speed up and extend picky clang/gcc options + Closes #11638 - Extend existing picky compiler options with ones missing compared to - autotools builds. Also sync options between clang and gcc. +- c-hyper: adjust the hyper to curlcode conversion - Redesign the way we enable these options to avoid the slow option - detection almost completely. + Closes #11621 - This reduces the number of detections from 35 to zero for clang and - 3 for gcc, even after adding a bunch of new options. +- test2306: make it use a persistent connection - clang 3.0 (2011-11-29) and gcc 2.95 (1999-07-31) now required. + + enable verbose already from the start - Also show enabled picky options. + Closes #11621 - Ref: https://github.com/libssh2/libssh2/pull/952 +eppesuig (8 Aug 2023) - Reviewed-by: Daniel Stenberg - Closes #10973 +- list-only.d: mention SFTP as supported protocol -Andreas Falkenhahn (16 Apr 2023) + Closes #11628 -- nbtlm: use semicolons instead of commas for (void) args +Daniel Stenberg (8 Aug 2023) - Closes #10978 +- request.d: use .TP for protocol "labels" -Daniel Stenberg (15 Apr 2023) + To render the section nicer in man page. -- multi: free up more data earleier in DONE + Closes #11630 - Before checking for more users of the connection and possibly bailing - out. +- cf-haproxy: make CURLOPT_HAPROXY_CLIENT_IP set the *source* IP - Fixes #10971 - Reported-by: PaweÅ‚ Wegner - Closes #10972 + ... as documented. -- RELEASE-NOTES: synced + Update test 3201 and 3202 accordingly. -- curl: do NOT append file name to path for upload when there's a query + Reported-by: Markus Sommer + Fixes #11619 + Closes #11626 - Added test 425 to verify. +- page-footer: QLOGDIR works with ngtcp2 and quiche - Reported-by: Dirk Rosenkranz - Bug: https://curl.se/mail/archive-2023-04/0008.html - Closes #10969 + It previously said "both" backends which is confusing as we currently + have three... -- libcurl-thread.3: improved name resolver wording + Closes #11631 - And make better .SH sections +Stefan Eissing (8 Aug 2023) - Closes #10966 +- http3: quiche, handshake optimization, trace cleanup -Colman Mbuya (14 Apr 2023) + - load x509 store after clienthello + - cleanup of tracing -- CURLOPT_PROXY_SSL_VERIFYPEER.3: fix minor grammar mistake + Closes #11618 - Closes #10968 +Daniel Stenberg (8 Aug 2023) -Daniel Stenberg (14 Apr 2023) +- ngtcp2: remove dead code -- curl: add --proxy-http2 + 'result' is always zero (CURLE_OK) at this point - For trying HTTP/2 with an HTTPS proxy. + Detected by Coverity - Closes #10926 + Closes #11622 -- KNOWN_BUGS: remove fixed or outdated issues, move non-bugs +Viktor Szakats (8 Aug 2023) - - remove h3 issues believed to be fixed +- openssl: auto-detect `SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED` - - make the flaky CI issue be generic and not Windows specific + OpenSSL 1.1.1 defines this macro, but no ealier version, or any of the + popular forks (yet). Use the macro itself to detect its presence, + replacing the hard-wired fork-specific conditions. - - "TLS session cache does not work with TFO" now documented + This way the feature will enable automatically when forks implement it, + while also shorter and possibly requiring less future maintenance. - This is now a documented restriction and not a bug. TFO in general is - rarely used and has other problems, making it a low-priotity thing to - work on. + Follow-up to 94241a9e78397a2aaf89a213e6ada61e7de7ee02 #6721 - - remove "Renegotiate from server may cause hang for OpenSSL backend" + Reviewed-by: Jay Satiro + Closes #11617 - This is an OpenSSL issue, not a curl one. Even if it taints curl. +- openssl: use `SSL_CTX_set_ciphersuites` with LibreSSL 3.4.1 - - rm "make distclean loops forever" + LibreSSL 3.4.1 (2021-10-14) added support for + `SSL_CTX_set_ciphersuites`. - - rm "configure finding libs in wrong directory" + Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.1-relnotes.txt - Added a section to docs/INSTALL.md about it. + Reviewed-by: Jay Satiro + Closes #11616 - - "A shared connection cache is not thread-safe" +- openssl: use `SSL_CTX_set_keylog_callback` with LibreSSL 3.5.0 - Moved over to TODO and expanded for other sharing improvements we - could do + LibreSSL 3.5.0 (2022-02-24) added support for + `SSL_CTX_set_keylog_callback`. - - rm "CURLOPT_OPENSOCKETPAIRFUNCTION is missing" + Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.0-relnotes.txt - - rm "Blocking socket operations in non-blocking API" + Reviewed-by: Jay Satiro + Closes #11615 - Already listed as a TODO +- cmake: drop `HAVE_LIBWINMM` and `HAVE_LIBWS2_32` feature checks - - rm "curl compiled on OSX 10.13 failed to run on OSX 10.10" + - `HAVE_LIBWINMM` was detected but unused. The `winmm` system library is + also not used by curl, but it is by its optional dependency `librtmp`. + Change the logic to always add `winmm` when `USE_LIBRTMP` is set. This + library has been available since the early days of Windows. - Water under the bridge. No one cares about this anymore. + - `HAVE_LIBWS2_32` detected `ws2_32` lib on Windows. This lib is present + since Windows 95 OSR2 (AFAIR). Winsock1 already wasn't supported and + other existing logic already assumed this lib being present, so delete + the check and replace the detection variable with `WIN32` and always + add `ws2_32` on Windows. - - rm "build on Linux links libcurl to libdl" + Closes #11612 - Verified to not be true (anymore). +Daniel Gustafsson (8 Aug 2023) - - rm "libpsl is not supported" +- crypto: ensure crypto initialization works - The cmake build supports it since cafb356e19cda22 + Make sure that context initialization during hash setup works to avoid + going forward with the risk of a null pointer dereference. - Closes #10963 + Reported-by: Philippe Antoine on HackerOne + Assisted-by: Jay Satiro + Assisted-by: Daniel Stenberg -- url: fix PVS nits + Closes #11614 - - expression 'hostptr' is always true - - a part of conditional expression is always true: proxypasswd - - expression 'proxyuser' is always true - - avoid multiple Curl_now() calls in allocate_conn +Viktor Szakats (7 Aug 2023) - Ref: #10929 - Closes #10959 +- openssl: switch to modern init for LibreSSL 2.7.0+ -- bufq: simplify since expression is always true + LibreSSL 2.7.0 (2018-03-21) introduced automatic initialization, + `OPENSSL_init_ssl()` function and deprecated the old, manual init + method, as seen in OpenSSL 1.1.0. Switch to the modern method when + available. - The check for 'len' is already done so it will remain true until - updated. Pointed out by PVS. + Ref: https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.0-relnotes.txt - Ref: #10929 - Closes #10958 + Reviewed-by: Daniel Stenberg + Closes #11611 -- hash: fix assigning same value +Daniel Stenberg (7 Aug 2023) - Pointed out by PVS +- gskit: remove - Ref: #10929 - Closes #10956 + We remove support for building curl with gskit. -- cookie: address PVS nits + - This is a niche TLS library, only running on some IBM systems + - no regular curl contributors use this backend + - no CI builds use or verify this backend + - gskit, or the curl adaption for it, lacks many modern TLS features + making it an inferior solution + - build breakages in this code take weeks or more to get detected + - fixing gskit code is mostly done "flying blind" - - avoid assigning the same value again - - remove superfluous check of co->domain - - reduce variable scope for namep/valuep + This removal has been advertized in DEPRECATED in Jan 2, 2023 and it has + been mentioned on the curl-library mailing list. - Ref: #10929 - Closes #10954 + It could be brought back, this is not a ban. Given proper effort and + will, gskit support is welcome back into the curl TLS backend family. -Stefan Eissing (14 Apr 2023) + Closes #11460 -- cf-socket: Disable socket receive buffer by default +- RELEASE-NOTES: synced - - Disable socket receive buffer unless USE_RECV_BEFORE_SEND_WORKAROUND - is in place. +Dan Fandrich (7 Aug 2023) - While we would like to use the receive buffer, we have stalls in - parallel transfers where not all buffered data is consumed and no socket - events happen. +- THANKS-filter: add a name typo - Note USE_RECV_BEFORE_SEND_WORKAROUND is a Windows sockets workaround - that has been disabled by default since b4b6e4f1, due to other bugs. +Stefan Eissing (7 Aug 2023) - Closes https://github.com/curl/curl/pull/10961 +- http3/ngtcp2: shorten handshake, trace cleanup -- cf-h2-proxy: fix processing ingress to stop too early + - shorten handshake timing by delayed x509 store load (OpenSSL) + as we do for HTTP/2 + - cleanup of trace output, align with HTTP/2 output - - progress ingress stopped too early, causing data - from the underlying filters to not be processed and - report that no tunnel data was available - - this lead to "hangers" where no socket activity was - seen but data rested in buffers + Closes #11609 - Closes #10952 +Daniel Stenberg (7 Aug 2023) -- http3: check stream_ctx more thoroughly in all backends +- headers: accept leading whitespaces on first response header - - callbacks and filter methods might be invoked at unexpected - times, e.g. when the transfer's stream_ctx has not been initialized - yet or, more likely, has already been taken down. - - check for existance of stream_ctx in such places and return - an error or silently succeed the call. + This is a bad header fold but since the popular browsers accept this + violation, so does curl now. Unless built with hyper. - Closes #10951 + Add test 1473 to verify and adjust test 2306. -Daniel Stenberg (13 Apr 2023) + Reported-by: junsik on github + Fixes #11605 + Closes #11607 -- ftp: fix 'portsock' variable was assigned the same value +- include/curl/mprintf.h: add __attribute__ for the prototypes - Pointed out by PVS + - if gcc or clang is used + - if __STDC_VERSION__ >= 199901L, which means greater than C90 + - if not using mingw + - if CURL_NO_FMT_CHECKS is not defined - Ref: #10929 - Closes #10955 + Closes #11589 -- ftp: remove dead code +- tests: fix bad printf format flags in test code - This condition can never be true here since it is handled already 28 - lines above. +- tests: fix header scan tools for attribute edits in mprintf.h - Pointed out by PVS. +- cf-socket: log successful interface bind - Ref: #10929 - Closes #10957 + When the setsockopt SO_BINDTODEVICE operation succeeds, output that in + the verbose output. -- cf-h1-proxy: skip an extra NULL assign + Ref: #11599 + Closes #11608 - and use Curl_safefree() once to save another NULL assign. Found by PVS. +- CURLOPT_SSL_VERIFYPEER.3: mention it does not load CA certs when disabled - Ref. #10929 - Closes #10953 + Ref: #11457 + Closes #11606 -Philip Heiduck (13 Apr 2023) +- CURLOPT_SSL_VERIFYPEER.3: add two more see also options -- GHA: suppress git clone output + CURLINFO_CAINFO and CURLINFO_CAPATH - Follow-up: https://github.com/curl/curl/commit/8203aa6ed405ec832d2c62f18dfda2 - 93f89a23f9 + Closes #11603 - Closes #10949 +- KNOWN_BUGS: aws-sigv4 does not behave well with AWS VPC Lattice -Stefan Eissing (13 Apr 2023) + Closes #11007 -- cf-socket: remove dead code discovered by PVS +Graham Campbell (6 Aug 2023) - Closes #10960 +- CI: use openssl 3.0.10+quic, nghttp3 0.14.0, ngtcp2 0.18.0 -Daniel Stenberg (13 Apr 2023) + Closes #11585 -- http: skip a double NULL assign +Daniel Stenberg (6 Aug 2023) - and also use a local variable to shorten the long names and increase - readability in the function. Pointed out by PVS. +- TODO: add *5* entries for aws-sigv4 - Ref: #10929 - Closes #10950 + Closes #7559 + Closes #8107 + Closes #8810 + Closes #9717 + Closes #10129 -- mime: skip NULL assigns after Curl_safefree() +- TODO: LDAP Certificate-Based Authentication - Pointed out by PVS. + Closes #9641 - Ref: #10929 - Closes #10947 +Stefan Eissing (6 Aug 2023) -- rtsp: skip NULL assigns after Curl_safefree() +- http2: cleanup trace messages - ... since this is a macro that assigns NULL itself. Pointed out by PVS. + - more compact format with bracketed stream id + - all frames traced in and out - Ref: #10929 - Closes #10946 + Closes #11592 -- smb: remove double assign +Daniel Stenberg (6 Aug 2023) - The same value is assigned the same value already a few lines above. - Pointed out by PVS. +- tests/tftpd+mqttd: make variables static to silence picky warnings - Ref: #10929 - Closes #10945 + Closes #11594 -- transfer: skip extra assign +- docs/cmdline: remove repeated working for negotiate + ntlm - The 'result' variable already contains CURLE_OK at this point, no use in - setting it again. Pointed out by PVS. + The extra wording is added automatically by the gen.pl tool - Ref: #10929 - Closes #10944 + Closes #11597 -- urlapi: skip a pointless assign +- docs/cmdline: add small "warning" to verbose options - It stores a null byte after already having confirmed there is a null - byte there. Detected by PVS. + "Note that verbose output of curl activities and network traffic might + contain sensitive data, including user names, credentials or secret data + content. Be aware and be careful when sharing trace logs with others." - Ref: #10929 - Closes #10943 + Closes #11596 -Philip Heiduck (13 Apr 2023) +- RELEASE-NOTES: synced -- GHA: suppress git clone output +- pingpong: don't use *bump_headersize - Closes #10939 + We use that for HTTP(S) only. -Stefan Eissing (13 Apr 2023) + Follow-up to 3ee79c1674fd6 -- tests: make test_12_01 a bit more forgiving on connection counts + Closes #11590 -- cf-socket: add socket recv buffering for most tcp cases +- urldata: remove spurious parenthesis to unbreak no-proxy build - - use bufq as recv buffer, also for Windows pre-receive handling - - catch small reads followed by larger ones in a single socket - call. A common pattern on TLS connections. + Follow-up to e12b39e13382 - Closes #10787 + Closes #11591 -Daniel Stenberg (13 Apr 2023) +- easy: don't call Curl_trc_opt() in disabled-verbose builds -- urlapi: cleanups + Follow-up to e12b39e133822c6a0 - - move host checks together - - simplify the scheme parser loop and the end of host name parser - - avoid itermediate buffer storing in multiple places - - reduce scope for several variables - - skip the Curl_dyn_tail() call for speed - - detect IPv6 earlier and skip extra checks for such hosts - - normalize directly in dynbuf instead of itermediate buffer - - split out the IPv6 parser into its own funciton - - call the IPv6 parser directly for ipv6 addresses - - remove (unused) special treatment of % in host names - - junkscan() once in the beginning instead of scattered - - make junkscan return error code - - remove unused query management from dedotdotify() - - make Curl_parse_login_details use memchr - - more use of memchr() instead of strchr() and less strlen() calls - - make junkscan check and return the URL length + Closes #11588 - An optimized build runs one of my benchmark URL parsing programs ~41% - faster using this branch. (compared against the shipped 7.88.1 library - in Debian) +- http: use %u for printfing int - Closes #10935 + Follow-up to 3ee79c1674fd6f99e8efca5 -Josh McCullough (13 Apr 2023) + Closes #11587 -- http2: fix typo in infof() call +Goro FUJI (3 Aug 2023) - Closes #10940 +- vquic: show stringified messages for errno -Daniel Stenberg (12 Apr 2023) + Closes #11584 -- noproxy: pointer to local array 'hostip' is stored outside scope +Stefan Eissing (3 Aug 2023) - Ref: #10929 - Closes #10933 +- trace: make tracing available in non-debug builds -Stefan Eissing (12 Apr 2023) + Add --trace-config to curl -- connect: fix https connection setup to treat ssl_mode correctly + Add curl_global_trace() to libcurl - - for HTTPS protocol, a disabled ssl should never be acceptables. + Closes #11421 - Closes #10934 +Daniel Stenberg (3 Aug 2023) -Douglas R. Reno (12 Apr 2023) +- TODO: remove "Support intermediate & root pinning for PINNEDPUBLICKEY" -- CMakeLists.txt: fix typo for Haiku detection + See also https://github.com/curl/curl/pull/7507 - Closes #10937 +- TODO: add "WebSocket read callback" -Dan Fandrich (11 Apr 2023) + remove "Upgrade to websockets" as we already have this -- pathhelp: use the cached $use_cygpath when available + Closes #11402 -- runtests: eliminate unneeded variable +- test497: verify rejecting too large incoming headers -- runtests: make the # of server start attempts a constant +- http: return error when receiving too large header set -- runtests: on startup failure call displaylogs only in serverfortest + To avoid abuse. The limit is set to 300 KB for the accumulated size of + all received HTTP headers for a single response. Incomplete research + suggests that Chrome uses a 256-300 KB limit, while Firefox allows up to + 1MB. - This reduces the number of calls spread throughout the code. + Closes #11582 - Ref: #10818 - Closes #10919 +Stefan Eissing (3 Aug 2023) -- runtests: return an error code with startservers() +- http2: upgrade tests and add fix for non-existing stream - The code indicates the kind of failure encountered in starting a server, - which can be used by the caller to tailor the user experience. + - check in h2 filter recv that stream actually exists + and return error if not + - add test for parallel, extreme h2 upgrades that fail if + connections get reused before fully switched + - add h2 upgrade upload test just for completeness - Ref: #10818 + Closes #11563 -- runtests: abort early if runpingpongserver is given a bad server type +Viktor Szakats (3 Aug 2023) -- runtests: don't use the SMB server verification time as reference +- tests: ensure `libcurl.def` contains all exports - %FTPTIME2 and %FTPTIME3 should be set by the FTP server only, for - consistency. + Add `test1279` to verify that `libcurl.def` lists all exported API + functions found in libcurl headers. -- tests: factor out the test server management code + Also: - This now lives in servers.pm with some configuration variables moved to - globalconfig.pm + - extend test suite XML `stdout` tag with the `loadfile` attribute. - Ref: #10818 + - fix `tests/extern-scan.pl` and `test1135` to include websocket API. -- runtests: remove an inappropriate use of runclientoutput + - use all headers (sorted) in `test1135` instead of a manual list. - This function is intended for running client code, not servers. + - add options `--sort`, `--heading=` to `tests/extern-scan.pl`. -- runtests: only add $LIBDIR to the path for checktestcmd + - add `libcurl.def` to the auto-labeler GHA task. - Since checkcmd is for finding servers, there will never be anything in - this directory of interest to them. + Follow-up to 2ebc74c36a19a1700af394c16855ce144d9878e3 - Ref: #10818 + Closes #11570 -- tests: log sshserver.pl messages to a file +Daniel Stenberg (2 Aug 2023) - The logmsg messages were thrown away before, so they are now available - for debugging. +- url: change default value for CURLOPT_MAXREDIRS to 30 -- runtests: also show DISABLED tests with -l + It was previously unlimited by default, but that's not a sensible + default. While changing this has a remote risk of breaking an existing + use case, I figure it is more likely to actually save users from loops. - Other reasons for skipping tests are ignored for -l, so being explicitly - disabled should be too. + Closes #11581 -- runtests: move the UNIX sockets into $PIDDIR +- lib: fix a few *printf() flag mistakes - These were missed when the other server files were moved there. + Reported-by: Gisle Vanem + Ref: #11574 + Closes #11579 - Follow-up to 70d2fca2 +Samuel Chiang (2 Aug 2023) - Ref: #10818 +- openssl: make aws-lc version support OCSP -- tests: tighten up perl exports + And bump version in CI - This reduces namespace pollution a little. + Closes #11568 - Ref: #10818 +Daniel Stenberg (2 Aug 2023) -- tests: turn perl modules into full packages +- tool: make the length argument an int for printf()-.* flags - This helps enforce more modularization and encapsulation. Enable and fix - warnings on a few packages. Also, rename ftp.pm to processhelp.pm since - there's really nothing ftp-specific in it. + Closes #11578 - Ref: #10818 +- tool_operate: fix memory leak when SSL_CERT_DIR is used -Daniel Stenberg (11 Apr 2023) + Detected by Coverity -- multi: remove a few superfluous assigns + Follow-up to 29bce9857a12b6cfa726a5 - PVS found these "The 'rc' variable was assigned the same value." cases. + Closes #11577 - Ref: #10929 - Closes #10932 +- tool/var: free memory on OOM -- schannel: add clarifying comment + Coverity detected this memory leak in OOM situation - Explaining how the PVS warning in #10929 is wrong: Dereferencing of the - null pointer 'backend->cred' might take place. + Follow-up to 2e160c9c652504e - Closes #10931 + Closes #11575 -- cookie: clarify that init with data set to NULL reads no file +Viktor Szakats (2 Aug 2023) - ... and make Curl_cookie_add() require 'data' being set proper with an - assert. +- gha: bump libressl and mbedtls versions - The function has not worked with a NULL data for quite some time so this - just corrects the code and comment. + Closes #11573 - This is a different take than the proposed fixed in #10927 +Jay Satiro (2 Aug 2023) - Reported-by: Kvarec Lezki - Ref: #10929 - Closes #10930 +- schannel: fix user-set legacy algorithms in Windows 10 & 11 -Kvarec Lezki (11 Apr 2023) + - If the user set a legacy algorithm list (CURLOPT_SSL_CIPHER_LIST) then + use the SCHANNEL_CRED legacy structure to pass the list to Schannel. -- vtls: remove int typecast for sizeof() + - If the user set both a legacy algorithm list and a TLS 1.3 cipher list + then abort. - V220 Suspicious sequence of types castings: memsize -> 32-bit integer -> - memsize. The value being cast: 'sizeof - (buf->data)'. curl\lib\vtls\vtls.c 2025 + Although MS doesn't document it, Schannel will not negotiate TLS 1.3 + when SCHANNEL_CRED is used. That means setting a legacy algorithm list + limits the user to earlier versions of TLS. - https://pvs-studio.com/en/docs/warnings/v220/ + Prior to this change, since 8beff435 (precedes 7.85.0), libcurl would + ignore legacy algorithms in Windows 10 1809 and later. - Closes #10928 + Reported-by: zhihaoy@users.noreply.github.com -Stefan Eissing (11 Apr 2023) + Fixes https://github.com/curl/curl/pull/10741 + Closes https://github.com/curl/curl/pull/10746 -- http2: fix copynpaste error reported by coverity +Daniel Stenberg (2 Aug 2023) - - move all code handling HTTP/2 frames for a particular - stream into a separate function to keep from confusing - the call `data` with the stream `data`. +- variable.d: setting a variable again overwrites it - Closes #10924 + Reported-by: Niall McGee + Bug: https://twitter.com/niallmcgee/status/1686523075423322113 + Closes #11571 -Dan Fandrich (11 Apr 2023) +Jay Satiro (2 Aug 2023) -- tests: log a too-long Unix socket path in sws and socksd +- CURLOPT_PROXY_SSL_OPTIONS.3: sync formatting - Ref: #10919 + - Re-wrap CURLSSLOPT_ALLOW_BEAST description. -Daniel Stenberg (11 Apr 2023) +Daniel Stenberg (2 Aug 2023) -- gen.pl: error on duplicated See-Also fields +- RELEASE-NOTES: synced - Updated http2.d accordingly. +- resolve: use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set - Closes #10925 + Previously it would always do PF_UNSPEC if CURL_IPRESOLVE_V4 is not + used, thus unnecessarily asking for addresses that will not be used. -- http2: avoid possible null pointer dereference + Reported-by: Joseph Tharayil + Fixes #11564 + Closes #11565 - Reported-by: Dan Fandrich - Fixes #10920 - Closes #10923 +- docs: link to the website versions instead of markdowns -- lib1560: verify that more bad host names are rejected + ... to make the links work when the markdown is converted to webpages on + https://curl.se - when setting the hostname component of a URL + Reported-by: Maurício Meneghini Fauth + Fixes https://github.com/curl/curl-www/issues/272 + Closes #11569 - Closes #10922 +Viktor Szakats (1 Aug 2023) -- curl_url_set.3: mention that users can set content rather freely +- cmake: cache more config and delete unused ones - ... which then might render bad URLs if you extract a URL later. + - cache more Windows config results for faster initialization. - Closes #10921 + - delete unused config macros `HAVE_SYS_UTSNAME_H`, `HAVE_SSL_H`. -Dan Fandrich (10 Apr 2023) + - delete dead references to `sys/utsname.h`. -- CI: retry failed downloads of aws-lc + Closes #11551 - Don't fail the build in case of a temporary server problem. +- egd: delete feature detection and related source code -- test1169: fix so it works properly everywhere + EGD is Entropy Gathering Daemon, a socket-based entropy source supported + by pre-OpenSSL v1.1 versions and now deprecated. curl also deprecated it + a while ago. - - Use an absolute path for the -L option since the module isn't in the - perl path - - Create the needed test file in a section; isn't - intended for this - - Fix the test number in the file name, which was wrong + Its detection in CMake was broken all along because OpenSSL libs were + not linked at the point of feature check. - Follow-up to f754990a + Delete detection from both cmake and autotools, along with the related + source snippet, and the `--with-egd-socket=` `./configure` option. - Ref: #10818 - Fixes #10889 - Closes #10917 + Closes #11556 -- tests: stop using strndup(), which isn't portable +Stefan Eissing (1 Aug 2023) - It's not available on Solaris 10, for example. Since this is just test - code that doesn't need to use an optimized system version, replace it - with the implementation copied from tool_cb_hdr.c. +- tests: fix h3 server check and parallel instances -- runtests: fix an incorrect comment about the ld_preload feature + - fix check for availability of nghttpx server + - add `tcp` frontend config for same port as quic, as + without this, port 3000 is bound which clashes for parallel + testing - Follow-up to 1f631864 + Closes #11553 - Ref: #10818 +Daniel Stenberg (1 Aug 2023) -Daniel Stenberg (9 Apr 2023) +- docs/cmdline-opts: spellfixes, typos and polish -- urlapi: prevent setting invalid schemes with *url_set() + To make them accepted by the spell checker - A typical mistake would be to try to set "https://" - including the - separator - this is now rejected as that would then lead to - url_get(... URL...) would get an invalid URL extracted. + Closes #11562 - Extended test 1560 to verify. +- CI/spellcheck: build curl.1 and spellcheck it - Closes #10911 + Added acceptable words -Biswapriyo Nath (9 Apr 2023) + Closes #11562 -- http2: remove unused Curl_http2_strerror function declaration +Alexander Jaeger (1 Aug 2023) - Curl_http2_strerror was renamed to http2_strerror in - 05b100aee247bb9bec8e9a1b0 and then http2_strerror was removed in - 5808a0d0f5ea0399d4a2a2 +- misc: fix various typos - This also fixes the following compiler error + Closes #11561 - lib/http2.h:41:33: error: unknown type name 'uint32_t' - lib/http2.h:1:1: note: 'uint32_t' is defined in header '' +Daniel Stenberg (1 Aug 2023) - Closes #10912 +- http2: avoid too early connection re-use/multiplexing -Daniel Stenberg (8 Apr 2023) + HTTP/1 connections that are upgraded to HTTP/2 should not be picked up + for reuse and multiplexing by other handles until the 101 switching + process is completed. -- RELEASE-NOTES: synced + Lots-of-debgging-by: Stefan Eissing + Reported-by: Richard W.M. Jones + Bug: https://curl.se/mail/lib-2023-07/0045.html + Closes #11557 -SuperIlu on github (8 Apr 2023) +- Revert "KNOWN_BUGS: build for iOS simulator on macOS 13.2 with Xcode 14" -- config-dos.h: fix SIZEOF_CURL_OFF_T for MS-DOS/DJGPP + This reverts commit 2e8a3d7cb73c85a9aa151e263315f8a496dbb9d4. - Fixes #10905 - Closes #10910 + It's a user error for supplying incomplete information to the build system. -Daniel Stenberg (8 Apr 2023) + Reported-by: Ryan Schmidt + Ref: https://github.com/curl/curl/issues/11215#issuecomment-1658729367 -- lib: remove CURLX_NO_MEMORY_CALLBACKS +Viktor Szakats (1 Aug 2023) - The only user of this define was 'chkdecimalpoint' - a special purpose - test tool that was built but not used anymore (since 17c18fbc3 - Apr - 2020). +- cmake: add support for single libcurl compilation pass - Closes #10908 + Before this patch CMake builds used two separate compilation passes to + build the shared and static libcurl respectively. This patch allows to + reduce that to a single pass if the target platform and build settings + allow it. -- CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2 + This reduces CMake build times when building both static and shared + libcurl at the same time, making these dual builds an almost zero-cost + option. - Setting this proxy type allows curl to negotiate and use HTTP/2 with - HTTPS proxies. + Enable this feature for Windows builds, where the difference between the + two passes was the use of `__declspec(dllexport)` attribute for exported + API functions for the shared builds. This patch replaces this method + with the use of `libcurl.def` at DLL link time. - Closes #10900 + Also update `Makefile.mk` to use `libcurl.def` to export libcurl API + symbols on Windows. This simplifies (or fixes) this build method (e.g. + in curl-for-win, which generated a `libcurl.def` from `.h` files using + an elaborate set of transformations). -Ali Khodkar (8 Apr 2023) + `libcurl.def` has the maintenance cost of keeping the list of public + libcurl API symbols up-to-date. This list seldom changes, so the cost + is low. -- write-out.d: add missing periods + Closes #11546 - Closes #10897 +- cmake: detect `SSL_set0_wbio` in OpenSSL -Daniel Stenberg (7 Apr 2023) + Present in OpenSSL 1.1.0 and BoringSSL. + Missing from LibreSSL 3.8.0. -- http2: remove check for !data after it was already dereferenced + Follow-up to f39472ea9f4f4e12cfbc0500c4580a8d52ce4a59 - Pointed out by Coverity + While here, also fix `RAND_egd()` detection which was broken, likely all + along. This feature is probably broken with CMake builds and also + requires a sufficiently obsolete OpenSSL version, so this part of the + update was not tested. - Closes #10906 + Closes #11555 diff --git a/Makefile b/Makefile index a5818e1da..3db331a48 100644 --- a/Makefile +++ b/Makefile @@ -30,27 +30,6 @@ ssl: ./configure --with-openssl make -mingw32: - $(MAKE) -C lib -f Makefile.mk - $(MAKE) -C src -f Makefile.mk - -mingw32-clean: - $(MAKE) -C lib -f Makefile.mk clean - $(MAKE) -C src -f Makefile.mk clean - $(MAKE) -C docs/examples -f Makefile.mk clean - -mingw32-vclean mingw32-distclean: - $(MAKE) -C lib -f Makefile.mk vclean - $(MAKE) -C src -f Makefile.mk vclean - $(MAKE) -C docs/examples -f Makefile.mk vclean - -mingw32-examples%: - $(MAKE) -C docs/examples -f Makefile.mk CFG=$@ - -mingw32%: - $(MAKE) -C lib -f Makefile.mk CFG=$@ - $(MAKE) -C src -f Makefile.mk CFG=$@ - vc: cd winbuild nmake /f Makefile.vc MACHINE=x86 diff --git a/Makefile.in b/Makefile.in index 4d84af5f7..95dd27ef4 100644 --- a/Makefile.in +++ b/Makefile.in @@ -408,6 +408,7 @@ HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_OPENSSL_QUIC = @HAVE_OPENSSL_QUIC@ HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ HAVE_PROTO_BSDSOCKET_H = @HAVE_PROTO_BSDSOCKET_H@ HAVE_ZSTD = @HAVE_ZSTD@ @@ -483,10 +484,14 @@ USE_MSH3 = @USE_MSH3@ USE_NGHTTP2 = @USE_NGHTTP2@ USE_NGHTTP3 = @USE_NGHTTP3@ USE_NGTCP2 = @USE_NGTCP2@ +USE_NGTCP2_CRYPTO_BORINGSSL = @USE_NGTCP2_CRYPTO_BORINGSSL@ USE_NGTCP2_CRYPTO_GNUTLS = @USE_NGTCP2_CRYPTO_GNUTLS@ USE_NGTCP2_CRYPTO_QUICTLS = @USE_NGTCP2_CRYPTO_QUICTLS@ USE_NGTCP2_CRYPTO_WOLFSSL = @USE_NGTCP2_CRYPTO_WOLFSSL@ +USE_NGTCP2_H3 = @USE_NGTCP2_H3@ USE_OPENLDAP = @USE_OPENLDAP@ +USE_OPENSSL_H3 = @USE_OPENSSL_H3@ +USE_OPENSSL_QUIC = @USE_OPENSSL_QUIC@ USE_QUICHE = @USE_QUICHE@ USE_RUSTLS = @USE_RUSTLS@ USE_SCHANNEL = @USE_SCHANNEL@ @@ -585,24 +590,6 @@ CMAKE_DIST = \ CMake/Utilities.cmake \ CMakeLists.txt -VC10_LIBTMPL = projects/Windows/VC10/lib/libcurl.tmpl -VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj.dist -VC10_LIBVCXPROJ_DEPS = $(VC10_LIBTMPL) Makefile.am lib/Makefile.inc -VC10_SRCTMPL = projects/Windows/VC10/src/curl.tmpl -VC10_SRCVCXPROJ = projects/Windows/VC10/src/curl.vcxproj.dist -VC10_SRCVCXPROJ_DEPS = $(VC10_SRCTMPL) Makefile.am src/Makefile.inc -VC11_LIBTMPL = projects/Windows/VC11/lib/libcurl.tmpl -VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj.dist -VC11_LIBVCXPROJ_DEPS = $(VC11_LIBTMPL) Makefile.am lib/Makefile.inc -VC11_SRCTMPL = projects/Windows/VC11/src/curl.tmpl -VC11_SRCVCXPROJ = projects/Windows/VC11/src/curl.vcxproj.dist -VC11_SRCVCXPROJ_DEPS = $(VC11_SRCTMPL) Makefile.am src/Makefile.inc -VC12_LIBTMPL = projects/Windows/VC12/lib/libcurl.tmpl -VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj.dist -VC12_LIBVCXPROJ_DEPS = $(VC12_LIBTMPL) Makefile.am lib/Makefile.inc -VC12_SRCTMPL = projects/Windows/VC12/src/curl.tmpl -VC12_SRCVCXPROJ = projects/Windows/VC12/src/curl.vcxproj.dist -VC12_SRCVCXPROJ_DEPS = $(VC12_SRCTMPL) Makefile.am src/Makefile.inc VC14_LIBTMPL = projects/Windows/VC14/lib/libcurl.tmpl VC14_LIBVCXPROJ = projects/Windows/VC14/lib/libcurl.vcxproj.dist VC14_LIBVCXPROJ_DEPS = $(VC14_LIBTMPL) Makefile.am lib/Makefile.inc @@ -615,6 +602,12 @@ VC14_10_LIBVCXPROJ_DEPS = $(VC14_10_LIBTMPL) Makefile.am lib/Makefile.inc VC14_10_SRCTMPL = projects/Windows/VC14.10/src/curl.tmpl VC14_10_SRCVCXPROJ = projects/Windows/VC14.10/src/curl.vcxproj.dist VC14_10_SRCVCXPROJ_DEPS = $(VC14_10_SRCTMPL) Makefile.am src/Makefile.inc +VC14_20_LIBTMPL = projects/Windows/VC14.20/lib/libcurl.tmpl +VC14_20_LIBVCXPROJ = projects/Windows/VC14.20/lib/libcurl.vcxproj.dist +VC14_20_LIBVCXPROJ_DEPS = $(VC14_20_LIBTMPL) Makefile.am lib/Makefile.inc +VC14_20_SRCTMPL = projects/Windows/VC14.20/src/curl.tmpl +VC14_20_SRCVCXPROJ = projects/Windows/VC14.20/src/curl.vcxproj.dist +VC14_20_SRCVCXPROJ_DEPS = $(VC14_20_SRCTMPL) Makefile.am src/Makefile.inc VC14_30_LIBTMPL = projects/Windows/VC14.30/lib/libcurl.tmpl VC14_30_LIBVCXPROJ = projects/Windows/VC14.30/lib/libcurl.vcxproj.dist VC14_30_LIBVCXPROJ_DEPS = $(VC14_30_LIBTMPL) Makefile.am lib/Makefile.inc @@ -625,21 +618,6 @@ VC_DIST = projects/README.md \ projects/build-openssl.bat \ projects/build-wolfssl.bat \ projects/checksrc.bat \ - projects/Windows/VC10/curl-all.sln \ - projects/Windows/VC10/lib/libcurl.sln \ - projects/Windows/VC10/lib/libcurl.vcxproj.filters \ - projects/Windows/VC10/src/curl.sln \ - projects/Windows/VC10/src/curl.vcxproj.filters \ - projects/Windows/VC11/curl-all.sln \ - projects/Windows/VC11/lib/libcurl.sln \ - projects/Windows/VC11/lib/libcurl.vcxproj.filters \ - projects/Windows/VC11/src/curl.sln \ - projects/Windows/VC11/src/curl.vcxproj.filters \ - projects/Windows/VC12/curl-all.sln \ - projects/Windows/VC12/lib/libcurl.sln \ - projects/Windows/VC12/lib/libcurl.vcxproj.filters \ - projects/Windows/VC12/src/curl.sln \ - projects/Windows/VC12/src/curl.vcxproj.filters \ projects/Windows/VC14/curl-all.sln \ projects/Windows/VC14/lib/libcurl.sln \ projects/Windows/VC14/lib/libcurl.vcxproj.filters \ @@ -650,6 +628,11 @@ VC_DIST = projects/README.md \ projects/Windows/VC14.10/lib/libcurl.vcxproj.filters \ projects/Windows/VC14.10/src/curl.sln \ projects/Windows/VC14.10/src/curl.vcxproj.filters \ + projects/Windows/VC14.20/curl-all.sln \ + projects/Windows/VC14.20/lib/libcurl.sln \ + projects/Windows/VC14.20/lib/libcurl.vcxproj.filters \ + projects/Windows/VC14.20/src/curl.sln \ + projects/Windows/VC14.20/src/curl.vcxproj.filters \ projects/Windows/VC14.30/curl-all.sln \ projects/Windows/VC14.30/lib/libcurl.sln \ projects/Windows/VC14.30/lib/libcurl.vcxproj.filters \ @@ -677,9 +660,9 @@ EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in \ $(VC_DIST) $(WINBUILD_DIST) $(PLAN9_DIST) lib/libcurl.vers.in buildconf.bat \ libcurl.def -CLEANFILES = $(VC10_LIBVCXPROJ) $(VC10_SRCVCXPROJ) $(VC11_LIBVCXPROJ) \ - $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ) $(VC14_LIBVCXPROJ) \ - $(VC14_SRCVCXPROJ) $(VC14_10_LIBVCXPROJ) $(VC14_10_SRCVCXPROJ) \ +CLEANFILES = $(VC14_LIBVCXPROJ) $(VC14_SRCVCXPROJ) \ + $(VC14_10_LIBVCXPROJ) $(VC14_10_SRCVCXPROJ) \ + $(VC14_20_LIBVCXPROJ) $(VC14_20_SRCVCXPROJ) \ $(VC14_30_LIBVCXPROJ) $(VC14_30_SRCVCXPROJ) bin_SCRIPTS = curl-config @@ -743,15 +726,19 @@ LIB_VTLS_HFILES = \ LIB_VQUIC_CFILES = \ vquic/curl_msh3.c \ vquic/curl_ngtcp2.c \ + vquic/curl_osslq.c \ vquic/curl_quiche.c \ - vquic/vquic.c + vquic/vquic.c \ + vquic/vquic-tls.c LIB_VQUIC_HFILES = \ vquic/curl_msh3.h \ vquic/curl_ngtcp2.h \ + vquic/curl_osslq.h \ vquic/curl_quiche.h \ vquic/vquic.h \ - vquic/vquic_int.h + vquic/vquic_int.h \ + vquic/vquic-tls.h LIB_VSSH_CFILES = \ vssh/libssh.c \ @@ -1086,6 +1073,7 @@ CURL_CFILES = \ tool_help.c \ tool_helpers.c \ tool_hugehelp.c \ + tool_ipfs.c \ tool_libinfo.c \ tool_listhelp.c \ tool_main.c \ @@ -1129,6 +1117,7 @@ CURL_HFILES = \ tool_help.h \ tool_helpers.h \ tool_hugehelp.h \ + tool_ipfs.h \ tool_libinfo.h \ tool_main.h \ tool_msgs.h \ @@ -1621,6 +1610,8 @@ dvi: dvi-recursive dvi-am: +html: html-recursive + html-am: info: info-recursive @@ -1666,6 +1657,8 @@ mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool +pdf: pdf-recursive + pdf-am: ps: ps-recursive @@ -1711,12 +1704,6 @@ dist-hook: cp -p $$file $(distdir)$$strip; \ done) -html: - cd docs && $(MAKE) html - -pdf: - cd docs && $(MAKE) pdf - check: test examples check-docs @CROSSCOMPILING_TRUE@test-full: test @@ -1829,10 +1816,9 @@ checksrc: .PHONY: vc-ide -vc-ide: $(VC10_LIBVCXPROJ_DEPS) $(VC10_SRCVCXPROJ_DEPS) \ - $(VC11_LIBVCXPROJ_DEPS) $(VC11_SRCVCXPROJ_DEPS) $(VC12_LIBVCXPROJ_DEPS) \ - $(VC12_SRCVCXPROJ_DEPS) $(VC14_LIBVCXPROJ_DEPS) $(VC14_SRCVCXPROJ_DEPS) \ - $(VC14_10_LIBVCXPROJ_DEPS) $(VC14_10_SRCVCXPROJ_DEPS) \ +vc-ide: $(VC14_LIBVCXPROJ_DEPS) $(VC14_SRCVCXPROJ_DEPS) \ + $(VC14_10_LIBVCXPROJ_DEPS) $(VC14_10_SRCVCXPROJ_DEPS) \ + $(VC14_20_LIBVCXPROJ_DEPS) $(VC14_20_SRCVCXPROJ_DEPS) \ $(VC14_30_LIBVCXPROJ_DEPS) $(VC14_30_SRCVCXPROJ_DEPS) @(win32_lib_srcs='$(LIB_CFILES)'; \ win32_lib_hdrs='$(LIB_HFILES) config-win32.h'; \ @@ -1994,55 +1980,7 @@ function gen_element(type, dir, file)\ printf("%s\r\n", $$0);\ }';\ \ - echo "generating '$(VC10_LIBVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC10_LIBTMPL) > $(VC10_LIBVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC10_SRCVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC10_SRCTMPL) > $(VC10_SRCVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC11_LIBVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC11_LIBTMPL) > $(VC11_LIBVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC11_SRCVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC11_SRCTMPL) > $(VC11_SRCVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC12_LIBVCXPROJ)'"; \ + echo "generating '$(VC14_LIBVCXPROJ)'"; \ awk -v proj_type=vcxproj \ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ @@ -2055,18 +1993,18 @@ function gen_element(type, dir, file)\ -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC12_LIBTMPL) > $(VC12_LIBVCXPROJ) || { exit 1; }; \ + "$$awk_code" $(srcdir)/$(VC14_LIBTMPL) > $(VC14_LIBVCXPROJ) || { exit 1; }; \ \ - echo "generating '$(VC12_SRCVCXPROJ)'"; \ + echo "generating '$(VC14_SRCVCXPROJ)'"; \ awk -v proj_type=vcxproj \ -v src_srcs="$$sorted_src_srcs" \ -v src_hdrs="$$sorted_src_hdrs" \ -v src_rc="$$win32_src_rc" \ -v src_x_srcs="$$sorted_src_x_srcs" \ -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; }; \ + "$$awk_code" $(srcdir)/$(VC14_SRCTMPL) > $(VC14_SRCVCXPROJ) || { exit 1; }; \ \ - echo "generating '$(VC14_LIBVCXPROJ)'"; \ + echo "generating '$(VC14_10_LIBVCXPROJ)'"; \ awk -v proj_type=vcxproj \ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ @@ -2079,18 +2017,18 @@ function gen_element(type, dir, file)\ -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC14_LIBTMPL) > $(VC14_LIBVCXPROJ) || { exit 1; }; \ + "$$awk_code" $(srcdir)/$(VC14_10_LIBTMPL) > $(VC14_10_LIBVCXPROJ) || { exit 1; }; \ \ - echo "generating '$(VC14_SRCVCXPROJ)'"; \ + echo "generating '$(VC14_10_SRCVCXPROJ)'"; \ awk -v proj_type=vcxproj \ -v src_srcs="$$sorted_src_srcs" \ -v src_hdrs="$$sorted_src_hdrs" \ -v src_rc="$$win32_src_rc" \ -v src_x_srcs="$$sorted_src_x_srcs" \ -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC14_SRCTMPL) > $(VC14_SRCVCXPROJ) || { exit 1; }; \ + "$$awk_code" $(srcdir)/$(VC14_10_SRCTMPL) > $(VC14_10_SRCVCXPROJ) || { exit 1; }; \ \ - echo "generating '$(VC14_10_LIBVCXPROJ)'"; \ + echo "generating '$(VC14_20_LIBVCXPROJ)'"; \ awk -v proj_type=vcxproj \ -v lib_srcs="$$sorted_lib_srcs" \ -v lib_hdrs="$$sorted_lib_hdrs" \ @@ -2103,16 +2041,16 @@ function gen_element(type, dir, file)\ -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC14_10_LIBTMPL) > $(VC14_10_LIBVCXPROJ) || { exit 1; }; \ + "$$awk_code" $(srcdir)/$(VC14_20_LIBTMPL) > $(VC14_20_LIBVCXPROJ) || { exit 1; }; \ \ - echo "generating '$(VC14_10_SRCVCXPROJ)'"; \ + echo "generating '$(VC14_20_SRCVCXPROJ)'"; \ awk -v proj_type=vcxproj \ -v src_srcs="$$sorted_src_srcs" \ -v src_hdrs="$$sorted_src_hdrs" \ -v src_rc="$$win32_src_rc" \ -v src_x_srcs="$$sorted_src_x_srcs" \ -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC14_10_SRCTMPL) > $(VC14_10_SRCVCXPROJ) || { exit 1; }; \ + "$$awk_code" $(srcdir)/$(VC14_20_SRCTMPL) > $(VC14_20_SRCVCXPROJ) || { exit 1; }; \ \ echo "generating '$(VC14_30_LIBVCXPROJ)'"; \ awk -v proj_type=vcxproj \ diff --git a/configure b/configure index 04d1de146..da9f3b70f 100644 --- a/configure +++ b/configure @@ -930,9 +930,13 @@ FISH_FUNCTIONS_DIR ZSH_FUNCTIONS_DIR USE_MSH3 USE_QUICHE +USE_OPENSSL_H3 +USE_NGTCP2_H3 USE_NGHTTP3 +USE_OPENSSL_QUIC USE_NGTCP2_CRYPTO_WOLFSSL USE_NGTCP2_CRYPTO_GNUTLS +USE_NGTCP2_CRYPTO_BORINGSSL USE_NGTCP2_CRYPTO_QUICTLS USE_NGTCP2 USE_NGHTTP2 @@ -958,6 +962,7 @@ USE_WOLFSSL USE_MBEDTLS HAVE_GNUTLS_SRP USE_GNUTLS +HAVE_OPENSSL_QUIC HAVE_OPENSSL_SRP RANDOM_FILE SSL_LIBS @@ -1000,13 +1005,13 @@ HAVE_WINDRES_TRUE USE_WIN32_CRYPTO USE_WIN32_SMALL_FILES USE_WIN32_LARGE_FILES -DOING_NATIVE_WINDOWS_FALSE -DOING_NATIVE_WINDOWS_TRUE BUILD_UNITTESTS_FALSE BUILD_UNITTESTS_TRUE CURLDEBUG_FALSE CURLDEBUG_TRUE CURL_CFLAG_EXTRAS +DOING_NATIVE_WINDOWS_FALSE +DOING_NATIVE_WINDOWS_TRUE USE_EXPLICIT_LIB_DEPS_FALSE USE_EXPLICIT_LIB_DEPS_TRUE REQUIRE_LIB_DEPS @@ -1244,6 +1249,7 @@ with_winidn with_libidn2 with_nghttp2 with_ngtcp2 +with_openssl_quic with_nghttp3 with_quiche with_msh3 @@ -2140,7 +2146,7 @@ Optional Packages: --without-ca-path Don't use a default CA path --with-ca-fallback Use the built in CA store of the SSL library --without-ca-fallback Don't use the built in CA store of the SSL library - --without-libpsl disable support for libpsl cookie checking + --without-libpsl disable support for libpsl --without-libgsasl disable libgsasl support for SCRAM --with-libssh2=PATH Where to look for libssh2, PATH points to the libssh2 installation; when possible, set the @@ -2169,6 +2175,8 @@ Optional Packages: --without-nghttp2 Disable nghttp2 usage --with-ngtcp2=PATH Enable ngtcp2 usage --without-ngtcp2 Disable ngtcp2 usage + --with-openssl-quic Enable OpenSSL QUIC usage + --without-openssl-quic Disable OpenSSL QUIC usage --with-nghttp3=PATH Enable nghttp3 usage --without-nghttp3 Disable nghttp3 usage --with-quiche=PATH Enable quiche usage @@ -6677,8 +6685,8 @@ curl_headers_msg="enabled (--disable-headers-api)" curl_ws_msg="no (--enable-websockets)" ssl_backends= curl_h1_msg="enabled (internal)" - curl_h2_msg="no (--with-nghttp2, --with-hyper)" - curl_h3_msg="no (--with-ngtcp2 --with-nghttp3, --with-quiche, --with-msh3)" + curl_h2_msg="no (--with-nghttp2)" + curl_h3_msg="no (--with-ngtcp2 --with-nghttp3, --with-quiche, --with-openssl-quic, --with-msh3)" enable_altsvc="yes" hsts="yes" @@ -7511,7 +7519,7 @@ printf "%s\n" "$ac_cv_path_EGREP" >&6; } - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if OS is AIX (to define _ALL_SOURCE)" >&5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if OS is AIX (to define _ALL_SOURCE)" >&5 printf %s "checking if OS is AIX (to define _ALL_SOURCE)... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -17684,7 +17692,11 @@ rm -f conftest.err conftest.i conftest.$ac_ext if test "$curl_cv_have_def___INTEL_COMPILER" = "yes"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking compiler version" >&5 +printf %s "checking compiler version... " >&6; } compiler_num="$curl_cv_def___INTEL_COMPILER" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: Intel C '$compiler_num'" >&5 +printf "%s\n" "Intel C '$compiler_num'" >&6; } OLDCPPFLAGS=$CPPFLAGS # CPPPFLAG comes from CURL_CPP_P @@ -17855,18 +17867,41 @@ printf "%s\n" "yes" >&6; } printf "%s\n" "no" >&6; } compiler_id="CLANG" fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking compiler version" >&5 +printf %s "checking compiler version... " >&6; } fullclangver=`$CC -v 2>&1 | grep version` + if echo $fullclangver | grep 'Apple' >/dev/null; then + appleclang=1 + else + appleclang=0 + fi clangver=`echo $fullclangver | grep "based on LLVM " | "$SED" 's/.*(based on LLVM \([0-9]*\.[0-9]*\).*)/\1/'` if test -z "$clangver"; then - if echo $fullclangver | grep "Apple LLVM version " >/dev/null; then - clangver="3.7" - else - clangver=`echo $fullclangver | "$SED" 's/.*version \([0-9]*\.[0-9]*\).*/\1/'` - fi + clangver=`echo $fullclangver | "$SED" 's/.*version \([0-9]*\.[0-9]*\).*/\1/'` + oldapple=0 + else + oldapple=1 fi clangvhi=`echo $clangver | cut -d . -f1` clangvlo=`echo $clangver | cut -d . -f2` compiler_num=`(expr $clangvhi "*" 100 + $clangvlo) 2>/dev/null` + if test "$appleclang" = '1' && test "$oldapple" = '0'; then + if test "$compiler_num" -ge '1300'; then compiler_num='1200' + elif test "$compiler_num" -ge '1205'; then compiler_num='1101' + elif test "$compiler_num" -ge '1204'; then compiler_num='1000' + elif test "$compiler_num" -ge '1107'; then compiler_num='900' + elif test "$compiler_num" -ge '1103'; then compiler_num='800' + elif test "$compiler_num" -ge '1003'; then compiler_num='700' + elif test "$compiler_num" -ge '1001'; then compiler_num='600' + elif test "$compiler_num" -ge '904'; then compiler_num='500' + elif test "$compiler_num" -ge '902'; then compiler_num='400' + elif test "$compiler_num" -ge '803'; then compiler_num='309' + elif test "$compiler_num" -ge '703'; then compiler_num='308' + else compiler_num='307' + fi + fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: clang '$compiler_num' (raw: '$fullclangver' / '$clangver')" >&5 +printf "%s\n" "clang '$compiler_num' (raw: '$fullclangver' / '$clangver')" >&6; } flags_dbg_yes="-g" flags_opt_all="-O -O0 -O1 -O2 -Os -O3 -O4" flags_opt_yes="-O2" @@ -17929,120 +17964,23 @@ rm -f conftest.err conftest.i conftest.$ac_ext { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } compiler_id="GNU_C" - gccver=`$CC -dumpversion` + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking compiler version" >&5 +printf %s "checking compiler version... " >&6; } + # strip '-suffix' parts, e.g. Ubuntu Windows cross-gcc returns '10-win32' + gccver=`$CC -dumpversion | sed -E 's/-.+$//'` gccvhi=`echo $gccver | cut -d . -f1` - gccvlo=`echo $gccver | cut -d . -f2` + if echo $gccver | grep -F '.' >/dev/null; then + gccvlo=`echo $gccver | cut -d . -f2` + else + gccvlo="0" + fi compiler_num=`(expr $gccvhi "*" 100 + $gccvlo) 2>/dev/null` + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: gcc '$compiler_num' (raw: '$gccver')" >&5 +printf "%s\n" "gcc '$compiler_num' (raw: '$gccver')" >&6; } flags_dbg_yes="-g" flags_opt_all="-O -O0 -O1 -O2 -O3 -Os -Og -Ofast" flags_opt_yes="-O2" flags_opt_off="-O0" - - OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAG comes from CURL_CPP_P - CPPFLAGS="$CPPFLAGS $CPPPFLAG" - if test -z "$SED"; then - as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 - fi - if test -z "$GREP"; then - as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5 - fi - - tmp_exp="" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -#ifdef _WIN32 -CURL_DEF_TOKEN _WIN32 -#endif - - -_ACEOF -if ac_fn_c_try_cpp "$LINENO" -then : - - tmp_exp=`eval "$ac_cpp conftest.$ac_ext" 2>/dev/null | \ - "$GREP" CURL_DEF_TOKEN 2>/dev/null | \ - "$SED" 's/.*CURL_DEF_TOKEN[ ][ ]*//' 2>/dev/null | \ - "$SED" 's/["][ ]*["]//g' 2>/dev/null` - if test -z "$tmp_exp" || test "$tmp_exp" = "_WIN32"; then - tmp_exp="" - fi - -fi -rm -f conftest.err conftest.i conftest.$ac_ext - if test -z "$tmp_exp"; then - curl_cv_have_def__WIN32=no - - else - curl_cv_have_def__WIN32=yes - curl_cv_def__WIN32=$tmp_exp - - fi - CPPFLAGS=$OLDCPPFLAGS - - else - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } - fi - - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if compiler is LCC" >&5 -printf %s "checking if compiler is LCC... " >&6; } - - OLDCPPFLAGS=$CPPFLAGS - # CPPPFLAG comes from CURL_CPP_P - CPPFLAGS="$CPPFLAGS $CPPPFLAG" - if test -z "$SED"; then - as_fn_error $? "SED not set. Cannot continue without SED being set." "$LINENO" 5 - fi - if test -z "$GREP"; then - as_fn_error $? "GREP not set. Cannot continue without GREP being set." "$LINENO" 5 - fi - - tmp_exp="" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -#ifdef __LCC__ -CURL_DEF_TOKEN __LCC__ -#endif - - -_ACEOF -if ac_fn_c_try_cpp "$LINENO" -then : - - tmp_exp=`eval "$ac_cpp conftest.$ac_ext" 2>/dev/null | \ - "$GREP" CURL_DEF_TOKEN 2>/dev/null | \ - "$SED" 's/.*CURL_DEF_TOKEN[ ][ ]*//' 2>/dev/null | \ - "$SED" 's/["][ ]*["]//g' 2>/dev/null` - if test -z "$tmp_exp" || test "$tmp_exp" = "__LCC__"; then - tmp_exp="" - fi - -fi -rm -f conftest.err conftest.i conftest.$ac_ext - if test -z "$tmp_exp"; then - curl_cv_have_def___LCC__=no - - else - curl_cv_have_def___LCC__=yes - curl_cv_def___LCC__=$tmp_exp - - fi - CPPFLAGS=$OLDCPPFLAGS - - if test "$curl_cv_have_def___LCC__" = "yes"; then - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -printf "%s\n" "yes" >&6; } - compiler_id="LCC" - flags_dbg_yes="-g" - flags_opt_all="" - flags_opt_yes="" - flags_opt_off="" else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 printf "%s\n" "no" >&6; } @@ -18449,6 +18387,57 @@ _EOF fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build target is a native Windows one" >&5 +printf %s "checking whether build target is a native Windows one... " >&6; } +if test ${curl_cv_native_windows+y} +then : + printf %s "(cached) " >&6 +else $as_nop + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + + +int main (void) +{ + +#ifdef _WIN32 + int dummy=1; +#else + Not a native Windows build target. +#endif + + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + + curl_cv_native_windows="yes" + +else $as_nop + + curl_cv_native_windows="no" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_native_windows" >&5 +printf "%s\n" "$curl_cv_native_windows" >&6; } + if test "x$curl_cv_native_windows" = xyes; then + DOING_NATIVE_WINDOWS_TRUE= + DOING_NATIVE_WINDOWS_FALSE='#' +else + DOING_NATIVE_WINDOWS_TRUE='#' + DOING_NATIVE_WINDOWS_FALSE= +fi + + + squeeze() { _sqz_result="" eval _sqz_input=\$$1 @@ -18519,11 +18508,6 @@ squeeze() { tmp_CFLAGS="$tmp_CFLAGS" ;; # - LCC) - # - tmp_CFLAGS="$tmp_CFLAGS -n" - ;; - # SGI_MIPS_C) # tmp_CFLAGS="$tmp_CFLAGS" @@ -19233,7 +19217,295 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} ac_var_added_warnings="" - for warning in no-multichar sign-compare; do + for warning in sign-compare; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + tmp_CFLAGS="$tmp_CFLAGS -Wno-multichar" + + ac_var_added_warnings="" + for warning in undef; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + tmp_CFLAGS="$tmp_CFLAGS -Wno-format-nonliteral" + + ac_var_added_warnings="" + for warning in endif-labels strict-prototypes; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + + ac_var_added_warnings="" + for warning in declaration-after-statement; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + + ac_var_added_warnings="" + for warning in cast-align; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + tmp_CFLAGS="$tmp_CFLAGS -Wno-system-headers" + + ac_var_added_warnings="" + for warning in shorten-64-to-32; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + # + if test "$compiler_num" -ge "101"; then + + ac_var_added_warnings="" + for warning in unused; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + fi + # + if test "$compiler_num" -ge "207"; then + + ac_var_added_warnings="" + for warning in address; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + + ac_var_added_warnings="" + for warning in attributes; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + + ac_var_added_warnings="" + for warning in bad-function-cast; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + + ac_var_added_warnings="" + for warning in conversion; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + + ac_var_added_warnings="" + for warning in div-by-zero format-security; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + + ac_var_added_warnings="" + for warning in empty-body; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + + ac_var_added_warnings="" + for warning in missing-field-initializers; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + + ac_var_added_warnings="" + for warning in missing-noreturn; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -19253,7 +19525,7 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} ac_var_added_warnings="" - for warning in undef; do + for warning in old-style-definition; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -19271,10 +19543,9 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" squeeze tmp_CFLAGS - tmp_CFLAGS="$tmp_CFLAGS -Wno-format-nonliteral" ac_var_added_warnings="" - for warning in endif-labels strict-prototypes; do + for warning in redundant-decls; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -19292,9 +19563,10 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" squeeze tmp_CFLAGS + # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [switch-enum]) # Not used because this basically disallows default case ac_var_added_warnings="" - for warning in declaration-after-statement; do + for warning in type-limits; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -19312,9 +19584,10 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" squeeze tmp_CFLAGS + # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unused-macros]) # Not practical ac_var_added_warnings="" - for warning in cast-align; do + for warning in unreachable-code unused-parameter; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -19332,10 +19605,12 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" squeeze tmp_CFLAGS - tmp_CFLAGS="$tmp_CFLAGS -Wno-system-headers" + fi + # + if test "$compiler_num" -ge "208"; then ac_var_added_warnings="" - for warning in shorten-64-to-32; do + for warning in ignored-qualifiers; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -19353,11 +19628,9 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" squeeze tmp_CFLAGS - # - if test "$compiler_num" -ge "101"; then ac_var_added_warnings="" - for warning in unused; do + for warning in vla; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -19377,10 +19650,10 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} fi # - if test "$compiler_num" -ge "208"; then + if test "$compiler_num" -ge "209"; then ac_var_added_warnings="" - for warning in vla; do + for warning in sign-conversion; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -19398,9 +19671,7 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" squeeze tmp_CFLAGS - fi - # - if test "$compiler_num" -ge "209"; then + tmp_CFLAGS="$tmp_CFLAGS -Wno-error=sign-conversion" # FIXME ac_var_added_warnings="" for warning in shift-sign-overflow; do @@ -19421,12 +19692,13 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" squeeze tmp_CFLAGS + # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [padded]) # Not used because we cannot change public structs fi # if test "$compiler_num" -ge "300"; then ac_var_added_warnings="" - for warning in bad-function-cast; do + for warning in language-extension-token; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -19444,9 +19716,13 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" squeeze tmp_CFLAGS + tmp_CFLAGS="$tmp_CFLAGS -Wformat=2" + fi + # + if test "$compiler_num" -ge "302"; then ac_var_added_warnings="" - for warning in conversion; do + for warning in enum-conversion; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -19466,7 +19742,7 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} ac_var_added_warnings="" - for warning in empty-body; do + for warning in sometimes-uninitialized; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -19484,9 +19760,13 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" squeeze tmp_CFLAGS + case $host_os in + cygwin* | mingw*) + ;; + *) ac_var_added_warnings="" - for warning in ignored-qualifiers; do + for warning in missing-variable-declarations; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -19504,9 +19784,14 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" squeeze tmp_CFLAGS + ;; + esac + fi + # + if test "$compiler_num" -ge "304"; then ac_var_added_warnings="" - for warning in type-limits; do + for warning in header-guard; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -19526,7 +19811,7 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} ac_var_added_warnings="" - for warning in no-sign-conversion; do + for warning in unused-const-variable; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -19546,34 +19831,10 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} fi # - if test "$compiler_num" -ge "302"; then - - ac_var_added_warnings="" - for warning in enum-conversion; do - - ac_var_match_word="no" - for word1 in $CFLAGS; do - for word2 in -Wno-$warning -W$warning; do - if test "$word1" = "$word2"; then - ac_var_match_word="yes" - fi - done - done - - if test "$ac_var_match_word" = "no"; then - ac_var_added_warnings="$ac_var_added_warnings -W$warning" - fi - done - tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" - squeeze tmp_CFLAGS - - case $host_os in - cygwin* | mingw*) - ;; - *) + if test "$compiler_num" -ge "305"; then ac_var_added_warnings="" - for warning in missing-variable-declarations; do + for warning in pragmas; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -19591,14 +19852,9 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" squeeze tmp_CFLAGS - ;; - esac - fi - # - if test "$compiler_num" -ge "304"; then ac_var_added_warnings="" - for warning in unused-const-variable; do + for warning in unreachable-code-break; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -19709,6 +19965,9 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" squeeze tmp_CFLAGS + fi + if test "$compiler_num" -ge "1000"; then + tmp_CFLAGS="$tmp_CFLAGS -Wimplicit-fallthrough" # we have silencing markup for clang 10.0 and above only fi fi tmp_CFLAGS="$tmp_CFLAGS -Wno-pointer-bool-conversion" @@ -19724,7 +19983,6 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} GNU_C) # if test "$want_warnings" = "yes"; then - tmp_CFLAGS="$tmp_CFLAGS -std=gnu89" # if test "x$cross_compiling" != "xyes" || test "$compiler_num" -ge "300"; then @@ -20030,6 +20288,158 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} if test "$compiler_num" -ge "400"; then tmp_CFLAGS="$tmp_CFLAGS -Wstrict-aliasing=3" fi + # + if test "$compiler_num" -ge "401"; then + + ac_var_added_warnings="" + for warning in attributes; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + + ac_var_added_warnings="" + for warning in div-by-zero format-security; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + + ac_var_added_warnings="" + for warning in missing-field-initializers; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + case $host in + *-*-msys*) + ;; + *) + + ac_var_added_warnings="" + for warning in missing-noreturn; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + # Seen to clash with libtool-generated stub code + ;; + esac + + ac_var_added_warnings="" + for warning in unreachable-code unused-parameter; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [padded]) # Not used because we cannot change public structs + + ac_var_added_warnings="" + for warning in pragmas; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + + ac_var_added_warnings="" + for warning in redundant-decls; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [switch-enum]) # Not used because this basically disallows default case + # CURL_ADD_COMPILER_WARNINGS([tmp_CFLAGS], [unused-macros]) # Not practical + fi # if test "$compiler_num" -ge "402"; then @@ -20056,6 +20466,26 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} # if test "$compiler_num" -ge "403"; then + ac_var_added_warnings="" + for warning in address; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + ac_var_added_warnings="" for warning in type-limits old-style-declaration; do @@ -20117,7 +20547,27 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} ac_var_added_warnings="" - for warning in conversion; do + for warning in conversion trampolines; do + + ac_var_match_word="no" + for word1 in $CFLAGS; do + for word2 in -Wno-$warning -W$warning; do + if test "$word1" = "$word2"; then + ac_var_match_word="yes" + fi + done + done + + if test "$ac_var_match_word" = "no"; then + ac_var_added_warnings="$ac_var_added_warnings -W$warning" + fi + done + tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" + squeeze tmp_CFLAGS + + + ac_var_added_warnings="" + for warning in sign-conversion; do ac_var_match_word="no" for word1 in $CFLAGS; do @@ -20135,7 +20585,7 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} tmp_CFLAGS="$tmp_CFLAGS $ac_var_added_warnings" squeeze tmp_CFLAGS - tmp_CFLAGS="$tmp_CFLAGS -Wno-sign-conversion" + tmp_CFLAGS="$tmp_CFLAGS -Wno-error=sign-conversion" # FIXME ac_var_added_warnings="" for warning in vla; do @@ -20160,7 +20610,7 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} fi # if test "$compiler_num" -ge "405"; then - if test "$curl_cv_have_def__WIN32" = "yes"; then + if test "$curl_cv_native_windows" = "yes"; then tmp_CFLAGS="$tmp_CFLAGS -Wno-pedantic-ms-format" fi fi @@ -20344,9 +20794,7 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} tmp_CFLAGS="$tmp_CFLAGS -Wformat-overflow=2" tmp_CFLAGS="$tmp_CFLAGS -Wformat-truncation=2" - if test "$compiler_num" -lt "1200"; then - tmp_CFLAGS="$tmp_CFLAGS -Wimplicit-fallthrough=4" - fi + tmp_CFLAGS="$tmp_CFLAGS -Wimplicit-fallthrough" fi # if test "$compiler_num" -ge "1000"; then @@ -20448,13 +20896,6 @@ printf "%s\n" "$as_me: WARNING: compiler options rejected: $tmp_options" >&2;} tmp_CFLAGS="$tmp_CFLAGS" ;; # - LCC) - # - if test "$want_warnings" = "yes"; then - tmp_CFLAGS="$tmp_CFLAGS" - fi - ;; - # SGI_MIPS_C) # if test "$want_warnings" = "yes"; then @@ -21099,243 +21540,10 @@ fi - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for windows.h" >&5 -printf %s "checking for windows.h... " >&6; } -if test ${curl_cv_header_windows_h+y} -then : - printf %s "(cached) " >&6 -else $as_nop - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include - -int main (void) -{ - -#if defined(__CYGWIN__) || defined(__CEGCC__) - HAVE_WINDOWS_H shall not be defined. -#else - int dummy=2*WINVER; -#endif - - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - - curl_cv_header_windows_h="yes" - -else $as_nop - - curl_cv_header_windows_h="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_windows_h" >&5 -printf "%s\n" "$curl_cv_header_windows_h" >&6; } - case "$curl_cv_header_windows_h" in - yes) - -printf "%s\n" "#define HAVE_WINDOWS_H 1" >>confdefs.h - - ;; - esac - - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build target is a native Windows one" >&5 -printf %s "checking whether build target is a native Windows one... " >&6; } -if test ${curl_cv_native_windows+y} -then : - printf %s "(cached) " >&6 -else $as_nop - - if test "$curl_cv_header_windows_h" = "no"; then - curl_cv_native_windows="no" - else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - - -int main (void) -{ - -#if defined(__MINGW32__) || defined(__MINGW32CE__) || \ - (defined(_MSC_VER) && (defined(_WIN32) || defined(_WIN64))) - int dummy=1; -#else - Not a native Windows build target. -#endif - - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - - curl_cv_native_windows="yes" - -else $as_nop - - curl_cv_native_windows="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - fi - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_native_windows" >&5 -printf "%s\n" "$curl_cv_native_windows" >&6; } - if test "x$curl_cv_native_windows" = xyes; then - DOING_NATIVE_WINDOWS_TRUE= - DOING_NATIVE_WINDOWS_FALSE='#' -else - DOING_NATIVE_WINDOWS_TRUE='#' - DOING_NATIVE_WINDOWS_FALSE= -fi - - -case X-"$curl_cv_native_windows" in - X-yes) - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for winsock2.h" >&5 -printf %s "checking for winsock2.h... " >&6; } -if test ${curl_cv_header_winsock2_h+y} -then : - printf %s "(cached) " >&6 -else $as_nop - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#include - -int main (void) -{ - -#if defined(__CYGWIN__) || defined(__CEGCC__) || defined(__MINGW32CE__) - HAVE_WINSOCK2_H shall not be defined. -#else - int dummy=2*IPPROTO_ESP; -#endif - - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - - curl_cv_header_winsock2_h="yes" - -else $as_nop - - curl_cv_header_winsock2_h="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_winsock2_h" >&5 -printf "%s\n" "$curl_cv_header_winsock2_h" >&6; } - case "$curl_cv_header_winsock2_h" in - yes) - -printf "%s\n" "#define HAVE_WINSOCK2_H 1" >>confdefs.h - - ;; - esac - - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ws2tcpip.h" >&5 -printf %s "checking for ws2tcpip.h... " >&6; } -if test ${curl_cv_header_ws2tcpip_h+y} -then : - printf %s "(cached) " >&6 -else $as_nop - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#include -#include - -int main (void) -{ - -#if defined(__CYGWIN__) || defined(__CEGCC__) || defined(__MINGW32CE__) - HAVE_WS2TCPIP_H shall not be defined. -#else - int dummy=2*IP_PKTINFO; -#endif - - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - - curl_cv_header_ws2tcpip_h="yes" - -else $as_nop - - curl_cv_header_ws2tcpip_h="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_ws2tcpip_h" >&5 -printf "%s\n" "$curl_cv_header_ws2tcpip_h" >&6; } - case "$curl_cv_header_ws2tcpip_h" in - yes) - -printf "%s\n" "#define HAVE_WS2TCPIP_H 1" >>confdefs.h - - ;; - esac - - ;; - *) - curl_cv_header_winsock2_h="no" - curl_cv_header_ws2tcpip_h="no" - ;; -esac - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build target supports WIN32 file API" >&5 printf %s "checking whether build target supports WIN32 file API... " >&6; } curl_win32_file_api="no" - if test "$curl_cv_header_windows_h" = "yes"; then + if test "$curl_cv_native_windows" = "yes"; then if test x"$enable_largefile" != "xno"; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -21345,9 +21553,7 @@ printf %s "checking whether build target supports WIN32 file API... " >&6; } int main (void) { -#if !defined(_WIN32_WCE) && \ - (defined(__MINGW32__) || \ - (defined(_MSC_VER) && (defined(_WIN32) || defined(_WIN64)))) +#if !defined(_WIN32_WCE) && (defined(__MINGW32__) || defined(_MSC_VER)) int dummy=1; #else WIN32 large file API not supported. @@ -21424,7 +21630,7 @@ printf "%s\n" "no" >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build target supports WIN32 crypto API" >&5 printf %s "checking whether build target supports WIN32 crypto API... " >&6; } curl_win32_crypto_api="no" - if test "$curl_cv_header_windows_h" = "yes"; then + if test "$curl_cv_native_windows" = "yes"; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -22065,7 +22271,6 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Hyper support is experimental" >&5 printf "%s\n" "$as_me: Hyper support is experimental" >&6;} curl_h1_msg="enabled (Hyper)" - curl_h2_msg=$curl_h1_msg HYPER_ENABLED=1 printf "%s\n" "#define USE_HYPER 1" >>confdefs.h @@ -22694,10 +22899,8 @@ fi if test "$HAVE_GETHOSTBYNAME" != "1" then - if test "$curl_cv_header_windows_h" = "yes"; then - if test "$curl_cv_header_winsock2_h" = "yes"; then - winsock_LIB="-lws2_32" - fi + if test "$curl_cv_native_windows" = "yes"; then + winsock_LIB="-lws2_32" if test ! -z "$winsock_LIB"; then my_ac_save_LIBS=$LIBS LIBS="$winsock_LIB $LIBS" @@ -22707,15 +22910,12 @@ printf %s "checking for gethostbyname in $winsock_LIB... " >&6; } /* end confdefs.h. */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include #endif -#endif int main (void) { @@ -22926,20 +23126,17 @@ fi curl_includes_winsock2="\ /* includes start */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # ifndef WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN # endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# endif +# include #endif /* includes end */" - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for windows.h" >&5 -printf %s "checking for windows.h... " >&6; } -if test ${curl_cv_header_windows_h+y} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build target is a native Windows one" >&5 +printf %s "checking whether build target is a native Windows one... " >&6; } +if test ${curl_cv_native_windows+y} then : printf %s "(cached) " >&6 else $as_nop @@ -22948,19 +23145,14 @@ else $as_nop /* end confdefs.h. */ -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include int main (void) { -#if defined(__CYGWIN__) || defined(__CEGCC__) - HAVE_WINDOWS_H shall not be defined. +#ifdef _WIN32 + int dummy=1; #else - int dummy=2*WINVER; + Not a native Windows build target. #endif ; @@ -22971,81 +23163,26 @@ _ACEOF if ac_fn_c_try_compile "$LINENO" then : - curl_cv_header_windows_h="yes" + curl_cv_native_windows="yes" else $as_nop - curl_cv_header_windows_h="no" + curl_cv_native_windows="no" fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_windows_h" >&5 -printf "%s\n" "$curl_cv_header_windows_h" >&6; } - case "$curl_cv_header_windows_h" in - yes) - -printf "%s\n" "#define HAVE_WINDOWS_H 1" >>confdefs.h - - ;; - esac - - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for winsock2.h" >&5 -printf %s "checking for winsock2.h... " >&6; } -if test ${curl_cv_header_winsock2_h+y} -then : - printf %s "(cached) " >&6 -else $as_nop - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#include - -int main (void) -{ - -#if defined(__CYGWIN__) || defined(__CEGCC__) || defined(__MINGW32CE__) - HAVE_WINSOCK2_H shall not be defined. -#else - int dummy=2*IPPROTO_ESP; -#endif - - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - - curl_cv_header_winsock2_h="yes" - -else $as_nop - - curl_cv_header_winsock2_h="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_native_windows" >&5 +printf "%s\n" "$curl_cv_native_windows" >&6; } + if test "x$curl_cv_native_windows" = xyes; then + DOING_NATIVE_WINDOWS_TRUE= + DOING_NATIVE_WINDOWS_FALSE='#' +else + DOING_NATIVE_WINDOWS_TRUE='#' + DOING_NATIVE_WINDOWS_FALSE= fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_winsock2_h" >&5 -printf "%s\n" "$curl_cv_header_winsock2_h" >&6; } - case "$curl_cv_header_winsock2_h" in - yes) -printf "%s\n" "#define HAVE_WINSOCK2_H 1" >>confdefs.h - - ;; - esac @@ -23089,7 +23226,7 @@ printf %s "checking for connect in libraries... " >&6; } $curl_includes_winsock2 $curl_includes_bsdsocket - #if !defined(HAVE_WINDOWS_H) && !defined(HAVE_PROTO_BSDSOCKET_H) + #if !defined(_WIN32) && !defined(HAVE_PROTO_BSDSOCKET_H) int connect(int, void*, int); #endif @@ -24369,7 +24506,7 @@ else $as_nop #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif @@ -24421,7 +24558,7 @@ printf "%s\n" "#define HAVE_LBER_H 1" >>confdefs.h #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif @@ -24485,7 +24622,7 @@ else $as_nop #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif @@ -24550,7 +24687,7 @@ else $as_nop #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif @@ -24709,7 +24846,7 @@ printf %s "checking for LDAP libraries... " >&6; } #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif @@ -24939,7 +25076,7 @@ else $as_nop /* are AF_INET6 and sockaddr_in6 available? */ #include -#ifdef HAVE_WINSOCK2_H +#ifdef _WIN32 #include #include #else @@ -24949,15 +25086,12 @@ else $as_nop # include #endif #endif -#include /* for exit() */ -main() + +int main(void) { struct sockaddr_in6 s; (void)s; - if (socket(AF_INET6, SOCK_STREAM, 0) < 0) - exit(1); - else - exit(0); + return socket(AF_INET6, SOCK_STREAM, 0) < 0; } @@ -24993,7 +25127,7 @@ printf %s "checking if struct sockaddr_in6 has sin6_scope_id member... " >&6; } /* end confdefs.h. */ #include -#ifdef HAVE_WINSOCK2_H +#ifdef _WIN32 #include #include #else @@ -25527,10 +25661,6 @@ done if test "x$ac_cv_header_gssapi_h" = xyes then : - -printf "%s\n" "#define HAVE_GSSHEIMDAL 1" >>confdefs.h - - else $as_nop want_gss=no @@ -25541,10 +25671,7 @@ printf "%s\n" "$as_me: WARNING: disabling GSS-API support since no header files fi else - -printf "%s\n" "#define HAVE_GSSMIT 1" >>confdefs.h - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if GSS-API headers declare GSS_C_NT_HOSTBASED_SERVICE" >&5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if GSS-API headers declare GSS_C_NT_HOSTBASED_SERVICE" >&5 printf %s "checking if GSS-API headers declare GSS_C_NT_HOSTBASED_SERVICE... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -26090,7 +26217,7 @@ int main (void) { #if defined(AMISSL_CURRENT_VERSION) && defined(AMISSL_V3xx) && \ - defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) && \ + (OPENSSL_VERSION_NUMBER >= 0x30000000L) && \ defined(PROTO_AMISSL_H) return 0; #else @@ -26827,6 +26954,7 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } ssl_msg="BoringSSL" + OPENSSL_IS_BORINGSSL=1 else $as_nop @@ -26862,6 +26990,7 @@ then : { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 printf "%s\n" "yes" >&6; } ssl_msg="AWS-LC" + OPENSSL_IS_BORINGSSL=1 else $as_nop @@ -26918,7 +27047,7 @@ printf %s "checking for OpenSSL >= v3... " >&6; } int main (void) { - #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) + #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) return 0; #else #error older than 3 @@ -26948,6 +27077,25 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi + + for ac_func in SSL_set_quic_use_legacy_codepoint +do : + ac_fn_c_check_func "$LINENO" "SSL_set_quic_use_legacy_codepoint" "ac_cv_func_SSL_set_quic_use_legacy_codepoint" +if test "x$ac_cv_func_SSL_set_quic_use_legacy_codepoint" = xyes +then : + printf "%s\n" "#define HAVE_SSL_SET_QUIC_USE_LEGACY_CODEPOINT 1" >>confdefs.h + QUIC_ENABLED=yes +fi + +done + if test "$QUIC_ENABLED" = "yes"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: OpenSSL fork speaks QUIC API" >&5 +printf "%s\n" "$as_me: OpenSSL fork speaks QUIC API" >&6;} + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: OpenSSL version does not speak QUIC API" >&5 +printf "%s\n" "$as_me: OpenSSL version does not speak QUIC API" >&6;} + fi + if test "$OPENSSL_ENABLED" = "1"; then if test -n "$LIB_OPENSSL"; then if test "x$cross_compiling" != "xyes"; then @@ -27078,6 +27226,45 @@ fi fi +if test "$OPENSSL_ENABLED" = "1"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for QUIC support in OpenSSL" >&5 +printf %s "checking for QUIC support in OpenSSL... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +#include + +int main (void) +{ + + OSSL_QUIC_client_method(); + + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + +printf "%s\n" "#define HAVE_OPENSSL_QUIC 1" >>confdefs.h + + HAVE_OPENSSL_QUIC=1 + + +else $as_nop + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +fi if test "x$OPT_GNUTLS" != xno; then @@ -27323,6 +27510,7 @@ printf "%s\n" "#define USE_GNUTLS 1" >>confdefs.h GNUTLS_ENABLED=1 USE_GNUTLS="yes" ssl_msg="GnuTLS" + QUIC_ENABLED=yes test gnutls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes else $as_nop @@ -27914,6 +28102,7 @@ printf "%s\n" "#define USE_WOLFSSL 1" >>confdefs.h WOLFSSL_ENABLED=1 USE_WOLFSSL="yes" ssl_msg="WolfSSL" + QUIC_ENABLED=yes test wolfssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes else $as_nop @@ -28606,6 +28795,7 @@ else $as_nop with_libpsl=yes fi +curl_psl_msg="no (libpsl disabled)" if test $with_libpsl != "no"; then { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing psl_builtin" >&5 printf %s "checking for library containing psl_builtin... " >&6; } @@ -28669,10 +28859,7 @@ printf "%s\n" "#define USE_LIBPSL 1" >>confdefs.h else $as_nop - curl_psl_msg="no (libpsl not found)"; - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: libpsl was not found" >&5 -printf "%s\n" "$as_me: WARNING: libpsl was not found" >&2;} - + as_fn_error $? "libpsl was not found" "$LINENO" 5 fi @@ -30634,6 +30821,11 @@ esac curl_tcp2_msg="no (--with-ngtcp2)" if test X"$want_tcp2" != Xno; then + + if test "$QUIC_ENABLED" != "yes"; then + as_fn_error $? "the detected TLS library does not support QUIC, making --with-ngtcp2 a no-no" "$LINENO" 5 + fi + CLEANLDFLAGS="$LDFLAGS" CLEANCPPFLAGS="$CPPFLAGS" CLEANLIBS="$LIBS" @@ -30887,7 +31079,7 @@ fi fi -if test "x$NGTCP2_ENABLED" = "x1" -a "x$OPENSSL_ENABLED" = "x1"; then +if test "x$NGTCP2_ENABLED" = "x1" -a "x$OPENSSL_ENABLED" = "x1" -a "x$OPENSSL_IS_BORINGSSL" != "x1"; then CLEANLDFLAGS="$LDFLAGS" CLEANCPPFLAGS="$CPPFLAGS" CLEANLIBS="$LIBS" @@ -31140,6 +31332,259 @@ fi fi fi +if test "x$NGTCP2_ENABLED" = "x1" -a "x$OPENSSL_ENABLED" = "x1" -a "x$OPENSSL_IS_BORINGSSL" = "x1"; then + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + + if test -n "$PKG_CONFIG"; then + PKGCONFIG="$PKG_CONFIG" + else + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_PKGCONFIG+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$PATH:/usr/bin:/usr/local/bin" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_PKGCONFIG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKGCONFIG=$ac_cv_path_PKGCONFIG +if test -n "$PKGCONFIG"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5 +printf "%s\n" "$PKGCONFIG" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKGCONFIG"; then + ac_pt_PKGCONFIG=$PKGCONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_ac_pt_PKGCONFIG+y} +then : + printf %s "(cached) " >&6 +else $as_nop + case $ac_pt_PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$PATH:/usr/bin:/usr/local/bin" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKGCONFIG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG +if test -n "$ac_pt_PKGCONFIG"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5 +printf "%s\n" "$ac_pt_PKGCONFIG" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + if test "x$ac_pt_PKGCONFIG" = x; then + PKGCONFIG="no" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKGCONFIG=$ac_pt_PKGCONFIG + fi +else + PKGCONFIG="$ac_cv_path_PKGCONFIG" +fi + + fi + + if test "x$PKGCONFIG" != "xno"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libngtcp2_crypto_boringssl options with pkg-config" >&5 +printf %s "checking for libngtcp2_crypto_boringssl options with pkg-config... " >&6; } + itexists=` + if test -n "$want_tcp2_path"; then + PKG_CONFIG_LIBDIR="$want_tcp2_path" + export PKG_CONFIG_LIBDIR + fi + $PKGCONFIG --exists libngtcp2_crypto_boringssl >/dev/null 2>&1 && echo 1` + + if test -z "$itexists"; then + PKGCONFIG="no" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: found" >&5 +printf "%s\n" "found" >&6; } + fi + fi + + + if test "$PKGCONFIG" != "no" ; then + LIB_NGTCP2_CRYPTO_BORINGSSL=` + if test -n "$want_tcp2_path"; then + PKG_CONFIG_LIBDIR="$want_tcp2_path" + export PKG_CONFIG_LIBDIR + fi + + $PKGCONFIG --libs-only-l libngtcp2_crypto_boringssl` + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: -l is $LIB_NGTCP2_CRYPTO_BORINGSSL" >&5 +printf "%s\n" "$as_me: -l is $LIB_NGTCP2_CRYPTO_BORINGSSL" >&6;} + + CPP_NGTCP2_CRYPTO_BORINGSSL=` + if test -n "$want_tcp2_path"; then + PKG_CONFIG_LIBDIR="$want_tcp2_path" + export PKG_CONFIG_LIBDIR + fi + $PKGCONFIG --cflags-only-I libngtcp2_crypto_boringssl` + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: -I is $CPP_NGTCP2_CRYPTO_BORINGSSL" >&5 +printf "%s\n" "$as_me: -I is $CPP_NGTCP2_CRYPTO_BORINGSSL" >&6;} + + LD_NGTCP2_CRYPTO_BORINGSSL=` + if test -n "$want_tcp2_path"; then + PKG_CONFIG_LIBDIR="$want_tcp2_path" + export PKG_CONFIG_LIBDIR + fi + + $PKGCONFIG --libs-only-L libngtcp2_crypto_boringssl` + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: -L is $LD_NGTCP2_CRYPTO_BORINGSSL" >&5 +printf "%s\n" "$as_me: -L is $LD_NGTCP2_CRYPTO_BORINGSSL" >&6;} + + LDFLAGS="$LDFLAGS $LD_NGTCP2_CRYPTO_BORINGSSL" + CPPFLAGS="$CPPFLAGS $CPP_NGTCP2_CRYPTO_BORINGSSL" + LIBS="$LIB_NGTCP2_CRYPTO_BORINGSSL $LIBS" + + if test "x$cross_compiling" != "xyes"; then + DIR_NGTCP2_CRYPTO_BORINGSSL=`echo $LD_NGTCP2_CRYPTO_BORINGSSL | $SED -e 's/^-L//'` + fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ngtcp2_crypto_recv_client_initial_cb in -lngtcp2_crypto_boringssl" >&5 +printf %s "checking for ngtcp2_crypto_recv_client_initial_cb in -lngtcp2_crypto_boringssl... " >&6; } +if test ${ac_cv_lib_ngtcp2_crypto_boringssl_ngtcp2_crypto_recv_client_initial_cb+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lngtcp2_crypto_boringssl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +#ifdef __cplusplus +extern "C" +#endif +char ngtcp2_crypto_recv_client_initial_cb (); +int main (void) +{ +return ngtcp2_crypto_recv_client_initial_cb (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_ngtcp2_crypto_boringssl_ngtcp2_crypto_recv_client_initial_cb=yes +else $as_nop + ac_cv_lib_ngtcp2_crypto_boringssl_ngtcp2_crypto_recv_client_initial_cb=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ngtcp2_crypto_boringssl_ngtcp2_crypto_recv_client_initial_cb" >&5 +printf "%s\n" "$ac_cv_lib_ngtcp2_crypto_boringssl_ngtcp2_crypto_recv_client_initial_cb" >&6; } +if test "x$ac_cv_lib_ngtcp2_crypto_boringssl_ngtcp2_crypto_recv_client_initial_cb" = xyes +then : + + for ac_header in ngtcp2/ngtcp2_crypto.h +do : + ac_fn_c_check_header_compile "$LINENO" "ngtcp2/ngtcp2_crypto.h" "ac_cv_header_ngtcp2_ngtcp2_crypto_h" "$ac_includes_default" +if test "x$ac_cv_header_ngtcp2_ngtcp2_crypto_h" = xyes +then : + printf "%s\n" "#define HAVE_NGTCP2_NGTCP2_CRYPTO_H 1" >>confdefs.h + NGTCP2_ENABLED=1 + +printf "%s\n" "#define USE_NGTCP2_CRYPTO_BORINGSSL 1" >>confdefs.h + + USE_NGTCP2_CRYPTO_BORINGSSL=1 + + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_BORINGSSL" + export CURL_LIBRARY_PATH + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Added $DIR_NGTCP2_CRYPTO_BORINGSSL to CURL_LIBRARY_PATH" >&5 +printf "%s\n" "$as_me: Added $DIR_NGTCP2_CRYPTO_BORINGSSL to CURL_LIBRARY_PATH" >&6;} + +fi + +done + +else $as_nop + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + +fi + + + else + if test X"$want_tcp2" != Xdefault; then + as_fn_error $? "--with-ngtcp2 was specified but could not find ngtcp2_crypto_boringssl pkg-config file." "$LINENO" 5 + fi + fi +fi + if test "x$NGTCP2_ENABLED" = "x1" -a "x$GNUTLS_ENABLED" = "x1"; then CLEANLDFLAGS="$LDFLAGS" CLEANCPPFLAGS="$CPPFLAGS" @@ -31647,10 +32092,50 @@ fi fi +OPT_OPENSSL_QUIC="no" + +if test "x$disable_http" = "xyes" -o "x$OPENSSL_ENABLED" != "x1"; then + # without HTTP or without openssl, no use + OPT_OPENSSL_QUIC="no" +fi + + +# Check whether --with-openssl-quic was given. +if test ${with_openssl_quic+y} +then : + withval=$with_openssl_quic; OPT_OPENSSL_QUIC=$withval +fi + +case "$OPT_OPENSSL_QUIC" in + no) + want_openssl_quic="no" + ;; + yes) + want_openssl_quic="yes" + ;; +esac + +curl_openssl_quic_msg="no (--with-openssl-quic)" +if test "x$want_openssl_quic" = "xyes"; then + + if test "$NGTCP2_ENABLED" = 1; then + as_fn_error $? "--with-openssl-quic and --with-ngtcp2 are mutually exclusive" "$LINENO" 5 + fi + if test "$HAVE_OPENSSL_QUIC" != 1; then + as_fn_error $? "--with-openssl-quic requires quic support in OpenSSL" "$LINENO" 5 + fi + +printf "%s\n" "#define USE_OPENSSL_QUIC 1" >>confdefs.h + + USE_OPENSSL_QUIC=1 + +fi + + OPT_NGHTTP3="yes" -if test "x$NGTCP2_ENABLED" = "x"; then - # without ngtcp2, nghttp3 is of no use for us +if test "x$USE_NGTCP2" = "x" -a "$USE_OPENSSL_QUIC" = "x"; then + # without ngtcp2 or openssl quic, nghttp3 is of no use for us OPT_NGHTTP3="no" fi @@ -31677,6 +32162,7 @@ esac curl_http3_msg="no (--with-nghttp3)" if test X"$want_nghttp3" != Xno; then + CLEANLDFLAGS="$LDFLAGS" CLEANCPPFLAGS="$CPPFLAGS" CLEANLIBS="$LIBS" @@ -31899,8 +32385,6 @@ do : if test "x$ac_cv_header_nghttp3_nghttp3_h" = xyes then : printf "%s\n" "#define HAVE_NGHTTP3_NGHTTP3_H 1" >>confdefs.h - curl_h3_msg="enabled (ngtcp2 + nghttp3)" - NGHTTP3_ENABLED=1 printf "%s\n" "#define USE_NGHTTP3 1" >>confdefs.h @@ -31910,7 +32394,6 @@ printf "%s\n" "#define USE_NGHTTP3 1" >>confdefs.h export CURL_LIBRARY_PATH { printf "%s\n" "$as_me:${as_lineno-$LINENO}: Added $DIR_NGHTTP3 to CURL_LIBRARY_PATH" >&5 printf "%s\n" "$as_me: Added $DIR_NGHTTP3 to CURL_LIBRARY_PATH" >&6;} - experimental="$experimental HTTP3" fi @@ -31933,6 +32416,31 @@ fi fi +if test "x$NGTCP2_ENABLED" = "x1" -a "x$USE_NGHTTP3" = "x1"; then + +printf "%s\n" "#define USE_NGTCP2_H3 1" >>confdefs.h + + USE_NGTCP2_H3=1 + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: HTTP3 support is experimental" >&5 +printf "%s\n" "$as_me: HTTP3 support is experimental" >&6;} + curl_h3_msg="enabled (ngtcp2 + nghttp3)" +fi + + +if test "x$USE_OPENSSL_QUIC" = "x1" -a "x$USE_NGHTTP3" = "x1"; then + experimental="$experimental HTTP3" + +printf "%s\n" "#define USE_OPENSSL_H3 1" >>confdefs.h + + USE_OPENSSL_H3=1 + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: HTTP3 support is experimental" >&5 +printf "%s\n" "$as_me: HTTP3 support is experimental" >&6;} + curl_h3_msg="enabled (openssl + nghttp3)" +fi + + OPT_QUICHE="no" if test "x$disable_http" = "xyes" -o "x$USE_NGTCP" = "x1"; then @@ -31963,6 +32471,10 @@ esac if test X"$want_quiche" != Xno; then + if test "$QUIC_ENABLED" != "yes"; then + as_fn_error $? "the detected TLS library does not support QUIC, making --with-quiche a no-no" "$LINENO" 5 + fi + if test "$NGHTTP3_ENABLED" = 1; then as_fn_error $? "--with-quiche and --with-ngtcp2 are mutually exclusive" "$LINENO" 5 fi @@ -32262,9 +32774,21 @@ esac if test X"$want_msh3" != Xno; then + if test "$curl_cv_native_windows" != "yes"; then + if test "$QUIC_ENABLED" != "yes"; then + as_fn_error $? "the detected TLS library does not support QUIC, making --with-msh3 a no-no" "$LINENO" 5 + fi + if test "$OPENSSL_ENABLED" != "1"; then + as_fn_error $? "msh3 requires OpenSSL" "$LINENO" 5 + fi + fi + if test "$NGHTTP3_ENABLED" = 1; then as_fn_error $? "--with-msh3 and --with-ngtcp2 are mutually exclusive" "$LINENO" 5 fi + if test "$QUICHE_ENABLED" = 1; then + as_fn_error $? "--with-msh3 and --with-quiche are mutually exclusive" "$LINENO" 5 + fi CLEANLDFLAGS="$LDFLAGS" CLEANCPPFLAGS="$CPPFLAGS" @@ -33771,114 +34295,6 @@ printf "%s\n" "#define const /**/" >>confdefs.h fi - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for compiler support of C99 variadic macro style" >&5 -printf %s "checking for compiler support of C99 variadic macro style... " >&6; } -if test ${curl_cv_variadic_macros_c99+y} -then : - printf %s "(cached) " >&6 -else $as_nop - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -#define c99_vmacro3(first, ...) fun3(first, __VA_ARGS__) -#define c99_vmacro2(first, ...) fun2(first, __VA_ARGS__) - int fun3(int arg1, int arg2, int arg3); - int fun2(int arg1, int arg2); - int fun3(int arg1, int arg2, int arg3) - { return arg1 + arg2 + arg3; } - int fun2(int arg1, int arg2) - { return arg1 + arg2; } - -int main (void) -{ - - int res3 = c99_vmacro3(1, 2, 3); - int res2 = c99_vmacro2(1, 2); - - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - - curl_cv_variadic_macros_c99="yes" - -else $as_nop - - curl_cv_variadic_macros_c99="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_variadic_macros_c99" >&5 -printf "%s\n" "$curl_cv_variadic_macros_c99" >&6; } - case "$curl_cv_variadic_macros_c99" in - yes) - -printf "%s\n" "#define HAVE_VARIADIC_MACROS_C99 1" >>confdefs.h - - ;; - esac - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for compiler support of old gcc variadic macro style" >&5 -printf %s "checking for compiler support of old gcc variadic macro style... " >&6; } -if test ${curl_cv_variadic_macros_gcc+y} -then : - printf %s "(cached) " >&6 -else $as_nop - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -#define gcc_vmacro3(first, args...) fun3(first, args) -#define gcc_vmacro2(first, args...) fun2(first, args) - int fun3(int arg1, int arg2, int arg3); - int fun2(int arg1, int arg2); - int fun3(int arg1, int arg2, int arg3) - { return arg1 + arg2 + arg3; } - int fun2(int arg1, int arg2) - { return arg1 + arg2; } - -int main (void) -{ - - int res3 = gcc_vmacro3(1, 2, 3); - int res2 = gcc_vmacro2(1, 2); - - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - - curl_cv_variadic_macros_gcc="yes" - -else $as_nop - - curl_cv_variadic_macros_gcc="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_variadic_macros_gcc" >&5 -printf "%s\n" "$curl_cv_variadic_macros_gcc" >&6; } - case "$curl_cv_variadic_macros_gcc" in - yes) - -printf "%s\n" "#define HAVE_VARIADIC_MACROS_GCC 1" >>confdefs.h - - ;; - esac - ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" if test "x$ac_cv_type_size_t" = xyes then : @@ -33922,15 +34338,12 @@ else $as_nop #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include #endif -#endif #ifdef HAVE_SYS_TYPES_H #include #endif @@ -34477,6 +34890,12 @@ else $as_nop # The windows name? ac_fn_c_check_type "$LINENO" "ADDRESS_FAMILY" "ac_cv_type_ADDRESS_FAMILY" " +#ifdef _WIN32 +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#endif #ifdef HAVE_SYS_SOCKET_H #include #endif @@ -34604,100 +35023,13 @@ fi -curl_includes_poll="\ -/* includes start */ -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#ifdef HAVE_POLL_H -# include -#endif -#ifdef HAVE_SYS_POLL_H -# include -#endif -/* includes end */" - ac_fn_c_check_header_compile "$LINENO" "sys/types.h" "ac_cv_header_sys_types_h" "$curl_includes_poll -" -if test "x$ac_cv_header_sys_types_h" = xyes -then : - printf "%s\n" "#define HAVE_SYS_TYPES_H 1" >>confdefs.h - -fi -ac_fn_c_check_header_compile "$LINENO" "poll.h" "ac_cv_header_poll_h" "$curl_includes_poll -" -if test "x$ac_cv_header_poll_h" = xyes -then : - printf "%s\n" "#define HAVE_POLL_H 1" >>confdefs.h - -fi -ac_fn_c_check_header_compile "$LINENO" "sys/poll.h" "ac_cv_header_sys_poll_h" "$curl_includes_poll -" -if test "x$ac_cv_header_sys_poll_h" = xyes -then : - printf "%s\n" "#define HAVE_SYS_POLL_H 1" >>confdefs.h - -fi - - - - # - tst_poll_events_macro_defined="unknown" - # - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - - $curl_includes_poll - -int main (void) -{ - -#if defined(events) || defined(revents) - return 0; -#else - force compilation error -#endif - - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - - tst_poll_events_macro_defined="yes" - -else $as_nop - - tst_poll_events_macro_defined="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - # - if test "$tst_poll_events_macro_defined" = "yes"; then - if test "x$ac_cv_header_sys_poll_h" = "xyes"; then - -cat >>confdefs.h <<_EOF -#define CURL_PULL_SYS_POLL_H 1 -_EOF - - fi - fi - # - - - ac_fn_c_check_type "$LINENO" "in_addr_t" "ac_cv_type_in_addr_t" " #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else #ifdef HAVE_SYS_TYPES_H #include @@ -34734,14 +35066,11 @@ else $as_nop #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else #ifdef HAVE_SYS_TYPES_H #include @@ -34799,14 +35128,11 @@ fi ac_fn_c_check_type "$LINENO" "struct sockaddr_storage" "ac_cv_type_struct_sockaddr_storage" " #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else #ifdef HAVE_SYS_TYPES_H #include @@ -34854,15 +35180,12 @@ printf %s "checking for select... " >&6; } #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include #endif -#endif #ifdef HAVE_SYS_TYPES_H #include #endif @@ -34870,7 +35193,7 @@ printf %s "checking for select... " >&6; } #include #endif #include -#ifndef HAVE_WINDOWS_H +#ifndef _WIN32 #ifdef HAVE_SYS_SELECT_H #include #elif defined(HAVE_UNISTD_H) @@ -34939,14 +35262,11 @@ printf %s "checking for recv... " >&6; } #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else $curl_includes_bsdsocket #ifdef HAVE_SYS_TYPES_H @@ -35015,14 +35335,11 @@ printf %s "checking for send... " >&6; } #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else $curl_includes_bsdsocket #ifdef HAVE_SYS_TYPES_H @@ -35095,14 +35412,11 @@ else $as_nop #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else #ifdef HAVE_SYS_TYPES_H #include @@ -36135,78 +36449,18 @@ printf "%s\n" "no" >&6; } curl_includes_ws2tcpip="\ /* includes start */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # ifndef WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN # endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# ifdef HAVE_WS2TCPIP_H -# include -# endif -# endif +# include +# include #endif /* includes end */" - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for windows.h" >&5 -printf %s "checking for windows.h... " >&6; } -if test ${curl_cv_header_windows_h+y} -then : - printf %s "(cached) " >&6 -else $as_nop - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include - -int main (void) -{ - -#if defined(__CYGWIN__) || defined(__CEGCC__) - HAVE_WINDOWS_H shall not be defined. -#else - int dummy=2*WINVER; -#endif - - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - - curl_cv_header_windows_h="yes" - -else $as_nop - - curl_cv_header_windows_h="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_windows_h" >&5 -printf "%s\n" "$curl_cv_header_windows_h" >&6; } - case "$curl_cv_header_windows_h" in - yes) - -printf "%s\n" "#define HAVE_WINDOWS_H 1" >>confdefs.h - - ;; - esac - - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for winsock2.h" >&5 -printf %s "checking for winsock2.h... " >&6; } -if test ${curl_cv_header_winsock2_h+y} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build target is a native Windows one" >&5 +printf %s "checking whether build target is a native Windows one... " >&6; } +if test ${curl_cv_native_windows+y} then : printf %s "(cached) " >&6 else $as_nop @@ -36215,20 +36469,14 @@ else $as_nop /* end confdefs.h. */ -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#include int main (void) { -#if defined(__CYGWIN__) || defined(__CEGCC__) || defined(__MINGW32CE__) - HAVE_WINSOCK2_H shall not be defined. +#ifdef _WIN32 + int dummy=1; #else - int dummy=2*IPPROTO_ESP; + Not a native Windows build target. #endif ; @@ -36239,82 +36487,26 @@ _ACEOF if ac_fn_c_try_compile "$LINENO" then : - curl_cv_header_winsock2_h="yes" + curl_cv_native_windows="yes" else $as_nop - curl_cv_header_winsock2_h="no" + curl_cv_native_windows="no" fi rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_winsock2_h" >&5 -printf "%s\n" "$curl_cv_header_winsock2_h" >&6; } - case "$curl_cv_header_winsock2_h" in - yes) - -printf "%s\n" "#define HAVE_WINSOCK2_H 1" >>confdefs.h - - ;; - esac - - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ws2tcpip.h" >&5 -printf %s "checking for ws2tcpip.h... " >&6; } -if test ${curl_cv_header_ws2tcpip_h+y} -then : - printf %s "(cached) " >&6 -else $as_nop - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#include -#include - -int main (void) -{ - -#if defined(__CYGWIN__) || defined(__CEGCC__) || defined(__MINGW32CE__) - HAVE_WS2TCPIP_H shall not be defined. -#else - int dummy=2*IP_PKTINFO; -#endif - - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - - curl_cv_header_ws2tcpip_h="yes" - -else $as_nop - - curl_cv_header_ws2tcpip_h="no" - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_native_windows" >&5 +printf "%s\n" "$curl_cv_native_windows" >&6; } + if test "x$curl_cv_native_windows" = xyes; then + DOING_NATIVE_WINDOWS_TRUE= + DOING_NATIVE_WINDOWS_FALSE='#' +else + DOING_NATIVE_WINDOWS_TRUE='#' + DOING_NATIVE_WINDOWS_FALSE= fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $curl_cv_header_ws2tcpip_h" >&5 -printf "%s\n" "$curl_cv_header_ws2tcpip_h" >&6; } - case "$curl_cv_header_ws2tcpip_h" in - yes) -printf "%s\n" "#define HAVE_WS2TCPIP_H 1" >>confdefs.h - - ;; - esac @@ -37038,10 +37230,10 @@ int main (void) struct addrinfo *ai = 0; int error; - #ifdef HAVE_WINSOCK2_H + #ifdef _WIN32 WSADATA wsa; - if (WSAStartup(MAKEWORD(2,2), &wsa)) - exit(2); + if(WSAStartup(MAKEWORD(2, 2), &wsa)) + exit(2); #endif memset(&hints, 0, sizeof(hints)); @@ -37106,10 +37298,10 @@ int main (void) struct addrinfo *ai = 0; int error; - #ifdef HAVE_WINSOCK2_H + #ifdef _WIN32 WSADATA wsa; - if (WSAStartup(MAKEWORD(2,2), &wsa)) - exit(2); + if(WSAStartup(MAKEWORD(2, 2), &wsa)) + exit(2); #endif memset(&hints, 0, sizeof(hints)); @@ -37764,7 +37956,7 @@ printf "%s\n" "no" >&6; } curl_preprocess_callconv="\ /* preprocess start */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # define FUNCALLCONV __stdcall #else # define FUNCALLCONV @@ -39040,7 +39232,7 @@ curl_includes_arpa_inet="\ #ifdef HAVE_ARPA_INET_H # include #endif -#ifdef HAVE_WINSOCK2_H +#ifdef _WIN32 #include #include #endif @@ -40734,6 +40926,42 @@ printf "%s\n" "no" >&6; } fi +curl_includes_poll="\ +/* includes start */ +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_POLL_H +# include +#endif +#ifdef HAVE_SYS_POLL_H +# include +#endif +/* includes end */" + ac_fn_c_check_header_compile "$LINENO" "sys/types.h" "ac_cv_header_sys_types_h" "$curl_includes_poll +" +if test "x$ac_cv_header_sys_types_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_TYPES_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "poll.h" "ac_cv_header_poll_h" "$curl_includes_poll +" +if test "x$ac_cv_header_poll_h" = xyes +then : + printf "%s\n" "#define HAVE_POLL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/poll.h" "ac_cv_header_sys_poll_h" "$curl_includes_poll +" +if test "x$ac_cv_header_sys_poll_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_POLL_H 1" >>confdefs.h + +fi + + + # tst_links_poll="unknown" tst_proto_poll="unknown" @@ -43538,8 +43766,7 @@ fi - - for ac_func in _fseeki64 arc4random fchmod fnmatch fseeko geteuid getpass_r getppid getpwuid getpwuid_r getrlimit gettimeofday if_nametoindex mach_absolute_time pipe sched_yield sendmsg setlocale setmode setrlimit snprintf utime utimes + for ac_func in _fseeki64 arc4random fnmatch fseeko geteuid getpass_r getppid getpwuid getpwuid_r getrlimit gettimeofday if_nametoindex mach_absolute_time pipe sched_yield sendmsg setlocale setmode setrlimit snprintf utime utimes do : as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -43598,6 +43825,15 @@ fi done +ac_fn_check_decl "$LINENO" "fseeko" "ac_cv_have_decl_fseeko" "#include +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_fseeko" = xyes +then : + +printf "%s\n" "#define HAVE_DECL_FSEEKO 1" >>confdefs.h + +fi + # tst_method="unknown" @@ -45417,12 +45653,15 @@ if test "x$USE_TLS_SRP" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES TLS-SRP" fi -if test "x$USE_NGHTTP2" = "x1" -o "x$USE_HYPER" = "x1"; then +if test "x$USE_NGHTTP2" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP2" fi -if test "x$USE_NGTCP2" = "x1" -o "x$USE_QUICHE" = "x1" \ - -o "x$USE_MSH3" = "x1"; then +if test "x$USE_NGTCP2_H3" = "x1" -o "x$USE_QUICHE" = "x1" \ + -o "x$USE_OPENSSL_H3" = "x1" -o "x$USE_MSH3" = "x1"; then + if test "x$CURL_WITH_MULTI_SSL" = "x1"; then + as_fn_error $? "MultiSSL cannot be enabled with HTTP/3 and vice versa" "$LINENO" 5 + fi SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP3" fi @@ -45430,19 +45669,36 @@ if test "x$CURL_WITH_MULTI_SSL" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES MultiSSL" fi -if test "x$https_proxy" != "xno"; then - if test "x$OPENSSL_ENABLED" = "x1" \ - -o "x$GNUTLS_ENABLED" = "x1" \ - -o "x$SECURETRANSPORT_ENABLED" = "x1" \ - -o "x$RUSTLS_ENABLED" = "x1" \ - -o "x$BEARSSL_ENABLED" = "x1" \ - -o "x$SCHANNEL_ENABLED" = "x1" \ - -o "x$GNUTLS_ENABLED" = "x1" \ - -o "x$MBEDTLS_ENABLED" = "x1"; then - SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" - elif test "x$WOLFSSL_ENABLED" = "x1" -a "x$WOLFSSL_FULL_BIO" = "x1"; then - SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if this build supports HTTPS-proxy" >&5 +printf %s "checking if this build supports HTTPS-proxy... " >&6; } +if test "x$CURL_DISABLE_HTTP" != "x1"; then + if test "x$https_proxy" != "xno"; then + if test "x$OPENSSL_ENABLED" = "x1" \ + -o "x$GNUTLS_ENABLED" = "x1" \ + -o "x$SECURETRANSPORT_ENABLED" = "x1" \ + -o "x$RUSTLS_ENABLED" = "x1" \ + -o "x$BEARSSL_ENABLED" = "x1" \ + -o "x$SCHANNEL_ENABLED" = "x1" \ + -o "x$GNUTLS_ENABLED" = "x1" \ + -o "x$MBEDTLS_ENABLED" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + elif test "x$WOLFSSL_ENABLED" = "x1" -a "x$WOLFSSL_FULL_BIO" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ECH_ENABLED" = "x1"; then @@ -45458,6 +45714,9 @@ fi if test "$tst_atomic" = "yes"; then SUPPORT_FEATURES="$SUPPORT_FEATURES threadsafe" +elif test "x$USE_THREADS_POSIX" = "x1" -a \ + "x$ac_cv_header_pthread_h" = "xyes"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES threadsafe" else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -45490,7 +45749,7 @@ SUPPORT_FEATURES=`echo $SUPPORT_FEATURES | tr ' ' '\012' | sort | tr '\012' ' '` if test "x$CURL_DISABLE_HTTP" != "x1"; then - SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS HTTP" + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS HTTP IPFS IPNS" if test "x$SSL_ENABLED" = "x1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS HTTPS" fi @@ -45927,6 +46186,10 @@ if test -z "${USE_EXPLICIT_LIB_DEPS_TRUE}" && test -z "${USE_EXPLICIT_LIB_DEPS_F as_fn_error $? "conditional \"USE_EXPLICIT_LIB_DEPS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${DOING_NATIVE_WINDOWS_TRUE}" && test -z "${DOING_NATIVE_WINDOWS_FALSE}"; then + as_fn_error $? "conditional \"DOING_NATIVE_WINDOWS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${CURLDEBUG_TRUE}" && test -z "${CURLDEBUG_FALSE}"; then as_fn_error $? "conditional \"CURLDEBUG\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -45935,14 +46198,14 @@ if test -z "${BUILD_UNITTESTS_TRUE}" && test -z "${BUILD_UNITTESTS_FALSE}"; then as_fn_error $? "conditional \"BUILD_UNITTESTS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${DOING_NATIVE_WINDOWS_TRUE}" && test -z "${DOING_NATIVE_WINDOWS_FALSE}"; then - as_fn_error $? "conditional \"DOING_NATIVE_WINDOWS\" was never defined. -Usually this means the macro was only invoked conditionally." "$LINENO" 5 -fi if test -z "${HAVE_WINDRES_TRUE}" && test -z "${HAVE_WINDRES_FALSE}"; then as_fn_error $? "conditional \"HAVE_WINDRES\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${DOING_NATIVE_WINDOWS_TRUE}" && test -z "${DOING_NATIVE_WINDOWS_FALSE}"; then + as_fn_error $? "conditional \"DOING_NATIVE_WINDOWS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${HAVE_LIBZ_TRUE}" && test -z "${HAVE_LIBZ_FALSE}"; then as_fn_error $? "conditional \"HAVE_LIBZ\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -45963,6 +46226,10 @@ if test -z "${CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS_TRUE}" && test -z "${CURL_LT_S as_fn_error $? "conditional \"CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${DOING_NATIVE_WINDOWS_TRUE}" && test -z "${DOING_NATIVE_WINDOWS_FALSE}"; then + as_fn_error $? "conditional \"DOING_NATIVE_WINDOWS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${USE_MANUAL_TRUE}" && test -z "${USE_MANUAL_FALSE}"; then as_fn_error $? "conditional \"USE_MANUAL\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 diff --git a/docs/Makefile.in b/docs/Makefile.in index bbd080cbc..97036919b 100644 --- a/docs/Makefile.in +++ b/docs/Makefile.in @@ -330,6 +330,7 @@ HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_OPENSSL_QUIC = @HAVE_OPENSSL_QUIC@ HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ HAVE_PROTO_BSDSOCKET_H = @HAVE_PROTO_BSDSOCKET_H@ HAVE_ZSTD = @HAVE_ZSTD@ @@ -405,10 +406,14 @@ USE_MSH3 = @USE_MSH3@ USE_NGHTTP2 = @USE_NGHTTP2@ USE_NGHTTP3 = @USE_NGHTTP3@ USE_NGTCP2 = @USE_NGTCP2@ +USE_NGTCP2_CRYPTO_BORINGSSL = @USE_NGTCP2_CRYPTO_BORINGSSL@ USE_NGTCP2_CRYPTO_GNUTLS = @USE_NGTCP2_CRYPTO_GNUTLS@ USE_NGTCP2_CRYPTO_QUICTLS = @USE_NGTCP2_CRYPTO_QUICTLS@ USE_NGTCP2_CRYPTO_WOLFSSL = @USE_NGTCP2_CRYPTO_WOLFSSL@ +USE_NGTCP2_H3 = @USE_NGTCP2_H3@ USE_OPENLDAP = @USE_OPENLDAP@ +USE_OPENSSL_H3 = @USE_OPENSSL_H3@ +USE_OPENSSL_QUIC = @USE_OPENSSL_QUIC@ USE_QUICHE = @USE_QUICHE@ USE_RUSTLS = @USE_RUSTLS@ USE_SCHANNEL = @USE_SCHANNEL@ @@ -482,21 +487,19 @@ AUTOMAKE_OPTIONS = foreign no-dependencies # EXTRA_DIST breaks with $(abs_builddir) so build it using this variable # but distribute it (using the relative file name) in the next variable -man_MANS = $(abs_builddir)/curl.1 +man_MANS = $(abs_builddir)/curl.1 mk-ca-bundle.1 noinst_man_MANS = curl.1 mk-ca-bundle.1 dist_man_MANS = curl-config.1 -GENHTMLPAGES = curl.html curl-config.html mk-ca-bundle.html -PDFPAGES = curl.pdf curl-config.pdf mk-ca-bundle.pdf -MANDISTPAGES = curl.1.dist curl-config.1.dist -HTMLPAGES = $(GENHTMLPAGES) +CURLPAGES = curl-config.md mk-ca-bundle.md # Build targets in this file (.) before cmdline-opts to ensure that # the curl.1 rule below runs first -SUBDIRS = . cmdline-opts -DIST_SUBDIRS = $(SUBDIRS) examples libcurl -CLEANFILES = $(GENHTMLPAGES) $(PDFPAGES) $(MANDISTPAGES) curl.1 +SUBDIRS = . cmdline-opts libcurl +DIST_SUBDIRS = $(SUBDIRS) examples +CLEANFILES = $(man_MANS) curl.1 curl-config.1 mk-ca-bundle.1 +nodist_MANS = $(CLEANFILES) EXTRA_DIST = \ - $(noinst_man_MANS) \ + $(CURLPAGES) \ ALTSVC.md \ BINDINGS.md \ BUFREF.md \ @@ -508,9 +511,11 @@ EXTRA_DIST = \ CODE_OF_CONDUCT.md \ CODE_REVIEW.md \ CODE_STYLE.md \ + CLIENT-WRITERS.md \ CONNECTION-FILTERS.md \ CONTRIBUTE.md \ CURL-DISABLE.md \ + CURLDOWN.md \ DEPRECATE.md \ DYNBUF.md \ EARLY-RELEASE.md \ @@ -526,7 +531,7 @@ EXTRA_DIST = \ HTTP3.md \ HYPER.md \ INSTALL \ - INSTALL.cmake \ + INSTALL-CMAKE.md \ INSTALL.md \ INTERNALS.md \ KNOWN_BUGS \ @@ -550,12 +555,16 @@ EXTRA_DIST = \ VULN-DISCLOSURE-POLICY.md \ WEBSOCKET.md -MAN2HTML = roffit $< >$@ -SUFFIXES = .1 .html .pdf +CD2NROFF = $(top_srcdir)/scripts/cd2nroff $< >$@ +CD2 = $(CD2_$(V)) +CD2_0 = @echo " RENDER " $@; +CD2_1 = +CD2_ = $(CD2_0) +SUFFIXES = .1 .md all: all-recursive .SUFFIXES: -.SUFFIXES: .1 .html .pdf +.SUFFIXES: .1 .md $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ @@ -840,6 +849,8 @@ dvi: dvi-recursive dvi-am: +html: html-recursive + html-am: info: info-recursive @@ -882,6 +893,8 @@ mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool +pdf: pdf-recursive + pdf-am: ps: ps-recursive @@ -921,24 +934,14 @@ uninstall-man: uninstall-man1 # have changed. $(abs_builddir)/curl.1: if test "$(top_builddir)x" != "$(top_srcdir)x" -a -e "$(srcdir)/curl.1"; then \ - $(INSTALL_DATA) "$(srcdir)/curl.1" $@; fi + $(INSTALL_DATA) "$(srcdir)/curl.1" $@ \ + && touch -r "$(srcdir)/curl.1" $@; fi cd cmdline-opts && $(MAKE) -html: $(HTMLPAGES) - cd libcurl && $(MAKE) html - -pdf: $(PDFPAGES) - cd libcurl && $(MAKE) pdf - -.1.html: - $(MAN2HTML) +.md.1: + $(CD2)$(CD2NROFF) -.1.pdf: - @(foo=`echo $@ | sed -e 's/\.[0-9]$$//g'`; \ - groff -Tps -man $< >$$foo.ps; \ - ps2pdf $$foo.ps $@; \ - rm $$foo.ps; \ - echo "converted $< to $@") +curl-config.1: curl-config.md distclean: rm -f $(CLEANFILES) diff --git a/docs/cmdline-opts/Makefile.in b/docs/cmdline-opts/Makefile.in index f861c23fa..507f19183 100644 --- a/docs/cmdline-opts/Makefile.in +++ b/docs/cmdline-opts/Makefile.in @@ -267,6 +267,7 @@ HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_OPENSSL_QUIC = @HAVE_OPENSSL_QUIC@ HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ HAVE_PROTO_BSDSOCKET_H = @HAVE_PROTO_BSDSOCKET_H@ HAVE_ZSTD = @HAVE_ZSTD@ @@ -342,10 +343,14 @@ USE_MSH3 = @USE_MSH3@ USE_NGHTTP2 = @USE_NGHTTP2@ USE_NGHTTP3 = @USE_NGHTTP3@ USE_NGTCP2 = @USE_NGTCP2@ +USE_NGTCP2_CRYPTO_BORINGSSL = @USE_NGTCP2_CRYPTO_BORINGSSL@ USE_NGTCP2_CRYPTO_GNUTLS = @USE_NGTCP2_CRYPTO_GNUTLS@ USE_NGTCP2_CRYPTO_QUICTLS = @USE_NGTCP2_CRYPTO_QUICTLS@ USE_NGTCP2_CRYPTO_WOLFSSL = @USE_NGTCP2_CRYPTO_WOLFSSL@ +USE_NGTCP2_H3 = @USE_NGTCP2_H3@ USE_OPENLDAP = @USE_OPENLDAP@ +USE_OPENSSL_H3 = @USE_OPENSSL_H3@ +USE_OPENSSL_QUIC = @USE_OPENSSL_QUIC@ USE_QUICHE = @USE_QUICHE@ USE_RUSTLS = @USE_RUSTLS@ USE_SCHANNEL = @USE_SCHANNEL@ @@ -417,268 +422,288 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = foreign no-dependencies MANPAGE = $(top_builddir)/docs/curl.1 +SUPPORT = \ + _AUTHORS.md \ + _BUGS.md \ + _DESCRIPTION.md \ + _ENVIRONMENT.md \ + _EXITCODES.md \ + _FILES.md \ + _GLOBBING.md \ + _NAME.md \ + _OPTIONS.md \ + _OUTPUT.md \ + _PROGRESS.md \ + _PROTOCOLS.md \ + _PROXYPREFIX.md \ + _SEEALSO.md \ + _SYNOPSIS.md \ + _URL.md \ + _VARIABLES.md \ + _VERSION.md \ + _WWW.md + DPAGES = \ - abstract-unix-socket.d \ - alt-svc.d \ - anyauth.d \ - append.d \ - aws-sigv4.d \ - basic.d \ - ca-native.d \ - cacert.d \ - capath.d \ - cert-status.d \ - cert-type.d \ - cert.d \ - ciphers.d \ - compressed-ssh.d \ - compressed.d \ - config.d \ - connect-timeout.d \ - connect-to.d \ - continue-at.d \ - cookie-jar.d \ - cookie.d \ - create-dirs.d \ - create-file-mode.d \ - crlf.d \ - crlfile.d \ - curves.d \ - data-ascii.d \ - data-binary.d \ - data-raw.d \ - data-urlencode.d \ - data.d \ - delegation.d \ - digest.d \ - disable-eprt.d \ - disable-epsv.d \ - disable.d \ - disallow-username-in-url.d \ - dns-interface.d \ - dns-ipv4-addr.d \ - dns-ipv6-addr.d \ - dns-servers.d \ - doh-cert-status.d \ - doh-insecure.d \ - doh-url.d \ - dump-header.d \ - egd-file.d \ - engine.d \ - etag-compare.d \ - etag-save.d \ - expect100-timeout.d \ - fail-early.d \ - fail-with-body.d \ - fail.d \ - false-start.d \ - form-escape.d \ - form-string.d \ - form.d \ - ftp-account.d \ - ftp-alternative-to-user.d \ - ftp-create-dirs.d \ - ftp-method.d \ - ftp-pasv.d \ - ftp-port.d \ - ftp-pret.d \ - ftp-skip-pasv-ip.d \ - ftp-ssl-ccc-mode.d \ - ftp-ssl-ccc.d \ - ftp-ssl-control.d \ - get.d \ - globoff.d \ - happy-eyeballs-timeout-ms.d \ - haproxy-protocol.d \ - haproxy-clientip.d \ - head.d \ - header.d \ - help.d \ - hostpubmd5.d \ - hostpubsha256.d \ - hsts.d \ - http0.9.d \ - http1.0.d \ - http1.1.d \ - http2-prior-knowledge.d \ - http2.d \ - http3.d \ - http3-only.d \ - ignore-content-length.d \ - include.d \ - insecure.d \ - interface.d \ - ipfs-gateway.d \ - ipv4.d \ - ipv6.d \ - json.d \ - junk-session-cookies.d \ - keepalive-time.d \ - key-type.d \ - key.d \ - krb.d \ - libcurl.d \ - limit-rate.d \ - list-only.d \ - local-port.d \ - location-trusted.d \ - location.d \ - login-options.d \ - mail-auth.d \ - mail-from.d \ - mail-rcpt-allowfails.d \ - mail-rcpt.d \ - manual.d \ - max-filesize.d \ - max-redirs.d \ - max-time.d \ - metalink.d \ - negotiate.d \ - netrc-file.d \ - netrc-optional.d \ - netrc.d \ - next.d \ - no-alpn.d \ - no-buffer.d \ - no-clobber.d \ - no-keepalive.d \ - no-npn.d \ - no-progress-meter.d \ - no-sessionid.d \ - noproxy.d \ - ntlm-wb.d \ - ntlm.d \ - oauth2-bearer.d \ - output-dir.d \ - output.d \ - parallel-immediate.d \ - parallel-max.d \ - parallel.d \ - pass.d \ - path-as-is.d \ - pinnedpubkey.d \ - post301.d \ - post302.d \ - post303.d \ - preproxy.d \ - progress-bar.d \ - proto-default.d \ - proto-redir.d \ - proto.d \ - proxy-anyauth.d \ - proxy-basic.d \ - proxy-ca-native.d \ - proxy-cacert.d \ - proxy-capath.d \ - proxy-cert-type.d \ - proxy-cert.d \ - proxy-ciphers.d \ - proxy-crlfile.d \ - proxy-digest.d \ - proxy-header.d \ - proxy-http2.d \ - proxy-insecure.d \ - proxy-key-type.d \ - proxy-key.d \ - proxy-negotiate.d \ - proxy-ntlm.d \ - proxy-pass.d \ - proxy-pinnedpubkey.d \ - proxy-service-name.d \ - proxy-ssl-allow-beast.d \ - proxy-ssl-auto-client-cert.d \ - proxy-tls13-ciphers.d \ - proxy-tlsauthtype.d \ - proxy-tlspassword.d \ - proxy-tlsuser.d \ - proxy-tlsv1.d \ - proxy-user.d \ - proxy.d \ - proxy1.0.d \ - proxytunnel.d \ - pubkey.d \ - quote.d \ - random-file.d \ - range.d \ - rate.d \ - raw.d \ - referer.d \ - remote-header-name.d \ - remote-name-all.d \ - remote-name.d \ - remote-time.d \ - remove-on-error.d \ - request-target.d \ - request.d \ - resolve.d \ - retry-all-errors.d \ - retry-connrefused.d \ - retry-delay.d \ - retry-max-time.d \ - retry.d \ - sasl-authzid.d \ - sasl-ir.d \ - service-name.d \ - show-error.d \ - silent.d \ - socks4.d \ - socks4a.d \ - socks5-basic.d \ - socks5-gssapi-nec.d \ - socks5-gssapi-service.d \ - socks5-gssapi.d \ - socks5-hostname.d \ - socks5.d \ - speed-limit.d \ - speed-time.d \ - ssl-allow-beast.d \ - ssl-auto-client-cert.d \ - ssl-no-revoke.d \ - ssl-reqd.d \ - ssl-revoke-best-effort.d \ - ssl.d \ - sslv2.d \ - sslv3.d \ - stderr.d \ - styled-output.d \ - suppress-connect-headers.d \ - tcp-fastopen.d \ - tcp-nodelay.d \ - telnet-option.d \ - tftp-blksize.d \ - tftp-no-options.d \ - time-cond.d \ - tls-max.d \ - tls13-ciphers.d \ - tlsauthtype.d \ - tlspassword.d \ - tlsuser.d \ - tlsv1.0.d \ - tlsv1.1.d \ - tlsv1.2.d \ - tlsv1.3.d \ - tlsv1.d \ - tr-encoding.d \ - trace-ascii.d \ - trace-config.d \ - trace-ids.d \ - trace-time.d \ - trace.d \ - unix-socket.d \ - upload-file.d \ - url.d \ - url-query.d \ - use-ascii.d \ - user-agent.d \ - user.d \ - variable.d \ - verbose.d \ - version.d \ - write-out.d \ - xattr.d - -OTHERPAGES = page-footer page-header -EXTRA_DIST = $(DPAGES) MANPAGE.md gen.pl $(OTHERPAGES) CMakeLists.txt + abstract-unix-socket.md \ + alt-svc.md \ + anyauth.md \ + append.md \ + aws-sigv4.md \ + basic.md \ + ca-native.md \ + cacert.md \ + capath.md \ + cert-status.md \ + cert-type.md \ + cert.md \ + ciphers.md \ + compressed-ssh.md \ + compressed.md \ + config.md \ + connect-timeout.md \ + connect-to.md \ + continue-at.md \ + cookie-jar.md \ + cookie.md \ + create-dirs.md \ + create-file-mode.md \ + crlf.md \ + crlfile.md \ + curves.md \ + data-ascii.md \ + data-binary.md \ + data-raw.md \ + data-urlencode.md \ + data.md \ + delegation.md \ + digest.md \ + disable-eprt.md \ + disable-epsv.md \ + disable.md \ + disallow-username-in-url.md \ + dns-interface.md \ + dns-ipv4-addr.md \ + dns-ipv6-addr.md \ + dns-servers.md \ + doh-cert-status.md \ + doh-insecure.md \ + doh-url.md \ + dump-header.md \ + egd-file.md \ + engine.md \ + etag-compare.md \ + etag-save.md \ + expect100-timeout.md \ + fail-early.md \ + fail-with-body.md \ + fail.md \ + false-start.md \ + form-escape.md \ + form-string.md \ + form.md \ + ftp-account.md \ + ftp-alternative-to-user.md \ + ftp-create-dirs.md \ + ftp-method.md \ + ftp-pasv.md \ + ftp-port.md \ + ftp-pret.md \ + ftp-skip-pasv-ip.md \ + ftp-ssl-ccc-mode.md \ + ftp-ssl-ccc.md \ + ftp-ssl-control.md \ + get.md \ + globoff.md \ + happy-eyeballs-timeout-ms.md \ + haproxy-protocol.md \ + haproxy-clientip.md \ + head.md \ + header.md \ + help.md \ + hostpubmd5.md \ + hostpubsha256.md \ + hsts.md \ + http0.9.md \ + http1.0.md \ + http1.1.md \ + http2-prior-knowledge.md \ + http2.md \ + http3.md \ + http3-only.md \ + ignore-content-length.md \ + include.md \ + insecure.md \ + interface.md \ + ipfs-gateway.md \ + ipv4.md \ + ipv6.md \ + json.md \ + junk-session-cookies.md \ + keepalive-time.md \ + key-type.md \ + key.md \ + krb.md \ + libcurl.md \ + limit-rate.md \ + list-only.md \ + local-port.md \ + location-trusted.md \ + location.md \ + login-options.md \ + mail-auth.md \ + mail-from.md \ + mail-rcpt-allowfails.md \ + mail-rcpt.md \ + manual.md \ + max-filesize.md \ + max-redirs.md \ + max-time.md \ + metalink.md \ + negotiate.md \ + netrc-file.md \ + netrc-optional.md \ + netrc.md \ + next.md \ + no-alpn.md \ + no-buffer.md \ + no-clobber.md \ + no-keepalive.md \ + no-npn.md \ + no-progress-meter.md \ + no-sessionid.md \ + noproxy.md \ + ntlm-wb.md \ + ntlm.md \ + oauth2-bearer.md \ + output-dir.md \ + output.md \ + parallel-immediate.md \ + parallel-max.md \ + parallel.md \ + pass.md \ + path-as-is.md \ + pinnedpubkey.md \ + post301.md \ + post302.md \ + post303.md \ + preproxy.md \ + progress-bar.md \ + proto-default.md \ + proto-redir.md \ + proto.md \ + proxy-anyauth.md \ + proxy-basic.md \ + proxy-ca-native.md \ + proxy-cacert.md \ + proxy-capath.md \ + proxy-cert-type.md \ + proxy-cert.md \ + proxy-ciphers.md \ + proxy-crlfile.md \ + proxy-digest.md \ + proxy-header.md \ + proxy-http2.md \ + proxy-insecure.md \ + proxy-key-type.md \ + proxy-key.md \ + proxy-negotiate.md \ + proxy-ntlm.md \ + proxy-pass.md \ + proxy-pinnedpubkey.md \ + proxy-service-name.md \ + proxy-ssl-allow-beast.md \ + proxy-ssl-auto-client-cert.md \ + proxy-tls13-ciphers.md \ + proxy-tlsauthtype.md \ + proxy-tlspassword.md \ + proxy-tlsuser.md \ + proxy-tlsv1.md \ + proxy-user.md \ + proxy.md \ + proxy1.0.md \ + proxytunnel.md \ + pubkey.md \ + quote.md \ + random-file.md \ + range.md \ + rate.md \ + raw.md \ + referer.md \ + remote-header-name.md \ + remote-name-all.md \ + remote-name.md \ + remote-time.md \ + remove-on-error.md \ + request-target.md \ + request.md \ + resolve.md \ + retry-all-errors.md \ + retry-connrefused.md \ + retry-delay.md \ + retry-max-time.md \ + retry.md \ + sasl-authzid.md \ + sasl-ir.md \ + service-name.md \ + show-error.md \ + silent.md \ + socks4.md \ + socks4a.md \ + socks5-basic.md \ + socks5-gssapi-nec.md \ + socks5-gssapi-service.md \ + socks5-gssapi.md \ + socks5-hostname.md \ + socks5.md \ + speed-limit.md \ + speed-time.md \ + ssl-allow-beast.md \ + ssl-auto-client-cert.md \ + ssl-no-revoke.md \ + ssl-reqd.md \ + ssl-revoke-best-effort.md \ + ssl.md \ + sslv2.md \ + sslv3.md \ + stderr.md \ + styled-output.md \ + suppress-connect-headers.md \ + tcp-fastopen.md \ + tcp-nodelay.md \ + telnet-option.md \ + tftp-blksize.md \ + tftp-no-options.md \ + time-cond.md \ + tls-max.md \ + tls13-ciphers.md \ + tlsauthtype.md \ + tlspassword.md \ + tlsuser.md \ + tlsv1.0.md \ + tlsv1.1.md \ + tlsv1.2.md \ + tlsv1.3.md \ + tlsv1.md \ + tr-encoding.md \ + trace-ascii.md \ + trace-config.md \ + trace-ids.md \ + trace-time.md \ + trace.md \ + unix-socket.md \ + upload-file.md \ + url.md \ + url-query.md \ + use-ascii.md \ + user-agent.md \ + user.md \ + variable.md \ + verbose.md \ + version.md \ + write-out.md \ + xattr.md + +EXTRA_DIST = $(DPAGES) MANPAGE.md gen.pl $(SUPPORT) CMakeLists.txt mainpage.idx GEN = $(GN_$(V)) GN_0 = @echo " GENERATE" $@; GN_1 = @@ -880,9 +905,12 @@ uninstall-am: all: $(MANPAGE) -$(MANPAGE): $(DPAGES) $(OTHERPAGES) Makefile.inc gen.pl +$(MANPAGE): $(DPAGES) $(SUPPORT) mainpage.idx Makefile.inc gen.pl $(GEN)(rm -f $(MANPAGE) && cd $(srcdir) && @PERL@ ./gen.pl mainpage $(DPAGES) > $(builddir)/manpage.tmp && mv $(builddir)/manpage.tmp $(MANPAGE)) +listhelp: + ./gen.pl listhelp $(DPAGES) > $(top_builddir)/src/tool_listhelp.c + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/docs/examples/Makefile.in b/docs/examples/Makefile.in index 4ac0f81b0..4668c9202 100644 --- a/docs/examples/Makefile.in +++ b/docs/examples/Makefile.in @@ -136,9 +136,10 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @USE_CPPFLAG_CURL_STATICLIB_TRUE@am__append_1 = -DCURL_STATICLIB -check_PROGRAMS = 10-at-a-time$(EXEEXT) altsvc$(EXEEXT) \ - anyauthput$(EXEEXT) certinfo$(EXEEXT) chkspeed$(EXEEXT) \ - connect-to$(EXEEXT) cookie_interface$(EXEEXT) debug$(EXEEXT) \ +check_PROGRAMS = 10-at-a-time$(EXEEXT) address-scope$(EXEEXT) \ + altsvc$(EXEEXT) anyauthput$(EXEEXT) certinfo$(EXEEXT) \ + chkspeed$(EXEEXT) connect-to$(EXEEXT) \ + cookie_interface$(EXEEXT) debug$(EXEEXT) \ default-scheme$(EXEEXT) externalsocket$(EXEEXT) \ fileupload$(EXEEXT) ftp-wildcard$(EXEEXT) ftpget$(EXEEXT) \ ftpgetinfo$(EXEEXT) ftpgetresp$(EXEEXT) ftpsget$(EXEEXT) \ @@ -155,19 +156,21 @@ check_PROGRAMS = 10-at-a-time$(EXEEXT) altsvc$(EXEEXT) \ imap-examine$(EXEEXT) imap-fetch$(EXEEXT) imap-list$(EXEEXT) \ imap-lsub$(EXEEXT) imap-multi$(EXEEXT) imap-noop$(EXEEXT) \ imap-search$(EXEEXT) imap-ssl$(EXEEXT) imap-store$(EXEEXT) \ - imap-tls$(EXEEXT) ipv6$(EXEEXT) maxconnects$(EXEEXT) \ + imap-tls$(EXEEXT) interface$(EXEEXT) ipv6$(EXEEXT) \ + keepalive$(EXEEXT) localport$(EXEEXT) maxconnects$(EXEEXT) \ multi-app$(EXEEXT) multi-debugcallback$(EXEEXT) \ multi-double$(EXEEXT) multi-formadd$(EXEEXT) \ multi-legacy$(EXEEXT) multi-post$(EXEEXT) \ - multi-single$(EXEEXT) parseurl$(EXEEXT) persistent$(EXEEXT) \ - pop3-authzid$(EXEEXT) pop3-dele$(EXEEXT) pop3-list$(EXEEXT) \ - pop3-multi$(EXEEXT) pop3-noop$(EXEEXT) pop3-retr$(EXEEXT) \ - pop3-ssl$(EXEEXT) pop3-stat$(EXEEXT) pop3-tls$(EXEEXT) \ - pop3-top$(EXEEXT) pop3-uidl$(EXEEXT) post-callback$(EXEEXT) \ - postinmemory$(EXEEXT) postit2$(EXEEXT) \ + multi-single$(EXEEXT) netrc$(EXEEXT) parseurl$(EXEEXT) \ + persistent$(EXEEXT) pop3-authzid$(EXEEXT) pop3-dele$(EXEEXT) \ + pop3-list$(EXEEXT) pop3-multi$(EXEEXT) pop3-noop$(EXEEXT) \ + pop3-retr$(EXEEXT) pop3-ssl$(EXEEXT) pop3-stat$(EXEEXT) \ + pop3-tls$(EXEEXT) pop3-top$(EXEEXT) pop3-uidl$(EXEEXT) \ + post-callback$(EXEEXT) postinmemory$(EXEEXT) postit2$(EXEEXT) \ postit2-formadd$(EXEEXT) progressfunc$(EXEEXT) \ - protofeats$(EXEEXT) resolve$(EXEEXT) sendrecv$(EXEEXT) \ - sepheaders$(EXEEXT) sftpget$(EXEEXT) sftpuploadresume$(EXEEXT) \ + protofeats$(EXEEXT) range$(EXEEXT) resolve$(EXEEXT) \ + rtsp-options$(EXEEXT) sendrecv$(EXEEXT) sepheaders$(EXEEXT) \ + sftpget$(EXEEXT) sftpuploadresume$(EXEEXT) \ shared-connection-cache$(EXEEXT) simple$(EXEEXT) \ simplepost$(EXEEXT) simplessl$(EXEEXT) smtp-authzid$(EXEEXT) \ smtp-expn$(EXEEXT) smtp-mail$(EXEEXT) smtp-mime$(EXEEXT) \ @@ -221,6 +224,13 @@ AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = +address_scope_SOURCES = address-scope.c +address_scope_OBJECTS = address-scope.$(OBJEXT) +address_scope_LDADD = $(LDADD) +@USE_EXPLICIT_LIB_DEPS_FALSE@address_scope_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la +@USE_EXPLICIT_LIB_DEPS_TRUE@address_scope_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la altsvc_SOURCES = altsvc.c altsvc_OBJECTS = altsvc.$(OBJEXT) altsvc_LDADD = $(LDADD) @@ -575,11 +585,32 @@ imap_tls_LDADD = $(LDADD) @USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la @USE_EXPLICIT_LIB_DEPS_TRUE@imap_tls_DEPENDENCIES = \ @USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la +interface_SOURCES = interface.c +interface_OBJECTS = interface.$(OBJEXT) +interface_LDADD = $(LDADD) +@USE_EXPLICIT_LIB_DEPS_FALSE@interface_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la +@USE_EXPLICIT_LIB_DEPS_TRUE@interface_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la ipv6_SOURCES = ipv6.c ipv6_OBJECTS = ipv6.$(OBJEXT) ipv6_LDADD = $(LDADD) @USE_EXPLICIT_LIB_DEPS_FALSE@ipv6_DEPENDENCIES = $(LIBDIR)/libcurl.la @USE_EXPLICIT_LIB_DEPS_TRUE@ipv6_DEPENDENCIES = $(LIBDIR)/libcurl.la +keepalive_SOURCES = keepalive.c +keepalive_OBJECTS = keepalive.$(OBJEXT) +keepalive_LDADD = $(LDADD) +@USE_EXPLICIT_LIB_DEPS_FALSE@keepalive_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la +@USE_EXPLICIT_LIB_DEPS_TRUE@keepalive_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la +localport_SOURCES = localport.c +localport_OBJECTS = localport.$(OBJEXT) +localport_LDADD = $(LDADD) +@USE_EXPLICIT_LIB_DEPS_FALSE@localport_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la +@USE_EXPLICIT_LIB_DEPS_TRUE@localport_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la maxconnects_SOURCES = maxconnects.c maxconnects_OBJECTS = maxconnects.$(OBJEXT) maxconnects_LDADD = $(LDADD) @@ -636,6 +667,12 @@ multi_single_LDADD = $(LDADD) @USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la @USE_EXPLICIT_LIB_DEPS_TRUE@multi_single_DEPENDENCIES = \ @USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la +netrc_SOURCES = netrc.c +netrc_OBJECTS = netrc.$(OBJEXT) +netrc_LDADD = $(LDADD) +@USE_EXPLICIT_LIB_DEPS_FALSE@netrc_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la +@USE_EXPLICIT_LIB_DEPS_TRUE@netrc_DEPENDENCIES = $(LIBDIR)/libcurl.la parseurl_SOURCES = parseurl.c parseurl_OBJECTS = parseurl.$(OBJEXT) parseurl_LDADD = $(LDADD) @@ -769,6 +806,12 @@ protofeats_LDADD = $(LDADD) @USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la @USE_EXPLICIT_LIB_DEPS_TRUE@protofeats_DEPENDENCIES = \ @USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la +range_SOURCES = range.c +range_OBJECTS = range.$(OBJEXT) +range_LDADD = $(LDADD) +@USE_EXPLICIT_LIB_DEPS_FALSE@range_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la +@USE_EXPLICIT_LIB_DEPS_TRUE@range_DEPENDENCIES = $(LIBDIR)/libcurl.la resolve_SOURCES = resolve.c resolve_OBJECTS = resolve.$(OBJEXT) resolve_LDADD = $(LDADD) @@ -776,6 +819,13 @@ resolve_LDADD = $(LDADD) @USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la @USE_EXPLICIT_LIB_DEPS_TRUE@resolve_DEPENDENCIES = \ @USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la +rtsp_options_SOURCES = rtsp-options.c +rtsp_options_OBJECTS = rtsp-options.$(OBJEXT) +rtsp_options_LDADD = $(LDADD) +@USE_EXPLICIT_LIB_DEPS_FALSE@rtsp_options_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_FALSE@ $(LIBDIR)/libcurl.la +@USE_EXPLICIT_LIB_DEPS_TRUE@rtsp_options_DEPENDENCIES = \ +@USE_EXPLICIT_LIB_DEPS_TRUE@ $(LIBDIR)/libcurl.la sendrecv_SOURCES = sendrecv.c sendrecv_OBJECTS = sendrecv.$(OBJEXT) sendrecv_LDADD = $(LDADD) @@ -946,20 +996,20 @@ DEFAULT_INCLUDES = depcomp = $(SHELL) $(top_srcdir)/depcomp am__maybe_remake_depfiles = depfiles am__depfiles_remade = ./$(DEPDIR)/10-at-a-time.Po \ - ./$(DEPDIR)/altsvc.Po ./$(DEPDIR)/anyauthput.Po \ - ./$(DEPDIR)/certinfo.Po ./$(DEPDIR)/chkspeed.Po \ - ./$(DEPDIR)/connect-to.Po ./$(DEPDIR)/cookie_interface.Po \ - ./$(DEPDIR)/debug.Po ./$(DEPDIR)/default-scheme.Po \ - ./$(DEPDIR)/externalsocket.Po ./$(DEPDIR)/fileupload.Po \ - ./$(DEPDIR)/ftp-wildcard.Po ./$(DEPDIR)/ftpget.Po \ - ./$(DEPDIR)/ftpgetinfo.Po ./$(DEPDIR)/ftpgetresp.Po \ - ./$(DEPDIR)/ftpsget.Po ./$(DEPDIR)/ftpupload.Po \ - ./$(DEPDIR)/ftpuploadfrommem.Po ./$(DEPDIR)/ftpuploadresume.Po \ - ./$(DEPDIR)/getinfo.Po ./$(DEPDIR)/getinmemory.Po \ - ./$(DEPDIR)/getredirect.Po ./$(DEPDIR)/getreferrer.Po \ - ./$(DEPDIR)/headerapi.Po ./$(DEPDIR)/hsts-preload.Po \ - ./$(DEPDIR)/http-options.Po ./$(DEPDIR)/http-post.Po \ - ./$(DEPDIR)/http2-download.Po \ + ./$(DEPDIR)/address-scope.Po ./$(DEPDIR)/altsvc.Po \ + ./$(DEPDIR)/anyauthput.Po ./$(DEPDIR)/certinfo.Po \ + ./$(DEPDIR)/chkspeed.Po ./$(DEPDIR)/connect-to.Po \ + ./$(DEPDIR)/cookie_interface.Po ./$(DEPDIR)/debug.Po \ + ./$(DEPDIR)/default-scheme.Po ./$(DEPDIR)/externalsocket.Po \ + ./$(DEPDIR)/fileupload.Po ./$(DEPDIR)/ftp-wildcard.Po \ + ./$(DEPDIR)/ftpget.Po ./$(DEPDIR)/ftpgetinfo.Po \ + ./$(DEPDIR)/ftpgetresp.Po ./$(DEPDIR)/ftpsget.Po \ + ./$(DEPDIR)/ftpupload.Po ./$(DEPDIR)/ftpuploadfrommem.Po \ + ./$(DEPDIR)/ftpuploadresume.Po ./$(DEPDIR)/getinfo.Po \ + ./$(DEPDIR)/getinmemory.Po ./$(DEPDIR)/getredirect.Po \ + ./$(DEPDIR)/getreferrer.Po ./$(DEPDIR)/headerapi.Po \ + ./$(DEPDIR)/hsts-preload.Po ./$(DEPDIR)/http-options.Po \ + ./$(DEPDIR)/http-post.Po ./$(DEPDIR)/http2-download.Po \ ./$(DEPDIR)/http2-pushinmemory.Po \ ./$(DEPDIR)/http2-serverpush.Po ./$(DEPDIR)/http2-upload.Po \ ./$(DEPDIR)/http3-present.Po ./$(DEPDIR)/http3.Po \ @@ -973,11 +1023,13 @@ am__depfiles_remade = ./$(DEPDIR)/10-at-a-time.Po \ ./$(DEPDIR)/imap-multi.Po ./$(DEPDIR)/imap-noop.Po \ ./$(DEPDIR)/imap-search.Po ./$(DEPDIR)/imap-ssl.Po \ ./$(DEPDIR)/imap-store.Po ./$(DEPDIR)/imap-tls.Po \ - ./$(DEPDIR)/ipv6.Po ./$(DEPDIR)/maxconnects.Po \ - ./$(DEPDIR)/multi-app.Po ./$(DEPDIR)/multi-debugcallback.Po \ - ./$(DEPDIR)/multi-double.Po ./$(DEPDIR)/multi-formadd.Po \ - ./$(DEPDIR)/multi-legacy.Po ./$(DEPDIR)/multi-post.Po \ - ./$(DEPDIR)/multi-single.Po ./$(DEPDIR)/parseurl.Po \ + ./$(DEPDIR)/interface.Po ./$(DEPDIR)/ipv6.Po \ + ./$(DEPDIR)/keepalive.Po ./$(DEPDIR)/localport.Po \ + ./$(DEPDIR)/maxconnects.Po ./$(DEPDIR)/multi-app.Po \ + ./$(DEPDIR)/multi-debugcallback.Po ./$(DEPDIR)/multi-double.Po \ + ./$(DEPDIR)/multi-formadd.Po ./$(DEPDIR)/multi-legacy.Po \ + ./$(DEPDIR)/multi-post.Po ./$(DEPDIR)/multi-single.Po \ + ./$(DEPDIR)/netrc.Po ./$(DEPDIR)/parseurl.Po \ ./$(DEPDIR)/persistent.Po ./$(DEPDIR)/pop3-authzid.Po \ ./$(DEPDIR)/pop3-dele.Po ./$(DEPDIR)/pop3-list.Po \ ./$(DEPDIR)/pop3-multi.Po ./$(DEPDIR)/pop3-noop.Po \ @@ -987,7 +1039,8 @@ am__depfiles_remade = ./$(DEPDIR)/10-at-a-time.Po \ ./$(DEPDIR)/post-callback.Po ./$(DEPDIR)/postinmemory.Po \ ./$(DEPDIR)/postit2-formadd.Po ./$(DEPDIR)/postit2.Po \ ./$(DEPDIR)/progressfunc.Po ./$(DEPDIR)/protofeats.Po \ - ./$(DEPDIR)/resolve.Po ./$(DEPDIR)/sendrecv.Po \ + ./$(DEPDIR)/range.Po ./$(DEPDIR)/resolve.Po \ + ./$(DEPDIR)/rtsp-options.Po ./$(DEPDIR)/sendrecv.Po \ ./$(DEPDIR)/sepheaders.Po ./$(DEPDIR)/sftpget.Po \ ./$(DEPDIR)/sftpuploadresume.Po \ ./$(DEPDIR)/shared-connection-cache.Po ./$(DEPDIR)/simple.Po \ @@ -1018,10 +1071,10 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = 10-at-a-time.c altsvc.c anyauthput.c certinfo.c chkspeed.c \ - connect-to.c cookie_interface.c debug.c default-scheme.c \ - externalsocket.c fileupload.c ftp-wildcard.c ftpget.c \ - ftpgetinfo.c ftpgetresp.c ftpsget.c ftpupload.c \ +SOURCES = 10-at-a-time.c address-scope.c altsvc.c anyauthput.c \ + certinfo.c chkspeed.c connect-to.c cookie_interface.c debug.c \ + default-scheme.c externalsocket.c fileupload.c ftp-wildcard.c \ + ftpget.c ftpgetinfo.c ftpgetresp.c ftpsget.c ftpupload.c \ ftpuploadfrommem.c ftpuploadresume.c getinfo.c getinmemory.c \ getredirect.c getreferrer.c headerapi.c hsts-preload.c \ http-options.c http-post.c http2-download.c \ @@ -1030,21 +1083,22 @@ SOURCES = 10-at-a-time.c altsvc.c anyauthput.c certinfo.c chkspeed.c \ httpput-postfields.c https.c imap-append.c imap-authzid.c \ imap-copy.c imap-create.c imap-delete.c imap-examine.c \ imap-fetch.c imap-list.c imap-lsub.c imap-multi.c imap-noop.c \ - imap-search.c imap-ssl.c imap-store.c imap-tls.c ipv6.c \ - maxconnects.c multi-app.c multi-debugcallback.c multi-double.c \ - multi-formadd.c multi-legacy.c multi-post.c multi-single.c \ - parseurl.c persistent.c pop3-authzid.c pop3-dele.c pop3-list.c \ + imap-search.c imap-ssl.c imap-store.c imap-tls.c interface.c \ + ipv6.c keepalive.c localport.c maxconnects.c multi-app.c \ + multi-debugcallback.c multi-double.c multi-formadd.c \ + multi-legacy.c multi-post.c multi-single.c netrc.c parseurl.c \ + persistent.c pop3-authzid.c pop3-dele.c pop3-list.c \ pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c pop3-stat.c \ pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c \ postinmemory.c postit2.c postit2-formadd.c progressfunc.c \ - protofeats.c resolve.c sendrecv.c sepheaders.c sftpget.c \ - sftpuploadresume.c shared-connection-cache.c simple.c \ - simplepost.c simplessl.c smtp-authzid.c smtp-expn.c \ - smtp-mail.c smtp-mime.c smtp-multi.c smtp-ssl.c smtp-tls.c \ - smtp-vrfy.c sslbackend.c unixsocket.c url2file.c urlapi.c \ - websocket.c websocket-cb.c -DIST_SOURCES = 10-at-a-time.c altsvc.c anyauthput.c certinfo.c \ - chkspeed.c connect-to.c cookie_interface.c debug.c \ + protofeats.c range.c resolve.c rtsp-options.c sendrecv.c \ + sepheaders.c sftpget.c sftpuploadresume.c \ + shared-connection-cache.c simple.c simplepost.c simplessl.c \ + smtp-authzid.c smtp-expn.c smtp-mail.c smtp-mime.c \ + smtp-multi.c smtp-ssl.c smtp-tls.c smtp-vrfy.c sslbackend.c \ + unixsocket.c url2file.c urlapi.c websocket.c websocket-cb.c +DIST_SOURCES = 10-at-a-time.c address-scope.c altsvc.c anyauthput.c \ + certinfo.c chkspeed.c connect-to.c cookie_interface.c debug.c \ default-scheme.c externalsocket.c fileupload.c ftp-wildcard.c \ ftpget.c ftpgetinfo.c ftpgetresp.c ftpsget.c ftpupload.c \ ftpuploadfrommem.c ftpuploadresume.c getinfo.c getinmemory.c \ @@ -1055,19 +1109,20 @@ DIST_SOURCES = 10-at-a-time.c altsvc.c anyauthput.c certinfo.c \ httpput-postfields.c https.c imap-append.c imap-authzid.c \ imap-copy.c imap-create.c imap-delete.c imap-examine.c \ imap-fetch.c imap-list.c imap-lsub.c imap-multi.c imap-noop.c \ - imap-search.c imap-ssl.c imap-store.c imap-tls.c ipv6.c \ - maxconnects.c multi-app.c multi-debugcallback.c multi-double.c \ - multi-formadd.c multi-legacy.c multi-post.c multi-single.c \ - parseurl.c persistent.c pop3-authzid.c pop3-dele.c pop3-list.c \ + imap-search.c imap-ssl.c imap-store.c imap-tls.c interface.c \ + ipv6.c keepalive.c localport.c maxconnects.c multi-app.c \ + multi-debugcallback.c multi-double.c multi-formadd.c \ + multi-legacy.c multi-post.c multi-single.c netrc.c parseurl.c \ + persistent.c pop3-authzid.c pop3-dele.c pop3-list.c \ pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c pop3-stat.c \ pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c \ postinmemory.c postit2.c postit2-formadd.c progressfunc.c \ - protofeats.c resolve.c sendrecv.c sepheaders.c sftpget.c \ - sftpuploadresume.c shared-connection-cache.c simple.c \ - simplepost.c simplessl.c smtp-authzid.c smtp-expn.c \ - smtp-mail.c smtp-mime.c smtp-multi.c smtp-ssl.c smtp-tls.c \ - smtp-vrfy.c sslbackend.c unixsocket.c url2file.c urlapi.c \ - websocket.c websocket-cb.c + protofeats.c range.c resolve.c rtsp-options.c sendrecv.c \ + sepheaders.c sftpget.c sftpuploadresume.c \ + shared-connection-cache.c simple.c simplepost.c simplessl.c \ + smtp-authzid.c smtp-expn.c smtp-mail.c smtp-mime.c \ + smtp-multi.c smtp-ssl.c smtp-tls.c smtp-vrfy.c sslbackend.c \ + unixsocket.c url2file.c urlapi.c websocket.c websocket-cb.c am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -1167,6 +1222,7 @@ HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_OPENSSL_QUIC = @HAVE_OPENSSL_QUIC@ HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ HAVE_PROTO_BSDSOCKET_H = @HAVE_PROTO_BSDSOCKET_H@ HAVE_ZSTD = @HAVE_ZSTD@ @@ -1244,10 +1300,14 @@ USE_MSH3 = @USE_MSH3@ USE_NGHTTP2 = @USE_NGHTTP2@ USE_NGHTTP3 = @USE_NGHTTP3@ USE_NGTCP2 = @USE_NGTCP2@ +USE_NGTCP2_CRYPTO_BORINGSSL = @USE_NGTCP2_CRYPTO_BORINGSSL@ USE_NGTCP2_CRYPTO_GNUTLS = @USE_NGTCP2_CRYPTO_GNUTLS@ USE_NGTCP2_CRYPTO_QUICTLS = @USE_NGTCP2_CRYPTO_QUICTLS@ USE_NGTCP2_CRYPTO_WOLFSSL = @USE_NGTCP2_CRYPTO_WOLFSSL@ +USE_NGTCP2_H3 = @USE_NGTCP2_H3@ USE_OPENLDAP = @USE_OPENLDAP@ +USE_OPENSSL_H3 = @USE_OPENSSL_H3@ +USE_OPENSSL_QUIC = @USE_OPENSSL_QUIC@ USE_QUICHE = @USE_QUICHE@ USE_RUSTLS = @USE_RUSTLS@ USE_SCHANNEL = @USE_SCHANNEL@ @@ -1413,6 +1473,10 @@ clean-checkPROGRAMS: @rm -f 10-at-a-time$(EXEEXT) $(AM_V_CCLD)$(LINK) $(10_at_a_time_OBJECTS) $(10_at_a_time_LDADD) $(LIBS) +address-scope$(EXEEXT): $(address_scope_OBJECTS) $(address_scope_DEPENDENCIES) $(EXTRA_address_scope_DEPENDENCIES) + @rm -f address-scope$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(address_scope_OBJECTS) $(address_scope_LDADD) $(LIBS) + altsvc$(EXEEXT): $(altsvc_OBJECTS) $(altsvc_DEPENDENCIES) $(EXTRA_altsvc_DEPENDENCIES) @rm -f altsvc$(EXEEXT) $(AM_V_CCLD)$(LINK) $(altsvc_OBJECTS) $(altsvc_LDADD) $(LIBS) @@ -1617,10 +1681,22 @@ imap-tls$(EXEEXT): $(imap_tls_OBJECTS) $(imap_tls_DEPENDENCIES) $(EXTRA_imap_tls @rm -f imap-tls$(EXEEXT) $(AM_V_CCLD)$(LINK) $(imap_tls_OBJECTS) $(imap_tls_LDADD) $(LIBS) +interface$(EXEEXT): $(interface_OBJECTS) $(interface_DEPENDENCIES) $(EXTRA_interface_DEPENDENCIES) + @rm -f interface$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(interface_OBJECTS) $(interface_LDADD) $(LIBS) + ipv6$(EXEEXT): $(ipv6_OBJECTS) $(ipv6_DEPENDENCIES) $(EXTRA_ipv6_DEPENDENCIES) @rm -f ipv6$(EXEEXT) $(AM_V_CCLD)$(LINK) $(ipv6_OBJECTS) $(ipv6_LDADD) $(LIBS) +keepalive$(EXEEXT): $(keepalive_OBJECTS) $(keepalive_DEPENDENCIES) $(EXTRA_keepalive_DEPENDENCIES) + @rm -f keepalive$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(keepalive_OBJECTS) $(keepalive_LDADD) $(LIBS) + +localport$(EXEEXT): $(localport_OBJECTS) $(localport_DEPENDENCIES) $(EXTRA_localport_DEPENDENCIES) + @rm -f localport$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(localport_OBJECTS) $(localport_LDADD) $(LIBS) + maxconnects$(EXEEXT): $(maxconnects_OBJECTS) $(maxconnects_DEPENDENCIES) $(EXTRA_maxconnects_DEPENDENCIES) @rm -f maxconnects$(EXEEXT) $(AM_V_CCLD)$(LINK) $(maxconnects_OBJECTS) $(maxconnects_LDADD) $(LIBS) @@ -1653,6 +1729,10 @@ multi-single$(EXEEXT): $(multi_single_OBJECTS) $(multi_single_DEPENDENCIES) $(EX @rm -f multi-single$(EXEEXT) $(AM_V_CCLD)$(LINK) $(multi_single_OBJECTS) $(multi_single_LDADD) $(LIBS) +netrc$(EXEEXT): $(netrc_OBJECTS) $(netrc_DEPENDENCIES) $(EXTRA_netrc_DEPENDENCIES) + @rm -f netrc$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(netrc_OBJECTS) $(netrc_LDADD) $(LIBS) + parseurl$(EXEEXT): $(parseurl_OBJECTS) $(parseurl_DEPENDENCIES) $(EXTRA_parseurl_DEPENDENCIES) @rm -f parseurl$(EXEEXT) $(AM_V_CCLD)$(LINK) $(parseurl_OBJECTS) $(parseurl_LDADD) $(LIBS) @@ -1729,10 +1809,18 @@ protofeats$(EXEEXT): $(protofeats_OBJECTS) $(protofeats_DEPENDENCIES) $(EXTRA_pr @rm -f protofeats$(EXEEXT) $(AM_V_CCLD)$(LINK) $(protofeats_OBJECTS) $(protofeats_LDADD) $(LIBS) +range$(EXEEXT): $(range_OBJECTS) $(range_DEPENDENCIES) $(EXTRA_range_DEPENDENCIES) + @rm -f range$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(range_OBJECTS) $(range_LDADD) $(LIBS) + resolve$(EXEEXT): $(resolve_OBJECTS) $(resolve_DEPENDENCIES) $(EXTRA_resolve_DEPENDENCIES) @rm -f resolve$(EXEEXT) $(AM_V_CCLD)$(LINK) $(resolve_OBJECTS) $(resolve_LDADD) $(LIBS) +rtsp-options$(EXEEXT): $(rtsp_options_OBJECTS) $(rtsp_options_DEPENDENCIES) $(EXTRA_rtsp_options_DEPENDENCIES) + @rm -f rtsp-options$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(rtsp_options_OBJECTS) $(rtsp_options_LDADD) $(LIBS) + sendrecv$(EXEEXT): $(sendrecv_OBJECTS) $(sendrecv_DEPENDENCIES) $(EXTRA_sendrecv_DEPENDENCIES) @rm -f sendrecv$(EXEEXT) $(AM_V_CCLD)$(LINK) $(sendrecv_OBJECTS) $(sendrecv_LDADD) $(LIBS) @@ -1828,6 +1916,7 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/10-at-a-time.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/address-scope.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/altsvc.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/anyauthput.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certinfo.Po@am__quote@ # am--include-marker @@ -1879,7 +1968,10 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imap-ssl.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imap-store.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imap-tls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/interface.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipv6.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keepalive.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/localport.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/maxconnects.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multi-app.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multi-debugcallback.Po@am__quote@ # am--include-marker @@ -1888,6 +1980,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multi-legacy.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multi-post.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/multi-single.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/netrc.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parseurl.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/persistent.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pop3-authzid.Po@am__quote@ # am--include-marker @@ -1907,7 +2000,9 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/postit2.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/progressfunc.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protofeats.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/range.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resolve.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rtsp-options.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sendrecv.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sepheaders.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sftpget.Po@am__quote@ # am--include-marker @@ -2093,6 +2188,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ distclean: distclean-am -rm -f ./$(DEPDIR)/10-at-a-time.Po + -rm -f ./$(DEPDIR)/address-scope.Po -rm -f ./$(DEPDIR)/altsvc.Po -rm -f ./$(DEPDIR)/anyauthput.Po -rm -f ./$(DEPDIR)/certinfo.Po @@ -2144,7 +2240,10 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/imap-ssl.Po -rm -f ./$(DEPDIR)/imap-store.Po -rm -f ./$(DEPDIR)/imap-tls.Po + -rm -f ./$(DEPDIR)/interface.Po -rm -f ./$(DEPDIR)/ipv6.Po + -rm -f ./$(DEPDIR)/keepalive.Po + -rm -f ./$(DEPDIR)/localport.Po -rm -f ./$(DEPDIR)/maxconnects.Po -rm -f ./$(DEPDIR)/multi-app.Po -rm -f ./$(DEPDIR)/multi-debugcallback.Po @@ -2153,6 +2252,7 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/multi-legacy.Po -rm -f ./$(DEPDIR)/multi-post.Po -rm -f ./$(DEPDIR)/multi-single.Po + -rm -f ./$(DEPDIR)/netrc.Po -rm -f ./$(DEPDIR)/parseurl.Po -rm -f ./$(DEPDIR)/persistent.Po -rm -f ./$(DEPDIR)/pop3-authzid.Po @@ -2172,7 +2272,9 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/postit2.Po -rm -f ./$(DEPDIR)/progressfunc.Po -rm -f ./$(DEPDIR)/protofeats.Po + -rm -f ./$(DEPDIR)/range.Po -rm -f ./$(DEPDIR)/resolve.Po + -rm -f ./$(DEPDIR)/rtsp-options.Po -rm -f ./$(DEPDIR)/sendrecv.Po -rm -f ./$(DEPDIR)/sepheaders.Po -rm -f ./$(DEPDIR)/sftpget.Po @@ -2241,6 +2343,7 @@ installcheck-am: maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/10-at-a-time.Po + -rm -f ./$(DEPDIR)/address-scope.Po -rm -f ./$(DEPDIR)/altsvc.Po -rm -f ./$(DEPDIR)/anyauthput.Po -rm -f ./$(DEPDIR)/certinfo.Po @@ -2292,7 +2395,10 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/imap-ssl.Po -rm -f ./$(DEPDIR)/imap-store.Po -rm -f ./$(DEPDIR)/imap-tls.Po + -rm -f ./$(DEPDIR)/interface.Po -rm -f ./$(DEPDIR)/ipv6.Po + -rm -f ./$(DEPDIR)/keepalive.Po + -rm -f ./$(DEPDIR)/localport.Po -rm -f ./$(DEPDIR)/maxconnects.Po -rm -f ./$(DEPDIR)/multi-app.Po -rm -f ./$(DEPDIR)/multi-debugcallback.Po @@ -2301,6 +2407,7 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/multi-legacy.Po -rm -f ./$(DEPDIR)/multi-post.Po -rm -f ./$(DEPDIR)/multi-single.Po + -rm -f ./$(DEPDIR)/netrc.Po -rm -f ./$(DEPDIR)/parseurl.Po -rm -f ./$(DEPDIR)/persistent.Po -rm -f ./$(DEPDIR)/pop3-authzid.Po @@ -2320,7 +2427,9 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/postit2.Po -rm -f ./$(DEPDIR)/progressfunc.Po -rm -f ./$(DEPDIR)/protofeats.Po + -rm -f ./$(DEPDIR)/range.Po -rm -f ./$(DEPDIR)/resolve.Po + -rm -f ./$(DEPDIR)/rtsp-options.Po -rm -f ./$(DEPDIR)/sendrecv.Po -rm -f ./$(DEPDIR)/sepheaders.Po -rm -f ./$(DEPDIR)/sftpget.Po diff --git a/docs/libcurl/Makefile.in b/docs/libcurl/Makefile.in index bee39635e..f1f8eaa2b 100644 --- a/docs/libcurl/Makefile.in +++ b/docs/libcurl/Makefile.in @@ -241,7 +241,7 @@ am__recursive_targets = \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ - check recheck distdir distdir-am + distdir distdir-am am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is @@ -259,186 +259,8 @@ am__define_uniq_tagged_files = \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` -am__tty_colors_dummy = \ - mgn= red= grn= lgn= blu= brg= std=; \ - am__color_tests=no -am__tty_colors = { \ - $(am__tty_colors_dummy); \ - if test "X$(AM_COLOR_TESTS)" = Xno; then \ - am__color_tests=no; \ - elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ - am__color_tests=yes; \ - elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ - am__color_tests=yes; \ - fi; \ - if test $$am__color_tests = yes; then \ - red=''; \ - grn=''; \ - lgn=''; \ - blu=''; \ - mgn=''; \ - brg=''; \ - std=''; \ - fi; \ -} -am__recheck_rx = ^[ ]*:recheck:[ ]* -am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -# A command that, given a newline-separated list of test names on the -# standard input, print the name of the tests that are to be re-run -# upon "make recheck". -am__list_recheck_tests = $(AWK) '{ \ - recheck = 1; \ - while ((rc = (getline line < ($$0 ".trs"))) != 0) \ - { \ - if (rc < 0) \ - { \ - if ((getline line2 < ($$0 ".log")) < 0) \ - recheck = 0; \ - break; \ - } \ - else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ - { \ - recheck = 0; \ - break; \ - } \ - else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ - { \ - break; \ - } \ - }; \ - if (recheck) \ - print $$0; \ - close ($$0 ".trs"); \ - close ($$0 ".log"); \ -}' -# A command that, given a newline-separated list of test names on the -# standard input, create the global log from their .trs and .log files. -am__create_global_log = $(AWK) ' \ -function fatal(msg) \ -{ \ - print "fatal: making $@: " msg | "cat >&2"; \ - exit 1; \ -} \ -function rst_section(header) \ -{ \ - print header; \ - len = length(header); \ - for (i = 1; i <= len; i = i + 1) \ - printf "="; \ - printf "\n\n"; \ -} \ -{ \ - copy_in_global_log = 1; \ - global_test_result = "RUN"; \ - while ((rc = (getline line < ($$0 ".trs"))) != 0) \ - { \ - if (rc < 0) \ - fatal("failed to read from " $$0 ".trs"); \ - if (line ~ /$(am__global_test_result_rx)/) \ - { \ - sub("$(am__global_test_result_rx)", "", line); \ - sub("[ ]*$$", "", line); \ - global_test_result = line; \ - } \ - else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ - copy_in_global_log = 0; \ - }; \ - if (copy_in_global_log) \ - { \ - rst_section(global_test_result ": " $$0); \ - while ((rc = (getline line < ($$0 ".log"))) != 0) \ - { \ - if (rc < 0) \ - fatal("failed to read from " $$0 ".log"); \ - print line; \ - }; \ - printf "\n"; \ - }; \ - close ($$0 ".trs"); \ - close ($$0 ".log"); \ -}' -# Restructured Text title. -am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -# Solaris 10 'make', and several other traditional 'make' implementations, -# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -# by disabling -e (using the XSI extension "set +e") if it's set. -am__sh_e_setup = case $$- in *e*) set +e;; esac -# Default flags passed to test drivers. -am__common_driver_flags = \ - --color-tests "$$am__color_tests" \ - --enable-hard-errors "$$am__enable_hard_errors" \ - --expect-failure "$$am__expect_failure" -# To be inserted before the command running the test. Creates the -# directory for the log if needed. Stores in $dir the directory -# containing $f, in $tst the test, in $log the log. Executes the -# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -# will run the test scripts (or their associated LOG_COMPILER, if -# thy have one). -am__check_pre = \ -$(am__sh_e_setup); \ -$(am__vpath_adj_setup) $(am__vpath_adj) \ -$(am__tty_colors); \ -srcdir=$(srcdir); export srcdir; \ -case "$@" in \ - */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ - *) am__odir=.;; \ -esac; \ -test "x$$am__odir" = x"." || test -d "$$am__odir" \ - || $(MKDIR_P) "$$am__odir" || exit $$?; \ -if test -f "./$$f"; then dir=./; \ -elif test -f "$$f"; then dir=; \ -else dir="$(srcdir)/"; fi; \ -tst=$$dir$$f; log='$@'; \ -if test -n '$(DISABLE_HARD_ERRORS)'; then \ - am__enable_hard_errors=no; \ -else \ - am__enable_hard_errors=yes; \ -fi; \ -case " $(XFAIL_TESTS) " in \ - *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ - am__expect_failure=yes;; \ - *) \ - am__expect_failure=no;; \ -esac; \ -$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -# A shell command to get the names of the tests scripts with any registered -# extension removed (i.e., equivalently, the names of the test logs, with -# the '.log' extension removed). The result is saved in the shell variable -# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -# since that might cause problem with VPATH rewrites for suffix-less tests. -# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -am__set_TESTS_bases = \ - bases='$(TEST_LOGS)'; \ - bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ - bases=`echo $$bases` -AM_TESTSUITE_SUMMARY_HEADER = ' for $(PACKAGE_STRING)' -RECHECK_LOGS = $(TEST_LOGS) -TEST_SUITE_LOG = test-suite.log -TEST_EXTENSIONS = @EXEEXT@ .test -LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver -LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -am__set_b = \ - case '$@' in \ - */*) \ - case '$*' in \ - */*) b='$*';; \ - *) b=`echo '$@' | sed 's/\.log$$//'`; \ - esac;; \ - *) \ - b='$*';; \ - esac -am__test_logs1 = $(TESTS:=.log) -am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -TEST_LOGS = $(am__test_logs2:.test.log=.log) -TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver -TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ - $(TEST_LOG_FLAGS) DIST_SUBDIRS = $(SUBDIRS) -am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.inc \ - $(top_srcdir)/test-driver +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.inc DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -537,6 +359,7 @@ HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_OPENSSL_QUIC = @HAVE_OPENSSL_QUIC@ HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ HAVE_PROTO_BSDSOCKET_H = @HAVE_PROTO_BSDSOCKET_H@ HAVE_ZSTD = @HAVE_ZSTD@ @@ -612,10 +435,14 @@ USE_MSH3 = @USE_MSH3@ USE_NGHTTP2 = @USE_NGHTTP2@ USE_NGHTTP3 = @USE_NGHTTP3@ USE_NGTCP2 = @USE_NGTCP2@ +USE_NGTCP2_CRYPTO_BORINGSSL = @USE_NGTCP2_CRYPTO_BORINGSSL@ USE_NGTCP2_CRYPTO_GNUTLS = @USE_NGTCP2_CRYPTO_GNUTLS@ USE_NGTCP2_CRYPTO_QUICTLS = @USE_NGTCP2_CRYPTO_QUICTLS@ USE_NGTCP2_CRYPTO_WOLFSSL = @USE_NGTCP2_CRYPTO_WOLFSSL@ +USE_NGTCP2_H3 = @USE_NGTCP2_H3@ USE_OPENLDAP = @USE_OPENLDAP@ +USE_OPENSSL_H3 = @USE_OPENSSL_H3@ +USE_OPENSSL_QUIC = @USE_OPENSSL_QUIC@ USE_QUICHE = @USE_QUICHE@ USE_RUSTLS = @USE_RUSTLS@ USE_SCHANNEL = @USE_SCHANNEL@ @@ -786,29 +613,24 @@ man_MANS = \ libcurl-ws.3 \ libcurl.3 -man_DISTMANS = $(man_MANS:.3=.3.dist) -HTMLPAGES = $(man_MANS:.3=.html) -PDFPAGES = $(man_MANS:.3=.pdf) +CURLPAGES = $(man_MANS:.3=.md) m4macrodir = $(datadir)/aclocal dist_m4macro_DATA = libcurl.m4 -CLEANFILES = $(HTMLPAGES) $(PDFPAGES) $(TESTS) $(man_DISTMANS) \ - libcurl-symbols.3 - -EXTRA_DIST = $(man_MANS) ABI.md symbols-in-versions symbols.pl \ +CLEANFILES = $(man_MANS) libcurl-symbols.md +nodist_MANS = $(man_MANS) +EXTRA_DIST = $(CURLPAGES) ABI.md symbols-in-versions symbols.pl \ mksymbolsmanpage.pl CMakeLists.txt -MAN2HTML = roffit --mandir=. $< >$@ -SUFFIXES = .3 .html - -# Make sure each option man page is referenced in the main man page -TESTS = check-easy check-multi -LOG_COMPILER = $(PERL) -# The test fails if the log file contains any text -AM_LOG_FLAGS = -p -e 'die "$$_" if ($$_);' +CD2NROFF = $(top_srcdir)/scripts/cd2nroff $< >$@ +CD2 = $(CD2_$(V)) +CD2_0 = @echo " RENDER " $@; +CD2_1 = +CD2_ = $(CD2_0) +SUFFIXES = .3 .md all: all-recursive .SUFFIXES: -.SUFFIXES: .3 .html .log .pdf .test .test$(EXEEXT) .trs +.SUFFIXES: .3 .md $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(srcdir)/Makefile.inc $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ @@ -1008,176 +830,6 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -# Recover from deleted '.trs' file; this should ensure that -# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -# to avoid problems with "make -n". -.log.trs: - rm -f $< $@ - $(MAKE) $(AM_MAKEFLAGS) $< - -# Leading 'am--fnord' is there to ensure the list of targets does not -# expand to empty, as could happen e.g. with make check TESTS=''. -am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -am--force-recheck: - @: - -$(TEST_SUITE_LOG): $(TEST_LOGS) - @$(am__set_TESTS_bases); \ - am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ - redo_bases=`for i in $$bases; do \ - am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ - done`; \ - if test -n "$$redo_bases"; then \ - redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ - redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ - if $(am__make_dryrun); then :; else \ - rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ - fi; \ - if test -n "$$am__remaking_logs"; then \ - echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ - "recursion detected" >&2; \ - elif test -n "$$redo_logs"; then \ - am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ - fi; \ - if $(am__make_dryrun); then :; else \ - st=0; \ - errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ - for i in $$redo_bases; do \ - test -f $$i.trs && test -r $$i.trs \ - || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ - test -f $$i.log && test -r $$i.log \ - || { echo "$$errmsg $$i.log" >&2; st=1; }; \ - done; \ - test $$st -eq 0 || exit 1; \ - fi - @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ - ws='[ ]'; \ - results=`for b in $$bases; do echo $$b.trs; done`; \ - test -n "$$results" || results=/dev/null; \ - all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ - pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ - fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ - skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ - xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ - xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ - error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ - if test `expr $$fail + $$xpass + $$error` -eq 0; then \ - success=true; \ - else \ - success=false; \ - fi; \ - br='==================='; br=$$br$$br$$br$$br; \ - result_count () \ - { \ - if test x"$$1" = x"--maybe-color"; then \ - maybe_colorize=yes; \ - elif test x"$$1" = x"--no-color"; then \ - maybe_colorize=no; \ - else \ - echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ - shift; \ - desc=$$1 count=$$2; \ - if test $$maybe_colorize = yes && test $$count -gt 0; then \ - color_start=$$3 color_end=$$std; \ - else \ - color_start= color_end=; \ - fi; \ - echo "$${color_start}# $$desc $$count$${color_end}"; \ - }; \ - create_testsuite_report () \ - { \ - result_count $$1 "TOTAL:" $$all "$$brg"; \ - result_count $$1 "PASS: " $$pass "$$grn"; \ - result_count $$1 "SKIP: " $$skip "$$blu"; \ - result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ - result_count $$1 "FAIL: " $$fail "$$red"; \ - result_count $$1 "XPASS:" $$xpass "$$red"; \ - result_count $$1 "ERROR:" $$error "$$mgn"; \ - }; \ - { \ - echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ - $(am__rst_title); \ - create_testsuite_report --no-color; \ - echo; \ - echo ".. contents:: :depth: 2"; \ - echo; \ - for b in $$bases; do echo $$b; done \ - | $(am__create_global_log); \ - } >$(TEST_SUITE_LOG).tmp || exit 1; \ - mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ - if $$success; then \ - col="$$grn"; \ - else \ - col="$$red"; \ - test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ - fi; \ - echo "$${col}$$br$${std}"; \ - echo "$${col}Testsuite summary"$(AM_TESTSUITE_SUMMARY_HEADER)"$${std}"; \ - echo "$${col}$$br$${std}"; \ - create_testsuite_report --maybe-color; \ - echo "$$col$$br$$std"; \ - if $$success; then :; else \ - echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ - if test -n "$(PACKAGE_BUGREPORT)"; then \ - echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ - fi; \ - echo "$$col$$br$$std"; \ - fi; \ - $$success || exit 1 - -check-TESTS: - @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list - @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list - @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - @set +e; $(am__set_TESTS_bases); \ - log_list=`for i in $$bases; do echo $$i.log; done`; \ - trs_list=`for i in $$bases; do echo $$i.trs; done`; \ - log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ - $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ - exit $$?; -recheck: all - @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - @set +e; $(am__set_TESTS_bases); \ - bases=`for i in $$bases; do echo $$i; done \ - | $(am__list_recheck_tests)` || exit 1; \ - log_list=`for i in $$bases; do echo $$i.log; done`; \ - log_list=`echo $$log_list`; \ - $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ - am__force_recheck=am--force-recheck \ - TEST_LOGS="$$log_list"; \ - exit $$? -check-easy.log: check-easy - @p='check-easy'; \ - b='check-easy'; \ - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) -check-multi.log: check-multi - @p='check-multi'; \ - b='check-multi'; \ - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) -.test.log: - @p='$<'; \ - $(am__set_b); \ - $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) -@am__EXEEXT_TRUE@.test$(EXEEXT).log: -@am__EXEEXT_TRUE@ @p='$<'; \ -@am__EXEEXT_TRUE@ $(am__set_b); \ -@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am @@ -1237,7 +889,6 @@ distdir-am: $(DISTFILES) fi; \ done check-am: all-am - $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-recursive all-am: Makefile $(MANS) $(DATA) installdirs: installdirs-recursive @@ -1265,9 +916,6 @@ install-strip: "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: - -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) - -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) - -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) @@ -1291,6 +939,8 @@ dvi: dvi-recursive dvi-am: +html: html-recursive + html-am: info: info-recursive @@ -1333,6 +983,8 @@ mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool +pdf: pdf-recursive + pdf-am: ps: ps-recursive @@ -1343,53 +995,31 @@ uninstall-am: uninstall-dist_m4macroDATA uninstall-man uninstall-man: uninstall-man3 -.MAKE: $(am__recursive_targets) check-am install-am install-strip +.MAKE: $(am__recursive_targets) install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ - check-TESTS check-am clean clean-generic clean-libtool \ - cscopelist-am ctags ctags-am distclean distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dist_m4macroDATA install-dvi \ - install-dvi-am install-exec install-exec-am install-html \ - install-html-am install-info install-info-am install-man \ - install-man3 install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs installdirs-am maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am recheck tags tags-am \ - uninstall uninstall-am uninstall-dist_m4macroDATA \ - uninstall-man uninstall-man3 + check-am clean clean-generic clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am \ + install-dist_m4macroDATA install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-man3 \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + installdirs-am maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am tags tags-am uninstall uninstall-am \ + uninstall-dist_m4macroDATA uninstall-man uninstall-man3 .PRECIOUS: Makefile -libcurl-symbols.3: $(srcdir)/symbols-in-versions $(srcdir)/mksymbolsmanpage.pl - perl $(srcdir)/mksymbolsmanpage.pl < $(srcdir)/symbols-in-versions > $@ - -html: $(HTMLPAGES) - cd opts && $(MAKE) html - -.3.html: - $(MAN2HTML) - -pdf: $(PDFPAGES) - cd opts && $(MAKE) pdf - -.3.pdf: - @(foo=`echo $@ | sed -e 's/\.[0-9]$$//g'`; \ - groff -Tps -man $< >$$foo.ps; \ - ps2pdf $$foo.ps $@; \ - rm $$foo.ps; \ - echo "converted $< to $@") - -check-easy: $(srcdir)/curl_easy_setopt.3 $(srcdir)/opts/CURLOPT*.3 - OPTS="$$(ls $(srcdir)/opts/CURLOPT*.3 | $(SED) -e 's,^.*/,,' -e 's,\.3$$,,')" && \ - for opt in $$OPTS; do grep "^\.IP $$opt$$" $(srcdir)/curl_easy_setopt.3 >/dev/null || echo Missing $$opt; done > $@ +libcurl-symbols.md: $(srcdir)/symbols-in-versions $(srcdir)/mksymbolsmanpage.pl + $(CD2)perl $(srcdir)/mksymbolsmanpage.pl < $(srcdir)/symbols-in-versions > $@ -check-multi: $(srcdir)/curl_multi_setopt.3 $(srcdir)/opts/CURLMOPT*.3 - OPTS="$$(ls $(srcdir)/opts/CURLMOPT*.3 | $(SED) -e 's,^.*/,,' -e 's,\.3$$,,')" && \ - for opt in $$OPTS; do grep "^\.IP $$opt$$" $(srcdir)/curl_multi_setopt.3 >/dev/null || echo Missing $$opt; done > $@ +.md.3: + $(CD2)$(CD2NROFF) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/docs/libcurl/opts/Makefile.in b/docs/libcurl/opts/Makefile.in index af2926d1e..fa2b743f4 100644 --- a/docs/libcurl/opts/Makefile.in +++ b/docs/libcurl/opts/Makefile.in @@ -297,6 +297,7 @@ HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_OPENSSL_QUIC = @HAVE_OPENSSL_QUIC@ HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ HAVE_PROTO_BSDSOCKET_H = @HAVE_PROTO_BSDSOCKET_H@ HAVE_ZSTD = @HAVE_ZSTD@ @@ -372,10 +373,14 @@ USE_MSH3 = @USE_MSH3@ USE_NGHTTP2 = @USE_NGHTTP2@ USE_NGHTTP3 = @USE_NGHTTP3@ USE_NGTCP2 = @USE_NGTCP2@ +USE_NGTCP2_CRYPTO_BORINGSSL = @USE_NGTCP2_CRYPTO_BORINGSSL@ USE_NGTCP2_CRYPTO_GNUTLS = @USE_NGTCP2_CRYPTO_GNUTLS@ USE_NGTCP2_CRYPTO_QUICTLS = @USE_NGTCP2_CRYPTO_QUICTLS@ USE_NGTCP2_CRYPTO_WOLFSSL = @USE_NGTCP2_CRYPTO_WOLFSSL@ +USE_NGTCP2_H3 = @USE_NGTCP2_H3@ USE_OPENLDAP = @USE_OPENLDAP@ +USE_OPENSSL_H3 = @USE_OPENSSL_H3@ +USE_OPENSSL_QUIC = @USE_OPENSSL_QUIC@ USE_QUICHE = @USE_QUICHE@ USE_RUSTLS = @USE_RUSTLS@ USE_SCHANNEL = @USE_SCHANNEL@ @@ -488,6 +493,7 @@ man_MANS = \ CURLINFO_PROXY_ERROR.3 \ CURLINFO_PROXY_SSL_VERIFYRESULT.3 \ CURLINFO_PROXYAUTH_AVAIL.3 \ + CURLINFO_QUEUE_TIME_T.3 \ CURLINFO_REDIRECT_COUNT.3 \ CURLINFO_REDIRECT_TIME.3 \ CURLINFO_REDIRECT_TIME_T.3 \ @@ -755,6 +761,7 @@ man_MANS = \ CURLOPT_SEEKDATA.3 \ CURLOPT_SEEKFUNCTION.3 \ CURLOPT_SERVER_RESPONSE_TIMEOUT.3 \ + CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.3 \ CURLOPT_SERVICE_NAME.3 \ CURLOPT_SHARE.3 \ CURLOPT_SOCKOPTDATA.3 \ @@ -844,17 +851,20 @@ man_MANS = \ CURLSHOPT_UNSHARE.3 \ CURLSHOPT_USERDATA.3 -man_DISTMANS = $(man_MANS:.3=.3.dist) -HTMLPAGES = $(man_MANS:.3=.html) -PDFPAGES = $(man_MANS:.3=.pdf) -CLEANFILES = $(HTMLPAGES) $(PDFPAGES) $(man_DISTMANS) -EXTRA_DIST = $(man_MANS) CMakeLists.txt -MAN2HTML = roffit --mandir=. $< >$@ -SUFFIXES = .3 .html +CURLPAGES = $(man_MANS:.3=.md) +CLEANFILES = $(man_MANS) +nodist_MANS = $(man_MANS) +EXTRA_DIST = $(CURLPAGES) CMakeLists.txt +CD2NROFF = $(top_srcdir)/scripts/cd2nroff $< >$@ +CD2 = $(CD2_$(V)) +CD2_0 = @echo " RENDER " $@; +CD2_1 = +CD2_ = $(CD2_0) +SUFFIXES = .3 .md all: all-am .SUFFIXES: -.SUFFIXES: .3 .html .pdf +.SUFFIXES: .3 .md $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(srcdir)/Makefile.inc $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ @@ -1023,6 +1033,8 @@ dvi: dvi-am dvi-am: +html: html-am + html-am: info: info-am @@ -1065,6 +1077,8 @@ mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool +pdf: pdf-am + pdf-am: ps: ps-am @@ -1093,28 +1107,8 @@ uninstall-man: uninstall-man3 .PRECIOUS: Makefile -html: $(HTMLPAGES) - -.3.html: - $(MAN2HTML) - -pdf: $(PDFPAGES) - -.3.pdf: - @(foo=`echo $@ | sed -e 's/\.[0-9]$$//g'`; \ - groff -Tps -man $< >$$foo.ps; \ - ps2pdf $$foo.ps $@; \ - rm $$foo.ps; \ - echo "converted $< to $@") - -mancheck: - @(cd $(top_srcdir)/docs/libcurl/opts && ls `awk -F, '!/OBSOLETE/ && /^ CINIT/ { a=substr($$1, 9); print "CURLOPT_" a ".3"}' $(top_srcdir)/include/curl/curl.h`) - rm -f in_temp - @(for a in $(man_MANS); do echo $$a >>in_temp; done) - sort in_temp > in_makefile - ls CURL*.3 > in_directory - -diff -u in_makefile in_directory - rm in_temp in_directory in_makefile +.md.3: + $(CD2)$(CD2NROFF) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/include/Makefile.in b/include/Makefile.in index b96d63a33..12810e37c 100644 --- a/include/Makefile.in +++ b/include/Makefile.in @@ -276,6 +276,7 @@ HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_OPENSSL_QUIC = @HAVE_OPENSSL_QUIC@ HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ HAVE_PROTO_BSDSOCKET_H = @HAVE_PROTO_BSDSOCKET_H@ HAVE_ZSTD = @HAVE_ZSTD@ @@ -351,10 +352,14 @@ USE_MSH3 = @USE_MSH3@ USE_NGHTTP2 = @USE_NGHTTP2@ USE_NGHTTP3 = @USE_NGHTTP3@ USE_NGTCP2 = @USE_NGTCP2@ +USE_NGTCP2_CRYPTO_BORINGSSL = @USE_NGTCP2_CRYPTO_BORINGSSL@ USE_NGTCP2_CRYPTO_GNUTLS = @USE_NGTCP2_CRYPTO_GNUTLS@ USE_NGTCP2_CRYPTO_QUICTLS = @USE_NGTCP2_CRYPTO_QUICTLS@ USE_NGTCP2_CRYPTO_WOLFSSL = @USE_NGTCP2_CRYPTO_WOLFSSL@ +USE_NGTCP2_H3 = @USE_NGTCP2_H3@ USE_OPENLDAP = @USE_OPENLDAP@ +USE_OPENSSL_H3 = @USE_OPENSSL_H3@ +USE_OPENSSL_QUIC = @USE_OPENSSL_QUIC@ USE_QUICHE = @USE_QUICHE@ USE_RUSTLS = @USE_RUSTLS@ USE_SCHANNEL = @USE_SCHANNEL@ diff --git a/include/curl/Makefile.in b/include/curl/Makefile.in index 548da3461..7aac1c75d 100644 --- a/include/curl/Makefile.in +++ b/include/curl/Makefile.in @@ -263,6 +263,7 @@ HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_OPENSSL_QUIC = @HAVE_OPENSSL_QUIC@ HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ HAVE_PROTO_BSDSOCKET_H = @HAVE_PROTO_BSDSOCKET_H@ HAVE_ZSTD = @HAVE_ZSTD@ @@ -338,10 +339,14 @@ USE_MSH3 = @USE_MSH3@ USE_NGHTTP2 = @USE_NGHTTP2@ USE_NGHTTP3 = @USE_NGHTTP3@ USE_NGTCP2 = @USE_NGTCP2@ +USE_NGTCP2_CRYPTO_BORINGSSL = @USE_NGTCP2_CRYPTO_BORINGSSL@ USE_NGTCP2_CRYPTO_GNUTLS = @USE_NGTCP2_CRYPTO_GNUTLS@ USE_NGTCP2_CRYPTO_QUICTLS = @USE_NGTCP2_CRYPTO_QUICTLS@ USE_NGTCP2_CRYPTO_WOLFSSL = @USE_NGTCP2_CRYPTO_WOLFSSL@ +USE_NGTCP2_H3 = @USE_NGTCP2_H3@ USE_OPENLDAP = @USE_OPENLDAP@ +USE_OPENSSL_H3 = @USE_OPENSSL_H3@ +USE_OPENSSL_QUIC = @USE_OPENSSL_QUIC@ USE_QUICHE = @USE_QUICHE@ USE_RUSTLS = @USE_RUSTLS@ USE_SCHANNEL = @USE_SCHANNEL@ diff --git a/include/curl/curlver.h b/include/curl/curlver.h index bde10fa21..1e660cbf5 100644 --- a/include/curl/curlver.h +++ b/include/curl/curlver.h @@ -32,12 +32,12 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "8.4.0" +#define LIBCURL_VERSION "8.6.0" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 8 -#define LIBCURL_VERSION_MINOR 4 +#define LIBCURL_VERSION_MINOR 6 #define LIBCURL_VERSION_PATCH 0 /* This is the numeric version of the libcurl version number, meant for easier @@ -70,7 +70,7 @@ * * "2007-11-23" */ -#define LIBCURL_TIMESTAMP "2023-10-11" +#define LIBCURL_TIMESTAMP "2024-01-31" #define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z)) #define CURL_AT_LEAST_VERSION(x,y,z) \ diff --git a/lib/Makefile.in b/lib/Makefile.in index 2d4cc3071..6bdf5cf0a 100644 --- a/lib/Makefile.in +++ b/lib/Makefile.in @@ -244,40 +244,42 @@ am__libcurl_la_SOURCES_DIST = altsvc.c amigaos.c asyn-ares.c \ vtls/openssl.c vtls/rustls.c vtls/schannel.c \ vtls/schannel_verify.c vtls/sectransp.c vtls/vtls.c \ vtls/wolfssl.c vtls/x509asn1.c vquic/curl_msh3.c \ - vquic/curl_ngtcp2.c vquic/curl_quiche.c vquic/vquic.c \ - vssh/libssh.c vssh/libssh2.c vssh/wolfssh.c altsvc.h amigaos.h \ - arpa_telnet.h asyn.h bufq.h bufref.h c-hyper.h cf-h1-proxy.h \ - cf-h2-proxy.h cf-haproxy.h cf-https-connect.h cf-socket.h \ - cfilters.h conncache.h connect.h content_encoding.h cookie.h \ - curl_addrinfo.h curl_base64.h curl_ctype.h curl_des.h \ - curl_endian.h curl_fnmatch.h curl_get_line.h \ - curl_gethostname.h curl_gssapi.h curl_hmac.h curl_krb5.h \ - curl_ldap.h curl_md4.h curl_md5.h curl_memory.h curl_memrchr.h \ - curl_multibyte.h curl_ntlm_core.h curl_ntlm_wb.h curl_path.h \ - curl_printf.h curl_range.h curl_rtmp.h curl_sasl.h \ - curl_setup.h curl_setup_once.h curl_sha256.h curl_sspi.h \ - curl_threads.h curl_trc.h curlx.h dict.h doh.h dynbuf.h \ - dynhds.h easy_lock.h easyif.h easyoptions.h escape.h file.h \ - fileinfo.h fopen.h formdata.h ftp.h ftplistparser.h \ - functypes.h getinfo.h gopher.h hash.h headers.h hostip.h \ - hsts.h http.h http1.h http2.h http_aws_sigv4.h http_chunks.h \ - http_digest.h http_negotiate.h http_ntlm.h http_proxy.h idn.h \ - if2ip.h imap.h inet_ntop.h inet_pton.h llist.h macos.h \ - memdebug.h mime.h mqtt.h multihandle.h multiif.h netrc.h \ - nonblock.h noproxy.h parsedate.h pingpong.h pop3.h progress.h \ - psl.h rand.h rename.h rtsp.h select.h sendf.h setopt.h \ - setup-vms.h share.h sigpipe.h slist.h smb.h smtp.h sockaddr.h \ - socketpair.h socks.h speedcheck.h splay.h strcase.h strdup.h \ - strerror.h strtok.h strtoofft.h system_win32.h telnet.h tftp.h \ - timediff.h timeval.h transfer.h url.h urlapi-int.h urldata.h \ + vquic/curl_ngtcp2.c vquic/curl_osslq.c vquic/curl_quiche.c \ + vquic/vquic.c vquic/vquic-tls.c vssh/libssh.c vssh/libssh2.c \ + vssh/wolfssh.c altsvc.h amigaos.h arpa_telnet.h asyn.h bufq.h \ + bufref.h c-hyper.h cf-h1-proxy.h cf-h2-proxy.h cf-haproxy.h \ + cf-https-connect.h cf-socket.h cfilters.h conncache.h \ + connect.h content_encoding.h cookie.h curl_addrinfo.h \ + curl_base64.h curl_ctype.h curl_des.h curl_endian.h \ + curl_fnmatch.h curl_get_line.h curl_gethostname.h \ + curl_gssapi.h curl_hmac.h curl_krb5.h curl_ldap.h curl_md4.h \ + curl_md5.h curl_memory.h curl_memrchr.h curl_multibyte.h \ + curl_ntlm_core.h curl_ntlm_wb.h curl_path.h curl_printf.h \ + curl_range.h curl_rtmp.h curl_sasl.h curl_setup.h \ + curl_setup_once.h curl_sha256.h curl_sspi.h curl_threads.h \ + curl_trc.h curlx.h dict.h doh.h dynbuf.h dynhds.h easy_lock.h \ + easyif.h easyoptions.h escape.h file.h fileinfo.h fopen.h \ + formdata.h ftp.h ftplistparser.h functypes.h getinfo.h \ + gopher.h hash.h headers.h hostip.h hsts.h http.h http1.h \ + http2.h http_aws_sigv4.h http_chunks.h http_digest.h \ + http_negotiate.h http_ntlm.h http_proxy.h idn.h if2ip.h imap.h \ + inet_ntop.h inet_pton.h llist.h macos.h memdebug.h mime.h \ + mqtt.h multihandle.h multiif.h netrc.h nonblock.h noproxy.h \ + parsedate.h pingpong.h pop3.h progress.h psl.h rand.h rename.h \ + rtsp.h select.h sendf.h setopt.h setup-vms.h share.h sigpipe.h \ + slist.h smb.h smtp.h sockaddr.h socketpair.h socks.h \ + speedcheck.h splay.h strcase.h strdup.h strerror.h strtok.h \ + strtoofft.h system_win32.h telnet.h tftp.h timediff.h \ + timeval.h transfer.h url.h urlapi-int.h urldata.h \ version_win32.h warnless.h ws.h vauth/digest.h vauth/ntlm.h \ vauth/vauth.h vtls/bearssl.h vtls/gtls.h vtls/hostcheck.h \ vtls/keylog.h vtls/mbedtls.h vtls/mbedtls_threadlock.h \ vtls/openssl.h vtls/rustls.h vtls/schannel.h \ vtls/schannel_int.h vtls/sectransp.h vtls/vtls.h \ vtls/vtls_int.h vtls/wolfssl.h vtls/x509asn1.h \ - vquic/curl_msh3.h vquic/curl_ngtcp2.h vquic/curl_quiche.h \ - vquic/vquic.h vquic/vquic_int.h vssh/ssh.h libcurl.rc + vquic/curl_msh3.h vquic/curl_ngtcp2.h vquic/curl_osslq.h \ + vquic/curl_quiche.h vquic/vquic.h vquic/vquic_int.h \ + vquic/vquic-tls.h vssh/ssh.h libcurl.rc am__objects_1 = libcurl_la-altsvc.lo libcurl_la-amigaos.lo \ libcurl_la-asyn-ares.lo libcurl_la-asyn-thread.lo \ libcurl_la-base64.lo libcurl_la-bufq.lo libcurl_la-bufref.lo \ @@ -351,8 +353,9 @@ am__objects_3 = vtls/libcurl_la-bearssl.lo vtls/libcurl_la-gtls.lo \ vtls/libcurl_la-sectransp.lo vtls/libcurl_la-vtls.lo \ vtls/libcurl_la-wolfssl.lo vtls/libcurl_la-x509asn1.lo am__objects_4 = vquic/libcurl_la-curl_msh3.lo \ - vquic/libcurl_la-curl_ngtcp2.lo \ - vquic/libcurl_la-curl_quiche.lo vquic/libcurl_la-vquic.lo + vquic/libcurl_la-curl_ngtcp2.lo vquic/libcurl_la-curl_osslq.lo \ + vquic/libcurl_la-curl_quiche.lo vquic/libcurl_la-vquic.lo \ + vquic/libcurl_la-vquic-tls.lo am__objects_5 = vssh/libcurl_la-libssh.lo vssh/libcurl_la-libssh2.lo \ vssh/libcurl_la-wolfssh.lo am__objects_6 = $(am__objects_1) $(am__objects_2) $(am__objects_3) \ @@ -453,7 +456,9 @@ am__objects_13 = vtls/libcurlu_la-bearssl.lo vtls/libcurlu_la-gtls.lo \ vtls/libcurlu_la-wolfssl.lo vtls/libcurlu_la-x509asn1.lo am__objects_14 = vquic/libcurlu_la-curl_msh3.lo \ vquic/libcurlu_la-curl_ngtcp2.lo \ - vquic/libcurlu_la-curl_quiche.lo vquic/libcurlu_la-vquic.lo + vquic/libcurlu_la-curl_osslq.lo \ + vquic/libcurlu_la-curl_quiche.lo vquic/libcurlu_la-vquic.lo \ + vquic/libcurlu_la-vquic-tls.lo am__objects_15 = vssh/libcurlu_la-libssh.lo \ vssh/libcurlu_la-libssh2.lo vssh/libcurlu_la-wolfssh.lo am__objects_16 = $(am__objects_11) $(am__objects_12) $(am__objects_13) \ @@ -763,11 +768,15 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ vauth/$(DEPDIR)/libcurlu_la-vauth.Plo \ vquic/$(DEPDIR)/libcurl_la-curl_msh3.Plo \ vquic/$(DEPDIR)/libcurl_la-curl_ngtcp2.Plo \ + vquic/$(DEPDIR)/libcurl_la-curl_osslq.Plo \ vquic/$(DEPDIR)/libcurl_la-curl_quiche.Plo \ + vquic/$(DEPDIR)/libcurl_la-vquic-tls.Plo \ vquic/$(DEPDIR)/libcurl_la-vquic.Plo \ vquic/$(DEPDIR)/libcurlu_la-curl_msh3.Plo \ vquic/$(DEPDIR)/libcurlu_la-curl_ngtcp2.Plo \ + vquic/$(DEPDIR)/libcurlu_la-curl_osslq.Plo \ vquic/$(DEPDIR)/libcurlu_la-curl_quiche.Plo \ + vquic/$(DEPDIR)/libcurlu_la-vquic-tls.Plo \ vquic/$(DEPDIR)/libcurlu_la-vquic.Plo \ vssh/$(DEPDIR)/libcurl_la-libssh.Plo \ vssh/$(DEPDIR)/libcurl_la-libssh2.Plo \ @@ -926,6 +935,7 @@ HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_OPENSSL_QUIC = @HAVE_OPENSSL_QUIC@ HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ HAVE_PROTO_BSDSOCKET_H = @HAVE_PROTO_BSDSOCKET_H@ HAVE_ZSTD = @HAVE_ZSTD@ @@ -1003,10 +1013,14 @@ USE_MSH3 = @USE_MSH3@ USE_NGHTTP2 = @USE_NGHTTP2@ USE_NGHTTP3 = @USE_NGHTTP3@ USE_NGTCP2 = @USE_NGTCP2@ +USE_NGTCP2_CRYPTO_BORINGSSL = @USE_NGTCP2_CRYPTO_BORINGSSL@ USE_NGTCP2_CRYPTO_GNUTLS = @USE_NGTCP2_CRYPTO_GNUTLS@ USE_NGTCP2_CRYPTO_QUICTLS = @USE_NGTCP2_CRYPTO_QUICTLS@ USE_NGTCP2_CRYPTO_WOLFSSL = @USE_NGTCP2_CRYPTO_WOLFSSL@ +USE_NGTCP2_H3 = @USE_NGTCP2_H3@ USE_OPENLDAP = @USE_OPENLDAP@ +USE_OPENSSL_H3 = @USE_OPENSSL_H3@ +USE_OPENSSL_QUIC = @USE_OPENSSL_QUIC@ USE_QUICHE = @USE_QUICHE@ USE_RUSTLS = @USE_RUSTLS@ USE_SCHANNEL = @USE_SCHANNEL@ @@ -1186,15 +1200,19 @@ LIB_VTLS_HFILES = \ LIB_VQUIC_CFILES = \ vquic/curl_msh3.c \ vquic/curl_ngtcp2.c \ + vquic/curl_osslq.c \ vquic/curl_quiche.c \ - vquic/vquic.c + vquic/vquic.c \ + vquic/vquic-tls.c LIB_VQUIC_HFILES = \ vquic/curl_msh3.h \ vquic/curl_ngtcp2.h \ + vquic/curl_osslq.h \ vquic/curl_quiche.h \ vquic/vquic.h \ - vquic/vquic_int.h + vquic/vquic_int.h \ + vquic/vquic-tls.h LIB_VSSH_CFILES = \ vssh/libssh.c \ @@ -1486,7 +1504,7 @@ libcurl_la_LDFLAGS_EXTRA = $(am__append_1) $(am__append_2) \ $(am__append_3) $(am__append_4) $(am__append_5) libcurl_la_CFLAGS_EXTRA = $(am__append_9) libcurl_la_CPPFLAGS = $(AM_CPPFLAGS) $(libcurl_la_CPPFLAGS_EXTRA) -libcurl_la_LDFLAGS = $(AM_LDFLAGS) $(libcurl_la_LDFLAGS_EXTRA) $(LDFLAGS) $(LIBCURL_LIBS) +libcurl_la_LDFLAGS = $(AM_LDFLAGS) $(libcurl_la_LDFLAGS_EXTRA) $(CURL_LDFLAGS_LIB) $(LIBCURL_LIBS) libcurl_la_CFLAGS = $(AM_CFLAGS) $(libcurl_la_CFLAGS_EXTRA) libcurlu_la_CPPFLAGS = $(AM_CPPFLAGS) -DCURL_STATICLIB -DUNITTESTS libcurlu_la_LDFLAGS = $(AM_LDFLAGS) -static $(LIBCURL_LIBS) @@ -1675,10 +1693,14 @@ vquic/libcurl_la-curl_msh3.lo: vquic/$(am__dirstamp) \ vquic/$(DEPDIR)/$(am__dirstamp) vquic/libcurl_la-curl_ngtcp2.lo: vquic/$(am__dirstamp) \ vquic/$(DEPDIR)/$(am__dirstamp) +vquic/libcurl_la-curl_osslq.lo: vquic/$(am__dirstamp) \ + vquic/$(DEPDIR)/$(am__dirstamp) vquic/libcurl_la-curl_quiche.lo: vquic/$(am__dirstamp) \ vquic/$(DEPDIR)/$(am__dirstamp) vquic/libcurl_la-vquic.lo: vquic/$(am__dirstamp) \ vquic/$(DEPDIR)/$(am__dirstamp) +vquic/libcurl_la-vquic-tls.lo: vquic/$(am__dirstamp) \ + vquic/$(DEPDIR)/$(am__dirstamp) vssh/$(am__dirstamp): @$(MKDIR_P) vssh @: > vssh/$(am__dirstamp) @@ -1752,10 +1774,14 @@ vquic/libcurlu_la-curl_msh3.lo: vquic/$(am__dirstamp) \ vquic/$(DEPDIR)/$(am__dirstamp) vquic/libcurlu_la-curl_ngtcp2.lo: vquic/$(am__dirstamp) \ vquic/$(DEPDIR)/$(am__dirstamp) +vquic/libcurlu_la-curl_osslq.lo: vquic/$(am__dirstamp) \ + vquic/$(DEPDIR)/$(am__dirstamp) vquic/libcurlu_la-curl_quiche.lo: vquic/$(am__dirstamp) \ vquic/$(DEPDIR)/$(am__dirstamp) vquic/libcurlu_la-vquic.lo: vquic/$(am__dirstamp) \ vquic/$(DEPDIR)/$(am__dirstamp) +vquic/libcurlu_la-vquic-tls.lo: vquic/$(am__dirstamp) \ + vquic/$(DEPDIR)/$(am__dirstamp) vssh/libcurlu_la-libssh.lo: vssh/$(am__dirstamp) \ vssh/$(DEPDIR)/$(am__dirstamp) vssh/libcurlu_la-libssh2.lo: vssh/$(am__dirstamp) \ @@ -2068,11 +2094,15 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@vauth/$(DEPDIR)/libcurlu_la-vauth.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurl_la-curl_msh3.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurl_la-curl_ngtcp2.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurl_la-curl_osslq.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurl_la-curl_quiche.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurl_la-vquic-tls.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurl_la-vquic.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurlu_la-curl_msh3.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurlu_la-curl_ngtcp2.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurlu_la-curl_osslq.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurlu_la-curl_quiche.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurlu_la-vquic-tls.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vquic/$(DEPDIR)/libcurlu_la-vquic.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vssh/$(DEPDIR)/libcurl_la-libssh.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vssh/$(DEPDIR)/libcurl_la-libssh2.Plo@am__quote@ # am--include-marker @@ -3252,6 +3282,13 @@ vquic/libcurl_la-curl_ngtcp2.lo: vquic/curl_ngtcp2.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vquic/libcurl_la-curl_ngtcp2.lo `test -f 'vquic/curl_ngtcp2.c' || echo '$(srcdir)/'`vquic/curl_ngtcp2.c +vquic/libcurl_la-curl_osslq.lo: vquic/curl_osslq.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vquic/libcurl_la-curl_osslq.lo -MD -MP -MF vquic/$(DEPDIR)/libcurl_la-curl_osslq.Tpo -c -o vquic/libcurl_la-curl_osslq.lo `test -f 'vquic/curl_osslq.c' || echo '$(srcdir)/'`vquic/curl_osslq.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vquic/$(DEPDIR)/libcurl_la-curl_osslq.Tpo vquic/$(DEPDIR)/libcurl_la-curl_osslq.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vquic/curl_osslq.c' object='vquic/libcurl_la-curl_osslq.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vquic/libcurl_la-curl_osslq.lo `test -f 'vquic/curl_osslq.c' || echo '$(srcdir)/'`vquic/curl_osslq.c + vquic/libcurl_la-curl_quiche.lo: vquic/curl_quiche.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vquic/libcurl_la-curl_quiche.lo -MD -MP -MF vquic/$(DEPDIR)/libcurl_la-curl_quiche.Tpo -c -o vquic/libcurl_la-curl_quiche.lo `test -f 'vquic/curl_quiche.c' || echo '$(srcdir)/'`vquic/curl_quiche.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vquic/$(DEPDIR)/libcurl_la-curl_quiche.Tpo vquic/$(DEPDIR)/libcurl_la-curl_quiche.Plo @@ -3266,6 +3303,13 @@ vquic/libcurl_la-vquic.lo: vquic/vquic.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vquic/libcurl_la-vquic.lo `test -f 'vquic/vquic.c' || echo '$(srcdir)/'`vquic/vquic.c +vquic/libcurl_la-vquic-tls.lo: vquic/vquic-tls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vquic/libcurl_la-vquic-tls.lo -MD -MP -MF vquic/$(DEPDIR)/libcurl_la-vquic-tls.Tpo -c -o vquic/libcurl_la-vquic-tls.lo `test -f 'vquic/vquic-tls.c' || echo '$(srcdir)/'`vquic/vquic-tls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vquic/$(DEPDIR)/libcurl_la-vquic-tls.Tpo vquic/$(DEPDIR)/libcurl_la-vquic-tls.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vquic/vquic-tls.c' object='vquic/libcurl_la-vquic-tls.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vquic/libcurl_la-vquic-tls.lo `test -f 'vquic/vquic-tls.c' || echo '$(srcdir)/'`vquic/vquic-tls.c + vssh/libcurl_la-libssh.lo: vssh/libssh.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vssh/libcurl_la-libssh.lo -MD -MP -MF vssh/$(DEPDIR)/libcurl_la-libssh.Tpo -c -o vssh/libcurl_la-libssh.lo `test -f 'vssh/libssh.c' || echo '$(srcdir)/'`vssh/libssh.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vssh/$(DEPDIR)/libcurl_la-libssh.Tpo vssh/$(DEPDIR)/libcurl_la-libssh.Plo @@ -4400,6 +4444,13 @@ vquic/libcurlu_la-curl_ngtcp2.lo: vquic/curl_ngtcp2.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vquic/libcurlu_la-curl_ngtcp2.lo `test -f 'vquic/curl_ngtcp2.c' || echo '$(srcdir)/'`vquic/curl_ngtcp2.c +vquic/libcurlu_la-curl_osslq.lo: vquic/curl_osslq.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vquic/libcurlu_la-curl_osslq.lo -MD -MP -MF vquic/$(DEPDIR)/libcurlu_la-curl_osslq.Tpo -c -o vquic/libcurlu_la-curl_osslq.lo `test -f 'vquic/curl_osslq.c' || echo '$(srcdir)/'`vquic/curl_osslq.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vquic/$(DEPDIR)/libcurlu_la-curl_osslq.Tpo vquic/$(DEPDIR)/libcurlu_la-curl_osslq.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vquic/curl_osslq.c' object='vquic/libcurlu_la-curl_osslq.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vquic/libcurlu_la-curl_osslq.lo `test -f 'vquic/curl_osslq.c' || echo '$(srcdir)/'`vquic/curl_osslq.c + vquic/libcurlu_la-curl_quiche.lo: vquic/curl_quiche.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vquic/libcurlu_la-curl_quiche.lo -MD -MP -MF vquic/$(DEPDIR)/libcurlu_la-curl_quiche.Tpo -c -o vquic/libcurlu_la-curl_quiche.lo `test -f 'vquic/curl_quiche.c' || echo '$(srcdir)/'`vquic/curl_quiche.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vquic/$(DEPDIR)/libcurlu_la-curl_quiche.Tpo vquic/$(DEPDIR)/libcurlu_la-curl_quiche.Plo @@ -4414,6 +4465,13 @@ vquic/libcurlu_la-vquic.lo: vquic/vquic.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vquic/libcurlu_la-vquic.lo `test -f 'vquic/vquic.c' || echo '$(srcdir)/'`vquic/vquic.c +vquic/libcurlu_la-vquic-tls.lo: vquic/vquic-tls.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vquic/libcurlu_la-vquic-tls.lo -MD -MP -MF vquic/$(DEPDIR)/libcurlu_la-vquic-tls.Tpo -c -o vquic/libcurlu_la-vquic-tls.lo `test -f 'vquic/vquic-tls.c' || echo '$(srcdir)/'`vquic/vquic-tls.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vquic/$(DEPDIR)/libcurlu_la-vquic-tls.Tpo vquic/$(DEPDIR)/libcurlu_la-vquic-tls.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vquic/vquic-tls.c' object='vquic/libcurlu_la-vquic-tls.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vquic/libcurlu_la-vquic-tls.lo `test -f 'vquic/vquic-tls.c' || echo '$(srcdir)/'`vquic/vquic-tls.c + vssh/libcurlu_la-libssh.lo: vssh/libssh.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vssh/libcurlu_la-libssh.lo -MD -MP -MF vssh/$(DEPDIR)/libcurlu_la-libssh.Tpo -c -o vssh/libcurlu_la-libssh.lo `test -f 'vssh/libssh.c' || echo '$(srcdir)/'`vssh/libssh.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vssh/$(DEPDIR)/libcurlu_la-libssh.Tpo vssh/$(DEPDIR)/libcurlu_la-libssh.Plo @@ -4869,11 +4927,15 @@ distclean: distclean-am -rm -f vauth/$(DEPDIR)/libcurlu_la-vauth.Plo -rm -f vquic/$(DEPDIR)/libcurl_la-curl_msh3.Plo -rm -f vquic/$(DEPDIR)/libcurl_la-curl_ngtcp2.Plo + -rm -f vquic/$(DEPDIR)/libcurl_la-curl_osslq.Plo -rm -f vquic/$(DEPDIR)/libcurl_la-curl_quiche.Plo + -rm -f vquic/$(DEPDIR)/libcurl_la-vquic-tls.Plo -rm -f vquic/$(DEPDIR)/libcurl_la-vquic.Plo -rm -f vquic/$(DEPDIR)/libcurlu_la-curl_msh3.Plo -rm -f vquic/$(DEPDIR)/libcurlu_la-curl_ngtcp2.Plo + -rm -f vquic/$(DEPDIR)/libcurlu_la-curl_osslq.Plo -rm -f vquic/$(DEPDIR)/libcurlu_la-curl_quiche.Plo + -rm -f vquic/$(DEPDIR)/libcurlu_la-vquic-tls.Plo -rm -f vquic/$(DEPDIR)/libcurlu_la-vquic.Plo -rm -f vssh/$(DEPDIR)/libcurl_la-libssh.Plo -rm -f vssh/$(DEPDIR)/libcurl_la-libssh2.Plo @@ -5242,11 +5304,15 @@ maintainer-clean: maintainer-clean-am -rm -f vauth/$(DEPDIR)/libcurlu_la-vauth.Plo -rm -f vquic/$(DEPDIR)/libcurl_la-curl_msh3.Plo -rm -f vquic/$(DEPDIR)/libcurl_la-curl_ngtcp2.Plo + -rm -f vquic/$(DEPDIR)/libcurl_la-curl_osslq.Plo -rm -f vquic/$(DEPDIR)/libcurl_la-curl_quiche.Plo + -rm -f vquic/$(DEPDIR)/libcurl_la-vquic-tls.Plo -rm -f vquic/$(DEPDIR)/libcurl_la-vquic.Plo -rm -f vquic/$(DEPDIR)/libcurlu_la-curl_msh3.Plo -rm -f vquic/$(DEPDIR)/libcurlu_la-curl_ngtcp2.Plo + -rm -f vquic/$(DEPDIR)/libcurlu_la-curl_osslq.Plo -rm -f vquic/$(DEPDIR)/libcurlu_la-curl_quiche.Plo + -rm -f vquic/$(DEPDIR)/libcurlu_la-vquic-tls.Plo -rm -f vquic/$(DEPDIR)/libcurlu_la-vquic.Plo -rm -f vssh/$(DEPDIR)/libcurl_la-libssh.Plo -rm -f vssh/$(DEPDIR)/libcurl_la-libssh2.Plo diff --git a/lib/curl_config.h.in b/lib/curl_config.h.in index 4037b3aae..617724ef6 100644 --- a/lib/curl_config.h.in +++ b/lib/curl_config.h.in @@ -199,6 +199,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_CRYPTO_H +/* Define to 1 if you have the fseeko declaration */ +#undef HAVE_DECL_FSEEKO + /* Define to 1 if you have the declaration of `getpwuid_r', and to 0 if you don't. */ #undef HAVE_DECL_GETPWUID_R @@ -212,9 +215,6 @@ /* Define to 1 if you have the header file. */ #undef HAVE_ERR_H -/* Define to 1 if you have the `fchmod' function. */ -#undef HAVE_FCHMOD - /* Define to 1 if you have the fcntl function. */ #undef HAVE_FCNTL @@ -323,12 +323,6 @@ /* if you have GNU GSS */ #undef HAVE_GSSGNU -/* if you have Heimdal */ -#undef HAVE_GSSHEIMDAL - -/* if you have MIT Kerberos */ -#undef HAVE_GSSMIT - /* Define to 1 if you have the header file. */ #undef HAVE_HYPER_H @@ -493,6 +487,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_PEM_H +/* if you have the functions OSSL_QUIC_client_method */ +#undef HAVE_OPENSSL_QUIC + /* Define to 1 if you have the header file. */ #undef HAVE_OPENSSL_RSA_H @@ -602,6 +599,10 @@ /* Define to 1 if you have the `SSL_set0_wbio' function. */ #undef HAVE_SSL_SET0_WBIO +/* Define to 1 if you have the `SSL_set_quic_use_legacy_codepoint' function. + */ +#undef HAVE_SSL_SET_QUIC_USE_LEGACY_CODEPOINT + /* Define to 1 if you have the header file. */ #undef HAVE_STDATOMIC_H @@ -722,18 +723,6 @@ /* Define to 1 if you have the header file. */ #undef HAVE_UTIME_H -/* Define to 1 if compiler supports C99 variadic macro style. */ -#undef HAVE_VARIADIC_MACROS_C99 - -/* Define to 1 if compiler supports old gcc variadic macro style. */ -#undef HAVE_VARIADIC_MACROS_GCC - -/* Define to 1 if you have the windows.h header file. */ -#undef HAVE_WINDOWS_H - -/* Define to 1 if you have the winsock2.h header file. */ -#undef HAVE_WINSOCK2_H - /* Define to 1 if you have the header file. */ #undef HAVE_WOLFSSH_SSH_H @@ -752,9 +741,6 @@ /* Define this symbol if your OS supports changing the contents of argv */ #undef HAVE_WRITABLE_ARGV -/* Define to 1 if you have the ws2tcpip.h header file. */ -#undef HAVE_WS2TCPIP_H - /* Define to 1 if you have the header file. */ #undef HAVE_X509_H @@ -892,6 +878,9 @@ /* if ngtcp2 is in use */ #undef USE_NGTCP2 +/* if ngtcp2_crypto_boringssl is in use */ +#undef USE_NGTCP2_CRYPTO_BORINGSSL + /* if ngtcp2_crypto_gnutls is in use */ #undef USE_NGTCP2_CRYPTO_GNUTLS @@ -901,12 +890,21 @@ /* if ngtcp2_crypto_wolfssl is in use */ #undef USE_NGTCP2_CRYPTO_WOLFSSL +/* if ngtcp2 + nghttp3 is in use */ +#undef USE_NGTCP2_H3 + /* Use OpenLDAP-specific code */ #undef USE_OPENLDAP /* if OpenSSL is in use */ #undef USE_OPENSSL +/* if openssl quic + nghttp3 is in use */ +#undef USE_OPENSSL_H3 + +/* if openssl QUIC is in use */ +#undef USE_OPENSSL_QUIC + /* if quiche is in use */ #undef USE_QUICHE diff --git a/lib/libcurl.plist b/lib/libcurl.plist index 00597b9dd..363e76d2d 100644 --- a/lib/libcurl.plist +++ b/lib/libcurl.plist @@ -15,7 +15,7 @@ se.curl.libcurl CFBundleVersion - 8.4.0 + 8.6.0 CFBundleName libcurl @@ -27,9 +27,9 @@ ???? CFBundleShortVersionString - libcurl 8.4.0 + libcurl 8.6.0 CFBundleGetInfoString - libcurl.plist 8.4.0 + libcurl.plist 8.6.0 diff --git a/packages/Makefile.in b/packages/Makefile.in index fdbcda62b..c15b6213f 100644 --- a/packages/Makefile.in +++ b/packages/Makefile.in @@ -274,6 +274,7 @@ HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_OPENSSL_QUIC = @HAVE_OPENSSL_QUIC@ HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ HAVE_PROTO_BSDSOCKET_H = @HAVE_PROTO_BSDSOCKET_H@ HAVE_ZSTD = @HAVE_ZSTD@ @@ -349,10 +350,14 @@ USE_MSH3 = @USE_MSH3@ USE_NGHTTP2 = @USE_NGHTTP2@ USE_NGHTTP3 = @USE_NGHTTP3@ USE_NGTCP2 = @USE_NGTCP2@ +USE_NGTCP2_CRYPTO_BORINGSSL = @USE_NGTCP2_CRYPTO_BORINGSSL@ USE_NGTCP2_CRYPTO_GNUTLS = @USE_NGTCP2_CRYPTO_GNUTLS@ USE_NGTCP2_CRYPTO_QUICTLS = @USE_NGTCP2_CRYPTO_QUICTLS@ USE_NGTCP2_CRYPTO_WOLFSSL = @USE_NGTCP2_CRYPTO_WOLFSSL@ +USE_NGTCP2_H3 = @USE_NGTCP2_H3@ USE_OPENLDAP = @USE_OPENLDAP@ +USE_OPENSSL_H3 = @USE_OPENSSL_H3@ +USE_OPENSSL_QUIC = @USE_OPENSSL_QUIC@ USE_QUICHE = @USE_QUICHE@ USE_RUSTLS = @USE_RUSTLS@ USE_SCHANNEL = @USE_SCHANNEL@ diff --git a/packages/vms/Makefile.in b/packages/vms/Makefile.in index 344cbac03..fbba71d83 100644 --- a/packages/vms/Makefile.in +++ b/packages/vms/Makefile.in @@ -216,6 +216,7 @@ HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_OPENSSL_QUIC = @HAVE_OPENSSL_QUIC@ HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ HAVE_PROTO_BSDSOCKET_H = @HAVE_PROTO_BSDSOCKET_H@ HAVE_ZSTD = @HAVE_ZSTD@ @@ -291,10 +292,14 @@ USE_MSH3 = @USE_MSH3@ USE_NGHTTP2 = @USE_NGHTTP2@ USE_NGHTTP3 = @USE_NGHTTP3@ USE_NGTCP2 = @USE_NGTCP2@ +USE_NGTCP2_CRYPTO_BORINGSSL = @USE_NGTCP2_CRYPTO_BORINGSSL@ USE_NGTCP2_CRYPTO_GNUTLS = @USE_NGTCP2_CRYPTO_GNUTLS@ USE_NGTCP2_CRYPTO_QUICTLS = @USE_NGTCP2_CRYPTO_QUICTLS@ USE_NGTCP2_CRYPTO_WOLFSSL = @USE_NGTCP2_CRYPTO_WOLFSSL@ +USE_NGTCP2_H3 = @USE_NGTCP2_H3@ USE_OPENLDAP = @USE_OPENLDAP@ +USE_OPENSSL_H3 = @USE_OPENSSL_H3@ +USE_OPENSSL_QUIC = @USE_OPENSSL_QUIC@ USE_QUICHE = @USE_QUICHE@ USE_RUSTLS = @USE_RUSTLS@ USE_SCHANNEL = @USE_SCHANNEL@ diff --git a/scripts/Makefile.in b/scripts/Makefile.in index cc87f5f99..adc8775e6 100644 --- a/scripts/Makefile.in +++ b/scripts/Makefile.in @@ -240,6 +240,7 @@ HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_OPENSSL_QUIC = @HAVE_OPENSSL_QUIC@ HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ HAVE_PROTO_BSDSOCKET_H = @HAVE_PROTO_BSDSOCKET_H@ HAVE_ZSTD = @HAVE_ZSTD@ @@ -315,10 +316,14 @@ USE_MSH3 = @USE_MSH3@ USE_NGHTTP2 = @USE_NGHTTP2@ USE_NGHTTP3 = @USE_NGHTTP3@ USE_NGTCP2 = @USE_NGTCP2@ +USE_NGTCP2_CRYPTO_BORINGSSL = @USE_NGTCP2_CRYPTO_BORINGSSL@ USE_NGTCP2_CRYPTO_GNUTLS = @USE_NGTCP2_CRYPTO_GNUTLS@ USE_NGTCP2_CRYPTO_QUICTLS = @USE_NGTCP2_CRYPTO_QUICTLS@ USE_NGTCP2_CRYPTO_WOLFSSL = @USE_NGTCP2_CRYPTO_WOLFSSL@ +USE_NGTCP2_H3 = @USE_NGTCP2_H3@ USE_OPENLDAP = @USE_OPENLDAP@ +USE_OPENSSL_H3 = @USE_OPENSSL_H3@ +USE_OPENSSL_QUIC = @USE_OPENSSL_QUIC@ USE_QUICHE = @USE_QUICHE@ USE_RUSTLS = @USE_RUSTLS@ USE_SCHANNEL = @USE_SCHANNEL@ @@ -388,8 +393,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -EXTRA_DIST = updatemanpages.pl coverage.sh completion.pl firefox-db2pem.sh \ - checksrc.pl mk-ca-bundle.pl +EXTRA_DIST = coverage.sh completion.pl firefox-db2pem.sh checksrc.pl \ + mk-ca-bundle.pl schemetable.c cd2nroff nroff2cd cdall cd2cd ZSH_COMPLETION_FUNCTION_FILENAME = _curl FISH_COMPLETION_FUNCTION_FILENAME = curl.fish diff --git a/src/Makefile.in b/src/Makefile.in index b44afd62a..bf2ef6891 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -168,12 +168,12 @@ am__libcurltool_la_SOURCES_DIST = slist_wc.c tool_binmode.c \ tool_dirhie.c tool_doswin.c tool_easysrc.c tool_filetime.c \ tool_findfile.c tool_formparse.c tool_getparam.c \ tool_getpass.c tool_help.c tool_helpers.c tool_hugehelp.c \ - tool_libinfo.c tool_listhelp.c tool_main.c tool_msgs.c \ - tool_operate.c tool_operhlp.c tool_paramhlp.c tool_parsecfg.c \ - tool_progress.c tool_setopt.c tool_sleep.c tool_stderr.c \ - tool_strdup.c tool_urlglob.c tool_util.c tool_vms.c \ - tool_writeout.c tool_writeout_json.c tool_xattr.c var.c \ - ../lib/base64.c ../lib/curl_multibyte.c ../lib/dynbuf.c \ + tool_ipfs.c tool_libinfo.c tool_listhelp.c tool_main.c \ + tool_msgs.c tool_operate.c tool_operhlp.c tool_paramhlp.c \ + tool_parsecfg.c tool_progress.c tool_setopt.c tool_sleep.c \ + tool_stderr.c tool_strdup.c tool_urlglob.c tool_util.c \ + tool_vms.c tool_writeout.c tool_writeout_json.c tool_xattr.c \ + var.c ../lib/base64.c ../lib/curl_multibyte.c ../lib/dynbuf.c \ ../lib/nonblock.c ../lib/strtoofft.c ../lib/timediff.c \ ../lib/version_win32.c ../lib/warnless.c slist_wc.h \ tool_binmode.h tool_bname.h tool_cb_dbg.h tool_cb_hdr.h \ @@ -181,12 +181,12 @@ am__libcurltool_la_SOURCES_DIST = slist_wc.c tool_binmode.c \ tool_cfgable.h tool_dirhie.h tool_doswin.h tool_easysrc.h \ tool_filetime.h tool_findfile.h tool_formparse.h \ tool_getparam.h tool_getpass.h tool_help.h tool_helpers.h \ - tool_hugehelp.h tool_libinfo.h tool_main.h tool_msgs.h \ - tool_operate.h tool_operhlp.h tool_paramhlp.h tool_parsecfg.h \ - tool_progress.h tool_sdecls.h tool_setopt.h tool_setup.h \ - tool_sleep.h tool_stderr.h tool_strdup.h tool_urlglob.h \ - tool_util.h tool_version.h tool_vms.h tool_writeout.h \ - tool_writeout_json.h tool_xattr.h var.h + tool_hugehelp.h tool_ipfs.h tool_libinfo.h tool_main.h \ + tool_msgs.h tool_operate.h tool_operhlp.h tool_paramhlp.h \ + tool_parsecfg.h tool_progress.h tool_sdecls.h tool_setopt.h \ + tool_setup.h tool_sleep.h tool_stderr.h tool_strdup.h \ + tool_urlglob.h tool_util.h tool_version.h tool_vms.h \ + tool_writeout.h tool_writeout_json.h tool_xattr.h var.h am__objects_1 = libcurltool_la-slist_wc.lo \ libcurltool_la-tool_binmode.lo libcurltool_la-tool_bname.lo \ libcurltool_la-tool_cb_dbg.lo libcurltool_la-tool_cb_hdr.lo \ @@ -199,10 +199,11 @@ am__objects_1 = libcurltool_la-slist_wc.lo \ libcurltool_la-tool_formparse.lo \ libcurltool_la-tool_getparam.lo libcurltool_la-tool_getpass.lo \ libcurltool_la-tool_help.lo libcurltool_la-tool_helpers.lo \ - libcurltool_la-tool_hugehelp.lo libcurltool_la-tool_libinfo.lo \ - libcurltool_la-tool_listhelp.lo libcurltool_la-tool_main.lo \ - libcurltool_la-tool_msgs.lo libcurltool_la-tool_operate.lo \ - libcurltool_la-tool_operhlp.lo libcurltool_la-tool_paramhlp.lo \ + libcurltool_la-tool_hugehelp.lo libcurltool_la-tool_ipfs.lo \ + libcurltool_la-tool_libinfo.lo libcurltool_la-tool_listhelp.lo \ + libcurltool_la-tool_main.lo libcurltool_la-tool_msgs.lo \ + libcurltool_la-tool_operate.lo libcurltool_la-tool_operhlp.lo \ + libcurltool_la-tool_paramhlp.lo \ libcurltool_la-tool_parsecfg.lo \ libcurltool_la-tool_progress.lo libcurltool_la-tool_setopt.lo \ libcurltool_la-tool_sleep.lo libcurltool_la-tool_stderr.lo \ @@ -238,26 +239,26 @@ am__curl_SOURCES_DIST = slist_wc.c tool_binmode.c tool_bname.c \ tool_cb_see.c tool_cb_wrt.c tool_cfgable.c tool_dirhie.c \ tool_doswin.c tool_easysrc.c tool_filetime.c tool_findfile.c \ tool_formparse.c tool_getparam.c tool_getpass.c tool_help.c \ - tool_helpers.c tool_hugehelp.c tool_libinfo.c tool_listhelp.c \ - tool_main.c tool_msgs.c tool_operate.c tool_operhlp.c \ - tool_paramhlp.c tool_parsecfg.c tool_progress.c tool_setopt.c \ - tool_sleep.c tool_stderr.c tool_strdup.c tool_urlglob.c \ - tool_util.c tool_vms.c tool_writeout.c tool_writeout_json.c \ - tool_xattr.c var.c ../lib/base64.c ../lib/curl_multibyte.c \ - ../lib/dynbuf.c ../lib/nonblock.c ../lib/strtoofft.c \ - ../lib/timediff.c ../lib/version_win32.c ../lib/warnless.c \ - slist_wc.h tool_binmode.h tool_bname.h tool_cb_dbg.h \ - tool_cb_hdr.h tool_cb_prg.h tool_cb_rea.h tool_cb_see.h \ - tool_cb_wrt.h tool_cfgable.h tool_dirhie.h tool_doswin.h \ - tool_easysrc.h tool_filetime.h tool_findfile.h \ + tool_helpers.c tool_hugehelp.c tool_ipfs.c tool_libinfo.c \ + tool_listhelp.c tool_main.c tool_msgs.c tool_operate.c \ + tool_operhlp.c tool_paramhlp.c tool_parsecfg.c tool_progress.c \ + tool_setopt.c tool_sleep.c tool_stderr.c tool_strdup.c \ + tool_urlglob.c tool_util.c tool_vms.c tool_writeout.c \ + tool_writeout_json.c tool_xattr.c var.c ../lib/base64.c \ + ../lib/curl_multibyte.c ../lib/dynbuf.c ../lib/nonblock.c \ + ../lib/strtoofft.c ../lib/timediff.c ../lib/version_win32.c \ + ../lib/warnless.c slist_wc.h tool_binmode.h tool_bname.h \ + tool_cb_dbg.h tool_cb_hdr.h tool_cb_prg.h tool_cb_rea.h \ + tool_cb_see.h tool_cb_wrt.h tool_cfgable.h tool_dirhie.h \ + tool_doswin.h tool_easysrc.h tool_filetime.h tool_findfile.h \ tool_formparse.h tool_getparam.h tool_getpass.h tool_help.h \ - tool_helpers.h tool_hugehelp.h tool_libinfo.h tool_main.h \ - tool_msgs.h tool_operate.h tool_operhlp.h tool_paramhlp.h \ - tool_parsecfg.h tool_progress.h tool_sdecls.h tool_setopt.h \ - tool_setup.h tool_sleep.h tool_stderr.h tool_strdup.h \ - tool_urlglob.h tool_util.h tool_version.h tool_vms.h \ - tool_writeout.h tool_writeout_json.h tool_xattr.h var.h \ - curl.rc + tool_helpers.h tool_hugehelp.h tool_ipfs.h tool_libinfo.h \ + tool_main.h tool_msgs.h tool_operate.h tool_operhlp.h \ + tool_paramhlp.h tool_parsecfg.h tool_progress.h tool_sdecls.h \ + tool_setopt.h tool_setup.h tool_sleep.h tool_stderr.h \ + tool_strdup.h tool_urlglob.h tool_util.h tool_version.h \ + tool_vms.h tool_writeout.h tool_writeout_json.h tool_xattr.h \ + var.h curl.rc am__objects_5 = slist_wc.$(OBJEXT) tool_binmode.$(OBJEXT) \ tool_bname.$(OBJEXT) tool_cb_dbg.$(OBJEXT) \ tool_cb_hdr.$(OBJEXT) tool_cb_prg.$(OBJEXT) \ @@ -268,9 +269,9 @@ am__objects_5 = slist_wc.$(OBJEXT) tool_binmode.$(OBJEXT) \ tool_findfile.$(OBJEXT) tool_formparse.$(OBJEXT) \ tool_getparam.$(OBJEXT) tool_getpass.$(OBJEXT) \ tool_help.$(OBJEXT) tool_helpers.$(OBJEXT) \ - tool_hugehelp.$(OBJEXT) tool_libinfo.$(OBJEXT) \ - tool_listhelp.$(OBJEXT) tool_main.$(OBJEXT) \ - tool_msgs.$(OBJEXT) tool_operate.$(OBJEXT) \ + tool_hugehelp.$(OBJEXT) tool_ipfs.$(OBJEXT) \ + tool_libinfo.$(OBJEXT) tool_listhelp.$(OBJEXT) \ + tool_main.$(OBJEXT) tool_msgs.$(OBJEXT) tool_operate.$(OBJEXT) \ tool_operhlp.$(OBJEXT) tool_paramhlp.$(OBJEXT) \ tool_parsecfg.$(OBJEXT) tool_progress.$(OBJEXT) \ tool_setopt.$(OBJEXT) tool_sleep.$(OBJEXT) \ @@ -292,6 +293,9 @@ curl_OBJECTS = $(am_curl_OBJECTS) @USE_EXPLICIT_LIB_DEPS_FALSE@ $(top_builddir)/lib/libcurl.la @USE_EXPLICIT_LIB_DEPS_TRUE@curl_DEPENDENCIES = \ @USE_EXPLICIT_LIB_DEPS_TRUE@ $(top_builddir)/lib/libcurl.la +curl_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(curl_LDFLAGS) $(LDFLAGS) -o $@ AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -341,6 +345,7 @@ am__depfiles_remade = ../lib/$(DEPDIR)/base64.Po \ ./$(DEPDIR)/libcurltool_la-tool_help.Plo \ ./$(DEPDIR)/libcurltool_la-tool_helpers.Plo \ ./$(DEPDIR)/libcurltool_la-tool_hugehelp.Plo \ + ./$(DEPDIR)/libcurltool_la-tool_ipfs.Plo \ ./$(DEPDIR)/libcurltool_la-tool_libinfo.Plo \ ./$(DEPDIR)/libcurltool_la-tool_listhelp.Plo \ ./$(DEPDIR)/libcurltool_la-tool_main.Plo \ @@ -371,16 +376,17 @@ am__depfiles_remade = ../lib/$(DEPDIR)/base64.Po \ ./$(DEPDIR)/tool_formparse.Po ./$(DEPDIR)/tool_getparam.Po \ ./$(DEPDIR)/tool_getpass.Po ./$(DEPDIR)/tool_help.Po \ ./$(DEPDIR)/tool_helpers.Po ./$(DEPDIR)/tool_hugehelp.Po \ - ./$(DEPDIR)/tool_libinfo.Po ./$(DEPDIR)/tool_listhelp.Po \ - ./$(DEPDIR)/tool_main.Po ./$(DEPDIR)/tool_msgs.Po \ - ./$(DEPDIR)/tool_operate.Po ./$(DEPDIR)/tool_operhlp.Po \ - ./$(DEPDIR)/tool_paramhlp.Po ./$(DEPDIR)/tool_parsecfg.Po \ - ./$(DEPDIR)/tool_progress.Po ./$(DEPDIR)/tool_setopt.Po \ - ./$(DEPDIR)/tool_sleep.Po ./$(DEPDIR)/tool_stderr.Po \ - ./$(DEPDIR)/tool_strdup.Po ./$(DEPDIR)/tool_urlglob.Po \ - ./$(DEPDIR)/tool_util.Po ./$(DEPDIR)/tool_vms.Po \ - ./$(DEPDIR)/tool_writeout.Po ./$(DEPDIR)/tool_writeout_json.Po \ - ./$(DEPDIR)/tool_xattr.Po ./$(DEPDIR)/var.Po + ./$(DEPDIR)/tool_ipfs.Po ./$(DEPDIR)/tool_libinfo.Po \ + ./$(DEPDIR)/tool_listhelp.Po ./$(DEPDIR)/tool_main.Po \ + ./$(DEPDIR)/tool_msgs.Po ./$(DEPDIR)/tool_operate.Po \ + ./$(DEPDIR)/tool_operhlp.Po ./$(DEPDIR)/tool_paramhlp.Po \ + ./$(DEPDIR)/tool_parsecfg.Po ./$(DEPDIR)/tool_progress.Po \ + ./$(DEPDIR)/tool_setopt.Po ./$(DEPDIR)/tool_sleep.Po \ + ./$(DEPDIR)/tool_stderr.Po ./$(DEPDIR)/tool_strdup.Po \ + ./$(DEPDIR)/tool_urlglob.Po ./$(DEPDIR)/tool_util.Po \ + ./$(DEPDIR)/tool_vms.Po ./$(DEPDIR)/tool_writeout.Po \ + ./$(DEPDIR)/tool_writeout_json.Po ./$(DEPDIR)/tool_xattr.Po \ + ./$(DEPDIR)/var.Po am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -544,6 +550,7 @@ HAVE_BROTLI = @HAVE_BROTLI@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ +HAVE_OPENSSL_QUIC = @HAVE_OPENSSL_QUIC@ HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ HAVE_PROTO_BSDSOCKET_H = @HAVE_PROTO_BSDSOCKET_H@ HAVE_ZSTD = @HAVE_ZSTD@ @@ -623,10 +630,14 @@ USE_MSH3 = @USE_MSH3@ USE_NGHTTP2 = @USE_NGHTTP2@ USE_NGHTTP3 = @USE_NGHTTP3@ USE_NGTCP2 = @USE_NGTCP2@ +USE_NGTCP2_CRYPTO_BORINGSSL = @USE_NGTCP2_CRYPTO_BORINGSSL@ USE_NGTCP2_CRYPTO_GNUTLS = @USE_NGTCP2_CRYPTO_GNUTLS@ USE_NGTCP2_CRYPTO_QUICTLS = @USE_NGTCP2_CRYPTO_QUICTLS@ USE_NGTCP2_CRYPTO_WOLFSSL = @USE_NGTCP2_CRYPTO_WOLFSSL@ +USE_NGTCP2_H3 = @USE_NGTCP2_H3@ USE_OPENLDAP = @USE_OPENLDAP@ +USE_OPENSSL_H3 = @USE_OPENSSL_H3@ +USE_OPENSSL_QUIC = @USE_OPENSSL_QUIC@ USE_QUICHE = @USE_QUICHE@ USE_RUSTLS = @USE_RUSTLS@ USE_SCHANNEL = @USE_SCHANNEL@ @@ -788,6 +799,7 @@ CURL_CFILES = \ tool_help.c \ tool_helpers.c \ tool_hugehelp.c \ + tool_ipfs.c \ tool_libinfo.c \ tool_listhelp.c \ tool_main.c \ @@ -831,6 +843,7 @@ CURL_HFILES = \ tool_help.h \ tool_helpers.h \ tool_hugehelp.h \ + tool_ipfs.h \ tool_libinfo.h \ tool_main.h \ tool_msgs.h \ @@ -861,6 +874,7 @@ CURL_FILES = $(CURL_CFILES) $(CURLX_CFILES) $(CURL_HFILES) # CURL_FILES comes from Makefile.inc curl_SOURCES = $(CURL_FILES) $(am__append_2) +curl_LDFLAGS = $(AM_LDFLAGS) $(CURL_LDFLAGS_BIN) @USE_EXPLICIT_LIB_DEPS_FALSE@curl_LDADD = $(top_builddir)/lib/libcurl.la @SSL_LIBS@ @ZLIB_LIBS@ @CURL_NETWORK_AND_TIME_LIBS@ @USE_EXPLICIT_LIB_DEPS_TRUE@curl_LDADD = $(top_builddir)/lib/libcurl.la @LIBCURL_LIBS@ @@ -874,7 +888,7 @@ curl_SOURCES = $(CURL_FILES) $(am__append_2) @BUILD_UNITTESTS_TRUE@libcurltool_la_SOURCES = $(CURL_FILES) CLEANFILES = tool_hugehelp.c EXTRA_DIST = mkhelp.pl \ - Makefile.mk curl.rc Makefile.inc CMakeLists.txt + Makefile.mk curl.rc Makefile.inc CMakeLists.txt .checksrc # Use absolute directory to disable VPATH @@ -1031,7 +1045,7 @@ libcurltool.la: $(libcurltool_la_OBJECTS) $(libcurltool_la_DEPENDENCIES) $(EXTRA curl$(EXEEXT): $(curl_OBJECTS) $(curl_DEPENDENCIES) $(EXTRA_curl_DEPENDENCIES) @rm -f curl$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(curl_OBJECTS) $(curl_LDADD) $(LIBS) + $(AM_V_CCLD)$(curl_LINK) $(curl_OBJECTS) $(curl_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -1078,6 +1092,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurltool_la-tool_help.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurltool_la-tool_helpers.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurltool_la-tool_hugehelp.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurltool_la-tool_ipfs.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurltool_la-tool_libinfo.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurltool_la-tool_listhelp.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcurltool_la-tool_main.Plo@am__quote@ # am--include-marker @@ -1119,6 +1134,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tool_help.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tool_helpers.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tool_hugehelp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tool_ipfs.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tool_libinfo.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tool_listhelp.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tool_main.Po@am__quote@ # am--include-marker @@ -1317,6 +1333,13 @@ libcurltool_la-tool_hugehelp.lo: tool_hugehelp.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurltool_la_CPPFLAGS) $(CPPFLAGS) $(libcurltool_la_CFLAGS) $(CFLAGS) -c -o libcurltool_la-tool_hugehelp.lo `test -f 'tool_hugehelp.c' || echo '$(srcdir)/'`tool_hugehelp.c +libcurltool_la-tool_ipfs.lo: tool_ipfs.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurltool_la_CPPFLAGS) $(CPPFLAGS) $(libcurltool_la_CFLAGS) $(CFLAGS) -MT libcurltool_la-tool_ipfs.lo -MD -MP -MF $(DEPDIR)/libcurltool_la-tool_ipfs.Tpo -c -o libcurltool_la-tool_ipfs.lo `test -f 'tool_ipfs.c' || echo '$(srcdir)/'`tool_ipfs.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurltool_la-tool_ipfs.Tpo $(DEPDIR)/libcurltool_la-tool_ipfs.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tool_ipfs.c' object='libcurltool_la-tool_ipfs.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurltool_la_CPPFLAGS) $(CPPFLAGS) $(libcurltool_la_CFLAGS) $(CFLAGS) -c -o libcurltool_la-tool_ipfs.lo `test -f 'tool_ipfs.c' || echo '$(srcdir)/'`tool_ipfs.c + libcurltool_la-tool_libinfo.lo: tool_libinfo.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurltool_la_CPPFLAGS) $(CPPFLAGS) $(libcurltool_la_CFLAGS) $(CFLAGS) -MT libcurltool_la-tool_libinfo.lo -MD -MP -MF $(DEPDIR)/libcurltool_la-tool_libinfo.Tpo -c -o libcurltool_la-tool_libinfo.lo `test -f 'tool_libinfo.c' || echo '$(srcdir)/'`tool_libinfo.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libcurltool_la-tool_libinfo.Tpo $(DEPDIR)/libcurltool_la-tool_libinfo.Plo @@ -1761,6 +1784,7 @@ distclean: distclean-recursive -rm -f ./$(DEPDIR)/libcurltool_la-tool_help.Plo -rm -f ./$(DEPDIR)/libcurltool_la-tool_helpers.Plo -rm -f ./$(DEPDIR)/libcurltool_la-tool_hugehelp.Plo + -rm -f ./$(DEPDIR)/libcurltool_la-tool_ipfs.Plo -rm -f ./$(DEPDIR)/libcurltool_la-tool_libinfo.Plo -rm -f ./$(DEPDIR)/libcurltool_la-tool_listhelp.Plo -rm -f ./$(DEPDIR)/libcurltool_la-tool_main.Plo @@ -1802,6 +1826,7 @@ distclean: distclean-recursive -rm -f ./$(DEPDIR)/tool_help.Po -rm -f ./$(DEPDIR)/tool_helpers.Po -rm -f ./$(DEPDIR)/tool_hugehelp.Po + -rm -f ./$(DEPDIR)/tool_ipfs.Po -rm -f ./$(DEPDIR)/tool_libinfo.Po -rm -f ./$(DEPDIR)/tool_listhelp.Po -rm -f ./$(DEPDIR)/tool_main.Po @@ -1904,6 +1929,7 @@ maintainer-clean: maintainer-clean-recursive -rm -f ./$(DEPDIR)/libcurltool_la-tool_help.Plo -rm -f ./$(DEPDIR)/libcurltool_la-tool_helpers.Plo -rm -f ./$(DEPDIR)/libcurltool_la-tool_hugehelp.Plo + -rm -f ./$(DEPDIR)/libcurltool_la-tool_ipfs.Plo -rm -f ./$(DEPDIR)/libcurltool_la-tool_libinfo.Plo -rm -f ./$(DEPDIR)/libcurltool_la-tool_listhelp.Plo -rm -f ./$(DEPDIR)/libcurltool_la-tool_main.Plo @@ -1945,6 +1971,7 @@ maintainer-clean: maintainer-clean-recursive -rm -f ./$(DEPDIR)/tool_help.Po -rm -f ./$(DEPDIR)/tool_helpers.Po -rm -f ./$(DEPDIR)/tool_hugehelp.Po + -rm -f ./$(DEPDIR)/tool_ipfs.Po -rm -f ./$(DEPDIR)/tool_libinfo.Po -rm -f ./$(DEPDIR)/tool_listhelp.Po -rm -f ./$(DEPDIR)/tool_main.Po @@ -2044,7 +2071,7 @@ tidy: $(TIDY) $(CURL_CFILES) $(TIDYFLAGS) -- $(curl_CPPFLAGS) $(CPPFLAGS) -DHAVE_CONFIG_H listhelp: - (cd $(top_srcdir)/docs/cmdline-opts && ./gen.pl listhelp *.d) > tool_listhelp.c + (cd $(top_srcdir)/docs/cmdline-opts && make listhelp) @HAVE_WINDRES_TRUE@.rc.o: @HAVE_WINDRES_TRUE@ $(RC) -I$(top_srcdir)/include -DCURL_EMBED_MANIFEST $(RCFLAGS) -i $< -o $@ diff --git a/src/tool_hugehelp.c b/src/tool_hugehelp.c index ad26b0f3c..43dd6d3b0 100644 --- a/src/tool_hugehelp.c +++ b/src/tool_hugehelp.c @@ -60,7 +60,7 @@ void hugehelp(void) "\n" , stdout); fputs( -" \"http://[fe80::3%25eth0]/\"\n" +" \"http://[fe80::3%25eth0]/\"\n" "\n" " Everything provided on the command line that is not a command line op-\n" " tion or its argument, curl assumes is a URL and treats it as such.\n" @@ -71,31 +71,35 @@ void hugehelp(void) "\n" " Provide a list with three different names like this:\n" "\n" -" \"http://site.{one,two,three}.com\"\n" +" \"http://site.{one,two,three}.com\"\n" "\n" , stdout); fputs( -" or you can get sequences of alphanumeric series by using [] as in:\n" +" Do sequences of alphanumeric series by using [] as in:\n" "\n" -" \"ftp://ftp.example.com/file[1-100].txt\"\n" +" \"ftp://ftp.example.com/file[1-100].txt\"\n" "\n" -" \"ftp://ftp.example.com/file[001-100].txt\" (with leading zeros)\n" +" With leading zeroes:\n" "\n" -" \"ftp://ftp.example.com/file[a-z].txt\"\n" +" \"ftp://ftp.example.com/file[001-100].txt\"\n" +"\n" +" With letters through the alphabet:\n" +"\n" +" \"ftp://ftp.example.com/file[a-z].txt\"\n" "\n" " Nested sequences are not supported, but you can use several ones next\n" " to each other:\n" "\n" -" \"http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html\"\n" +" \"http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html\"\n" "\n" , stdout); fputs( " You can specify a step counter for the ranges to get every Nth number\n" " or letter:\n" "\n" -" \"http://example.com/file[1-100:10].txt\"\n" +" \"http://example.com/file[1-100:10].txt\"\n" "\n" -" \"http://example.com/file[a-z:2].txt\"\n" +" \"http://example.com/file[a-z:2].txt\"\n" "\n" " When using [] or {} sequences when invoked from a command line prompt,\n" " you probably have to put the full URL within double quotes to avoid the\n" @@ -111,97 +115,97 @@ void hugehelp(void) " with --variable name=content or --variable name@file (where \"file\" can\n" " be stdin if set to a single dash (-)).\n" "\n" -" Variable contents can expanded in option parameters using \"{{name}}\"\n" -" (without the quotes) if the option name is prefixed with \"--expand-\".\n" -" This gets the contents of the variable \"name\" inserted, or a blank if\n" +" Variable contents can be expanded in option parameters using \"{{name}}\"\n" +" (without the quotes) if the option name is prefixed with \"--expand-\".\n" +" This gets the contents of the variable \"name\" inserted, or a blank if\n" , stdout); fputs( -" the name does not exist as a variable. Insert \"{{\" verbatim in the\n" +" the name does not exist as a variable. Insert \"{{\" verbatim in the\n" " string by prefixing it with a backslash, like \"\\{{\".\n" "\n" " You an access and expand environment variables by first importing them.\n" -" You can select to either require the environment variable to be set or\n" -" you can provide a default value in case it is not already set. Plain\n" -" --variable %name imports the variable called 'name' but exits with an\n" +" You can select to either require the environment variable to be set or\n" +" you can provide a default value in case it is not already set. Plain\n" +" --variable %name imports the variable called 'name' but exits with an\n" , stdout); fputs( " error if that environment variable is not already set. To provide a de-\n" -" fault value if it is not set, use --variable %name=content or --vari-\n" +" fault value if it is not set, use --variable %name=content or --vari-\n" " able %name@content.\n" "\n" -" Example. Get the USER environment variable into the URL, fail if USER\n" +" Example. Get the USER environment variable into the URL, fail if USER\n" " is not set:\n" "\n" -" --variable '%USER'\n" -" --expand-url = \"https://example.com/api/{{USER}}/method\"\n" +" --variable '%USER'\n" +" --expand-url = \"https://example.com/api/{{USER}}/method\"\n" "\n" -" When expanding variables, curl supports a set of functions that can\n" +" When expanding variables, curl supports a set of functions that can\n" , stdout); fputs( -" make the variable contents more convenient to use. It can trim leading\n" -" and trailing white space with trim, it can output the contents as a\n" -" JSON quoted string with json, URL encode the string with url or base64\n" -" encode it with b64. You apply function to a variable expansion, add\n" -" them colon separated to the right side of the variable. Variable con-\n" +" make the variable contents more convenient to use. It can trim leading\n" +" and trailing white space with trim, it can output the contents as a\n" +" JSON quoted string with json, URL encode the string with url or base64\n" +" encode it with b64. You apply function to a variable expansion, add\n" +" them colon separated to the right side of the variable. Variable con-\n" " tent holding null bytes that are not encoded when expanded cause error.\n" , stdout); fputs( -" Example: get the contents of a file called $HOME/.secret into a vari-\n" -" able called \"fix\". Make sure that the content is trimmed and per-\n" +" Example: get the contents of a file called $HOME/.secret into a vari-\n" +" able called \"fix\". Make sure that the content is trimmed and per-\n" " cent-encoded sent as POST data:\n" "\n" -" --variable %HOME\n" -" --expand-variable fix@{{HOME}}/.secret\n" -" --expand-data \"{{fix:trim:url}}\"\n" -" https://example.com/\n" +" --variable %HOME\n" +" --expand-variable fix@{{HOME}}/.secret\n" +" --expand-data \"{{fix:trim:url}}\"\n" +" https://example.com/\n" "\n" " Command line variables and expansions were added in in 8.3.0.\n" "\n" "OUTPUT\n" +" If not told otherwise, curl writes the received data to stdout. It can\n" , stdout); fputs( -" If not told otherwise, curl writes the received data to stdout. It can\n" -" be instructed to instead save that data into a local file, using the\n" -" -o, --output or -O, --remote-name options. If curl is given multiple\n" -" URLs to transfer on the command line, it similarly needs multiple op-\n" +" be instructed to instead save that data into a local file, using the\n" +" -o, --output or -O, --remote-name options. If curl is given multiple\n" +" URLs to transfer on the command line, it similarly needs multiple op-\n" " tions for where to save them.\n" "\n" -" curl does not parse or otherwise \"understand\" the content it gets or\n" -, stdout); - fputs( -" writes as output. It does no encoding or decoding, unless explicitly\n" +" curl does not parse or otherwise \"understand\" the content it gets or\n" +" writes as output. It does no encoding or decoding, unless explicitly\n" " asked to with dedicated command line options.\n" "\n" "PROTOCOLS\n" -" curl supports numerous protocols, or put in URL terms: schemes. Your\n" +, stdout); + fputs( +" curl supports numerous protocols, or put in URL terms: schemes. Your\n" " particular build may not support them all.\n" "\n" " DICT Lets you lookup words using online dictionaries.\n" "\n" -" FILE Read or write local files. curl does not support accessing\n" -" file:// URL remotely, but when running on Microsoft Windows us-\n" -, stdout); - fputs( +" FILE Read or write local files. curl does not support accessing\n" +" file:// URL remotely, but when running on Microsoft Windows us-\n" " ing the native UNC approach works.\n" "\n" -" FTP(S) curl supports the File Transfer Protocol with a lot of tweaks\n" +" FTP(S) curl supports the File Transfer Protocol with a lot of tweaks\n" +, stdout); + fputs( " and levers. With or without using TLS.\n" "\n" " GOPHER(S)\n" " Retrieve files.\n" "\n" " HTTP(S)\n" -" curl supports HTTP with numerous options and variations. It can\n" +" curl supports HTTP with numerous options and variations. It can\n" " speak HTTP version 0.9, 1.0, 1.1, 2 and 3 depending on build op-\n" " tions and the correct command line options.\n" "\n" " IMAP(S)\n" -, stdout); - fputs( -" Using the mail reading protocol, curl can \"download\" emails for\n" +" Using the mail reading protocol, curl can \"download\" emails for\n" " you. With or without using TLS.\n" "\n" " LDAP(S)\n" +, stdout); + fputs( " curl can do directory lookups for you, with or without TLS.\n" "\n" " MQTT curl supports MQTT version 3. Downloading over MQTT equals \"sub-\n" @@ -209,13 +213,13 @@ void hugehelp(void) " topic. MQTT over TLS is not supported (yet).\n" "\n" " POP3(S)\n" -, stdout); - fputs( -" Downloading from a pop3 server means getting a mail. With or\n" +" Downloading from a pop3 server means getting a mail. With or\n" " without using TLS.\n" "\n" " RTMP(S)\n" -" The Realtime Messaging Protocol is primarily used to serve\n" +, stdout); + fputs( +" The Realtime Messaging Protocol is primarily used to serve\n" " streaming media and curl can download it.\n" "\n" " RTSP curl supports RTSP 1.0 downloads.\n" @@ -224,128 +228,128 @@ void hugehelp(void) "\n" " SFTP curl supports SFTP (draft 5) done over SSH version 2.\n" "\n" -, stdout); - fputs( " SMB(S) curl supports SMB version 1 for upload and download.\n" "\n" " SMTP(S)\n" -" Uploading contents to an SMTP server means sending an email.\n" +" Uploading contents to an SMTP server means sending an email.\n" +, stdout); + fputs( " With or without TLS.\n" "\n" " TELNET Telling curl to fetch a telnet URL starts an interactive session\n" -" where it sends what it reads on stdin and outputs what the\n" +" where it sends what it reads on stdin and outputs what the\n" " server sends it.\n" "\n" " TFTP curl can do TFTP downloads and uploads.\n" "\n" "PROGRESS METER\n" +" curl normally displays a progress meter during operations, indicating\n" +" the amount of transferred data, transfer speeds and estimated time\n" , stdout); fputs( -" curl normally displays a progress meter during operations, indicating\n" -" the amount of transferred data, transfer speeds and estimated time\n" -" left, etc. The progress meter displays the transfer rate in bytes per\n" -" second. The suffixes (k, M, G, T, P) are 1024 based. For example 1k is\n" +" left, etc. The progress meter displays the transfer rate in bytes per\n" +" second. The suffixes (k, M, G, T, P) are 1024 based. For example 1k is\n" " 1024 bytes. 1M is 1048576 bytes.\n" "\n" -" curl displays this data to the terminal by default, so if you invoke\n" -, stdout); - fputs( -" curl to do an operation and it is about to write data to the terminal,\n" +" curl displays this data to the terminal by default, so if you invoke\n" +" curl to do an operation and it is about to write data to the terminal,\n" " it disables the progress meter as otherwise it would mess up the output\n" " mixing progress meter and response data.\n" "\n" +, stdout); + fputs( " If you want a progress meter for HTTP POST or PUT requests, you need to\n" -" redirect the response output to a file, using shell redirect (>), -o,\n" +" redirect the response output to a file, using shell redirect (>), -o,\n" " --output or similar.\n" "\n" -" This does not apply to FTP upload as that operation does not spit out\n" -, stdout); - fputs( +" This does not apply to FTP upload as that operation does not spit out\n" " any response data to the terminal.\n" "\n" -" If you prefer a progress \"bar\" instead of the regular meter, -#,\n" -" --progress-bar is your friend. You can also disable the progress meter\n" +" If you prefer a progress \"bar\" instead of the regular meter, -#,\n" +" --progress-bar is your friend. You can also disable the progress meter\n" +, stdout); + fputs( " completely with the -s, --silent option.\n" "\n" "VERSION\n" -" This man page describes curl 8.4.0. If you use a later version, chances\n" -" are this man page does not fully document it. If you use an earlier\n" -" version, this document tries to include version information about which\n" -, stdout); - fputs( -" specific version that introduced changes.\n" +" This man page describes curl %VERSION. If you use a later version,\n" +" chances are this man page does not fully document it. If you use an\n" +" earlier version, this document tries to include version information\n" +" about which specific version that introduced changes.\n" "\n" " You can always learn which the latest curl version is by running\n" "\n" -" curl https://curl.se/info\n" +" curl https://curl.se/info\n" "\n" +, stdout); + fputs( " The online version of this man page is always showing the latest incar-\n" " nation: https://curl.se/docs/manpage.html\n" "\n" "OPTIONS\n" -" Options start with one or two dashes. Many of the options require an\n" -" additional value next to them. If provided text does not start with a\n" -, stdout); - fputs( +" Options start with one or two dashes. Many of the options require an\n" +" additional value next to them. If provided text does not start with a\n" " dash, it is presumed to be and treated as a URL.\n" "\n" -" The short \"single-dash\" form of the options, -d for example, may be\n" +" The short \"single-dash\" form of the options, -d for example, may be\n" +, stdout); + fputs( " used with or without a space between it and its value, although a space\n" " is a recommended separator. The long \"double-dash\" form, -d, --data for\n" " example, requires a space between it and its value.\n" "\n" -" Short version options that do not need any additional values can be\n" -, stdout); - fputs( -" used immediately next to each other, like for example you can specify\n" +" Short version options that do not need any additional values can be\n" +" used immediately next to each other, like for example you can specify\n" " all the options -O, -L and -v at once as -OLv.\n" "\n" +, stdout); + fputs( " In general, all boolean options are enabled with --option and yet again\n" -" disabled with --no-option. That is, you use the same option name but\n" -" prefix it with \"no-\". However, in this list we mostly only list and\n" +" disabled with --no-option. That is, you use the same option name but\n" +" prefix it with \"no-\". However, in this list we mostly only list and\n" " show the --option version of them.\n" "\n" " When -:, --next is used, it resets the parser state and you start again\n" +" with a clean option state, except for the options that are \"global\".\n" , stdout); fputs( -" with a clean option state, except for the options that are \"global\".\n" " Global options retain their values and meaning even after -:, --next.\n" "\n" -" The following options are global: --fail-early, --libcurl, --paral-\n" -" lel-immediate, -Z, --parallel, -#, --progress-bar, --rate, -S,\n" +" The following options are global: --fail-early, --libcurl, --paral-\n" +" lel-immediate, -Z, --parallel, -#, --progress-bar, --rate, -S,\n" " --show-error, --stderr, --styled-output, --trace-ascii, --trace-config,\n" " --trace-ids, --trace-time, --trace and -v, --verbose.\n" "\n" " --abstract-unix-socket \n" +" (HTTP) Connect through an abstract Unix domain socket, instead\n" , stdout); fputs( -" (HTTP) Connect through an abstract Unix domain socket, instead\n" -" of using the network. Note: netstat shows the path of an ab-\n" -" stract socket prefixed with '@', however the argument\n" +" of using the network. Note: netstat shows the path of an ab-\n" +" stract socket prefixed with '@', however the argument\n" " should not have this leading character.\n" "\n" -" If --abstract-unix-socket is provided several times, the last\n" +" If --abstract-unix-socket is provided several times, the last\n" " set value is used.\n" "\n" " Example:\n" -, stdout); - fputs( " curl --abstract-unix-socket socketpath https://example.com\n" "\n" " See also --unix-socket. Added in 7.53.0.\n" "\n" +, stdout); + fputs( " --alt-svc \n" -" (HTTPS) This option enables the alt-svc parser in curl. If the\n" -" file name points to an existing alt-svc cache file, that gets\n" +" (HTTPS) This option enables the alt-svc parser in curl. If the\n" +" file name points to an existing alt-svc cache file, that gets\n" " used. After a completed transfer, the cache is saved to the file\n" " name again if it has been modified.\n" "\n" -, stdout); - fputs( " Specify a \"\" file name (zero length) to avoid loading/saving and\n" " make curl just handle the cache in memory.\n" "\n" -" If this option is used several times, curl loads contents from\n" +, stdout); + fputs( +" If this option is used several times, curl loads contents from\n" " all the files but the last one is used for saving.\n" "\n" " --alt-svc can be used several times in a command line\n" @@ -353,74 +357,74 @@ void hugehelp(void) " Example:\n" " curl --alt-svc svc.txt https://example.com\n" "\n" -, stdout); - fputs( " See also --resolve and --connect-to. Added in 7.64.1.\n" "\n" " --anyauth\n" " (HTTP) Tells curl to figure out authentication method by itself,\n" -" and use the most secure one the remote site claims to support.\n" -" This is done by first doing a request and checking the re-\n" -" sponse-headers, thus possibly inducing an extra network\n" -" round-trip. This is used instead of setting a specific authenti-\n" , stdout); fputs( -" cation method, which you can do with --basic, --digest, --ntlm,\n" +" and use the most secure one the remote site claims to support.\n" +" This is done by first doing a request and checking the re-\n" +" sponse-headers, thus possibly inducing an extra network\n" +" round-trip. This is used instead of setting a specific authenti-\n" +" cation method, which you can do with --basic, --digest, --ntlm,\n" " and --negotiate.\n" "\n" +, stdout); + fputs( " Using --anyauth is not recommended if you do uploads from stdin,\n" -" since it may require data to be sent twice and then the client\n" -" must be able to rewind. If the need should arise when uploading\n" +" since it may require data to be sent twice and then the client\n" +" must be able to rewind. If the need should arise when uploading\n" " from stdin, the upload operation fails.\n" "\n" " Used together with -u, --user.\n" "\n" -, stdout); - fputs( " Providing --anyauth multiple times has no extra effect.\n" "\n" " Example:\n" " curl --anyauth --user me:pwd https://example.com\n" "\n" +, stdout); + fputs( " See also --proxy-anyauth, --basic and --digest.\n" "\n" " -a, --append\n" " (FTP SFTP) When used in an upload, this option makes curl append\n" " to the target file instead of overwriting it. If the remote file\n" " does not exist, it is created. Note that this flag is ignored by\n" -, stdout); - fputs( " some SFTP servers (including OpenSSH).\n" "\n" -" Providing -a, --append multiple times has no extra effect. Dis-\n" -" able it again with --no-append.\n" +" Providing --append multiple times has no extra effect. Disable\n" +" it again with --no-append.\n" "\n" +, stdout); + fputs( " Example:\n" " curl --upload-file local --append ftp://example.com/\n" "\n" " See also -r, --range and -C, --continue-at.\n" "\n" " --aws-sigv4 \n" -" Use AWS V4 signature authentication in the transfer.\n" +" (HTTP) Use AWS V4 signature authentication in the transfer.\n" "\n" -, stdout); - fputs( " The provider argument is a string that is used by the algorithm\n" " when creating outgoing authentication headers.\n" "\n" +, stdout); + fputs( " The region argument is a string that points to a geographic area\n" " of a resources collection (region-code) when the region name is\n" " omitted from the endpoint.\n" "\n" " The service argument is a string that points to a function pro-\n" " vided by a cloud (service-code) when the service name is omitted\n" -, stdout); - fputs( " from the endpoint.\n" "\n" " If --aws-sigv4 is provided several times, the last set value is\n" " used.\n" "\n" +, stdout); + fputs( " Example:\n" " curl --aws-sigv4 \"aws:amz:us-east-2:es\" --user \"key:secret\" https://example.com\n" "\n" @@ -429,9 +433,9 @@ void hugehelp(void) " --basic\n" " (HTTP) Tells curl to use HTTP Basic authentication with the re-\n" " mote host. This is the default and this option is usually point-\n" +" less, unless you use it to override a previously set option that\n" , stdout); fputs( -" less, unless you use it to override a previously set option that\n" " sets a different authentication method (such as --ntlm, --di-\n" " gest, or --negotiate).\n" "\n" @@ -445,21 +449,19 @@ void hugehelp(void) " See also --proxy-basic.\n" "\n" " --ca-native\n" +" (TLS) Tells curl to use the CA store from the native operating\n" , stdout); fputs( -" (TLS) Tells curl to use the CA store from the native operating\n" " system to verify the peer. By default, curl otherwise uses a CA\n" " store provided in a single file or directory, but when using\n" " this option it interfaces the operating system's own vault.\n" "\n" -" This option only works for curl on Windows when built to use\n" -" OpenSSL. When curl on Windows is built to use Schannel, this\n" +" This option works for curl on Windows when built to use OpenSSL,\n" +" wolfSSL (added in 8.3.0) or GnuTLS (added in 8.5.0). When curl\n" +" on Windows is built to use Schannel, this feature is implied and\n" , stdout); fputs( -" feature is implied and curl then only uses the native CA store.\n" -"\n" -" curl built with wolfSSL also supports this option (added in\n" -" 8.3.0).\n" +" curl then only uses the native CA store.\n" "\n" " Providing --ca-native multiple times has no extra effect. Dis-\n" " able it again with --no-ca-native.\n" @@ -470,43 +472,44 @@ void hugehelp(void) " See also --cacert, --capath and -k, --insecure. Added in 8.2.0.\n" "\n" " --cacert \n" +" (TLS) Tells curl to use the specified certificate file to verify\n" , stdout); fputs( -" (TLS) Tells curl to use the specified certificate file to verify\n" " the peer. The file may contain multiple CA certificates. The\n" " certificate(s) must be in PEM format. Normally curl is built to\n" " use a default file for this, so this option is typically used to\n" " alter that default file.\n" "\n" " curl recognizes the environment variable named 'CURL_CA_BUNDLE'\n" +" if it is set and the TLS backend is not Schannel, and uses the\n" , stdout); fputs( -" if it is set, and uses the given path as a path to a CA cert\n" -" bundle. This option overrides that variable.\n" +" given path as a path to a CA cert bundle. This option overrides\n" +" that variable.\n" "\n" -" The windows version of curl automatically looks for a CA certs\n" +" The windows version of curl automatically looks for a CA certs\n" " file named 'curl-ca-bundle.crt', either in the same directory as\n" -" curl.exe, or in the Current Working Directory, or in any folder\n" +" curl.exe, or in the Current Working Directory, or in any folder\n" " along your PATH.\n" "\n" -" (iOS and macOS only) If curl is built against Secure Transport,\n" +" (iOS and macOS only) If curl is built against Secure Transport,\n" , stdout); fputs( -" then this option is supported for backward compatibility with\n" -" other SSL engines, but it should not be set. If the option is\n" -" not set, then curl uses the certificates in the system and user\n" -" Keychain to verify the peer, which is the preferred method of\n" +" then this option is supported for backward compatibility with\n" +" other SSL engines, but it should not be set. If the option is\n" +" not set, then curl uses the certificates in the system and user\n" +" Keychain to verify the peer, which is the preferred method of\n" " verifying the peer's certificate chain.\n" "\n" " (Schannel only) This option is supported for Schannel in Windows\n" , stdout); fputs( " 7 or later (added in 7.60.0). This option is supported for back-\n" -" ward compatibility with other SSL engines; instead it is recom-\n" -" mended to use Windows' store of root certificates (the default\n" +" ward compatibility with other SSL engines; instead it is recom-\n" +" mended to use Windows' store of root certificates (the default\n" " for Schannel).\n" "\n" -" If --cacert is provided several times, the last set value is\n" +" If --cacert is provided several times, the last set value is\n" " used.\n" "\n" " Example:\n" @@ -517,20 +520,20 @@ void hugehelp(void) " See also --capath and -k, --insecure.\n" "\n" " --capath \n" -" (TLS) Tells curl to use the specified certificate directory to\n" -" verify the peer. Multiple paths can be provided by separating\n" +" (TLS) Tells curl to use the specified certificate directory to\n" +" verify the peer. Multiple paths can be provided by separating\n" " them with \":\" (e.g. \"path1:path2:path3\"). The certificates must\n" -" be in PEM format, and if curl is built against OpenSSL, the di-\n" +" be in PEM format, and if curl is built against OpenSSL, the di-\n" " rectory must have been processed using the c_rehash utility sup-\n" , stdout); fputs( -" plied with OpenSSL. Using --capath can allow OpenSSL-powered\n" -" curl to make SSL-connections much more efficiently than using\n" +" plied with OpenSSL. Using --capath can allow OpenSSL-powered\n" +" curl to make SSL-connections much more efficiently than using\n" " --cacert if the --cacert file contains many CA certificates.\n" "\n" " If this option is set, the default capath value is ignored.\n" "\n" -" If --capath is provided several times, the last set value is\n" +" If --capath is provided several times, the last set value is\n" " used.\n" "\n" " Example:\n" @@ -541,21 +544,21 @@ void hugehelp(void) " See also --cacert and -k, --insecure.\n" "\n" " --cert-status\n" -" (TLS) Tells curl to verify the status of the server certificate\n" +" (TLS) Tells curl to verify the status of the server certificate\n" " by using the Certificate Status Request (aka. OCSP stapling) TLS\n" " extension.\n" "\n" -" If this option is enabled and the server sends an invalid (e.g.\n" +" If this option is enabled and the server sends an invalid (e.g.\n" " expired) response, if the response suggests that the server cer-\n" -" tificate has been revoked, or no response at all is received,\n" +" tificate has been revoked, or no response at all is received,\n" , stdout); fputs( " the verification fails.\n" "\n" -" This is currently only implemented in the OpenSSL and GnuTLS\n" +" This is currently only implemented in the OpenSSL and GnuTLS\n" " backends.\n" "\n" -" Providing --cert-status multiple times has no extra effect.\n" +" Providing --cert-status multiple times has no extra effect.\n" " Disable it again with --no-cert-status.\n" "\n" " Example:\n" @@ -564,16 +567,16 @@ void hugehelp(void) " See also --pinnedpubkey.\n" "\n" " --cert-type \n" -" (TLS) Tells curl what type the provided client certificate is\n" +" (TLS) Tells curl what type the provided client certificate is\n" , stdout); fputs( " using. PEM, DER, ENG and P12 are recognized types.\n" "\n" -" The default type depends on the TLS backend and is usually PEM,\n" -" however for Secure Transport and Schannel it is P12. If -E,\n" +" The default type depends on the TLS backend and is usually PEM,\n" +" however for Secure Transport and Schannel it is P12. If -E,\n" " --cert is a pkcs11: URI then ENG is the default type.\n" "\n" -" If --cert-type is provided several times, the last set value is\n" +" If --cert-type is provided several times, the last set value is\n" " used.\n" "\n" " Example:\n" @@ -584,60 +587,60 @@ void hugehelp(void) " See also -E, --cert, --key and --key-type.\n" "\n" " -E, --cert \n" -" (TLS) Tells curl to use the specified client certificate file\n" +" (TLS) Tells curl to use the specified client certificate file\n" " when getting a file with HTTPS, FTPS or another SSL-based proto-\n" -" col. The certificate must be in PKCS#12 format if using Secure\n" -" Transport, or PEM format if using any other engine. If the op-\n" -" tional password is not specified, it is queried for on the ter-\n" +" col. The certificate must be in PKCS#12 format if using Secure\n" +" Transport, or PEM format if using any other engine. If the op-\n" +" tional password is not specified, it is queried for on the ter-\n" , stdout); fputs( -" minal. Note that this option assumes a certificate file that is\n" +" minal. Note that this option assumes a certificate file that is\n" " the private key and the client certificate concatenated. See -E,\n" " --cert and --key to specify them independently.\n" "\n" -" In the portion of the argument, you must escape\n" -" the character \":\" as \"\\:\" so that it is not recognized as the\n" -" password delimiter. Similarly, you must escape the character \"\\\"\n" +" In the portion of the argument, you must escape\n" +" the character \":\" as \"\\:\" so that it is not recognized as the\n" +" password delimiter. Similarly, you must escape the double quote\n" , stdout); fputs( -" as \"\\\\\" so that it is not recognized as an escape character.\n" +" character as \\\" so that it is not recognized as an escape char-\n" +" acter.\n" "\n" -" If curl is built against OpenSSL library, and the engine pkcs11\n" +" If curl is built against OpenSSL library, and the engine pkcs11\n" " is available, then a PKCS#11 URI (RFC 7512) can be used to spec-\n" -" ify a certificate located in a PKCS#11 device. A string begin-\n" -" ning with \"pkcs11:\" is interpreted as a PKCS#11 URI. If a\n" -" PKCS#11 URI is provided, then the --engine option is set as\n" +" ify a certificate located in a PKCS#11 device. A string begin-\n" +" ning with \"pkcs11:\" is interpreted as a PKCS#11 URI. If a\n" +" PKCS#11 URI is provided, then the --engine option is set as\n" , stdout); fputs( -" \"pkcs11\" if none was provided and the --cert-type option is set\n" +" \"pkcs11\" if none was provided and the --cert-type option is set\n" " as \"ENG\" if none was provided.\n" "\n" -" (iOS and macOS only) If curl is built against Secure Transport,\n" +" (iOS and macOS only) If curl is built against Secure Transport,\n" " then the certificate string can either be the name of a certifi-\n" -" cate/private key in the system or user keychain, or the path to\n" -" a PKCS#12-encoded certificate and private key. If you want to\n" +" cate/private key in the system or user keychain, or the path to\n" +" a PKCS#12-encoded certificate and private key. If you want to\n" , stdout); fputs( -" use a file from the current directory, please precede it with\n" +" use a file from the current directory, please precede it with\n" " \"./\" prefix, in order to avoid confusion with a nickname.\n" "\n" -" (Schannel only) Client certificates must be specified by a path\n" -" expression to a certificate store. (Loading PFX is not sup-\n" +" (Schannel only) Client certificates must be specified by a path\n" +" expression to a certificate store. (Loading PFX is not sup-\n" " ported; you can import it to a store first). You can use \"\\\\\" to refer to a certificate\n" +" location>\\\\\" to refer to a certificate\n" , stdout); fputs( -" in the system certificates store, for example, \"Curren-\n" +" in the system certificates store, for example, \"Curren-\n" " tUser\\MY\\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a\". Thumbprint\n" -" is usually a SHA-1 hex string which you can see in certificate\n" -" details. Following store locations are supported: CurrentUser,\n" -" LocalMachine, CurrentService, Services, CurrentUserGroupPolicy,\n" +" is usually a SHA-1 hex string which you can see in certificate\n" +" details. Following store locations are supported: CurrentUser,\n" +" LocalMachine, CurrentService, Services, CurrentUserGroupPolicy,\n" " LocalMachineGroupPolicy and LocalMachineEnterprise.\n" "\n" , stdout); fputs( -" If -E, --cert is provided several times, the last set value is\n" -" used.\n" +" If --cert is provided several times, the last set value is used.\n" "\n" " Example:\n" " curl --cert certfile --key keyfile https://example.com\n" @@ -744,27 +747,27 @@ void hugehelp(void) "\n" " url = \"https://curl.se/docs/\"\n" "\n" -" # --- Example file ---\n" -" # this is a comment\n" -" url = \"example.com\"\n" -" output = \"curlhere.html\"\n" -" user-agent = \"superagent/1.0\"\n" +" # --- Example file ---\n" +" # this is a comment\n" +" url = \"example.com\"\n" +" output = \"curlhere.html\"\n" +" user-agent = \"superagent/1.0\"\n" "\n" , stdout); fputs( -" # and fetch another URL too\n" -" url = \"example.com/docs/manpage.html\"\n" -" -O\n" -" referer = \"http://nowhereatall.example.com/\"\n" -" # --- End of example file ---\n" +" # and fetch another URL too\n" +" url = \"example.com/docs/manpage.html\"\n" +" -O\n" +" referer = \"http://nowhereatall.example.com/\"\n" +" # --- End of example file ---\n" "\n" " When curl is invoked, it (unless -q, --disable is used) checks\n" " for a default config file and uses it if found, even when -K,\n" " --config is used. The default config file is checked for in the\n" -, stdout); - fputs( " following places in this order:\n" "\n" +, stdout); + fputs( " 1) \"$CURL_HOME/.curlrc\"\n" "\n" " 2) \"$XDG_CONFIG_HOME/curlrc\" (Added in 7.73.0)\n" @@ -789,30 +792,30 @@ void hugehelp(void) " _curlrc, preferring the former. Older versions on Windows\n" " checked for _curlrc only.\n" "\n" -" -K, --config can be used several times in a command line\n" +" --config can be used several times in a command line\n" "\n" " Example:\n" " curl --config file.txt https://example.com\n" "\n" +" See also -q, --disable.\n" , stdout); fputs( -" See also -q, --disable.\n" "\n" " --connect-timeout \n" " Maximum time in seconds that you allow curl's connection to\n" -" take. This only limits the connection phase, so if curl con-\n" -" nects within the given period it continues - if not it exits.\n" +" take. This only limits the connection phase, so if curl connects\n" +" within the given period it continues - if not it exits.\n" "\n" -" This option accepts decimal values. The decimal value needs to\n" +" This option accepts decimal values. The decimal value needs to\n" " be provided using a dot (.) as decimal separator - not the local\n" , stdout); fputs( " version even if it might be using another separator.\n" "\n" -" The connection phase is considered complete when the DNS lookup\n" +" The connection phase is considered complete when the DNS lookup\n" " and requested TCP, TLS or QUIC handshakes are done.\n" "\n" -" If --connect-timeout is provided several times, the last set\n" +" If --connect-timeout is provided several times, the last set\n" " value is used.\n" "\n" " Examples:\n" @@ -824,12 +827,11 @@ void hugehelp(void) " See also -m, --max-time.\n" "\n" " --connect-to \n" -"\n" -" For a request to the given HOST1:PORT1 pair, connect to\n" -" HOST2:PORT2 instead. This option is suitable to direct requests\n" -" at a specific server, e.g. at a specific cluster node in a clus-\n" -" ter of servers. This option is only used to establish the net-\n" -" work connection. It does NOT affect the hostname/port that is\n" +" For a request to the given \"HOST1:PORT1\" pair, connect to\n" +" \"HOST2:PORT2\" instead. This option is suitable to direct re-\n" +" quests at a specific server, e.g. at a specific cluster node in\n" +" a cluster of servers. This option is only used to establish the\n" +" network connection. It does NOT affect the hostname/port that is\n" , stdout); fputs( " used for TLS/SSL (e.g. SNI, certificate verification) or for the\n" @@ -838,10 +840,10 @@ void hugehelp(void) " the empty string, meaning \"use the request's original\n" " host/port\".\n" "\n" -" A \"host\" specified to this option is compared as a string, so it\n" +" A hostname specified to this option is compared as a string, so\n" , stdout); fputs( -" needs to match the name used in request URL. It can be either\n" +" it needs to match the name used in request URL. It can be either\n" " numerical such as \"127.0.0.1\" or the full host name such as \"ex-\n" " ample.org\".\n" "\n" @@ -867,8 +869,8 @@ void hugehelp(void) " resume the transfer. It then uses the given output/input files\n" " to figure that out.\n" "\n" -" If -C, --continue-at is provided several times, the last set\n" -" value is used.\n" +" If --continue-at is provided several times, the last set value\n" +" is used.\n" "\n" " Examples:\n" " curl -C - https://example.com\n" @@ -905,8 +907,8 @@ void hugehelp(void) " only visible feedback you get about this possibly lethal situa-\n" " tion.\n" "\n" -" If -c, --cookie-jar is provided several times, the last set\n" -" value is used.\n" +" If --cookie-jar is provided several times, the last set value is\n" +" used.\n" "\n" " Examples:\n" " curl -c store-here.txt https://example.com\n" @@ -918,54 +920,67 @@ void hugehelp(void) fputs( " -b, --cookie \n" " (HTTP) Pass the data to the HTTP server in the Cookie header. It\n" -" is supposedly the data previously received from the server in a\n" -" \"Set-Cookie:\" line. The data should be in the format\n" -" \"NAME1=VALUE1; NAME2=VALUE2\". This makes curl use the cookie\n" -" header with this content explicitly in all outgoing request(s).\n" +" is supposedly the data previously received from the server in a\n" +" \"Set-Cookie:\" line. The data should be in the format\n" +" \"NAME1=VALUE1; NAME2=VALUE2\". This makes curl use the cookie\n" +" header with this content explicitly in all outgoing request(s).\n" , stdout); fputs( -" If multiple requests are done due to authentication, followed\n" +" If multiple requests are done due to authentication, followed\n" " redirects or similar, they all get this cookie passed on.\n" "\n" -" If no '=' symbol is used in the argument, it is instead treated\n" +" If no '=' symbol is used in the argument, it is instead treated\n" " as a filename to read previously stored cookie from. This option\n" -" also activates the cookie engine which makes curl record incom-\n" -" ing cookies, which may be handy if you are using this in combi-\n" +" also activates the cookie engine which makes curl record incom-\n" +" ing cookies, which may be handy if you are using this in combi-\n" , stdout); fputs( -" nation with the -L, --location option or do multiple URL trans-\n" -" fers on the same invoke. If the file name is exactly a minus\n" -" (\"-\"), curl instead reads the contents from stdin.\n" +" nation with the -L, --location option or do multiple URL trans-\n" +" fers on the same invoke.\n" +"\n" +" If the file name is exactly a minus (\"-\"), curl instead reads\n" +" the contents from stdin. If the file name is an empty string\n" +" (\"\") and is the only cookie input, curl will activate the cookie\n" +" engine without any cookies.\n" "\n" " The file format of the file to read cookies from should be plain\n" +, stdout); + fputs( " HTTP headers (Set-Cookie style) or the Netscape/Mozilla cookie\n" " file format.\n" "\n" " The file specified with -b, --cookie is only used as input. No\n" -, stdout); - fputs( " cookies are written to the file. To store cookies, use the -c,\n" " --cookie-jar option.\n" "\n" " If you use the Set-Cookie file format and do not specify a do-\n" " main then the cookie is not sent since the domain never matches.\n" +, stdout); + fputs( " To address this, set a domain in Set-Cookie line (doing that in-\n" " cludes subdomains) or preferably: use the Netscape format.\n" "\n" -, stdout); - fputs( " Users often want to both read cookies from a file and write up-\n" " dated cookies back to a file, so using both -b, --cookie and -c,\n" " --cookie-jar in the same command line is common.\n" "\n" -" -b, --cookie can be used several times in a command line\n" +" If curl is built with PSL (Public Suffix List) support, it de-\n" +, stdout); + fputs( +" tects and discards cookies that are specified for such suffix\n" +" domains that should not be allowed to have cookies. If curl is\n" +" not built with PSL support, it has no ability to stop super\n" +" cookies.\n" +"\n" +" --cookie can be used several times in a command line\n" "\n" " Examples:\n" +" curl -b \"\" https://example.com\n" " curl -b cookiefile https://example.com\n" -" curl -b cookiefile -c cookiefile https://example.com\n" -"\n" , stdout); fputs( +" curl -b cookiefile -c cookiefile https://example.com\n" +"\n" " See also -c, --cookie-jar and -j, --junk-session-cookies.\n" "\n" " --create-dirs\n" @@ -973,9 +988,9 @@ void hugehelp(void) " ates the necessary local directory hierarchy as needed. This op-\n" " tion creates the directories mentioned with the -o, --output op-\n" " tion combined with the path possibly set with --output-dir. If\n" -" the combined output file name uses no directory, or if the di-\n" , stdout); fputs( +" the combined output file name uses no directory, or if the di-\n" " rectories it mentions already exist, no directories are created.\n" " Created directories are made with mode 0750 on unix style file\n" " systems.\n" @@ -984,11 +999,11 @@ void hugehelp(void) " --ftp-create-dirs.\n" "\n" " Providing --create-dirs multiple times has no extra effect.\n" +, stdout); + fputs( " Disable it again with --no-create-dirs.\n" "\n" " Example:\n" -, stdout); - fputs( " curl --create-dirs --output local/dir/file https://example.com\n" "\n" " See also --ftp-create-dirs and --output-dir.\n" @@ -997,10 +1012,10 @@ void hugehelp(void) " (SFTP SCP FILE) When curl is used to create files remotely using\n" " one of the supported protocols, this option allows the user to\n" " set which 'mode' to set on the file at creation time, instead of\n" -" the default 0644.\n" -"\n" , stdout); fputs( +" the default 0644.\n" +"\n" " This option takes an octal number as argument.\n" "\n" " If --create-file-mode is provided several times, the last set\n" @@ -1043,23 +1058,23 @@ void hugehelp(void) "\n" " --curves \n" " (TLS) Tells curl to request specific curves to use during SSL\n" -" session establishment according to RFC 8422, 5.1. Multiple al-\n" +" session establishment according to RFC 8422, 5.1. Multiple algo-\n" , stdout); fputs( -" gorithms can be provided by separating them with \":\" (e.g.\n" -" \"X25519:P-521\"). The parameter is available identically in the\n" -" \"openssl s_client/s_server\" utilities.\n" +" rithms can be provided by separating them with \":\" (e.g.\n" +" \"X25519:P-521\"). The parameter is available identically in the\n" +" OpenSSL \"s_client\" and \"s_server\" utilities.\n" "\n" -" --curves allows a OpenSSL powered curl to make SSL-connections\n" -" with exactly the (EC) curve requested by the client, avoiding\n" +" --curves allows a OpenSSL powered curl to make SSL-connections\n" +" with exactly the (EC) curve requested by the client, avoiding\n" " nontransparent client/server negotiations.\n" "\n" , stdout); fputs( -" If this option is set, the default curves list built into\n" +" If this option is set, the default curves list built into\n" " OpenSSL are ignored.\n" "\n" -" If --curves is provided several times, the last set value is\n" +" If --curves is provided several times, the last set value is\n" " used.\n" "\n" " Example:\n" @@ -1080,25 +1095,25 @@ void hugehelp(void) " See also --data-binary, --data-raw and --data-urlencode.\n" "\n" " --data-binary \n" -" (HTTP) This posts data exactly as specified with no extra pro-\n" +" (HTTP) This posts data exactly as specified with no extra pro-\n" " cessing whatsoever.\n" "\n" -" If you start the data with the letter @, the rest should be a\n" +" If you start the data with the letter @, the rest should be a\n" , stdout); fputs( " filename. Data is posted in a similar manner as -d, --data does,\n" " except that newlines and carriage returns are preserved and con-\n" " versions are never done.\n" "\n" -" Like -d, --data the default content-type sent to the server is\n" -" application/x-www-form-urlencoded. If you want the data to be\n" +" Like -d, --data the default content-type sent to the server is\n" +" application/x-www-form-urlencoded. If you want the data to be\n" " treated as arbitrary binary data by the server then set the con-\n" , stdout); fputs( -" tent-type to octet-stream: -H \"Content-Type: applica-\n" +" tent-type to octet-stream: -H \"Content-Type: applica-\n" " tion/octet-stream\".\n" "\n" -" If this option is used several times, the ones following the\n" +" If this option is used several times, the ones following the\n" " first append data as described in -d, --data.\n" "\n" " --data-binary can be used several times in a command line\n" @@ -1111,7 +1126,7 @@ void hugehelp(void) " --data-raw \n" , stdout); fputs( -" (HTTP) This posts data similarly to -d, --data but without the\n" +" (HTTP) This posts data similarly to -d, --data but without the\n" " special interpretation of the @ character.\n" "\n" " --data-raw can be used several times in a command line\n" @@ -1123,25 +1138,25 @@ void hugehelp(void) " See also -d, --data.\n" "\n" " --data-urlencode \n" -" (HTTP) This posts data, similar to the other -d, --data options\n" +" (HTTP) This posts data, similar to the other -d, --data options\n" , stdout); fputs( " with the exception that this performs URL-encoding.\n" "\n" -" To be CGI-compliant, the part should begin with a name\n" -" followed by a separator and a content specification. The \n" +" To be CGI-compliant, the part should begin with a name\n" +" followed by a separator and a content specification. The \n" " part can be passed to curl using one of the following syntaxes:\n" "\n" " content\n" -" This makes curl URL-encode the content and pass that on.\n" -" Just be careful so that the content does not contain any\n" +" This makes curl URL-encode the content and pass that on.\n" +" Just be careful so that the content does not contain any\n" , stdout); fputs( " = or @ symbols, as that makes the syntax match one of the\n" " other cases below!\n" "\n" " =content\n" -" This makes curl URL-encode the content and pass that on.\n" +" This makes curl URL-encode the content and pass that on.\n" " The preceding = symbol is not included in the data.\n" "\n" " name=content\n" @@ -1152,17 +1167,17 @@ void hugehelp(void) " already.\n" "\n" " @filename\n" -" This makes curl load data from the given file (including\n" +" This makes curl load data from the given file (including\n" " any newlines), URL-encode that data and pass it on in the\n" " POST.\n" "\n" " name@filename\n" -" This makes curl load data from the given file (including\n" +" This makes curl load data from the given file (including\n" " any newlines), URL-encode that data and pass it on in the\n" , stdout); fputs( -" POST. The name part gets an equal sign appended, result-\n" -" ing in name=urlencoded-file-content. Note that the name\n" +" POST. The name part gets an equal sign appended, result-\n" +" ing in name=urlencoded-file-content. Note that the name\n" " is expected to be URL-encoded already.\n" "\n" " --data-urlencode can be used several times in a command line\n" @@ -1178,7 +1193,7 @@ void hugehelp(void) " See also -d, --data and --data-raw.\n" "\n" " -d, --data \n" -" (HTTP MQTT) Sends the specified data in a POST request to the\n" +" (HTTP MQTT) Sends the specified data in a POST request to the\n" " HTTP server, in the same way that a browser does when a user has\n" " filled in an HTML form and presses the submit button. This makes\n" , stdout); @@ -1187,34 +1202,34 @@ void hugehelp(void) " tion/x-www-form-urlencoded. Compare to -F, --form.\n" "\n" " --data-raw is almost the same but does not have a special inter-\n" -" pretation of the @ character. To post data purely binary, you\n" -" should instead use the --data-binary option. To URL-encode the\n" +" pretation of the @ character. To post data purely binary, you\n" +" should instead use the --data-binary option. To URL-encode the\n" " value of a form field you may use --data-urlencode.\n" "\n" , stdout); fputs( -" If any of these options is used more than once on the same com-\n" -" mand line, the data pieces specified are merged with a separat-\n" -" ing &-symbol. Thus, using '-d name=daniel -d skill=lousy' would\n" +" If any of these options is used more than once on the same com-\n" +" mand line, the data pieces specified are merged with a separat-\n" +" ing &-symbol. Thus, using '-d name=daniel -d skill=lousy' would\n" " generate a post chunk that looks like 'name=daniel&skill=lousy'.\n" -" If you start the data with the letter @, the rest should be a\n" -" file name to read the data from, or - if you want curl to read\n" +" If you start the data with the letter @, the rest should be a\n" +" file name to read the data from, or - if you want curl to read\n" , stdout); fputs( -" the data from stdin. Posting data from a file named 'foobar'\n" -" would thus be done with -d, --data @foobar. When -d, --data is\n" -" told to read from a file like that, carriage returns and new-\n" -" lines are stripped out. If you do not want the @ character to\n" +" the data from stdin. Posting data from a file named 'foobar'\n" +" would thus be done with -d, --data @foobar. When -d, --data is\n" +" told to read from a file like that, carriage returns and new-\n" +" lines are stripped out. If you do not want the @ character to\n" " have a special interpretation use --data-raw instead.\n" "\n" -" The data for this option is passed on to the server exactly as\n" +" The data for this option is passed on to the server exactly as\n" , stdout); fputs( -" provided on the command line. curl does not convert, change or\n" +" provided on the command line. curl does not convert, change or\n" " improve it. It is up to the user to provide the data in the cor-\n" " rect form.\n" "\n" -" -d, --data can be used several times in a command line\n" +" --data can be used several times in a command line\n" "\n" " Examples:\n" " curl -d \"name=curl\" https://example.com\n" @@ -1223,20 +1238,20 @@ void hugehelp(void) "\n" , stdout); fputs( -" See also --data-binary, --data-urlencode and --data-raw. This\n" -" option is mutually exclusive to -F, --form and -I, --head and\n" +" See also --data-binary, --data-urlencode and --data-raw. This\n" +" option is mutually exclusive to -F, --form and -I, --head and\n" " -T, --upload-file.\n" "\n" " --delegation \n" -" (GSS/kerberos) Set LEVEL to tell the server what it is allowed\n" +" (GSS/kerberos) Set LEVEL to tell the server what it is allowed\n" " to delegate when it comes to user credentials.\n" "\n" " none Do not allow any delegation.\n" "\n" -" policy Delegates if and only if the OK-AS-DELEGATE flag is set\n" +" policy Delegates if and only if the OK-AS-DELEGATE flag is set\n" , stdout); fputs( -" in the Kerberos service ticket, which is a matter of\n" +" in the Kerberos service ticket, which is a matter of\n" " realm policy.\n" "\n" " always Unconditionally allow the server to delegate.\n" @@ -1252,12 +1267,12 @@ void hugehelp(void) " --digest\n" , stdout); fputs( -" (HTTP) Enables HTTP Digest authentication. This is an authenti-\n" -" cation scheme that prevents the password from being sent over\n" -" the wire in clear text. Use this in combination with the normal\n" +" (HTTP) Enables HTTP Digest authentication. This is an authenti-\n" +" cation scheme that prevents the password from being sent over\n" +" the wire in clear text. Use this in combination with the normal\n" " -u, --user option to set user name and password.\n" "\n" -" Providing --digest multiple times has no extra effect. Disable\n" +" Providing --digest multiple times has no extra effect. Disable\n" " it again with --no-digest.\n" "\n" " Example:\n" @@ -1265,32 +1280,32 @@ void hugehelp(void) fputs( " curl -u name:password --digest https://example.com\n" "\n" -" See also -u, --user, --proxy-digest and --anyauth. This option\n" +" See also -u, --user, --proxy-digest and --anyauth. This option\n" " is mutually exclusive to --basic and --ntlm and --negotiate.\n" "\n" " --disable-eprt\n" " (FTP) Tell curl to disable the use of the EPRT and LPRT commands\n" " when doing active FTP transfers. Curl normally first attempts to\n" -" use EPRT before using PORT, but with this option, it uses PORT\n" +" use EPRT before using PORT, but with this option, it uses PORT\n" , stdout); fputs( -" right away. EPRT is an extension to the original FTP protocol,\n" +" right away. EPRT is an extension to the original FTP protocol,\n" " and does not work on all servers, but enables more functionality\n" " in a better way than the traditional PORT command.\n" "\n" " --eprt can be used to explicitly enable EPRT again and --no-eprt\n" " is an alias for --disable-eprt.\n" "\n" -" If the server is accessed using IPv6, this option has no effect\n" +" If the server is accessed using IPv6, this option has no effect\n" " as EPRT is necessary then.\n" "\n" , stdout); fputs( -" Disabling EPRT only changes the active behavior. If you want to\n" -" switch to passive mode you need to not use -P, --ftp-port or\n" +" Disabling EPRT only changes the active behavior. If you want to\n" +" switch to passive mode you need to not use -P, --ftp-port or\n" " force it with --ftp-pasv.\n" "\n" -" Providing --disable-eprt multiple times has no extra effect.\n" +" Providing --disable-eprt multiple times has no extra effect.\n" " Disable it again with --no-disable-eprt.\n" "\n" " Example:\n" @@ -1301,8 +1316,8 @@ void hugehelp(void) " --disable-epsv\n" , stdout); fputs( -" (FTP) Tell curl to disable the use of the EPSV command when do-\n" -" ing passive FTP transfers. Curl normally first attempts to use\n" +" (FTP) Tell curl to disable the use of the EPSV command when do-\n" +" ing passive FTP transfers. Curl normally first attempts to use\n" " EPSV before PASV, but with this option, it does not try EPSV.\n" "\n" " --epsv can be used to explicitly enable EPSV again and --no-epsv\n" @@ -1316,7 +1331,7 @@ void hugehelp(void) " Disabling EPSV only changes the passive behavior. If you want to\n" " switch to active mode you need to use -P, --ftp-port.\n" "\n" -" Providing --disable-epsv multiple times has no extra effect.\n" +" Providing --disable-epsv multiple times has no extra effect.\n" " Disable it again with --no-disable-epsv.\n" "\n" " Example:\n" @@ -1327,15 +1342,15 @@ void hugehelp(void) " -q, --disable\n" , stdout); fputs( -" If used as the first parameter on the command line, the curlrc\n" -" config file is not read or used. See the -K, --config for de-\n" +" If used as the first parameter on the command line, the curlrc\n" +" config file is not read or used. See the -K, --config for de-\n" " tails on the default config file search path.\n" "\n" -" Prior to 7.50.0 curl supported the short option name q but not\n" +" Prior to 7.50.0 curl supported the short option name q but not\n" " the long option name disable.\n" "\n" -" Providing -q, --disable multiple times has no extra effect.\n" -" Disable it again with --no-disable.\n" +" Providing --disable multiple times has no extra effect. Disable\n" +" it again with --no-disable.\n" "\n" " Example:\n" , stdout); @@ -1345,9 +1360,9 @@ void hugehelp(void) " See also -K, --config.\n" "\n" " --disallow-username-in-url\n" -" (HTTP) This tells curl to exit if passed a URL containing a\n" -" username. This is probably most useful when the URL is being\n" -" provided at runtime or similar.\n" +" This tells curl to exit if passed a URL containing a username.\n" +" This is probably most useful when the URL is being provided at\n" +" runtime or similar.\n" "\n" " Providing --disallow-username-in-url multiple times has no extra\n" " effect. Disable it again with --no-disallow-username-in-url.\n" @@ -1411,10 +1426,10 @@ void hugehelp(void) " ares.\n" "\n" " --dns-servers \n" -" Set the list of DNS servers to be used instead of the system de-\n" -" fault. The list of IP addresses should be separated with com-\n" -" mas. Port numbers may also optionally be given as :\n" -" after each IP address.\n" +" (DNS) Set the list of DNS servers to be used instead of the sys-\n" +" tem default. The list of IP addresses should be separated with\n" +" commas. Port numbers may also optionally be given as : after each IP address.\n" "\n" , stdout); fputs( @@ -1491,9 +1506,8 @@ void hugehelp(void) " URLs in one -:, --next clause), appends them to the same file,\n" " separated by a blank line.\n" "\n" -" If -D, --dump-header is provided several times, the last set\n" -" value is used.\n" -"\n" +" If --dump-header is provided several times, the last set value\n" +" is used.\n" " Example:\n" , stdout); fputs( @@ -1675,8 +1689,8 @@ void hugehelp(void) fputs( " thentication is involved (response codes 401 and 407).\n" "\n" -" Providing -f, --fail multiple times has no extra effect. Dis-\n" -" able it again with --no-fail.\n" +" Providing --fail multiple times has no extra effect. Disable it\n" +" again with --no-fail.\n" "\n" " Example:\n" " curl --fail https://example.com\n" @@ -1685,17 +1699,17 @@ void hugehelp(void) " ally exclusive to --fail-with-body.\n" "\n" " --false-start\n" -" (TLS) Tells curl to use false start during the TLS handshake.\n" +" (TLS) Tells curl to use false start during the TLS handshake.\n" , stdout); fputs( " False start is a mode where a TLS client starts sending applica-\n" -" tion data before verifying the server's Finished message, thus\n" +" tion data before verifying the server's Finished message, thus\n" " saving a round trip when performing a full handshake.\n" "\n" -" This is currently only implemented in the Secure Transport (on\n" +" This is currently only implemented in the Secure Transport (on\n" " iOS 7.0 or later, or OS X 10.9 or later) backend.\n" "\n" -" Providing --false-start multiple times has no extra effect.\n" +" Providing --false-start multiple times has no extra effect.\n" , stdout); fputs( " Disable it again with --no-false-start.\n" @@ -1706,10 +1720,10 @@ void hugehelp(void) " See also --tcp-fastopen.\n" "\n" " --form-escape\n" -" (HTTP) Tells curl to pass on names of multipart form fields and\n" +" (HTTP) Tells curl to pass on names of multipart form fields and\n" " files using backslash-escaping instead of percent-encoding.\n" "\n" -" If --form-escape is provided several times, the last set value\n" +" If --form-escape is provided several times, the last set value\n" " is used.\n" " Example:\n" , stdout); @@ -1719,13 +1733,13 @@ void hugehelp(void) " See also -F, --form. Added in 7.81.0.\n" "\n" " --form-string \n" -" (HTTP SMTP IMAP) Similar to -F, --form except that the value\n" -" string for the named parameter is used literally. Leading '@'\n" +" (HTTP SMTP IMAP) Similar to -F, --form except that the value\n" +" string for the named parameter is used literally. Leading '@'\n" " and '<' characters, and the ';type=' string in the value have no\n" , stdout); fputs( -" special meaning. Use this in preference to -F, --form if there\n" -" is any possibility that the string value may accidentally trig-\n" +" special meaning. Use this in preference to -F, --form if there\n" +" is any possibility that the string value may accidentally trig-\n" " ger the '@' or '<' features of -F, --form.\n" "\n" " --form-string can be used several times in a command line\n" @@ -1738,9 +1752,9 @@ void hugehelp(void) " -F, --form \n" , stdout); fputs( -" (HTTP SMTP IMAP) For HTTP protocol family, this lets curl emu-\n" -" late a filled-in form in which a user has pressed the submit\n" -" button. This causes curl to POST data using the Content-Type\n" +" (HTTP SMTP IMAP) For HTTP protocol family, this lets curl emu-\n" +" late a filled-in form in which a user has pressed the submit\n" +" button. This causes curl to POST data using the Content-Type\n" " multipart/form-data according to RFC 2388.\n" "\n" " For SMTP and IMAP protocols, this is the means to compose a mul-\n" @@ -1748,26 +1762,26 @@ void hugehelp(void) "\n" , stdout); fputs( -" This enables uploading of binary files etc. To force the 'con-\n" +" This enables uploading of binary files etc. To force the 'con-\n" " tent' part to be a file, prefix the file name with an @ sign. To\n" " just get the content part from a file, prefix the file name with\n" -" the symbol <. The difference between @ and < is then that @\n" -" makes a file get attached in the post as a file upload, while\n" +" the symbol <. The difference between @ and < is then that @\n" +" makes a file get attached in the post as a file upload, while\n" " the < makes a text field and just get the contents for that text\n" , stdout); fputs( " field from a file.\n" "\n" -" Tell curl to read content from stdin instead of a file by using\n" +" Tell curl to read content from stdin instead of a file by using\n" " - as filename. This goes for both @ and < constructs. When stdin\n" " is used, the contents is buffered in memory first by curl to de-\n" -" termine its size and allow a possible resend. Defining a part's\n" +" termine its size and allow a possible resend. Defining a part's\n" " data from a named non-regular file (such as a named pipe or sim-\n" , stdout); fputs( -" ilar) is not subject to buffering and is instead read at trans-\n" +" ilar) is not subject to buffering and is instead read at trans-\n" " mission time; since the full size is unknown before the transfer\n" -" starts, such data is sent as chunks by HTTP and rejected by\n" +" starts, such data is sent as chunks by HTTP and rejected by\n" " IMAP.\n" "\n" " Example: send an image to an HTTP server, where 'profile' is the\n" @@ -1776,175 +1790,178 @@ void hugehelp(void) "\n" , stdout); fputs( -" curl -F profile=@portrait.jpg https://example.com/upload.cgi\n" +" curl -F profile=@portrait.jpg https://example.com/upload.cgi\n" "\n" -" Example: send your name and shoe size in two text fields to the\n" +" Example: send your name and shoe size in two text fields to the\n" " server:\n" "\n" -" curl -F name=John -F shoesize=11 https://example.com/\n" +" curl -F name=John -F shoesize=11 https://example.com/\n" "\n" -" Example: send your essay in a text field to the server. Send it\n" -" as a plain text field, but get the contents for it from a local\n" +" Example: send your essay in a text field to the server. Send it\n" +" as a plain text field, but get the contents for it from a local\n" " file:\n" "\n" -" curl -F \"story=HTML message;type=text/html' \\\n" -" -F '=)' -F '=@textfile.txt' ... smtp://example.com\n" +" curl -F '=(;type=multipart/alternative' \\\n" +, stdout); + fputs( +" -F '=plain text message' \\\n" +" -F '= HTML message;type=text/html' \\\n" +" -F '=)' -F '=@textfile.txt' ... smtp://example.com\n" "\n" -" Data can be encoded for transfer using encoder=. Available en-\n" +" Data can be encoded for transfer using encoder=. Available en-\n" " codings are binary and 8bit that do nothing else than adding the\n" +" corresponding Content-Transfer-Encoding header, 7bit that only\n" , stdout); fputs( -" corresponding Content-Transfer-Encoding header, 7bit that only\n" " rejects 8-bit characters with a transfer error, quoted-printable\n" -" and base64 that encodes data according to the corresponding\n" +" and base64 that encodes data according to the corresponding\n" " schemes, limiting lines length to 76 characters.\n" "\n" -" Example: send multipart mail with a quoted-printable text mes-\n" +" Example: send multipart mail with a quoted-printable text mes-\n" " sage and a base64 attached file:\n" "\n" -" curl -F '=text message;encoder=quoted-printable' \\\n" +" curl -F '=text message;encoder=quoted-printable' \\\n" +" -F '=@localfile;encoder=base64' ... smtp://example.com\n" +"\n" , stdout); fputs( -" -F '=@localfile;encoder=base64' ... smtp://example.com\n" -"\n" " See further examples and details in the MANUAL.\n" "\n" -" -F, --form can be used several times in a command line\n" +" --form can be used several times in a command line\n" "\n" " Example:\n" " curl --form \"name=curl\" --form \"file=@loadthis\" https://example.com\n" "\n" -" See also -d, --data, --form-string and --form-escape. This op-\n" -" tion is mutually exclusive to -d, --data and -I, --head and -T,\n" -, stdout); - fputs( +" See also -d, --data, --form-string and --form-escape. This op-\n" +" tion is mutually exclusive to -d, --data and -I, --head and -T,\n" " --upload-file.\n" "\n" " --ftp-account \n" +, stdout); + fputs( " (FTP) When an FTP server asks for \"account data\" after user name\n" -" and password has been provided, this data is sent off using the\n" +" and password has been provided, this data is sent off using the\n" " ACCT command.\n" "\n" -" If --ftp-account is provided several times, the last set value\n" +" If --ftp-account is provided several times, the last set value\n" " is used.\n" " Example:\n" " curl --ftp-account \"mr.robot\" ftp://example.com/\n" "\n" " See also -u, --user.\n" "\n" +" --ftp-alternative-to-user \n" , stdout); fputs( -" --ftp-alternative-to-user \n" -" (FTP) If authenticating with the USER and PASS commands fails,\n" -" send this command. When connecting to Tumbleweed's Secure\n" -" Transport server over FTPS using a client certificate, using\n" -" \"SITE AUTH\" tells the server to retrieve the username from the\n" +" (FTP) If authenticating with the USER and PASS commands fails,\n" +" send this command. When connecting to Tumbleweed's Secure\n" +" Transport server over FTPS using a client certificate, using\n" +" \"SITE AUTH\" tells the server to retrieve the username from the\n" " certificate.\n" "\n" " If --ftp-alternative-to-user is provided several times, the last\n" " set value is used.\n" "\n" +" Example:\n" , stdout); fputs( -" Example:\n" " curl --ftp-alternative-to-user \"U53r\" ftp://example.com\n" "\n" " See also --ftp-account and -u, --user.\n" "\n" " --ftp-create-dirs\n" -" (FTP SFTP) When an FTP or SFTP URL/operation uses a path that\n" +" (FTP SFTP) When an FTP or SFTP URL/operation uses a path that\n" " does not currently exist on the server, the standard behavior of\n" -" curl is to fail. Using this option, curl instead attempts to\n" +" curl is to fail. Using this option, curl instead attempts to\n" " create missing directories.\n" "\n" , stdout); fputs( -" Providing --ftp-create-dirs multiple times has no extra effect.\n" +" Providing --ftp-create-dirs multiple times has no extra effect.\n" " Disable it again with --no-ftp-create-dirs.\n" "\n" " Example:\n" @@ -1953,28 +1970,28 @@ void hugehelp(void) " See also --create-dirs.\n" "\n" " --ftp-method \n" -" (FTP) Control what method curl should use to reach a file on an\n" -" FTP(S) server. The method argument should be one of the follow-\n" +" (FTP) Control what method curl should use to reach a file on an\n" +" FTP(S) server. The method argument should be one of the follow-\n" , stdout); fputs( " ing alternatives:\n" "\n" " multicwd\n" -" curl does a single CWD operation for each path part in\n" -" the given URL. For deep hierarchies this means many com-\n" -" mands. This is how RFC 1738 says it should be done. This\n" +" curl does a single CWD operation for each path part in\n" +" the given URL. For deep hierarchies this means many com-\n" +" mands. This is how RFC 1738 says it should be done. This\n" " is the default but the slowest behavior.\n" "\n" -" nocwd curl does no CWD at all. curl does SIZE, RETR, STOR etc\n" +" nocwd curl does no CWD at all. curl does SIZE, RETR, STOR etc\n" , stdout); fputs( -" and give a full path to the server for all these com-\n" +" and give a full path to the server for all these com-\n" " mands. This is the fastest behavior.\n" "\n" " singlecwd\n" " curl does one CWD with the full target directory and then\n" -" operates on the file \"normally\" (like in the multicwd\n" -" case). This is somewhat more standards compliant than\n" +" operates on the file \"normally\" (like in the multicwd\n" +" case). This is somewhat more standards compliant than\n" " 'nocwd' but without the full penalty of 'multicwd'.\n" "\n" , stdout); @@ -1990,21 +2007,21 @@ void hugehelp(void) " See also -l, --list-only.\n" "\n" " --ftp-pasv\n" -" (FTP) Use passive mode for the data connection. Passive is the\n" +" (FTP) Use passive mode for the data connection. Passive is the\n" , stdout); fputs( -" internal default behavior, but using this option can be used to\n" +" internal default behavior, but using this option can be used to\n" " override a previous -P, --ftp-port option.\n" "\n" -" Reversing an enforced passive really is not doable but you must\n" +" Reversing an enforced passive really is not doable but you must\n" " then instead enforce the correct -P, --ftp-port again.\n" "\n" -" Passive mode means that curl tries the EPSV command first and\n" +" Passive mode means that curl tries the EPSV command first and\n" " then PASV, unless --disable-epsv is used.\n" "\n" , stdout); fputs( -" Providing --ftp-pasv multiple times has no extra effect. Dis-\n" +" Providing --ftp-pasv multiple times has no extra effect. Dis-\n" " able it again with --no-ftp-pasv.\n" "\n" " Example:\n" @@ -2012,47 +2029,48 @@ void hugehelp(void) "\n" " See also --disable-epsv.\n" " -P, --ftp-port
\n" -" (FTP) Reverses the default initiator/listener roles when con-\n" -" necting with FTP. This option makes curl use active mode. curl\n" +" (FTP) Reverses the default initiator/listener roles when con-\n" +" necting with FTP. This option makes curl use active mode. curl\n" , stdout); fputs( -" then tells the server to connect back to the client's specified\n" +" then tells the server to connect back to the client's specified\n" " address and port, while passive mode asks the server to setup an\n" -" IP address and port for it to connect to.
should be\n" +" IP address and port for it to connect to.
should be\n" " one of:\n" "\n" " interface\n" -" e.g. \"eth0\" to specify which interface's IP address you\n" +" e.g. eth0 to specify which interface's IP address you\n" " want to use (Unix only)\n" "\n" " IP address\n" , stdout); fputs( -" e.g. \"192.168.10.1\" to specify the exact IP address\n" +" e.g. 192.168.10.1 to specify the exact IP address\n" "\n" " host name\n" -" e.g. \"my.host.domain\" to specify the machine\n" +" e.g. my.host.domain to specify the machine\n" "\n" -" - make curl pick the same IP address that is already used\n" -" for the control connection\n" +" - make curl pick the same IP address that is already used\n" +" for the control connection. This is the recommended\n" +" choice.\n" "\n" " Disable the use of PORT with --ftp-pasv. Disable the attempt to\n" +, stdout); + fputs( " use the EPRT command instead of PORT by using --disable-eprt.\n" " EPRT is really PORT++.\n" "\n" -, stdout); - fputs( " You can also append \":[start]-[end]\" to the right of the ad-\n" " dress, to tell curl what TCP port range to use. That means you\n" " specify a port range, from a lower to a higher number. A single\n" " number works as well, but do note that it increases the risk of\n" " failure since the port may not be available.\n" "\n" -" If -P, --ftp-port is provided several times, the last set value\n" -" is used.\n" -"\n" , stdout); fputs( +" If --ftp-port is provided several times, the last set value is\n" +" used.\n" +"\n" " Examples:\n" " curl -P - ftp:/example.com\n" " curl -P eth0 ftp:/example.com\n" @@ -2063,11 +2081,11 @@ void hugehelp(void) " --ftp-pret\n" " (FTP) Tell curl to send a PRET command before PASV (and EPSV).\n" " Certain FTP servers, mainly drftpd, require this non-standard\n" +, stdout); + fputs( " command for directory listings as well as up and downloads in\n" " PASV mode.\n" "\n" -, stdout); - fputs( " Providing --ftp-pret multiple times has no extra effect. Dis-\n" " able it again with --no-ftp-pret.\n" "\n" @@ -2078,9 +2096,9 @@ void hugehelp(void) "\n" " --ftp-skip-pasv-ip\n" " (FTP) Tell curl to not use the IP address the server suggests in\n" -" its response to curl's PASV command when curl connects the data\n" , stdout); fputs( +" its response to curl's PASV command when curl connects the data\n" " connection. Instead curl reuses the same IP address it already\n" " uses for the control connection.\n" "\n" @@ -2090,11 +2108,11 @@ void hugehelp(void) " of PASV.\n" "\n" " Providing --ftp-skip-pasv-ip multiple times has no extra effect.\n" +, stdout); + fputs( " Disable it again with --no-ftp-skip-pasv-ip.\n" "\n" " Example:\n" -, stdout); - fputs( " curl --ftp-skip-pasv-ip ftp://example.com/\n" "\n" " See also --ftp-pasv.\n" @@ -2103,10 +2121,10 @@ void hugehelp(void) " (FTP) Sets the CCC mode. The passive mode does not initiate the\n" " shutdown, but instead waits for the server to do it, and does\n" " not reply to the shutdown from the server. The active mode ini-\n" -" tiates the shutdown and waits for a reply from the server.\n" -"\n" , stdout); fputs( +" tiates the shutdown and waits for a reply from the server.\n" +"\n" " Providing --ftp-ssl-ccc-mode multiple times has no extra effect.\n" " Disable it again with --no-ftp-ssl-ccc-mode.\n" "\n" @@ -2117,9 +2135,9 @@ void hugehelp(void) "\n" " --ftp-ssl-ccc\n" " (FTP) Use CCC (Clear Command Channel) Shuts down the SSL/TLS\n" -" layer after authenticating. The rest of the control channel com-\n" , stdout); fputs( +" layer after authenticating. The rest of the control channel com-\n" " munication is be unencrypted. This allows NAT routers to follow\n" " the FTP transaction. The default mode is passive.\n" "\n" @@ -2130,37 +2148,37 @@ void hugehelp(void) " curl --ftp-ssl-ccc ftps://example.com/\n" " See also --ssl and --ftp-ssl-ccc-mode.\n" "\n" -" --ftp-ssl-control\n" , stdout); fputs( -" (FTP) Require SSL/TLS for the FTP login, clear for transfer.\n" -" Allows secure authentication, but non-encrypted data transfers\n" -" for efficiency. Fails the transfer if the server does not sup-\n" -" port SSL/TLS.\n" +" --ftp-ssl-control\n" +" (FTP) Require SSL/TLS for the FTP login, clear for transfer. Al-\n" +" lows secure authentication, but non-encrypted data transfers for\n" +" efficiency. Fails the transfer if the server does not support\n" +" SSL/TLS.\n" "\n" " Providing --ftp-ssl-control multiple times has no extra effect.\n" " Disable it again with --no-ftp-ssl-control.\n" "\n" " Example:\n" -" curl --ftp-ssl-control ftp://example.com\n" -"\n" , stdout); fputs( +" curl --ftp-ssl-control ftp://example.com\n" +"\n" " See also --ssl.\n" "\n" " -G, --get\n" -" When used, this option makes all data specified with -d, --data,\n" -" --data-binary or --data-urlencode to be used in an HTTP GET re-\n" -" quest instead of the POST request that otherwise would be used.\n" -" The data is appended to the URL with a '?' separator.\n" +" (HTTP) When used, this option makes all data specified with -d,\n" +" --data, --data-binary or --data-urlencode to be used in an HTTP\n" +" GET request instead of the POST request that otherwise would be\n" +" used. The data is appended to the URL with a '?' separator.\n" "\n" " If used in combination with -I, --head, the POST data is instead\n" -" appended to the URL with a HEAD request.\n" -"\n" , stdout); fputs( -" Providing -G, --get multiple times has no extra effect. Disable\n" -" it again with --no-get.\n" +" appended to the URL with a HEAD request.\n" +"\n" +" Providing --get multiple times has no extra effect. Disable it\n" +" again with --no-get.\n" "\n" " Examples:\n" " curl --get https://example.com\n" @@ -2170,43 +2188,43 @@ void hugehelp(void) " See also -d, --data and -X, --request.\n" "\n" " -g, --globoff\n" -" This option switches off the \"URL globbing parser\". When you set\n" , stdout); fputs( +" This option switches off the \"URL globbing parser\". When you set\n" " this option, you can specify URLs that contain the letters {}[]\n" " without having curl itself interpret them. Note that these let-\n" " ters are not normal legal URL contents but they should be en-\n" " coded according to the URI standard.\n" "\n" -" Providing -g, --globoff multiple times has no extra effect.\n" -" Disable it again with --no-globoff.\n" +" Providing --globoff multiple times has no extra effect. Disable\n" +" it again with --no-globoff.\n" "\n" +, stdout); + fputs( " Example:\n" " curl -g \"https://example.com/{[]}}}}\"\n" "\n" -, stdout); - fputs( " See also -K, --config and -q, --disable.\n" "\n" " --happy-eyeballs-timeout-ms \n" -" Happy Eyeballs is an algorithm that attempts to connect to both\n" -" IPv4 and IPv6 addresses for dual-stack hosts, giving IPv6 a\n" -" head-start of the specified number of milliseconds. If the IPv6\n" -" address cannot be connected to within that time, then a connec-\n" +" Happy Eyeballs is an algorithm that attempts to connect to both\n" +" IPv4 and IPv6 addresses for dual-stack hosts, giving IPv6 a\n" +" head-start of the specified number of milliseconds. If the IPv6\n" +" address cannot be connected to within that time, then a connec-\n" , stdout); fputs( -" tion attempt is made to the IPv4 address in parallel. The first\n" +" tion attempt is made to the IPv4 address in parallel. The first\n" " connection to be established is the one that is used.\n" "\n" -" The range of suggested useful values is limited. Happy Eyeballs\n" -" RFC 6555 says \"It is RECOMMENDED that connection attempts be\n" -" paced 150-250 ms apart to balance human factors against network\n" -" load.\" libcurl currently defaults to 200 ms. Firefox and Chrome\n" +" The range of suggested useful values is limited. Happy Eyeballs\n" +" RFC 6555 says \"It is RECOMMENDED that connection attempts be\n" +" paced 150-250 ms apart to balance human factors against network\n" +" load.\" libcurl currently defaults to 200 ms. Firefox and Chrome\n" , stdout); fputs( " currently default to 300 ms.\n" "\n" -" If --happy-eyeballs-timeout-ms is provided several times, the\n" +" If --happy-eyeballs-timeout-ms is provided several times, the\n" " last set value is used.\n" "\n" " Example:\n" @@ -2214,36 +2232,33 @@ void hugehelp(void) "\n" " See also -m, --max-time and --connect-timeout. Added in 7.59.0.\n" "\n" -" --haproxy-clientip\n" -" (HTTP) Sets a client IP in HAProxy PROXY protocol v1 header at\n" -" the beginning of the connection.\n" -"\n" +" --haproxy-clientip \n" +" (HTTP) Sets a client IP in HAProxy PROXY protocol v1 header at\n" , stdout); fputs( +" the beginning of the connection.\n" +"\n" " For valid requests, IPv4 addresses must be indicated as a series\n" " of exactly 4 integers in the range [0..255] inclusive written in\n" " decimal representation separated by exactly one dot between each\n" -" other. Heading zeroes are not permitted in front of numbers in\n" -" order to avoid any possible confusion with octal numbers. IPv6\n" -" addresses must be indicated as series of 4 hexadecimal digits\n" +" other. Heading zeroes are not permitted in front of numbers in\n" +" order to avoid any possible confusion with octal numbers. IPv6\n" , stdout); fputs( -" (upper or lower case) delimited by colons between each other,\n" -" with the acceptance of one double colon sequence to replace the\n" +" addresses must be indicated as series of 4 hexadecimal digits\n" +" (upper or lower case) delimited by colons between each other,\n" +" with the acceptance of one double colon sequence to replace the\n" " largest acceptable range of consecutive zeroes. The total number\n" " of decoded bits must exactly be 128.\n" "\n" -" Otherwise, any string can be accepted for the client IP and get\n" +" Otherwise, any string can be accepted for the client IP and get\n" " sent.\n" "\n" -" It replaces --haproxy-protocol if used, it is not necessary to\n" , stdout); fputs( +" It replaces --haproxy-protocol if used, it is not necessary to\n" " specify both flags.\n" "\n" -" This option is primarily useful when sending test requests to\n" -" verify a service is working as intended.\n" -"\n" " If --haproxy-clientip is provided several times, the last set\n" " value is used.\n" "\n" @@ -2253,20 +2268,20 @@ void hugehelp(void) " See also -x, --proxy. Added in 8.2.0.\n" "\n" " --haproxy-protocol\n" +" (HTTP) Send a HAProxy PROXY protocol v1 header at the beginning\n" , stdout); fputs( -" (HTTP) Send a HAProxy PROXY protocol v1 header at the beginning\n" " of the connection. This is used by some load balancers and re-\n" " verse proxies to indicate the client's true IP address and port.\n" " This option is primarily useful when sending test requests to a\n" " service that expects this header.\n" "\n" " Providing --haproxy-protocol multiple times has no extra effect.\n" -, stdout); - fputs( " Disable it again with --no-haproxy-protocol.\n" "\n" " Example:\n" +, stdout); + fputs( " curl --haproxy-protocol https://example.com\n" "\n" " See also -x, --proxy. Added in 7.60.0.\n" @@ -2275,12 +2290,12 @@ void hugehelp(void) " (HTTP FTP FILE) Fetch the headers only! HTTP-servers feature the\n" " command HEAD which this uses to get nothing but the header of a\n" " document. When used on an FTP or FILE file, curl displays the\n" -, stdout); - fputs( " file size and last modification time only.\n" "\n" -" Providing -I, --head multiple times has no extra effect. Dis-\n" -" able it again with --no-head.\n" +, stdout); + fputs( +" Providing --head multiple times has no extra effect. Disable it\n" +" again with --no-head.\n" "\n" " Example:\n" " curl -I https://example.com\n" @@ -2288,47 +2303,49 @@ void hugehelp(void) " See also -G, --get, -v, --verbose and --trace-ascii.\n" "\n" " -H, --header
\n" -" (HTTP IMAP SMTP) Extra header to include in information sent.\n" -, stdout); - fputs( +" (HTTP IMAP SMTP) Extra header to include in information sent.\n" " When used within an HTTP request, it is added to the regular re-\n" " quest headers.\n" "\n" +, stdout); + fputs( " For an IMAP or SMTP MIME uploaded mail built with -F, --form op-\n" -" tions, it is prepended to the resulting MIME document, effec-\n" +" tions, it is prepended to the resulting MIME document, effec-\n" " tively including it at the mail global level. It does not affect\n" " raw uploaded mails (Added in 7.56.0).\n" "\n" -" You may specify any number of extra headers. Note that if you\n" +" You may specify any number of extra headers. Note that if you\n" +" should add a custom header that has the same name as one of the\n" , stdout); fputs( -" should add a custom header that has the same name as one of the\n" " internal ones curl would use, your externally set header is used\n" " instead of the internal one. This allows you to make even trick-\n" -" ier stuff than curl would normally do. You should not replace\n" -" internally set headers without knowing perfectly well what you\n" -" are doing. Remove an internal header by giving a replacement\n" +" ier stuff than curl would normally do. You should not replace\n" +" internally set headers without knowing perfectly well what you\n" +" are doing. Remove an internal header by giving a replacement\n" +" without content on the right side of the colon, as in: -H\n" , stdout); fputs( -" without content on the right side of the colon, as in: -H\n" -" \"Host:\". If you send the custom header with no-value then its\n" -" header must be terminated with a semicolon, such as -H \"X-Cus-\n" +" \"Host:\". If you send the custom header with no-value then its\n" +" header must be terminated with a semicolon, such as \\-H \"X-Cus-\n" " tom-Header;\" to send \"X-Custom-Header:\".\n" "\n" -" curl makes sure that each header you add/replace is sent with\n" +" curl makes sure that each header you add/replace is sent with\n" " the proper end-of-line marker, you should thus not add that as a\n" +" part of the header content: do not add newlines or carriage re-\n" , stdout); fputs( -" part of the header content: do not add newlines or carriage re-\n" -" turns, they only mess things up for you.\n" +" turns, they only mess things up for you. curl passes on the ver-\n" +" batim string you give it without any filter or other safe\n" +" guards. That includes white space and control characters.\n" "\n" " This option can take an argument in @filename style, which then\n" " adds a header for each line in the input file. Using @- makes\n" " curl read the header file from stdin. Added in 7.55.0.\n" "\n" -" Please note that most anti-spam utilities check the presence and\n" , stdout); fputs( +" Please note that most anti-spam utilities check the presence and\n" " value of several MIME mail headers: these are \"From:\", \"To:\",\n" " \"Date:\" and \"Subject:\" among others and should be added with\n" " this option.\n" @@ -2337,9 +2354,9 @@ void hugehelp(void) " HTTP proxy. Added in 7.37.0.\n" "\n" " Passing on a \"Transfer-Encoding: chunked\" header when doing an\n" -" HTTP request with a request body, makes curl send the data using\n" , stdout); fputs( +" HTTP request with a request body, makes curl send the data using\n" " chunked encoding.\n" "\n" " WARNING: headers set with this option are set in all HTTP re-\n" @@ -2347,11 +2364,10 @@ void hugehelp(void) " -L, --location. This can lead to the header being sent to other\n" " hosts than the original host, so sensitive headers should be\n" " used with caution combined with following redirects.\n" -"\n" -" -H, --header can be used several times in a command line\n" -"\n" , stdout); fputs( +" --header can be used several times in a command line\n" +"\n" " Examples:\n" " curl -H \"X-First-Name: Joe\" https://example.com\n" " curl -H \"User-Agent: yes-please/2000\" https://example.com\n" @@ -2361,11 +2377,11 @@ void hugehelp(void) " See also -A, --user-agent and -e, --referer.\n" "\n" " -h, --help \n" +, stdout); + fputs( " Usage help. This lists all curl command line options within the\n" " given category.\n" "\n" -, stdout); - fputs( " If no argument is provided, curl displays only the most impor-\n" " tant command line arguments.\n" "\n" @@ -2379,25 +2395,25 @@ void hugehelp(void) "\n" " See also -v, --verbose.\n" "\n" -" --hostpubmd5 \n" -" (SFTP SCP) Pass a string containing 32 hexadecimal digits. The\n" , stdout); fputs( +" --hostpubmd5 \n" +" (SFTP SCP) Pass a string containing 32 hexadecimal digits. The\n" " string should be the 128 bit MD5 checksum of the remote host's\n" " public key, curl refuses the connection with the host unless the\n" -" md5sums match.\n" +" checksums match.\n" "\n" " If --hostpubmd5 is provided several times, the last set value is\n" " used.\n" "\n" " Example:\n" +, stdout); + fputs( " curl --hostpubmd5 e5c1c49020640a5ab0f2034854c321a8 sftp://example.com/\n" "\n" " See also --hostpubsha256.\n" "\n" " --hostpubsha256 \n" -, stdout); - fputs( " (SFTP SCP) Pass a string containing a Base64-encoded SHA256 hash\n" " of the remote host's public key. Curl refuses the connection\n" " with the host unless the hashes match.\n" @@ -2405,11 +2421,11 @@ void hugehelp(void) " This feature requires libcurl to be built with libssh2 and does\n" " not work with other SSH backends.\n" "\n" +, stdout); + fputs( " If --hostpubsha256 is provided several times, the last set value\n" " is used.\n" " Example:\n" -, stdout); - fputs( " curl --hostpubsha256 NDVkMTQxMGQ1ODdmMjQ3MjczYjAyOTY5MmRkMjVmNDQ= sftp://example.com/\n" "\n" " See also --hostpubmd5. Added in 7.80.0.\n" @@ -2417,21 +2433,21 @@ void hugehelp(void) " --hsts \n" " (HTTPS) This option enables HSTS for the transfer. If the file\n" " name points to an existing HSTS cache file, that is used. After\n" +, stdout); + fputs( " a completed transfer, the cache is saved to the file name again\n" " if it has been modified.\n" "\n" -, stdout); - fputs( " If curl is told to use HTTP:// for a transfer involving a host\n" " name that exists in the HSTS cache, it upgrades the transfer to\n" " use HTTPS. Each HSTS cache entry has an individual life time af-\n" " ter which the upgrade is no longer performed.\n" "\n" " Specify a \"\" file name (zero length) to avoid loading/saving and\n" -" make curl just handle HSTS in memory.\n" -"\n" , stdout); fputs( +" make curl just handle HSTS in memory.\n" +"\n" " If this option is used several times, curl loads contents from\n" " all the files but the last one is used for saving.\n" " --hsts can be used several times in a command line\n" @@ -2466,7 +2482,7 @@ void hugehelp(void) " (HTTP) Tells curl to use HTTP version 1.0 instead of using its\n" " internally preferred HTTP version.\n" "\n" -" Providing -0, --http1.0 multiple times has no extra effect.\n" +" Providing --http1.0 multiple times has no extra effect.\n" "\n" " Example:\n" " curl --http1.0 https://example.com\n" @@ -2541,17 +2557,14 @@ void hugehelp(void) " --http2-prior-knowledge and --http3.\n" "\n" " --http3-only\n" -" (HTTP) **WARNING**: this option is experimental. Do not use in\n" -" production.\n" +" (HTTP) Instructs curl to use HTTP/3 to the host in the URL, with\n" +" no fallback to earlier HTTP versions. HTTP/3 can only be used\n" +" for HTTPS and not for HTTP URLs. For HTTP, this option triggers\n" +" an error.\n" "\n" -" Instructs curl to use HTTP/3 to the host in the URL, with no\n" -" fallback to earlier HTTP versions. HTTP/3 can only be used for\n" -" HTTPS and not for HTTP URLs. For HTTP, this option triggers an\n" +" This option allows a user to avoid using the Alt-Svc method of\n" , stdout); fputs( -" error.\n" -"\n" -" This option allows a user to avoid using the Alt-Svc method of\n" " upgrading to HTTP/3 when you know that the target speaks HTTP/3\n" " on the given host and port.\n" "\n" @@ -2559,133 +2572,132 @@ void hugehelp(void) " tablished, it does not attempt any other HTTP versions on its\n" " own. Use --http3 for similar functionality with a fallback.\n" "\n" -, stdout); - fputs( " Providing --http3-only multiple times has no extra effect.\n" "\n" " Example:\n" -" curl --http3-only https://example.com\n" +, stdout); + fputs( +" curl --http3-only https://example.com\n" "\n" " See also --http1.1, --http2 and --http3. --http3-only requires\n" " that the underlying libcurl was built to support HTTP/3. This\n" " option is mutually exclusive to --http1.1 and -0, --http1.0 and\n" " --http2 and --http2-prior-knowledge and --http3. Added in\n" " 7.88.0.\n" -, stdout); - fputs( " --http3\n" -" (HTTP) **WARNING**: this option is experimental. Do not use in\n" -" production.\n" -"\n" -" Tells curl to try HTTP/3 to the host in the URL, but fallback to\n" -" earlier HTTP versions if the HTTP/3 connection establishment\n" -" fails. HTTP/3 is only available for HTTPS and not for HTTP URLs.\n" -" This option allows a user to avoid using the Alt-Svc method of\n" +" (HTTP) Tells curl to try HTTP/3 to the host in the URL, but\n" , stdout); fputs( -" upgrading to HTTP/3 when you know that the target speaks HTTP/3\n" +" fallback to earlier HTTP versions if the HTTP/3 connection es-\n" +" tablishment fails. HTTP/3 is only available for HTTPS and not\n" +" for HTTP URLs.\n" +"\n" +" This option allows a user to avoid using the Alt-Svc method of\n" +" upgrading to HTTP/3 when you know that the target speaks HTTP/3\n" " on the given host and port.\n" "\n" -" When asked to use HTTP/3, curl issues a separate attempt to use\n" +" When asked to use HTTP/3, curl issues a separate attempt to use\n" +, stdout); + fputs( " older HTTP versions with a slight delay, so if the HTTP/3 trans-\n" -" fer fails or is slow, curl still tries to proceed with an older\n" +" fer fails or is slow, curl still tries to proceed with an older\n" " HTTP version.\n" "\n" " Use --http3-only for similar functionality without a fallback.\n" "\n" -, stdout); - fputs( " Providing --http3 multiple times has no extra effect.\n" "\n" " Example:\n" " curl --http3 https://example.com\n" "\n" " See also --http1.1 and --http2. --http3 requires that the under-\n" -" lying libcurl was built to support HTTP/3. This option is mutu-\n" -" ally exclusive to --http1.1 and -0, --http1.0 and --http2 and\n" +, stdout); + fputs( +" lying libcurl was built to support HTTP/3. This option is mutu-\n" +" ally exclusive to --http1.1 and -0, --http1.0 and --http2 and\n" " --http2-prior-knowledge and --http3-only. Added in 7.66.0.\n" "\n" " --ignore-content-length\n" +" (FTP HTTP) For HTTP, Ignore the Content-Length header. This is\n" +" particularly useful for servers running Apache 1.x, which re-\n" +" ports incorrect Content-Length for files larger than 2 giga-\n" , stdout); fputs( -" (FTP HTTP) For HTTP, Ignore the Content-Length header. This is\n" -" particularly useful for servers running Apache 1.x, which re-\n" -" ports incorrect Content-Length for files larger than 2 giga-\n" " bytes.\n" "\n" " For FTP, this makes curl skip the SIZE command to figure out the\n" " size before downloading a file.\n" "\n" -" This option does not work for HTTP if libcurl was built to use\n" +" This option does not work for HTTP if libcurl was built to use\n" " hyper.\n" "\n" -, stdout); - fputs( -" Providing --ignore-content-length multiple times has no extra\n" +" Providing --ignore-content-length multiple times has no extra\n" " effect. Disable it again with --no-ignore-content-length.\n" "\n" " Example:\n" " curl --ignore-content-length https://example.com\n" "\n" +, stdout); + fputs( " See also --ftp-skip-pasv-ip.\n" "\n" " -i, --include\n" -" Include the HTTP response headers in the output. The HTTP re-\n" -" sponse headers can include things like server name, cookies,\n" -, stdout); - fputs( -" date of the document, HTTP version and more...\n" +" (HTTP FTP) Include response headers in the output. HTTP response\n" +" headers can include things like server name, cookies, date of\n" +" the document, HTTP version and more... With non-HTTP protocols,\n" +" the \"headers\" are other server communication.\n" "\n" " To view the request headers, consider the -v, --verbose option.\n" "\n" +, stdout); + fputs( " Prior to 7.75.0 curl did not print the headers if -f, --fail was\n" -" used in combination with this option and there was error re-\n" +" used in combination with this option and there was error re-\n" " ported by server.\n" "\n" -" Providing -i, --include multiple times has no extra effect.\n" -" Disable it again with --no-include.\n" +" Providing --include multiple times has no extra effect. Disable\n" +" it again with --no-include.\n" "\n" " Example:\n" -, stdout); - fputs( " curl -i https://example.com\n" "\n" " See also -v, --verbose.\n" "\n" " -k, --insecure\n" +, stdout); + fputs( " (TLS SFTP SCP) By default, every secure connection curl makes is\n" " verified to be secure before the transfer takes place. This op-\n" " tion makes curl skip the verification step and proceed without\n" " checking.\n" "\n" " When this option is not used for protocols using TLS, curl veri-\n" -, stdout); - fputs( " fies the server's TLS certificate before it continues: that the\n" " certificate contains the right name which matches the host name\n" +, stdout); + fputs( " used in the URL and that the certificate has been signed by a CA\n" " certificate present in the cert store. See this online resource\n" -" for further details:\n" -" https://curl.se/docs/sslcerts.html\n" +" for further details: https://curl.se/docs/sslcerts.html\n" "\n" " For SFTP and SCP, this option makes curl skip the known_hosts\n" -, stdout); - fputs( " verification. known_hosts is a file normally stored in the\n" " user's home directory in the \".ssh\" subdirectory, which contains\n" +, stdout); + fputs( " host names and their public keys.\n" "\n" " WARNING: using this option makes the transfer insecure.\n" "\n" " When curl uses secure protocols it trusts responses and allows\n" " for example HSTS and Alt-Svc information to be stored and used\n" -, stdout); - fputs( " subsequently. Using -k, --insecure can make curl trust and use\n" " such information from malicious servers.\n" "\n" -" Providing -k, --insecure multiple times has no extra effect.\n" -" Disable it again with --no-insecure.\n" +" Providing --insecure multiple times has no extra effect. Dis-\n" +, stdout); + fputs( +" able it again with --no-insecure.\n" "\n" " Example:\n" " curl --insecure https://example.com\n" @@ -2693,19 +2705,17 @@ void hugehelp(void) " See also --proxy-insecure, --cacert and --capath.\n" "\n" " --interface \n" -, stdout); - fputs( " Perform an operation using a specified interface. You can enter\n" " interface name, IP address or host name. An example could look\n" " like:\n" "\n" -" curl --interface eth0:1 https://www.example.com/\n" +" curl --interface eth0:1 https://www.example.com/\n" "\n" +, stdout); + fputs( " On Linux it can be used to specify a VRF, but the binary needs\n" " to either have CAP_NET_RAW or to be run as root. More informa-\n" " tion about Linux VRF: https://www.kernel.org/doc/Documenta-\n" -, stdout); - fputs( " tion/networking/vrf.txt\n" "\n" " If --interface is provided several times, the last set value is\n" @@ -2716,161 +2726,154 @@ void hugehelp(void) "\n" " See also --dns-interface.\n" "\n" -" --ipfs-gateway \n" -" Specifies which gateway to use for IPFS and IPNS URLs. Not\n" -" specifying this argument will let cURL try to automatically\n" , stdout); fputs( -" check if IPFS_GATEWAY environment variable is set, or if\n" -" ~/.ipfs/gateway plain text file exists.\n" -"\n" -" If you run a local IPFS node, this gateway is by default avail-\n" -" able under http://localhost:8080. A full example URL would look\n" -" like:\n" +" --ipfs-gateway \n" +" (IPFS) Specify which gateway to use for IPFS and IPNS URLs. Not\n" +" specifying this will instead make curl check if the IPFS_GATEWAY\n" +" environment variable is set, or if a \"~/.ipfs/gateway\" file\n" +" holding the gateway URL exists.\n" "\n" -" curl --ipfs-gateway http://localhost:8080 ipfs://bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi\n" +" If you run a local IPFS node, this gateway is by default avail-\n" +" able under \"http://localhost:8080\". A full example URL would\n" +" look like:\n" "\n" , stdout); fputs( -" You can also specify publicly available gateways. One such gate-\n" -" way is https://ipfs.io. A full example url would look like:\n" +" curl --ipfs-gateway http://localhost:8080 ipfs://bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi\n" "\n" -" curl --ipfs-gateway https://ipfs.io ipfs://bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi\n" -"\n" -" There are many public IPFS gateways. As a starting point to find\n" -" one that works for your case, consult this page:\n" -"\n" -" https://ipfs.github.io/public-gateway-checker/\n" +" There are many public IPFS gateways. See for example:\n" +" https://ipfs.github.io/public-gateway-checker/\n" "\n" +" WARNING: If you opt to go for a remote gateway you should be\n" +" aware that you completely trust the gateway. This is fine in lo-\n" , stdout); fputs( -" A word of caution! When you opt to go for a remote gateway you\n" -" should be aware that you completely trust the gateway. This is\n" -" fine in local gateways as you host it yourself. With remote\n" -" gateways there could potentially be a malicious actor returning\n" -" you data that does not match the request you made, inspect or\n" -" even interfere with the request. You won't notice this when us-\n" +" cal gateways as you host it yourself. With remote gateways there\n" +" could potentially be a malicious actor returning you data that\n" +" does not match the request you made, inspect or even interfere\n" +" with the request. You will not notice this when using curl. A\n" +" mitigation could be to go for a \"trustless\" gateway. This means\n" +" you locally verify that the data. Consult the docs page on\n" , stdout); fputs( -" ing cURL. A mitigation could be to go for a \"trustless\" gate-\n" -" way. This means you locally verify that the data. Consult the\n" -" docs page on trusted vs trustless: https://docs.ipfs.tech/refer-\n" +" trusted vs trustless: https://docs.ipfs.tech/refer-\n" " ence/http/gateway/#trusted-vs-trustless\n" "\n" -" If --ipfs-gateway is provided several times, the last set value\n" +" If --ipfs-gateway is provided several times, the last set value\n" " is used.\n" " Example:\n" " curl --ipfs-gateway https://example.com ipfs://\n" "\n" -, stdout); - fputs( " See also -h, --help and -M, --manual. Added in 8.4.0.\n" "\n" " -4, --ipv4\n" " This option tells curl to use IPv4 addresses only when resolving\n" +, stdout); + fputs( " host names, and not for example try IPv6.\n" "\n" -" Providing -4, --ipv4 multiple times has no extra effect.\n" +" Providing --ipv4 multiple times has no extra effect.\n" "\n" " Example:\n" " curl --ipv4 https://example.com\n" "\n" -" See also --http1.1 and --http2. This option is mutually exclu-\n" +" See also --http1.1 and --http2. This option is mutually exclu-\n" " sive to -6, --ipv6.\n" "\n" " -6, --ipv6\n" -, stdout); - fputs( " This option tells curl to use IPv6 addresses only when resolving\n" " host names, and not for example try IPv4.\n" "\n" -" Providing -6, --ipv6 multiple times has no extra effect.\n" +, stdout); + fputs( +" Providing --ipv6 multiple times has no extra effect.\n" "\n" " Example:\n" " curl --ipv6 https://example.com\n" "\n" -" See also --http1.1 and --http2. This option is mutually exclu-\n" +" See also --http1.1 and --http2. This option is mutually exclu-\n" " sive to -4, --ipv4.\n" "\n" " --json \n" -" (HTTP) Sends the specified JSON data in a POST request to the\n" -, stdout); - fputs( -" HTTP server. --json works as a shortcut for passing on these\n" +" (HTTP) Sends the specified JSON data in a POST request to the\n" +" HTTP server. --json works as a shortcut for passing on these\n" " three options:\n" "\n" -" --data [arg]\n" -" --header \"Content-Type: application/json\"\n" -" --header \"Accept: application/json\"\n" +" --data [arg]\n" +, stdout); + fputs( +" --header \"Content-Type: application/json\"\n" +" --header \"Accept: application/json\"\n" "\n" -" There is no verification that the passed in data is actual JSON\n" +" There is no verification that the passed in data is actual JSON\n" " or that the syntax is correct.\n" "\n" -" If you start the data with the letter @, the rest should be a\n" +" If you start the data with the letter @, the rest should be a\n" +" file name to read the data from, or a single dash (-) if you\n" +" want curl to read the data from stdin. Posting data from a file\n" , stdout); fputs( -" file name to read the data from, or a single dash (-) if you\n" -" want curl to read the data from stdin. Posting data from a file\n" " named 'foobar' would thus be done with --json @foobar and to in-\n" " stead read the data from stdin, use --json @-.\n" "\n" -" If this option is used more than once on the same command line,\n" -" the additional data pieces are concatenated to the previous be-\n" +" If this option is used more than once on the same command line,\n" +" the additional data pieces are concatenated to the previous be-\n" " fore sending.\n" "\n" -, stdout); - fputs( " The headers this option sets can be overridden with -H, --header\n" " as usual.\n" "\n" " --json can be used several times in a command line\n" "\n" +, stdout); + fputs( " Examples:\n" " curl --json '{ \"drink\": \"coffe\" }' https://example.com\n" " curl --json '{ \"drink\":' --json ' \"coffe\" }' https://example.com\n" " curl --json @prepared https://example.com\n" " curl --json @- https://example.com < json.txt\n" "\n" -, stdout); - fputs( -" See also --data-binary and --data-raw. This option is mutually\n" -" exclusive to -F, --form and -I, --head and -T, --upload-file.\n" +" See also --data-binary and --data-raw. This option is mutually\n" +" exclusive to -F, --form and -I, --head and -T, --upload-file.\n" " Added in 7.82.0.\n" "\n" +, stdout); + fputs( " -j, --junk-session-cookies\n" " (HTTP) When curl is told to read cookies from a given file, this\n" " option makes it discard all \"session cookies\". This has the same\n" -" effect as if a new session is started. Typical browsers discard\n" -, stdout); - fputs( +" effect as if a new session is started. Typical browsers discard\n" " session cookies when they are closed down.\n" "\n" -" Providing -j, --junk-session-cookies multiple times has no extra\n" -" effect. Disable it again with --no-junk-session-cookies.\n" +" Providing --junk-session-cookies multiple times has no extra ef-\n" +" fect. Disable it again with --no-junk-session-cookies.\n" "\n" +, stdout); + fputs( " Example:\n" " curl --junk-session-cookies -b cookies.txt https://example.com\n" "\n" " See also -b, --cookie and -c, --cookie-jar.\n" "\n" " --keepalive-time \n" -" This option sets the time a connection needs to remain idle be-\n" -, stdout); - fputs( -" fore sending keepalive probes and the time between individual\n" +" This option sets the time a connection needs to remain idle be-\n" +" fore sending keepalive probes and the time between individual\n" " keepalive probes. It is currently effective on operating systems\n" -" offering the TCP_KEEPIDLE and TCP_KEEPINTVL socket options\n" -" (meaning Linux, recent AIX, HP-UX and more). Keepalives are\n" -" used by the TCP stack to detect broken networks on idle connec-\n" -" tions. The number of missed keepalive probes before declaring\n" , stdout); fputs( -" the connection down is OS dependent and is commonly 9 or 10.\n" -" This option has no effect if --no-keepalive is used.\n" +" offering the \"TCP_KEEPIDLE\" and \"TCP_KEEPINTVL\" socket options\n" +" (meaning Linux, recent AIX, HP-UX and more). Keepalive is used\n" +" by the TCP stack to detect broken networks on idle connections.\n" +" The number of missed keepalive probes before declaring the con-\n" +" nection down is OS dependent and is commonly 9 or 10. This op-\n" +" tion has no effect if --no-keepalive is used.\n" "\n" +, stdout); + fputs( " If unspecified, the option defaults to 60 seconds.\n" "\n" -" If --keepalive-time is provided several times, the last set\n" +" If --keepalive-time is provided several times, the last set\n" " value is used.\n" "\n" " Example:\n" @@ -2879,13 +2882,13 @@ void hugehelp(void) " See also --no-keepalive and -m, --max-time.\n" "\n" " --key-type \n" +" (TLS) Private key file type. Specify which type your --key pro-\n" , stdout); fputs( -" (TLS) Private key file type. Specify which type your --key pro-\n" -" vided private key is. DER, PEM, and ENG are supported. If not\n" +" vided private key is. DER, PEM, and ENG are supported. If not\n" " specified, PEM is assumed.\n" "\n" -" If --key-type is provided several times, the last set value is\n" +" If --key-type is provided several times, the last set value is\n" " used.\n" "\n" " Example:\n" @@ -2894,28 +2897,28 @@ void hugehelp(void) " See also --key.\n" "\n" " --key \n" +" (TLS SSH) Private key file name. Allows you to provide your pri-\n" , stdout); fputs( -" (TLS SSH) Private key file name. Allows you to provide your pri-\n" -" vate key in this separate file. For SSH, if not specified, curl\n" -" tries the following candidates in order: '~/.ssh/id_rsa',\n" -" '~/.ssh/id_dsa', './id_rsa', './id_dsa'.\n" +" vate key in this separate file. For SSH, if not specified, curl\n" +" tries the following candidates in order: \"~/.ssh/id_rsa\",\n" +" \"~/.ssh/id_dsa\", \"./id_rsa\", \"./id_dsa\".\n" "\n" -" If curl is built against OpenSSL library, and the engine pkcs11\n" +" If curl is built against OpenSSL library, and the engine pkcs11\n" " is available, then a PKCS#11 URI (RFC 7512) can be used to spec-\n" +" ify a private key located in a PKCS#11 device. A string begin-\n" , stdout); fputs( -" ify a private key located in a PKCS#11 device. A string begin-\n" -" ning with \"pkcs11:\" is interpreted as a PKCS#11 URI. If a\n" -" PKCS#11 URI is provided, then the --engine option is set as\n" -" \"pkcs11\" if none was provided and the --key-type option is set\n" +" ning with \"pkcs11:\" is interpreted as a PKCS#11 URI. If a\n" +" PKCS#11 URI is provided, then the --engine option is set as\n" +" \"pkcs11\" if none was provided and the --key-type option is set\n" " as \"ENG\" if none was provided.\n" "\n" -" If curl is built against Secure Transport or Schannel then this\n" +" If curl is built against Secure Transport or Schannel then this\n" +" option is ignored for TLS protocols (HTTPS, etc). Those backends\n" , stdout); fputs( -" option is ignored for TLS protocols (HTTPS, etc). Those backends\n" -" expect the private key to be already present in the keychain or\n" +" expect the private key to be already present in the keychain or\n" " PKCS#12 file containing the certificate.\n" "\n" " If --key is provided several times, the last set value is used.\n" @@ -2926,11 +2929,11 @@ void hugehelp(void) " See also --key-type and -E, --cert.\n" "\n" " --krb \n" +" (FTP) Enable Kerberos authentication and use. The level must be\n" , stdout); fputs( -" (FTP) Enable Kerberos authentication and use. The level must be\n" " entered and should be one of 'clear', 'safe', 'confidential', or\n" -" 'private'. Should you use a level that is not one of these,\n" +" 'private'. Should you use a level that is not one of these,\n" " 'private' is used.\n" "\n" " If --krb is provided several times, the last set value is used.\n" @@ -2938,60 +2941,60 @@ void hugehelp(void) " Example:\n" " curl --krb clear ftp://example.com/\n" "\n" -, stdout); - fputs( -" See also --delegation and --ssl. --krb requires that the under-\n" +" See also --delegation and --ssl. --krb requires that the under-\n" " lying libcurl was built to support Kerberos.\n" "\n" +, stdout); + fputs( " --libcurl \n" -" Append this option to any ordinary curl command line, and you\n" -" get libcurl-using C source code written to the file that does\n" +" Append this option to any ordinary curl command line, and you\n" +" get libcurl-using C source code written to the file that does\n" " the equivalent of what your command-line operation does!\n" "\n" " This option is global and does not need to be specified for each\n" -, stdout); - fputs( " use of --next.\n" "\n" -" If --libcurl is provided several times, the last set value is\n" +" If --libcurl is provided several times, the last set value is\n" " used.\n" "\n" " Example:\n" +, stdout); + fputs( " curl --libcurl client.c https://example.com\n" "\n" " See also -v, --verbose.\n" "\n" " --limit-rate \n" -" Specify the maximum transfer rate you want curl to use - for\n" +" Specify the maximum transfer rate you want curl to use - for\n" " both downloads and uploads. This feature is useful if you have a\n" -, stdout); - fputs( -" limited pipe and you would like your transfer not to use your\n" +" limited pipe and you would like your transfer not to use your\n" " entire bandwidth. To make it slower than it otherwise would be.\n" "\n" -" The given speed is measured in bytes/second, unless a suffix is\n" -" appended. Appending 'k' or 'K' counts the number as kilobytes,\n" -" 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it giga-\n" -" bytes. The suffixes (k, M, G, T, P) are 1024 based. For example\n" , stdout); fputs( +" The given speed is measured in bytes/second, unless a suffix is\n" +" appended. Appending 'k' or 'K' counts the number as kilobytes,\n" +" 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it giga-\n" +" bytes. The suffixes (k, M, G, T, P) are 1024 based. For example\n" " 1k is 1024. Examples: 200K, 3m and 1G.\n" "\n" " The rate limiting logic works on averaging the transfer speed to\n" -" no more than the set threshold over a period of multiple sec-\n" +, stdout); + fputs( +" no more than the set threshold over a period of multiple sec-\n" " onds.\n" "\n" -" If you also use the -Y, --speed-limit option, that option takes\n" +" If you also use the -Y, --speed-limit option, that option takes\n" " precedence and might cripple the rate-limiting slightly, to help\n" " keeping the speed-limit logic working.\n" "\n" -, stdout); - fputs( " If --limit-rate is provided several times, the last set value is\n" " used.\n" "\n" " Examples:\n" " curl --limit-rate 100K https://example.com\n" +, stdout); + fputs( " curl --limit-rate 1000 https://example.com\n" " curl --limit-rate 10M https://example.com\n" "\n" @@ -2999,52 +3002,52 @@ void hugehelp(void) "\n" " -l, --list-only\n" " (FTP POP3 SFTP) (FTP) When listing an FTP directory, this switch\n" +" forces a name-only view. This is especially useful if the user\n" +" wants to machine-parse the contents of an FTP directory since\n" , stdout); fputs( -" forces a name-only view. This is especially useful if the user\n" -" wants to machine-parse the contents of an FTP directory since\n" -" the normal directory view does not use a standard look or for-\n" -" mat. When used like this, the option causes an NLST command to\n" +" the normal directory view does not use a standard look or for-\n" +" mat. When used like this, the option causes an NLST command to\n" " be sent to the server instead of LIST.\n" "\n" -" Note: Some FTP servers list only files in their response to\n" -, stdout); - fputs( +" Note: Some FTP servers list only files in their response to\n" " NLST; they do not include sub-directories and symbolic links.\n" "\n" -" (SFTP) When listing an SFTP directory, this switch forces a\n" -" name-only view, one per line. This is especially useful if the\n" -" user wants to machine-parse the contents of an SFTP directory\n" -" since the normal directory view provides more information than\n" +" (SFTP) When listing an SFTP directory, this switch forces a\n" +, stdout); + fputs( +" name-only view, one per line. This is especially useful if the\n" +" user wants to machine-parse the contents of an SFTP directory\n" +" since the normal directory view provides more information than\n" " just file names.\n" "\n" +" (POP3) When retrieving a specific email from POP3, this switch\n" +" forces a LIST command to be performed instead of RETR. This is\n" , stdout); fputs( -" (POP3) When retrieving a specific email from POP3, this switch\n" -" forces a LIST command to be performed instead of RETR. This is\n" -" particularly useful if the user wants to see if a specific mes-\n" +" particularly useful if the user wants to see if a specific mes-\n" " sage-id exists on the server and what size it is.\n" "\n" -" Note: When combined with -X, --request, this option can be used\n" -" to send a UIDL command instead, so the user may use the email's\n" -, stdout); - fputs( -" unique identifier rather than its message-id to make the re-\n" +" Note: When combined with -X, --request, this option can be used\n" +" to send a UIDL command instead, so the user may use the email's\n" +" unique identifier rather than its message-id to make the re-\n" " quest.\n" "\n" -" Providing -l, --list-only multiple times has no extra effect.\n" -" Disable it again with --no-list-only.\n" +" Providing --list-only multiple times has no extra effect. Dis-\n" +, stdout); + fputs( +" able it again with --no-list-only.\n" "\n" " Example:\n" " curl --list-only ftp://example.com/dir/\n" " See also -Q, --quote and -X, --request.\n" "\n" " --local-port \n" -" Set a preferred single number or range (FROM-TO) of local port\n" +" Set a preferred single number or range (FROM-TO) of local port\n" +" numbers to use for the connection(s). Note that port numbers by\n" +" nature are a scarce resource so setting this range to something\n" , stdout); fputs( -" numbers to use for the connection(s). Note that port numbers by\n" -" nature are a scarce resource so setting this range to something\n" " too narrow might cause unnecessary connection setup failures.\n" "\n" " If --local-port is provided several times, the last set value is\n" @@ -3056,88 +3059,89 @@ void hugehelp(void) " See also -g, --globoff.\n" "\n" " --location-trusted\n" -, stdout); - fputs( " (HTTP) Like -L, --location, but allows sending the name + pass-\n" " word to all hosts that the site may redirect to. This may or may\n" +, stdout); + fputs( " not introduce a security breach if the site redirects you to a\n" -" site to which you send your authentication info (which is plain-\n" -" text in the case of HTTP Basic authentication).\n" +" site to which you send your authentication info (which is\n" +" clear-text in the case of HTTP Basic authentication).\n" "\n" " Providing --location-trusted multiple times has no extra effect.\n" -, stdout); - fputs( " Disable it again with --no-location-trusted.\n" "\n" " Example:\n" " curl --location-trusted -u user:password https://example.com\n" "\n" +, stdout); + fputs( " See also -u, --user.\n" "\n" " -L, --location\n" -" (HTTP) If the server reports that the requested page has moved\n" +" (HTTP) If the server reports that the requested page has moved\n" " to a different location (indicated with a Location: header and a\n" -" 3XX response code), this option makes curl redo the request on\n" -, stdout); - fputs( -" the new place. If used together with -i, --include or -I,\n" +" 3XX response code), this option makes curl redo the request on\n" +" the new place. If used together with -i, --include or -I,\n" " --head, headers from all requested pages are shown.\n" "\n" -" When authentication is used, curl only sends its credentials to\n" -" the initial host. If a redirect takes curl to a different host,\n" -" it does not get the user+password pass on. See also --loca-\n" -" tion-trusted on how to change this.\n" -"\n" , stdout); fputs( -" Limit the amount of redirects to follow by using the\n" -" --max-redirs option.\n" +" When authentication is used, curl only sends its credentials to\n" +" the initial host. If a redirect takes curl to a different host,\n" +" it does not get the user+password pass on. See also --loca-\n" +" tion-trusted on how to change this.\n" "\n" -" When curl follows a redirect and if the request is a POST, it\n" -" sends the following request with a GET if the HTTP response was\n" -" 301, 302, or 303. If the response code was any other 3xx code,\n" -" curl resends the following request using the same unmodified\n" -" method.\n" +" Limit the amount of redirects to follow by using the\n" +" --max-redirs option.\n" "\n" +" When curl follows a redirect and if the request is a POST, it\n" , stdout); fputs( +" sends the following request with a GET if the HTTP response was\n" +" 301, 302, or 303. If the response code was any other 3xx code,\n" +" curl resends the following request using the same unmodified\n" +" method.\n" +"\n" " You can tell curl to not change POST requests to GET after a 30x\n" -" response by using the dedicated options for that: --post301,\n" +" response by using the dedicated options for that: --post301,\n" " --post302 and --post303.\n" "\n" -" The method set with -X, --request overrides the method curl\n" +, stdout); + fputs( +" The method set with -X, --request overrides the method curl\n" " would otherwise select to use.\n" "\n" -" Providing -L, --location multiple times has no extra effect.\n" -" Disable it again with --no-location.\n" +" Providing --location multiple times has no extra effect. Dis-\n" +" able it again with --no-location.\n" "\n" " Example:\n" -, stdout); - fputs( " curl -L https://example.com\n" "\n" " See also --resolve and --alt-svc.\n" "\n" " --login-options \n" -" (IMAP LDAP POP3 SMTP) Specify the login options to use during\n" +" (IMAP LDAP POP3 SMTP) Specify the login options to use during\n" +, stdout); + fputs( " server authentication.\n" "\n" -" You can use login options to specify protocol specific options\n" -" that may be used during authentication. At present only IMAP,\n" -" POP3 and SMTP support login options. For more information about\n" +" You can use login options to specify protocol specific options\n" +" that may be used during authentication. At present only IMAP,\n" +" POP3 and SMTP support login options. For more information about\n" +" login options please see RFC 2384, RFC 5092 and the IETF draft\n" +" https://datatracker.ietf.org/doc/html/draft-earhart-url-smtp-00\n" +"\n" , stdout); fputs( -" login options please see RFC 2384, RFC 5092 and the IETF draft\n" -" https://datatracker.ietf.org/doc/html/draft-earhart-url-smtp-00.\n" -" Since 8.2.0, IMAP supports the login option \"AUTH=+LOGIN\". With\n" -" this option, curl uses the plain (not SASL) LOGIN IMAP command\n" +" Since 8.2.0, IMAP supports the login option \"AUTH=+LOGIN\". With\n" +" this option, curl uses the plain (not SASL) \"LOGIN IMAP\" command\n" " even if the server advertises SASL authentication. Care should\n" " be taken in using this option, as it sends your password over\n" -, stdout); - fputs( " the network in plain text. This does not work if the IMAP server\n" -" disables the plain LOGIN (e.g. to prevent password snooping).\n" +" disables the plain \"LOGIN\" (e.g. to prevent password snooping).\n" "\n" +, stdout); + fputs( " If --login-options is provided several times, the last set value\n" " is used.\n" " Example:\n" @@ -3147,11 +3151,11 @@ void hugehelp(void) "\n" " --mail-auth
\n" " (SMTP) Specify a single address. This is used to specify the au-\n" -, stdout); - fputs( " thentication address (identity) of a submitted message that is\n" " being relayed to another server.\n" "\n" +, stdout); + fputs( " If --mail-auth is provided several times, the last set value is\n" " used.\n" "\n" @@ -3162,13 +3166,13 @@ void hugehelp(void) "\n" " --mail-from
\n" " (SMTP) Specify a single address that the given mail should get\n" -, stdout); - fputs( " sent from.\n" "\n" " If --mail-from is provided several times, the last set value is\n" " used.\n" "\n" +, stdout); + fputs( " Example:\n" " curl --mail-from user@example.com -T mail smtp://example.com/\n" "\n" @@ -3177,21 +3181,21 @@ void hugehelp(void) " --mail-rcpt-allowfails\n" " (SMTP) When sending data to multiple recipients, by default curl\n" " aborts SMTP conversation if at least one of the recipients\n" -, stdout); - fputs( " causes RCPT TO command to return an error.\n" "\n" " The default behavior can be changed by passing --mail-rcpt-al-\n" +, stdout); + fputs( " lowfails command-line option which makes curl ignore errors and\n" " proceed with the remaining valid recipients.\n" "\n" " If all recipients trigger RCPT TO failures and this flag is\n" " specified, curl still aborts the SMTP conversation and returns\n" -, stdout); - fputs( " the error received from to the last RCPT TO command.\n" "\n" " Providing --mail-rcpt-allowfails multiple times has no extra ef-\n" +, stdout); + fputs( " fect. Disable it again with --no-mail-rcpt-allowfails.\n" "\n" " Example:\n" @@ -3201,23 +3205,23 @@ void hugehelp(void) "\n" " --mail-rcpt
\n" " (SMTP) Specify a single email address, user name or mailing list\n" -, stdout); - fputs( " name. Repeat this option several times to send to multiple re-\n" " cipients.\n" "\n" +, stdout); + fputs( " When performing an address verification (VRFY command), the re-\n" " cipient should be specified as the user name or user name and\n" " domain (as per Section 3.5 of RFC 5321).\n" "\n" " When performing a mailing list expand (EXPN command), the recip-\n" " ient should be specified using the mailing list name, such as\n" -, stdout); - fputs( " \"Friends\" or \"London-Office\".\n" "\n" " --mail-rcpt can be used several times in a command line\n" "\n" +, stdout); + fputs( " Example:\n" " curl --mail-rcpt user@example.net smtp://example.com\n" "\n" @@ -3232,19 +3236,19 @@ void hugehelp(void) " See also -v, --verbose, --libcurl and --trace.\n" "\n" " --max-filesize \n" +" (FTP HTTP MQTT) Specify the maximum size (in bytes) of a file to\n" , stdout); fputs( -" (FTP HTTP MQTT) Specify the maximum size (in bytes) of a file to\n" " download. If the file requested is larger than this value, the\n" " transfer does not start and curl returns with exit code 63.\n" "\n" " A size modifier may be used. For example, Appending 'k' or 'K'\n" " counts the number as kilobytes, 'm' or 'M' makes it megabytes,\n" " while 'g' or 'G' makes it gigabytes. Examples: 200K, 3m and 1G.\n" -, stdout); - fputs( " (Added in 7.58.0)\n" "\n" +, stdout); + fputs( " NOTE: before curl 8.4.0, when the file size is not known prior\n" " to download, for such files this option has no effect even if\n" " the file transfer ends up being larger than this given limit.\n" @@ -3253,10 +3257,10 @@ void hugehelp(void) " reaches the threshold during transfer.\n" "\n" " If --max-filesize is provided several times, the last set value\n" -, stdout); - fputs( " is used.\n" " Example:\n" +, stdout); + fputs( " curl --max-filesize 100K https://example.com\n" "\n" " See also --limit-rate.\n" @@ -3267,9 +3271,9 @@ void hugehelp(void) " redirects, by default, the limit is set to 50 redirects. Set\n" " this option to -1 to make it unlimited.\n" "\n" +" If --max-redirs is provided several times, the last set value is\n" , stdout); fputs( -" If --max-redirs is provided several times, the last set value is\n" " used.\n" "\n" " Example:\n" @@ -3280,23 +3284,23 @@ void hugehelp(void) " -m, --max-time \n" " Maximum time in seconds that you allow each transfer to take.\n" " This is useful for preventing your batch jobs from hanging for\n" -, stdout); - fputs( " hours due to slow networks or links going down. This option ac-\n" " cepts decimal values.\n" "\n" +, stdout); + fputs( " If you enable retrying the transfer (--retry) then the maximum\n" " time counter is reset each time the transfer is retried. You can\n" " use --retry-max-time to limit the retry time.\n" "\n" " The decimal value needs to provided using a dot (.) as decimal\n" " separator - not the local version even if it might be using an-\n" -, stdout); - fputs( " other separator.\n" "\n" -" If -m, --max-time is provided several times, the last set value\n" -" is used.\n" +" If --max-time is provided several times, the last set value is\n" +, stdout); + fputs( +" used.\n" "\n" " Examples:\n" " curl --max-time 10 https://example.com\n" @@ -3306,11 +3310,11 @@ void hugehelp(void) "\n" " --metalink\n" " This option was previously used to specify a Metalink resource.\n" -, stdout); - fputs( " Metalink support is disabled in curl for security reasons (added\n" " in 7.78.0).\n" "\n" +, stdout); + fputs( " If --metalink is provided several times, the last set value is\n" " used.\n" "\n" @@ -3323,10 +3327,10 @@ void hugehelp(void) " (HTTP) Enables Negotiate (SPNEGO) authentication.\n" "\n" " This option requires a library built with GSS-API or SSPI sup-\n" -, stdout); - fputs( " port. Use -V, --version to see if your curl supports\n" " GSS-API/SSPI or SPNEGO.\n" +, stdout); + fputs( "\n" " When using this option, you must also provide a fake -u, --user\n" " option to activate the authentication code properly. Sending a\n" @@ -3335,11 +3339,11 @@ void hugehelp(void) "\n" " Providing --negotiate multiple times has no extra effect.\n" "\n" -, stdout); - fputs( " Example:\n" " curl --negotiate -u : https://example.com\n" "\n" +, stdout); + fputs( " See also --basic, --ntlm, --anyauth and --proxy-negotiate.\n" "\n" " --netrc-file \n" @@ -3349,10 +3353,10 @@ void hugehelp(void) "\n" " It abides by --netrc-optional if specified.\n" "\n" -, stdout); - fputs( " If --netrc-file is provided several times, the last set value is\n" " used.\n" +, stdout); + fputs( "\n" " Example:\n" " curl --netrc-file netrc https://example.com\n" @@ -3364,9 +3368,9 @@ void hugehelp(void) " Similar to -n, --netrc, but this option makes the .netrc usage\n" " optional and not mandatory as the -n, --netrc option does.\n" "\n" +" Providing --netrc-optional multiple times has no extra effect.\n" , stdout); fputs( -" Providing --netrc-optional multiple times has no extra effect.\n" " Disable it again with --no-netrc-optional.\n" "\n" " Example:\n" @@ -3378,146 +3382,146 @@ void hugehelp(void) " -n, --netrc\n" " Makes curl scan the .netrc file in the user's home directory for\n" " login name and password. This is typically used for FTP on Unix.\n" +" If used with HTTP, curl enables user authentication. See\n" , stdout); fputs( -" If used with HTTP, curl enables user authentication. See\n" " netrc(5) and ftp(1) for details on the file format. Curl does\n" " not complain if that file does not have the right permissions\n" " (it should be neither world- nor group-readable). The environ-\n" " ment variable \"HOME\" is used to find the home directory.\n" "\n" " On Windows two filenames in the home directory are checked:\n" +" .netrc and _netrc, preferring the former. Older versions on Win-\n" , stdout); fputs( -" .netrc and _netrc, preferring the former. Older versions on Win-\n" " dows checked for _netrc only.\n" "\n" " A quick and simple example of how to setup a .netrc to allow\n" " curl to FTP to the machine host.domain.com with user name 'my-\n" " self' and password 'secret' could look similar to:\n" "\n" -" machine host.domain.com\n" -" login myself\n" -" password secret\n" +" machine host.domain.com\n" +" login myself\n" +" password secret\n" +"\n" +" Providing --netrc multiple times has no extra effect.\n" +" Disable it again with --no-netrc.\n" "\n" , stdout); fputs( -" Providing -n, --netrc multiple times has no extra effect. Dis-\n" -" able it again with --no-netrc.\n" -"\n" " Example:\n" " curl --netrc https://example.com\n" "\n" -" See also --netrc-file, -K, --config and -u, --user. This option\n" +" See also --netrc-file, -K, --config and -u, --user. This option\n" " is mutually exclusive to --netrc-file and --netrc-optional.\n" "\n" " -:, --next\n" " Tells curl to use a separate operation for the following URL and\n" +" associated options. This allows you to send several URL re-\n" +" quests, each with their own specific options, for example, such\n" , stdout); fputs( -" associated options. This allows you to send several URL re-\n" -" quests, each with their own specific options, for example, such\n" " as different user names or custom requests for each.\n" "\n" -" -:, --next resets all local options and only global ones have\n" -" their values survive over to the operation following the -:,\n" -" --next instruction. Global options include -v, --verbose,\n" -, stdout); - fputs( +" -:, --next resets all local options and only global ones have\n" +" their values survive over to the operation following the -:,\n" +" --next instruction. Global options include -v, --verbose,\n" " --trace, --trace-ascii and --fail-early.\n" "\n" -" For example, you can do both a GET and a POST in a single com-\n" +" For example, you can do both a GET and a POST in a single com-\n" " mand line:\n" "\n" -" curl www1.example.com --next -d postthis www2.example.com\n" +, stdout); + fputs( +" curl www1.example.com --next -d postthis www2.example.com\n" "\n" -" -:, --next can be used several times in a command line\n" +" --next can be used several times in a command line\n" "\n" " Examples:\n" " curl https://example.com --next -d postthis www2.example.com\n" " curl -I https://example.com --next https://example.net/\n" "\n" -, stdout); - fputs( " See also -Z, --parallel and -K, --config.\n" "\n" " --no-alpn\n" -" (HTTPS) Disable the ALPN TLS extension. ALPN is enabled by de-\n" -" fault if libcurl was built with an SSL library that supports\n" -" ALPN. ALPN is used by a libcurl that supports HTTP/2 to negoti-\n" -" ate HTTP/2 support with the server during https sessions.\n" -"\n" -" Note that this is the negated option name documented. You can\n" +" (HTTPS) Disable the ALPN TLS extension. ALPN is enabled by de-\n" , stdout); fputs( +" fault if libcurl was built with an SSL library that supports\n" +" ALPN. ALPN is used by a libcurl that supports HTTP/2 to negoti-\n" +" ate HTTP/2 support with the server during https sessions.\n" +"\n" +" Note that this is the negated option name documented. You can\n" " use --alpn to enable ALPN.\n" "\n" " Providing --no-alpn multiple times has no extra effect. Disable\n" " it again with --alpn.\n" "\n" " Example:\n" +, stdout); + fputs( " curl --no-alpn https://example.com\n" "\n" -" See also --no-npn and --http2. --no-alpn requires that the un-\n" +" See also --no-npn and --http2. --no-alpn requires that the un-\n" " derlying libcurl was built to support TLS.\n" "\n" " -N, --no-buffer\n" " Disables the buffering of the output stream. In normal work sit-\n" +" uations, curl uses a standard buffered output stream that has\n" +" the effect that it outputs the data in chunks, not necessarily\n" , stdout); fputs( -" uations, curl uses a standard buffered output stream that has\n" -" the effect that it outputs the data in chunks, not necessarily\n" -" exactly when the data arrives. Using this option disables that\n" +" exactly when the data arrives. Using this option disables that\n" " buffering.\n" "\n" -" Note that this is the negated option name documented. You can\n" +" Note that this is the negated option name documented. You can\n" " use --buffer to enable buffering again.\n" "\n" -" Providing -N, --no-buffer multiple times has no extra effect.\n" -, stdout); - fputs( -" Disable it again with --buffer.\n" +" Providing --no-buffer multiple times has no extra effect. Dis-\n" +" able it again with --buffer.\n" "\n" " Example:\n" " curl --no-buffer https://example.com\n" "\n" " See also -#, --progress-bar.\n" "\n" -" --no-clobber\n" -" When used in conjunction with the -o, --output, -J, --re-\n" -" mote-header-name, -O, --remote-name, or --remote-name-all op-\n" -" tions, curl avoids overwriting files that already exist. In-\n" , stdout); fputs( -" stead, a dot and a number gets appended to the name of the file\n" -" that would be created, up to filename.100 after which it does\n" +" --no-clobber\n" +" When used in conjunction with the -o, --output, -J, --re-\n" +" mote-header-name, -O, --remote-name, or --remote-name-all op-\n" +" tions, curl avoids overwriting files that already exist. In-\n" +" stead, a dot and a number gets appended to the name of the file\n" +" that would be created, up to filename.100 after which it does\n" " not create any file.\n" "\n" -" Note that this is the negated option name documented. You can\n" -" thus use --clobber to enforce the clobbering, even if -J, --re-\n" +, stdout); + fputs( +" Note that this is the negated option name documented. You can\n" +" thus use --clobber to enforce the clobbering, even if -J, --re-\n" " mote-header-name is specified.\n" "\n" " Providing --no-clobber multiple times has no extra effect. Dis-\n" -, stdout); - fputs( " able it again with --clobber.\n" "\n" " Example:\n" " curl --no-clobber --output local/dir/file https://example.com\n" +, stdout); + fputs( " See also -o, --output and -O, --remote-name. Added in 7.83.0.\n" "\n" " --no-keepalive\n" -" Disables the use of keepalive messages on the TCP connection.\n" +" Disables the use of keepalive messages on the TCP connection.\n" " curl otherwise enables them by default.\n" "\n" -" Note that this is the negated option name documented. You can\n" -, stdout); - fputs( +" Note that this is the negated option name documented. You can\n" " thus use --keepalive to enforce keepalive.\n" "\n" -" Providing --no-keepalive multiple times has no extra effect.\n" +" Providing --no-keepalive multiple times has no extra effect.\n" " Disable it again with --keepalive.\n" "\n" +, stdout); + fputs( " Example:\n" " curl --no-keepalive https://example.com\n" "\n" @@ -3527,57 +3531,55 @@ void hugehelp(void) " (HTTPS) curl never uses NPN, this option has no effect (added in\n" " 7.86.0).\n" "\n" +" Disable the NPN TLS extension. NPN is enabled by default if\n" +" libcurl was built with an SSL library that supports NPN. NPN is\n" +" used by a libcurl that supports HTTP/2 to negotiate HTTP/2 sup-\n" , stdout); fputs( -" Disable the NPN TLS extension. NPN is enabled by default if\n" -" libcurl was built with an SSL library that supports NPN. NPN is\n" -" used by a libcurl that supports HTTP/2 to negotiate HTTP/2 sup-\n" " port with the server during https sessions.\n" "\n" -" Providing --no-npn multiple times has no extra effect. Disable\n" +" Providing --no-npn multiple times has no extra effect. Disable\n" " it again with --npn.\n" "\n" " Example:\n" " curl --no-npn https://example.com\n" "\n" -, stdout); - fputs( -" See also --no-alpn and --http2. --no-npn requires that the un-\n" +" See also --no-alpn and --http2. --no-npn requires that the un-\n" " derlying libcurl was built to support TLS.\n" "\n" " --no-progress-meter\n" " Option to switch off the progress meter output without muting or\n" -" otherwise affecting warning and informational messages like -s,\n" -" --silent does.\n" -"\n" -" Note that this is the negated option name documented. You can\n" , stdout); fputs( +" otherwise affecting warning and informational messages like -s,\n" +" --silent does.\n" +"\n" +" Note that this is the negated option name documented. You can\n" " thus use --progress-meter to enable the progress meter again.\n" "\n" -" Providing --no-progress-meter multiple times has no extra ef-\n" +" Providing --no-progress-meter multiple times has no extra ef-\n" " fect. Disable it again with --progress-meter.\n" "\n" " Example:\n" " curl --no-progress-meter -o store https://example.com\n" "\n" +, stdout); + fputs( " See also -v, --verbose and -s, --silent. Added in 7.67.0.\n" "\n" " --no-sessionid\n" -" (TLS) Disable curl's use of SSL session-ID caching. By default\n" -, stdout); - fputs( -" all transfers are done using the cache. Note that while nothing\n" -" should ever get hurt by attempting to reuse SSL session-IDs,\n" +" (TLS) Disable curl's use of SSL session-ID caching. By default\n" +" all transfers are done using the cache. Note that while nothing\n" +" should ever get hurt by attempting to reuse SSL session-IDs,\n" " there seem to be broken SSL implementations in the wild that may\n" " require you to disable this in order for you to succeed.\n" "\n" -" Note that this is the negated option name documented. You can\n" -" thus use --sessionid to enforce session-ID caching.\n" -"\n" , stdout); fputs( -" Providing --no-sessionid multiple times has no extra effect.\n" +" Note that this is the negated option name documented. You can\n" +" thus use --sessionid to enforce session-ID caching.\n" +"\n" +" Providing --no-sessionid multiple times has no extra effect.\n" " Disable it again with --sessionid.\n" "\n" " Example:\n" @@ -3586,32 +3588,32 @@ void hugehelp(void) " See also -k, --insecure.\n" "\n" " --noproxy \n" -" Comma-separated list of hosts for which not to use a proxy, if\n" -" one is specified. The only wildcard is a single * character,\n" , stdout); fputs( -" which matches all hosts, and effectively disables the proxy.\n" -" Each name in this list is matched as either a domain which con-\n" -" tains the hostname, or the hostname itself. For example, lo-\n" -" cal.com would match local.com, local.com:80, and www.local.com,\n" -" but not www.notlocal.com.\n" -"\n" -" This option overrides the environment variables that disable the\n" +" Comma-separated list of hosts for which not to use a proxy, if\n" +" one is specified. The only wildcard is a single \"*\" character,\n" +" which matches all hosts, and effectively disables the proxy.\n" +" Each name in this list is matched as either a domain which con-\n" +" tains the hostname, or the hostname itself. For example, \"lo-\n" +" cal.com\" would match \"local.com\", \"local.com:80\", and \"www.lo-\n" , stdout); fputs( -" proxy ('no_proxy' and 'NO_PROXY') (added in 7.53.0). If there is\n" -" an environment variable disabling a proxy, you can set the no\n" +" cal.com\", but not \"www.notlocal.com\".\n" +"\n" +" This option overrides the environment variables that disable the\n" +" proxy (\"no_proxy\" and \"NO_PROXY\") (added in 7.53.0). If there is\n" +" an environment variable disabling a proxy, you can set the no\n" " proxy list to \"\" to override it.\n" "\n" " IP addresses specified to this option can be provided using CIDR\n" -" notation (added in 7.86.0): an appended slash and number speci-\n" -" fies the number of \"network bits\" out of the address to use in\n" +" notation (added in 7.86.0): an appended slash and number speci-\n" , stdout); fputs( -" the comparison. For example \"192.168.0.0/16\" would match all ad-\n" +" fies the number of network bits out of the address to use in the\n" +" comparison. For example \"192.168.0.0/16\" would match all ad-\n" " dresses starting with \"192.168\".\n" "\n" -" If --noproxy is provided several times, the last set value is\n" +" If --noproxy is provided several times, the last set value is\n" " used.\n" "\n" " Example:\n" @@ -3620,10 +3622,10 @@ void hugehelp(void) " See also -x, --proxy.\n" "\n" " --ntlm-wb\n" -" (HTTP) Enables NTLM much in the style --ntlm does, but hand over\n" , stdout); fputs( -" the authentication to the separate binary ntlmauth application\n" +" (HTTP) Enables NTLM much in the style --ntlm does, but hand over\n" +" the authentication to the separate binary \"ntlmauth\" application\n" " that is executed when needed.\n" "\n" " Providing --ntlm-wb multiple times has no extra effect.\n" @@ -3634,20 +3636,20 @@ void hugehelp(void) " See also --ntlm and --proxy-ntlm.\n" "\n" " --ntlm (HTTP) Enables NTLM authentication. The NTLM authentication\n" -" method was designed by Microsoft and is used by IIS web servers.\n" , stdout); fputs( +" method was designed by Microsoft and is used by IIS web servers.\n" " It is a proprietary protocol, reverse-engineered by clever peo-\n" " ple and implemented in curl based on their efforts. This kind of\n" " behavior should not be endorsed, you should encourage everyone\n" " who uses NTLM to switch to a public and documented authentica-\n" " tion method instead, such as Digest.\n" "\n" +, stdout); + fputs( " If you want to enable NTLM for your proxy authentication, then\n" " use --proxy-ntlm.\n" "\n" -, stdout); - fputs( " Providing --ntlm multiple times has no extra effect.\n" "\n" " Example:\n" @@ -3656,11 +3658,11 @@ void hugehelp(void) " See also --proxy-ntlm. --ntlm requires that the underlying\n" " libcurl was built to support TLS. This option is mutually exclu-\n" " sive to --basic and --negotiate and --digest and --anyauth.\n" +, stdout); + fputs( "\n" " --oauth2-bearer \n" " (IMAP LDAP POP3 SMTP HTTP) Specify the Bearer Token for OAUTH\n" -, stdout); - fputs( " 2.0 server authentication. The Bearer Token is used in conjunc-\n" " tion with the user name which can be specified as part of the\n" " --url or -u, --user options.\n" @@ -3669,10 +3671,10 @@ void hugehelp(void) " 6750.\n" "\n" " If --oauth2-bearer is provided several times, the last set value\n" -" is used.\n" -" Example:\n" , stdout); fputs( +" is used.\n" +" Example:\n" " curl --oauth2-bearer \"mF_9.B5f-4.1JqM\" https://example.com\n" "\n" " See also --basic, --ntlm and --digest.\n" @@ -3682,10 +3684,10 @@ void hugehelp(void) " stored, when -O, --remote-name or -o, --output are used.\n" "\n" " The given output directory is used for all URLs and output op-\n" -" tions on the command line, up until the first -:, --next.\n" -"\n" , stdout); fputs( +" tions on the command line, up until the first -:, --next.\n" +"\n" " If the specified target directory does not exist, the operation\n" " fails unless --create-dirs is also used.\n" "\n" @@ -3698,28 +3700,28 @@ void hugehelp(void) " See also -O, --remote-name and -J, --remote-header-name. Added\n" " in 7.73.0.\n" "\n" -" -o, --output \n" , stdout); fputs( +" -o, --output \n" " Write output to instead of stdout. If you are using {} or\n" " [] to fetch multiple documents, you should quote the URL and you\n" " can use '#' followed by a number in the specifier. That\n" " variable is replaced with the current string for the URL being\n" " fetched. Like in:\n" "\n" -" curl \"http://{one,two}.example.com\" -o \"file_#1.txt\"\n" +" curl \"http://{one,two}.example.com\" -o \"file_#1.txt\"\n" "\n" " or use several variables like:\n" "\n" , stdout); fputs( -" curl \"http://{site,host}.host[1-5].example\" -o \"#1_#2\"\n" +" curl \"http://{site,host}.host[1-5].example\" -o \"#1_#2\"\n" "\n" " You may use this option as many times as the number of URLs you\n" " have. For example, if you specify two URLs on the same command\n" " line, you can use it like this:\n" "\n" -" curl -o aa example.com -o bb example.net\n" +" curl -o aa example.com -o bb example.net\n" "\n" " and the order of the -o options and the URLs does not matter,\n" " just that the first -o is for the first URL and so on, so the\n" @@ -3727,7 +3729,7 @@ void hugehelp(void) fputs( " above command line can also be written as\n" "\n" -" curl example.com example.net -o aa -o bb\n" +" curl example.com example.net -o aa -o bb\n" "\n" " See also the --create-dirs option to create the local directo-\n" " ries dynamically. Specifying the output as '-' (a single dash)\n" @@ -3736,15 +3738,15 @@ void hugehelp(void) " To suppress response bodies, you can redirect output to\n" " /dev/null:\n" "\n" -" curl example.com -o /dev/null\n" +" curl example.com -o /dev/null\n" "\n" " Or for Windows:\n" "\n" , stdout); fputs( -" curl example.com -o nul\n" +" curl example.com -o nul\n" "\n" -" -o, --output can be used several times in a command line\n" +" --output can be used several times in a command line\n" "\n" " Examples:\n" " curl -o file https://example.com\n" @@ -3803,8 +3805,8 @@ void hugehelp(void) " This option is global and does not need to be specified for each\n" " use of --next.\n" "\n" -" Providing -Z, --parallel multiple times has no extra effect.\n" -" Disable it again with --no-parallel.\n" +" Providing --parallel multiple times has no extra effect. Dis-\n" +" able it again with --no-parallel.\n" "\n" " Example:\n" , stdout); @@ -3988,7 +3990,7 @@ void hugehelp(void) " This option is global and does not need to be specified for each\n" " use of --next.\n" "\n" -" Providing -#, --progress-bar multiple times has no extra effect.\n" +" Providing --progress-bar multiple times has no extra effect.\n" " Disable it again with --no-progress-bar.\n" "\n" " Example:\n" @@ -4001,7 +4003,7 @@ void hugehelp(void) fputs( " Tells curl to use protocol for any URL missing a scheme name.\n" "\n" -" An unknown or unsupported protocol causes error CURLE_UNSUP-\n" +" An unknown or unsupported protocol causes error CURLE_UNSUP-\n" " PORTED_PROTOCOL (1).\n" "\n" " This option does not change the default proxy protocol (http).\n" @@ -4019,21 +4021,21 @@ void hugehelp(void) " See also --proto and --proto-redir.\n" "\n" " --proto-redir \n" -" Tells curl to limit what protocols it may use on redirect. Pro-\n" -" tocols denied by --proto are not overridden by this option. See\n" +" Tells curl to limit what protocols it may use on redirect. Pro-\n" +" tocols denied by --proto are not overridden by this option. See\n" " --proto for how protocols are represented.\n" "\n" " Example, allow only HTTP and HTTPS on redirect:\n" "\n" , stdout); fputs( -" curl --proto-redir -all,http,https http://example.com\n" +" curl --proto-redir -all,http,https http://example.com\n" "\n" -" By default curl only allows HTTP, HTTPS, FTP and FTPS on redi-\n" +" By default curl only allows HTTP, HTTPS, FTP and FTPS on redi-\n" " rects (added in 7.65.2). Specifying all or +all enables all pro-\n" " tocols on redirects, which is not good for security.\n" "\n" -" If --proto-redir is provided several times, the last set value\n" +" If --proto-redir is provided several times, the last set value\n" " is used.\n" " Example:\n" " curl --proto-redir =http,https https://example.com\n" @@ -4043,42 +4045,38 @@ void hugehelp(void) " See also --proto.\n" "\n" " --proto \n" -" Tells curl to limit what protocols it may use for transfers.\n" -" Protocols are evaluated left to right, are comma separated, and\n" -" are each a protocol name or 'all', optionally prefixed by zero\n" +" Tells curl to limit what protocols it may use for transfers.\n" +" Protocols are evaluated left to right, are comma separated, and\n" +" are each a protocol name or 'all', optionally prefixed by zero\n" " or more modifiers. Available modifiers are:\n" "\n" -" + Permit this protocol in addition to protocols already permit-\n" +" + Permit this protocol in addition to protocols already\n" , stdout); fputs( -" ted (this is the default if no modifier is used).\n" -"\n" -" - Deny this protocol, removing it from the list of protocols\n" -" already permitted.\n" +" permitted (this is the default if no modifier is used).\n" "\n" -" = Permit only this protocol (ignoring the list already permit-\n" -" ted), though subject to later modification by subsequent en-\n" -" tries in the comma separated list.\n" +" - Deny this protocol, removing it from the list of proto-\n" +" cols already permitted.\n" "\n" -" For example:\n" -"\n" -" --proto -ftps uses the default protocols, but disables ftps\n" +" = Permit only this protocol (ignoring the list already per-\n" +" mitted), though subject to later modification by subse-\n" +" quent entries in the comma separated list.\n" "\n" , stdout); fputs( -" --proto -all,https,+http\n" -" only enables http and https\n" +" For example: --proto -ftps uses the default protocols, but dis-\n" +" ables ftps\n" "\n" -" --proto =http,https\n" -" also only enables http and https\n" +" --proto -all,https,+http only enables http and https\n" +" --proto =http,https also only enables http and https\n" "\n" " Unknown and disabled protocols produce a warning. This allows\n" " scripts to safely rely on being able to disable potentially dan-\n" " gerous protocols, without relying upon support for that protocol\n" -" being built into curl to avoid an error.\n" -"\n" , stdout); fputs( +" being built into curl to avoid an error.\n" +"\n" " This option can be used multiple times, in which case the effect\n" " is the same as concatenating the protocols into one instance of\n" " the option.\n" @@ -4091,9 +4089,9 @@ void hugehelp(void) "\n" " See also --proto-redir and --proto-default.\n" "\n" -" --proxy-anyauth\n" , stdout); fputs( +" --proxy-anyauth\n" " Tells curl to pick a suitable authentication method when commu-\n" " nicating with the given HTTP proxy. This might cause an extra\n" " request/response round-trip.\n" @@ -4105,9 +4103,9 @@ void hugehelp(void) "\n" " See also -x, --proxy, --proxy-basic and --proxy-digest.\n" "\n" -" --proxy-basic\n" , stdout); fputs( +" --proxy-basic\n" " Tells curl to use HTTP Basic authentication when communicating\n" " with the given proxy. Use --basic for enabling HTTP Basic with a\n" " remote host. Basic is the default authentication method curl\n" @@ -4128,14 +4126,12 @@ void hugehelp(void) " store provided in a single file or directory, but when using\n" " this option it interfaces the operating system's own vault.\n" "\n" -" This option only works for curl on Windows when built to use\n" +" This option works for curl on Windows when built to use OpenSSL,\n" , stdout); fputs( -" OpenSSL. When curl on Windows is built to use Schannel, this\n" -" feature is implied and curl then only uses the native CA store.\n" -"\n" -" curl built with wolfSSL also supports this option (added in\n" -" 8.3.0).\n" +" wolfSSL (added in 8.3.0) or GnuTLS (added in 8.5.0). When curl\n" +" on Windows is built to use Schannel, this feature is implied and\n" +" curl then only uses the native CA store.\n" "\n" " Providing --proxy-ca-native multiple times has no extra effect.\n" " Disable it again with --no-proxy-ca-native.\n" @@ -4436,12 +4432,12 @@ void hugehelp(void) " Same as --ssl-auto-client-cert but used in HTTPS proxy context.\n" "\n" " Providing --proxy-ssl-auto-client-cert multiple times has no ex-\n" -" tra effect. Disable it again with\n" -" --no-proxy-ssl-auto-client-cert.\n" +" tra effect. Disable it again with --no-proxy-ssl-auto-client-\n" +" cert.\n" "\n" +" Example:\n" , stdout); fputs( -" Example:\n" " curl --proxy-ssl-auto-client-cert -x https://proxy https://example.com\n" "\n" " See also --ssl-auto-client-cert and -x, --proxy. Added in\n" @@ -4541,8 +4537,8 @@ void hugehelp(void) " tive data should be retrieved from a file instead or similar and\n" " never used in clear text in a command line.\n" "\n" -" If -U, --proxy-user is provided several times, the last set\n" -" value is used.\n" +" If --proxy-user is provided several times, the last set value is\n" +" used.\n" "\n" " Example:\n" " curl --proxy-user name:pwd -x proxy https://example.com\n" @@ -4554,9 +4550,9 @@ void hugehelp(void) " -x, --proxy [protocol://]host[:port]\n" " Use the specified proxy.\n" "\n" -" The proxy string can be specified with a protocol:// prefix. No\n" -" protocol specified or http:// it is treated as an HTTP proxy.\n" -" Use socks4://, socks4a://, socks5:// or socks5h:// to request a\n" +" The proxy string can be specified with a protocol:// prefix. No\n" +" protocol specified or http:// it is treated as an HTTP proxy.\n" +" Use socks4://, socks4a://, socks5:// or socks5h:// to request a\n" " specific SOCKS version to be used.\n" "\n" " Unix domain sockets are supported for socks proxy. Set localhost\n" @@ -4564,48 +4560,48 @@ void hugehelp(void) fputs( " for the host part. e.g. socks5h://localhost/path/to/socket.sock\n" "\n" -" HTTPS proxy support works set with the https:// protocol prefix\n" -" for OpenSSL and GnuTLS (added in 7.52.0). It also works for\n" +" HTTPS proxy support works set with the https:// protocol prefix\n" +" for OpenSSL and GnuTLS (added in 7.52.0). It also works for\n" " BearSSL, mbedTLS, rustls, Schannel, Secure Transport and wolfSSL\n" " (added in 7.87.0).\n" "\n" -" Unrecognized and unsupported proxy protocols cause an error\n" +" Unrecognized and unsupported proxy protocols cause an error\n" , stdout); fputs( " (added in 7.52.0). Ancient curl versions ignored unknown\n" " schemes and used http:// instead.\n" "\n" -" If the port number is not specified in the proxy string, it is\n" +" If the port number is not specified in the proxy string, it is\n" " assumed to be 1080.\n" "\n" -" This option overrides existing environment variables that set\n" -" the proxy to use. If there is an environment variable setting a\n" +" This option overrides existing environment variables that set\n" +" the proxy to use. If there is an environment variable setting a\n" " proxy, you can set proxy to \"\" to override it.\n" "\n" , stdout); fputs( -" All operations that are performed over an HTTP proxy are trans-\n" -" parently converted to HTTP. It means that certain protocol spe-\n" +" All operations that are performed over an HTTP proxy are trans-\n" +" parently converted to HTTP. It means that certain protocol spe-\n" " cific operations might not be available. This is not the case if\n" -" you can tunnel through the proxy, as one with the -p, --proxy-\n" +" you can tunnel through the proxy, as one with the -p, --proxy-\n" " tunnel option.\n" "\n" " User and password that might be provided in the proxy string are\n" , stdout); fputs( -" URL decoded by curl. This allows you to pass in special charac-\n" +" URL decoded by curl. This allows you to pass in special charac-\n" " ters such as @ by using %40 or pass in a colon with %3a.\n" "\n" -" The proxy host can be specified the same way as the proxy envi-\n" -" ronment variables, including the protocol prefix (http://) and\n" +" The proxy host can be specified the same way as the proxy envi-\n" +" ronment variables, including the protocol prefix (http://) and\n" " the embedded user + password.\n" "\n" -" When a proxy is used, the active FTP mode as set with -P,\n" +" When a proxy is used, the active FTP mode as set with -P,\n" " --ftp-port, cannot be used.\n" "\n" , stdout); fputs( -" If -x, --proxy is provided several times, the last set value is\n" +" If --proxy is provided several times, the last set value is\n" " used.\n" "\n" " Example:\n" @@ -4614,10 +4610,10 @@ void hugehelp(void) " See also --socks5 and --proxy-basic.\n" "\n" " --proxy1.0 \n" -" Use the specified HTTP 1.0 proxy. If the port number is not\n" +" Use the specified HTTP 1.0 proxy. If the port number is not\n" " specified, it is assumed at port 1080.\n" "\n" -" The only difference between this and the HTTP proxy option -x,\n" +" The only difference between this and the HTTP proxy option -x,\n" , stdout); fputs( " --proxy, is that attempts to use CONNECT through the proxy spec-\n" @@ -4631,18 +4627,18 @@ void hugehelp(void) " See also -x, --proxy, --socks5 and --preproxy.\n" "\n" " -p, --proxytunnel\n" -" When an HTTP proxy is used -x, --proxy, this option makes curl\n" +" When an HTTP proxy is used -x, --proxy, this option makes curl\n" , stdout); fputs( -" tunnel the traffic through the proxy. The tunnel approach is\n" -" made with the HTTP proxy CONNECT request and requires that the\n" +" tunnel the traffic through the proxy. The tunnel approach is\n" +" made with the HTTP proxy CONNECT request and requires that the\n" " proxy allows direct connect to the remote port number curl wants\n" " to tunnel through to.\n" "\n" -" To suppress proxy CONNECT response headers when curl is set to\n" +" To suppress proxy CONNECT response headers when curl is set to\n" " output headers use --suppress-connect-headers.\n" "\n" -" Providing -p, --proxytunnel multiple times has no extra effect.\n" +" Providing --proxytunnel multiple times has no extra effect.\n" , stdout); fputs( " Disable it again with --no-proxytunnel.\n" @@ -4656,15 +4652,15 @@ void hugehelp(void) " (SFTP SCP) Public key file name. Allows you to provide your pub-\n" " lic key in this separate file.\n" "\n" -" curl attempts to automatically extract the public key from the\n" -" private key file, so passing this option is generally not re-\n" +" curl attempts to automatically extract the public key from the\n" +" private key file, so passing this option is generally not re-\n" , stdout); fputs( " quired. Note that this public key extraction requires libcurl to\n" -" be linked against a copy of libssh2 1.2.8 or higher that is it-\n" +" be linked against a copy of libssh2 1.2.8 or higher that is it-\n" " self linked against OpenSSL.\n" "\n" -" If --pubkey is provided several times, the last set value is\n" +" If --pubkey is provided several times, the last set value is\n" " used.\n" "\n" " Example:\n" @@ -4675,214 +4671,215 @@ void hugehelp(void) " -Q, --quote \n" , stdout); fputs( -" (FTP SFTP) Send an arbitrary command to the remote FTP or SFTP\n" -" server. Quote commands are sent BEFORE the transfer takes place\n" -" (just after the initial PWD command in an FTP transfer, to be\n" +" (FTP SFTP) Send an arbitrary command to the remote FTP or SFTP\n" +" server. Quote commands are sent BEFORE the transfer takes place\n" +" (just after the initial PWD command in an FTP transfer, to be\n" " exact). To make commands take place after a successful transfer,\n" " prefix them with a dash '-'.\n" "\n" -" (FTP only) To make commands be sent after curl has changed the\n" +" (FTP only) To make commands be sent after curl has changed the\n" , stdout); fputs( -" working directory, just before the file transfer command(s),\n" -" prefix the command with a '+'. This is not performed when a di-\n" +" working directory, just before the file transfer command(s),\n" +" prefix the command with a '+'. This is not performed when a di-\n" " rectory listing is performed.\n" "\n" " You may specify any number of commands.\n" "\n" -" By default curl stops at first failure. To make curl continue\n" -" even if the command fails, prefix the command with an asterisk\n" -" (*). Otherwise, if the server returns failure for one of the\n" +" By default curl stops at first failure. To make curl continue\n" +" even if the command fails, prefix the command with an asterisk\n" +" (*). Otherwise, if the server returns failure for one of the\n" , stdout); fputs( " commands, the entire operation is aborted.\n" "\n" -" You must send syntactically correct FTP commands as RFC 959 de-\n" -" fines to FTP servers, or one of the commands listed below to\n" +" You must send syntactically correct FTP commands as RFC 959 de-\n" +" fines to FTP servers, or one of the commands listed below to\n" " SFTP servers.\n" "\n" -" SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP\n" -" quote commands itself before sending them to the server. File\n" +" SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP\n" +" quote commands itself before sending them to the server. File\n" " names may be quoted shell-style to embed spaces or special char-\n" , stdout); fputs( -" acters. Following is the list of all supported SFTP quote com-\n" +" acters. Following is the list of all supported SFTP quote com-\n" " mands:\n" "\n" -" \"atime date file\"\n" -" The atime command sets the last access time of the file\n" -" named by the file operand. The can be\n" -" all sorts of date strings, see the curl_getdate(3) man\n" +" atime date file\n" +" The atime command sets the last access time of the file\n" +" named by the file operand. The can be\n" +" all sorts of date strings, see the curl_getdate(3) man\n" " page for date expression details. (Added in 7.73.0)\n" "\n" -" \"chgrp group file\"\n" +" chgrp group file\n" , stdout); fputs( -" The chgrp command sets the group ID of the file named by\n" -" the file operand to the group ID specified by the group\n" +" The chgrp command sets the group ID of the file named by\n" +" the file operand to the group ID specified by the group\n" " operand. The group operand is a decimal integer group ID.\n" "\n" -" \"chmod mode file\"\n" -" The chmod command modifies the file mode bits of the\n" +" chmod mode file\n" +" The chmod command modifies the file mode bits of the\n" " specified file. The mode operand is an octal integer mode\n" " number.\n" "\n" -" \"chown user file\"\n" +" chown user file\n" , stdout); fputs( " The chown command sets the owner of the file named by the\n" -" file operand to the user ID specified by the user\n" +" file operand to the user ID specified by the user\n" " operand. The user operand is a decimal integer user ID.\n" "\n" -" \"ln source_file target_file\"\n" +" ln source_file target_file\n" " The ln and symlink commands create a symbolic link at the\n" -" target_file location pointing to the source_file loca-\n" +" target_file location pointing to the source_file loca-\n" " tion.\n" "\n" +" mkdir directory_name\n" , stdout); fputs( -" \"mkdir directory_name\"\n" -" The mkdir command creates the directory named by the di-\n" +" The mkdir command creates the directory named by the di-\n" " rectory_name operand.\n" "\n" -" \"mtime date file\"\n" -" The mtime command sets the last modification time of the\n" +" mtime date file\n" +" The mtime command sets the last modification time of the\n" " file named by the file operand. The can\n" " be all sorts of date strings, see the curl_getdate(3) man\n" -, stdout); - fputs( " page for date expression details. (Added in 7.73.0)\n" "\n" -" \"pwd\" The pwd command returns the absolute path name of the\n" +, stdout); + fputs( +" pwd The pwd command returns the absolute path name of the\n" " current working directory.\n" "\n" -" \"rename source target\"\n" +" rename source target\n" " The rename command renames the file or directory named by\n" -" the source operand to the destination path named by the\n" +" the source operand to the destination path named by the\n" " target operand.\n" "\n" -" \"rm file\"\n" -, stdout); - fputs( -" The rm command removes the file specified by the file\n" +" rm file\n" +" The rm command removes the file specified by the file\n" " operand.\n" "\n" -" \"rmdir directory\"\n" -" The rmdir command removes the directory entry specified\n" +, stdout); + fputs( +" rmdir directory\n" +" The rmdir command removes the directory entry specified\n" " by the directory operand, provided it is empty.\n" "\n" -" \"symlink source_file target_file\"\n" +" symlink source_file target_file\n" " See ln.\n" "\n" -" -Q, --quote can be used several times in a command line\n" +" --quote can be used several times in a command line\n" "\n" " Example:\n" -, stdout); - fputs( " curl --quote \"DELE file\" ftp://example.com/foo\n" "\n" " See also -X, --request.\n" "\n" " --random-file \n" -" Deprecated option. This option is ignored (added in 7.84.0).\n" -" Prior to that it only had an effect on curl if built to use old\n" +, stdout); + fputs( +" Deprecated option. This option is ignored (added in 7.84.0).\n" +" Prior to that it only had an effect on curl if built to use old\n" " versions of OpenSSL.\n" "\n" -" Specify the path name to file containing random data. The data\n" +" Specify the path name to file containing random data. The data\n" " may be used to seed the random engine for SSL connections.\n" "\n" -, stdout); - fputs( -" If --random-file is provided several times, the last set value\n" +" If --random-file is provided several times, the last set value\n" " is used.\n" " Example:\n" +, stdout); + fputs( " curl --random-file rubbish https://example.com\n" "\n" " See also --egd-file.\n" "\n" " -r, --range \n" " (HTTP FTP SFTP FILE) Retrieve a byte range (i.e. a partial docu-\n" -" ment) from an HTTP/1.1, FTP or SFTP server or a local FILE.\n" +" ment) from an HTTP/1.1, FTP or SFTP server or a local FILE.\n" " Ranges can be specified in a number of ways.\n" "\n" -, stdout); - fputs( -" 0-499 specifies the first 500 bytes\n" +" 0-499 specifies the first 500 bytes\n" "\n" -" 500-999 specifies the second 500 bytes\n" +" 500-999\n" +" specifies the second 500 bytes\n" "\n" -" -500 specifies the last 500 bytes\n" +, stdout); + fputs( +" -500 specifies the last 500 bytes\n" "\n" -" 9500- specifies the bytes from offset 9500 and forward\n" +" 9500- specifies the bytes from offset 9500 and forward\n" "\n" -" 0-0,-1 specifies the first and last byte only(*)(HTTP)\n" +" 0-0,-1 specifies the first and last byte only(*)(HTTP)\n" "\n" " 100-199,500-599\n" -" specifies two separate 100-byte ranges(*) (HTTP)\n" +" specifies two separate 100-byte ranges(*) (HTTP)\n" "\n" -" (*) = NOTE that this causes the server to reply with a multipart\n" +" (*) = NOTE that these make the server reply with a multipart re-\n" +" sponse, which is returned as-is by curl! Parsing or otherwise\n" , stdout); fputs( -" response, which is returned as-is by curl! Parsing or otherwise\n" " transforming this response is the responsibility of the caller.\n" "\n" -" Only digit characters (0-9) are valid in the 'start' and 'stop'\n" -" fields of the 'start-stop' range syntax. If a non-digit charac-\n" +" Only digit characters (0-9) are valid in the 'start' and 'stop'\n" +" fields of the 'start-stop' range syntax. If a non-digit charac-\n" " ter is given in the range, the server's response is unspecified,\n" " depending on the server's configuration.\n" "\n" +" Many HTTP/1.1 servers do not have this feature enabled, so that\n" , stdout); fputs( -" Many HTTP/1.1 servers do not have this feature enabled, so that\n" -" when you attempt to get a range, curl instead gets the whole\n" +" when you attempt to get a range, curl instead gets the whole\n" " document.\n" "\n" -" FTP and SFTP range downloads only support the simple\n" -" 'start-stop' syntax (optionally with one of the numbers omit-\n" +" FTP and SFTP range downloads only support the simple\n" +" 'start-stop' syntax (optionally with one of the numbers omit-\n" " ted). FTP use depends on the extended FTP command SIZE.\n" "\n" -" If -r, --range is provided several times, the last set value is\n" -, stdout); - fputs( +" If --range is provided several times, the last set value is\n" " used.\n" "\n" " Example:\n" +, stdout); + fputs( " curl --range 22-44 https://example.com\n" "\n" " See also -C, --continue-at and -a, --append.\n" "\n" " --rate \n" -" Specify the maximum transfer frequency you allow curl to use -\n" +" Specify the maximum transfer frequency you allow curl to use -\n" " in number of transfer starts per time unit (sometimes called re-\n" -" quest rate). Without this option, curl starts the next transfer\n" +" quest rate). Without this option, curl starts the next transfer\n" " as fast as possible.\n" "\n" +" If given several URLs and a transfer completes faster than the\n" , stdout); fputs( -" If given several URLs and a transfer completes faster than the\n" -" allowed rate, curl waits until the next transfer is started to\n" -" maintain the requested rate. This option has no effect when -Z,\n" +" allowed rate, curl waits until the next transfer is started to\n" +" maintain the requested rate. This option has no effect when -Z,\n" " --parallel is used.\n" "\n" " The request rate is provided as \"N/U\" where N is an integer num-\n" -" ber and U is a time unit. Supported units are 's' (second), 'm'\n" +" ber and U is a time unit. Supported units are 's' (second), 'm'\n" +" (minute), 'h' (hour) and 'd' /(day, as in a 24 hour unit). The\n" , stdout); fputs( -" (minute), 'h' (hour) and 'd' /(day, as in a 24 hour unit). The\n" -" default time unit, if no \"/U\" is provided, is number of trans-\n" +" default time unit, if no \"/U\" is provided, is number of trans-\n" " fers per hour.\n" "\n" -" If curl is told to allow 10 requests per minute, it does not\n" -" start the next request until 6 seconds have elapsed since the\n" +" If curl is told to allow 10 requests per minute, it does not\n" +" start the next request until 6 seconds have elapsed since the\n" " previous transfer was started.\n" "\n" -" This function uses millisecond resolution. If the allowed fre-\n" -, stdout); - fputs( -" quency is set more than 1000 per second, it instead runs unre-\n" +" This function uses millisecond resolution. If the allowed fre-\n" +" quency is set more than 1000 per second, it instead runs unre-\n" " stricted.\n" "\n" -" When retrying transfers, enabled with --retry, the separate\n" +, stdout); + fputs( +" When retrying transfers, enabled with --retry, the separate\n" " retry delay logic is used and not this setting.\n" "\n" " This option is global and does not need to be specified for each\n" @@ -4891,157 +4888,157 @@ void hugehelp(void) " If --rate is provided several times, the last set value is used.\n" "\n" " Examples:\n" -, stdout); - fputs( " curl --rate 2/s https://example.com ...\n" " curl --rate 3/h https://example.com ...\n" +, stdout); + fputs( " curl --rate 14/m https://example.com ...\n" "\n" " See also --limit-rate and --retry-delay. Added in 7.84.0.\n" "\n" " --raw (HTTP) When used, it disables all internal HTTP decoding of con-\n" -" tent or transfer encodings and instead makes them passed on un-\n" +" tent or transfer encodings and instead makes them passed on un-\n" " altered, raw.\n" "\n" -, stdout); - fputs( -" Providing --raw multiple times has no extra effect. Disable it\n" +" Providing --raw multiple times has no extra effect. Disable it\n" " again with --no-raw.\n" "\n" " Example:\n" +, stdout); + fputs( " curl --raw https://example.com\n" "\n" " See also --tr-encoding.\n" "\n" " -e, --referer \n" " (HTTP) Sends the \"Referrer Page\" information to the HTTP server.\n" -" This can also be set with the -H, --header flag of course. When\n" -" used with -L, --location you can append \";auto\" to the -e,\n" +" This can also be set with the -H, --header flag of course. When\n" +" used with -L, --location you can append \";auto\" to the -e,\n" +" --referer URL to make curl automatically set the previous URL\n" , stdout); fputs( -" --referer URL to make curl automatically set the previous URL\n" -" when it follows a Location: header. The \";auto\" string can be\n" +" when it follows a Location: header. The \";auto\" string can be\n" " used alone, even if you do not set an initial -e, --referer.\n" "\n" -" If -e, --referer is provided several times, the last set value\n" -" is used.\n" +" If --referer is provided several times, the last set value is\n" +" used.\n" "\n" " Examples:\n" " curl --referer \"https://fake.example\" https://example.com\n" -, stdout); - fputs( " curl --referer \"https://fake.example;auto\" -L https://example.com\n" " curl --referer \";auto\" -L https://example.com\n" "\n" +, stdout); + fputs( " See also -A, --user-agent and -H, --header.\n" "\n" " -J, --remote-header-name\n" " (HTTP) This option tells the -O, --remote-name option to use the\n" -" server-specified Content-Disposition filename instead of ex-\n" -" tracting a filename from the URL. If the server-provided file\n" -, stdout); - fputs( -" name contains a path, that is stripped off before the file name\n" +" server-specified Content-Disposition filename instead of ex-\n" +" tracting a filename from the URL. If the server-provided file\n" +" name contains a path, that is stripped off before the file name\n" " is used.\n" "\n" -" The file is saved in the current directory, or in the directory\n" +, stdout); + fputs( +" The file is saved in the current directory, or in the directory\n" " specified with --output-dir.\n" "\n" -" If the server specifies a file name and a file with that name\n" +" If the server specifies a file name and a file with that name\n" " already exists in the destination directory, it is not overwrit-\n" -" ten and an error occurs - unless you allow it by using the\n" -, stdout); - fputs( -" --clobber option. If the server does not specify a file name\n" +" ten and an error occurs - unless you allow it by using the\n" +" --clobber option. If the server does not specify a file name\n" " then this option has no effect.\n" "\n" -" There is no attempt to decode %-sequences (yet) in the provided\n" +, stdout); + fputs( +" There is no attempt to decode %-sequences (yet) in the provided\n" " file name, so this option may provide you with rather unexpected\n" " file names.\n" "\n" -" This feature uses the name from the \"filename\" field, it does\n" -" not yet support the \"filename*\" field (filenames with explicit\n" +" This feature uses the name from the \"filename\" field, it does\n" +" not yet support the \"filename*\" field (filenames with explicit\n" " character sets).\n" +"\n" +" WARNING: Exercise judicious use of this option, especially on\n" , stdout); fputs( -"\n" -" WARNING: Exercise judicious use of this option, especially on\n" -" Windows. A rogue server could send you the name of a DLL or\n" +" Windows. A rogue server could send you the name of a DLL or\n" " other file that could be loaded automatically by Windows or some\n" " third party software.\n" "\n" -" Providing -J, --remote-header-name multiple times has no extra\n" -" effect. Disable it again with --no-remote-header-name.\n" +" Providing --remote-header-name multiple times has no extra ef-\n" +" fect. Disable it again with --no-remote-header-name.\n" "\n" " Example:\n" " curl -OJ https://example.com/file\n" "\n" -, stdout); - fputs( " See also -O, --remote-name.\n" "\n" " --remote-name-all\n" -" This option changes the default action for all given URLs to be\n" +, stdout); + fputs( +" This option changes the default action for all given URLs to be\n" " dealt with as if -O, --remote-name were used for each one. So if\n" -" you want to disable that for a specific URL after --re-\n" -" mote-name-all has been used, you must use \"-o -\" or --no-re-\n" +" you want to disable that for a specific URL after --re-\n" +" mote-name-all has been used, you must use \"-o -\" or --no-re-\n" " mote-name.\n" "\n" -" Providing --remote-name-all multiple times has no extra effect.\n" -, stdout); - fputs( +" Providing --remote-name-all multiple times has no extra effect.\n" " Disable it again with --no-remote-name-all.\n" "\n" +, stdout); + fputs( " Example:\n" " curl --remote-name-all ftp://example.com/file1 ftp://example.com/file2\n" "\n" " See also -O, --remote-name.\n" "\n" " -O, --remote-name\n" -" Write output to a local file named like the remote file we get.\n" -" (Only the file part of the remote file is used, the path is cut\n" +" Write output to a local file named like the remote file we get.\n" +" (Only the file part of the remote file is used, the path is cut\n" " off.)\n" "\n" -" The file is saved in the current working directory. If you want\n" +" The file is saved in the current working directory. If you want\n" , stdout); fputs( -" the file saved in a different directory, make sure you change\n" +" the file saved in a different directory, make sure you change\n" " the current working directory before invoking curl with this op-\n" " tion or use --output-dir.\n" "\n" -" The remote file name to use for saving is extracted from the\n" -" given URL, nothing else, and if it already exists it is over-\n" -" written. If you want the server to be able to choose the file\n" +" The remote file name to use for saving is extracted from the\n" +" given URL, nothing else, and if it already exists it is over-\n" +" written. If you want the server to be able to choose the file\n" , stdout); fputs( -" name refer to -J, --remote-header-name which can be used in ad-\n" -" dition to this option. If the server chooses a file name and\n" +" name refer to -J, --remote-header-name which can be used in ad-\n" +" dition to this option. If the server chooses a file name and\n" " that name already exists it is not overwritten.\n" "\n" " There is no URL decoding done on the file name. If it has %20 or\n" -" other URL encoded parts of the name, they end up as-is as file\n" +" other URL encoded parts of the name, they end up as-is as file\n" " name.\n" "\n" -" You may use this option as many times as the number of URLs you\n" +" You may use this option as many times as the number of URLs you\n" " have.\n" "\n" , stdout); fputs( -" -O, --remote-name can be used several times in a command line\n" +" --remote-name can be used several times in a command line\n" "\n" " Example:\n" " curl -O https://example.com/filename\n" "\n" -" See also --remote-name-all, --output-dir and -J, --re-\n" +" See also --remote-name-all, --output-dir and -J, --re-\n" " mote-header-name.\n" " -R, --remote-time\n" -" Makes curl attempt to figure out the timestamp of the remote\n" -" file that is getting downloaded, and if that is available make\n" -, stdout); - fputs( +" Makes curl attempt to figure out the timestamp of the remote\n" +" file that is getting downloaded, and if that is available make\n" " the local file get that same timestamp.\n" "\n" -" Providing -R, --remote-time multiple times has no extra effect.\n" +, stdout); + fputs( +" Providing --remote-time multiple times has no extra effect.\n" " Disable it again with --no-remote-time.\n" "\n" " Example:\n" @@ -5050,35 +5047,39 @@ void hugehelp(void) " See also -O, --remote-name and -z, --time-cond.\n" "\n" " --remove-on-error\n" -" When curl returns an error when told to save output in a local\n" +" When curl returns an error when told to save output in a local\n" +" file, this option removes that saved file before exiting. This\n" , stdout); fputs( -" file, this option removes that saved file before exiting. This\n" -" prevents curl from leaving a partial file in the case of an er-\n" +" prevents curl from leaving a partial file in the case of an er-\n" " ror during transfer.\n" "\n" -" If the output is not a file, this option has no effect.\n" +" If the output is not a regular file, this option has no effect.\n" "\n" -" Providing --remove-on-error multiple times has no extra effect.\n" +" Providing --remove-on-error multiple times has no extra effect.\n" " Disable it again with --no-remove-on-error.\n" "\n" " Example:\n" " curl --remove-on-error -o output https://example.com\n" "\n" -, stdout); - fputs( " See also -f, --fail. Added in 7.83.0.\n" "\n" +, stdout); + fputs( " --request-target \n" -" (HTTP) Tells curl to use an alternative \"target\" (path) instead\n" -" of using the path as provided in the URL. Particularly useful\n" -" when wanting to issue HTTP requests without leading slash or\n" -" other data that does not follow the regular URL pattern, like\n" +" (HTTP) Tells curl to use an alternative \"target\" (path) instead\n" +" of using the path as provided in the URL. Particularly useful\n" +" when wanting to issue HTTP requests without leading slash or\n" +" other data that does not follow the regular URL pattern, like\n" " \"OPTIONS *\".\n" "\n" +" curl passes on the verbatim string you give it its the request\n" , stdout); fputs( -" If --request-target is provided several times, the last set\n" +" without any filter or other safe guards. That includes white\n" +" space and control characters.\n" +"\n" +" If --request-target is provided several times, the last set\n" " value is used.\n" "\n" " Example:\n" @@ -5089,65 +5090,66 @@ void hugehelp(void) " -X, --request \n" " Change the method to use when starting the transfer.\n" "\n" -" HTTP Specifies a custom request method to use when\n" , stdout); fputs( -" communicating with the HTTP server. The specified\n" -" request method is used instead of the method oth-\n" -" erwise used (which defaults to GET). Read the\n" -" HTTP 1.1 specification for details and explana-\n" -" tions. Common additional HTTP requests include\n" -" PUT and DELETE, but related technologies like\n" +" curl passes on the verbatim string you give it its the request\n" +" without any filter or other safe guards. That includes white\n" +" space and control characters.\n" +"\n" +" HTTP Specifies a custom request method to use when communicat-\n" +" ing with the HTTP server. The specified request method is\n" +" used instead of the method otherwise used (which defaults\n" , stdout); fputs( -" WebDAV offers PROPFIND, COPY, MOVE and more.\n" -"\n" -" Normally you do not need this option. All sorts\n" -" of GET, HEAD, POST and PUT requests are rather\n" -" invoked by using dedicated command line options.\n" +" to GET). Read the HTTP 1.1 specification for details and\n" +" explanations. Common additional HTTP requests include PUT\n" +" and DELETE, while related technologies like WebDAV offers\n" +" PROPFIND, COPY, MOVE and more.\n" "\n" -" This option only changes the actual word used in\n" -" the HTTP request, it does not alter the way curl\n" +" Normally you do not need this option. All sorts of GET,\n" +" HEAD, POST and PUT requests are rather invoked by using\n" , stdout); fputs( -" behaves. So for example if you want to make a\n" -" proper HEAD request, using -X HEAD does not suf-\n" -" fice. You need to use the -I, --head option.\n" +" dedicated command line options.\n" +"\n" +" This option only changes the actual word used in the HTTP\n" +" request, it does not alter the way curl behaves. So for\n" +" example if you want to make a proper HEAD request, using\n" +" -X HEAD does not suffice. You need to use the -I, --head\n" +" option.\n" "\n" -" The method string you set with -X, --request is\n" -" used for all requests, which if you for example\n" -" use -L, --location may cause unintended side-ef-\n" +" The method string you set with -X, --request is used for\n" , stdout); fputs( -" fects when curl does not change request method\n" -" according to the HTTP 30x response codes - and\n" -" similar.\n" +" all requests, which if you for example use -L, --location\n" +" may cause unintended side-effects when curl does not\n" +" change request method according to the HTTP 30x response\n" +" codes - and similar.\n" "\n" -" FTP Specifies a custom FTP command to use instead of\n" -" LIST when doing file lists with FTP.\n" -"\n" -" POP3 Specifies a custom POP3 command to use instead of\n" -" LIST or RETR.\n" +" FTP Specifies a custom FTP command to use instead of LIST\n" +" when doing file lists with FTP.\n" "\n" +" POP3 Specifies a custom POP3 command to use instead of LIST or\n" , stdout); fputs( -" IMAP Specifies a custom IMAP command to use instead of\n" -" LIST.\n" +" RETR.\n" "\n" -" SMTP Specifies a custom SMTP command to use instead of\n" -" HELP or VRFY.\n" +" IMAP Specifies a custom IMAP command to use instead of LIST.\n" "\n" -" If -X, --request is provided several times, the last set value\n" -" is used.\n" +" SMTP Specifies a custom SMTP command to use instead of HELP or\n" +" VRFY.\n" +"\n" +" If --request is provided several times, the last set value is\n" +" used.\n" "\n" " Examples:\n" " curl -X \"DELETE\" https://example.com\n" " curl -X NLST ftp://example.com/\n" "\n" -, stdout); - fputs( " See also --request-target.\n" "\n" +, stdout); + fputs( " --resolve <[+]host:port:addr[,addr]...>\n" " Provide a custom address for a specific host and port pair. Us-\n" " ing this, you can make the curl requests(s) use a specified ad-\n" @@ -5190,9 +5192,6 @@ void hugehelp(void) "\n" , stdout); fputs( -" This option can be used many times to add many host names to re-\n" -" solve.\n" -"\n" " --resolve can be used several times in a command line\n" "\n" " Example:\n" @@ -5203,47 +5202,47 @@ void hugehelp(void) " --retry-all-errors\n" " Retry on any error. This option is used together with --retry.\n" "\n" -, stdout); - fputs( " This option is the \"sledgehammer\" of retrying. Do not use this\n" " option by default (for example in your curlrc), there may be un-\n" +, stdout); + fputs( " intended consequences such as sending or receiving duplicate\n" " data. Do not use with redirected input or output. You'd be much\n" " better off handling your unique problems in shell script. Please\n" " read the example below.\n" "\n" -, stdout); - fputs( " WARNING: For server compatibility curl attempts to retry failed\n" " flaky transfers as close as possible to how they were started,\n" +, stdout); + fputs( " but this is not possible with redirected input or output. For\n" " example, before retrying it removes output data from a failed\n" " partial transfer that was written to an output file. However\n" " this is not true of data redirected to a | pipe or > file, which\n" -, stdout); - fputs( " are not reset. We strongly suggest you do not parse or record\n" " output via redirect in combination with this option, since you\n" +, stdout); + fputs( " may receive duplicate data.\n" "\n" " By default curl does not return error for transfers with an HTTP\n" " response code that indicates an HTTP error, if the transfer was\n" " successful. For example, if a server replies 404 Not Found and\n" -, stdout); - fputs( " the reply is fully received then that is not an error. When\n" " --retry is used then curl retries on some HTTP response codes\n" +, stdout); + fputs( " that indicate transient HTTP errors, but that does not include\n" " most 4xx response codes such as 404. If you want to retry on all\n" " response codes that indicate HTTP errors (4xx and 5xx) then com-\n" " bine with -f, --fail.\n" "\n" -, stdout); - fputs( " Providing --retry-all-errors multiple times has no extra effect.\n" " Disable it again with --no-retry-all-errors.\n" "\n" " Example:\n" +, stdout); + fputs( " curl --retry 5 --retry-all-errors https://example.com\n" "\n" " See also --retry. Added in 7.71.0.\n" @@ -5253,11 +5252,11 @@ void hugehelp(void) " transient error too for --retry. This option is used together\n" " with --retry.\n" "\n" -, stdout); - fputs( " Providing --retry-connrefused multiple times has no extra ef-\n" " fect. Disable it again with --no-retry-connrefused.\n" "\n" +, stdout); + fputs( " Example:\n" " curl --retry-connrefused --retry 7 https://example.com\n" "\n" @@ -5265,10 +5264,10 @@ void hugehelp(void) "\n" " --retry-delay \n" " Make curl sleep this amount of time before each retry when a\n" -, stdout); - fputs( " transfer has failed with a transient error (it changes the de-\n" " fault backoff time algorithm between retries). This option is\n" +, stdout); + fputs( " only interesting if --retry is also used. Setting this delay to\n" " zero makes curl use the default backoff time.\n" "\n" @@ -5277,21 +5276,21 @@ void hugehelp(void) " Example:\n" " curl --retry-delay 5 --retry 7 https://example.com\n" "\n" -, stdout); - fputs( " See also --retry.\n" "\n" " --retry-max-time \n" " The retry timer is reset before the first transfer attempt. Re-\n" +, stdout); + fputs( " tries are done as usual (see --retry) as long as the timer has\n" " not reached this given limit. Notice that if the timer has not\n" " reached the limit, the request is made and while performing, it\n" " may take longer than this given time period. To limit a single\n" -, stdout); - fputs( " request's maximum time, use -m, --max-time. Set this option to\n" " zero to not timeout retries.\n" "\n" +, stdout); + fputs( " If --retry-max-time is provided several times, the last set\n" " value is used.\n" "\n" @@ -5302,34 +5301,34 @@ void hugehelp(void) "\n" " --retry \n" " If a transient error is returned when curl tries to perform a\n" -, stdout); - fputs( " transfer, it retries this number of times before giving up. Set-\n" " ting the number to 0 makes curl do no retries (which is the de-\n" +, stdout); + fputs( " fault). Transient error means either: a timeout, an FTP 4xx re-\n" " sponse code or an HTTP 408, 429, 500, 502, 503 or 504 response\n" " code.\n" "\n" " When curl is about to retry a transfer, it first waits one sec-\n" " ond and then for all forthcoming retries it doubles the waiting\n" -, stdout); - fputs( " time until it reaches 10 minutes which then remains delay be-\n" " tween the rest of the retries. By using --retry-delay you dis-\n" +, stdout); + fputs( " able this exponential backoff algorithm. See also\n" " --retry-max-time to limit the total time allowed for retries.\n" "\n" " curl complies with the Retry-After: response header if one was\n" " present to know when to issue the next retry (added in 7.66.0).\n" "\n" -, stdout); - fputs( " If --retry is provided several times, the last set value is\n" " used.\n" "\n" " Example:\n" " curl --retry 7 https://example.com\n" "\n" +, stdout); + fputs( " See also --retry-max-time.\n" "\n" " --sasl-authzid \n" @@ -5337,10 +5336,10 @@ void hugehelp(void) " thentication, in addition to the authentication identity (auth-\n" " cid) as specified by -u, --user.\n" "\n" -, stdout); - fputs( " If the option is not specified, the server derives the authzid\n" " from the authcid, but if specified, and depending on the server\n" +, stdout); + fputs( " implementation, it may be used to access another user's inbox,\n" " that the user has been granted access to, or a shared mailbox\n" " for example.\n" @@ -5348,13 +5347,13 @@ void hugehelp(void) " If --sasl-authzid is provided several times, the last set value\n" " is used.\n" " Example:\n" -, stdout); - fputs( " curl --sasl-authzid zid imap://example.com/\n" "\n" " See also --login-options. Added in 7.66.0.\n" "\n" " --sasl-ir\n" +, stdout); + fputs( " Enable initial response in SASL authentication.\n" "\n" " Providing --sasl-ir multiple times has no extra effect. Disable\n" @@ -5366,11 +5365,11 @@ void hugehelp(void) " See also --sasl-authzid.\n" "\n" " --service-name \n" -, stdout); - fputs( " This option allows you to change the service name for SPNEGO.\n" "\n" " If --service-name is provided several times, the last set value\n" +, stdout); + fputs( " is used.\n" " Example:\n" " curl --service-name sockd/server https://example.com\n" @@ -5381,13 +5380,13 @@ void hugehelp(void) " When used with -s, --silent, it makes curl show an error message\n" " if it fails.\n" "\n" -, stdout); - fputs( " This option is global and does not need to be specified for each\n" " use of --next.\n" "\n" -" Providing -S, --show-error multiple times has no extra effect.\n" -" Disable it again with --no-show-error.\n" +" Providing --show-error multiple times has no extra effect. Dis-\n" +, stdout); + fputs( +" able it again with --no-show-error.\n" "\n" " Example:\n" " curl --show-error --silent https://example.com\n" @@ -5395,37 +5394,37 @@ void hugehelp(void) " See also --no-progress-meter.\n" "\n" " -s, --silent\n" -" Silent or quiet mode. Do not show progress meter or error mes-\n" -, stdout); - fputs( -" sages. Makes Curl mute. It still outputs the data you ask for,\n" +" Silent or quiet mode. Do not show progress meter or error mes-\n" +" sages. Makes Curl mute. It still outputs the data you ask for,\n" " potentially even to the terminal/stdout unless you redirect it.\n" "\n" -" Use -S, --show-error in addition to this option to disable\n" +, stdout); + fputs( +" Use -S, --show-error in addition to this option to disable\n" " progress meter but still show error messages.\n" "\n" -" Providing -s, --silent multiple times has no extra effect. Dis-\n" -" able it again with --no-silent.\n" +" Providing --silent multiple times has no extra effect. Disable\n" +" it again with --no-silent.\n" "\n" " Example:\n" " curl -s https://example.com\n" "\n" -, stdout); - fputs( " See also -v, --verbose, --stderr and --no-progress-meter.\n" "\n" " --socks4 \n" +, stdout); + fputs( " Use the specified SOCKS4 proxy. If the port number is not speci-\n" " fied, it is assumed at port 1080. Using this socket type make\n" " curl resolve the host name and passing the address on to the\n" " proxy.\n" "\n" " To specify proxy on a unix domain socket, use localhost for\n" -, stdout); - fputs( -" host, e.g. socks4://localhost/path/to/socket.sock\n" +" host, e.g. \"socks4://localhost/path/to/socket.sock\"\n" "\n" " This option overrides any previous use of -x, --proxy, as they\n" +, stdout); + fputs( " are mutually exclusive.\n" "\n" " This option is superfluous since you can specify a socks4 proxy\n" @@ -5433,11 +5432,11 @@ void hugehelp(void) "\n" " --preproxy can be used to specify a SOCKS proxy at the same time\n" " proxy is used with an HTTP/HTTPS proxy (added in 7.52.0). In\n" -, stdout); - fputs( " such a case, curl first connects to the SOCKS proxy and then\n" " connects (through SOCKS) to the HTTP or HTTPS proxy.\n" "\n" +, stdout); + fputs( " If --socks4 is provided several times, the last set value is\n" " used.\n" "\n" @@ -5447,30 +5446,28 @@ void hugehelp(void) " See also --socks4a, --socks5 and --socks5-hostname.\n" "\n" " --socks4a \n" -, stdout); - fputs( " Use the specified SOCKS4a proxy. If the port number is not spec-\n" " ified, it is assumed at port 1080. This asks the proxy to re-\n" " solve the host name.\n" "\n" +, stdout); + fputs( " To specify proxy on a unix domain socket, use localhost for\n" -" host, e.g. socks4a://localhost/path/to/socket.sock\n" +" host, e.g. \"socks4a://localhost/path/to/socket.sock\"\n" "\n" " This option overrides any previous use of -x, --proxy, as they\n" " are mutually exclusive.\n" "\n" -, stdout); - fputs( " This option is superfluous since you can specify a socks4a proxy\n" " with -x, --proxy using a socks4a:// protocol prefix.\n" "\n" " --preproxy can be used to specify a SOCKS proxy at the same time\n" +, stdout); + fputs( " -x, --proxy is used with an HTTP/HTTPS proxy (added in 7.52.0).\n" " In such a case, curl first connects to the SOCKS proxy and then\n" " connects (through SOCKS) to the HTTP or HTTPS proxy.\n" "\n" -, stdout); - fputs( " If --socks4a is provided several times, the last set value is\n" " used.\n" "\n" @@ -5479,36 +5476,36 @@ void hugehelp(void) "\n" " See also --socks4, --socks5 and --socks5-hostname.\n" "\n" -" --socks5-basic\n" -" Tells curl to use username/password authentication when connect-\n" -" ing to a SOCKS5 proxy. The username/password authentication is\n" , stdout); fputs( -" enabled by default. Use --socks5-gssapi to force GSS-API au-\n" -" thentication to SOCKS5 proxies.\n" +" --socks5-basic\n" +" Tells curl to use username/password authentication when connect-\n" +" ing to a SOCKS5 proxy. The username/password authentication is\n" +" enabled by default. Use --socks5-gssapi to force GSS-API authen-\n" +" tication to SOCKS5 proxies.\n" "\n" " Providing --socks5-basic multiple times has no extra effect.\n" "\n" " Example:\n" " curl --socks5-basic --socks5 hostname:4096 https://example.com\n" "\n" +, stdout); + fputs( " See also --socks5. Added in 7.55.0.\n" "\n" " --socks5-gssapi-nec\n" -" As part of the GSS-API negotiation a protection mode is negoti-\n" -, stdout); - fputs( -" ated. RFC 1961 says in section 4.3/4.4 it should be protected,\n" -" but the NEC reference implementation does not. The option\n" -" --socks5-gssapi-nec allows the unprotected exchange of the pro-\n" +" As part of the GSS-API negotiation a protection mode is negoti-\n" +" ated. RFC 1961 says in section 4.3/4.4 it should be protected,\n" +" but the NEC reference implementation does not. The option\n" +" --socks5-gssapi-nec allows the unprotected exchange of the pro-\n" " tection mode negotiation.\n" "\n" -" Providing --socks5-gssapi-nec multiple times has no extra ef-\n" +, stdout); + fputs( +" Providing --socks5-gssapi-nec multiple times has no extra ef-\n" " fect. Disable it again with --no-socks5-gssapi-nec.\n" "\n" " Example:\n" -, stdout); - fputs( " curl --socks5-gssapi-nec --socks5 hostname:4096 https://example.com\n" "\n" " See also --socks5.\n" @@ -5517,25 +5514,25 @@ void hugehelp(void) " The default service name for a socks server is rcmd/server-fqdn.\n" " This option allows you to change it.\n" "\n" -" If --socks5-gssapi-service is provided several times, the last\n" +, stdout); + fputs( +" If --socks5-gssapi-service is provided several times, the last\n" " set value is used.\n" "\n" " Example:\n" -, stdout); - fputs( " curl --socks5-gssapi-service sockd --socks5 hostname:4096 https://example.com\n" "\n" " See also --socks5.\n" "\n" " --socks5-gssapi\n" -" Tells curl to use GSS-API authentication when connecting to a\n" -" SOCKS5 proxy. The GSS-API authentication is enabled by default\n" -" (if curl is compiled with GSS-API support). Use --socks5-basic\n" -" to force username/password authentication to SOCKS5 proxies.\n" -"\n" +" Tells curl to use GSS-API authentication when connecting to a\n" +" SOCKS5 proxy. The GSS-API authentication is enabled by default\n" , stdout); fputs( -" Providing --socks5-gssapi multiple times has no extra effect.\n" +" (if curl is compiled with GSS-API support). Use --socks5-basic\n" +" to force username/password authentication to SOCKS5 proxies.\n" +"\n" +" Providing --socks5-gssapi multiple times has no extra effect.\n" " Disable it again with --no-socks5-gssapi.\n" "\n" " Example:\n" @@ -5544,103 +5541,103 @@ void hugehelp(void) " See also --socks5. Added in 7.55.0.\n" "\n" " --socks5-hostname \n" -" Use the specified SOCKS5 proxy (and let the proxy resolve the\n" -" host name). If the port number is not specified, it is assumed\n" , stdout); fputs( +" Use the specified SOCKS5 proxy (and let the proxy resolve the\n" +" host name). If the port number is not specified, it is assumed\n" " at port 1080.\n" "\n" -" To specify proxy on a unix domain socket, use localhost for\n" -" host, e.g. socks5h://localhost/path/to/socket.sock\n" +" To specify proxy on a unix domain socket, use localhost for\n" +" host, e.g. \"socks5h://localhost/path/to/socket.sock\"\n" "\n" -" This option overrides any previous use of -x, --proxy, as they\n" +" This option overrides any previous use of -x, --proxy, as they\n" " are mutually exclusive.\n" "\n" -" This option is superfluous since you can specify a socks5 host-\n" -" name proxy with -x, --proxy using a socks5h:// protocol prefix.\n" -"\n" , stdout); fputs( +" This option is superfluous since you can specify a socks5 host-\n" +" name proxy with -x, --proxy using a socks5h:// protocol prefix.\n" +"\n" " --preproxy can be used to specify a SOCKS proxy at the same time\n" -" -x, --proxy is used with an HTTP/HTTPS proxy (added in 7.52.0).\n" -" In such a case, curl first connects to the SOCKS proxy and then\n" +" -x, --proxy is used with an HTTP/HTTPS proxy (added in 7.52.0).\n" +" In such a case, curl first connects to the SOCKS proxy and then\n" " connects (through SOCKS) to the HTTP or HTTPS proxy.\n" "\n" -" If --socks5-hostname is provided several times, the last set\n" +, stdout); + fputs( +" If --socks5-hostname is provided several times, the last set\n" " value is used.\n" "\n" " Example:\n" -, stdout); - fputs( " curl --socks5-hostname proxy.example:7000 https://example.com\n" "\n" " See also --socks5 and --socks4a.\n" "\n" " --socks5 \n" -" Use the specified SOCKS5 proxy - but resolve the host name lo-\n" -" cally. If the port number is not specified, it is assumed at\n" +" Use the specified SOCKS5 proxy - but resolve the host name lo-\n" +" cally. If the port number is not specified, it is assumed at\n" " port 1080.\n" "\n" -" To specify proxy on a unix domain socket, use localhost for\n" -" host, e.g. socks5://localhost/path/to/socket.sock\n" -"\n" , stdout); fputs( -" This option overrides any previous use of -x, --proxy, as they\n" +" To specify proxy on a unix domain socket, use localhost for\n" +" host, e.g. \"socks5://localhost/path/to/socket.sock\"\n" +"\n" +" This option overrides any previous use of -x, --proxy, as they\n" " are mutually exclusive.\n" "\n" -" This option is superfluous since you can specify a socks5 proxy\n" +" This option is superfluous since you can specify a socks5 proxy\n" " with -x, --proxy using a socks5:// protocol prefix.\n" "\n" " --preproxy can be used to specify a SOCKS proxy at the same time\n" -" -x, --proxy is used with an HTTP/HTTPS proxy (added in 7.52.0).\n" , stdout); fputs( -" In such a case, curl first connects to the SOCKS proxy and then\n" +" -x, --proxy is used with an HTTP/HTTPS proxy (added in 7.52.0).\n" +" In such a case, curl first connects to the SOCKS proxy and then\n" " connects (through SOCKS) to the HTTP or HTTPS proxy.\n" "\n" -" This option (as well as --socks4) does not work with IPV6, FTPS\n" +" This option (as well as --socks4) does not work with IPV6, FTPS\n" " or LDAP.\n" "\n" -" If --socks5 is provided several times, the last set value is\n" +" If --socks5 is provided several times, the last set value is\n" " used.\n" "\n" " Example:\n" +, stdout); + fputs( " curl --socks5 proxy.example:7000 https://example.com\n" "\n" " See also --socks5-hostname and --socks4a.\n" "\n" -, stdout); - fputs( " -Y, --speed-limit \n" -" If a transfer is slower than this given speed (in bytes per sec-\n" -" ond) for speed-time seconds it gets aborted. speed-time is set\n" -" with -y, --speed-time and is 30 if not set.\n" -"\n" -" If -Y, --speed-limit is provided several times, the last set\n" -" value is used.\n" +" If a transfer is slower than this set speed (in bytes per sec-\n" +" ond) for a given number of seconds, it gets aborted. The time\n" +" period is set with -y, --speed-time and is 30 seconds by de-\n" +" fault.\n" "\n" +" If --speed-limit is provided several times, the last set value\n" +, stdout); + fputs( +" is used.\n" " Example:\n" " curl --speed-limit 300 --speed-time 10 https://example.com\n" "\n" -, stdout); - fputs( " See also -y, --speed-time, --limit-rate and -m, --max-time.\n" "\n" " -y, --speed-time \n" " If a transfer runs slower than speed-limit bytes per second dur-\n" -" ing a speed-time period, the transfer is aborted. If speed-time\n" -" is used, the default speed-limit is 1 unless set with -Y,\n" +" ing a speed-time period, the transfer is aborted. If speed-time\n" +" is used, the default speed-limit is 1 unless set with -Y,\n" " --speed-limit.\n" "\n" -" This option controls transfers (in both directions) but does not\n" , stdout); fputs( -" affect slow connects etc. If this is a concern for you, try the\n" +" This option controls transfers (in both directions) but does not\n" +" affect slow connects etc. If this is a concern for you, try the\n" " --connect-timeout option.\n" "\n" -" If -y, --speed-time is provided several times, the last set\n" -" value is used.\n" +" If --speed-time is provided several times, the last set value is\n" +" used.\n" "\n" " Example:\n" " curl --speed-limit 300 --speed-time 10 https://example.com\n" @@ -5648,34 +5645,34 @@ void hugehelp(void) " See also -Y, --speed-limit and --limit-rate.\n" "\n" " --ssl-allow-beast\n" -" This option tells curl to not work around a security flaw in the\n" , stdout); fputs( -" SSL3 and TLS1.0 protocols known as BEAST. If this option is not\n" -" used, the SSL layer may use workarounds known to cause interop-\n" -" erability problems with some older SSL implementations.\n" +" (TLS) This option tells curl to not work around a security flaw\n" +" in the SSL3 and TLS1.0 protocols known as BEAST. If this option\n" +" is not used, the SSL layer may use workarounds known to cause\n" +" interoperability problems with some older SSL implementations.\n" "\n" " WARNING: this option loosens the SSL security, and by using this\n" " flag you ask for exactly that.\n" "\n" +, stdout); + fputs( " Providing --ssl-allow-beast multiple times has no extra effect.\n" " Disable it again with --no-ssl-allow-beast.\n" "\n" -, stdout); - fputs( " Example:\n" " curl --ssl-allow-beast https://example.com\n" "\n" " See also --proxy-ssl-allow-beast and -k, --insecure.\n" "\n" " --ssl-auto-client-cert\n" -" (Schannel) Tell libcurl to automatically locate and use a client\n" -" certificate for authentication, when requested by the server.\n" -" Since the server can request any certificate that supports\n" -" client authentication in the OS certificate store it could be a\n" +" (TLS) (Schannel) Tell libcurl to automatically locate and use a\n" +" client certificate for authentication, when requested by the\n" , stdout); fputs( -" privacy violation and unexpected.\n" +" server. Since the server can request any certificate that sup-\n" +" ports client authentication in the OS certificate store it could\n" +" be a privacy violation and unexpected.\n" "\n" " Providing --ssl-auto-client-cert multiple times has no extra ef-\n" " fect. Disable it again with --no-ssl-auto-client-cert.\n" @@ -5683,44 +5680,46 @@ void hugehelp(void) " Example:\n" " curl --ssl-auto-client-cert https://example.com\n" "\n" +, stdout); + fputs( " See also --proxy-ssl-auto-client-cert. Added in 7.77.0.\n" "\n" " --ssl-no-revoke\n" -" (Schannel) This option tells curl to disable certificate revoca-\n" -, stdout); - fputs( -" tion checks. WARNING: this option loosens the SSL security, and\n" -" by using this flag you ask for exactly that.\n" +" (TLS) (Schannel) This option tells curl to disable certificate\n" +" revocation checks. WARNING: this option loosens the SSL secu-\n" +" rity, and by using this flag you ask for exactly that.\n" "\n" " Providing --ssl-no-revoke multiple times has no extra effect.\n" " Disable it again with --no-ssl-no-revoke.\n" "\n" " Example:\n" +, stdout); + fputs( " curl --ssl-no-revoke https://example.com\n" "\n" " See also --crlfile.\n" "\n" " --ssl-reqd\n" " (FTP IMAP POP3 SMTP LDAP) Require SSL/TLS for the connection.\n" -, stdout); - fputs( " Terminates the connection if the transfer cannot be upgraded to\n" " use SSL/TLS.\n" "\n" " This option is handled in LDAP (added in 7.81.0). It is fully\n" " supported by the OpenLDAP backend and rejected by the generic\n" +, stdout); + fputs( " ldap backend if explicit TLS is required.\n" "\n" " This option is unnecessary if you use a URL scheme that in it-\n" " self implies immediate and implicit use of TLS, like for FTPS,\n" -, stdout); - fputs( " IMAPS, POP3S, SMTPS and LDAPS. Such a transfer always fails if\n" " the TLS handshake does not work.\n" "\n" " This option was formerly known as --ftp-ssl-reqd.\n" "\n" " Providing --ssl-reqd multiple times has no extra effect. Dis-\n" +, stdout); + fputs( " able it again with --no-ssl-reqd.\n" "\n" " Example:\n" @@ -5729,99 +5728,97 @@ void hugehelp(void) " See also --ssl and -k, --insecure.\n" "\n" " --ssl-revoke-best-effort\n" +" (TLS) (Schannel) This option tells curl to ignore certificate\n" +" revocation checks when they failed due to missing/offline dis-\n" +" tribution points for the revocation check lists.\n" +"\n" , stdout); fputs( -" (Schannel) This option tells curl to ignore certificate revoca-\n" -" tion checks when they failed due to missing/offline distribution\n" -" points for the revocation check lists.\n" -"\n" -" Providing --ssl-revoke-best-effort multiple times has no extra\n" +" Providing --ssl-revoke-best-effort multiple times has no extra\n" " effect. Disable it again with --no-ssl-revoke-best-effort.\n" "\n" " Example:\n" " curl --ssl-revoke-best-effort https://example.com\n" "\n" -, stdout); - fputs( " See also --crlfile and -k, --insecure. Added in 7.70.0.\n" "\n" -" --ssl (FTP IMAP POP3 SMTP LDAP) Warning: this is considered an inse-\n" -" cure option. Consider using --ssl-reqd instead to be sure curl\n" -" upgrades to a secure connection.\n" -"\n" -" Try to use SSL/TLS for the connection. Reverts to a non-secure\n" -" connection if the server does not support SSL/TLS. See also\n" +" --ssl (FTP IMAP POP3 SMTP LDAP) Warning: this is considered an inse-\n" +" cure option. Consider using --ssl-reqd instead to be sure curl\n" , stdout); fputs( +" upgrades to a secure connection.\n" +"\n" +" Try to use SSL/TLS for the connection. Reverts to a non-secure\n" +" connection if the server does not support SSL/TLS. See also\n" " --ftp-ssl-control and --ssl-reqd for different levels of encryp-\n" " tion required.\n" "\n" -" This option is handled in LDAP (added in 7.81.0). It is fully\n" -" supported by the OpenLDAP backend and ignored by the generic\n" +" This option is handled in LDAP (added in 7.81.0). It is fully\n" +" supported by the OpenLDAP backend and ignored by the generic\n" +, stdout); + fputs( " ldap backend.\n" "\n" -" Please note that a server may close the connection if the nego-\n" +" Please note that a server may close the connection if the nego-\n" " tiation does not succeed.\n" "\n" -" This option was formerly known as --ftp-ssl. That option name\n" -, stdout); - fputs( +" This option was formerly known as --ftp-ssl. That option name\n" " can still be used but might be removed in a future version.\n" "\n" -" Providing --ssl multiple times has no extra effect. Disable it\n" +" Providing --ssl multiple times has no extra effect. Disable it\n" " again with --no-ssl.\n" "\n" " Example:\n" " curl --ssl pop3://example.com/\n" "\n" +, stdout); + fputs( " See also --ssl-reqd, -k, --insecure and --ciphers.\n" "\n" " -2, --sslv2\n" " (SSL) This option previously asked curl to use SSLv2, but is now\n" -, stdout); - fputs( -" ignored (added in 7.77.0). SSLv2 is widely considered insecure\n" +" ignored (added in 7.77.0). SSLv2 is widely considered insecure\n" " (see RFC 6176).\n" "\n" -" Providing -2, --sslv2 multiple times has no extra effect.\n" +" Providing --sslv2 multiple times has no extra effect.\n" "\n" " Example:\n" " curl --sslv2 https://example.com\n" "\n" -" See also --http1.1 and --http2. -2, --sslv2 requires that the\n" -" underlying libcurl was built to support TLS. This option is mu-\n" -" tually exclusive to -3, --sslv3 and -1, --tlsv1 and --tlsv1.1\n" +" See also --http1.1 and --http2. -2, --sslv2 requires that the\n" , stdout); fputs( +" underlying libcurl was built to support TLS. This option is mu-\n" +" tually exclusive to -3, --sslv3 and -1, --tlsv1 and --tlsv1.1\n" " and --tlsv1.2.\n" "\n" " -3, --sslv3\n" " (SSL) This option previously asked curl to use SSLv3, but is now\n" -" ignored (added in 7.77.0). SSLv3 is widely considered insecure\n" +" ignored (added in 7.77.0). SSLv3 is widely considered insecure\n" " (see RFC 7568).\n" "\n" -" Providing -3, --sslv3 multiple times has no extra effect.\n" +" Providing --sslv3 multiple times has no extra effect.\n" "\n" " Example:\n" -" curl --sslv3 https://example.com\n" -"\n" -" See also --http1.1 and --http2. -3, --sslv3 requires that the\n" , stdout); fputs( -" underlying libcurl was built to support TLS. This option is mu-\n" -" tually exclusive to -2, --sslv2 and -1, --tlsv1 and --tlsv1.1\n" +" curl --sslv3 https://example.com\n" +"\n" +" See also --http1.1 and --http2. -3, --sslv3 requires that the\n" +" underlying libcurl was built to support TLS. This option is mu-\n" +" tually exclusive to -2, --sslv2 and -1, --tlsv1 and --tlsv1.1\n" " and --tlsv1.2.\n" "\n" " --stderr \n" -" Redirect all writes to stderr to the specified file instead. If\n" +" Redirect all writes to stderr to the specified file instead. If\n" " the file name is a plain '-', it is instead written to stdout.\n" "\n" +, stdout); + fputs( " This option is global and does not need to be specified for each\n" " use of --next.\n" "\n" -, stdout); - fputs( -" If --stderr is provided several times, the last set value is\n" +" If --stderr is provided several times, the last set value is\n" " used.\n" "\n" " Example:\n" @@ -5830,37 +5827,37 @@ void hugehelp(void) " See also -v, --verbose and -s, --silent.\n" "\n" " --styled-output\n" -" Enables the automatic use of bold font styles when writing HTTP\n" -" headers to the terminal. Use --no-styled-output to switch them\n" -" off.\n" -"\n" +" Enables the automatic use of bold font styles when writing HTTP\n" , stdout); fputs( +" headers to the terminal. Use --no-styled-output to switch them\n" +" off.\n" +"\n" " Styled output requires a terminal that supports bold fonts. This\n" -" feature is not present on curl for Windows due to lack of this\n" +" feature is not present on curl for Windows due to lack of this\n" " capability.\n" "\n" " This option is global and does not need to be specified for each\n" " use of --next.\n" "\n" -" Providing --styled-output multiple times has no extra effect.\n" +" Providing --styled-output multiple times has no extra effect.\n" +, stdout); + fputs( " Disable it again with --no-styled-output.\n" "\n" " Example:\n" -, stdout); - fputs( " curl --styled-output -I https://example.com\n" "\n" " See also -I, --head and -v, --verbose. Added in 7.61.0.\n" "\n" " --suppress-connect-headers\n" -" When -p, --proxytunnel is used and a CONNECT request is made do\n" -" not output proxy CONNECT response headers. This option is meant\n" -" to be used with -D, --dump-header or -i, --include which are\n" -" used to show protocol headers in the output. It has no effect on\n" +" When -p, --proxytunnel is used and a CONNECT request is made do\n" +" not output proxy CONNECT response headers. This option is meant\n" +" to be used with -D, --dump-header or -i, --include which are\n" , stdout); fputs( -" debug options such as -v, --verbose or --trace, or any statis-\n" +" used to show protocol headers in the output. It has no effect on\n" +" debug options such as -v, --verbose or --trace, or any statis-\n" " tics.\n" "\n" " Providing --suppress-connect-headers multiple times has no extra\n" @@ -5869,41 +5866,40 @@ void hugehelp(void) " Example:\n" " curl --suppress-connect-headers --include -x proxy https://example.com\n" "\n" +, stdout); + fputs( " See also -D, --dump-header, -i, --include and -p, --proxytunnel.\n" " Added in 7.54.0.\n" "\n" " --tcp-fastopen\n" +" Enable use of TCP Fast Open (RFC 7413). TCP Fast Open is a TCP\n" +" extension that allows data to get sent earlier over the connec-\n" +" tion (before the final handshake ACK) if the client and server\n" +" have been connected previously.\n" "\n" +" Providing --tcp-fastopen multiple times has no extra effect.\n" , stdout); fputs( -" Enable use of TCP Fast Open (RFC 7413). TCP Fast Open is a TCP\n" -" extension that allows data to get sent earlier over the connec-\n" -" tion (before the final handshake ACK) if the client and server\n" -" have been connected previously.\n" -"\n" -" Providing --tcp-fastopen multiple times has no extra effect.\n" " Disable it again with --no-tcp-fastopen.\n" "\n" " Example:\n" " curl --tcp-fastopen https://example.com\n" "\n" -, stdout); - fputs( " See also --false-start.\n" "\n" " --tcp-nodelay\n" -" Turn on the TCP_NODELAY option. See the curl_easy_setopt(3) man\n" +" Turn on the TCP_NODELAY option. See the curl_easy_setopt(3) man\n" " page for details about this option.\n" "\n" -" curl sets this option by default and you need to explicitly\n" +" curl sets this option by default and you need to explicitly\n" " switch it off if you do not want it on (added in 7.50.2).\n" "\n" -" Providing --tcp-nodelay multiple times has no extra effect.\n" +, stdout); + fputs( +" Providing --tcp-nodelay multiple times has no extra effect.\n" " Disable it again with --no-tcp-nodelay.\n" "\n" " Example:\n" -, stdout); - fputs( " curl --tcp-nodelay https://example.com\n" "\n" " See also -N, --no-buffer.\n" @@ -5911,30 +5907,33 @@ void hugehelp(void) " -t, --telnet-option \n" " Pass options to the telnet protocol. Supported options are:\n" "\n" -" TTYPE= Sets the terminal type.\n" +" `TTYPE=`\n" +" Sets the terminal type.\n" "\n" -" XDISPLOC= Sets the X display location.\n" +" `XDISPLOC=`\n" +, stdout); + fputs( +" Sets the X display location.\n" "\n" -" NEW_ENV= Sets an environment variable.\n" +" `NEW_ENV=`\n" +" Sets an environment variable.\n" "\n" -" -t, --telnet-option can be used several times in a command line\n" +" --telnet-option can be used several times in a command line\n" "\n" " Example:\n" -, stdout); - fputs( " curl -t TTYPE=vt100 telnet://example.com/\n" "\n" " See also -K, --config.\n" " --tftp-blksize \n" -" (TFTP) Set the TFTP BLKSIZE option (must be >512). This is the\n" -" block size that curl tries to use when transferring data to or\n" +" (TFTP) Set the TFTP BLKSIZE option (must be >512). This is the\n" +, stdout); + fputs( +" block size that curl tries to use when transferring data to or\n" " from a TFTP server. By default 512 bytes are used.\n" "\n" -" If --tftp-blksize is provided several times, the last set value\n" +" If --tftp-blksize is provided several times, the last set value\n" " is used.\n" " Example:\n" -, stdout); - fputs( " curl --tftp-blksize 1024 tftp://example.com/file\n" "\n" " See also --tftp-no-options.\n" @@ -5942,13 +5941,13 @@ void hugehelp(void) " --tftp-no-options\n" " (TFTP) Tells curl not to send TFTP options requests.\n" "\n" -" This option improves interop with some legacy servers that do\n" -" not acknowledge or properly implement TFTP options. When this\n" -" option is used --tftp-blksize is ignored.\n" -"\n" -" Providing --tftp-no-options multiple times has no extra effect.\n" , stdout); fputs( +" This option improves interop with some legacy servers that do\n" +" not acknowledge or properly implement TFTP options. When this\n" +" option is used --tftp-blksize is ignored.\n" +"\n" +" Providing --tftp-no-options multiple times has no extra effect.\n" " Disable it again with --no-tftp-no-options.\n" "\n" " Example:\n" @@ -5956,40 +5955,42 @@ void hugehelp(void) "\n" " See also --tftp-blksize.\n" "\n" +, stdout); + fputs( " -z, --time-cond