#
eb77297c |
| 13-Oct-2024 |
Daniel Stenberg |
lib: move curl_path.[ch] into vssh/ As this contains code only used by SSH backends. Closes #15284
|
#
fba9afeb |
| 23-Apr-2024 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
mbedTLS: implement CURLOPT_SSL_CIPHER_LIST option Use a lookup list to set the cipher suites, allowing the ciphers to be set by either openssl or IANA names. To keep the binary
mbedTLS: implement CURLOPT_SSL_CIPHER_LIST option Use a lookup list to set the cipher suites, allowing the ciphers to be set by either openssl or IANA names. To keep the binary size of the lookup list down we compress each entry in the cipher list down to 2 + 6 bytes using the C preprocessor. Closes #13442
show more ...
|
#
7860f575 |
| 28-Nov-2023 |
Jay Satiro |
dllmain: Call OpenSSL thread cleanup for Windows and Cygwin - Call OPENSSL_thread_stop on thread termination (DLL_THREAD_DETACH) to prevent a memory leak in case OpenSSL is linked stat
dllmain: Call OpenSSL thread cleanup for Windows and Cygwin - Call OPENSSL_thread_stop on thread termination (DLL_THREAD_DETACH) to prevent a memory leak in case OpenSSL is linked statically. - Warn in libcurl-thread.3 that if OpenSSL is linked statically then it may require thread cleanup. OpenSSL may need per-thread cleanup to stop a memory leak. For Windows and Cygwin if libcurl was built as a DLL then we can do that for the user by calling OPENSSL_thread_stop on thread termination. However, if libcurl was built statically then we do not have notification of thread termination and cannot do that for the user. Also, there are several other unusual cases where it may be necessary for the user to call OPENSSL_thread_stop, so in the libcurl-thread warning I added a link to the OpenSSL documentation. Co-authored-by: Viktor Szakats Reported-by: southernedge@users.noreply.github.com Reported-by: zmcx16@users.noreply.github.com Ref: https://www.openssl.org/docs/man3.0/man3/OPENSSL_thread_stop.html#NOTES Fixes https://github.com/curl/curl/issues/12327 Closes https://github.com/curl/curl/pull/12408
show more ...
|
#
50def7c8 |
| 31-Mar-2024 |
Daniel Stenberg |
NTLM_WB: drop support The feature has not worked for months and has been marked as DEPRECATED for six+ months. Closes #13249
|
#
59298221 |
| 14-Feb-2024 |
Stefan Eissing |
lib: send rework Curl_read/Curl_write clarifications - replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to 1clarify when and at what level they operate - sen
lib: send rework Curl_read/Curl_write clarifications - replace `Curl_read()`, `Curl_write()` and `Curl_nwrite()` to 1clarify when and at what level they operate - send/recv of transfer related data is now done via `Curl_xfer_send()/Curl_xfer_recv()` which no longer has socket/socketindex as parameter. It decides on the transfer setup of `conn->sockfd` and `conn->writesockfd` on which connection filter chain to operate. - send/recv on a specific connection filter chain is done via `Curl_conn_send()/Curl_conn_recv()` which get the socket index as parameter. - rename `Curl_setup_transfer()` to `Curl_xfer_setup()` for naming consistency - clarify that the special CURLE_AGAIN handling to return `CURLE_OK` with length 0 only applies to `Curl_xfer_send()` and CURLE_AGAIN is returned by all other send() variants. SingleRequest reshuffling - move functions into request.[ch] - differentiate between reset and free - add Curl_req_done() to perform last actions - add a send `bufq` to SingleRequest for future use in keeping upload data Closes #12963
show more ...
|
#
463472a2 |
| 07-Feb-2024 |
Stefan Eissing |
lib: move client writer into own source Refactoring of the client writer that passes the data to the client/application's callback functions. - split out into own source cw-out.
lib: move client writer into own source Refactoring of the client writer that passes the data to the client/application's callback functions. - split out into own source cw-out.[ch] from sendf.c - move tempwrite and tempcount from data->state into the context of the client writer - redesign the 3 tempwrite dynbufs as a linked list of dynbufs. On paused transfers, this allows to "record" interleaved HEADER/BODY chunks to be "played back" in the same order on unpausing. - keep the overall size limit of all buffered data to DYN_PAUSE_BUFFER. On exceeding that, return CURLE_TOO_LARGE instead of CURLE_OUT_OF_MEMORY as before. - add method to be called when a transfer is DONE to allow writing of any data still buffered - when paused, record HEADER writes exactly as they come for later playback. HEADERs are documented to be written one-by-one. Closes #12898
show more ...
|
#
cbe41d15 |
| 07-Feb-2024 |
Evgeny Grin (Karlson2k) |
SHA-512/256: implement hash algorithm Closes #12897
|
#
0535f6ec |
| 18-Jan-2024 |
Stefan Eissing |
http3: initial support for OpenSSL 3.2 QUIC stack - HTTP/3 for curl using OpenSSL's own QUIC stack together with nghttp3 - configure with `--with-openssl-quic` to enable curl to
http3: initial support for OpenSSL 3.2 QUIC stack - HTTP/3 for curl using OpenSSL's own QUIC stack together with nghttp3 - configure with `--with-openssl-quic` to enable curl to build this. This requires the nghttp3 library - implementation with the following restrictions: * macOS has to use an unconnected UDP socket due to an issue in OpenSSL's datagram implementation See https://github.com/openssl/openssl/issues/23251 This makes connections to non-reponsive servers hang. * GET requests will send the indicator that they have no body in a separate QUIC packet. This may result in processing delays or Transfer-Encodings on proxied requests * uploads that encounter blocks will use 100% cpu as detection of these flow control issue is not working (we have not figured out to pry that from OpenSSL). Closes #12734
show more ...
|
#
5d044ad9 |
| 09-Jan-2024 |
Stefan Eissing |
vquic: extract TLS setup into own source - separate ngtcp2 specific parts out - provide callback during init to allow ngtcp2 to apply its defaults Closes #12678
|
#
83ec54e1 |
| 03-Oct-2023 |
Viktor Szakats |
build: alpha-sort source files for lib and src Closes #12014
|
#
78d6232f |
| 07-Aug-2023 |
Daniel Stenberg |
gskit: remove We remove support for building curl with gskit. - This is a niche TLS library, only running on some IBM systems - no regular curl contributors use this backend
gskit: remove We remove support for building curl with gskit. - This is a niche TLS library, only running on some IBM systems - no regular curl contributors use this backend - no CI builds use or verify this backend - gskit, or the curl adaption for it, lacks many modern TLS features making it an inferior solution - build breakages in this code take weeks or more to get detected - fixing gskit code is mostly done "flying blind" This removal has been advertized in DEPRECATED in Jan 2, 2023 and it has been mentioned on the curl-library mailing list. It could be brought back, this is not a ban. Given proper effort and will, gskit support is welcome back into the curl TLS backend family. Closes #11460
show more ...
|
#
e12b39e1 |
| 03-Aug-2023 |
Stefan Eissing |
trace: make tracing available in non-debug builds Add --trace-config to curl Add curl_global_trace() to libcurl Closes #11421
|
#
7c8bae0d |
| 29-Jul-2023 |
Daniel Stenberg |
nss: remove support for this TLS library Closes #11459
|
#
c7308592 |
| 05-Jun-2023 |
Stan Hu |
hostip.c: Move macOS-specific calls into global init call https://github.com/curl/curl/pull/7121 introduced a macOS system call to `SCDynamicStoreCopyProxies`, which is invoked every tim
hostip.c: Move macOS-specific calls into global init call https://github.com/curl/curl/pull/7121 introduced a macOS system call to `SCDynamicStoreCopyProxies`, which is invoked every time an IP address needs to be resolved. However, this system call is not thread-safe, and macOS will kill the process if the system call is run first in a fork. To make it possible for the parent process to call this once and prevent the crash, only invoke this system call in the global initialization routine. In addition, this change is beneficial because it: 1. Avoids extra macOS system calls for every IP lookup. 2. Consolidates macOS-specific initialization in a separate file. Fixes #11252 Closes #11254
show more ...
|
#
3f8fc257 |
| 09-May-2023 |
Viktor Szakats |
cmake: add support for "unity" builds Aka "jumbo" or "amalgamation" builds. It means to compile all sources per target as a single C source. This is experimental. You can enable
cmake: add support for "unity" builds Aka "jumbo" or "amalgamation" builds. It means to compile all sources per target as a single C source. This is experimental. You can enable it by passing `-DCMAKE_UNITY_BUILD=ON` to cmake. It requires CMake 3.16 or newer. It makes builds (much) faster, allows for better optimizations and tends to promote less ambiguous code. Also add a new AppVeyor CI job and convert an existing one to use "unity" mode (one MSVC, one MinGW), and enable it for one macOS CI job. Fix related issues: - add missing include guard to `easy_lock.h`. - rename static variables and functions (and a macro) with names reused across sources, or shadowed by local variables. - add an `#undef` after use. - add a missing `#undef` before use. - move internal definitions from `ftp.h` to `ftp.c`. - `curl_memory.h` fixes to make it work when included repeatedly. - stop building/linking curlx bits twice for a static-mode curl tool. These caused doubly defined symbols in unity builds. - silence missing extern declarations compiler warning for ` _CRT_glob`. - fix extern declarations for `tool_freq` and `tool_isVistaOrGreater`. - fix colliding static symbols in debug mode: `debugtime()` and `statename`. - rename `ssl_backend_data` structure to unique names for each TLS-backend, along with the `ssl_connect_data` struct member referencing them. This required adding casts for each access. - add workaround for missing `[P]UNICODE_STRING` types in certain Windows builds when compiling `lib/ldap.c`. To support "unity" builds, we had to enable `SCHANNEL_USE_BLACKLISTS` for Schannel (a Windows `schannel.h` option) _globally_. This caused an indirect inclusion of Windows `schannel.h` from `ldap.c` via `winldap.h` to have it enabled as well. This requires `[P]UNICODE_STRING` types, which is apperantly not defined automatically (as seen with both MSVS and mingw-w64). This patch includes `<subauth.h>` to fix it. Ref: https://github.com/curl/curl/runs/13987772013 Ref: https://dev.azure.com/daniel0244/curl/_build/results?buildId=15827&view=logs&jobId=2c9f582d-e278-56b6-4354-f38a4d851906&j=2c9f582d-e278-56b6-4354-f38a4d851906&t=90509b00-34fa-5a81-35d7-5ed9569d331c - tweak unity builds to compile `lib/memdebug.c` separately in memory trace builds to avoid PP confusion. - force-disable unity for test programs. - do not compile and link libcurl sources to libtests _twice_ when libcurl is built in static mode. KNOWN ISSUES: - running tests with unity builds may fail in cases. - some build configurations/env may not compile in unity mode. E.g.: https://ci.appveyor.com/project/curlorg/curl/builds/47230972/job/51wfesgnfuauwl8q#L250 Ref: https://github.com/libssh2/libssh2/issues/1034 Ref: https://cmake.org/cmake/help/latest/prop_tgt/UNITY_BUILD.html Ref: https://en.wikipedia.org/wiki/Unity_build Closes #11095
show more ...
|
#
fc2f1e54 |
| 14-Apr-2023 |
Stefan Eissing |
http2: support HTTP/2 to forward proxies, non-tunneling - with `--proxy-http2` allow h2 ALPN negotiation to forward proxies - applies to http: requests against a https: proxy only,
http2: support HTTP/2 to forward proxies, non-tunneling - with `--proxy-http2` allow h2 ALPN negotiation to forward proxies - applies to http: requests against a https: proxy only, as https: requests will auto-tunnel - adding a HTTP/1 request parser in http1.c - removed h2h3.c - using new request parser in nghttp2 and all h3 backends - adding test 2603 for request parser - adding h2 proxy test cases to test_10_* scorecard.py: request scoring accidentally always run curl with '-v'. Removed that, expect double numbers. labeller: added http1.* and h2-proxy sources to detection Closes #10967
show more ...
|
#
4ae2d9f2 |
| 06-Apr-2023 |
Stefan Eissing |
proxy: http2 proxy tunnel implementation - currently only on debug build and when env variable CURL_PROXY_TUNNEL_H2 is present. - will ALPN negotiate with the proxy server and swit
proxy: http2 proxy tunnel implementation - currently only on debug build and when env variable CURL_PROXY_TUNNEL_H2 is present. - will ALPN negotiate with the proxy server and switch tunnel filter based on the protocol negotiated. - http/1.1 tunnel code moved into cf-h1-proxy.[ch] - http/2 tunnel code implemented in cf-h2-proxy.[ch] - tunnel start and ALPN set remains in http_proxy.c - moving all haproxy related code into cf-haproxy.[ch] VTLS changes - SSL filters rely solely on the "alpn" specification they are created with and no longer check conn->bits.tls_enable_alpn. - checks on which ALPN specification to use (or none at all) are done in vtls.c when creating the filter. Testing - added a nghttpx forward proxy to the pytest setup that speaks HTTP/2 and forwards all requests to the Apache httpd forward proxy server. - extending test coverage in test_10 cases - adding proxy tests for direct/tunnel h1/h2 use of basic auth. - adding test for http/1.1 and h2 proxy tunneling to pytest Closes #10780
show more ...
|
#
61f52a97 |
| 20-Mar-2023 |
Stefan Eissing |
lib: add `bufq` and `dynhds` Adding `bufq`: - at init() time configured to hold up to `n` chunks of `m` bytes each. - various methods for reading from and writing to it. - `peek`
lib: add `bufq` and `dynhds` Adding `bufq`: - at init() time configured to hold up to `n` chunks of `m` bytes each. - various methods for reading from and writing to it. - `peek` support to get access to buffered data without copy - `pass` support to allow buffer flushing on write if it becomes full - use case: IO buffers for dynamic reads and writes that do not blow up - distinct from `dynbuf` in that: - it maintains a read position - writes on a full bufq return CURLE_AGAIN instead of nuking itself - Init options: - SOFT_LIMIT: allow writes into a full bufq - NO_SPARES: free empty chunks right away - a `bufc_pool` that can keep a number of spare chunks to be shared between different `bufq` instances Adding `dynhds`: - a straightforward list of name+value pairs as used for HTTP headers - headers can be appended dynamically - headers can be removed again - headers can be replaced - headers can be looked up - http/1.1 formatting into a `dynbuf` - configured at init() with limits on header counts and total string sizes - use case: pass a HTTP request or response around without being version specific - express a HTTP request without a curl easy handle (used in h2 proxy tunnels) - future extension possibilities: - conversions of `dynhds` to nghttp2/nghttp3 name+value arrays Closes #10720
show more ...
|
#
56d5c07b |
| 28-Feb-2023 |
Daniel Stenberg |
wildcard: remove files and move functions into ftplistparser.c
|
#
9deebd31 |
| 01-Mar-2023 |
Stefan Eissing |
lib: give source files cf-http.* better fitting names Closes #10656
|
#
67115824 |
| 01-Feb-2023 |
Stefan Eissing |
connections: introduce http/3 happy eyeballs New cfilter HTTP-CONNECT for h3/h2/http1.1 eyeballing. - filter is installed when `--http3` in the tool is used (or the equivalent CURL
connections: introduce http/3 happy eyeballs New cfilter HTTP-CONNECT for h3/h2/http1.1 eyeballing. - filter is installed when `--http3` in the tool is used (or the equivalent CURLOPT_ done in the library) - starts a QUIC/HTTP/3 connect right away. Should that not succeed after 100ms (subject to change), a parallel attempt is started for HTTP/2 and HTTP/1.1 via TCP - both attempts are subject to IPv6/IPv4 eyeballing, same as happens for other connections - tie timeout to the ip-version HAPPY_EYEBALLS_TIMEOUT - use a `soft` timeout at half the value. When the soft timeout expires, the HTTPS-CONNECT filter checks if the QUIC filter has received any data from the server. If not, it will start the HTTP/2 attempt. HTTP/3(ngtcp2) improvements. - setting call_data in all cfilter calls similar to http/2 and vtls filters for use in callback where no stream data is available. - returning CURLE_PARTIAL_FILE for prematurely terminated transfers - enabling pytest test_05 for h3 - shifting functionality to "connect" UDP sockets from ngtcp2 implementation into the udp socket cfilter. Because unconnected UDP sockets are weird. For example they error when adding to a pollset. HTTP/3(quiche) improvements. - fixed upload bug in quiche implementation, now passes 251 and pytest - error codes on stream RESET - improved debug logs - handling of DRAIN during connect - limiting pending event queue HTTP/2 cfilter improvements. - use LOG_CF macros for dynamic logging in debug build - fix CURLcode on RST streams to be CURLE_PARTIAL_FILE - enable pytest test_05 for h2 - fix upload pytests and improve parallel transfer performance. GOAWAY handling for ngtcp2/quiche - during connect, when the remote server refuses to accept new connections and closes immediately (so the local conn goes into DRAIN phase), the connection is torn down and a another attempt is made after a short grace period. This is the behaviour observed with nghttpx when we tell it to shut down gracefully. Tested in pytest test_03_02. TLS improvements - ALPN selection for SSL/SSL-PROXY filters in one vtls set of functions, replaces copy of logic in all tls backends. - standardized the infof logging of offered ALPNs - ALPN negotiated: have common function for all backends that sets alpn proprty and connection related things based on the negotiated protocol (or lack thereof). - new tests/tests-httpd/scorecard.py for testing h3/h2 protocol implementation. Invoke: python3 tests/tests-httpd/scorecard.py --help for usage. Improvements on gathering connect statistics and socket access. - new CF_CTRL_CONN_REPORT_STATS cfilter control for having cfilters report connection statistics. This is triggered when the connection has completely connected. - new void Curl_pgrsTimeWas(..) method to report a timer update with a timestamp of when it happend. This allows for updating timers "later", e.g. a connect statistic after full connectivity has been reached. - in case of HTTP eyeballing, the previous changes will update statistics only from the filter chain that "won" the eyeballing. - new cfilter query CF_QUERY_SOCKET for retrieving the socket used by a filter chain. Added methods Curl_conn_cf_get_socket() and Curl_conn_get_socket() for convenient use of this query. - Change VTLS backend to query their sub-filters for the socket when checks during the handshake are made. HTTP/3 documentation on how https eyeballing works. TLS improvements - ALPN selection for SSL/SSL-PROXY filters in one vtls set of functions, replaces copy of logic in all tls backends. - standardized the infof logging of offered ALPNs - ALPN negotiated: have common function for all backends that sets alpn proprty and connection related things based on the negotiated protocol (or lack thereof). Scorecard with Caddy. - configure can be run with `--with-test-caddy=path` to specify which caddy to use for testing - tests/tests-httpd/scorecard.py now measures download speeds with caddy pytest improvements - adding Makfile to clean gen dir - adding nghttpx rundir creation on start - checking httpd version 2.4.55 for test_05 cases where it is needed. Skipping with message if too old. - catch exception when checking for caddy existance on system. Closes #10349
show more ...
|
#
db91dbbf |
| 11-Jan-2023 |
Stefan Eissing |
curl_log: for failf/infof and debug logging implementations - new functions and macros for cfilter debugging - set CURL_DEBUG with names of cfilters where debug logging should be
curl_log: for failf/infof and debug logging implementations - new functions and macros for cfilter debugging - set CURL_DEBUG with names of cfilters where debug logging should be enabled - use GNUC __attribute__ to enable printf format checks during compile Closes #10271
show more ...
|
#
446267c5 |
| 05-Jan-2023 |
Stefan Eissing |
quic: rename vquic implementations, fix for quiche build. - quiche in debug mode did not build, fixed. - moved all vquic implementation files to prefix curl_* to avoid the potentia
quic: rename vquic implementations, fix for quiche build. - quiche in debug mode did not build, fixed. - moved all vquic implementation files to prefix curl_* to avoid the potential mixups between provided .h files and our own. - quich passes test 2500 and 2502. 2501, the POST, fail with the body being rejected. Quich bug? Closes #10242
show more ...
|
#
2bc1d775 |
| 02-Jan-2023 |
Daniel Stenberg |
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - save
copyright: update all copyright lines and remove year ranges - they are mostly pointless in all major jurisdictions - many big corporations and projects already don't use them - saves us from pointless churn - git keeps history for us - the year range is kept in COPYING checksrc is updated to allow non-year using copyright statements Closes #10205
show more ...
|
#
71b7e016 |
| 30-Dec-2022 |
Stefan Eissing |
lib: connect/h2/h3 refactor Refactoring of connection setup and happy eyeballing. Move nghttp2. ngtcp2, quiche and msh3 into connection filters. - eyeballing cfilter that uses
lib: connect/h2/h3 refactor Refactoring of connection setup and happy eyeballing. Move nghttp2. ngtcp2, quiche and msh3 into connection filters. - eyeballing cfilter that uses sub-filters for performing parallel connects - socket cfilter for all transport types, including QUIC - QUIC implementations in cfilter, can now participate in eyeballing - connection setup is more dynamic in order to adapt to what filter did really connect. Relevant to see if a SSL filter needs to be added or if SSL has already been provided - HTTP/3 test cases similar to HTTP/2 - multiuse of parallel transfers for HTTP/3, tested for ngtcp2 and quiche - Fix for data attach/detach in VTLS filters that could lead to crashes during parallel transfers. - Eliminating setup() methods in cfilters, no longer needed. - Improving Curl_conn_is_alive() to replace Curl_connalive() and integrated ssl alive checks into cfilter. - Adding CF_CNTRL_CONN_INFO_UPDATE to tell filters to update connection into and persist it at the easy handle. - Several more cfilter related cleanups and moves: - stream_weigth and dependency info is now wrapped in struct Curl_data_priority - Curl_data_priority members depend is available in HTTP2|HTTP3 - Curl_data_priority members depend on NGHTTP2 support - handling init/reset/cleanup of priority part of url.c - data->state.priority same struct, but shallow copy for compares only - PROTOPT_STREAM has been removed - Curl_conn_is_mulitplex() now available to check on capability - Adding query method to connection filters. - ngtcp2+quiche: implementing query for max concurrent transfers. - Adding is_alive and keep_alive cfilter methods. Adding DATA_SETUP event. - setting keepalive timestamp on connect - DATA_SETUP is called after the connection has been completely setup (but may not connected yet) to allow filters to initialize data members they use. - there is no socket to be had with msh3, it is unclear how select shall work - manual test via "curl --http3 https://curl.se" fail with "empty reply from server". - Various socket/conn related cleanups: - Curl_socket is now Curl_socket_open and in cf-socket.c - Curl_closesocket is now Curl_socket_close and in cf-socket.c - Curl_ssl_use has been replaced with Cur_conn_is_ssl - Curl_conn_tcp_accepted_set has been split into Curl_conn_tcp_listen_set and Curl_conn_tcp_accepted_set with a clearer purpose Closes #10141
show more ...
|