duphandle: also init netrc

The netrc init was only done in the Curl_open, meaning that a duplicated
handle would not get inited properly.

Added test 2309 to verify. It does netr

duphandle: also init netrc

The netrc init was only done in the Curl_open, meaning that a duplicated
handle would not get inited properly.

Added test 2309 to verify. It does netrc auth with a duplicated handle.

Regression from 3b43a05e000aa8f65bda513f733a

Reported-by: tranzystorekk on github
Fixes #15496
Closes #15503

show more ...

test1915: add tracing and connect timeout

Since we see Windows fails of 1915, add tracing and a connect timeout.
The test uses a port no one is supposed to listen on, but Windows has

test1915: add tracing and connect timeout

Since we see Windows fails of 1915, add tracing and a connect timeout.
The test uses a port no one is supposed to listen on, but Windows has
this weird wait logic. So, set a short timeout.

Closes #15107

show more ...

test1515: add tracing and more debug info

Test failed on some Windows CI and log files did not really
tell why. Add more output.

Closes #15140

test1540: add debug logging

Closes #15055

test2502: add libtest debug tracing

Closes #15053

tests: speed up builds with single-binary test bundles

Add support for single-block binaries that contain all libtests and
unit tests respectively.

Enable with:
- autotools:

tests: speed up builds with single-binary test bundles

Add support for single-block binaries that contain all libtests and
unit tests respectively.

Enable with:
- autotools: `--enable-test-bundles`
- cmake: `-DCURL_TEST_BUNDLES=ON`

(They are compatible with `--enable-unity` and `-DCMAKE_UNITY_BUILD=ON`
options, for further speed-up.)

Makes libtests and unit tests build _fast_, needing little disk space
even in static mode. Similar to CMake unity mode, but with a custom
script, also supporting autotools builds.

The price is having to deal with symbols/macros colliding between
`lib*.c` and `unit*.c` sources. Maybe with naming conventions or other
solutions this can be improved gradually and reduce the need for manual
intervention by `mk-bundle.mk`. I've included a script that does the bulk
of detecting name collisions.

Also:
- CI: enable test bundles.
- CI: build tests in more jobs.
- lib2305: fix FILE handle leak.
- unit1661: fix memleak found by torture test by releasing the `bufref`
structure in `unit_stop()` that was allocated in `unit_setup()`.
```
test 1661...[bufref unit tests]
Leak detected: memory still allocated: 13 bytes
allocated by /home/runner/work/curl/curl/tests/unit/unit1661.c:70
1661: torture FAILED: function number 1 in test.
```
Ref: https://github.com/curl/curl/actions/runs/10967279334/job/30456745290?pr=14772#step:8:41

Similar test suite builds with autotools default and cmake+bundle+unity:
- GHA/Linux: 33s vs 7s
https://github.com/curl/curl/actions/runs/10705668823/job/29681617374
- GHA/macOS 34s vs 2s
https://github.com/curl/curl/actions/runs/10705668813/job/29681632885
- GHA/FreeBSD: 15m25 vs 6m21 (full workflow time, ~qemu)
https://github.com/curl/curl/actions/runs/10705668811/job/29681607915
- GHA/Cygwin: 9m52 vs 32s
https://github.com/curl/curl/actions/runs/10705668809/job/29681609965
- GHA/MSYS2: 3m52 vs 14s
https://github.com/curl/curl/actions/runs/10705668808/job/29681624295
- GHA/mingw-w64: 5m45 vs 30s
https://github.com/curl/curl/actions/runs/10705668808/job/29681628787

Autotools test suite builds compared between master -> `--enable-test-bundles`:
- GHA/Linux: 33s -> 9s (run tests: 22m23 -> 20m44)
https://github.com/curl/curl/actions/runs/10710030193/job/29695932185
https://github.com/curl/curl/actions/runs/10967831456/job/30458220344
- GHA/macOS: 25s -> 4s (run tests: 2m58 -> 2m24)
https://github.com/curl/curl/actions/runs/10710030195/job/29695938444
https://github.com/curl/curl/actions/runs/10967831452/job/30458225762
- GHA/non-native (FreeBSD): 4m8 -> 3m12 (full workflow time, ~qemu)
https://github.com/curl/curl/actions/runs/10710030198/job/29695928401
https://github.com/curl/curl/actions/runs/10967831458/job/30458212692
- GHA/Cygwin: 9m25 -> 1m9 (run tests: 9m19 -> 3m28)
https://github.com/curl/curl/actions/runs/10710030212/job/29695928213
https://github.com/curl/curl/actions/runs/10967831453/job/30458213268
- GHA/MSYS2: 3m54 -> 32s (run tests: 6m3 -> 3m59)
https://github.com/curl/curl/actions/runs/10710030190/job/29704850591
https://github.com/curl/curl/actions/runs/10967831449/job/30459280005
- GHA/mingw-w64: 5m42 -> 1m5 (run tests: 7m41 -> 5m36)
https://github.com/curl/curl/actions/runs/10710030190/job/29704852058
https://github.com/curl/curl/actions/runs/10967831449/job/30459280862
- Azure MSYS2 mingw64 openssl: 38m55 -> 11m58
https://dev.azure.com/daniel0244/curl/_build/results?buildId=25546&view=logs&j=b58b8c59-0f61-52e9-0f9e-fad562a1e77f&t=0f9230a7-3b10-53ca-9938-700ece377c5e
https://dev.azure.com/daniel0244/curl/_build/results?buildId=25547&view=logs&jobId=39473db1-3945-55d5-deb5-c218fad88dce&j=b58b8c59-0f61-52e9-0f9e-fad562a1e77f&t=0f9230a7-3b10-53ca-9938-700ece377c5e
- Azure Ubuntu default: 2m15 -> 55s (all build)
https://dev.azure.com/daniel0244/curl/_build/results?buildId=25546&view=logs&j=9d58b9ac-e1e6-53b6-f83a-1f9f1d912522&t=a6b38d83-e7cf-5a9b-c762-a178412717b7
https://dev.azure.com/daniel0244/curl/_build/results?buildId=25547&view=logs&jobId=39473db1-3945-55d5-deb5-c218fad88dce&j=9d58b9ac-e1e6-53b6-f83a-1f9f1d912522&t=a6b38d83-e7cf-5a9b-c762-a178412717b7

Cmake test suite builds compared between master -> `-DCURL_TEST_BUNDLES=ON` + unity:
- GHA/Linux: 29s -> 7s (run tests: 4m50 -> 4m57, 20m43 -> 20m45)
https://github.com/curl/curl/actions/runs/10710030193/job/29695941814
https://github.com/curl/curl/actions/runs/10705668823/job/29681622201
- GHA/Linux old: 44s -> 13s (bundle+no unity) (run tests: 5m5 -> 5m6)
https://github.com/curl/curl/actions/runs/10718264094/job/29719794727
https://github.com/curl/curl/actions/runs/10718653175/job/29721009613
- GHA/macOS: 32s -> 2s (run tests: 2m43 -> 2m40)
https://github.com/curl/curl/actions/runs/10710030195/job/29695931956
https://github.com/curl/curl/actions/runs/10705668813/job/29681638937
- GHA/non-native (*BSD): inconclusive (full workflow time, ~qemu)
https://github.com/curl/curl/actions/runs/10710030198
https://github.com/curl/curl/actions/runs/10705668811
- GHA/Cygwin: 3m9 -> 32s
https://github.com/curl/curl/actions/runs/10710030212/job/29695929075
https://github.com/curl/curl/actions/runs/10705668809/job/29681609965
- GHA/MSYS2: 2m24 -> 14s
https://github.com/curl/curl/actions/runs/10710030190/job/29704850996
https://github.com/curl/curl/actions/runs/10705668808/job/29681624295
- GHA/mingw-w64: 3m56 -> 30s (run tests: 4m2 -> 3m52)
https://github.com/curl/curl/actions/runs/10710030190/job/29704852219
https://github.com/curl/curl/actions/runs/10705668808/job/29681631393
- GHA/mingw-w64-old: 7m19 -> 1m44 (run tests: 3m30 -> 2m53)
https://github.com/curl/curl/actions/runs/10710030190/job/29704849763
https://github.com/curl/curl/actions/runs/10705668808/job/29681622329
- GHA/MSVC: 3m22 -> 13s (run tests: 9m43 -> 4m22)
https://github.com/curl/curl/actions/runs/10710030190/job/29704850411
https://github.com/curl/curl/actions/runs/10705668808/job/29681623313
- AppVeyor CI MSVC 2008: 4m3 -> 45s (full build)
- AppVeyor CI MSVC 2010: 2m56 -> 1m8 (full build)
- AppVeyor CI MSVC 2022: 10m19 -> 2m23 (full build)
https://ci.appveyor.com/project/curlorg/curl/builds/50538455
https://ci.appveyor.com/project/curlorg/curl/builds/50536558
- AppVeyor CI total build time: 10m30 (master) -> 6m48 (unity) -> 4m5 (bundle) -> 3m24 (bundle+unity) -> 5m7 (bundle+unity+all jobs building tests)

Closes #14772

show more ...

build: tidy up deprecation suppression, enable warnings for clang

Suppress deprecation warnings the closest to the deprecated code, using
`CURL_IGNORE_DEPRECATION()`. Then drop build-spe

build: tidy up deprecation suppression, enable warnings for clang

Suppress deprecation warnings the closest to the deprecated code, using
`CURL_IGNORE_DEPRECATION()`. Then drop build-specific suppressions, and
file-wide ones. The latter is not compatible with Unity mode. Also
replace manual suppressions with a macro to apply to all compilers with
deprecation warning support. Also enable deprecation warnings for clang.

- curl/curl.h: enable deprecation warnings for clang.

- docs/examples: stop setting `CURL_DISABLE_DEPRECATION` with autotools.
Suppression moved to C-level earlier. Syncs with cmake.
Follow-up to 5fc61a37c1b177cefbc11dc9f5eef7b2a14538da #14123

- tests/http/clients: stop setting `CURL_DISABLE_DEPRECATION` in
autotools. If it becomes necessary in the future, it can be done in
C via the macro. Syncs with cmake.

- lib1545: stop setting `CURL_DISABLE_DEPRECATION` in autotools.
Drop guard from test source.
Follow-up to 0f103600731f7e08637017ef4df67a194e0d6711 #12444

- libtest, unit: replace `CURL_DISABLE_DEPRECATION` with
`CURL_IGNORE_DEPRECATION()`.

- docs/examples: replace pragmas with `CURL_IGNORE_DEPRECATION()`.

Closes #14789

show more ...

openssl: fix the data race when sharing an SSL session between threads

The SSL_Session object is mutated during connection inside openssl,
and it might not be thread-safe. Besides, accor

openssl: fix the data race when sharing an SSL session between threads

The SSL_Session object is mutated during connection inside openssl,
and it might not be thread-safe. Besides, according to documentation
of openssl:

```
SSL_SESSION objects keep internal link information about the session
cache list, when being inserted into one SSL_CTX object's session
cache. One SSL_SESSION object, regardless of its reference count,
must therefore only be used with one SSL_CTX object (and the SSL
objects created from this SSL_CTX object).
```
If I understand correctly, it is not safe to share it even in a
single thread.

Instead, serialize the SSL_SESSION before adding it to the cache,
and deserialize it after retrieving it from the cache, so that no
concurrent write to the same object is infeasible.

Also
- add a ci test for thread sanitizer
- add a test for sharing ssl sessions concurrently
- avoid redefining memory functions when not building libcurl, but
including the soruce in libtest
- increase the concurrent connections limit in sws

Notice that there are fix for a global data race for openssl which
is not yet release. The fix is cherry pick for the ci test with
thread sanitizer.
https://github.com/openssl/openssl/commit/d8def79838cd0d5e7c21d217aa26edb5229f0ab4

Closes #14751

show more ...

configure: remove USE_EXPLICIT_LIB_DEPS

Added a long time ago for something that libtool should handle for us.

Closes #14697

tests: delete `libhostname.so` and `chkhostname`

Before this patch, `libhostname.so` and `chkhostname` were a test
facility for overriding `gethostname()` in non-debug builds on
Linu

tests: delete `libhostname.so` and `chkhostname`

Before this patch, `libhostname.so` and `chkhostname` were a test
facility for overriding `gethostname()` in non-debug builds on
Linux and other Unix platforms supporting `LD_PRELOAD`.

`gethostname()` has a single use with SMTP.

The alternative way to override `gethostname()` is building in debug
mode, which allows to do this via the `CURL_GETHOSTNAME` env, on all
platforms.

Drop the `LD_PRELOAD` solution in favour of the above.

Also:
- delete inactive NTLM code with a `gethostname()` call made from it.
- streamline NTLM code by dropping a `printf()` and a macro.
- tests: stop setting `CURL_GETHOSTNAME` where unnecessary.

Closes #14695

show more ...

multi: fix multi_wait() timeout handling

- determine the actual poll timeout *after* all sockets
have been collected. Protocols and connection filters may
install new timeouts du

multi: fix multi_wait() timeout handling

- determine the actual poll timeout *after* all sockets
have been collected. Protocols and connection filters may
install new timeouts during collection.
- add debug logging to test1533 where the mistake was noticed

Reported-by: Matt Jolly
Fixes #13782
Closes #13825

show more ...

http: write last header line late

- HEADERFUNCTIONS might inspect response properties like
CURLINFO_CONTENT_LENGTH_DOWNLOAD_T on seeing the last header line. If
the line is being

http: write last header line late

- HEADERFUNCTIONS might inspect response properties like
CURLINFO_CONTENT_LENGTH_DOWNLOAD_T on seeing the last header line. If
the line is being written before this is initialized, values are not
available.

- write the last header line late when analyzing a HTTP response so that
all information is available at the time of the writing.

- add test1485 to verify that CURLINFO_CONTENT_LENGTH_DOWNLOAD_T works
on seeing the last header.

Fixes #13752
Reported-by: Harry Sintonen
Closes #13757

show more ...

libtest: 2308 verifies CURLE_WRITE_ERROR after write callback error

Verifies that the issue in #13669 actually is fixed. This return code is
what the CURLOPT_WRITEFUNCTION manpage docume

libtest: 2308 verifies CURLE_WRITE_ERROR after write callback error

Verifies that the issue in #13669 actually is fixed. This return code is
what the CURLOPT_WRITEFUNCTION manpage documents should be returned.

This code is mostly from the
Source-written-by: Trumeet on github
Closes #13671

show more ...

lib: add curl_multi_waitfds

New function call, similar to curl_multi_fdset()

Closes #13135

test1901: verify chunked POST from callback with CURLOPT_POSTFIELDSIZE set

Follow-up to 721941aadf4ad

Ref: #13257
Closes #13262

test 1541: verify getinfo values on first header callback

Reported-by: chensong1211 on github
Ref: #13125
Closes #13128

tests: add test1598 for POST with trailers

- test POST fields with trailers and chunked encoding

Ref: #12938
Closes #13009

CURLINFO_USED_PROXY: return bool whether the proxy was used

Adds test536 to verify

Closes #12719

test1545: test doing curl_formadd twice with missing file

Reproduces #12410
Verifies the fix
Closes #12421

test1900: verify duphandle with HSTS using multiple files

Closes #12315

test3103: CURLOPT_COOKIELIST test

schannel: fix ordering of cert chain info

- Use CERT_CONTEXT's pbCertEncoded to determine chain order.

CERT_CONTEXT from SECPKG_ATTR_REMOTE_CERT_CONTEXT contains
end-entity/serv

schannel: fix ordering of cert chain info

- Use CERT_CONTEXT's pbCertEncoded to determine chain order.

CERT_CONTEXT from SECPKG_ATTR_REMOTE_CERT_CONTEXT contains
end-entity/server certificate in pbCertEncoded. We can use this pointer
to determine the order of certificates when enumerating hCertStore using
CertEnumCertificatesInStore.

This change is to help ensure that the ordering of the certificate chain
requested by the user via CURLINFO_CERTINFO has the same ordering on all
versions of Windows.

Prior to this change Schannel certificate order was reversed in 8986df80
but that was later reverted in f540a39b when it was discovered that
Windows 11 22H2 does the reversal on its own.

Ref: https://github.com/curl/curl/issues/9706

Closes https://github.com/curl/curl/pull/11632

show more ...

tidy-up: mostly whitespace nits

- delete completed TODO from `./CMakeLists.txt`.
- convert a C++ comment to C89 in `./CMake/CurlTests.c`.
- delete duplicate EOLs from EOF.
- add

tidy-up: mostly whitespace nits

- delete completed TODO from `./CMakeLists.txt`.
- convert a C++ comment to C89 in `./CMake/CurlTests.c`.
- delete duplicate EOLs from EOF.
- add missing EOL at EOF.
- delete whitespace at EOL (except from expected test results).
- convert tabs to spaces.
- convert CRLF EOLs to LF in GHA yaml.
- text casing fixes in `./CMakeLists.txt`.
- fix a codespell typo in `packages/OS400/initscript.sh`.

Closes #11772

show more ...

lib: fix aws-sigv4 having date header twice in some cases

When the user was providing the header X-XXX-Date, the header was
re-added during signature computation, and we had it twice in

lib: fix aws-sigv4 having date header twice in some cases

When the user was providing the header X-XXX-Date, the header was
re-added during signature computation, and we had it twice in the
request.

Reported-by: apparentorder@users.noreply.github.com

Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>

Fixes: https://github.com/curl/curl/issues/11738
Closes: https://github.com/curl/curl/pull/11754

show more ...

http2: fix crash in handling stream weights

- Delay the priority handling until the stream has been opened.

- Add test2404 to reproduce and verify.

Weights may change "on t

http2: fix crash in handling stream weights

- Delay the priority handling until the stream has been opened.

- Add test2404 to reproduce and verify.

Weights may change "on the run", which is why there are checks in
general egress handling. These must not trigger when the stream has not
been opened yet.

Reported-by: jbgoog@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/11379
Closes https://github.com/curl/curl/pull/11384

show more ...