KNOWN_BUGS: remove five FTP related issues

- "FTP with CONNECT and slow server"

I believe this is not a problem these days.

- "FTP with NULs in URL parts"

The FTP

KNOWN_BUGS: remove five FTP related issues

- "FTP with CONNECT and slow server"

I believe this is not a problem these days.

- "FTP with NULs in URL parts"

The FTP protocol does not support them properly anyway.

- remove "FTP and empty path parts in the URL"

I don't think this has ever been reported as a real problem but was only
a hypothetical one.

- "Premature transfer end but healthy control channel"

This is not a bug, this is an optimization that *could* be performed but is
not an actual problem.

- "FTP without or slow 220 response"

Instead add to the documentation of the connect timeout that the
connection is considered complete at TCP/TLS/QUIC layer.

Closes #9979

show more ...

tests: add authorityInfoAccess to generated certs

Generate stunnel.pem as well

Closes #9980

runtests: --no-debuginfod now disables DEBUGINFOD_URLS

Prior to this change, DEBUGINFOD_URLS was always disabled by runtests
due to a report of it slowing down tests. However, some setup

runtests: --no-debuginfod now disables DEBUGINFOD_URLS

Prior to this change, DEBUGINFOD_URLS was always disabled by runtests
due to a report of it slowing down tests. However, some setups need it
to fetch debug symbols, and if it is disabled on those systems then curl
tests with valgrind will fail.

Reported-by: Mark Gaiser

Ref: #8805
Closes #9950

show more ...

test/aws_sigv4: test cases for content-sha256

1956 adds the sha256 value corresponding to an empty buffer
1957 adds an arbitrary value and confirms that the signature differs from 1956

test/aws_sigv4: test cases for content-sha256

1956 adds the sha256 value corresponding to an empty buffer
1957 adds an arbitrary value and confirms that the signature differs from 1956
1958 adds whitespace to 1957 and confirms that the signature matches 1957
1959 adds a value longer than 'char sha_hex[65]' in Curl_output_aws_sigv4()

Signed-off-by: Casey Bodley <cbodley@redhat.com>

Closes #9804

show more ...

aws_sigv4: consult x-%s-content-sha256 for payload hash

`Curl_output_aws_sigv4()` doesn't always have the whole payload in
memory to generate a real payload hash. this commit allows the

aws_sigv4: consult x-%s-content-sha256 for payload hash

`Curl_output_aws_sigv4()` doesn't always have the whole payload in
memory to generate a real payload hash. this commit allows the user to
pass in a header like `x-amz-content-sha256` to provide their desired
payload hash

some services like s3 require this header, and may support other values
like s3's `UNSIGNED-PAYLOAD` and `STREAMING-AWS4-HMAC-SHA256-PAYLOAD`
with special semantics. servers use this header's value as the payload
hash during signature validation, so it must match what the client uses
to generate the signature

CURLOPT_AWS_SIGV4.3 now describes the content-sha256 interaction

Signed-off-by: Casey Bodley <cbodley@redhat.com>

Closes #9804

show more ...

GHA: NSS use clang instead of clang-9

Closes #9978

RELEASE-NOTES: synced

tool_operate: override the numeric locale and set "C" by force

Makes curl always use dot as decimal separator for options,
independently of what the locale says. Makes scripts and comman

tool_operate: override the numeric locale and set "C" by force

Makes curl always use dot as decimal separator for options,
independently of what the locale says. Makes scripts and command lines
portable.

Updated docs accordingly.

Reported-by: Daniel Faust

Fixes #9969
Closes #9972

show more ...

test1662: verify formpost, 301 redirect, no rewind possible

Reproduces #9735 and verifies the subsequent fix. The original issue
uses a pipe that cannot be rewound, but this test case in

test1662: verify formpost, 301 redirect, no rewind possible

Reproduces #9735 and verifies the subsequent fix. The original issue
uses a pipe that cannot be rewound, but this test case instead sets a
callback without rewind ability to get roughly the same properties but
being a much more portable test.

show more ...

lib: rewind BEFORE request instead of AFTER previous

This makes a big difference for cases when the rewind is not actually
necessary to perofm (for example HTTP response code 301 convert

lib: rewind BEFORE request instead of AFTER previous

This makes a big difference for cases when the rewind is not actually
necessary to perofm (for example HTTP response code 301 converts to GET)
and therefore the rewind can be avoided. In particular for situations
when that rewind fails, for example when reading from a pipe or similar.

Reported-by: Ali Utku Selen

Fixes #9735
Closes #9958

show more ...

vtls: repair build with disabled proxy

Closes #9974

packaging: remove traces of deleted files

Commit a8861b6cc removed packages/DOS but left a few traces of it
which broke the distcheck CI. Remove all traces.

Closes: #9971
Re

packaging: remove traces of deleted files

Commit a8861b6cc removed packages/DOS but left a few traces of it
which broke the distcheck CI. Remove all traces.

Closes: #9971
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

openssl: silence compiler warning when not using IPv6

In non-IPv6 builds the conn parameter is unused, and compilers which
run with "-Werror=unused-parameter" (or similar) warnings turne

openssl: silence compiler warning when not using IPv6

In non-IPv6 builds the conn parameter is unused, and compilers which
run with "-Werror=unused-parameter" (or similar) warnings turned on
fails to build. Below is an excerpt from a CI job:

vtls/openssl.c: In function ‘Curl_ossl_verifyhost’:
vtls/openssl.c:2016:75: error: unused parameter ‘conn’ [-Werror=unused-parameter]
2016 | CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
| ~~~~~~~~~~~~~~~~~~~~^~~~

Closes: #9970
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

netware: remove leftover traces

Commit 3b16575ae938dec2a29454631a12aa52b6ab9c67 removed support for
building on Novell Netware, but a few leftover traces remained. This
removes the l

netware: remove leftover traces

Commit 3b16575ae938dec2a29454631a12aa52b6ab9c67 removed support for
building on Novell Netware, but a few leftover traces remained. This
removes the last bits.

Closes: #9966
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

show more ...

curl_endian: remove Curl_write64_le from header

The actual function was already removed in 4331c6dc.

See #7280
Closes #9968

docs: add more "SEE ALSO" links to CA related pages

Closes #9959

examples: update descriptions

Make them not say "this is an example showing..." and instead just say
what the example shows.

Closes #9960

vtls: localization of state data in filters

- almost all backend calls pass the Curl_cfilter intance instead of
connectdata+sockindex
- ssl_connect_data is remove from struct co

vtls: localization of state data in filters

- almost all backend calls pass the Curl_cfilter intance instead of
connectdata+sockindex
- ssl_connect_data is remove from struct connectdata and made internal
to vtls
- ssl_connect_data is allocated in the added filter, kept at cf->ctx

- added function to let a ssl filter access its ssl_primary_config and
ssl_config_data this selects the propert subfields in conn and data,
for filters added as plain or proxy
- adjusted all backends to use the changed api
- adjusted all backends to access config data via the exposed
functions, no longer using conn or data directly

cfilter renames for clear purpose:

- methods `Curl_conn_*(data, conn, sockindex)` work on the complete
filter chain at `sockindex` and connection `conn`.
- methods `Curl_cf_*(cf, ...)` work on a specific Curl_cfilter
instance.
- methods `Curl_conn_cf()` work on/with filter instances at a
connection.
- rebased and resolved some naming conflicts
- hostname validation (und session lookup) on SECONDARY use the same
name as on FIRST (again).

new debug macros and removing connectdata from function signatures where not
needed.

adapting schannel for new Curl_read_plain paramter.

Closes #9919

show more ...

examples/10-at-a-time: fix possible skipped final transfers

Prior to this change if curl_multi_perform returned 0 running handles
and then all remaining transfers were added, then the pe

examples/10-at-a-time: fix possible skipped final transfers

Prior to this change if curl_multi_perform returned 0 running handles
and then all remaining transfers were added, then the perform loop would
end immediately without performing those transfers.

Reported-by: Mikhail Kuznetsov

Fixes https://github.com/curl/curl/issues/9953
Closes https://github.com/curl/curl/pull/9954

show more ...

Makefile.mk: portable Makefile.m32

Update bare GNU Make `Makefile.m32` to:

- Move objects into a subdirectory.
- Add support for MS-DOS. Tested with DJGPP.
- Add support for

Makefile.mk: portable Makefile.m32

Update bare GNU Make `Makefile.m32` to:

- Move objects into a subdirectory.
- Add support for MS-DOS. Tested with DJGPP.
- Add support for Watt-32 (on MS-DOS).
- Add support for AmigaOS.
- Rename `Makefile.m32` to `Makefile.mk`
- Replace `ARCH` with `TRIPLET`.
- Build `tool_hugehelp.c` proper (when tools are available).
- Drop MS-DOS compatibility macro `USE_ZLIB` (replaced by `HAVE_LIBZ`)
- Add support for `ZLIB_LIBS` to override `-lz`.
- Omit object files when building examples.
- Default `CC` to `gcc` once again, for convenience. (Caveat: compiler
name `cc` cannot be set now.)
- Set `-DCURL_NO_OLDIES` for examples, like autotools does.
- Delete `makefile.dj` files. Notice the configuration details and
defaults are not retained with the new method.
- Delete `makefile.amiga` files. A successful build needs a few custom
options. We're also not retaining all build details from the existing
Amiga make files.
- Rename `Makefile.m32` to `Makefile.mk` to reflect that they are not
Windows/MinGW32-specific anymore.
- Add support for new `CFG` options: `-map`, `-debug`, `-trackmem`
- Set `-DNDEBUG` by default.
- Allow using `-DOS=...` in all `lib/config-*.h` headers, syncing this
with `config-win32.h`.
- Look for zlib parts in `ZLIB_PATH/include` and `ZLIB_PATH/lib`
instead of bare `ZLIB_PATH`.

Note that existing build configurations for MS-DOS and AmigaOS likely
become incompatible with this change.

Example AmigaOS configuration:
```
export CROSSPREFIX=/opt/amiga/bin/m68k-amigaos-
export CC=gcc
export CPPFLAGS='-DHAVE_PROTO_BSDSOCKET_H'
export CFLAGS='-mcrt=clib2'
export LDFLAGS="${CFLAGS}"
export LIBS='-lnet -lm'
make -C lib -f Makefile.mk
make -C src -f Makefile.mk
```

Example MS-DOS configuration:
```
export CROSSPREFIX=/opt/djgpp/bin/i586-pc-msdosdjgpp-
export WATT_PATH=/opt/djgpp/net/watt
export ZLIB_PATH=/opt/djgpp
export OPENSSL_PATH=/opt/djgpp
export OPENSSL_LIBS='-lssl -lcrypt'
export CFG=-zlib-ssl
make -C lib -f Makefile.mk
make -C src -f Makefile.mk
```

Closes #9764

show more ...

cfiler: filter types have flags indicating what they do

- Adding Curl_conn_is_ip_connected() to check if network connectivity
has been reached

- having ftp wait for network co

cfiler: filter types have flags indicating what they do

- Adding Curl_conn_is_ip_connected() to check if network connectivity
has been reached

- having ftp wait for network connectivity before proceeding with
transfers.

Fixes test failures 1631 and 1632 with hyper.

Closes #9952

show more ...

RELEASE-NOTES: synced

sendf: change Curl_read_plain to wrap Curl_recv_plain (take 2)

Prior to this change Curl_read_plain would attempt to read the
socket directly. On Windows that's a problem because recv da

sendf: change Curl_read_plain to wrap Curl_recv_plain (take 2)

Prior to this change Curl_read_plain would attempt to read the
socket directly. On Windows that's a problem because recv data may be
cached by libcurl and that data is only drained using Curl_recv_plain.

Rather than rewrite Curl_read_plain to handle cached recv data, I
changed it to wrap Curl_recv_plain, in much the same way that
Curl_write_plain already wraps Curl_send_plain.

Curl_read_plain -> Curl_recv_plain
Curl_write_plain -> Curl_send_plain

This fixes a bug in the schannel backend where decryption of arbitrary
TLS records fails because cached recv data is never drained. We send
data (TLS records formed by Schannel) using Curl_write_plain, which
calls Curl_send_plain, and that may do a recv-before-send
("pre-receive") to cache received data. The code calls Curl_read_plain
to read data (TLS records from the server), which prior to this change
did not call Curl_recv_plain and therefore cached recv data wasn't
retrieved, resulting in malformed TLS records and decryption failure
(SEC_E_DECRYPT_FAILURE).

The bug has only been observed during Schannel TLS 1.3 handshakes. Refer
to the issue and PR for more information.

--

This is take 2 of the original fix. It preserves the original behavior
of Curl_read_plain to write 0 to the bytes read parameter on error,
since apparently some callers expect that (SOCKS tests were hanging).
The original fix which landed in 12e1def5 and was later reverted in
18383fbf failed to work properly because it did not do that.

Also, it changes Curl_write_plain the same way to complement
Curl_read_plain, and it changes Curl_send_plain to return -1 instead of
0 on CURLE_AGAIN to complement Curl_recv_plain.

Behavior on error with these changes:

Curl_recv_plain returns -1 and *code receives error code.
Curl_send_plain returns -1 and *code receives error code.
Curl_read_plain returns error code and *n (bytes read) receives 0.
Curl_write_plain returns error code and *written receives 0.

--

Ref: https://github.com/curl/curl/issues/9431#issuecomment-1312420361

Assisted-by: Joel Depooter
Reported-by: Egor Pugin

Fixes https://github.com/curl/curl/issues/9431
Closes https://github.com/curl/curl/pull/9949

show more ...

hyper: classify headers as CONNECT and 1XX

Closes #9947

ftp: fix "AUTH TLS" on primary conn and for SSL in PASV second conn

Follow-up to dafdb20a26d0c89

Reported-by: Anthony Hu
Closes #9948