xref: /curl/docs/KNOWN_BUGS (revision b4e16256) 
1                                  _   _ ____  _
2                              ___| | | |  _ \| |
3                             / __| | | | |_) | |
4                            | (__| |_| |  _ <| |___
5                             \___|\___/|_| \_\_____|
6
7                                  Known Bugs
8
9These are problems and bugs known to exist at the time of this release. Feel
10free to join in and help us correct one or more of these. Also be sure to
11check the changelog of the current development status, as one or more of these
12problems may have been fixed or changed somewhat since this was written.
13
14 1. HTTP
15
16 2. TLS
17 2.1 IMAPS connection fails with Rustls error
18 2.3 Unable to use PKCS12 certificate with Secure Transport
19 2.4 Secure Transport does not import PKCS#12 client certificates without a password
20 2.5 Client cert handling with Issuer DN differs between backends
21 2.7 Client cert (MTLS) issues with Schannel
22 2.11 Schannel TLS 1.2 handshake bug in old Windows versions
23 2.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
24
25 3. Email protocols
26 3.1 IMAP SEARCH ALL truncated response
27 3.2 No disconnect command
28 3.4 AUTH PLAIN for SMTP is not working on all servers
29 3.5 APOP authentication fails on POP3
30 3.6 POP3 issue when reading small chunks
31
32 4. Command line
33 4.1 -T /dev/stdin may upload with an incorrect content length
34 4.2 -T - always uploads chunked
35
36 5. Build and portability issues
37 5.1 OS400 port requires deprecated IBM library
38 5.2 curl-config --libs contains private details
39 5.3 LDFLAGS passed too late making libs linked incorrectly
40 5.6 Cygwin: make install installs curl-config.1 twice
41 5.11 configure --with-gssapi with Heimdal is ignored on macOS
42 5.12 flaky CI builds
43 5.13 long paths are not fully supported on Windows
44 5.15 Unicode on Windows
45
46 6. Authentication
47 6.2 MIT Kerberos for Windows build
48 6.3 NTLM in system context uses wrong name
49 6.5 NTLM does not support password with § character
50 6.6 libcurl can fail to try alternatives with --proxy-any
51 6.7 Do not clear digest for single realm
52 6.8 Heimdal memory leaks
53 6.9 SHA-256 digest not supported in Windows SSPI builds
54 6.10 curl never completes Negotiate over HTTP
55 6.11 Negotiate on Windows fails
56 6.12 cannot use Secure Transport with Crypto Token Kit
57 6.13 Negotiate against Hadoop HDFS
58
59 7. FTP
60 7.4 FTP with ACCT
61 7.12 FTPS directory listing hangs on Windows with Schannel
62
63 9. SFTP and SCP
64 9.1 SFTP does not do CURLOPT_POSTQUOTE correct
65 9.2 wolfssh: publickey auth does not work
66 9.3 Remote recursive folder creation with SFTP
67 9.4 libssh blocking and infinite loop problem
68 9.5 Cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"
69
70 10. SOCKS
71
72 11. Internals
73 11.1 gssapi library name + version is missing in curl_version_info()
74 11.2 error buffer not set if connection to multiple addresses fails
75 11.3 TFTP tests fail on OpenBSD
76 11.4 HTTP test server 'connection-monitor' problems
77 11.5 Connection information when using TCP Fast Open
78 11.6 test cases sometimes timeout
79 11.7 CURLOPT_CONNECT_TO does not work for HTTPS proxy
80 11.8 WinIDN test failures
81
82 12. LDAP
83 12.1 OpenLDAP hangs after returning results
84 12.2 LDAP on Windows does authentication wrong?
85 12.3 LDAP on Windows does not work
86 12.4 LDAPS requests to ActiveDirectory server hang
87
88 13. TCP/IP
89 13.2 Trying local ports fails on Windows
90
91 15. CMake
92 15.1 cmake outputs: no version information available
93 15.2 support build with GnuTLS
94 15.3 unusable tool_hugehelp.c with MinGW
95 15.6 uses -lpthread instead of Threads::Threads
96 15.7 generated .pc file contains strange entries
97 15.13 CMake build with MIT Kerberos does not work
98
99 16. aws-sigv4
100 16.2 aws-sigv4 does not handle multipart/form-data correctly
101 16.3 aws-sigv4 has problems with particular URLs
102 16.6 aws-sigv4 does not behave well with AWS VPC Lattice
103
104 17. HTTP/2
105 17.1 HTTP/2 prior knowledge over proxy
106 17.2 HTTP/2 frames while in the connection pool kill reuse
107 17.3 ENHANCE_YOUR_CALM causes infinite retries
108 17.4 HTTP/2 + TLS spends a lot of time in recv
109
110 18. HTTP/3
111 18.1 connection migration does not work
112 18.2 quiche: QUIC connection is draining
113
114 19. RTSP
115 19.1 Some methods do not support response bodies
116
117==============================================================================
118
1191. HTTP
120
1212. TLS
122
1232.1 IMAPS connection fails with Rustls error
124
125 https://github.com/curl/curl/issues/10457
126
1272.3 Unable to use PKCS12 certificate with Secure Transport
128
129 See https://github.com/curl/curl/issues/5403
130
1312.4 Secure Transport does not import PKCS#12 client certificates without a password
132
133 libcurl calls SecPKCS12Import with the PKCS#12 client certificate, but that
134 function rejects certificates that do not have a password.
135 https://github.com/curl/curl/issues/1308
136
1372.5 Client cert handling with Issuer DN differs between backends
138
139 When the specified client certificate does not match any of the
140 server-specified DNs, the OpenSSL and GnuTLS backends behave differently.
141 The github discussion may contain a solution.
142
143 See https://github.com/curl/curl/issues/1411
144
1452.7 Client cert (MTLS) issues with Schannel
146
147 See https://github.com/curl/curl/issues/3145
148
1492.11 Schannel TLS 1.2 handshake bug in old Windows versions
150
151 In old versions of Windows such as 7 and 8.1 the Schannel TLS 1.2 handshake
152 implementation likely has a bug that can rarely cause the key exchange to
153 fail, resulting in error SEC_E_BUFFER_TOO_SMALL or SEC_E_MESSAGE_ALTERED.
154
155 https://github.com/curl/curl/issues/5488
156
1572.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
158
159 https://github.com/curl/curl/issues/8741
160
1613. Email protocols
162
1633.1 IMAP SEARCH ALL truncated response
164
165 IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the
166 code reveals that pingpong.c contains some truncation code, at line 408, when
167 it deems the server response to be too large truncating it to 40 characters"
168 https://curl.se/bug/view.cgi?id=1366
169
1703.2 No disconnect command
171
172 The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3 and
173 SMTP if a failure occurs during the authentication phase of a connection.
174
1753.4 AUTH PLAIN for SMTP is not working on all servers
176
177 Specifying "--login-options AUTH=PLAIN" on the command line does not seem to
178 work correctly.
179
180 See https://github.com/curl/curl/issues/4080
181
1823.5 APOP authentication fails on POP3
183
184 See https://github.com/curl/curl/issues/10073
185
1863.6 POP3 issue when reading small chunks
187
188 CURL_DBG_SOCK_RMAX=4 ./runtests.pl -v 982
189
190 See https://github.com/curl/curl/issues/12063
191
1924. Command line
193
1944.1 -T /dev/stdin may upload with an incorrect content length
195
196 -T stats the path to figure out its size in bytes to use it as Content-Length
197 if it is a regular file.
198
199 The problem with that is that, on BSDs and some other UNIXes (not Linux),
200 open(path) may not give you a file descriptor with a 0 offset from the start
201 of the file.
202
203 See https://github.com/curl/curl/issues/12177
204
2054.2 -T - always uploads chunked
206
207 When the `<` shell operator is used. curl should realise that stdin is a
208 regular file in this case, and that it can do a non-chunked upload, like it
209 would do if you used -T file.
210
211 See https://github.com/curl/curl/issues/12171
212
2135. Build and portability issues
214
2155.1 OS400 port requires deprecated IBM library
216
217 curl for OS400 requires QADRT to build, which provides ASCII wrappers for
218 libc/POSIX functions in the ILE, but IBM no longer supports or even offers
219 this library to download.
220
221 See https://github.com/curl/curl/issues/5176
222
2235.2 curl-config --libs contains private details
224
225 "curl-config --libs" include details set in LDFLAGS when configure is run
226 that might be needed only for building libcurl. Further, curl-config --cflags
227 suffers from the same effects with CFLAGS/CPPFLAGS.
228
2295.3 LDFLAGS passed too late making libs linked incorrectly
230
231 Compiling latest curl on HP-UX and linking against a custom OpenSSL (which is
232 on the default loader/linker path), fails because the generated Makefile has
233 LDFLAGS passed on after LIBS.
234
235 See https://github.com/curl/curl/issues/14893
236
2375.6 Cygwin: make install installs curl-config.1 twice
238
239 https://github.com/curl/curl/issues/8839
240
2415.11 configure --with-gssapi with Heimdal is ignored on macOS
242
243 ... unless you also pass --with-gssapi-libs
244
245 https://github.com/curl/curl/issues/3841
246
2475.12 flaky CI builds
248
249 We run many CI builds for each commit and PR on github, and especially a
250 number of the Windows builds are flaky. This means that we rarely get all CI
251 builds go green and complete without errors. This is unfortunate as it makes
252 us sometimes miss actual build problems and it is surprising to newcomers to
253 the project who (rightfully) do not expect this.
254
255 See https://github.com/curl/curl/issues/6972
256
2575.13 long paths are not fully supported on Windows
258
259 curl on Windows cannot access long paths (paths longer than 260 characters).
260 However, as a workaround, the Windows path prefix \\?\ which disables all
261 path interpretation may work to allow curl to access the path. For example:
262 \\?\c:\longpath.
263
264 See https://github.com/curl/curl/issues/8361
265
2665.15 Unicode on Windows
267
268 Passing in a Unicode filename with -o:
269
270 https://github.com/curl/curl/issues/11461
271
272 Passing in Unicode character with -d:
273
274 https://github.com/curl/curl/issues/12231
275
276 Windows Unicode builds use homedir in current locale
277
278 The Windows Unicode builds of curl use the current locale, but expect Unicode
279 UTF-8 encoded paths for internal use such as open, access and stat. The
280 user's home directory is retrieved via curl_getenv in the current locale and
281 not as UTF-8 encoded Unicode.
282
283 See https://github.com/curl/curl/pull/7252 and
284     https://github.com/curl/curl/pull/7281
285
286 Cannot handle Unicode arguments in non-Unicode builds on Windows
287
288 If a URL or filename cannot be encoded using the user's current codepage then
289 it can only be encoded properly in the Unicode character set. Windows uses
290 UTF-16 encoding for Unicode and stores it in wide characters, however curl
291 and libcurl are not equipped for that at the moment except when built with
292 _UNICODE and UNICODE defined. Except for Cygwin, Windows cannot use UTF-8 as
293 a locale.
294
295  https://curl.se/bug/?i=345
296  https://curl.se/bug/?i=731
297  https://curl.se/bug/?i=3747
298
299 NTLM authentication and Unicode
300
301 NTLM authentication involving Unicode username or password only works
302 properly if built with UNICODE defined together with the Schannel backend.
303 The original problem was mentioned in:
304 https://curl.se/mail/lib-2009-10/0024.html
305 https://curl.se/bug/view.cgi?id=896
306
307 The Schannel version verified to work as mentioned in
308 https://curl.se/mail/lib-2012-07/0073.html
309
3106. Authentication
311
3126.2 MIT Kerberos for Windows build
313
314 libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's
315 library header files exporting symbols/macros that should be kept private to
316 the KfW library. See ticket #5601 at https://krbdev.mit.edu/rt/
317
3186.3 NTLM in system context uses wrong name
319
320 NTLM authentication using SSPI (on Windows) when (lib)curl is running in
321 "system context" makes it use wrong(?) username - at least when compared to
322 what winhttp does. See https://curl.se/bug/view.cgi?id=535
323
3246.5 NTLM does not support password with § character
325
326 https://github.com/curl/curl/issues/2120
327
3286.6 libcurl can fail to try alternatives with --proxy-any
329
330 When connecting via a proxy using --proxy-any, a failure to establish an
331 authentication causes libcurl to abort trying other options if the failed
332 method has a higher preference than the alternatives. As an example,
333 --proxy-any against a proxy which advertise Negotiate and NTLM, but which
334 fails to set up Kerberos authentication does not proceed to try
335 authentication using NTLM.
336
337 https://github.com/curl/curl/issues/876
338
3396.7 Do not clear digest for single realm
340
341 https://github.com/curl/curl/issues/3267
342
3436.8 Heimdal memory leaks
344
345 Running test 2077 and 2078 with curl built to do GSS with Heimdal causes
346 valgrind errors (memory leak).
347
348 https://github.com/curl/curl/issues/14446
349
3506.9 SHA-256 digest not supported in Windows SSPI builds
351
352 Windows builds of curl that have SSPI enabled use the native Windows API calls
353 to create authentication strings. The call to InitializeSecurityContext fails
354 with SEC_E_QOP_NOT_SUPPORTED which causes curl to fail with CURLE_AUTH_ERROR.
355
356 Microsoft does not document supported digest algorithms and that SEC_E error
357 code is not a documented error for InitializeSecurityContext (digest).
358
359 https://github.com/curl/curl/issues/6302
360
3616.10 curl never completes Negotiate over HTTP
362
363 Apparently it is not working correctly...?
364
365 See https://github.com/curl/curl/issues/5235
366
3676.11 Negotiate on Windows fails
368
369 When using --negotiate (or NTLM) with curl on Windows, SSL/TLS handshake
370 fails despite having a valid kerberos ticket cached. Works without any issue
371 in Unix/Linux.
372
373 https://github.com/curl/curl/issues/5881
374
3756.12 cannot use Secure Transport with Crypto Token Kit
376
377 https://github.com/curl/curl/issues/7048
378
3796.13 Negotiate authentication against Hadoop HDFS
380
381 https://github.com/curl/curl/issues/8264
382
3837. FTP
384
3857.4 FTP with ACCT
386
387 When doing an operation over FTP that requires the ACCT command (but not when
388 logging in), the operation fails since libcurl does not detect this and thus
389 fails to issue the correct command: https://curl.se/bug/view.cgi?id=635
390
3917.12 FTPS server compatibility on Windows with Schannel
392
393 FTPS is not widely used with the Schannel TLS backend and so there may be
394 more bugs compared to other TLS backends such as OpenSSL. In the past users
395 have reported hanging and failed connections. It is likely some changes to
396 curl since then fixed the issues. None of the reported issues can be
397 reproduced any longer.
398
399 If you encounter an issue connecting to your server via FTPS with the latest
400 curl and Schannel then please search for open issues or file a new issue.
401
4029. SFTP and SCP
403
4049.1 SFTP does not do CURLOPT_POSTQUOTE correct
405
406 When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP server
407 using the multi interface, the commands are not being sent correctly and
408 instead the connection is "cancelled" (the operation is considered done)
409 prematurely. There is a half-baked (busy-looping) patch provided in the bug
410 report but it cannot be accepted as-is. See
411 https://curl.se/bug/view.cgi?id=748
412
4139.2 wolfssh: publickey auth does not work
414
415 When building curl to use the wolfSSH backend for SFTP, the publickey
416 authentication does not work. This is simply functionality not written for curl
417 yet, the necessary API for make this work is provided by wolfSSH.
418
419 See https://github.com/curl/curl/issues/4820
420
4219.3 Remote recursive folder creation with SFTP
422
423 On this servers, the curl fails to create directories on the remote server
424 even when the CURLOPT_FTP_CREATE_MISSING_DIRS option is set.
425
426 See https://github.com/curl/curl/issues/5204
427
4289.4 libssh blocking and infinite loop problem
429
430 In the SSH_SFTP_INIT state for libssh, the ssh session working mode is set to
431 blocking mode. If the network is suddenly disconnected during sftp
432 transmission, curl is stuck, even if curl is configured with a timeout.
433
434 https://github.com/curl/curl/issues/8632
435
4369.5 Cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"
437
438 Running SCP and SFTP tests on Cygwin makes this warning message appear.
439
440 https://github.com/curl/curl/issues/11244
441
44210. SOCKS
443
44411. Internals
445
44611.1 gssapi library name + version is missing in curl_version_info()
447
448 The struct needs to be expanded and code added to store this info.
449
450 See https://github.com/curl/curl/issues/13492
451
45211.2 error buffer not set if connection to multiple addresses fails
453
454 If you ask libcurl to resolve a hostname like example.com to IPv6 addresses
455 when you only have IPv4 connectivity. libcurl fails with
456 CURLE_COULDNT_CONNECT, but the error buffer set by CURLOPT_ERRORBUFFER
457 remains empty. Issue: https://github.com/curl/curl/issues/544
458
45911.3 TFTP tests fail on OpenBSD
460
461 When adding an OpenBSD job with tests to GHA, some tests consistently fail
462 to run.
463
464 See https://github.com/curl/curl/issues/13623
465
46611.4 HTTP test server 'connection-monitor' problems
467
468 The 'connection-monitor' feature of the sws HTTP test server does not work
469 properly if some tests are run in unexpected order. Like 1509 and then 1525.
470
471 See https://github.com/curl/curl/issues/868
472
47311.5 Connection information when using TCP Fast Open
474
475 CURLINFO_LOCAL_PORT (and possibly a few other) fails when TCP Fast Open is
476 enabled.
477
478 See https://github.com/curl/curl/issues/1332 and
479 https://github.com/curl/curl/issues/4296
480
48111.6 test cases sometimes timeout
482
483 Occasionally, one of the tests timeouts. Inexplicably.
484
485 See https://github.com/curl/curl/issues/13350
486
48711.7 CURLOPT_CONNECT_TO does not work for HTTPS proxy
488
489 It is unclear if the same option should even cover the proxy connection or if
490 if requires a separate option.
491
492 See https://github.com/curl/curl/issues/14481
493
49411.8 WinIDN test failures
495
496 Test 165 disabled when built with WinIDN.
497
49812. LDAP
499
50012.1 OpenLDAP hangs after returning results
501
502 By configuration defaults, OpenLDAP automatically chase referrals on
503 secondary socket descriptors. The OpenLDAP backend is asynchronous and thus
504 should monitor all socket descriptors involved. Currently, these secondary
505 descriptors are not monitored, causing OpenLDAP library to never receive
506 data from them.
507
508 As a temporary workaround, disable referrals chasing by configuration.
509
510 The fix is not easy: proper automatic referrals chasing requires a
511 synchronous bind callback and monitoring an arbitrary number of socket
512 descriptors for a single easy handle (currently limited to 5).
513
514 Generic LDAP is synchronous: OK.
515
516 See https://github.com/curl/curl/issues/622 and
517     https://curl.se/mail/lib-2016-01/0101.html
518
51912.2 LDAP on Windows does authentication wrong?
520
521 https://github.com/curl/curl/issues/3116
522
52312.3 LDAP on Windows does not work
524
525 A simple curl command line getting "ldap://ldap.forumsys.com" returns an
526 error that says "no memory" !
527
528 https://github.com/curl/curl/issues/4261
529
53012.4 LDAPS requests to ActiveDirectory server hang
531
532 https://github.com/curl/curl/issues/9580
533
53413. TCP/IP
535
53613.2 Trying local ports fails on Windows
537
538 This makes '--local-port [range]' to not work since curl cannot properly
539 detect if a port is already in use, so it tries the first port, uses that and
540 then subsequently fails anyway if that was actually in use.
541
542 https://github.com/curl/curl/issues/8112
543
54415. CMake
545
54615.1 cmake outputs: no version information available
547
548 Something in the SONAME generation seems to be wrong in the cmake build.
549
550 https://github.com/curl/curl/issues/11158
551
55215.6 uses -lpthread instead of Threads::Threads
553
554 See https://github.com/curl/curl/issues/6166
555
55615.7 generated .pc file contains strange entries
557
558 The Libs.private field of the generated .pc file contains -lgcc -lgcc_s -lc
559 -lgcc -lgcc_s
560
561 See https://github.com/curl/curl/issues/6167
562
56315.13 CMake build with MIT Kerberos does not work
564
565 Minimum CMake version was bumped in curl 7.71.0 (#5358) Since CMake 3.2
566 try_compile started respecting the CMAKE_EXE_FLAGS. The code dealing with
567 MIT Kerberos detection sets few variables to potentially weird mix of space,
568 and ;-separated flags. It had to blow up at some point. All the CMake checks
569 that involve compilation are doomed from that point, the configured tree
570 cannot be built.
571
572 https://github.com/curl/curl/issues/6904
573
57416. aws-sigv4
575
57616.2 aws-sigv4 does not handle multipart/form-data correctly
577
578 https://github.com/curl/curl/issues/13351
579
58016.3 aws-sigv4 has problems with particular URLs
581
582 https://github.com/curl/curl/issues/13058
583
58416.6 aws-sigv4 does not behave well with AWS VPC Lattice
585
586 https://github.com/curl/curl/issues/11007
587
58817. HTTP/2
589
59017.1 HTTP/2 prior knowledge over proxy
591
592 https://github.com/curl/curl/issues/12641
593
59417.2 HTTP/2 frames while in the connection pool kill reuse
595
596 If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to
597 curl while the connection is held in curl's connection pool, the socket is
598 found readable when considered for reuse and that makes curl think it is dead
599 and then it is closed and a new connection gets created instead.
600
601 This is *best* fixed by adding monitoring to connections while they are kept
602 in the pool so that pings can be responded to appropriately.
603
60417.3 ENHANCE_YOUR_CALM causes infinite retries
605
606 Infinite retries with 2 parallel requests on one connection receiving GOAWAY
607 with ENHANCE_YOUR_CALM error code.
608
609 See https://github.com/curl/curl/issues/5119
610
61117.4 HTTP/2 + TLS spends a lot of time in recv
612
613 It has been observered that by making the speed limit less accurate we could
614 improve this performance. (by reverting
615 https://github.com/curl/curl/commit/db5c9f4f9e0779b49624752b135281a0717b277b)
616 Can we find a golden middle ground?
617
618 See https://curl.se/mail/lib-2024-05/0026.html and
619 https://github.com/curl/curl/issues/13416
620
62118. HTTP/3
622
62318.1 connection migration does not work
624
625 https://github.com/curl/curl/issues/7695
626
62718.2 quiche: QUIC connection is draining
628
629 The transfer ends with error "QUIC connection is draining".
630
631 https://github.com/curl/curl/issues/12037
632
63319. RTSP
634
63519.1 Some methods do not support response bodies
636
637 The RTSP implementation is written to assume that a number of RTSP methods
638 always get responses without bodies, even though there seems to be no
639 indication in the RFC that this is always the case.
640
641 https://github.com/curl/curl/issues/12414
642