xref: /curl/docs/KNOWN_BUGS (revision 3856e104) 
1                                  _   _ ____  _
2                              ___| | | |  _ \| |
3                             / __| | | | |_) | |
4                            | (__| |_| |  _ <| |___
5                             \___|\___/|_| \_\_____|
6
7                                  Known Bugs
8
9These are problems and bugs known to exist at the time of this release. Feel
10free to join in and help us correct one or more of these. Also be sure to
11check the changelog of the current development status, as one or more of these
12problems may have been fixed or changed somewhat since this was written.
13
14 1. HTTP
15
16 2. TLS
17 2.1 IMAPS connection fails with Rustls error
18 2.3 Unable to use PKCS12 certificate with Secure Transport
19 2.4 Secure Transport does not import PKCS#12 client certificates without a password
20 2.5 Client cert handling with Issuer DN differs between backends
21 2.7 Client cert (MTLS) issues with Schannel
22 2.11 Schannel TLS 1.2 handshake bug in old Windows versions
23 2.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
24
25 3. Email protocols
26 3.1 IMAP SEARCH ALL truncated response
27 3.2 No disconnect command
28 3.4 AUTH PLAIN for SMTP is not working on all servers
29 3.5 APOP authentication fails on POP3
30 3.6 POP3 issue when reading small chunks
31
32 4. Command line
33 4.1 -T /dev/stdin may upload with an incorrect content length
34 4.2 -T - always uploads chunked
35
36 5. Build and portability issues
37 5.1 OS400 port requires deprecated IBM library
38 5.2 curl-config --libs contains private details
39 5.3 LDFLAGS passed too late making libs linked incorrectly
40 5.6 Cygwin: make install installs curl-config.1 twice
41 5.11 configure --with-gssapi with Heimdal is ignored on macOS
42 5.12 flaky CI builds
43 5.13 long paths are not fully supported on Windows
44 5.15 Unicode on Windows
45
46 6. Authentication
47 6.2 MIT Kerberos for Windows build
48 6.3 NTLM in system context uses wrong name
49 6.5 NTLM does not support password with § character
50 6.6 libcurl can fail to try alternatives with --proxy-any
51 6.7 Do not clear digest for single realm
52 6.8 Heimdal memory leaks
53 6.9 SHA-256 digest not supported in Windows SSPI builds
54 6.10 curl never completes Negotiate over HTTP
55 6.11 Negotiate on Windows fails
56 6.12 cannot use Secure Transport with Crypto Token Kit
57 6.13 Negotiate against Hadoop HDFS
58
59 7. FTP
60 7.4 FTP with ACCT
61 7.12 FTPS directory listing hangs on Windows with Schannel
62
63 9. SFTP and SCP
64 9.1 SFTP does not do CURLOPT_POSTQUOTE correct
65 9.2 wolfssh: publickey auth does not work
66 9.3 Remote recursive folder creation with SFTP
67 9.4 libssh blocking and infinite loop problem
68 9.5 Cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"
69
70 10. SOCKS
71
72 11. Internals
73 11.1 gssapi library name + version is missing in curl_version_info()
74 11.2 error buffer not set if connection to multiple addresses fails
75 11.3 TFTP tests fail on OpenBSD
76 11.4 HTTP test server 'connection-monitor' problems
77 11.5 Connection information when using TCP Fast Open
78 11.6 test cases sometimes timeout
79 11.7 CURLOPT_CONNECT_TO does not work for HTTPS proxy
80 11.8 WinIDN test failures
81 11.9 setting a disabled option should return CURLE_NOT_BUILT_IN
82
83 12. LDAP
84 12.1 OpenLDAP hangs after returning results
85 12.2 LDAP on Windows does authentication wrong?
86 12.3 LDAP on Windows does not work
87 12.4 LDAPS requests to ActiveDirectory server hang
88
89 13. TCP/IP
90 13.2 Trying local ports fails on Windows
91
92 15. CMake
93 15.1 cmake outputs: no version information available
94 15.2 support build with GnuTLS
95 15.3 unusable tool_hugehelp.c with MinGW
96 15.6 uses -lpthread instead of Threads::Threads
97 15.7 generated .pc file contains strange entries
98 15.13 CMake build with MIT Kerberos does not work
99
100 16. aws-sigv4
101 16.2 aws-sigv4 does not handle multipart/form-data correctly
102 16.3 aws-sigv4 has problems with particular URLs
103 16.6 aws-sigv4 does not behave well with AWS VPC Lattice
104
105 17. HTTP/2
106 17.1 HTTP/2 prior knowledge over proxy
107 17.2 HTTP/2 frames while in the connection pool kill reuse
108 17.3 ENHANCE_YOUR_CALM causes infinite retries
109 17.4 HTTP/2 + TLS spends a lot of time in recv
110
111 18. HTTP/3
112 18.1 connection migration does not work
113 18.2 quiche: QUIC connection is draining
114
115 19. RTSP
116 19.1 Some methods do not support response bodies
117
118==============================================================================
119
1201. HTTP
121
1222. TLS
123
1242.1 IMAPS connection fails with Rustls error
125
126 https://github.com/curl/curl/issues/10457
127
1282.3 Unable to use PKCS12 certificate with Secure Transport
129
130 See https://github.com/curl/curl/issues/5403
131
1322.4 Secure Transport does not import PKCS#12 client certificates without a password
133
134 libcurl calls SecPKCS12Import with the PKCS#12 client certificate, but that
135 function rejects certificates that do not have a password.
136 https://github.com/curl/curl/issues/1308
137
1382.5 Client cert handling with Issuer DN differs between backends
139
140 When the specified client certificate does not match any of the
141 server-specified DNs, the OpenSSL and GnuTLS backends behave differently.
142 The github discussion may contain a solution.
143
144 See https://github.com/curl/curl/issues/1411
145
1462.7 Client cert (MTLS) issues with Schannel
147
148 See https://github.com/curl/curl/issues/3145
149
1502.11 Schannel TLS 1.2 handshake bug in old Windows versions
151
152 In old versions of Windows such as 7 and 8.1 the Schannel TLS 1.2 handshake
153 implementation likely has a bug that can rarely cause the key exchange to
154 fail, resulting in error SEC_E_BUFFER_TOO_SMALL or SEC_E_MESSAGE_ALTERED.
155
156 https://github.com/curl/curl/issues/5488
157
1582.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
159
160 https://github.com/curl/curl/issues/8741
161
1623. Email protocols
163
1643.1 IMAP SEARCH ALL truncated response
165
166 IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the
167 code reveals that pingpong.c contains some truncation code, at line 408, when
168 it deems the server response to be too large truncating it to 40 characters"
169 https://curl.se/bug/view.cgi?id=1366
170
1713.2 No disconnect command
172
173 The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3 and
174 SMTP if a failure occurs during the authentication phase of a connection.
175
1763.4 AUTH PLAIN for SMTP is not working on all servers
177
178 Specifying "--login-options AUTH=PLAIN" on the command line does not seem to
179 work correctly.
180
181 See https://github.com/curl/curl/issues/4080
182
1833.5 APOP authentication fails on POP3
184
185 See https://github.com/curl/curl/issues/10073
186
1873.6 POP3 issue when reading small chunks
188
189 CURL_DBG_SOCK_RMAX=4 ./runtests.pl -v 982
190
191 See https://github.com/curl/curl/issues/12063
192
1934. Command line
194
1954.1 -T /dev/stdin may upload with an incorrect content length
196
197 -T stats the path to figure out its size in bytes to use it as Content-Length
198 if it is a regular file.
199
200 The problem with that is that, on BSDs and some other UNIXes (not Linux),
201 open(path) may not give you a file descriptor with a 0 offset from the start
202 of the file.
203
204 See https://github.com/curl/curl/issues/12177
205
2064.2 -T - always uploads chunked
207
208 When the `<` shell operator is used. curl should realise that stdin is a
209 regular file in this case, and that it can do a non-chunked upload, like it
210 would do if you used -T file.
211
212 See https://github.com/curl/curl/issues/12171
213
2145. Build and portability issues
215
2165.1 OS400 port requires deprecated IBM library
217
218 curl for OS400 requires QADRT to build, which provides ASCII wrappers for
219 libc/POSIX functions in the ILE, but IBM no longer supports or even offers
220 this library to download.
221
222 See https://github.com/curl/curl/issues/5176
223
2245.2 curl-config --libs contains private details
225
226 "curl-config --libs" include details set in LDFLAGS when configure is run
227 that might be needed only for building libcurl. Further, curl-config --cflags
228 suffers from the same effects with CFLAGS/CPPFLAGS.
229
2305.3 LDFLAGS passed too late making libs linked incorrectly
231
232 Compiling latest curl on HP-UX and linking against a custom OpenSSL (which is
233 on the default loader/linker path), fails because the generated Makefile has
234 LDFLAGS passed on after LIBS.
235
236 See https://github.com/curl/curl/issues/14893
237
2385.6 Cygwin: make install installs curl-config.1 twice
239
240 https://github.com/curl/curl/issues/8839
241
2425.11 configure --with-gssapi with Heimdal is ignored on macOS
243
244 ... unless you also pass --with-gssapi-libs
245
246 https://github.com/curl/curl/issues/3841
247
2485.12 flaky CI builds
249
250 We run many CI builds for each commit and PR on github, and especially a
251 number of the Windows builds are flaky. This means that we rarely get all CI
252 builds go green and complete without errors. This is unfortunate as it makes
253 us sometimes miss actual build problems and it is surprising to newcomers to
254 the project who (rightfully) do not expect this.
255
256 See https://github.com/curl/curl/issues/6972
257
2585.13 long paths are not fully supported on Windows
259
260 curl on Windows cannot access long paths (paths longer than 260 characters).
261 However, as a workaround, the Windows path prefix \\?\ which disables all
262 path interpretation may work to allow curl to access the path. For example:
263 \\?\c:\longpath.
264
265 See https://github.com/curl/curl/issues/8361
266
2675.15 Unicode on Windows
268
269 Passing in a Unicode filename with -o:
270
271 https://github.com/curl/curl/issues/11461
272
273 Passing in Unicode character with -d:
274
275 https://github.com/curl/curl/issues/12231
276
277 Windows Unicode builds use homedir in current locale
278
279 The Windows Unicode builds of curl use the current locale, but expect Unicode
280 UTF-8 encoded paths for internal use such as open, access and stat. The
281 user's home directory is retrieved via curl_getenv in the current locale and
282 not as UTF-8 encoded Unicode.
283
284 See https://github.com/curl/curl/pull/7252 and
285     https://github.com/curl/curl/pull/7281
286
287 Cannot handle Unicode arguments in non-Unicode builds on Windows
288
289 If a URL or filename cannot be encoded using the user's current codepage then
290 it can only be encoded properly in the Unicode character set. Windows uses
291 UTF-16 encoding for Unicode and stores it in wide characters, however curl
292 and libcurl are not equipped for that at the moment except when built with
293 _UNICODE and UNICODE defined. Except for Cygwin, Windows cannot use UTF-8 as
294 a locale.
295
296  https://curl.se/bug/?i=345
297  https://curl.se/bug/?i=731
298  https://curl.se/bug/?i=3747
299
300 NTLM authentication and Unicode
301
302 NTLM authentication involving Unicode username or password only works
303 properly if built with UNICODE defined together with the Schannel backend.
304 The original problem was mentioned in:
305 https://curl.se/mail/lib-2009-10/0024.html
306 https://curl.se/bug/view.cgi?id=896
307
308 The Schannel version verified to work as mentioned in
309 https://curl.se/mail/lib-2012-07/0073.html
310
3116. Authentication
312
3136.2 MIT Kerberos for Windows build
314
315 libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's
316 library header files exporting symbols/macros that should be kept private to
317 the KfW library. See ticket #5601 at https://krbdev.mit.edu/rt/
318
3196.3 NTLM in system context uses wrong name
320
321 NTLM authentication using SSPI (on Windows) when (lib)curl is running in
322 "system context" makes it use wrong(?) username - at least when compared to
323 what winhttp does. See https://curl.se/bug/view.cgi?id=535
324
3256.5 NTLM does not support password with § character
326
327 https://github.com/curl/curl/issues/2120
328
3296.6 libcurl can fail to try alternatives with --proxy-any
330
331 When connecting via a proxy using --proxy-any, a failure to establish an
332 authentication causes libcurl to abort trying other options if the failed
333 method has a higher preference than the alternatives. As an example,
334 --proxy-any against a proxy which advertise Negotiate and NTLM, but which
335 fails to set up Kerberos authentication does not proceed to try
336 authentication using NTLM.
337
338 https://github.com/curl/curl/issues/876
339
3406.7 Do not clear digest for single realm
341
342 https://github.com/curl/curl/issues/3267
343
3446.8 Heimdal memory leaks
345
346 Running test 2077 and 2078 with curl built to do GSS with Heimdal causes
347 valgrind errors (memory leak).
348
349 https://github.com/curl/curl/issues/14446
350
3516.9 SHA-256 digest not supported in Windows SSPI builds
352
353 Windows builds of curl that have SSPI enabled use the native Windows API calls
354 to create authentication strings. The call to InitializeSecurityContext fails
355 with SEC_E_QOP_NOT_SUPPORTED which causes curl to fail with CURLE_AUTH_ERROR.
356
357 Microsoft does not document supported digest algorithms and that SEC_E error
358 code is not a documented error for InitializeSecurityContext (digest).
359
360 https://github.com/curl/curl/issues/6302
361
3626.10 curl never completes Negotiate over HTTP
363
364 Apparently it is not working correctly...?
365
366 See https://github.com/curl/curl/issues/5235
367
3686.11 Negotiate on Windows fails
369
370 When using --negotiate (or NTLM) with curl on Windows, SSL/TLS handshake
371 fails despite having a valid kerberos ticket cached. Works without any issue
372 in Unix/Linux.
373
374 https://github.com/curl/curl/issues/5881
375
3766.12 cannot use Secure Transport with Crypto Token Kit
377
378 https://github.com/curl/curl/issues/7048
379
3806.13 Negotiate authentication against Hadoop HDFS
381
382 https://github.com/curl/curl/issues/8264
383
3847. FTP
385
3867.4 FTP with ACCT
387
388 When doing an operation over FTP that requires the ACCT command (but not when
389 logging in), the operation fails since libcurl does not detect this and thus
390 fails to issue the correct command: https://curl.se/bug/view.cgi?id=635
391
3927.12 FTPS server compatibility on Windows with Schannel
393
394 FTPS is not widely used with the Schannel TLS backend and so there may be
395 more bugs compared to other TLS backends such as OpenSSL. In the past users
396 have reported hanging and failed connections. It is likely some changes to
397 curl since then fixed the issues. None of the reported issues can be
398 reproduced any longer.
399
400 If you encounter an issue connecting to your server via FTPS with the latest
401 curl and Schannel then please search for open issues or file a new issue.
402
4039. SFTP and SCP
404
4059.1 SFTP does not do CURLOPT_POSTQUOTE correct
406
407 When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP server
408 using the multi interface, the commands are not being sent correctly and
409 instead the connection is "cancelled" (the operation is considered done)
410 prematurely. There is a half-baked (busy-looping) patch provided in the bug
411 report but it cannot be accepted as-is. See
412 https://curl.se/bug/view.cgi?id=748
413
4149.2 wolfssh: publickey auth does not work
415
416 When building curl to use the wolfSSH backend for SFTP, the publickey
417 authentication does not work. This is simply functionality not written for curl
418 yet, the necessary API for make this work is provided by wolfSSH.
419
420 See https://github.com/curl/curl/issues/4820
421
4229.3 Remote recursive folder creation with SFTP
423
424 On this servers, the curl fails to create directories on the remote server
425 even when the CURLOPT_FTP_CREATE_MISSING_DIRS option is set.
426
427 See https://github.com/curl/curl/issues/5204
428
4299.4 libssh blocking and infinite loop problem
430
431 In the SSH_SFTP_INIT state for libssh, the ssh session working mode is set to
432 blocking mode. If the network is suddenly disconnected during sftp
433 transmission, curl is stuck, even if curl is configured with a timeout.
434
435 https://github.com/curl/curl/issues/8632
436
4379.5 Cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"
438
439 Running SCP and SFTP tests on Cygwin makes this warning message appear.
440
441 https://github.com/curl/curl/issues/11244
442
44310. SOCKS
444
44511. Internals
446
44711.1 gssapi library name + version is missing in curl_version_info()
448
449 The struct needs to be expanded and code added to store this info.
450
451 See https://github.com/curl/curl/issues/13492
452
45311.2 error buffer not set if connection to multiple addresses fails
454
455 If you ask libcurl to resolve a hostname like example.com to IPv6 addresses
456 when you only have IPv4 connectivity. libcurl fails with
457 CURLE_COULDNT_CONNECT, but the error buffer set by CURLOPT_ERRORBUFFER
458 remains empty. Issue: https://github.com/curl/curl/issues/544
459
46011.3 TFTP tests fail on OpenBSD
461
462 When adding an OpenBSD job with tests to GHA, some tests consistently fail
463 to run.
464
465 See https://github.com/curl/curl/issues/13623
466
46711.4 HTTP test server 'connection-monitor' problems
468
469 The 'connection-monitor' feature of the sws HTTP test server does not work
470 properly if some tests are run in unexpected order. Like 1509 and then 1525.
471
472 See https://github.com/curl/curl/issues/868
473
47411.5 Connection information when using TCP Fast Open
475
476 CURLINFO_LOCAL_PORT (and possibly a few other) fails when TCP Fast Open is
477 enabled.
478
479 See https://github.com/curl/curl/issues/1332 and
480 https://github.com/curl/curl/issues/4296
481
48211.6 test cases sometimes timeout
483
484 Occasionally, one of the tests timeouts. Inexplicably.
485
486 See https://github.com/curl/curl/issues/13350
487
48811.7 CURLOPT_CONNECT_TO does not work for HTTPS proxy
489
490 It is unclear if the same option should even cover the proxy connection or if
491 if requires a separate option.
492
493 See https://github.com/curl/curl/issues/14481
494
49511.8 WinIDN test failures
496
497 Test 165 disabled when built with WinIDN.
498
49911.9 setting a disabled option should return CURLE_NOT_BUILT_IN
500
501 When curl has been built with specific features or protocols disabled,
502 setting such options with curl_easy_setopt() should rather return
503 CURLE_NOT_BUILT_IN instead of CURLE_UNKNOWN_OPTION to signal the difference
504 to the application
505
506 See https://github.com/curl/curl/issues/15472
507
50812. LDAP
509
51012.1 OpenLDAP hangs after returning results
511
512 By configuration defaults, OpenLDAP automatically chase referrals on
513 secondary socket descriptors. The OpenLDAP backend is asynchronous and thus
514 should monitor all socket descriptors involved. Currently, these secondary
515 descriptors are not monitored, causing OpenLDAP library to never receive
516 data from them.
517
518 As a temporary workaround, disable referrals chasing by configuration.
519
520 The fix is not easy: proper automatic referrals chasing requires a
521 synchronous bind callback and monitoring an arbitrary number of socket
522 descriptors for a single easy handle (currently limited to 5).
523
524 Generic LDAP is synchronous: OK.
525
526 See https://github.com/curl/curl/issues/622 and
527     https://curl.se/mail/lib-2016-01/0101.html
528
52912.2 LDAP on Windows does authentication wrong?
530
531 https://github.com/curl/curl/issues/3116
532
53312.3 LDAP on Windows does not work
534
535 A simple curl command line getting "ldap://ldap.forumsys.com" returns an
536 error that says "no memory" !
537
538 https://github.com/curl/curl/issues/4261
539
54012.4 LDAPS requests to ActiveDirectory server hang
541
542 https://github.com/curl/curl/issues/9580
543
54413. TCP/IP
545
54613.2 Trying local ports fails on Windows
547
548 This makes '--local-port [range]' to not work since curl cannot properly
549 detect if a port is already in use, so it tries the first port, uses that and
550 then subsequently fails anyway if that was actually in use.
551
552 https://github.com/curl/curl/issues/8112
553
55415. CMake
555
55615.1 cmake outputs: no version information available
557
558 Something in the SONAME generation seems to be wrong in the cmake build.
559
560 https://github.com/curl/curl/issues/11158
561
56215.6 uses -lpthread instead of Threads::Threads
563
564 See https://github.com/curl/curl/issues/6166
565
56615.7 generated .pc file contains strange entries
567
568 The Libs.private field of the generated .pc file contains -lgcc -lgcc_s -lc
569 -lgcc -lgcc_s
570
571 See https://github.com/curl/curl/issues/6167
572
57315.13 CMake build with MIT Kerberos does not work
574
575 Minimum CMake version was bumped in curl 7.71.0 (#5358) Since CMake 3.2
576 try_compile started respecting the CMAKE_EXE_FLAGS. The code dealing with
577 MIT Kerberos detection sets few variables to potentially weird mix of space,
578 and ;-separated flags. It had to blow up at some point. All the CMake checks
579 that involve compilation are doomed from that point, the configured tree
580 cannot be built.
581
582 https://github.com/curl/curl/issues/6904
583
58416. aws-sigv4
585
58616.2 aws-sigv4 does not handle multipart/form-data correctly
587
588 https://github.com/curl/curl/issues/13351
589
59016.3 aws-sigv4 has problems with particular URLs
591
592 https://github.com/curl/curl/issues/13058
593
59416.6 aws-sigv4 does not behave well with AWS VPC Lattice
595
596 https://github.com/curl/curl/issues/11007
597
59817. HTTP/2
599
60017.1 HTTP/2 prior knowledge over proxy
601
602 https://github.com/curl/curl/issues/12641
603
60417.2 HTTP/2 frames while in the connection pool kill reuse
605
606 If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to
607 curl while the connection is held in curl's connection pool, the socket is
608 found readable when considered for reuse and that makes curl think it is dead
609 and then it is closed and a new connection gets created instead.
610
611 This is *best* fixed by adding monitoring to connections while they are kept
612 in the pool so that pings can be responded to appropriately.
613
61417.3 ENHANCE_YOUR_CALM causes infinite retries
615
616 Infinite retries with 2 parallel requests on one connection receiving GOAWAY
617 with ENHANCE_YOUR_CALM error code.
618
619 See https://github.com/curl/curl/issues/5119
620
62117.4 HTTP/2 + TLS spends a lot of time in recv
622
623 It has been observered that by making the speed limit less accurate we could
624 improve this performance. (by reverting
625 https://github.com/curl/curl/commit/db5c9f4f9e0779b49624752b135281a0717b277b)
626 Can we find a golden middle ground?
627
628 See https://curl.se/mail/lib-2024-05/0026.html and
629 https://github.com/curl/curl/issues/13416
630
63118. HTTP/3
632
63318.1 connection migration does not work
634
635 https://github.com/curl/curl/issues/7695
636
63718.2 quiche: QUIC connection is draining
638
639 The transfer ends with error "QUIC connection is draining".
640
641 https://github.com/curl/curl/issues/12037
642
64319. RTSP
644
64519.1 Some methods do not support response bodies
646
647 The RTSP implementation is written to assume that a number of RTSP methods
648 always get responses without bodies, even though there seems to be no
649 indication in the RFC that this is always the case.
650
651 https://github.com/curl/curl/issues/12414
652