xref: /curl/docs/KNOWN_BUGS (revision a2622cdb) 
1                                  _   _ ____  _
2                              ___| | | |  _ \| |
3                             / __| | | | |_) | |
4                            | (__| |_| |  _ <| |___
5                             \___|\___/|_| \_\_____|
6
7                                  Known Bugs
8
9These are problems and bugs known to exist at the time of this release. Feel
10free to join in and help us correct one or more of these. Also be sure to
11check the changelog of the current development status, as one or more of these
12problems may have been fixed or changed somewhat since this was written.
13
14 1. HTTP
15
16 2. TLS
17 2.1 IMAPS connection fails with Rustls error
18 2.3 Unable to use PKCS12 certificate with Secure Transport
19 2.4 Secure Transport does not import PKCS#12 client certificates without a password
20 2.5 Client cert handling with Issuer DN differs between backends
21 2.7 Client cert (MTLS) issues with Schannel
22 2.11 Schannel TLS 1.2 handshake bug in old Windows versions
23 2.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
24 2.14 mbedTLS and CURLE_AGAIN handling
25
26 3. Email protocols
27 3.1 IMAP SEARCH ALL truncated response
28 3.2 No disconnect command
29 3.4 AUTH PLAIN for SMTP is not working on all servers
30 3.5 APOP authentication fails on POP3
31 3.6 POP3 issue when reading small chunks
32
33 4. Command line
34 4.1 -T /dev/stdin may upload with an incorrect content length
35 4.2 -T - always uploads chunked
36
37 5. Build and portability issues
38 5.1 OS400 port requires deprecated IBM library
39 5.2 curl-config --libs contains private details
40 5.3 LDFLAGS passed too late making libs linked incorrectly
41 5.6 Cygwin: make install installs curl-config.1 twice
42 5.11 configure --with-gssapi with Heimdal is ignored on macOS
43 5.12 flaky CI builds
44 5.13 long paths are not fully supported on Windows
45 5.15 Unicode on Windows
46
47 6. Authentication
48 6.2 MIT Kerberos for Windows build
49 6.3 NTLM in system context uses wrong name
50 6.5 NTLM does not support password with § character
51 6.6 libcurl can fail to try alternatives with --proxy-any
52 6.7 Do not clear digest for single realm
53 6.8 Heimdal memory leaks
54 6.9 SHA-256 digest not supported in Windows SSPI builds
55 6.10 curl never completes Negotiate over HTTP
56 6.11 Negotiate on Windows fails
57 6.12 cannot use Secure Transport with Crypto Token Kit
58 6.13 Negotiate against Hadoop HDFS
59
60 7. FTP
61 7.4 FTP with ACCT
62 7.12 FTPS directory listing hangs on Windows with Schannel
63
64 9. SFTP and SCP
65 9.1 SFTP does not do CURLOPT_POSTQUOTE correct
66 9.2 wolfssh: publickey auth does not work
67 9.3 Remote recursive folder creation with SFTP
68 9.4 libssh blocking and infinite loop problem
69 9.5 Cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"
70
71 10. SOCKS
72
73 11. Internals
74 11.1 gssapi library name + version is missing in curl_version_info()
75 11.2 error buffer not set if connection to multiple addresses fails
76 11.3 TFTP tests fail on OpenBSD
77 11.4 HTTP test server 'connection-monitor' problems
78 11.5 Connection information when using TCP Fast Open
79 11.6 test cases sometimes timeout
80 11.7 CURLOPT_CONNECT_TO does not work for HTTPS proxy
81 11.8 WinIDN test failures
82 11.9 setting a disabled option should return CURLE_NOT_BUILT_IN
83
84 12. LDAP
85 12.1 OpenLDAP hangs after returning results
86 12.2 LDAP on Windows does authentication wrong?
87 12.3 LDAP on Windows does not work
88 12.4 LDAPS requests to ActiveDirectory server hang
89
90 13. TCP/IP
91 13.2 Trying local ports fails on Windows
92
93 15. CMake
94 15.1 cmake outputs: no version information available
95 15.2 support build with GnuTLS
96 15.3 unusable tool_hugehelp.c with MinGW
97 15.6 uses -lpthread instead of Threads::Threads
98 15.7 generated .pc file contains strange entries
99 15.13 CMake build with MIT Kerberos does not work
100
101 16. aws-sigv4
102 16.2 aws-sigv4 does not handle multipart/form-data correctly
103 16.3 aws-sigv4 has problems with particular URLs
104 16.6 aws-sigv4 does not behave well with AWS VPC Lattice
105
106 17. HTTP/2
107 17.1 HTTP/2 prior knowledge over proxy
108 17.2 HTTP/2 frames while in the connection pool kill reuse
109 17.3 ENHANCE_YOUR_CALM causes infinite retries
110 17.4 HTTP/2 + TLS spends a lot of time in recv
111
112 18. HTTP/3
113 18.1 connection migration does not work
114 18.2 quiche: QUIC connection is draining
115
116 19. RTSP
117 19.1 Some methods do not support response bodies
118
119==============================================================================
120
1211. HTTP
122
1232. TLS
124
1252.1 IMAPS connection fails with Rustls error
126
127 https://github.com/curl/curl/issues/10457
128
1292.3 Unable to use PKCS12 certificate with Secure Transport
130
131 See https://github.com/curl/curl/issues/5403
132
1332.4 Secure Transport does not import PKCS#12 client certificates without a password
134
135 libcurl calls SecPKCS12Import with the PKCS#12 client certificate, but that
136 function rejects certificates that do not have a password.
137 https://github.com/curl/curl/issues/1308
138
1392.5 Client cert handling with Issuer DN differs between backends
140
141 When the specified client certificate does not match any of the
142 server-specified DNs, the OpenSSL and GnuTLS backends behave differently.
143 The github discussion may contain a solution.
144
145 See https://github.com/curl/curl/issues/1411
146
1472.7 Client cert (MTLS) issues with Schannel
148
149 See https://github.com/curl/curl/issues/3145
150
1512.11 Schannel TLS 1.2 handshake bug in old Windows versions
152
153 In old versions of Windows such as 7 and 8.1 the Schannel TLS 1.2 handshake
154 implementation likely has a bug that can rarely cause the key exchange to
155 fail, resulting in error SEC_E_BUFFER_TOO_SMALL or SEC_E_MESSAGE_ALTERED.
156
157 https://github.com/curl/curl/issues/5488
158
1592.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
160
161 https://github.com/curl/curl/issues/8741
162
1632.14 mbedTLS and CURLE_AGAIN handling
164
165 https://github.com/curl/curl/issues/15801
166
1673. Email protocols
168
1693.1 IMAP SEARCH ALL truncated response
170
171 IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the
172 code reveals that pingpong.c contains some truncation code, at line 408, when
173 it deems the server response to be too large truncating it to 40 characters"
174 https://curl.se/bug/view.cgi?id=1366
175
1763.2 No disconnect command
177
178 The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3 and
179 SMTP if a failure occurs during the authentication phase of a connection.
180
1813.4 AUTH PLAIN for SMTP is not working on all servers
182
183 Specifying "--login-options AUTH=PLAIN" on the command line does not seem to
184 work correctly.
185
186 See https://github.com/curl/curl/issues/4080
187
1883.5 APOP authentication fails on POP3
189
190 See https://github.com/curl/curl/issues/10073
191
1923.6 POP3 issue when reading small chunks
193
194 CURL_DBG_SOCK_RMAX=4 ./runtests.pl -v 982
195
196 See https://github.com/curl/curl/issues/12063
197
1984. Command line
199
2004.1 -T /dev/stdin may upload with an incorrect content length
201
202 -T stats the path to figure out its size in bytes to use it as Content-Length
203 if it is a regular file.
204
205 The problem with that is that, on BSDs and some other UNIXes (not Linux),
206 open(path) may not give you a file descriptor with a 0 offset from the start
207 of the file.
208
209 See https://github.com/curl/curl/issues/12177
210
2114.2 -T - always uploads chunked
212
213 When the `<` shell operator is used. curl should realise that stdin is a
214 regular file in this case, and that it can do a non-chunked upload, like it
215 would do if you used -T file.
216
217 See https://github.com/curl/curl/issues/12171
218
2195. Build and portability issues
220
2215.1 OS400 port requires deprecated IBM library
222
223 curl for OS400 requires QADRT to build, which provides ASCII wrappers for
224 libc/POSIX functions in the ILE, but IBM no longer supports or even offers
225 this library to download.
226
227 See https://github.com/curl/curl/issues/5176
228
2295.2 curl-config --libs contains private details
230
231 "curl-config --libs" include details set in LDFLAGS when configure is run
232 that might be needed only for building libcurl. Further, curl-config --cflags
233 suffers from the same effects with CFLAGS/CPPFLAGS.
234
2355.3 LDFLAGS passed too late making libs linked incorrectly
236
237 Compiling latest curl on HP-UX and linking against a custom OpenSSL (which is
238 on the default loader/linker path), fails because the generated Makefile has
239 LDFLAGS passed on after LIBS.
240
241 See https://github.com/curl/curl/issues/14893
242
2435.6 Cygwin: make install installs curl-config.1 twice
244
245 https://github.com/curl/curl/issues/8839
246
2475.11 configure --with-gssapi with Heimdal is ignored on macOS
248
249 ... unless you also pass --with-gssapi-libs
250
251 https://github.com/curl/curl/issues/3841
252
2535.12 flaky CI builds
254
255 We run many CI builds for each commit and PR on github, and especially a
256 number of the Windows builds are flaky. This means that we rarely get all CI
257 builds go green and complete without errors. This is unfortunate as it makes
258 us sometimes miss actual build problems and it is surprising to newcomers to
259 the project who (rightfully) do not expect this.
260
261 See https://github.com/curl/curl/issues/6972
262
2635.13 long paths are not fully supported on Windows
264
265 curl on Windows cannot access long paths (paths longer than 260 characters).
266 However, as a workaround, the Windows path prefix \\?\ which disables all
267 path interpretation may work to allow curl to access the path. For example:
268 \\?\c:\longpath.
269
270 See https://github.com/curl/curl/issues/8361
271
2725.15 Unicode on Windows
273
274 Passing in a Unicode filename with -o:
275
276 https://github.com/curl/curl/issues/11461
277
278 Passing in Unicode character with -d:
279
280 https://github.com/curl/curl/issues/12231
281
282 Windows Unicode builds use homedir in current locale
283
284 The Windows Unicode builds of curl use the current locale, but expect Unicode
285 UTF-8 encoded paths for internal use such as open, access and stat. The
286 user's home directory is retrieved via curl_getenv in the current locale and
287 not as UTF-8 encoded Unicode.
288
289 See https://github.com/curl/curl/pull/7252 and
290     https://github.com/curl/curl/pull/7281
291
292 Cannot handle Unicode arguments in non-Unicode builds on Windows
293
294 If a URL or filename cannot be encoded using the user's current codepage then
295 it can only be encoded properly in the Unicode character set. Windows uses
296 UTF-16 encoding for Unicode and stores it in wide characters, however curl
297 and libcurl are not equipped for that at the moment except when built with
298 _UNICODE and UNICODE defined. Except for Cygwin, Windows cannot use UTF-8 as
299 a locale.
300
301  https://curl.se/bug/?i=345
302  https://curl.se/bug/?i=731
303  https://curl.se/bug/?i=3747
304
305 NTLM authentication and Unicode
306
307 NTLM authentication involving Unicode username or password only works
308 properly if built with UNICODE defined together with the Schannel backend.
309 The original problem was mentioned in:
310 https://curl.se/mail/lib-2009-10/0024.html
311 https://curl.se/bug/view.cgi?id=896
312
313 The Schannel version verified to work as mentioned in
314 https://curl.se/mail/lib-2012-07/0073.html
315
3166. Authentication
317
3186.2 MIT Kerberos for Windows build
319
320 libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's
321 library header files exporting symbols/macros that should be kept private to
322 the KfW library. See ticket #5601 at https://krbdev.mit.edu/rt/
323
3246.3 NTLM in system context uses wrong name
325
326 NTLM authentication using SSPI (on Windows) when (lib)curl is running in
327 "system context" makes it use wrong(?) username - at least when compared to
328 what winhttp does. See https://curl.se/bug/view.cgi?id=535
329
3306.5 NTLM does not support password with § character
331
332 https://github.com/curl/curl/issues/2120
333
3346.6 libcurl can fail to try alternatives with --proxy-any
335
336 When connecting via a proxy using --proxy-any, a failure to establish an
337 authentication causes libcurl to abort trying other options if the failed
338 method has a higher preference than the alternatives. As an example,
339 --proxy-any against a proxy which advertise Negotiate and NTLM, but which
340 fails to set up Kerberos authentication does not proceed to try
341 authentication using NTLM.
342
343 https://github.com/curl/curl/issues/876
344
3456.7 Do not clear digest for single realm
346
347 https://github.com/curl/curl/issues/3267
348
3496.8 Heimdal memory leaks
350
351 Running test 2077 and 2078 with curl built to do GSS with Heimdal causes
352 valgrind errors (memory leak).
353
354 https://github.com/curl/curl/issues/14446
355
3566.9 SHA-256 digest not supported in Windows SSPI builds
357
358 Windows builds of curl that have SSPI enabled use the native Windows API calls
359 to create authentication strings. The call to InitializeSecurityContext fails
360 with SEC_E_QOP_NOT_SUPPORTED which causes curl to fail with CURLE_AUTH_ERROR.
361
362 Microsoft does not document supported digest algorithms and that SEC_E error
363 code is not a documented error for InitializeSecurityContext (digest).
364
365 https://github.com/curl/curl/issues/6302
366
3676.10 curl never completes Negotiate over HTTP
368
369 Apparently it is not working correctly...?
370
371 See https://github.com/curl/curl/issues/5235
372
3736.11 Negotiate on Windows fails
374
375 When using --negotiate (or NTLM) with curl on Windows, SSL/TLS handshake
376 fails despite having a valid kerberos ticket cached. Works without any issue
377 in Unix/Linux.
378
379 https://github.com/curl/curl/issues/5881
380
3816.12 cannot use Secure Transport with Crypto Token Kit
382
383 https://github.com/curl/curl/issues/7048
384
3856.13 Negotiate authentication against Hadoop HDFS
386
387 https://github.com/curl/curl/issues/8264
388
3897. FTP
390
3917.4 FTP with ACCT
392
393 When doing an operation over FTP that requires the ACCT command (but not when
394 logging in), the operation fails since libcurl does not detect this and thus
395 fails to issue the correct command: https://curl.se/bug/view.cgi?id=635
396
3977.12 FTPS server compatibility on Windows with Schannel
398
399 FTPS is not widely used with the Schannel TLS backend and so there may be
400 more bugs compared to other TLS backends such as OpenSSL. In the past users
401 have reported hanging and failed connections. It is likely some changes to
402 curl since then fixed the issues. None of the reported issues can be
403 reproduced any longer.
404
405 If you encounter an issue connecting to your server via FTPS with the latest
406 curl and Schannel then please search for open issues or file a new issue.
407
4089. SFTP and SCP
409
4109.1 SFTP does not do CURLOPT_POSTQUOTE correct
411
412 When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP server
413 using the multi interface, the commands are not being sent correctly and
414 instead the connection is "cancelled" (the operation is considered done)
415 prematurely. There is a half-baked (busy-looping) patch provided in the bug
416 report but it cannot be accepted as-is. See
417 https://curl.se/bug/view.cgi?id=748
418
4199.2 wolfssh: publickey auth does not work
420
421 When building curl to use the wolfSSH backend for SFTP, the publickey
422 authentication does not work. This is simply functionality not written for curl
423 yet, the necessary API for make this work is provided by wolfSSH.
424
425 See https://github.com/curl/curl/issues/4820
426
4279.3 Remote recursive folder creation with SFTP
428
429 On this servers, the curl fails to create directories on the remote server
430 even when the CURLOPT_FTP_CREATE_MISSING_DIRS option is set.
431
432 See https://github.com/curl/curl/issues/5204
433
4349.4 libssh blocking and infinite loop problem
435
436 In the SSH_SFTP_INIT state for libssh, the ssh session working mode is set to
437 blocking mode. If the network is suddenly disconnected during sftp
438 transmission, curl is stuck, even if curl is configured with a timeout.
439
440 https://github.com/curl/curl/issues/8632
441
4429.5 Cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"
443
444 Running SCP and SFTP tests on Cygwin makes this warning message appear.
445
446 https://github.com/curl/curl/issues/11244
447
44810. SOCKS
449
45011. Internals
451
45211.1 gssapi library name + version is missing in curl_version_info()
453
454 The struct needs to be expanded and code added to store this info.
455
456 See https://github.com/curl/curl/issues/13492
457
45811.2 error buffer not set if connection to multiple addresses fails
459
460 If you ask libcurl to resolve a hostname like example.com to IPv6 addresses
461 when you only have IPv4 connectivity. libcurl fails with
462 CURLE_COULDNT_CONNECT, but the error buffer set by CURLOPT_ERRORBUFFER
463 remains empty. Issue: https://github.com/curl/curl/issues/544
464
46511.3 TFTP tests fail on OpenBSD
466
467 When adding an OpenBSD job with tests to GHA, some tests consistently fail
468 to run.
469
470 See https://github.com/curl/curl/issues/13623
471
47211.4 HTTP test server 'connection-monitor' problems
473
474 The 'connection-monitor' feature of the sws HTTP test server does not work
475 properly if some tests are run in unexpected order. Like 1509 and then 1525.
476
477 See https://github.com/curl/curl/issues/868
478
47911.5 Connection information when using TCP Fast Open
480
481 CURLINFO_LOCAL_PORT (and possibly a few other) fails when TCP Fast Open is
482 enabled.
483
484 See https://github.com/curl/curl/issues/1332 and
485 https://github.com/curl/curl/issues/4296
486
48711.6 test cases sometimes timeout
488
489 Occasionally, one of the tests timeouts. Inexplicably.
490
491 See https://github.com/curl/curl/issues/13350
492
49311.7 CURLOPT_CONNECT_TO does not work for HTTPS proxy
494
495 It is unclear if the same option should even cover the proxy connection or if
496 if requires a separate option.
497
498 See https://github.com/curl/curl/issues/14481
499
50011.8 WinIDN test failures
501
502 Test 165 disabled when built with WinIDN.
503
50411.9 setting a disabled option should return CURLE_NOT_BUILT_IN
505
506 When curl has been built with specific features or protocols disabled,
507 setting such options with curl_easy_setopt() should rather return
508 CURLE_NOT_BUILT_IN instead of CURLE_UNKNOWN_OPTION to signal the difference
509 to the application
510
511 See https://github.com/curl/curl/issues/15472
512
51312. LDAP
514
51512.1 OpenLDAP hangs after returning results
516
517 By configuration defaults, OpenLDAP automatically chase referrals on
518 secondary socket descriptors. The OpenLDAP backend is asynchronous and thus
519 should monitor all socket descriptors involved. Currently, these secondary
520 descriptors are not monitored, causing OpenLDAP library to never receive
521 data from them.
522
523 As a temporary workaround, disable referrals chasing by configuration.
524
525 The fix is not easy: proper automatic referrals chasing requires a
526 synchronous bind callback and monitoring an arbitrary number of socket
527 descriptors for a single easy handle (currently limited to 5).
528
529 Generic LDAP is synchronous: OK.
530
531 See https://github.com/curl/curl/issues/622 and
532     https://curl.se/mail/lib-2016-01/0101.html
533
53412.2 LDAP on Windows does authentication wrong?
535
536 https://github.com/curl/curl/issues/3116
537
53812.3 LDAP on Windows does not work
539
540 A simple curl command line getting "ldap://ldap.forumsys.com" returns an
541 error that says "no memory" !
542
543 https://github.com/curl/curl/issues/4261
544
54512.4 LDAPS requests to ActiveDirectory server hang
546
547 https://github.com/curl/curl/issues/9580
548
54913. TCP/IP
550
55113.2 Trying local ports fails on Windows
552
553 This makes '--local-port [range]' to not work since curl cannot properly
554 detect if a port is already in use, so it tries the first port, uses that and
555 then subsequently fails anyway if that was actually in use.
556
557 https://github.com/curl/curl/issues/8112
558
55915. CMake
560
56115.1 cmake outputs: no version information available
562
563 Something in the SONAME generation seems to be wrong in the cmake build.
564
565 https://github.com/curl/curl/issues/11158
566
56715.6 uses -lpthread instead of Threads::Threads
568
569 See https://github.com/curl/curl/issues/6166
570
57115.7 generated .pc file contains strange entries
572
573 The Libs.private field of the generated .pc file contains -lgcc -lgcc_s -lc
574 -lgcc -lgcc_s
575
576 See https://github.com/curl/curl/issues/6167
577
57815.13 CMake build with MIT Kerberos does not work
579
580 Minimum CMake version was bumped in curl 7.71.0 (#5358) Since CMake 3.2
581 try_compile started respecting the CMAKE_EXE_FLAGS. The code dealing with
582 MIT Kerberos detection sets few variables to potentially weird mix of space,
583 and ;-separated flags. It had to blow up at some point. All the CMake checks
584 that involve compilation are doomed from that point, the configured tree
585 cannot be built.
586
587 https://github.com/curl/curl/issues/6904
588
58916. aws-sigv4
590
59116.2 aws-sigv4 does not handle multipart/form-data correctly
592
593 https://github.com/curl/curl/issues/13351
594
59516.3 aws-sigv4 has problems with particular URLs
596
597 https://github.com/curl/curl/issues/13058
598
59916.6 aws-sigv4 does not behave well with AWS VPC Lattice
600
601 https://github.com/curl/curl/issues/11007
602
60317. HTTP/2
604
60517.1 HTTP/2 prior knowledge over proxy
606
607 https://github.com/curl/curl/issues/12641
608
60917.2 HTTP/2 frames while in the connection pool kill reuse
610
611 If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to
612 curl while the connection is held in curl's connection pool, the socket is
613 found readable when considered for reuse and that makes curl think it is dead
614 and then it is closed and a new connection gets created instead.
615
616 This is *best* fixed by adding monitoring to connections while they are kept
617 in the pool so that pings can be responded to appropriately.
618
61917.3 ENHANCE_YOUR_CALM causes infinite retries
620
621 Infinite retries with 2 parallel requests on one connection receiving GOAWAY
622 with ENHANCE_YOUR_CALM error code.
623
624 See https://github.com/curl/curl/issues/5119
625
62617.4 HTTP/2 + TLS spends a lot of time in recv
627
628 It has been observered that by making the speed limit less accurate we could
629 improve this performance. (by reverting
630 https://github.com/curl/curl/commit/db5c9f4f9e0779b49624752b135281a0717b277b)
631 Can we find a golden middle ground?
632
633 See https://curl.se/mail/lib-2024-05/0026.html and
634 https://github.com/curl/curl/issues/13416
635
63618. HTTP/3
637
63818.1 connection migration does not work
639
640 https://github.com/curl/curl/issues/7695
641
64218.2 quiche: QUIC connection is draining
643
644 The transfer ends with error "QUIC connection is draining".
645
646 https://github.com/curl/curl/issues/12037
647
64819. RTSP
649
65019.1 Some methods do not support response bodies
651
652 The RTSP implementation is written to assume that a number of RTSP methods
653 always get responses without bodies, even though there seems to be no
654 indication in the RFC that this is always the case.
655
656 https://github.com/curl/curl/issues/12414
657