xref: /curl/docs/KNOWN_BUGS (revision 5ebc820c) 
1                                  _   _ ____  _
2                              ___| | | |  _ \| |
3                             / __| | | | |_) | |
4                            | (__| |_| |  _ <| |___
5                             \___|\___/|_| \_\_____|
6
7                                  Known Bugs
8
9These are problems and bugs known to exist at the time of this release. Feel
10free to join in and help us correct one or more of these. Also be sure to
11check the changelog of the current development status, as one or more of these
12problems may have been fixed or changed somewhat since this was written.
13
14 1. HTTP
15
16 2. TLS
17 2.1 IMAPS connection fails with Rustls error
18 2.3 Unable to use PKCS12 certificate with Secure Transport
19 2.4 Secure Transport does not import PKCS#12 client certificates without a password
20 2.5 Client cert handling with Issuer DN differs between backends
21 2.7 Client cert (MTLS) issues with Schannel
22 2.11 Schannel TLS 1.2 handshake bug in old Windows versions
23 2.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
24
25 3. Email protocols
26 3.1 IMAP SEARCH ALL truncated response
27 3.2 No disconnect command
28 3.4 AUTH PLAIN for SMTP is not working on all servers
29 3.5 APOP authentication fails on POP3
30 3.6 POP3 issue when reading small chunks
31
32 4. Command line
33 4.1 -T /dev/stdin may upload with an incorrect content length
34 4.2 -T - always uploads chunked
35
36 5. Build and portability issues
37 5.1 OS400 port requires deprecated IBM library
38 5.2 curl-config --libs contains private details
39 5.6 Cygwin: make install installs curl-config.1 twice
40 5.11 configure --with-gssapi with Heimdal is ignored on macOS
41 5.12 flaky CI builds
42 5.13 long paths are not fully supported on Windows
43 5.15 Unicode on Windows
44
45 6. Authentication
46 6.2 MIT Kerberos for Windows build
47 6.3 NTLM in system context uses wrong name
48 6.5 NTLM does not support password with § character
49 6.6 libcurl can fail to try alternatives with --proxy-any
50 6.7 Do not clear digest for single realm
51 6.8 Heimdal memory leaks
52 6.9 SHA-256 digest not supported in Windows SSPI builds
53 6.10 curl never completes Negotiate over HTTP
54 6.11 Negotiate on Windows fails
55 6.12 cannot use Secure Transport with Crypto Token Kit
56 6.13 Negotiate against Hadoop HDFS
57
58 7. FTP
59 7.4 FTP with ACCT
60 7.12 FTPS directory listing hangs on Windows with Schannel
61
62 9. SFTP and SCP
63 9.1 SFTP does not do CURLOPT_POSTQUOTE correct
64 9.2 wolfssh: publickey auth does not work
65 9.3 Remote recursive folder creation with SFTP
66 9.4 libssh blocking and infinite loop problem
67 9.5 Cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"
68
69 10. SOCKS
70
71 11. Internals
72 11.1 gssapi library name + version is missing in curl_version_info()
73 11.2 error buffer not set if connection to multiple addresses fails
74 11.3 TFTP tests fail on OpenBSD
75 11.4 HTTP test server 'connection-monitor' problems
76 11.5 Connection information when using TCP Fast Open
77 11.6 test cases sometimes timeout
78 11.7 CURLOPT_CONNECT_TO does not work for HTTPS proxy
79 11.8 WinIDN test failures
80
81 12. LDAP
82 12.1 OpenLDAP hangs after returning results
83 12.2 LDAP on Windows does authentication wrong?
84 12.3 LDAP on Windows does not work
85 12.4 LDAPS requests to ActiveDirectory server hang
86
87 13. TCP/IP
88 13.2 Trying local ports fails on Windows
89
90 15. CMake
91 15.1 cmake outputs: no version information available
92 15.2 support build with GnuTLS
93 15.3 unusable tool_hugehelp.c with MinGW
94 15.6 uses -lpthread instead of Threads::Threads
95 15.7 generated .pc file contains strange entries
96 15.13 CMake build with MIT Kerberos does not work
97
98 16. aws-sigv4
99 16.2 aws-sigv4 does not handle multipart/form-data correctly
100 16.3 aws-sigv4 has problems with particular URLs
101 16.6 aws-sigv4 does not behave well with AWS VPC Lattice
102
103 17. HTTP/2
104 17.1 HTTP/2 prior knowledge over proxy
105 17.2 HTTP/2 frames while in the connection pool kill reuse
106 17.3 ENHANCE_YOUR_CALM causes infinite retries
107 17.4 HTTP/2 + TLS spends a lot of time in recv
108
109 18. HTTP/3
110 18.1 connection migration does not work
111 18.2 quiche: QUIC connection is draining
112
113 19. RTSP
114 19.1 Some methods do not support response bodies
115
116==============================================================================
117
1181. HTTP
119
1202. TLS
121
1222.1 IMAPS connection fails with Rustls error
123
124 https://github.com/curl/curl/issues/10457
125
1262.3 Unable to use PKCS12 certificate with Secure Transport
127
128 See https://github.com/curl/curl/issues/5403
129
1302.4 Secure Transport does not import PKCS#12 client certificates without a password
131
132 libcurl calls SecPKCS12Import with the PKCS#12 client certificate, but that
133 function rejects certificates that do not have a password.
134 https://github.com/curl/curl/issues/1308
135
1362.5 Client cert handling with Issuer DN differs between backends
137
138 When the specified client certificate does not match any of the
139 server-specified DNs, the OpenSSL and GnuTLS backends behave differently.
140 The github discussion may contain a solution.
141
142 See https://github.com/curl/curl/issues/1411
143
1442.7 Client cert (MTLS) issues with Schannel
145
146 See https://github.com/curl/curl/issues/3145
147
1482.11 Schannel TLS 1.2 handshake bug in old Windows versions
149
150 In old versions of Windows such as 7 and 8.1 the Schannel TLS 1.2 handshake
151 implementation likely has a bug that can rarely cause the key exchange to
152 fail, resulting in error SEC_E_BUFFER_TOO_SMALL or SEC_E_MESSAGE_ALTERED.
153
154 https://github.com/curl/curl/issues/5488
155
1562.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
157
158 https://github.com/curl/curl/issues/8741
159
1603. Email protocols
161
1623.1 IMAP SEARCH ALL truncated response
163
164 IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the
165 code reveals that pingpong.c contains some truncation code, at line 408, when
166 it deems the server response to be too large truncating it to 40 characters"
167 https://curl.se/bug/view.cgi?id=1366
168
1693.2 No disconnect command
170
171 The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3 and
172 SMTP if a failure occurs during the authentication phase of a connection.
173
1743.4 AUTH PLAIN for SMTP is not working on all servers
175
176 Specifying "--login-options AUTH=PLAIN" on the command line does not seem to
177 work correctly.
178
179 See https://github.com/curl/curl/issues/4080
180
1813.5 APOP authentication fails on POP3
182
183 See https://github.com/curl/curl/issues/10073
184
1853.6 POP3 issue when reading small chunks
186
187 CURL_DBG_SOCK_RMAX=4 ./runtests.pl -v 982
188
189 See https://github.com/curl/curl/issues/12063
190
1914. Command line
192
1934.1 -T /dev/stdin may upload with an incorrect content length
194
195 -T stats the path to figure out its size in bytes to use it as Content-Length
196 if it is a regular file.
197
198 The problem with that is that, on BSDs and some other UNIXes (not Linux),
199 open(path) may not give you a file descriptor with a 0 offset from the start
200 of the file.
201
202 See https://github.com/curl/curl/issues/12177
203
2044.2 -T - always uploads chunked
205
206 When the `<` shell operator is used. curl should realise that stdin is a
207 regular file in this case, and that it can do a non-chunked upload, like it
208 would do if you used -T file.
209
210 See https://github.com/curl/curl/issues/12171
211
2125. Build and portability issues
213
2145.1 OS400 port requires deprecated IBM library
215
216 curl for OS400 requires QADRT to build, which provides ASCII wrappers for
217 libc/POSIX functions in the ILE, but IBM no longer supports or even offers
218 this library to download.
219
220 See https://github.com/curl/curl/issues/5176
221
2225.2 curl-config --libs contains private details
223
224 "curl-config --libs" include details set in LDFLAGS when configure is run
225 that might be needed only for building libcurl. Further, curl-config --cflags
226 suffers from the same effects with CFLAGS/CPPFLAGS.
227
2285.6 Cygwin: make install installs curl-config.1 twice
229
230 https://github.com/curl/curl/issues/8839
231
2325.11 configure --with-gssapi with Heimdal is ignored on macOS
233
234 ... unless you also pass --with-gssapi-libs
235
236 https://github.com/curl/curl/issues/3841
237
2385.12 flaky CI builds
239
240 We run many CI builds for each commit and PR on github, and especially a
241 number of the Windows builds are flaky. This means that we rarely get all CI
242 builds go green and complete without errors. This is unfortunate as it makes
243 us sometimes miss actual build problems and it is surprising to newcomers to
244 the project who (rightfully) do not expect this.
245
246 See https://github.com/curl/curl/issues/6972
247
2485.13 long paths are not fully supported on Windows
249
250 curl on Windows cannot access long paths (paths longer than 260 characters).
251 However, as a workaround, the Windows path prefix \\?\ which disables all
252 path interpretation may work to allow curl to access the path. For example:
253 \\?\c:\longpath.
254
255 See https://github.com/curl/curl/issues/8361
256
2575.15 Unicode on Windows
258
259 Passing in a Unicode filename with -o:
260
261 https://github.com/curl/curl/issues/11461
262
263 Passing in Unicode character with -d:
264
265 https://github.com/curl/curl/issues/12231
266
267 Windows Unicode builds use homedir in current locale
268
269 The Windows Unicode builds of curl use the current locale, but expect Unicode
270 UTF-8 encoded paths for internal use such as open, access and stat. The
271 user's home directory is retrieved via curl_getenv in the current locale and
272 not as UTF-8 encoded Unicode.
273
274 See https://github.com/curl/curl/pull/7252 and
275     https://github.com/curl/curl/pull/7281
276
277 Cannot handle Unicode arguments in non-Unicode builds on Windows
278
279 If a URL or filename cannot be encoded using the user's current codepage then
280 it can only be encoded properly in the Unicode character set. Windows uses
281 UTF-16 encoding for Unicode and stores it in wide characters, however curl
282 and libcurl are not equipped for that at the moment except when built with
283 _UNICODE and UNICODE defined. Except for Cygwin, Windows cannot use UTF-8 as
284 a locale.
285
286  https://curl.se/bug/?i=345
287  https://curl.se/bug/?i=731
288  https://curl.se/bug/?i=3747
289
290 NTLM authentication and Unicode
291
292 NTLM authentication involving Unicode username or password only works
293 properly if built with UNICODE defined together with the Schannel backend.
294 The original problem was mentioned in:
295 https://curl.se/mail/lib-2009-10/0024.html
296 https://curl.se/bug/view.cgi?id=896
297
298 The Schannel version verified to work as mentioned in
299 https://curl.se/mail/lib-2012-07/0073.html
300
3016. Authentication
302
3036.2 MIT Kerberos for Windows build
304
305 libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's
306 library header files exporting symbols/macros that should be kept private to
307 the KfW library. See ticket #5601 at https://krbdev.mit.edu/rt/
308
3096.3 NTLM in system context uses wrong name
310
311 NTLM authentication using SSPI (on Windows) when (lib)curl is running in
312 "system context" makes it use wrong(?) username - at least when compared to
313 what winhttp does. See https://curl.se/bug/view.cgi?id=535
314
3156.5 NTLM does not support password with § character
316
317 https://github.com/curl/curl/issues/2120
318
3196.6 libcurl can fail to try alternatives with --proxy-any
320
321 When connecting via a proxy using --proxy-any, a failure to establish an
322 authentication causes libcurl to abort trying other options if the failed
323 method has a higher preference than the alternatives. As an example,
324 --proxy-any against a proxy which advertise Negotiate and NTLM, but which
325 fails to set up Kerberos authentication does not proceed to try
326 authentication using NTLM.
327
328 https://github.com/curl/curl/issues/876
329
3306.7 Do not clear digest for single realm
331
332 https://github.com/curl/curl/issues/3267
333
3346.8 Heimdal memory leaks
335
336 Running test 2077 and 2078 with curl built to do GSS with Heimdal causes
337 valgrind errors (memory leak).
338
339 https://github.com/curl/curl/issues/14446
340
3416.9 SHA-256 digest not supported in Windows SSPI builds
342
343 Windows builds of curl that have SSPI enabled use the native Windows API calls
344 to create authentication strings. The call to InitializeSecurityContext fails
345 with SEC_E_QOP_NOT_SUPPORTED which causes curl to fail with CURLE_AUTH_ERROR.
346
347 Microsoft does not document supported digest algorithms and that SEC_E error
348 code is not a documented error for InitializeSecurityContext (digest).
349
350 https://github.com/curl/curl/issues/6302
351
3526.10 curl never completes Negotiate over HTTP
353
354 Apparently it is not working correctly...?
355
356 See https://github.com/curl/curl/issues/5235
357
3586.11 Negotiate on Windows fails
359
360 When using --negotiate (or NTLM) with curl on Windows, SSL/TLS handshake
361 fails despite having a valid kerberos ticket cached. Works without any issue
362 in Unix/Linux.
363
364 https://github.com/curl/curl/issues/5881
365
3666.12 cannot use Secure Transport with Crypto Token Kit
367
368 https://github.com/curl/curl/issues/7048
369
3706.13 Negotiate authentication against Hadoop HDFS
371
372 https://github.com/curl/curl/issues/8264
373
3747. FTP
375
3767.4 FTP with ACCT
377
378 When doing an operation over FTP that requires the ACCT command (but not when
379 logging in), the operation fails since libcurl does not detect this and thus
380 fails to issue the correct command: https://curl.se/bug/view.cgi?id=635
381
3827.12 FTPS server compatibility on Windows with Schannel
383
384 FTPS is not widely used with the Schannel TLS backend and so there may be
385 more bugs compared to other TLS backends such as OpenSSL. In the past users
386 have reported hanging and failed connections. It is likely some changes to
387 curl since then fixed the issues. None of the reported issues can be
388 reproduced any longer.
389
390 If you encounter an issue connecting to your server via FTPS with the latest
391 curl and Schannel then please search for open issues or file a new issue.
392
3939. SFTP and SCP
394
3959.1 SFTP does not do CURLOPT_POSTQUOTE correct
396
397 When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP server
398 using the multi interface, the commands are not being sent correctly and
399 instead the connection is "cancelled" (the operation is considered done)
400 prematurely. There is a half-baked (busy-looping) patch provided in the bug
401 report but it cannot be accepted as-is. See
402 https://curl.se/bug/view.cgi?id=748
403
4049.2 wolfssh: publickey auth does not work
405
406 When building curl to use the wolfSSH backend for SFTP, the publickey
407 authentication does not work. This is simply functionality not written for curl
408 yet, the necessary API for make this work is provided by wolfSSH.
409
410 See https://github.com/curl/curl/issues/4820
411
4129.3 Remote recursive folder creation with SFTP
413
414 On this servers, the curl fails to create directories on the remote server
415 even when the CURLOPT_FTP_CREATE_MISSING_DIRS option is set.
416
417 See https://github.com/curl/curl/issues/5204
418
4199.4 libssh blocking and infinite loop problem
420
421 In the SSH_SFTP_INIT state for libssh, the ssh session working mode is set to
422 blocking mode. If the network is suddenly disconnected during sftp
423 transmission, curl is stuck, even if curl is configured with a timeout.
424
425 https://github.com/curl/curl/issues/8632
426
4279.5 Cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"
428
429 Running SCP and SFTP tests on Cygwin makes this warning message appear.
430
431 https://github.com/curl/curl/issues/11244
432
43310. SOCKS
434
43511. Internals
436
43711.1 gssapi library name + version is missing in curl_version_info()
438
439 The struct needs to be expanded and code added to store this info.
440
441 See https://github.com/curl/curl/issues/13492
442
44311.2 error buffer not set if connection to multiple addresses fails
444
445 If you ask libcurl to resolve a hostname like example.com to IPv6 addresses
446 when you only have IPv4 connectivity. libcurl fails with
447 CURLE_COULDNT_CONNECT, but the error buffer set by CURLOPT_ERRORBUFFER
448 remains empty. Issue: https://github.com/curl/curl/issues/544
449
45011.3 TFTP tests fail on OpenBSD
451
452 When adding an OpenBSD job with tests to GHA, some tests consistently fail
453 to run.
454
455 See https://github.com/curl/curl/issues/13623
456
45711.4 HTTP test server 'connection-monitor' problems
458
459 The 'connection-monitor' feature of the sws HTTP test server does not work
460 properly if some tests are run in unexpected order. Like 1509 and then 1525.
461
462 See https://github.com/curl/curl/issues/868
463
46411.5 Connection information when using TCP Fast Open
465
466 CURLINFO_LOCAL_PORT (and possibly a few other) fails when TCP Fast Open is
467 enabled.
468
469 See https://github.com/curl/curl/issues/1332 and
470 https://github.com/curl/curl/issues/4296
471
47211.6 test cases sometimes timeout
473
474 Occasionally, one of the tests timeouts. Inexplicably.
475
476 See https://github.com/curl/curl/issues/13350
477
47811.7 CURLOPT_CONNECT_TO does not work for HTTPS proxy
479
480 It is unclear if the same option should even cover the proxy connection or if
481 if requires a separate option.
482
483 See https://github.com/curl/curl/issues/14481
484
48511.8 WinIDN test failures
486
487 Test 165 disabled when built with WinIDN.
488
48912. LDAP
490
49112.1 OpenLDAP hangs after returning results
492
493 By configuration defaults, OpenLDAP automatically chase referrals on
494 secondary socket descriptors. The OpenLDAP backend is asynchronous and thus
495 should monitor all socket descriptors involved. Currently, these secondary
496 descriptors are not monitored, causing OpenLDAP library to never receive
497 data from them.
498
499 As a temporary workaround, disable referrals chasing by configuration.
500
501 The fix is not easy: proper automatic referrals chasing requires a
502 synchronous bind callback and monitoring an arbitrary number of socket
503 descriptors for a single easy handle (currently limited to 5).
504
505 Generic LDAP is synchronous: OK.
506
507 See https://github.com/curl/curl/issues/622 and
508     https://curl.se/mail/lib-2016-01/0101.html
509
51012.2 LDAP on Windows does authentication wrong?
511
512 https://github.com/curl/curl/issues/3116
513
51412.3 LDAP on Windows does not work
515
516 A simple curl command line getting "ldap://ldap.forumsys.com" returns an
517 error that says "no memory" !
518
519 https://github.com/curl/curl/issues/4261
520
52112.4 LDAPS requests to ActiveDirectory server hang
522
523 https://github.com/curl/curl/issues/9580
524
52513. TCP/IP
526
52713.2 Trying local ports fails on Windows
528
529 This makes '--local-port [range]' to not work since curl cannot properly
530 detect if a port is already in use, so it tries the first port, uses that and
531 then subsequently fails anyway if that was actually in use.
532
533 https://github.com/curl/curl/issues/8112
534
53515. CMake
536
53715.1 cmake outputs: no version information available
538
539 Something in the SONAME generation seems to be wrong in the cmake build.
540
541 https://github.com/curl/curl/issues/11158
542
54315.6 uses -lpthread instead of Threads::Threads
544
545 See https://github.com/curl/curl/issues/6166
546
54715.7 generated .pc file contains strange entries
548
549 The Libs.private field of the generated .pc file contains -lgcc -lgcc_s -lc
550 -lgcc -lgcc_s
551
552 See https://github.com/curl/curl/issues/6167
553
55415.13 CMake build with MIT Kerberos does not work
555
556 Minimum CMake version was bumped in curl 7.71.0 (#5358) Since CMake 3.2
557 try_compile started respecting the CMAKE_EXE_FLAGS. The code dealing with
558 MIT Kerberos detection sets few variables to potentially weird mix of space,
559 and ;-separated flags. It had to blow up at some point. All the CMake checks
560 that involve compilation are doomed from that point, the configured tree
561 cannot be built.
562
563 https://github.com/curl/curl/issues/6904
564
56516. aws-sigv4
566
56716.2 aws-sigv4 does not handle multipart/form-data correctly
568
569 https://github.com/curl/curl/issues/13351
570
57116.3 aws-sigv4 has problems with particular URLs
572
573 https://github.com/curl/curl/issues/13058
574
57516.6 aws-sigv4 does not behave well with AWS VPC Lattice
576
577 https://github.com/curl/curl/issues/11007
578
57917. HTTP/2
580
58117.1 HTTP/2 prior knowledge over proxy
582
583 https://github.com/curl/curl/issues/12641
584
58517.2 HTTP/2 frames while in the connection pool kill reuse
586
587 If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to
588 curl while the connection is held in curl's connection pool, the socket is
589 found readable when considered for reuse and that makes curl think it is dead
590 and then it is closed and a new connection gets created instead.
591
592 This is *best* fixed by adding monitoring to connections while they are kept
593 in the pool so that pings can be responded to appropriately.
594
59517.3 ENHANCE_YOUR_CALM causes infinite retries
596
597 Infinite retries with 2 parallel requests on one connection receiving GOAWAY
598 with ENHANCE_YOUR_CALM error code.
599
600 See https://github.com/curl/curl/issues/5119
601
60217.4 HTTP/2 + TLS spends a lot of time in recv
603
604 It has been observered that by making the speed limit less accurate we could
605 improve this performance. (by reverting
606 https://github.com/curl/curl/commit/db5c9f4f9e0779b49624752b135281a0717b277b)
607 Can we find a golden middle ground?
608
609 See https://curl.se/mail/lib-2024-05/0026.html and
610 https://github.com/curl/curl/issues/13416
611
61218. HTTP/3
613
61418.1 connection migration does not work
615
616 https://github.com/curl/curl/issues/7695
617
61818.2 quiche: QUIC connection is draining
619
620 The transfer ends with error "QUIC connection is draining".
621
622 https://github.com/curl/curl/issues/12037
623
62419. RTSP
625
62619.1 Some methods do not support response bodies
627
628 The RTSP implementation is written to assume that a number of RTSP methods
629 always get responses without bodies, even though there seems to be no
630 indication in the RFC that this is always the case.
631
632 https://github.com/curl/curl/issues/12414
633