xref: /curl/docs/KNOWN_BUGS (revision cf3b60e9) 
1                                  _   _ ____  _
2                              ___| | | |  _ \| |
3                             / __| | | | |_) | |
4                            | (__| |_| |  _ <| |___
5                             \___|\___/|_| \_\_____|
6
7                                  Known Bugs
8
9These are problems and bugs known to exist at the time of this release. Feel
10free to join in and help us correct one or more of these. Also be sure to
11check the changelog of the current development status, as one or more of these
12problems may have been fixed or changed somewhat since this was written.
13
14 1. HTTP
15 1.2 hyper is slow
16 1.5 Expect-100 meets 417
17
18 2. TLS
19 2.1 IMAPS connection fails with rustls error
20 2.3 Unable to use PKCS12 certificate with Secure Transport
21 2.4 Secure Transport will not import PKCS#12 client certificates without a password
22 2.5 Client cert handling with Issuer DN differs between backends
23 2.7 Client cert (MTLS) issues with Schannel
24 2.11 Schannel TLS 1.2 handshake bug in old Windows versions
25 2.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
26
27 3. Email protocols
28 3.1 IMAP SEARCH ALL truncated response
29 3.2 No disconnect command
30 3.3 POP3 expects "CRLF.CRLF" eob for some single-line responses
31 3.4 AUTH PLAIN for SMTP is not working on all servers
32 3.5 APOP authentication fails on POP3
33 3.6 POP3 issue when reading small chunks
34
35 4. Command line
36
37 5. Build and portability issues
38 5.1 OS400 port requires deprecated IBM library
39 5.2 curl-config --libs contains private details
40 5.3 building for old macOS fails with gcc
41 5.5 cannot handle Unicode arguments in non-Unicode builds on Windows
42 5.6 cygwin: make install installs curl-config.1 twice
43 5.9 Utilize Requires.private directives in libcurl.pc
44 5.11 configure --with-gssapi with Heimdal is ignored on macOS
45 5.12 flaky CI builds
46 5.13 long paths are not fully supported on Windows
47 5.14 Windows Unicode builds use homedir in current locale
48 5.15 Unicode on Windows
49
50 6. Authentication
51 6.1 NTLM authentication and unicode
52 6.2 MIT Kerberos for Windows build
53 6.3 NTLM in system context uses wrong name
54 6.5 NTLM does not support password with § character
55 6.6 libcurl can fail to try alternatives with --proxy-any
56 6.7 Do not clear digest for single realm
57 6.9 SHA-256 digest not supported in Windows SSPI builds
58 6.10 curl never completes Negotiate over HTTP
59 6.11 Negotiate on Windows fails
60 6.12 cannot use Secure Transport with Crypto Token Kit
61 6.13 Negotiate against Hadoop HDFS
62
63 7. FTP
64 7.1 FTP upload fails if remembered dir is deleted
65 7.2 Implicit FTPS upload timeout
66 7.3 FTP with NOBODY and FAILONERROR
67 7.4 FTP with ACCT
68 7.5 FTPS upload, FileZilla, GnuTLS and close_notify
69 7.11 FTPS upload data loss with TLS 1.3
70 7.12 FTPS directory listing hangs on Windows with Schannel
71
72 9. SFTP and SCP
73 9.1 SFTP does not do CURLOPT_POSTQUOTE correct
74 9.2 wolfssh: publickey auth does not work
75 9.3 Remote recursive folder creation with SFTP
76 9.4 libssh blocking and infinite loop problem
77 9.5 cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"
78
79 10. SOCKS
80 10.3 FTPS over SOCKS
81
82 11. Internals
83 11.2 error buffer not set if connection to multiple addresses fails
84 11.4 HTTP test server 'connection-monitor' problems
85 11.5 Connection information when using TCP Fast Open
86
87 12. LDAP
88 12.1 OpenLDAP hangs after returning results
89 12.2 LDAP on Windows does authentication wrong?
90 12.3 LDAP on Windows does not work
91 12.4 LDAPS requests to ActiveDirectory server hang
92
93 13. TCP/IP
94 13.2 Trying local ports fails on Windows
95
96 15. CMake
97 15.1 cmake outputs: no version information available
98 15.2 support build with GnuTLS
99 15.3 unusable tool_hugehelp.c with MinGW
100 15.6 uses -lpthread instead of Threads::Threads
101 15.7 generated .pc file contains strange entries
102 15.11 ExternalProject_Add does not set CURL_CA_PATH
103 15.13 CMake build with MIT Kerberos does not work
104
105 16. aws-sigv4
106 16.1 aws-sigv4 does not sign requests with * correctly
107 16.6 aws-sigv4 does not behave well with AWS VPC Lattice
108
109 17. HTTP/2
110 17.1 HTTP/2 prior knowledge over proxy
111 17.2 HTTP/2 frames while in the connection pool kill reuse
112 17.3 ENHANCE_YOUR_CALM causes infinite retries
113
114 18. HTTP/3
115 18.1 connection migration does not work
116
117 19. RTSP
118 19.1 Some methods do not support response bodies
119
120==============================================================================
121
1221. HTTP
123
1241.2 hyper is slow
125
126 When curl is built to use hyper for HTTP, it is unnecessary slow.
127
128 https://github.com/curl/curl/issues/11203
129
1301.5 Expect-100 meets 417
131
132 If an upload using Expect: 100-continue receives an HTTP 417 response, it
133 ought to be automatically resent without the Expect:. A workaround is for
134 the client application to redo the transfer after disabling Expect:.
135 https://curl.se/mail/archive-2008-02/0043.html
136
1372. TLS
138
1392.1 IMAPS connection fails with rustls error
140
141 https://github.com/curl/curl/issues/10457
142
1432.3 Unable to use PKCS12 certificate with Secure Transport
144
145 See https://github.com/curl/curl/issues/5403
146
1472.4 Secure Transport will not import PKCS#12 client certificates without a password
148
149 libcurl calls SecPKCS12Import with the PKCS#12 client certificate, but that
150 function rejects certificates that do not have a password.
151 https://github.com/curl/curl/issues/1308
152
1532.5 Client cert handling with Issuer DN differs between backends
154
155 When the specified client certificate does not match any of the
156 server-specified DNs, the OpenSSL and GnuTLS backends behave differently.
157 The github discussion may contain a solution.
158
159 See https://github.com/curl/curl/issues/1411
160
1612.7 Client cert (MTLS) issues with Schannel
162
163 See https://github.com/curl/curl/issues/3145
164
1652.11 Schannel TLS 1.2 handshake bug in old Windows versions
166
167 In old versions of Windows such as 7 and 8.1 the Schannel TLS 1.2 handshake
168 implementation likely has a bug that can rarely cause the key exchange to
169 fail, resulting in error SEC_E_BUFFER_TOO_SMALL or SEC_E_MESSAGE_ALTERED.
170
171 https://github.com/curl/curl/issues/5488
172
1732.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
174
175 https://github.com/curl/curl/issues/8741
176
1773. Email protocols
178
1793.1 IMAP SEARCH ALL truncated response
180
181 IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the
182 code reveals that pingpong.c contains some truncation code, at line 408, when
183 it deems the server response to be too large truncating it to 40 characters"
184 https://curl.se/bug/view.cgi?id=1366
185
1863.2 No disconnect command
187
188 The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3 and
189 SMTP if a failure occurs during the authentication phase of a connection.
190
1913.3 POP3 expects "CRLF.CRLF" eob for some single-line responses
192
193 You have to tell libcurl not to expect a body, when dealing with one line
194 response commands. Please see the POP3 examples and test cases which show
195 this for the NOOP and DELE commands. https://curl.se/bug/?i=740
196
1973.4 AUTH PLAIN for SMTP is not working on all servers
198
199 Specifying "--login-options AUTH=PLAIN" on the command line does not seem to
200 work correctly.
201
202 See https://github.com/curl/curl/issues/4080
203
2043.5 APOP authentication fails on POP3
205
206 See https://github.com/curl/curl/issues/10073
207
2083.6 POP3 issue when reading small chunks
209
210 CURL_DBG_SOCK_RMAX=4 ./runtests.pl -v 982
211
212 See https://github.com/curl/curl/issues/12063
213
2144. Command line
215
2165. Build and portability issues
217
2185.1 OS400 port requires deprecated IBM library
219
220 curl for OS400 requires QADRT to build, which provides ASCII wrappers for
221 libc/POSIX functions in the ILE, but IBM no longer supports or even offers
222 this library to download.
223
224 See https://github.com/curl/curl/issues/5176
225
2265.2 curl-config --libs contains private details
227
228 "curl-config --libs" will include details set in LDFLAGS when configure is
229 run that might be needed only for building libcurl. Further, curl-config
230 --cflags suffers from the same effects with CFLAGS/CPPFLAGS.
231
2325.3 building for old macOS fails with gcc
233
234 Building curl for certain old macOS versions fails when gcc is used. We
235 command using clang in those cases.
236
237 See https://github.com/curl/curl/issues/11441
238
2395.5 cannot handle Unicode arguments in non-Unicode builds on Windows
240
241 If a URL or filename cannot be encoded using the user's current codepage then
242 it can only be encoded properly in the Unicode character set. Windows uses
243 UTF-16 encoding for Unicode and stores it in wide characters, however curl
244 and libcurl are not equipped for that at the moment except when built with
245 _UNICODE and UNICODE defined. And, except for Cygwin, Windows cannot use UTF-8
246 as a locale.
247
248  https://curl.se/bug/?i=345
249  https://curl.se/bug/?i=731
250  https://curl.se/bug/?i=3747
251
2525.6 cygwin: make install installs curl-config.1 twice
253
254 https://github.com/curl/curl/issues/8839
255
2565.9 Utilize Requires.private directives in libcurl.pc
257
258 https://github.com/curl/curl/issues/864
259
2605.11 configure --with-gssapi with Heimdal is ignored on macOS
261
262 ... unless you also pass --with-gssapi-libs
263
264 https://github.com/curl/curl/issues/3841
265
2665.12 flaky CI builds
267
268 We run many CI builds for each commit and PR on github, and especially a
269 number of the Windows builds are flaky. This means that we rarely get all CI
270 builds go green and complete without errors. This is unfortunate as it makes
271 us sometimes miss actual build problems and it is surprising to newcomers to
272 the project who (rightfully) do not expect this.
273
274 See https://github.com/curl/curl/issues/6972
275
2765.13 long paths are not fully supported on Windows
277
278 curl on Windows cannot access long paths (paths longer than 260 characters).
279 However, as a workaround, the Windows path prefix \\?\ which disables all path
280 interpretation may work to allow curl to access the path. For example:
281 \\?\c:\longpath.
282
283 See https://github.com/curl/curl/issues/8361
284
2855.14 Windows Unicode builds use homedir in current locale
286
287 The Windows Unicode builds of curl use the current locale, but expect Unicode
288 UTF-8 encoded paths for internal use such as open, access and stat. The user's
289 home directory is retrieved via curl_getenv in the current locale and not as
290 UTF-8 encoded Unicode.
291
292 See https://github.com/curl/curl/pull/7252 and
293     https://github.com/curl/curl/pull/7281
294
2955.15 Unicode on Windows
296
297 Passing in a unicode filename with -o:
298
299 https://github.com/curl/curl/issues/11461
300
301 Passing in unicode character with -d:
302
303 https://github.com/curl/curl/issues/12231
304
3056. Authentication
306
3076.1 NTLM authentication and unicode
308
309 NTLM authentication involving unicode user name or password only works
310 properly if built with UNICODE defined together with the Schannel
311 backend. The original problem was mentioned in:
312 https://curl.se/mail/lib-2009-10/0024.html
313 https://curl.se/bug/view.cgi?id=896
314
315 The Schannel version verified to work as mentioned in
316 https://curl.se/mail/lib-2012-07/0073.html
317
3186.2 MIT Kerberos for Windows build
319
320 libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's
321 library header files exporting symbols/macros that should be kept private to
322 the KfW library. See ticket #5601 at https://krbdev.mit.edu/rt/
323
3246.3 NTLM in system context uses wrong name
325
326 NTLM authentication using SSPI (on Windows) when (lib)curl is running in
327 "system context" will make it use wrong(?) user name - at least when compared
328 to what winhttp does. See https://curl.se/bug/view.cgi?id=535
329
3306.5 NTLM does not support password with § character
331
332 https://github.com/curl/curl/issues/2120
333
3346.6 libcurl can fail to try alternatives with --proxy-any
335
336 When connecting via a proxy using --proxy-any, a failure to establish an
337 authentication will cause libcurl to abort trying other options if the
338 failed method has a higher preference than the alternatives. As an example,
339 --proxy-any against a proxy which advertise Negotiate and NTLM, but which
340 fails to set up Kerberos authentication will not proceed to try authentication
341 using NTLM.
342
343 https://github.com/curl/curl/issues/876
344
3456.7 Do not clear digest for single realm
346
347 https://github.com/curl/curl/issues/3267
348
3496.9 SHA-256 digest not supported in Windows SSPI builds
350
351 Windows builds of curl that have SSPI enabled use the native Windows API calls
352 to create authentication strings. The call to InitializeSecurityContext fails
353 with SEC_E_QOP_NOT_SUPPORTED which causes curl to fail with CURLE_AUTH_ERROR.
354
355 Microsoft does not document supported digest algorithms and that SEC_E error
356 code is not a documented error for InitializeSecurityContext (digest).
357
358 https://github.com/curl/curl/issues/6302
359
3606.10 curl never completes Negotiate over HTTP
361
362 Apparently it is not working correctly...?
363
364 See https://github.com/curl/curl/issues/5235
365
3666.11 Negotiate on Windows fails
367
368 When using --negotiate (or NTLM) with curl on Windows, SSL/TLS handshake
369 fails despite having a valid kerberos ticket cached. Works without any issue
370 in Unix/Linux.
371
372 https://github.com/curl/curl/issues/5881
373
3746.12 cannot use Secure Transport with Crypto Token Kit
375
376 https://github.com/curl/curl/issues/7048
377
3786.13 Negotiate authentication against Hadoop HDFS
379
380 https://github.com/curl/curl/issues/8264
381
3827. FTP
383
3847.1 FTP upload fails if remembered dir is deleted
385
386 curl's FTP code assumes that the directory it entered in a previous transfer
387 still exists when it comes back to do a second transfer, and does not respond
388 well if it was indeed deleted in the mean time.
389
390 https://github.com/curl/curl/issues/12181
391
3927.2 Implicit FTPS upload timeout
393
394 https://github.com/curl/curl/issues/11720
395
3967.3 FTP with NOBODY and FAILONERROR
397
398 It seems sensible to be able to use CURLOPT_NOBODY and CURLOPT_FAILONERROR
399 with FTP to detect if a file exists or not, but it is not working:
400 https://curl.se/mail/lib-2008-07/0295.html
401
4027.4 FTP with ACCT
403
404 When doing an operation over FTP that requires the ACCT command (but not when
405 logging in), the operation will fail since libcurl does not detect this and
406 thus fails to issue the correct command:
407 https://curl.se/bug/view.cgi?id=635
408
4097.5 FTPS upload, FileZilla, GnuTLS and close_notify
410
411 An issue where curl does not send the TLS alert close_notify, which triggers
412 the wrath of GnuTLS in FileZilla server, and a FTP reply 426 ECONNABORTED.
413
414 https://github.com/curl/curl/issues/11383
415
4167.11 FTPS upload data loss with TLS 1.3
417
418 During FTPS upload curl does not attempt to read TLS handshake messages sent
419 after the initial handshake. OpenSSL servers running TLS 1.3 may send such a
420 message. When curl closes the upload connection if unread data has been
421 received (such as a TLS handshake message) then the TCP protocol sends an
422 RST to the server, which may cause the server to discard or truncate the
423 upload if it has not read all sent data yet, and then return an error to curl
424 on the control channel connection.
425
426 Since 7.78.0 this is mostly fixed. curl will do a single read before closing
427 TLS connections (which causes the TLS library to read handshake messages),
428 however there is still possibility of an RST if more messages need to be read
429 or a message arrives after the read but before close (network race condition).
430
431 https://github.com/curl/curl/issues/6149
432
4337.12 FTPS server compatibility on Windows with Schannel
434
435 FTPS is not widely used with the Schannel TLS backend and so there may be more
436 bugs compared to other TLS backends such as OpenSSL. In the past users have
437 reported hanging and failed connections. It's very likely some changes to curl
438 since then fixed the issues. None of the reported issues can be reproduced any
439 longer.
440
441 If you encounter an issue connecting to your server via FTPS with the latest
442 curl and Schannel then please search for open issues or file a new issue.
443
4449. SFTP and SCP
445
4469.1 SFTP does not do CURLOPT_POSTQUOTE correct
447
448 When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP server
449 using the multi interface, the commands are not being sent correctly and
450 instead the connection is "cancelled" (the operation is considered done)
451 prematurely. There is a half-baked (busy-looping) patch provided in the bug
452 report but it cannot be accepted as-is. See
453 https://curl.se/bug/view.cgi?id=748
454
4559.2 wolfssh: publickey auth does not work
456
457 When building curl to use the wolfSSH backend for SFTP, the publickey
458 authentication does not work. This is simply functionality not written for curl
459 yet, the necessary API for make this work is provided by wolfSSH.
460
461 See https://github.com/curl/curl/issues/4820
462
4639.3 Remote recursive folder creation with SFTP
464
465 On this servers, the curl fails to create directories on the remote server
466 even when the CURLOPT_FTP_CREATE_MISSING_DIRS option is set.
467
468 See https://github.com/curl/curl/issues/5204
469
4709.4 libssh blocking and infinite loop problem
471
472 In the SSH_SFTP_INIT state for libssh, the ssh session working mode is set to
473 blocking mode. If the network is suddenly disconnected during sftp
474 transmission, curl will be stuck, even if curl is configured with a timeout.
475
476 https://github.com/curl/curl/issues/8632
477
4789.5 cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"
479
480 Running SCP and SFTP tests on cygwin makes this warning message appear.
481
482 https://github.com/curl/curl/issues/11244
483
48410. SOCKS
485
48610.3 FTPS over SOCKS
487
488 libcurl does not support FTPS over a SOCKS proxy.
489
490
49111. Internals
492
49311.2 error buffer not set if connection to multiple addresses fails
494
495 If you ask libcurl to resolve a hostname like example.com to IPv6 addresses
496 only. But you only have IPv4 connectivity. libcurl will correctly fail with
497 CURLE_COULDNT_CONNECT. But the error buffer set by CURLOPT_ERRORBUFFER
498 remains empty. Issue: https://github.com/curl/curl/issues/544
499
50011.4 HTTP test server 'connection-monitor' problems
501
502 The 'connection-monitor' feature of the sws HTTP test server does not work
503 properly if some tests are run in unexpected order. Like 1509 and then 1525.
504
505 See https://github.com/curl/curl/issues/868
506
50711.5 Connection information when using TCP Fast Open
508
509 CURLINFO_LOCAL_PORT (and possibly a few other) fails when TCP Fast Open is
510 enabled.
511
512 See https://github.com/curl/curl/issues/1332 and
513 https://github.com/curl/curl/issues/4296
514
51512. LDAP
516
51712.1 OpenLDAP hangs after returning results
518
519 By configuration defaults, OpenLDAP automatically chase referrals on
520 secondary socket descriptors. The OpenLDAP backend is asynchronous and thus
521 should monitor all socket descriptors involved. Currently, these secondary
522 descriptors are not monitored, causing OpenLDAP library to never receive
523 data from them.
524
525 As a temporary workaround, disable referrals chasing by configuration.
526
527 The fix is not easy: proper automatic referrals chasing requires a
528 synchronous bind callback and monitoring an arbitrary number of socket
529 descriptors for a single easy handle (currently limited to 5).
530
531 Generic LDAP is synchronous: OK.
532
533 See https://github.com/curl/curl/issues/622 and
534     https://curl.se/mail/lib-2016-01/0101.html
535
53612.2 LDAP on Windows does authentication wrong?
537
538 https://github.com/curl/curl/issues/3116
539
54012.3 LDAP on Windows does not work
541
542 A simple curl command line getting "ldap://ldap.forumsys.com" returns an
543 error that says "no memory" !
544
545 https://github.com/curl/curl/issues/4261
546
54712.4 LDAPS requests to ActiveDirectory server hang
548
549 https://github.com/curl/curl/issues/9580
550
55113. TCP/IP
552
55313.2 Trying local ports fails on Windows
554
555 This makes '--local-port [range]' to not work since curl cannot properly
556 detect if a port is already in use, so it will try the first port, use that and
557 then subsequently fail anyway if that was actually in use.
558
559 https://github.com/curl/curl/issues/8112
560
56115. CMake
562
56315.1 cmake outputs: no version information available
564
565 Something in the SONAME generation seems to be wrong in the cmake build.
566
567 https://github.com/curl/curl/issues/11158
568
56915.2 support build with GnuTLS
570
57115.3 unusable tool_hugehelp.c with MinGW
572
573 see https://github.com/curl/curl/issues/3125
574
57515.6 uses -lpthread instead of Threads::Threads
576
577 See https://github.com/curl/curl/issues/6166
578
57915.7 generated .pc file contains strange entries
580
581 The Libs.private field of the generated .pc file contains -lgcc -lgcc_s -lc
582 -lgcc -lgcc_s
583
584 See https://github.com/curl/curl/issues/6167
585
58615.11 ExternalProject_Add does not set CURL_CA_PATH
587
588 CURL_CA_BUNDLE and CURL_CA_PATH are not set properly when cmake's
589 ExternalProject_Add is used to build curl as a dependency.
590
591 See https://github.com/curl/curl/issues/6313
592
59315.13 CMake build with MIT Kerberos does not work
594
595 Minimum CMake version was bumped in curl 7.71.0 (#5358) Since CMake 3.2
596 try_compile started respecting the CMAKE_EXE_FLAGS. The code dealing with
597 MIT Kerberos detection sets few variables to potentially weird mix of space,
598 and ;-separated flags. It had to blow up at some point. All the CMake checks
599 that involve compilation are doomed from that point, the configured tree
600 cannot be built.
601
602 https://github.com/curl/curl/issues/6904
603
60416. aws-sigv4
605
60616.1 aws-sigv4 does not sign requests with * correctly
607
608 https://github.com/curl/curl/issues/7559
609
61016.6 aws-sigv4 does not behave well with AWS VPC Lattice
611
612 https://github.com/curl/curl/issues/11007
613
61417. HTTP/2
615
61617.1 HTTP/2 prior knowledge over proxy
617
618 https://github.com/curl/curl/issues/12641
619
62017.2 HTTP/2 frames while in the connection pool kill reuse
621
622 If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to
623 curl while the connection is held in curl's connection pool, the socket will
624 be found readable when considered for reuse and that makes curl think it is
625 dead and then it will be closed and a new connection gets created instead.
626
627 This is *best* fixed by adding monitoring to connections while they are kept
628 in the pool so that pings can be responded to appropriately.
629
63017.3 ENHANCE_YOUR_CALM causes infinite retries
631
632 Infinite retries with 2 parallel requests on one connection receiving GOAWAY
633 with ENHANCE_YOUR_CALM error code.
634
635 See https://github.com/curl/curl/issues/5119
636
63718. HTTP/3
638
63918.1 connection migration does not work
640
641 https://github.com/curl/curl/issues/7695
642
64319. RTSP
644
64519.1 Some methods do not support response bodies
646
647 The RTSP implementation is written to assume that a number of RTSP methods
648 will always get responses without bodies, even though there seems to be no
649 indication in the RFC that this is always the case.
650
651 https://github.com/curl/curl/issues/12414
652