1 _ _ ____ _ 2 ___| | | | _ \| | 3 / __| | | | |_) | | 4 | (__| |_| | _ <| |___ 5 \___|\___/|_| \_\_____| 6 7 Known Bugs 8 9These are problems and bugs known to exist at the time of this release. Feel 10free to join in and help us correct one or more of these. Also be sure to 11check the changelog of the current development status, as one or more of these 12problems may have been fixed or changed somewhat since this was written. 13 14 1. HTTP 15 1.2 hyper is slow 16 1.5 Expect-100 meets 417 17 18 2. TLS 19 2.1 IMAPS connection fails with rustls error 20 2.3 Unable to use PKCS12 certificate with Secure Transport 21 2.4 Secure Transport will not import PKCS#12 client certificates without a password 22 2.5 Client cert handling with Issuer DN differs between backends 23 2.7 Client cert (MTLS) issues with Schannel 24 2.11 Schannel TLS 1.2 handshake bug in old Windows versions 25 2.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel 26 27 3. Email protocols 28 3.1 IMAP SEARCH ALL truncated response 29 3.2 No disconnect command 30 3.3 POP3 expects "CRLF.CRLF" eob for some single-line responses 31 3.4 AUTH PLAIN for SMTP is not working on all servers 32 3.5 APOP authentication fails on POP3 33 3.6 POP3 issue when reading small chunks 34 35 4. Command line 36 37 5. Build and portability issues 38 5.1 OS400 port requires deprecated IBM library 39 5.2 curl-config --libs contains private details 40 5.3 building for old macOS fails with gcc 41 5.5 cannot handle Unicode arguments in non-Unicode builds on Windows 42 5.6 cygwin: make install installs curl-config.1 twice 43 5.9 Utilize Requires.private directives in libcurl.pc 44 5.11 configure --with-gssapi with Heimdal is ignored on macOS 45 5.12 flaky CI builds 46 5.13 long paths are not fully supported on Windows 47 5.14 Windows Unicode builds use homedir in current locale 48 5.15 Unicode on Windows 49 50 6. Authentication 51 6.1 NTLM authentication and unicode 52 6.2 MIT Kerberos for Windows build 53 6.3 NTLM in system context uses wrong name 54 6.5 NTLM does not support password with § character 55 6.6 libcurl can fail to try alternatives with --proxy-any 56 6.7 Do not clear digest for single realm 57 6.9 SHA-256 digest not supported in Windows SSPI builds 58 6.10 curl never completes Negotiate over HTTP 59 6.11 Negotiate on Windows fails 60 6.12 cannot use Secure Transport with Crypto Token Kit 61 6.13 Negotiate against Hadoop HDFS 62 63 7. FTP 64 7.1 FTP upload fails if remembered dir is deleted 65 7.2 Implicit FTPS upload timeout 66 7.3 FTP with NOBODY and FAILONERROR 67 7.4 FTP with ACCT 68 7.5 FTPS upload, FileZilla, GnuTLS and close_notify 69 7.11 FTPS upload data loss with TLS 1.3 70 7.12 FTPS directory listing hangs on Windows with Schannel 71 72 9. SFTP and SCP 73 9.1 SFTP does not do CURLOPT_POSTQUOTE correct 74 9.2 wolfssh: publickey auth does not work 75 9.3 Remote recursive folder creation with SFTP 76 9.4 libssh blocking and infinite loop problem 77 9.5 cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!" 78 79 10. SOCKS 80 10.3 FTPS over SOCKS 81 82 11. Internals 83 11.2 error buffer not set if connection to multiple addresses fails 84 11.4 HTTP test server 'connection-monitor' problems 85 11.5 Connection information when using TCP Fast Open 86 87 12. LDAP 88 12.1 OpenLDAP hangs after returning results 89 12.2 LDAP on Windows does authentication wrong? 90 12.3 LDAP on Windows does not work 91 12.4 LDAPS requests to ActiveDirectory server hang 92 93 13. TCP/IP 94 13.2 Trying local ports fails on Windows 95 96 15. CMake 97 15.1 cmake outputs: no version information available 98 15.2 support build with GnuTLS 99 15.3 unusable tool_hugehelp.c with MinGW 100 15.6 uses -lpthread instead of Threads::Threads 101 15.7 generated .pc file contains strange entries 102 15.11 ExternalProject_Add does not set CURL_CA_PATH 103 15.13 CMake build with MIT Kerberos does not work 104 105 16. aws-sigv4 106 16.1 aws-sigv4 does not sign requests with * correctly 107 16.6 aws-sigv4 does not behave well with AWS VPC Lattice 108 109 17. HTTP/2 110 17.1 HTTP/2 prior knowledge over proxy 111 17.2 HTTP/2 frames while in the connection pool kill reuse 112 17.3 ENHANCE_YOUR_CALM causes infinite retries 113 114 18. HTTP/3 115 18.1 connection migration does not work 116 117 19. RTSP 118 19.1 Some methods do not support response bodies 119 120============================================================================== 121 1221. HTTP 123 1241.2 hyper is slow 125 126 When curl is built to use hyper for HTTP, it is unnecessary slow. 127 128 https://github.com/curl/curl/issues/11203 129 1301.5 Expect-100 meets 417 131 132 If an upload using Expect: 100-continue receives an HTTP 417 response, it 133 ought to be automatically resent without the Expect:. A workaround is for 134 the client application to redo the transfer after disabling Expect:. 135 https://curl.se/mail/archive-2008-02/0043.html 136 1372. TLS 138 1392.1 IMAPS connection fails with rustls error 140 141 https://github.com/curl/curl/issues/10457 142 1432.3 Unable to use PKCS12 certificate with Secure Transport 144 145 See https://github.com/curl/curl/issues/5403 146 1472.4 Secure Transport will not import PKCS#12 client certificates without a password 148 149 libcurl calls SecPKCS12Import with the PKCS#12 client certificate, but that 150 function rejects certificates that do not have a password. 151 https://github.com/curl/curl/issues/1308 152 1532.5 Client cert handling with Issuer DN differs between backends 154 155 When the specified client certificate does not match any of the 156 server-specified DNs, the OpenSSL and GnuTLS backends behave differently. 157 The github discussion may contain a solution. 158 159 See https://github.com/curl/curl/issues/1411 160 1612.7 Client cert (MTLS) issues with Schannel 162 163 See https://github.com/curl/curl/issues/3145 164 1652.11 Schannel TLS 1.2 handshake bug in old Windows versions 166 167 In old versions of Windows such as 7 and 8.1 the Schannel TLS 1.2 handshake 168 implementation likely has a bug that can rarely cause the key exchange to 169 fail, resulting in error SEC_E_BUFFER_TOO_SMALL or SEC_E_MESSAGE_ALTERED. 170 171 https://github.com/curl/curl/issues/5488 172 1732.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel 174 175 https://github.com/curl/curl/issues/8741 176 1773. Email protocols 178 1793.1 IMAP SEARCH ALL truncated response 180 181 IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the 182 code reveals that pingpong.c contains some truncation code, at line 408, when 183 it deems the server response to be too large truncating it to 40 characters" 184 https://curl.se/bug/view.cgi?id=1366 185 1863.2 No disconnect command 187 188 The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3 and 189 SMTP if a failure occurs during the authentication phase of a connection. 190 1913.3 POP3 expects "CRLF.CRLF" eob for some single-line responses 192 193 You have to tell libcurl not to expect a body, when dealing with one line 194 response commands. Please see the POP3 examples and test cases which show 195 this for the NOOP and DELE commands. https://curl.se/bug/?i=740 196 1973.4 AUTH PLAIN for SMTP is not working on all servers 198 199 Specifying "--login-options AUTH=PLAIN" on the command line does not seem to 200 work correctly. 201 202 See https://github.com/curl/curl/issues/4080 203 2043.5 APOP authentication fails on POP3 205 206 See https://github.com/curl/curl/issues/10073 207 2083.6 POP3 issue when reading small chunks 209 210 CURL_DBG_SOCK_RMAX=4 ./runtests.pl -v 982 211 212 See https://github.com/curl/curl/issues/12063 213 2144. Command line 215 2165. Build and portability issues 217 2185.1 OS400 port requires deprecated IBM library 219 220 curl for OS400 requires QADRT to build, which provides ASCII wrappers for 221 libc/POSIX functions in the ILE, but IBM no longer supports or even offers 222 this library to download. 223 224 See https://github.com/curl/curl/issues/5176 225 2265.2 curl-config --libs contains private details 227 228 "curl-config --libs" will include details set in LDFLAGS when configure is 229 run that might be needed only for building libcurl. Further, curl-config 230 --cflags suffers from the same effects with CFLAGS/CPPFLAGS. 231 2325.3 building for old macOS fails with gcc 233 234 Building curl for certain old macOS versions fails when gcc is used. We 235 command using clang in those cases. 236 237 See https://github.com/curl/curl/issues/11441 238 2395.5 cannot handle Unicode arguments in non-Unicode builds on Windows 240 241 If a URL or filename cannot be encoded using the user's current codepage then 242 it can only be encoded properly in the Unicode character set. Windows uses 243 UTF-16 encoding for Unicode and stores it in wide characters, however curl 244 and libcurl are not equipped for that at the moment except when built with 245 _UNICODE and UNICODE defined. And, except for Cygwin, Windows cannot use UTF-8 246 as a locale. 247 248 https://curl.se/bug/?i=345 249 https://curl.se/bug/?i=731 250 https://curl.se/bug/?i=3747 251 2525.6 cygwin: make install installs curl-config.1 twice 253 254 https://github.com/curl/curl/issues/8839 255 2565.9 Utilize Requires.private directives in libcurl.pc 257 258 https://github.com/curl/curl/issues/864 259 2605.11 configure --with-gssapi with Heimdal is ignored on macOS 261 262 ... unless you also pass --with-gssapi-libs 263 264 https://github.com/curl/curl/issues/3841 265 2665.12 flaky CI builds 267 268 We run many CI builds for each commit and PR on github, and especially a 269 number of the Windows builds are flaky. This means that we rarely get all CI 270 builds go green and complete without errors. This is unfortunate as it makes 271 us sometimes miss actual build problems and it is surprising to newcomers to 272 the project who (rightfully) do not expect this. 273 274 See https://github.com/curl/curl/issues/6972 275 2765.13 long paths are not fully supported on Windows 277 278 curl on Windows cannot access long paths (paths longer than 260 characters). 279 However, as a workaround, the Windows path prefix \\?\ which disables all path 280 interpretation may work to allow curl to access the path. For example: 281 \\?\c:\longpath. 282 283 See https://github.com/curl/curl/issues/8361 284 2855.14 Windows Unicode builds use homedir in current locale 286 287 The Windows Unicode builds of curl use the current locale, but expect Unicode 288 UTF-8 encoded paths for internal use such as open, access and stat. The user's 289 home directory is retrieved via curl_getenv in the current locale and not as 290 UTF-8 encoded Unicode. 291 292 See https://github.com/curl/curl/pull/7252 and 293 https://github.com/curl/curl/pull/7281 294 2955.15 Unicode on Windows 296 297 Passing in a unicode filename with -o: 298 299 https://github.com/curl/curl/issues/11461 300 301 Passing in unicode character with -d: 302 303 https://github.com/curl/curl/issues/12231 304 3056. Authentication 306 3076.1 NTLM authentication and unicode 308 309 NTLM authentication involving unicode user name or password only works 310 properly if built with UNICODE defined together with the Schannel 311 backend. The original problem was mentioned in: 312 https://curl.se/mail/lib-2009-10/0024.html 313 https://curl.se/bug/view.cgi?id=896 314 315 The Schannel version verified to work as mentioned in 316 https://curl.se/mail/lib-2012-07/0073.html 317 3186.2 MIT Kerberos for Windows build 319 320 libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's 321 library header files exporting symbols/macros that should be kept private to 322 the KfW library. See ticket #5601 at https://krbdev.mit.edu/rt/ 323 3246.3 NTLM in system context uses wrong name 325 326 NTLM authentication using SSPI (on Windows) when (lib)curl is running in 327 "system context" will make it use wrong(?) user name - at least when compared 328 to what winhttp does. See https://curl.se/bug/view.cgi?id=535 329 3306.5 NTLM does not support password with § character 331 332 https://github.com/curl/curl/issues/2120 333 3346.6 libcurl can fail to try alternatives with --proxy-any 335 336 When connecting via a proxy using --proxy-any, a failure to establish an 337 authentication will cause libcurl to abort trying other options if the 338 failed method has a higher preference than the alternatives. As an example, 339 --proxy-any against a proxy which advertise Negotiate and NTLM, but which 340 fails to set up Kerberos authentication will not proceed to try authentication 341 using NTLM. 342 343 https://github.com/curl/curl/issues/876 344 3456.7 Do not clear digest for single realm 346 347 https://github.com/curl/curl/issues/3267 348 3496.9 SHA-256 digest not supported in Windows SSPI builds 350 351 Windows builds of curl that have SSPI enabled use the native Windows API calls 352 to create authentication strings. The call to InitializeSecurityContext fails 353 with SEC_E_QOP_NOT_SUPPORTED which causes curl to fail with CURLE_AUTH_ERROR. 354 355 Microsoft does not document supported digest algorithms and that SEC_E error 356 code is not a documented error for InitializeSecurityContext (digest). 357 358 https://github.com/curl/curl/issues/6302 359 3606.10 curl never completes Negotiate over HTTP 361 362 Apparently it is not working correctly...? 363 364 See https://github.com/curl/curl/issues/5235 365 3666.11 Negotiate on Windows fails 367 368 When using --negotiate (or NTLM) with curl on Windows, SSL/TLS handshake 369 fails despite having a valid kerberos ticket cached. Works without any issue 370 in Unix/Linux. 371 372 https://github.com/curl/curl/issues/5881 373 3746.12 cannot use Secure Transport with Crypto Token Kit 375 376 https://github.com/curl/curl/issues/7048 377 3786.13 Negotiate authentication against Hadoop HDFS 379 380 https://github.com/curl/curl/issues/8264 381 3827. FTP 383 3847.1 FTP upload fails if remembered dir is deleted 385 386 curl's FTP code assumes that the directory it entered in a previous transfer 387 still exists when it comes back to do a second transfer, and does not respond 388 well if it was indeed deleted in the mean time. 389 390 https://github.com/curl/curl/issues/12181 391 3927.2 Implicit FTPS upload timeout 393 394 https://github.com/curl/curl/issues/11720 395 3967.3 FTP with NOBODY and FAILONERROR 397 398 It seems sensible to be able to use CURLOPT_NOBODY and CURLOPT_FAILONERROR 399 with FTP to detect if a file exists or not, but it is not working: 400 https://curl.se/mail/lib-2008-07/0295.html 401 4027.4 FTP with ACCT 403 404 When doing an operation over FTP that requires the ACCT command (but not when 405 logging in), the operation will fail since libcurl does not detect this and 406 thus fails to issue the correct command: 407 https://curl.se/bug/view.cgi?id=635 408 4097.5 FTPS upload, FileZilla, GnuTLS and close_notify 410 411 An issue where curl does not send the TLS alert close_notify, which triggers 412 the wrath of GnuTLS in FileZilla server, and a FTP reply 426 ECONNABORTED. 413 414 https://github.com/curl/curl/issues/11383 415 4167.11 FTPS upload data loss with TLS 1.3 417 418 During FTPS upload curl does not attempt to read TLS handshake messages sent 419 after the initial handshake. OpenSSL servers running TLS 1.3 may send such a 420 message. When curl closes the upload connection if unread data has been 421 received (such as a TLS handshake message) then the TCP protocol sends an 422 RST to the server, which may cause the server to discard or truncate the 423 upload if it has not read all sent data yet, and then return an error to curl 424 on the control channel connection. 425 426 Since 7.78.0 this is mostly fixed. curl will do a single read before closing 427 TLS connections (which causes the TLS library to read handshake messages), 428 however there is still possibility of an RST if more messages need to be read 429 or a message arrives after the read but before close (network race condition). 430 431 https://github.com/curl/curl/issues/6149 432 4337.12 FTPS server compatibility on Windows with Schannel 434 435 FTPS is not widely used with the Schannel TLS backend and so there may be more 436 bugs compared to other TLS backends such as OpenSSL. In the past users have 437 reported hanging and failed connections. It's very likely some changes to curl 438 since then fixed the issues. None of the reported issues can be reproduced any 439 longer. 440 441 If you encounter an issue connecting to your server via FTPS with the latest 442 curl and Schannel then please search for open issues or file a new issue. 443 4449. SFTP and SCP 445 4469.1 SFTP does not do CURLOPT_POSTQUOTE correct 447 448 When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP server 449 using the multi interface, the commands are not being sent correctly and 450 instead the connection is "cancelled" (the operation is considered done) 451 prematurely. There is a half-baked (busy-looping) patch provided in the bug 452 report but it cannot be accepted as-is. See 453 https://curl.se/bug/view.cgi?id=748 454 4559.2 wolfssh: publickey auth does not work 456 457 When building curl to use the wolfSSH backend for SFTP, the publickey 458 authentication does not work. This is simply functionality not written for curl 459 yet, the necessary API for make this work is provided by wolfSSH. 460 461 See https://github.com/curl/curl/issues/4820 462 4639.3 Remote recursive folder creation with SFTP 464 465 On this servers, the curl fails to create directories on the remote server 466 even when the CURLOPT_FTP_CREATE_MISSING_DIRS option is set. 467 468 See https://github.com/curl/curl/issues/5204 469 4709.4 libssh blocking and infinite loop problem 471 472 In the SSH_SFTP_INIT state for libssh, the ssh session working mode is set to 473 blocking mode. If the network is suddenly disconnected during sftp 474 transmission, curl will be stuck, even if curl is configured with a timeout. 475 476 https://github.com/curl/curl/issues/8632 477 4789.5 cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!" 479 480 Running SCP and SFTP tests on cygwin makes this warning message appear. 481 482 https://github.com/curl/curl/issues/11244 483 48410. SOCKS 485 48610.3 FTPS over SOCKS 487 488 libcurl does not support FTPS over a SOCKS proxy. 489 490 49111. Internals 492 49311.2 error buffer not set if connection to multiple addresses fails 494 495 If you ask libcurl to resolve a hostname like example.com to IPv6 addresses 496 only. But you only have IPv4 connectivity. libcurl will correctly fail with 497 CURLE_COULDNT_CONNECT. But the error buffer set by CURLOPT_ERRORBUFFER 498 remains empty. Issue: https://github.com/curl/curl/issues/544 499 50011.4 HTTP test server 'connection-monitor' problems 501 502 The 'connection-monitor' feature of the sws HTTP test server does not work 503 properly if some tests are run in unexpected order. Like 1509 and then 1525. 504 505 See https://github.com/curl/curl/issues/868 506 50711.5 Connection information when using TCP Fast Open 508 509 CURLINFO_LOCAL_PORT (and possibly a few other) fails when TCP Fast Open is 510 enabled. 511 512 See https://github.com/curl/curl/issues/1332 and 513 https://github.com/curl/curl/issues/4296 514 51512. LDAP 516 51712.1 OpenLDAP hangs after returning results 518 519 By configuration defaults, OpenLDAP automatically chase referrals on 520 secondary socket descriptors. The OpenLDAP backend is asynchronous and thus 521 should monitor all socket descriptors involved. Currently, these secondary 522 descriptors are not monitored, causing OpenLDAP library to never receive 523 data from them. 524 525 As a temporary workaround, disable referrals chasing by configuration. 526 527 The fix is not easy: proper automatic referrals chasing requires a 528 synchronous bind callback and monitoring an arbitrary number of socket 529 descriptors for a single easy handle (currently limited to 5). 530 531 Generic LDAP is synchronous: OK. 532 533 See https://github.com/curl/curl/issues/622 and 534 https://curl.se/mail/lib-2016-01/0101.html 535 53612.2 LDAP on Windows does authentication wrong? 537 538 https://github.com/curl/curl/issues/3116 539 54012.3 LDAP on Windows does not work 541 542 A simple curl command line getting "ldap://ldap.forumsys.com" returns an 543 error that says "no memory" ! 544 545 https://github.com/curl/curl/issues/4261 546 54712.4 LDAPS requests to ActiveDirectory server hang 548 549 https://github.com/curl/curl/issues/9580 550 55113. TCP/IP 552 55313.2 Trying local ports fails on Windows 554 555 This makes '--local-port [range]' to not work since curl cannot properly 556 detect if a port is already in use, so it will try the first port, use that and 557 then subsequently fail anyway if that was actually in use. 558 559 https://github.com/curl/curl/issues/8112 560 56115. CMake 562 56315.1 cmake outputs: no version information available 564 565 Something in the SONAME generation seems to be wrong in the cmake build. 566 567 https://github.com/curl/curl/issues/11158 568 56915.2 support build with GnuTLS 570 57115.3 unusable tool_hugehelp.c with MinGW 572 573 see https://github.com/curl/curl/issues/3125 574 57515.6 uses -lpthread instead of Threads::Threads 576 577 See https://github.com/curl/curl/issues/6166 578 57915.7 generated .pc file contains strange entries 580 581 The Libs.private field of the generated .pc file contains -lgcc -lgcc_s -lc 582 -lgcc -lgcc_s 583 584 See https://github.com/curl/curl/issues/6167 585 58615.11 ExternalProject_Add does not set CURL_CA_PATH 587 588 CURL_CA_BUNDLE and CURL_CA_PATH are not set properly when cmake's 589 ExternalProject_Add is used to build curl as a dependency. 590 591 See https://github.com/curl/curl/issues/6313 592 59315.13 CMake build with MIT Kerberos does not work 594 595 Minimum CMake version was bumped in curl 7.71.0 (#5358) Since CMake 3.2 596 try_compile started respecting the CMAKE_EXE_FLAGS. The code dealing with 597 MIT Kerberos detection sets few variables to potentially weird mix of space, 598 and ;-separated flags. It had to blow up at some point. All the CMake checks 599 that involve compilation are doomed from that point, the configured tree 600 cannot be built. 601 602 https://github.com/curl/curl/issues/6904 603 60416. aws-sigv4 605 60616.1 aws-sigv4 does not sign requests with * correctly 607 608 https://github.com/curl/curl/issues/7559 609 61016.6 aws-sigv4 does not behave well with AWS VPC Lattice 611 612 https://github.com/curl/curl/issues/11007 613 61417. HTTP/2 615 61617.1 HTTP/2 prior knowledge over proxy 617 618 https://github.com/curl/curl/issues/12641 619 62017.2 HTTP/2 frames while in the connection pool kill reuse 621 622 If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to 623 curl while the connection is held in curl's connection pool, the socket will 624 be found readable when considered for reuse and that makes curl think it is 625 dead and then it will be closed and a new connection gets created instead. 626 627 This is *best* fixed by adding monitoring to connections while they are kept 628 in the pool so that pings can be responded to appropriately. 629 63017.3 ENHANCE_YOUR_CALM causes infinite retries 631 632 Infinite retries with 2 parallel requests on one connection receiving GOAWAY 633 with ENHANCE_YOUR_CALM error code. 634 635 See https://github.com/curl/curl/issues/5119 636 63718. HTTP/3 638 63918.1 connection migration does not work 640 641 https://github.com/curl/curl/issues/7695 642 64319. RTSP 644 64519.1 Some methods do not support response bodies 646 647 The RTSP implementation is written to assume that a number of RTSP methods 648 will always get responses without bodies, even though there seems to be no 649 indication in the RFC that this is always the case. 650 651 https://github.com/curl/curl/issues/12414 652