This flow extracted the wrong code (sftp code instead of ssh code), and
the code is sometimes (erroneously) returned as zero anyway, so skip
getting it and set a generic error.
Reported-by: David McLaughlin
Fixes#9737Closes#9740
`lib/config-win32.h` enables this configuration option unconditionally.
Make it apply to CMake builds as well.
While here, delete a broken check for
`HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID` from `CMakeLists.txt`. This came with
the initial commit [1], but did not include the actual verification code
inside `CMake/CurlTests.c`, so it always failed. A later commit [2]
added a second test, for non-Windows platforms.
Enabling this flag causes test 1056 to fail with CMake builds, as they
do with autotools builds. Let's apply the same solution and ignore the
results here as well.
[1] 4c5307b456
[2] aec7c5a87c
Reviewed-by: Daniel Stenberg
Assisted-by: Marcel Raad
Closes#9726
autotools enables this configuration option unconditionally for Windows
[^1]. Do the same in CMake.
The above will make this work for all reasonably recent environments.
The logic present in `lib/config-win32.h` [^2] has the following
exceptions which we did not cover in this CMake update:
- Builds targeting Windows 2000 and earlier
- MS Visual C++ 5.0 (1997) and earlier
Also make sure to disable this feature when `HAVE_GETADDRINFO` isn't
set, to avoid a broken build. We might want to handle that in the C
sources in a future commit.
[^1]: 68fa9bf3f5/m4/curl-functions.m4 (L2067-L2070)
[^2]: 68fa9bf3f5/lib/config-win32.h (L511-L528)Closes#9727
`HAVE_SIGNAL` means the availability of the `signal()` function in
autotools, while in CMake it meant the availability of that function
_and_ the symbol `SIGALRM`.
The latter is not available on Windows, but the function is, which means
on Windows, autotools did define `HAVE_SIGNAL`, but CMake did not,
introducing a slight difference into the binaries.
This patch syncs CMake behaviour with autotools to look for the function
only.
The logic came with the initial commit adding CMake support to curl, so
the commit history doesn't reveal the reason behind it. In any case,
it's best to check the existence of `SIGALRM` directly in the source
before use. For now, curl builds fine with `HAVE_SIGNAL` enabled and
`SIGALRM` missing.
Follow-up to 68fa9bf3f5Closes#9725
A custom `HAVE_GETADDRINFO` check came with the initial CMake commit
[1]. A later commit [2] added a standard check for it as well. The
standard check run before the custom one, so CMake ignored the latter.
The custom check was also non-portable, so this patch deletes it in
favor of the standard check.
[1] 4c5307b456
[2] aec7c5a87cCloses#9731
TABs in name and content seem allowed by RFC 6265: "the algorithm strips
leading and trailing whitespace from the cookie name and value (but
maintains internal whitespace)"
Cookies with TABs in the names are rejected by Firefox and Chrome.
TABs in content are stripped out by Firefox, while Chrome discards the
whole cookie.
TABs in cookies also cause issues in saved netscape cookie files.
Reported-by: Trail of Bits
URL: https://curl.se/mail/lib-2022-10/0032.html
URL: https://github.com/httpwg/http-extensions/issues/2262Closes#9659
1 - consider the transfer handled at once when in the function, to avoid
the same list entry to get added more than once in rare error
situations
2 - set the ERRORBUFFER for the handle first after it has been added
successfully
Reported-by: Trail of Bits
Closes#9729
When the user name is provided in the URL it is URL encoded there, but
when used for authentication the encoded version should be used.
Regression introduced after 7.83.0
Reported-by: Jonas Haag
Fixes#9709Closes#9715
The goal is to add any flag that affect the created binary, to get in
sync with the ones built with CMake and autotools.
I took these flags from curl-for-win [0], where they've been tested with
mingw-w64 and proven to work well.
This patch brings them to curl as follows:
- Enable unconditionally those force-enabled via
`CMake/WindowsCache.cmake`:
- `HAVE_SETJMP_H`
- `HAVE_STRING_H`
- `HAVE_SIGNAL` (CMake equivalent is `HAVE_SIGNAL_FUNC`)
- Expand existing guards with mingw-w64:
- `HAVE_STDBOOL_H`
- `HAVE_BOOL_T`
- Enable Win32 API functions for Windows Vista and later:
- `HAVE_INET_NTOP`
- `HAVE_INET_PTON`
- Set sizes, if not already set:
- `SIZEOF_OFF_T = 8`
- `_FILE_OFFSET_BITS = 64` when `USE_WIN32_LARGE_FILES` is set,
and using mingw-w64.
- Add the remaining for mingw-w64 only. Feel free to expand as desired:
- `HAVE_LIBGEN_H`
- `HAVE_FTRUNCATE`
- `HAVE_BASENAME`
- `HAVE_STRTOK_R`
Future TODO:
- `HAVE_SIGNAL` has a different meaning in CMake. It's enabled when both
the `signal()` function and the `SIGALRM` macro are found. In
autotools and this header, it means the function only. For the
function alone, CMake uses `HAVE_SIGNAL_FUNC`.
[0] c9b9a5f273/curl-m32.sh (L53-L58)
Reviewed-by: Daniel Stenberg
Closes#9712
The two defines MAX_FILE2MEMORY and MAX_FILE2STRING define the largest
strings accepted when loading files into memory, but as the size is
later used as input to functions that take the size as 'int' as
argument, the sizes must not be larger than INT_MAX.
These two new assert()s make the code error out if someone would bump
the sizes without this consideration.
Reported-by Trail of Bits
Closes#9719
Since the date parser allows YYYYMMDD as a date format (due to it being
a bit too generic for parsing this particular header), a large integer
number could wrongly match that pattern and cause the parser to generate
a wrong value.
No date format accepted for this header starts with a decimal number, so
by reversing the check and trying a number first we can deduct that if
that works, it was not a date.
Reported-by Trail of Bits
Closes#9718
fcntl() can (in theory) return a non-zero number for success, so a
better test for error is checking for -1 explicitly.
Follow-up to 41e1b30ea1
Mentioned-by: Dominik Klemba
Closes#9708
It was only defined in `lib/config-win32.h`, when building for Vista.
It was only used in `select.h`, in a condition that also included a
check for `POLLIN` which is a superior choice for this detection and
which was already used by cmake and autotools builds.
Delete both instances of this macro.
Closes#9707
This patch aimed to fix a regression [0], where `CC` initialization
moved beyond its first use. But, on closer inspection it turned out that
the `CC` initialization does not work as expected due to GNU Make
filling it with `cc` by default. So unless implicit values were
explicitly disabled via a GNU Make option, the default value of
`$CROSSPREFIX` + `gcc` was never used. At the same time the implicit
value `cc` maps to `gcc` in (most/all?) MinGW envs.
`AR` has the same issue, with a default value of `ar`.
We could reintroduce a separate variable to fix this without ill
effects, but for simplicity and flexibility, it seems better to drop
support for `CROSSPREFIX`, along with our own `CC`/`AR` init logic, and
require the caller to initialize `CC`, `AR` and `RC` to the full
(prefixed if necessary) names of these tools, as desired.
We keep `RC ?= windres` because `RC` is empty by default.
Also fix grammar in a comment.
[0] 10fbd8b4e3Closes#9698
PR #9255 aimed to fix a Cygwin/MSYS issue (#8220). It used the
`CURL_WIN32` macro, but that one is not defined here, while compiling
curl itself. This patch changes this to `WIN32`, assuming this was the
original intent.
Regression from 1c52e8a379
Reviewed-by: Marcel Raad
Closes#9701
Handle canonical headers and signed headers creation as explained here:
https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html
The algo tells that signed and canonical must contain at last host and
x-amz-date.
So we check whatever thoses are present in the curl http headers list.
If they are, we use the one enter by curl user, otherwise we generate
them. then we to lower, and remove space from each http headers plus
host and x-amz-date, then sort them all by alphabetical order.
This patch also fix a bug with host header, which was ignoring the port.
Closes#7966
By default, the PFXImportCertStore API persists the key in the user's
key store (as though the certificate was being imported for permanent,
ongoing use.)
The documentation specifies that keys that are not to be persisted
should be imported with the flag PKCS12_NO_PERSIST_KEY.
NOTE: this flag is only supported on versions of Windows newer than XP
and Server 2003.
--
This is take 2 of the original fix. It extends the lifetime of the
client certificate store to that of the credential handle. The original
fix which landed in 70d010d and was later reverted in aec8d30 failed to
work properly because it did not do that.
Minor changes were made to the schannel credential context to support
closing the client certificate store handle at the end of an SSL session.
--
Reported-by: ShadowZzj@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/9300
Supersedes https://github.com/curl/curl/pull/9363
Closes https://github.com/curl/curl/pull/9460
- Add support for these options:
`-wolfssl`, `-wolfssh`, `-mbedtls`, `-libssh`, `-psl`
Caveats:
- `-wolfssh` requires `-wolfssl`.
- `-wolfssl` cannot be used with OpenSSL backends in parallel.
- `-libssh` has build issues with BoringSSL and LibreSSL, and also
what looks like a world-writable-config vulnerability on Windows.
Consider it experimental.
- `-psl` requires `-idn2` and extra libs passed via
`LIBS=-liconv -lunistring`.
- Detect BoringSSL/wolfSSL and set ngtcp2 crypto lib accordingly.
- Generalize MultiSSL detection.
- Use else-if syntax. Requires GNU Make 3.81 (2006-04-01).
- Document more customization options.
This brings over some configuration logic from `curl-for-win`.
Closes#9680
Enable `HAVE_UNISTD_H`, `HAVE_STRTOK_R` and `HAVE_STRCASECMP` detection
on Windows, instead of having predefined values.
With these features detected correctly, CMake Windows builds get closer
to the autotools and `config-win32.h` ones.
This also fixes detecting `HAVE_FTRUNCATE` correctly, which required
`unistd.h`.
Fixing `ftruncate()` in turn causes a build warning/error with legacy
MinGW/MSYS1 due to an offset type size mismatch. This env misses to
detect `HAVE_FILE_OFFSET_BITS`, which may be a reason. This patch
force-disables `HAVE_FTRUNCATE` for this platform.
Reviewed-by: Daniel Stenberg
Closes#9687
Fixes: 73a070d96f/curl-autotools.sh (L44-L47)
On Windows this feature is present, but not the header used in the
detection logic. It also requires an elaborate enabler logic
(as seen in `lib/curl_setup.h`). Let's always allow it and let the
lib code deal with the details.
Closes#9688
This adds the missing half of the check, next to the other half
already present in `lib/curl_config.h.cmake`.
Force disable `HAVE_INET_NTOP` for old MSVC where it caused compiler
warnings.
Reviewed-by: Daniel Stenberg
Closes#9689
They were previously (erroneously) added manually to tool_listhelp.c
which would make them get removed again when the file is updated next
time, unless added correctly here in header.d
Follow-up to 2437fac01Closes#9690
To avoid URL tricks, use the URL parser for this.
This update changes curl's behavior slightly in that it will ignore the
possible query part from the URL and only use the file name from the
actual path from the URL. I consider it a bugfix.
"curl -O localhost/name?giveme-giveme" will now save the output in the
local file named 'name'
Updated test 1210 to verify
Assisted-by: Jay Satiro
Closes#9684
"You never needed a pass phrase" reads like it's about to be followed by
something like "until version so-and-so", but that is not what is
intended. Change to "You never need a pass phrase". There are two
instances of this text, so make sure to update both.
When I explicitly declare, that I would like to have curl built with
wolfSSL support using `--with-wolfssl` configure option, then I would
expect, that either I endup with curl having that support, for example
in form of https support or it wouldn't be available at all.
Downstream projects like for example OpenWrt build curl wolfSSL variant
with `--with-wolfssl` already, but in certain corner cases it does fail:
configure:25299: checking for wolfSSL_Init in -lwolfssl
configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip]
In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33,
from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35,
from target-x86_64_musl/usr/include/wolfssl/ssl.h:35,
from conftest.c:47:
target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory
#include <wolfssl/wolfcrypt/sp_int.h>
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
and in the end thus produces curl without https support:
curl: (1) Protocol "https" not supported or disabled in libcurl
So fix it, by making the working wolfSSL mandatory and error out in
configure step when that's not the case:
checking for wolfSSL_Init in -lwolfssl... no
configure: error: --with-wolfssl but wolfSSL was not found or doesn't work
References: https://github.com/openwrt/packages/issues/19005
References: https://github.com/openwrt/packages/issues/19547
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Closes#9682
