The default wolfSSL_CTX_load_verify_locations() function is quite picky
with the certificates it loads and will for example return error if just
one of the certs has expired.
With the *_ex() function and its WOLFSSL_LOAD_FLAG_IGNORE_ERR flag, it
behaves more similar to what OpenSSL does by default.
Even the set of default certs on my Debian unstable has several expired
ones.
Assisted-by: Juliusz Sosinowicz
Assisted-by: Michael Osipov
Closes#11987
Based on existing autotools logic.
autotools checks for old versions of the allowlisted target OSes and
disables this feature when seeing them. In CMake we assume we're running
on newer systems and enable regardless of OS version.
autotools always runs all 3 probes for non-fast-tracked systems and
enables this feature if any one of them was successful. To save
configuration time, CMake stops at the first successful check.
OpenBSD is not fast-tracked and then gets blocklisted as a generic BSD
system. I haven't double-checked if this is correct, but looks odd.
Ref: #11964 (effort to sync cmake detections with autotools)
Closes#11979
- run `curl -V` after builds to see if they run and with what features.
Except for one job where a CRT DLL is missing. And ARM64 which should
fail, but is silently not launched instead.
- copy libcurl DLL next to curl tool and tests binaries in shared mode.
This makes it possible to run the tests. (We don't run tests after
these builds yet.)
- list the DLLs and EXEs present after the builds.
- add `DEBUG` variable for CMake builds to allow disabling it, for
testing non-debug builds. (currently enabled for all)
- add commented lines that dump CMake configuration logs for debugging
build/auto-detection issues.
- add gcc version to jobs where missing.
- switch a job to the native MSYS2 mingw-w64 toolchain. This adds gcc 9
to the build mix.
- make `SHARED=OFF` and `OPENSSL=OFF` defaults global.
- delete a duplicate backslash.
Closes#11976
It sometimes happens that a test hangs during a test run and never
returns. The test harness will wait indefinitely for the results and on
CI servers the CI job will eventually be killed after an hour or two.
At the end of a test run, if results haven't come in within a couple of
minutes, display the status of all test runners and what tests they're
running to help in debugging the problem.
This feature is really only kick in with parallel testing enabled, which
is fine because without parallel testing it's usually easy to tell what
test has hung.
Closes#11980
in FAQ and MANUAL.md
- example.com was made for this purpose.
- reduces the risk that one of those domains suddenly start hosting
something nasty and we provide links to them
Closes#11986
The default system truststore on FreeBSD has been /etc/ssl/certs for many
years now. It is managed canonically through certctl(8) and contains hashed
symlinks for OpenSSL and other TLS providers.
The previous ones require security/ca_root_nss which might not be installed or
will not contain any custom CA certificates.
Closes#11985
`basename` is present in mingw-w64, missing from MSVC. Pre-cache
accordingly to make configure faster.
Notice that `basename` has a bug so we later disable it even with
mingw-w64:
781242ffa4/lib/curl_setup.h (L820-L825)Closes#11974
- check for arc4random. To make rand.c use it accordingly.
- check for fcntl
- fix fseek detection
- add SIZEOF_CURL_SOCKET_T
- fix USE_UNIX_SOCKETS
- define HAVE_SNPRINTF to 1
- check for fnmatch
- check for sched_yield
- remove HAVE_GETPPID duplicate from curl_config.h
- add HAVE_SENDMSG
Ref: #11964
Co-authored-by: Viktor Szakats
Closes#11973
1. References to curl symbols are now checked that they indeed exist as
man pages. This for \f references as well as the names referenced in the
SEE ALSO section.
Allowlist curl.1 since it is not always built in builds
2. References to curl symbols that lack section now causes warning, since that
will prevent them from getting linked properly
3. Check for "bare" references to curl functions and warn, they should be
references
Closes#11963
With new option `CURL_DISABLE_SRP=ON` to force-disable it.
To match existing option and detection logic in autotools.
Also:
- fix detecting GnuTLS.
We assume `nettle` as a GnuTLS dependency.
- add CMake GnuTLS CI job.
- bump AppVeyor CMake OpenSSL MSVC job to OpenSSL 1.1.1 (from 1.0.2)
TLS-SRP fails to detect with 1.0.2 due to an OpenSSL header bug.
- fix compiler warning when building with GnuTLS and disabled TLS-SRP.
- fix comment typos, whitespace.
Ref: #11964Closes#11967
Earlier this year we changed our own stderr variable to use the standard
name `stderr` (to avoid bugs where someone is using `stderr` instead of
the curl-tool specific variable). This solution needed to override the
standard `stderr` symbol via the preprocessor. This in turn didn't play
well with unity builds and caused curl tool to crash or stay silent due
to an uninitialized stderr. This was a hard to find issue, fixed by
manually breaking out one file from the unity sources.
To avoid two these two tricks, this patch implements a different
solution: Restore using our own local variable for our stderr output and
leave `stderr` as-is. To avoid using `stderr` by mistake, add a
`checksrc` rule (based on logic we already used in lib for `strerror`)
that detects any `stderr` use in `src` and points to using our own
variable instead: `tool_stderr`.
Follow-up to 06133d3e9b
Follow-up to 2f17a9b654Closes#11958
- move definitions from content_encoding.h to sendf.h
- move create/cleanup/add code into sendf.c
- installed content_encoding writers will always be called
on Curl_client_write(CLIENTWRITE_BODY)
- Curl_client_cleanup() frees writers and tempbuffers from
paused transfers, irregardless of protocol
Closes#11908
Curl_timediff rounds down to the millisecond, so curl_multi_perform can
be called too early, then we get a timeout of 0 and call it again.
The code already handled the case of timeouts which expired less than
1ms in the future. By rounding up, we make sure we will never ask the
platform to wake up too early.
Closes#11938
Switch to plain getenv() from curl_getenv() to avoid the allocation and
having to keep track of which free() or curl_free() that need to be
used.
Coverity found issues and a memory leak.
Follow-up to 65b563a96aCloses#11959
This made the getaddrinfo detection fail, but we did not spot it in the
CI because it graciously falled back to using legacy functions instead!
Follow-up to 96c29900bc (#11940)
Closes#11965
CID 1024653: Integer handling issues (SIGN_EXTENSION)
Suspicious implicit sign extension: "src[i]" with type "unsigned char
const" (8 bits, unsigned) is promoted in "src[i] << (1 - i % 2 << 3)" to
type "int" (32 bits, signed), then sign-extended to type "unsigned long"
(64 bits, unsigned). If "src[i] << (1 - i % 2 << 3)" is greater than
0x7FFFFFFF, the upper bits of the result will all be 1.
111 words[i/2] |= (src[i] << ((1 - (i % 2)) << 3));
The value will not be greater than 0x7FFFFFFF so this still cannot
happen.
Also, switch to ints here instead of longs. The values stored are 16 bit
so at least no need to use 64 bit variables. Also, longs are 32 bit on
some platforms so this logic still needs to work with 32 bits.
Closes#11960
- Enforce a single reference per .BR line
- Skip the quotes around the section number for example (3)
- Insist on trailing commas on all lines except the last
- Error on comma on the last SEE ALSO entry
- List the entries alpha-sorted, not enforced just recommended
Closes#11957
... so that it gets called again immediately and can continue trying
addresses to connect to. Otherwise it might unnecessarily wait for a
while there.
Fixes#11920
Reported-by: Loïc Yhuel
Closes#11935
- `HAVE_MEMRCHR` for `memrchr`.
- `HAVE_GETIFADDRS` for `getifaddrs`.
This was present in `lib/curl_config.h.cmake` but missed the detection
logic.
To match existing autotools feature checks.
Closes#11954
Before this patch we added standard headers unconditionally to the
global list of headers used for feature checks. This is unnecessary
and also doesn't help CMake 'Generate' performance. This patch moves
these headers to each feature check where they are actually needed.
Stop using `stddef.h`, as it seems unnecessary.
I've used autotools' `m4/curl-functions.m4` to figure out these
dependencies.
Also delete checking for the C89 standard header `time.h`, that I
missed in the earlier commit.
Ref: 96c29900bc#11940Closes#11951
Delete checks and guards for standard C89 headers and assume these are
available: `stdio.h`, `string.h`, `time.h`, `setjmp.h`, `stdlib.h`,
`stddef.h`, `signal.h`.
Some of these we already used unconditionally, some others we only used
for feature checks.
Follow-up to 9c7165e96a#11918 (for `stdio.h` in CMake)
Closes#11940
