It was previously wrongly verifying the input in its URL encoded format
when setting the hostname component with curl_url_set(), so it wrongly
rejected '%'.
Now it URL decodes the name appropriately before the check.
Added tests to lib1560 to verify that a fine %-code is okay and that a
bad %-code (that decodes to '%') is rejected.
Regression from 0a0c9b6dfa, shipped in 8.0.0
Fixes#14656
Reported-by: Venkat Krishna R
Closes#14657
- Install stunnel.
- Regenerate certificates (as SecureTransport requires a validity period
less than 398 days).
- Restart server if it is unresponsive.
- Do not hardcode the SHA-256 base64 public pinned key.
- Ignore test 313 as SecureTransport does not support crl file.
- Ignore tests 1631 and 1632 as SecureTransport is not yet able to shut
down FTP over HTTPS gracefully.
- Add a CMake target for generating certificates.
Closes#14486
In Find modules with native pkg-config detection (libgsasl, libidn2,
libssh, libuv, nettle) use the C compiler flags returned by pkg-config.
Also use the library paths, and return the pathless library names.
Also:
- add these library paths to `libcurl.pc`/`curl-config`.
- fix libgsasl detection to use the detected header directory.
FindGSS already did this before this patch.
Fixes#14641Closes#14652
- add pkg-config-specific 'Found' message to the Find module.
- update non-pkg-config 'Found' message to show the flavour instead of
the library name. (= the first value listed after `REQUIRED_VARS`)
- delete extra 'Found' message from `CMakeLists.txt`.
- rename internal result variables to match with default pkg-config
names, in preparation of introducing them in other Find modules:
- `GSS_LINK_DIRECTORIES` -> `GSS_LIBRARY_DIRS`
- `GSS_LINKER_FLAGS` -> `GSS_LDFLAGS`
- `GSS_COMPILER_FLAGS` -> `GSS_CFLAGS`
Ref: #14652Closes#14651
Previously this test allowed several error values when setting options.
This made this test miss #14629.
Now, errors are generally not accepted for setopts:
- numerical setopts accept CURLE_BAD_FUNCTION_ARGUMENT for funny input
- the first setopt to an option accepts CURLE_NOT_BUILT_IN or
CURLE_UNKNOWN_OPTION for when they are disabled/not built-in
- there is an allowlist concept for some return code for some variables,
managed at the top of the mk-lib1521.pl script
In curl.h: remove the OBSOLETE named values from the setopt list.
Closes#14634
This job unconditionally runs checksrc on ALL .c and .h files present in
git.
checksrc.pl: fixed to look for ".checksrc" in the same directory from
where it loads the file to check so that it an be invoked like this
Closes#14625
SECURITY.md has a recently added section titled OpenSSF Scorecard
that actually documents OpenSSF Best Practices. Scorecard [0] is a
different OpenSSF project, that incorporates Best Practices, but is
distinct in its objectives and how it achieves them.
This change clarifies the terminology, and also removes any
implication that Gold Best Practices is an award rather than a self
certification programme.
As curl was a leader in implementing Best Practices some folk may be
more familiar with the earlier Core Infrastructure Initiative (CII)
naming, so a reference to that has been added.
[0] https://scorecard.dev/
Signed-off-by: Chris Swan <478926+cpswan@users.noreply.github.com>
Ref: #14319Closes#14635
Running the http pytest had to be done from tests directory or above,
because the repeat argument fixture was defined in tests/conftest.py.
However, the repeat argument is not needed because its functionality
can be provided by pytest-repeat as documented in the test's
README.md. So, removed the pytest_addoption function for the repeat
argument and the pytest_report_header function is moved to
tests/http/conftest.py.
TODO: Remove repeat argument from all tests. As a stopgap, a
one-element list is defined for it for now.
Closes#14611
Add tweak for mingw-w64 when building tests/http/client programs to
avoid a bogus `-Wformat` warning when using mingw-w64 v7.0.0 or older.
The warning is bogus because these programs use curl's `printf()`
implementation that is guaranteed to support that format spec.
Add this for both CMake and autotools. (But only CMake is CI tested with
an old toolchain.)
Apply the workaround to `docs/examples`, and fix an example to use
curl's `printf()` with `CURL_FORMAT_CURL_OFF_T`.
Reintroduce curl `printf()` calls into `tests/http/client`, via #14625.
Also restore large number masks to a printf, changed earlier in #14382.
Follow-up to 232302f88a#14382
Ref: https://github.com/curl/curl/pull/14625#issuecomment-2302361737Closes#14640
Sources used `lib/curlx.h` with both `ENABLE_CURLX_PRINTF` set and unset
before including it.
In a cmake "unity" batch where the first included source had it unset,
the next sources did not get the macros requested with
`ENABLE_CURLX_PRINTF` because `lib/curl.x` had already been included
without them.
Fix it by by making the macros enabled permanently and globally for
internal sources, and dropping `ENABLE_CURLX_PRINTF`.
This came up while testing unity builds with smaller batches. The full,
default unity build where all `src` is bundled up in a single unit, was
not affected.
Fixes:
```
$ cmake -B build -DCMAKE_UNITY_BUILD=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=15
$ make -C build
...
curl/src/tool_getparam.c: In function ‘getparameter’:
curl/src/tool_getparam.c:2409:11: error: implicit declaration of function ‘msnprintf’; did you mean ‘vsnprintf’? [-Wimplicit-function-declaration]
2409 | msnprintf(buffer, sizeof(buffer), "%" CURL_FORMAT_CURL_OFF_T "-",
| ^~~~~~~~~
| vsnprintf
curl/src/tool_getparam.c:2409:11: warning: nested extern declaration of ‘msnprintf’ [-Wnested-externs]
[...]
```
Reported-by: Daniel Stenberg
Bug: https://github.com/curl/curl/pull/14626#issuecomment-2301663491Closes#14632
also done in CURLOPT_PROGRESSFUNCTION.md
This changes the wording to say that 1 should be returned instad of
non-zero to return error from the callback. I did this to simplify, even
if other non-zero values still do the same thing I figure we might just
as well just leave out the others from the documentation.
Fixes#14627
Reported-by: Benjamin Riefenstahl Mecom
Closes#14637
This value tells how many sources files to bundle in a single "unity"
compilation unit.
The CMake default is 8 sources, curl's CMake set this to 0, meaning
to bundle all sources into a single unit.
This patch makes it possible to override the 0 value, and potentially
optimize the build process further by better utilizing multiple cores
in conjunction with `make -jN`.
The number of sources in lib is 172 at the time of writing this. For
a 12-core CPU, this can give a job for them all:
`-DCMAKE_UNITY_BUILD_BATCH_SIZE=15`
(Compile time may be affected by a bunch of other factors.)
Closes#14626
Drop `find_package(libssh CONFIG)` detection method in favour of
the Find module that supports both `pkg-config`, and CMake-native
(since #14555) detection.
This aligns `libssh` detection with other dependencies. It makes the
build honor custom configuration via `LIBSSH_INCLUDE_DIR`,
`LIBSSH_LIBRARY`.
Also enable libssh in a GHA/macos cmake job for build coverage.
Fixing:
- curl-for-win requiring a hack to configure libssh:
4f9acbed92/curl.sh (L255-L263)
- after #14555, GHA/windows gnutls vcpkg job no longer auto-detected
libssh, due to a regression missing to enable libssh when
found via `find_package(libssh CONFIG)`.
Ref: https://github.com/curl/curl/actions/runs/10470138955/job/28994650338
Follow-up to 422696f0a4#14555Closes#14614
```
/Users/runner/work/curl/curl/lib/version.c: In function 'curl_version_info':
/Users/runner/work/curl/curl/lib/version.c:584:15: error: declaration of 'ssh_buffer' shadows a global declaration [-Werror=shadow]
584 | static char ssh_buffer[80];
| ^~~~~~~~~~
In file included from /Users/runner/work/curl/curl/lib/vssh/ssh.h:35,
from /Users/runner/work/curl/curl/lib/urldata.h:185,
from /Users/runner/work/curl/curl/lib/altsvc.c:32,
from /Users/runner/work/curl/curl/bld/lib/CMakeFiles/libcurl_shared.dir/Unity/unity_0_c.c:4:
/opt/homebrew/include/libssh/libssh.h:99:35: note: shadowed declaration is here
99 | typedef struct ssh_buffer_struct* ssh_buffer;
| ^~~~~~~~~~
```
Ref: https://github.com/curl/curl/actions/runs/10477958747/job/29020250670#step:9:48
Tested via #14614Closes#14617
For libssh, it fixes a "unity" build issue where libssh deprecation
warnings were not suppressed before this patch, because the suppression
macro was only set before just one of the two `libssh.h` includes.
If the other was compiled first in unity mode, the warnings appeared.
Seen in local curl-for-win build (`CW_CONFIG=test-x64-libssh-quictls`)
with libssh 0.11.0. (Also in a GHA/macos cmake job upcoming in #14614)
Use this opportunity to drop duplicate SSH header includes from the SSH
modules. It's enough to include them via the common `ssh.h` header.
Closes#14612
POSIX sed doesn't support extended regular expressions, so convert a
call to the basic format. This caused a problem on AIX. Also, use the
detected sed binary name instead of hard-coding one.
Change TLS proto version on the test httpd server to test setting
combinations of --tls13-ciphers and --ciphers.
To not let the changed config of the httpd server bleed into the next
test, clean and reload on each test. Because a reload is slow, only
do this if the config is different than the loaded config. For this
the httpd.reload_if_config_changed() method is added.
Overloading of autouse fixtures does not seem to work. For the test
httpd server to be reloaded with a clean config in test_18_methods,
to not be affected by the config changes in test_17_ssl_use, the two
class scope fixtures of test_18_methods are now combined.
Closes#14589
With mbedTLS if the minimum version of TLS is set to 1.3,
MBEDTLS_SSL_VERIFY_OPTIONAL is not available in client mode. See:
https://github.com/Mbed-TLS/mbedtls/blob/2ca6c285/library/ssl_tls.c#L1357
Also, there might be plans to remove it completely in future mbedTLS
versions.
Switch to always use MBEDTLS_SSL_VERIFY_REQUIRED. If verifypeer or
verifyhost are disabled the corresponding error flags are cleared in the
verify callback function. That is also where verification errors are
logged.
Closes#14591
