Generate the certificate serial numbers automatically instead of doing
from shell (or Perl earlier).
Fixes intermittent CI failures due to the shell-based random generator
generating the same serial number twice:
```
$ openssl ca -config EdelCurlRoot-ca.cnf -revoke Server-localhost0h-sv.crt
Using configuration from EdelCurlRoot-ca.cnf
ERROR:Already revoked, serial number 66FDB23A
make: *** [../../../tests/certs/Server-localhost0h-sv.pem] Error 1
```
https://github.com/curl/curl/actions/runs/11151401083/job/30994755798?pr=15128#step:10:498
Follow-up to fa461b4eff#14486
Follow-up to fa69b41c77#13307Closes#15129
This needs the version in the GHA context, so move those back
from external file `VERSIONS`.
Also move back `VERSIONS` content in it previous place to
`.circleci/config.yml`. Update renovate config.
Renovate bot should keep updating the wolfSSL version, but from now on
not in one, but two files.
Follow-up to 820afa2b7c#15030
Follow-up to 73a3602120Closes#15130
Instead of calling the shell and external tools, rely on Perl functions
like `Cwd::getcwd()`, `Cwd::abs_path()`, `Cygwin::posix_to_win_path()`,
`Cygwin::win_to_posix_path()` to retrieve the current directory and
convert between POSIX and Windows formats.
This adds native Windows Perl support, avoids most failure modes and
makes format guessing and other internal functions unnecessary.
Also:
- delete unused `sys_native_path()`.
- delete redundant `normalize_path()` because Perl `abs_path()` already
does it.
Cherry-picked from #14949Closes#15111
For all states before MSTATE_DO the connect timeout needs to be
considered.
Regression since #13371 (be659030ba) shipped in 8.8.0
Reported-by: Deniz Sökmen
Fixes#15100Closes#15119
For all tests using -O that were previously relying on a debug build and
the CURL_TESTDIR environment variable, use the plain --output-dir option
instead so that they can run proper in non-debug builds.
Closes#15114
By keeping the headers in memory until we know the target file name,
then output them all.
Previously this option combination would cause an error.
Add test 1310 and 1492 to verify. Adjusted test 1460 to work in the new
conditions.
Closes#15110
- add `macos-15` Sequoia to combinations jobs.
- add `llvm@18` to combinations jobs for `macos-15`.
- fix cmake, autotools configurations for llvm 18.
It requires `CMAKE_OSX_SYSROOT` for cmake, and `--sysroot` within `CC`
for both cmake and autotools.
(Also add `--target` to `CC` for all jobs.)
- stop `brew update` on `macos-12`.
`macos-12` is Monterey. Homebrew stopped providing binaries for it
after the latest macOS was out. It means newer versions of packages
have to be built from source, which is slow and undesired. Try to
avoid it using this trick. If it doesn't work, `macos-12` jobs will
have to be dropped.
- update Xcode support matrix.
Ref: https://github.com/actions/runner-images/blob/main/images/macos/macos-15-arm64-Readme.mdCloses#15108
curl_multi_init - mention the caches held by the handle
curl_multi_cleanup - mention that the socket callback might be invoked
by this function
Closes#15109
poll() on macOS 10.12 was deemed broken in 2016 when we discovered that
it misbehaves when provided with no sockets to wait for. The
HAVE_POLL_FINE is used to mark a poll() implementation that behaves
correctly: it *should* still wait the timeout time.
curl has therefore opted to use select() on Apple operating systems ever
since. To avoid the risk that this or other breakage cause problems.
However, using select() internally is also bad because it suffers from
problems when using file descriptors beyond 1024.
This change makes poll() used if it is present, but if there is no
sockets to wait for it avoids using poll() and instead falls back to
select() - but without any sockets to wait for there is no 1024 problem.
This removes all previous special-handling involving HAVE_POLL_FINE.
ref: https://daniel.haxx.se/blog/2016/10/11/poll-on-mac-10-12-is-broken/Closes#15096
When uploading FTP with unknown length, we write a last 0-length chunk
with the EOS flag set. OpenSSL's SSL_write() errors on such a write.
Skip writing 0-length data to TLS backends instead.
Add test in FTPS for such uploads to verify.
Fixes#15101
Reported-by: Denis Goleshchikhin
Closes#15102
- add variable for the null device filename and use that in Perl code.
- initialize this variable with `NUL` on native Windows.
- add `%DEV_NULL` variable and use it in tests.
Fixes `The system cannot find the path specified.` messages seen when
running `runtests.pl` with native Windows Perl.
Also adjust code to not break mcedit syntax highlighting.
Cherry-picked from #14949Closes#15098
To ensure Perl invocations within tests call the same Perl binary used
for running the tests, as specified or auto-detected via `PERL` env
(autotools) or `PERL_EXECUTABLE` setting (cmake). Instead of the first
`perl` executable found in `PATH`.)
Cherry-picked from #14949Closes#15097
Before this patch not all tests used `%FILE_PWD` with the `file://`
protocol.
Keep `%PWD` for test1145, to keep it fail on Windows like the test
expects.
Cherry-picked from #14949Closes#15090
Cygwin jobs took 30 minutes and was the reason for moving them to their
own workflow. After recent changes, they finish in 8 minutes, which is
on par or lower than the longest Windows jobs. Thus, Cygwin can now be
moved back to the Windows workflow without causing extra wait for all
the workflow jobs to complete (and allowing a manual retry for the
remaining flaky jobs).
Notice that Cygwin still uses the cygwin/cygwin-install-action action to
install Cygwin itself. This action uses no caching and the time it takes
fluctuates widely depending on mirror speed, congestion and other
things. If Cygwin tends to hold up jobs again for this or other reasons,
this patch may be reverted.
Follow-up to 80a8e24956#15083
Follow-up to 2d8464c4cb#14366Closes#15086
Move test runs from autotools jobs to cmake ones for Cygwin and MSYS.
This makes producing test results and finishing the workflows faster,
because the cmake build steps are much faster than autotools in these
envs.
Also:
- drop building examples with Cygwin autotools. It takes almost
4 minutes. Keep building them with cmake, taking 20 seconds.
- drop building examples in MSYS autotools jobs that run tests.
Keep building them in autotools jobs without tests. It makes
the longest running job 2 minutes shorter.
After this patch Cygwin job times are on par with or lower than Windows
ones. It means Cygwin doesn't cause extra delay to finish the whole
workflow, allowing to re-merge these jobs into the Windows workflow.
Closes#15083
- http3-linux: add newlines for readability.
- http3-linux: use `make pytest` to run pytest.
- checksrc: use `|` multiline to sync with other uses.
- checksrc: prefer `$()`.
- prefer `>-` over `>` for folded option lists.
- cygwin: drop a `grep` no longer necessary.
Closes#15081
- restore change lost after websockets-default update.
Ref: 6a1dcdc5d2#14998
- delete unused line after websockets is on by default.
Follow-up to d78e129d50#14936Closes#15078
It seems like the Ubuntu apt mirror list or other preloaded data on the
Linux runner can go stale (?) throughout a single week causing failures
like this, in some of the jobs:
```
Ign:16 http://security.ubuntu.com/ubuntu jammy-updates/main amd64 libapr1-dev amd64 1.7.0-8ubuntu0.22.04.1
Err:16 mirror+file:/etc/apt/apt-mirrors.txt jammy-updates/main amd64 libapr1-dev amd64 1.7.0-8ubuntu0.22.04.1
404 Not Found [IP: 40.81.13.82 80]
Get:24 http://azure.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libnghttp2-dev amd64 1.43.0-1ubuntu0.2 [117 kB]
Get:25 http://azure.archive.ubuntu.com/ubuntu jammy-updates/main amd64 vsftpd amd64 3.0.5-0ubuntu1.1 [123 kB]
Fetched 4029 kB in 2s (1682 kB/s)
E: Failed to fetch mirror+file:/etc/apt/apt-mirrors.txt/pool/main/a/apr/libapr1-dev_1.7.0-8ubuntu0.22.04.1_amd64.deb 404 Not Found [IP: 40.81.13.82 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
Error: Process completed with exit code 100.
```
https://github.com/curl/curl/actions/runs/11074211380/job/30772496037#step:32:63
Restore `apt update` to fix it.
Follow-up to 1b8449674a#14992Closes#15082
`singleuse.pl` requires non-unity builds. With unity builds, it remains
silent.
- make some jobs non-unity to allow singleuse to do its job.
- since all jobs used the `--unit` singleuse checker option, make this
option permanent.
Closes#15065
- reduce job timeouts for msys2 and old-mingw-w64 jobs.
- fold long lines and reorder options in MSVC jobs.
- make some options default in MSVC jobs.
Closes#15017
- CI default: raise parallelism to 20
- CI valgind: set parallelism to 6
- CI non-native: adapt parallelism for OS builds
- CI Windows: no longer ignore FTP, TFTP, MQTT and SMTP
- CI Windows: restrict test timeout to 10 minutes
- CI Windows: do not run tests for msh3 build
- tests, various: restrict curl invocation to ipv4 to avoid talking to
any ipv6 test server running in parallel
- tests: requiring http/2 server no longer needs to mention http server
- test 190: use a fixed timeout of 10 seconds instead of %FTPTIME2, as
that value rises under parallel load beyond what the server is waiting
and then produces different results
- test 1540: add debug logging
- testrunner: add verify checks for http/2 and http/3 server
Closes#15040
