`Curl_pgrsSetUploadCounter` should be a passed a total count, not an
increment.
This changes the failing diff for test 579 with hyper from this:
```
Progress callback called with UL 0 out of 0[LF]
-Progress callback called with UL 8 out of 0[LF]
-Progress callback called with UL 16 out of 0[LF]
-Progress callback called with UL 26 out of 0[LF]
-Progress callback called with UL 61 out of 0[LF]
-Progress callback called with UL 66 out of 0[LF]
+Progress callback called with UL 29 out of 0[LF]
```
to this:
```
Progress callback called with UL 0 out of 0[LF]
-Progress callback called with UL 8 out of 0[LF]
-Progress callback called with UL 16 out of 0[LF]
-Progress callback called with UL 26 out of 0[LF]
-Progress callback called with UL 61 out of 0[LF]
-Progress callback called with UL 66 out of 0[LF]
+Progress callback called with UL 40 out of 0[LF]
```
Presumably a step in the right direction.
Closes#11780
Allow overriding the default TLS backend via a CMake setting.
E.g.:
`cmake [...] -DCURL_DEFAULT_SSL_BACKEND=mbedtls`
Accepted values: bearssl, gnutls, mbedtls, openssl, rustls,
schannel, secure-transport, wolfssl
The passed string is baked into the curl/libcurl binaries.
The value is case-insensitive.
We added a similar option to autotools in 2017 via
c7170e20d0.
TODO: Convert to lowercase to improve reproducibility.
Closes#11774
- delete completed TODO from `./CMakeLists.txt`.
- convert a C++ comment to C89 in `./CMake/CurlTests.c`.
- delete duplicate EOLs from EOF.
- add missing EOL at EOF.
- delete whitespace at EOL (except from expected test results).
- convert tabs to spaces.
- convert CRLF EOLs to LF in GHA yaml.
- text casing fixes in `./CMakeLists.txt`.
- fix a codespell typo in `packages/OS400/initscript.sh`.
Closes#11772
If we don't do this, all coverage on Cirrus will cease in a few days. By
removing the Windows builds, the FreeBSD one should still continue
as before. The Windows builds will need be moved to another service to
maintain test coverage.
Closes#11771
Cirrus is drastically reducing their free tier on Sept. 1, so they will
no longer perform all these builds for us. All but one build has been
moved, with the LibreSSL one being dropped because of linking problems
on Circle.
One important note about this change is that Circle CI is currently
directing all these builds to x86_64 hardware, despite them requesting
ARM. This is because ARM nodes are scheduled to be available on the
free tier only in December. This reduces our architectural diversity
until then but it should automatically come back once those machines are
enabled.
Cirrus' new free tier won't let us have many builds, so drop the
nonessential ones. The FreeBSD 13.X build will still give us the most
relevant FreeBSD coverage.
OS400 uses BSD 4.3 setsockopt() prototype by default: this does not
define parameter as const, resulting in an error if actual parameter is
const. Remove the const keyword from the actual parameter cast: this
works in all conditions, even if the formal parameter uses it.
Closes#11547
- During the check to differentiate between a port and IPv6 address
without brackets, write the binary IPv6 address to an in6_addr.
Prior to this change the binary IPv6 address was erroneously written to
a sockaddr_in6 'sa6' when it should have been written to its in6_addr
member 'sin6_addr'. There's no fallout because no members of 'sa6' are
accessed before it is later overwritten.
Closes https://github.com/curl/curl/pull/11747
- Error on missing input file for --data, --data-binary,
--data-urlencode, --header, --variable, --write-out.
Prior to this change if a user of the curl tool specified an input file
for one of the above options and that file could not be opened then it
would be treated as zero length data instead of an error. For example, a
POST using `--data @filenametypo` would cause a zero length POST which
is probably not what the user intended.
Closes https://github.com/curl/curl/pull/11677
When curl wants to connect to a host, it always has a TIMEOUT. The
maximum time it is allowed to spend until a connect is confirmed.
curl will try to connect to each of the IP adresses returned for the
host. Two loops, one for each IP family.
During the connect loop, while curl has more than one IP address left to
try within a single address family, curl has traditionally allowed (time
left/2) for *this* connect attempt. This, to not get stuck on the
initial addresses in case the timeout but still allow later addresses to
get attempted.
This has the downside that when users set a very short timeout and the
host has a large number of IP addresses, the effective result might be
that every attempt gets a little too short time.
This change stop doing the divided-by-two if the total time left is
below a threshold. This threshold is 600 milliseconds.
Closes#11693
When UDP packets get lost this makes for slightly faster retries. This
lower timeout is used by @c-ares itself by default starting next
release.
Closes#11753
- Allow the stunnel minor-version version part to be zero.
Prior to this change with the stunnel version scheme of <major>.<minor>
if either part was 0 then version parsing would fail, causing
secureserver.pl to fail with error "No stunnel", causing tests that use
the SSL protocol to be skipped. As a practical matter this bug can only
be caused by a minor-version part of 0, since the major-version part is
always greater than 0.
Closes https://github.com/curl/curl/pull/11722
- Store the stunnel path in the private variable $stunnel unquoted and
instead quote it in the command strings.
Prior to this change the quoted stunnel path was passed to perl's file
operators which cannot handle quoted paths. For example:
$stunnel = "\"/C/Program Files (x86)/stunnel/bin/tstunnel\"";
if(-x $stunnel or -x "$stunnel")
# false even if path exists and is executable
Our other test scripts written in perl, unlike this one, use servers.pm
which has a global $stunnel variable with the path stored unquoted and
therefore those scripts don't have this problem.
Closes https://github.com/curl/curl/pull/11721
Store numerical IPv6 addresses in the alt-svc file with the brackets
present.
Verify with test 437 and 438
Fixes#11737
Reported-by: oliverpool on github
Closes#11743
In several test programs. These mistakes are not detected or a problem
as long as memdebug.h is included, as that provides the debug wrappers
for all memory functions in the same style libcurl internals do it,
which makes curl_free and free effectively the same call.
Reported-by: Nicholas Nethercote
Closes#11746
Some of these changes come from comparing `Curl_http` and
`start_CONNECT`, which are similar, and adding things to them that are
present in one and missing in another.
The most important changes:
- In `start_CONNECT`, add a missing `hyper_clientconn_free` call on the
happy path.
- In `start_CONNECT`, add a missing `hyper_request_free` on the error
path.
- In `bodysend`, add a missing `hyper_body_free` on an early-exit path.
- In `bodysend`, remove an unnecessary `hyper_body_free` on a different
error path that would cause a double-free.
https://docs.rs/hyper/latest/hyper/ffi/fn.hyper_request_set_body.html
says of `hyper_request_set_body`: "This takes ownership of the
hyper_body *, you must not use it or free it after setting it on the
request." This is true even if `hyper_request_set_body` returns an
error; I confirmed this by looking at the hyper source code.
Other changes are minor but make things slightly nicer.
Closes#11745
We've seen errors left in the OpenSSL error queue (specifically,
"shutdown while in init") by adding some logging it revealed that the
source was this file.
Since we call SSL_read and SSL_shutdown here, but don't check the return
code for an error, we should clear the OpenSSL error queue in case one
was raised.
This didn't affect curl because we call ERR_clear_error before every
write operation (a0dd9df9ab), but when
libcurl is used in a process with other OpenSSL users, they may detect
an OpenSSL error pushed by libcurl's SSL_shutdown as if it was their
own.
Co-authored-by: Satana de Sant'Ana <satana@skylittlesystem.org>
Closes#11736
This allows testing Y2038 with system time set to after that, so that
actual Y2038 issues can be exposed, and not masked by expiry errors.
Fixes#11576Closes#11610
