- Clear data->state.os_errno before transfer.
- Explain the change in behavior in the CURLINFO_OS_ERRNO doc.
- Add to the CURLINFO_OS_ERRNO doc the list of libcurl network-related
errors that may cause the errno to be saved.
data->state.os_errno is saved before libcurl returns a network-related
failure such as connection failure. It is accessible to the user via
CURLINFO_OS_ERRNO so they can get more information about the failure.
Prior to this change it wasn't cleared before transfer, so if a user
retrieved the saved errno it could be from a previous transfer. That is
because an errno is not always saved for network-related errors.
Closes https://github.com/curl/curl/pull/13574
Also make the user and password arguments mandatory, since all code
paths in libcurl used them anyway.
Adapted unit test case 1620 to the new rules.
Closes#13584
In cf_tcp_connect(), it might fail and not get a socket assigned to
ctx->sock but set_local_ip() is still called which would make
getsockname() get invoked with a negative file desriptor and fail.
By adding this check, set_local_ip() will now instead blank out the
fields correctly.
Spotted by CodeSonar
Closes#13577
- set the idle timeout transport parameter
in milliseconds as documented by quiche
- do not calculate the idle timeout, rely on
quiche handling it
Closes#13581
- identify ngtcp2 and nghttp3 error codes that are fatal
- close quic connection on fatal errors
- refuse further filter operations once connection is closed
- confusion about the nghttp3 API. We should close the QUIC stream on
cancel and not use the nghttp3 calls intended to be invoked when the
QUIC stream was closed by the peer.
Closes#13562
They came up ealier with gcc 12 (Windows), but apparently gcc 14 is
still reporting them, also under Linux.
```
/home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c: In function 'cf_h1_proxy_close':
/home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:1060:17: warning: null pointer dereference [-Wnull-dereference]
1060 | cf->connected = FALSE;
/home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:1061:8: warning: null pointer dereference [-Wnull-dereference]
1061 | if(cf->ctx) {
| ~~^~~~~
In function 'tunnel_free',
inlined from 'cf_h1_proxy_destroy' at /home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:1053:3:
/home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:198:27: warning: null pointer dereference [-Wnull-dereference]
198 | struct h1_tunnel_state *ts = cf->ctx;
| ^~
```
Ref: https://github.com/curl/curl-for-win/actions/runs/8985369476/job/24679219528#step:3:6320Fixes#13237Closes#13555
- Make sure that asynchronous resolves handled by Winsock are stopped
before WSACleanup is called.
This is implemented by ensuring that when Curl_resolver_kill is called
(eg via multi_done) it will cancel the Winsock asynchronous resolve and
wait for the cancellation to complete. Winsock runs the asynchronous
completion routine immediately when a resolve is canceled.
Prior to this change it was possible that during curl_global_cleanup
"a DNS resolver thread created by GetAddrInfoExW did not terminate yet,
however curl is already shutting down, deinitializing Winsock with
WSACleanup() leading to an access violation."
Background:
If libcurl is built with the asynchronous threaded resolver option for
Windows then it resolves in one of two ways. For Windows 8.1 and later,
libcurl resolves by using the Winsock asynchronous resolver which does
its own thread management. For older versions of Windows, libcurl
resolves by creating a separate thread that calls getaddrinfo. This
change only affects the former and it's already handled for the latter.
Reported-by: Ch40zz@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/13509
Closes https://github.com/curl/curl/pull/13518
- Compare to curl_thread_t_null instead of 0 for error.
Currently for both supported thread libraries (pthreads and Windows)
curl_thread_t_null is defined as 0. However, the pattern throughout the
code is to check against curl_thread_t_null and not 0 since for
posterity some thread library may not use 0 for error.
Closes https://github.com/curl/curl/pull/13542
- Remove curlx_win32_access() which was a wrapper to use access() in
Windows.
This is a follow-up to 602fc213, one of two commits which removed
access() calls from the codebase and banned use of the function.
Closes https://github.com/curl/curl/pull/13529
Fix wording of comments, and misquotings where `' is markdown parsed
where it shouldn't be, and remove a misspelled preprocessor comment
which really isn't needed (and removing it makes it match surrounding
code better).
Closes: #13538
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
- make local_decode_rdata_name use dynbuf instead of calloc + memcpy
- avoid extra memdup in local_decode_rdata_alpn
- no need to if() before free()
- use memdup instead of calloc + memcpy in Curl_doh_decode_httpsrr
Reviewed-by: Stephen Farrell
Closes#13526
Curl_dyn_vaddf should return a proper error code in case allocating
memory failed.
Closes: #13533
Author: Christian Schmitz <support@monkeybreadsoftware.de>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Take advantage of the Curl_cipher_suite_walk_str() and
Curl_cipher_suite_get_str() functions introduced in commit fba9afeb.
This also fixes CURLOPT_SSL_CIPHER_LIST not working at all for bearssl
due to commit ff74cef5.
Closes#13464
- an unsigned type makes more sense
- size_t seems suitable
- on 64 bit args, the struct alignment makes the new Curl_hash remain
the same size
Closes#13502
- connect to DNS names with trailing dot
- connect to DNS names with double trailing dot
- rustls, always give `peer->hostname` and let it
figure out SNI itself
- add SNI tests for ip address and localhost
- document in code and TODO that QUIC with ngtcp2+wolfssl
does not do proper peer verification of the certificate
- mbedtls, skip tests with ip address verification as not
supported by the library
Closes#13486
- quiche: error transfers that try to receive on a closed
or draining connection
- ngtcp2: use callback for extending max bidi streams. This
allows more precise calculation of MAX_CONCURRENT as we
only can start a new stream when the server acknowledges
the close - not when we locally have closed it.
- remove a fprintf() from h2-download client to avoid excess
log files on tests timing out.
Closes#13475
- add session with destructor callback
- remove vtls `session_free` method
- let `Curl_ssl_addsessionid()` take ownership
of session object, freeing it also on failures
- change tls backend use
- test_17, add tests for SSL session resumption
Closes#13386
'newurl' is allocated in some conditions and used in a few scenarios,
but there were theoretical combinations in which it would not get freed.
Move the free to happen unconditionally. Never triggered by tests, but
spotted by Coverity.
Closes#13471
- ignore duplicate "chunked" transfer-encodings from
a server to accomodate for broken implementations
- add test1482 and test1483
Reported-by: Mel Zuser
Fixes#13451Closes#13461
Use a lookup list to set the cipher suites, allowing the
ciphers to be set by either openssl or IANA names.
To keep the binary size of the lookup list down we compress
each entry in the cipher list down to 2 + 6 bytes using the
C preprocessor.
Closes#13442
- Call OPENSSL_thread_stop on thread termination (DLL_THREAD_DETACH)
to prevent a memory leak in case OpenSSL is linked statically.
- Warn in libcurl-thread.3 that if OpenSSL is linked statically then it
may require thread cleanup.
OpenSSL may need per-thread cleanup to stop a memory leak. For Windows
and Cygwin if libcurl was built as a DLL then we can do that for the
user by calling OPENSSL_thread_stop on thread termination. However, if
libcurl was built statically then we do not have notification of thread
termination and cannot do that for the user.
Also, there are several other unusual cases where it may be necessary
for the user to call OPENSSL_thread_stop, so in the libcurl-thread
warning I added a link to the OpenSSL documentation.
Co-authored-by: Viktor Szakats
Reported-by: southernedge@users.noreply.github.com
Reported-by: zmcx16@users.noreply.github.com
Ref: https://www.openssl.org/docs/man3.0/man3/OPENSSL_thread_stop.html#NOTES
Fixes https://github.com/curl/curl/issues/12327
Closes https://github.com/curl/curl/pull/12408
The rustls backend advertises SSLSUPP_TLS13_CIPHERSUITES, but
the code does not actually seem to support it (yet?). Removed
the flag and corrected documentation.
Closes#13452
- when a connection close is detected, all ongoing transfers
need to expire bc no more POLL events are likely to happen
for them.
Fixes#13439
Reported-by: Jay Satiro
Closes#13447
