Also make the user and password arguments mandatory, since all code
paths in libcurl used them anyway.
Adapted unit test case 1620 to the new rules.
Closes#13584
Disabled earlier for gcc 9 builds. gcc 7 uses the same runner and
prone to similar intermittent failures.
Follow-up to f1e05a6e6e#12106#12040Closes#13575
In cf_tcp_connect(), it might fail and not get a socket assigned to
ctx->sock but set_local_ip() is still called which would make
getsockname() get invoked with a negative file desriptor and fail.
By adding this check, set_local_ip() will now instead blank out the
fields correctly.
Spotted by CodeSonar
Closes#13577
- set the idle timeout transport parameter
in milliseconds as documented by quiche
- do not calculate the idle timeout, rely on
quiche handling it
Closes#13581
- identify ngtcp2 and nghttp3 error codes that are fatal
- close quic connection on fatal errors
- refuse further filter operations once connection is closed
- confusion about the nghttp3 API. We should close the QUIC stream on
cancel and not use the nghttp3 calls intended to be invoked when the
QUIC stream was closed by the peer.
Closes#13562
... it used to strip off the .d file extension to sort correctly but
ever since the extension changed to .md the operation failed and the
sort got wrong.
Follow-up to 2494b8dd51Closes#13567
This job has proven to be the flakiest of all, and it's also the oldest
Windows runner we had tests running on: 'Visual Studio 2015', that is
running on Windows Server 2012 R2:
https://www.appveyor.com/docs/windows-images-software/
Turn off tests on this job to help stabilizing CI runs.
This was also one of the slowest running job amongst the AppVeyor CI ones.
Flakiness data:
https://testclutch.curl.se/static/reports/summary.html
Entries:
Appveyor / CMake, mingw-w64, gcc 6, Debug, x86, Schannel, Static, no-unity (curl) [current]
Appveyor / CMake, mingw-w64, gcc 6, Debug, x86, Schannel, Static (curl) [former]
Closes#13566
They came up ealier with gcc 12 (Windows), but apparently gcc 14 is
still reporting them, also under Linux.
```
/home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c: In function 'cf_h1_proxy_close':
/home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:1060:17: warning: null pointer dereference [-Wnull-dereference]
1060 | cf->connected = FALSE;
/home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:1061:8: warning: null pointer dereference [-Wnull-dereference]
1061 | if(cf->ctx) {
| ~~^~~~~
In function 'tunnel_free',
inlined from 'cf_h1_proxy_destroy' at /home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:1053:3:
/home/runner/work/curl-for-win/curl-for-win/curl/lib/cf-h1-proxy.c:198:27: warning: null pointer dereference [-Wnull-dereference]
198 | struct h1_tunnel_state *ts = cf->ctx;
| ^~
```
Ref: https://github.com/curl/curl-for-win/actions/runs/8985369476/job/24679219528#step:3:6320Fixes#13237Closes#13555
- Make sure that asynchronous resolves handled by Winsock are stopped
before WSACleanup is called.
This is implemented by ensuring that when Curl_resolver_kill is called
(eg via multi_done) it will cancel the Winsock asynchronous resolve and
wait for the cancellation to complete. Winsock runs the asynchronous
completion routine immediately when a resolve is canceled.
Prior to this change it was possible that during curl_global_cleanup
"a DNS resolver thread created by GetAddrInfoExW did not terminate yet,
however curl is already shutting down, deinitializing Winsock with
WSACleanup() leading to an access violation."
Background:
If libcurl is built with the asynchronous threaded resolver option for
Windows then it resolves in one of two ways. For Windows 8.1 and later,
libcurl resolves by using the Winsock asynchronous resolver which does
its own thread management. For older versions of Windows, libcurl
resolves by creating a separate thread that calls getaddrinfo. This
change only affects the former and it's already handled for the latter.
Reported-by: Ch40zz@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/13509
Closes https://github.com/curl/curl/pull/13518
- Compare to curl_thread_t_null instead of 0 for error.
Currently for both supported thread libraries (pthreads and Windows)
curl_thread_t_null is defined as 0. However, the pattern throughout the
code is to check against curl_thread_t_null and not 0 since for
posterity some thread library may not use 0 for error.
Closes https://github.com/curl/curl/pull/13542
- Remove curlx_win32_access() which was a wrapper to use access() in
Windows.
This is a follow-up to 602fc213, one of two commits which removed
access() calls from the codebase and banned use of the function.
Closes https://github.com/curl/curl/pull/13529
CURLOPT_EGDSOCKET and CURLOPT_RANDOM_FILE are both completely dead
so remove their example sections since the code there is useless.
There is still a way to inject a random file for OpenSSL older than
1.1.0 but it's not what the example showed (and it's not even done
with this option) so we refrain from documenting it here.
Closes: #13540
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Manpages which document deprecated CURLOPT_ or CURLINFO_ are not
required to have an EXAMPLE section since they might effectively
be dead no-ops which we don't want to trick users into believing
they can use by copying example code.
Closes: #13540
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Starting now, experimental features should have a set of documentated
requirements of what is needed for the feature to graduate.
This adds requirements to all existing experiments.
Closes#13541
Fix wording of comments, and misquotings where `' is markdown parsed
where it shouldn't be, and remove a misspelled preprocessor comment
which really isn't needed (and removing it makes it match surrounding
code better).
Closes: #13538
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
This avoids the below compiler warning:
tftpd.c:280:1: warning: function 'timer' could be declared with
attribute 'noreturn' [-Wmissing-noreturn]
Closes: #13534
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- make local_decode_rdata_name use dynbuf instead of calloc + memcpy
- avoid extra memdup in local_decode_rdata_alpn
- no need to if() before free()
- use memdup instead of calloc + memcpy in Curl_doh_decode_httpsrr
Reviewed-by: Stephen Farrell
Closes#13526
Curl_dyn_vaddf should return a proper error code in case allocating
memory failed.
Closes: #13533
Author: Christian Schmitz <support@monkeybreadsoftware.de>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Take advantage of the Curl_cipher_suite_walk_str() and
Curl_cipher_suite_get_str() functions introduced in commit fba9afeb.
This also fixes CURLOPT_SSL_CIPHER_LIST not working at all for bearssl
due to commit ff74cef5.
Closes#13464
C++20 and later compilers emit a deprecation warning if values from two
different enums are combined with a bitwise operation the way the
CURL_SSLVERSION_* values were previously created.
Reported-by: Michael Kaufmann
Fixes#13510Closes#13511
To avoid getting stuck in a busy-loop when nothing is read from stdin,
this function now checks the call rate and might enforce a short sleep
when called repeatedly without uploading anything. It is a crude
work-around to avoid a 100% busy CPU.
Reported-by: magisterquis on hackerone
Fixes#13174Closes#13506
- an unsigned type makes more sense
- size_t seems suitable
- on 64 bit args, the struct alignment makes the new Curl_hash remain
the same size
Closes#13502
