| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
V220: Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize.
https://pvs-studio.com/en/docs/warnings/v220/
Closes #10400
|
| | |
|
| |
|
|
| |
Closes #10390
|
| |
|
|
|
|
|
| |
For disabled IPv6 a condition (conn->ip_version != CURL_IPRESOLVE_V4) is
always false. https://pvs-studio.com/en/docs/warnings/v560/
Closes #10397
|
| |
|
|
|
|
|
|
|
|
| |
"Value stored to 'pathlen' is never read"
Follow-up to 804d5293f89
Reported-by: Kvarec Lezki
Closes #10405
|
| |
|
|
|
|
|
|
|
| |
[CWE-570] V560: A part of conditional expression is always false: conn->bits.authneg.
[CWE-570] V560: A part of conditional expression is always false: conn->handler->protocol & (0 | 0).
https://pvs-studio.com/en/docs/warnings/v560/
Closes #10399
|
| |
|
|
|
|
|
|
| |
Saves an allocation for many/most URLs.
Updates test 1395 accordingly
Closes #10403
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New cfilter HTTP-CONNECT for h3/h2/http1.1 eyeballing.
- filter is installed when `--http3` in the tool is used (or
the equivalent CURLOPT_ done in the library)
- starts a QUIC/HTTP/3 connect right away. Should that not
succeed after 100ms (subject to change), a parallel attempt
is started for HTTP/2 and HTTP/1.1 via TCP
- both attempts are subject to IPv6/IPv4 eyeballing, same
as happens for other connections
- tie timeout to the ip-version HAPPY_EYEBALLS_TIMEOUT
- use a `soft` timeout at half the value. When the soft timeout
expires, the HTTPS-CONNECT filter checks if the QUIC filter
has received any data from the server. If not, it will start
the HTTP/2 attempt.
HTTP/3(ngtcp2) improvements.
- setting call_data in all cfilter calls similar to http/2 and vtls filters
for use in callback where no stream data is available.
- returning CURLE_PARTIAL_FILE for prematurely terminated transfers
- enabling pytest test_05 for h3
- shifting functionality to "connect" UDP sockets from ngtcp2
implementation into the udp socket cfilter. Because unconnected
UDP sockets are weird. For example they error when adding to a
pollset.
HTTP/3(quiche) improvements.
- fixed upload bug in quiche implementation, now passes 251 and pytest
- error codes on stream RESET
- improved debug logs
- handling of DRAIN during connect
- limiting pending event queue
HTTP/2 cfilter improvements.
- use LOG_CF macros for dynamic logging in debug build
- fix CURLcode on RST streams to be CURLE_PARTIAL_FILE
- enable pytest test_05 for h2
- fix upload pytests and improve parallel transfer performance.
GOAWAY handling for ngtcp2/quiche
- during connect, when the remote server refuses to accept new connections
and closes immediately (so the local conn goes into DRAIN phase), the
connection is torn down and a another attempt is made after a short grace
period.
This is the behaviour observed with nghttpx when we tell it to shut
down gracefully. Tested in pytest test_03_02.
TLS improvements
- ALPN selection for SSL/SSL-PROXY filters in one vtls set of functions, replaces
copy of logic in all tls backends.
- standardized the infof logging of offered ALPNs
- ALPN negotiated: have common function for all backends that sets alpn proprty
and connection related things based on the negotiated protocol (or lack thereof).
- new tests/tests-httpd/scorecard.py for testing h3/h2 protocol implementation.
Invoke:
python3 tests/tests-httpd/scorecard.py --help
for usage.
Improvements on gathering connect statistics and socket access.
- new CF_CTRL_CONN_REPORT_STATS cfilter control for having cfilters
report connection statistics. This is triggered when the connection
has completely connected.
- new void Curl_pgrsTimeWas(..) method to report a timer update with
a timestamp of when it happend. This allows for updating timers
"later", e.g. a connect statistic after full connectivity has been
reached.
- in case of HTTP eyeballing, the previous changes will update
statistics only from the filter chain that "won" the eyeballing.
- new cfilter query CF_QUERY_SOCKET for retrieving the socket used
by a filter chain.
Added methods Curl_conn_cf_get_socket() and Curl_conn_get_socket()
for convenient use of this query.
- Change VTLS backend to query their sub-filters for the socket when
checks during the handshake are made.
HTTP/3 documentation on how https eyeballing works.
TLS improvements
- ALPN selection for SSL/SSL-PROXY filters in one vtls set of functions, replaces
copy of logic in all tls backends.
- standardized the infof logging of offered ALPNs
- ALPN negotiated: have common function for all backends that sets alpn proprty
and connection related things based on the negotiated protocol (or lack thereof).
Scorecard with Caddy.
- configure can be run with `--with-test-caddy=path` to specify which caddy to use for testing
- tests/tests-httpd/scorecard.py now measures download speeds with caddy
pytest improvements
- adding Makfile to clean gen dir
- adding nghttpx rundir creation on start
- checking httpd version 2.4.55 for test_05 cases where it is needed. Skipping with message if too old.
- catch exception when checking for caddy existance on system.
Closes #10349
|
| |
|
|
|
|
|
|
|
|
| |
These owners do not have the bandwidth/energy to do the reviews which
makes PRs stall and this ownership claim flawed. We can bring people
back when the situation is different.
Follow-up to c04c78ac87c4d46737934345a
Closes #10386
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The documentation of `%{header_json}` missed to mention since which
version this variable for `--write-out` is present.
Based on commit https://github.com/curl/curl/commit/4133a69f2daa476bb
we can determine from the tags were this commit is present that the
first version to include it was `7.83.0`.
This could be also checked with:
`git tag --contains 4133a69f2daa476bb6d902687f1dd6660ea9c3c5`
Closes #10395
|
| |
|
|
|
|
|
|
|
| |
Inspired by the recent fixes to escape.c, we should avoid calling
Curl_dyn_addf() in loops, perhaps in particular when adding something so
simple as %HH codes - for performance reasons. This change makes the
same thing for the URL parser's two URL-encoding loops.
Closes #10384
|
| |
|
|
|
|
|
|
| |
As a miniscule optimization, treat a path of the length 1 as the same as
non-existing, as it can only be a single leading slash, and that's what
we do for no paths as well.
Closes #10385
|
| |
|
|
|
| |
Fixes #10356
Closes #10381
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Add `USE_WOLFSSL` to the TLS backend priority list in
`lib/curl_ntlm_core.c`.
2. Fix `lib/curl_ntlm_core.h` to respect TLS backend priority, bringing
it in sync with the above list and `lib/curl_ntlm_core.c` itself.
Reported-by: Mark Roszko
Ref: https://github.com/curl/curl/issues/10321
3. Allow enabling both wolfSSL and OpenSSL at the same time in
`lib/Makefile.mk` bringing this in line with cmake/autotools builds.
Update logic to select the crypto-specific lib for `ngtcp2`, which
supports a single TLS backend at the same time.
Closes #10322
|
| | |
|
| |
|
|
|
|
|
|
|
| |
And document how OpenSSL forks and wolfSSL cannot be used at the same
time.
Reported-by: Mark Roszko
Fixes #10321
Closes #10382
|
| |
|
|
| |
Closes #10383
|
| |
|
|
|
|
| |
On my dev host, this code runs 7.8 times faster.
Closes #10377
|
| |
|
|
|
|
| |
Follow-up to d55de24dce9d51
Closes #10379
|
| |
|
|
|
|
| |
Makes the decoding 2.8 times faster in my tests.
Closes #10376
|
| |
|
|
|
|
|
|
| |
Follow-up to 5651a36d1a
Closes #10378
Reviewed-by: Stefan Eissing
|
| |
|
|
| |
Closes #10317
|
| |
|
|
|
|
|
|
|
| |
- add test2600 as a unit test that triggers various connect conditions
and monitors behaviour, available in a debug build only.
- this exposed edge cases in connect.c that have been fixed
Closes #10312
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Curl_write_plain/Curl_read_plain have been eliminated. Last code use
now uses Curl_conn_send/recv so that requests use conn->send/revc
callbacks which defaults to cfilters use.
- Curl_recv_plain/Curl_send_plain have been internalized in cf-socket.c.
- USE_RECV_BEFORE_SEND_WORKAROUND (active on Windows) has been moved
into cf-socket.c. The pre_recv buffer is held at the socket filter
context. `postponed_data` structures have been removed from
`connectdata`.
- the hanger in HTTP/2 request handling was a result of read buffering
on all sends and the multi handling is not prepared for this. The
following happens:
- multi preforms on a HTTP/2 easy handle
- h2 reads and processes data
- this leads to a send of h2 data
- which receives and buffers before the send
- h2 returns
- multi selects on the socket, but no data arrives (its in the buffer already)
the workaround now receives data in a loop as long as there is something in
the buffer. The real fix would be for multi to change, so that `data_pending`
is evaluated before deciding to wait on the socket.
io_buffer, optional, in cf-socket.c, http/2 sets state.drain if lower
filter have pending data.
This io_buffer is only available/used when the
-DUSE_RECV_BEFORE_SEND_WORKAROUND is active, e.g. on Windows
configurations. It also maintains the original checks on protocol
handler being HTTP and conn->send/recv not being replaced.
The HTTP/2 (nghttp2) cfilter now sets data->state.drain when it finds
out that the "lower" filter chain has still pending data at the end of
its IO operation. This prevents the processing from becoming stalled.
Closes #10280
|
| |
|
|
|
|
|
| |
Reported-by: Paul Groke
Bug: https://curl.se/mail/lib-2023-01/0070.html
Fixes #10351
Closes #10359
|
| |
|
|
|
| |
Fixes #10373
Closes #10374
|
| |
|
|
|
|
|
| |
The important jobs have already transitioned. The remaining ones we can
skip for now.
Closes #10368
|
| |
|
|
|
|
|
|
| |
and report if skipped files do not exist.
Follow-up to 9e11c2791fb960758 which removed the file.
Closes #10369
|
| |
|
|
|
|
|
| |
As this mode uses blocking sockets, it must set them back to
non-blocking in disconnect to avoid the risk of getting stuck.
Closes #10366
|
| |
|
|
|
|
| |
Reported-by: Stanley Wucw
Fixes #10347
Closes #10366
|
| |
|
|
|
|
| |
BoringSSL uses uint32_t, OpenSSL uses 'unsigned 'long'
Closes #10360
|
| |
|
|
|
|
|
| |
Regression from a55256cfb242 (7.87.0)
Reported-by: highmtworks on github
Fixes #10357
Closes #10358
|
| |
|
|
|
|
| |
Reported-by: dekerser on github
Fixes #10298
Closes #10354
|
| |
|
|
|
| |
Fixes #10361
Closes #10362
|
| | |
|
| |
|
|
|
|
| |
Reported-by: Brian Green
Fixes #10328
Closes #10355
|
| |
|
|
|
|
|
|
| |
As we have (mostly) removed the copyright year ranges.
Reported-by: Ryan Schmidt
Fixes #10345
Closes #10352
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Clarify that in Windows batch files the % must be escaped as %%, and
at the command prompt it cannot be escaped which could lead to
incorrect expansion.
Prior to this change the doc implied % must be escaped as %% in win32
always.
---
Examples showing how a write-out argument is received by curl:
If curl --write-out "%{http_code}" is executed in a batch file:
{http_code}
If curl --write-out "%%{http_code}" is executed in a batch file:
%{http_code}
If curl --write-out "%{http_code}" is executed from the command prompt:
%{http_code}
If curl --write-out "%%{http_code}" is executed from the command prompt:
%%{http_code}
At the command prompt something like "%{speed_download}%{http_code}"
would first be parsed by the command interpreter as %{speed_download}%
and would be expanded as environment variable {speed_download} if it
existed, though that's highly unlikely since Windows environment names
don't use braces.
---
Reported-by: Muhammad Hussein Ammari
Ref: https://github.com/bagder/everything-curl/pull/279
Fixes https://github.com/curl/curl/issues/10323
Closes https://github.com/curl/curl/pull/10337
|
| |
|
|
|
|
|
| |
Check for ENABLE_IPV6 before accessing AF_INET6. Fixes build failure
introduced in 1c5d8ac.
Closes https://github.com/curl/curl/pull/10344
|
| |
|
|
|
|
|
|
| |
Remove remaining references to conn and sockfd, which were removed from
the function signature when conninfo_remote was renamed to
conn_set_primary_ip in 6a8d7ef.
Closes https://github.com/curl/curl/pull/10343
|
| |
|
|
|
|
|
|
|
|
| |
The previous implementation cleared `data` so the outer invocation lost
its data, which could lead to a crash.
Bug: https://github.com/curl/curl/issues/10336
Reported-by: Fujii Hironori
Closes https://github.com/curl/curl/pull/10340
|
| | |
|
| |
|
|
|
| |
The reorganization in #9769 broke the script. This should probably be
rewritten to use a YAML parser for better upward compatibility.
|
| | |
|
| |
|
|
|
| |
Otherwise, the action won't work on PRs from forked repositories
(#10326).
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Stop explicitly defining `SECURITY_WIN32` in CMake builds.
No other build systems define this macro, because it's unconditionally
defined in `lib/curl_sspi.h` already. This is the only curl source using
the `sspi.h` and `security.h` Win32 headers, and no other Win32 headers
need this macro.
Reviewed-by: Jay Satiro
Closes #10341
|
| |
|
|
|
|
| |
Building an arm64 version works flawlessly with the VS arm64 toolset.
Closes https://github.com/curl/curl/pull/10332
|
| |
|
|
|
|
|
|
|
|
|
| |
- Skip content type SSL3_RT_HEADER in verbose TLS output.
This commit prevents bogus and misleading verbose TLS header messages as
discussed in #10299.
Assisted-by: Peter Wu
Closes https://github.com/curl/curl/pull/10299
|
| |
|
|
|
|
|
| |
- Use list() instead of set() for CMAKE_REQUIRED_DEFINITIONS list since
the former is clearer.
Closes https://github.com/curl/curl/pull/10272
|
