Viktor Szakats [Fri, 12 Dec 2025 19:51:52 +0000 (20:51 +0100)]
tidy-up: miscellaneous
- apply more clang-format.
- lib/version: use `CURL_ARRAYSIZE()`.
- INSTALL-CMAKE.md: sync-up an option description with others.
- examples: delete unused main args.
- examples/ftpgetinfo: document `_CRT_SECURE_NO_WARNINGS` symbol.
- delete remaining stray duplicate lines.
- acinclude.m4: drop an unnecessary x-hack.
- vtls/mbedtls: join a URL split into two lines.
- src/tool_cb_see: add parentheses around macro expressions.
- src/tool_operate: move literals to the right side of comparisons.
- libtests: sync up fopen/fstat error messages between tests.
- curl_setup.h: replace `if ! defined __LP64` with `ifndef __LP64`.
I assume it makes no difference on Tandem systems, as the latter form
is already used in `include/curl/system.h`.
Daniel Stenberg [Thu, 18 Dec 2025 12:58:22 +0000 (13:58 +0100)]
http: when unfolding, leave single-space for new header line
Restore the unfolding behavior from before 67ae101666f10232. This change
(leaving more whitespace in the delivered headers) turned out causing
some friction in the git project so presumably others might also find it
a little surprising.
Reported-by: Jeff King
Ref: https://marc.info/?l=git&m=176606332701171&w=2
Closes #20016
Stefan Eissing [Wed, 17 Dec 2025 10:20:42 +0000 (11:20 +0100)]
wolfssl: proof use of wolfSSL_i2d_SSL_SESSION
While wolfSSL_i2d_SSL_SESSION() does not change the passed pointer, like
OpenSSL does, it may one day decide to do so. Pass a copy instead to be
future-proof to such a change in wolfSSL's implementation.
dependabot[bot] [Tue, 16 Dec 2025 23:37:45 +0000 (23:37 +0000)]
GHA: bump pip-dependencies
- update `filelock` from 3.20.0 to 3.20.1 (CVE-2025-68146) (used in pytests)
- update `pytest` from 9.0.1 to 9.0.2
- update `ruff` from 0.14.8 to 0.14.9
Viktor Szakats [Tue, 16 Dec 2025 20:32:29 +0000 (21:32 +0100)]
examples/threaded-ssl: delete in favor of `examples/threaded`
After applying a recent fix made to `threaded.c` (formerly
`multithread.c`) to `threaded-ssl.c`, syncing and updating comments,
the two examples turned out to be identical except their test URLs.
Delete one of them to avoid duplication.
Also:
- examples/threaded: scope a variable.
- examples/threaded: merge comments from its deleted sibling.
Dan Fandrich [Tue, 16 Dec 2025 08:26:25 +0000 (00:26 -0800)]
tests: add a standard log line for alloc failures
This type of test failure requires a test status line in order to be
consistent with other failures and to be parsed properly by Test Clutch.
This is the same style as an exit or postcheck failure.
Viktor Szakats [Tue, 16 Dec 2025 16:26:46 +0000 (17:26 +0100)]
schannel: use Win8 `CERT_NAME_SEARCH_ALL_NAMES_FLAG` with old SDKs
Define `CERT_NAME_SEARCH_ALL_NAMES_FLAG` macro if missing.
To allow using a runtime branch regardless of build-time SDK version,
when running on Windows 8+.
In practice it enables this branch for builds using mingw-w64 v3, and
MSVC with Windows SDK <8.
Dan Fandrich [Tue, 16 Dec 2025 07:32:59 +0000 (23:32 -0800)]
lib: create unitprotos.h in the builddir, not srcdir
The make rule confused automake by changing directories before creating
the file, causing unitprotos.h to be created in the srcdir instead of
the builddir. This results in a stale file and confusing compile errors
in out-of-tree builds.
Viktor Szakats [Tue, 16 Dec 2025 15:41:05 +0000 (16:41 +0100)]
cf-socket: enable Win10 `TCP_KEEP*` options with old SDKs
Define `TCP_KEEP*` macros if they are missing in Windows builds.
To allow using these runtime `setsockopt()` options regardless of
build-time SDK version, when running on Windows 10.0.16299+.
In practice in enables them for builds using mingw-w64 <12, and
MSVC with Windows SDK <10.
Before this patch these runtime options required building curl with
a recent toolchain.
Viktor Szakats [Mon, 15 Dec 2025 15:49:04 +0000 (16:49 +0100)]
idn: clarify null-termination on Windows
Add comments to clarify that a terminating null is always present in
the buffers returned to the caller.
The curl APIs `win32_idn_to_ascii()` or `win32_ascii_to_idn()` receive
a null-terminated UTF-8 string as input. They first convert it to wide
chars by first asking `MultiByteToWideChar()` to calculate the length,
by passing -1. This API returns the length with the null char included
(= `strlen() + 1`), does the conversion, with the output also
null-terminated. `IdnTo*()` preserve this null character as documented.
Then we pass this null-terminated, fixed-length buffer ito
`WideCharToMultiByte()`, which keeps preserving the null, ending up in
the buffer returned to the caller.
Viktor Szakats [Sat, 13 Dec 2025 03:27:41 +0000 (04:27 +0100)]
localtime: detect thread-safe alternatives and use them
- add local API `toolx_localtime()` to wrap the banned function
`localtime()`. Used from libcurl, libtests and test servers.
- auto-detect and use `localtime_r()` where available (e.g. Linux).
Also to support multi-threading.
- use `localtime_s()` on Windows. It requires MSVC or mingw-w64 v4+.
Also to support multi-threading.
Use local workaround to also support mingw-w64 v3.
- add `src/toolx` to keep internal APIs used by the curl tool and tests,
but not by libcurl. `toolx_localtime()` is the first API in it.
- replace `localtime()` calls with `toolx_localtime()`.
Except in examples.
- note Windows XP's default `msvcrt.dll` doesn't offer secure CRT APIs.
XP likely needs a newer version of this DLL, or may not run.
- note that `localtime()` mirrors `gmtime()`, with the difference that
`gmtime()`'s internal wrapper lives in curlx.
Viktor Szakats [Fri, 12 Dec 2025 23:16:58 +0000 (00:16 +0100)]
curlx: move `Curl_gmtime()`, use `gmtime_s()` on Windows
Move `Curl_gmtime()` to curlx and rename to `curlx_gmtime()`. Then call
the internal wrapper also from the curl tool, to avoid using the banned
`gmtime()` directly, and using better, thread-safe alternatives when
available.
Windows `gmtime_s()` requires mingw-w64 v4+ or MSVC. Use local
workaround to also support mingw-w64 v3. `gmtime_s()` also makes
defining `_CRT_SECURE_NO_WARNINGS` unnecessary.
Also:
- lib: drop unused `parsedate.h` includes.
- drop redundant cast from `gmtime_r()` result.
- autotools: reverse condition in the proto detection to avoid
misleading readers. (the condition plays no role in detection.)
- note Windows XP's default `msvcrt.dll` doesn't offer secure CRT APIs.
XP likely needs a newer version of this DLL, or may not run.
Viktor Szakats [Tue, 16 Dec 2025 00:37:10 +0000 (01:37 +0100)]
build: unix socket tidy-ups
- lib: delete two unused `<sys/un.h>` includes.
- lib: drop interim macro `WIN32_SOCKADDR_UN`.
Follow-up to 0fe9018e1a1af0d906dfe934efe2f2b1ba48f060 #7737
Also fixing a potential issue of leaving unix socket support disabled
if any header would include Windows' `afunix.h`, and define
`UNIX_PATH_MAX` on its own.
- connect: honor unix socket disable option.
- connect: simplify unix socket PP condition.
`USE_UNIX_SOCKETS` already means the necessary header/type are
available, guaranteed by configure. `AF_UNIX` is already used
elsewhere in the code without explicit checks.
- curl_setup.h: document availability of `afunix.h` on Windows more.
It requires mingw-w64 10+ or MS SDK 10.17763.0 VS2017 15.8+.
- curl_setup.h: use `afunix.h` with mingw-w64 v10+ to start avoiding
the local workaround if possible.
- GHA/windows: test disable unix socket option on Windows.
Stefan Eissing [Mon, 15 Dec 2025 13:28:09 +0000 (14:28 +0100)]
lib: keep timestamp in easy handle
Use `data->progress.now` as the timestamp of proecssing a transfer.
Update it on significant events and refrain from calling `curlx_now()`
in many places.
The problem this addresses is
a) calling curlx_now() has costs, depending on platform. Calling it
every time results in 25% increase `./runtest` duration on macOS.
b) we used to pass a `struct curltime *` around to save on calls, but
when some method directly use `curx_now()` and some use the passed
pointer, the transfer experienes non-linear time. This results in
timeline checks to report events in the wrong order.
By keeping a timestamp in the easy handle and updating it there, no
longer invoking `curlx_now()` in the "lower" methods, the transfer
can observer a steady clock progression.
Add documentation in docs/internals/TIME-KEEPING.md
Reported-by: Viktor Szakats
Fixes #19935
Closes #19961
Stefan Eissing [Mon, 15 Dec 2025 10:15:38 +0000 (11:15 +0100)]
vquic: ignore 0-length UDP packets
When someone gives us 0-length UDP packets, ignore
them as they cannot be valid QUIC packets. This also
prevents us from messing up any GSO calculations.
Viktor Szakats [Sun, 14 Dec 2025 23:05:15 +0000 (00:05 +0100)]
tests/server: fix initialization on Windows Vista+
Make sure to call `curlx_now_init()` before the first call to
`curlx_now()`.
Before this patch the first `curlx_now()` used the non-Vista code path
calling `GetTickCount()` on Vista+. This is harmless, but the upcoming
PR #18009 is going to drop the non-Vista code path, causing a division
by zero at startup in test servers, without this fix.
Viktor Szakats [Mon, 15 Dec 2025 00:53:16 +0000 (01:53 +0100)]
renovate: try bumping Fil-C on releases, not tags
CI needs the binary packages attached to the release, which appears some
time after tagging. Hopefully this patch helps getting a clean build
by the time Renovate opens its PR.
Viktor Szakats [Sun, 14 Dec 2025 08:42:59 +0000 (09:42 +0100)]
runtests: improve XML prolog check, enable `-w` permanently, fix two tests
To really verify the presence of the XML prolog, also in CI.
- move the prolog check from `loadtest` to `checktest`.
(load did a soft error, silently skipping the test instead of failing)
- runtests: enable `-w` functionality permanently for all test targets,
drop the option. It has no measurable performance impact.
- test 798, 1665: add XML prolog.
Follow-up to f0d277cb0e3712ae4edf8f51822ffa99e9b3ec54
Viktor Szakats [Fri, 12 Dec 2025 22:30:45 +0000 (23:30 +0100)]
renovate: leave bumping GitHub Actions to Dependabot
To avoid update noise. Renovate bumps everything instantly, meaning
a major version a couple hours after release, then all minor bugfix
releases throughout the next 1-2 days. Also putting major versions in
a different group than the bugfix release, and there is no support for
a cooldown period.
After this patch GitHub's Dependabot remains the single tool responsible
to bump GitHub Actions, once a month, grouped, with a cooldown period.
In sync with most other curl repos.
Both Renovate and Dependabot keep bumping pinned pips for now. Also
Renovate keeps updating C dependencies and Dockerfile.
Daniel Stenberg [Fri, 12 Dec 2025 15:36:08 +0000 (16:36 +0100)]
http: unfold response headers earlier
Make the low-level HTTP header "builder" unfold headers so that
everything else can keep pretending folding does not exist.
This code no longer tries to reduce repeated leading whitespace (in the
continued folded header) to a single one. To avoid having to have a
special state for that.
Viktor Szakats [Sat, 13 Dec 2025 11:35:36 +0000 (12:35 +0100)]
GHA/checksrc: fix `-z` position, also use `--output` with `xmllint`
Fixing:
```
fatal: option '-z' must come before non-option arguments
```
Ref: https://github.com/curl/curl/actions/runs/20183280533/job/57948203944#step:4:5
Daniel Stenberg [Sat, 13 Dec 2025 12:48:59 +0000 (13:48 +0100)]
tool_urlglob: support globs as long as config line lengths
libcurl supports up to 8MB string inputs, the config file accepts up to
10MB line lengths. It did not make sense to limit the globs to a maximum
of one megabyte.
Viktor Szakats [Fri, 12 Dec 2025 02:59:21 +0000 (03:59 +0100)]
GHA: enable libssh and libssh2 in 10 more Linux jobs
To run more pytest sshd tests, and for more static analysis.
Also:
- drop redundant option from `openssl libssh2 ...` config.
- GHA/linux: enable pytest in the LTO job (to test libssh2).
- avoid both with local builds of OpenSSL-forks, due to crypto lib
mixups causing a mixture of build error, crashes, test failures.
Viktor Szakats [Fri, 12 Dec 2025 00:55:30 +0000 (01:55 +0100)]
runtests: add options to set minimum number of tests, use them
To detect mistakes made in the runtests framework that reduce
the number of test runs. Before this patch it could go undetected with
a green CI.
The minimum thresholds will need light maintenance going forward (either
bumping them periodically, or adjust if some may fell below minimums for
justified reasons). We may also make minimums tighter or looser, or more
job-specific.
Latest number of test runs for each job can be seen at Test Clutch:
https://testclutch.curl.se/static/reports/feature-matrix.html
Stefan Eissing [Thu, 11 Dec 2025 15:02:41 +0000 (16:02 +0100)]
pytest: add tests using sshd
With either /usr/sbin/sshd found or configured via --with-test-sshd=path
add tests for SCP down- and uploads, insecure, with known hosts or not,
with authorized user key or unauthorized one.
Working now with libssh and libssh2, using a hashed known_hosts file.
Viktor Szakats [Sun, 7 Dec 2025 15:49:55 +0000 (16:49 +0100)]
tidy-up: miscellaneous
- drop stray duplicate empty lines in docs, scripts, test data, include,
examples, tests.
- drop duplicate PP parenthesis.
- curl-functions.m4: move literals to the right side in if expressions,
to match rest of the source code.
- FAQ.md: delete language designator from an URL.
- packages: apply clang-format (OS400, VMS).
- scripts/schemetable.c: apply clang-format.
- data320: delete duplicate empty line that doesn't change the outcome.
- spacecheck: extend to check for duplicate empty lines
(with exceptions.)
- fix whitespace nits
Viktor Szakats [Thu, 11 Dec 2025 01:46:24 +0000 (02:46 +0100)]
GHA/checkdocs: re-enable proselint, update setup, fix issues found
- update configuration and invocation.
- install via pip.
- drop a file exception.
- alpha sort proselint settings.
- FILEFORMAT: update text about XML compliance.
- CI job takes 22 seconds total.
Viktor Szakats [Wed, 10 Dec 2025 22:21:10 +0000 (23:21 +0100)]
runtests: add support for single-quoted attributes, use it
With this, all test data files are XML-compliant.
Also:
- test1158, test1186: use single quotes for the test filename attribute
containing a double quote. For XML-compliance.
- drop support for unquoted attributes. For XML-compliance.
Viktor Szakats [Tue, 5 Aug 2025 14:07:21 +0000 (16:07 +0200)]
autotools: tidy-up `if` expressions
- drop x-hacks for curl internal variables and certain autotools ones
that do not hold custom values.
- make x-hacks consistently use `"x$var" = "xval"` style.
- add a few x-hacks for input/external variables that may hold custom
values.
- prefer `-z` and `-n` to test empty/non-empty.
This also makes some x-hacks unnecessary.
- optimized negated test `-z` and `-n` options.
- prefer `&&` and `||` over `-a` and `-o`.
For better POSIX compatibility:
https://pubs.opengroup.org/onlinepubs/9699919799/utilities/test.html
- quote variables passed to `test`, where missing.
- quote string literals in comparisons.
- fix some indentation, whitespace.
Note that a few `case` statements also use the x-hack, which looks
unnecessary. This patch does not change them.
Verified by comparing feature detection results with a reference CI run
from before this patch (PR #19922).
Stefan Eissing [Wed, 10 Dec 2025 10:17:49 +0000 (11:17 +0100)]
pytest: quiche flakiness
Let nghttpx only use http/1.1 to backend. This reproduces the bug in
quiche with higher frequency. Allow test_14_05 to now return a 400 in
addition to the 431 we get from a h2 backend to nghttpx.
Skip test_05_02 in h3 on quiche not newer than version 0.24.4 in which
its bug is fixed: https://github.com/cloudflare/quiche/pull/2278
Viktor Szakats [Wed, 10 Dec 2025 10:47:40 +0000 (11:47 +0100)]
GHA/checkurls: add dry run on push
To verify if the basics work.
Downside is that the scheduled (live) runs are intermixed with the dry
runs and less obvious to find in the default list:
https://github.com/curl/curl/actions/workflows/checkurls.yml
This URL filters for scheduled runs only:
https://github.com/curl/curl/actions/workflows/checkurls.yml?query=event%3Aschedule
Seems fine, because we're only interested in red runs.
projects / 0xmirror / curl.git / log